Data Breaches & Threats

Advanced Persistent Threats (APTs) – how they work and how to mitigate them

In December 2018, the US Department of Justice charged Chinese nationals in an extensive global hacking campaign.  The hackers, part of Chinese cyber espionage group APT10, allegedly accessed service providers in twelve countries.  This is an example of Nation states seeking access to other government’s systems and information by attacking the data supply chain for security weaknesses; by compromising a managed service provider’s (MSP) systems an adversary may be able to pivot to the primary target, although often the MSP holds confidential information, in its own right, that could further the adversary’s goals.

Read More

Data Breach Handling – the 5 key steps

New privacy legislation in 2018 saw a dramatic increase in the number of data breach notifications. The 2018 British Airways data breach had more than 380,000 customers’ payment card details stolen by hackers. This contributed to a long line of data breaches making the headlines in the UK, after some of their biggest brands like Superdrug, Carphone Warehouse, Currys, Dixons Travel and PC World were hacked earlier in the year. Read the blog to explore the 5 key steps to mitigating risk.

Read More

OAIC Quarterly Results – Notifiable Data Breaches Upward Trend

The second “Notifiable Data Breaches Quarterly Statistics Report” has been published by the Office of the Australian Information Commissioner (OAIC) and it certainly makes for interesting reading. The statistics within this report show a definite upward trend in reporting and interestingly it also shows a swing from last quarter’s report towards the nature of the incidents, from human error to malicious data theft. Let’s look at some of the details within the OAIC’s report and see what it tells us about the state of security within Australia.

Read More

Supply Chain Cyber Attacks on the Rise – Steps to stay in control

The meteoric rise of supply chain cyber attacks over the past five years shows that organisations must focus on tightening the security of their subcontractors, suppliers and partners.  An article by Harvard Business Review (HBR) suggests, “Over 60% of reported attacks on publicly traded U.S. firms in 2017 were launched through the IT systems of suppliers or other third parties such as contractors, up from less than one-quarter of attacks in 2010.”

Read More

Typeform’s Data Breach: The Dangers of Supply Chain Attacks

Spanish online survey company, Typeform, recently experienced a serious cyber-attack, resulting in hackers downloading a partial backup of its customer data. Typeform noticed the breach on 27th June and reported they had remedied the issue within 30 minutes of discovery, yet all survey responses passing through their online platform prior to May 3rd, 2018 could be at risk. This survey company’s breach shows how dangerous supply chain attacks can be.

Read More

‘Tis the Season for Phishing Attacks

Teach your staff to detect social engineering to keep them cyber safe over the Christmas break.  Holidays bring with them frantic shopping, party planning,  family arrangements, and, finally, taking a well-earned break and connecting with family and friends. However, criminals also look forward to this time of year, for a very different reason: they use our distraction against us, relying on us being even more in a hurry than normal. And when we’re distracted, we make mistakes.

Read More

Cyber Security Quotes: Why “We’ve never been hacked” probably isn’t true (ever)

As cyber security quotes go its not uncommon to hear the claim “We’ve never been hacked”; it might come up in a conversation when a service provider is trying to win business from a company where there will be an exchange or hosting of data, or maybe it will be a defence against some findings in an audit where there are controls that are missing or ineffective. It may even be part of a board presentation to provide confidence or found on a CV sent in application for a senior CISO role.

It does however belie several truths that are fairly enshrined within the cyber security industry. In this post we’ll try and explain what these truths are, and translate the cyber security quote “We’ve never been hacked” into more likely and appropriate interpretations.

Read More

Ransomware: 4 Cyber Security Processes To Keep Your Business Safe

Ransomware has plagued businesses for several years, but the recent outbreaks of WannaCry and NotPetya have marked the beginning of a new era of hybrid malware that combines multiple exploits into something much more dangerous. What can organisations do to remain safe when the cyber criminals are innovating so quickly?

Read More
1 2