Category: cyber security

Cyber Security Breaches Survey 2021

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021

The Cyber Security Breaches Survey is a study of UK businesses, charities and education institutions. It was carried out in winter 2020/21

In the survey, micro business means 1-9 employees, small is 10-49, medium is 50–249 and large is 250 upwards.

On average, 39% of businesses and 26% of charities report having cyber security breaches or attacks in the last 12 months. The figures are higher in medium and large organisations as they are more often targeted by criminals.

However, evidence from the study suggests that the risk level is potentially higher than ever under COVID-19, and that businesses are finding it harder to administer cyber security measures during the pandemic.

Key Points For Business That Have Identified Breaches or Attacks

  • 27% of these businesses and 23% of these charities experience such attacks at least once a week. The most common by far are phishing attacks (83% and 79% respectively), followed by impersonation (27% and 23%).
  • A sizeable number of these organisations report that costs are substantial.
  • 21% and 18% respectively of businesses and charities end up losing money, data or other assets.
  • 35% of businesses and 40% of charities report being negatively impacted e.g. because they require new post-breach measures, have staff time diverted or suffer wider business disruption.
  • The mean cost of all the cyber security breaches these businesses have experienced in the past 12 months is estimated to be £8,460. For medium and large firms combined, this average cost is £13,400.

77% of businesses say cyber security is a high priority for their directors or senior managers, while 68% of charities say this of their trustees.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Maintain Online Privacy

One of the wonderful things about the Internet is the capacity to share information quickly and with a lot of people.

Conversely, one of the big problems with the Internet is people with malicious internet obtaining your confidential information.  Everyone from the ‘Big Brother’ of Facebook, Google and others watching everything we do to scammers trying to steal from us.

Here are some actions you can consider to protect your online security

  1. Have up to date anti-virus and anti-malware on all of your computer devices
  2. Don’t give out information that you don’t want scammers to have, unless you are sure of the person or website you are giving it to.
  3. Be careful – if something looks too good to be true then it’s likely to be a scam
  4. Never click on a link or open an attachment unless you are sure it is safe
  5. Avoid public WI-FI if you intend to access online banking or anything else that needs to be secure.

Website Browsing

There are a number of things you can do to make your website browsing more private and safer.

  • Use the privacy/incognito mode
  • Block web activity trackers
  • Block your ads
  • Use encrypted messengers
  • Get a VPN
  • Avoid non-https:// websites for input of confidential information
  • Clear your cookies regularly
  • Use secure/encrypted email providers

The  guide at https://thebestvpn.com/online-privacy-guide/ contains a lot more information on what you can do to maintain your online privacy.

Fightback Ninja Signature

Avast Secure Browser

Avast Secure Browser is a web browser developed by Avast that focuses on Internet security and privacy. It is free and available for Microsoft Windows, macOS, iOS and Android.

Features

  • Block malicious webpages and browser extensions
  • Advert Block
  • Bank Mode
  • A password manager.
  • Video Downloader
  • Anti-tracking and anti-fingerprinting
  • Anti-Phishing

Bank Mode

Bank Mode creates an isolated Windows desktop session while you do your online banking. This is stop keyloggers from recording your keyboard access.

Bank Mode can give you secure privacy whenever any sort of payment info or sensitive data comes into play. Use it for:

  • online banking
  • online shopping
  • managing investments
  • managing cryptocurrencies

If you have any experiences with secure browsers by any maker, do let me know, by email.

Fightback Ninja Signature

What is Doxing

Doxing means to analyse information posted online by someone in order to identify and later harass that person. It is typically used to shame or punish people who would rather stay anonymous, because of their controversial beliefs or because they are making trouble in some way.

Doxing can be called a cyber attack involving uncovering the real-world identity of an Internet user. The attacker then reveals that person’s details online. This can then lead to other people attacking the ‘victim’  online and this can be malicious.

However much we may wish to hide out r identity online, we all leave a trail of breadcrumbs that the determined investigator can use to try to find out our real identity.

Typical methods used to determine someone’s identity may include:–

  • searching publicly available databases
  • searching social media websites
  • hacking
  • social engineering.

The key point of doxing is to find and publish personal information about the victim but it can be done for a wide range of reasons, including: harassment, online shaming, extortion or vigilantism.

Examples

  1. Newsweek writer Leah McGrath Goodman revealed the identity of the anonymous creator of Bitcoin, Satoshi Nakamoto although she was heavily criticized by some for her actions.

Some believe a journalist using doxing is crossing the legal line into harassment, by publishing information about an individual’s private life against their wishes.

  1. The Des Moines Register published racist tweets made by a 24-year-old Iowa man whose beer sign on ESPN College GameDay resulted in over $1 million in contributions to a children’s hospital, readers retaliated by sharing social media comments previously made by the reporter, Aaron Calvin, which contained racial slurs and condemnation of law enforcement.

The newspaper later announced that Calvin was no longer an employee.

3.   In July 2016, WikiLeaks released 300,000 e-mails called the Erdoğan emails (named after the Turkish leader). However, Included in the leak was a lot of personal information about Turkish citizens. The files were removed due to privacy concerns, as they included spreadsheets of private, sensitive information of voters.

If you have any experiences with these scams do let me know, by email

Fightback Ninja Signature

Man United Ransomware Attack

Manchester United football club experienced a ransomware attack in late 2020. They were held to ransom for millions of pounds by cyberhackers who targeted the club’s computer systems and demanded payment to stop them from releasing sensitive data.

It is a difficult decision for any business – pay up or risk seeing highly sensitive information being wiped out or leaked into the public domain.

The club were clear from the start that the attack was very serious but it did not impact on their schedule of matches.

United brought in a team of technical experts to contain the attack and they informed the Police and the National Cyber Security Centre (NCSC).

The NCSC revealed that in 2019 an English Football league club was hit with a £5m ransomware demand. They were unable to access their CCTV or use entry turnstiles, but its’s not believed that they paid anything.

It took weeks of effort to get things back to normal following the attack and United could face fines of up to £18 million or two per cent of their total annual worldwide turnover from the Information Commissioner’s Office if the attack is found to have breached their fans’ data protection.

The NCSC has previously warned that there is a growing threat to sports clubs.

It took roughly 2 weeks for United IT staff and outside experts to regain control of the situation. It is believed they did not pay the attackers.

The episode was embarrassing for United and they are still under investigation by the Information Commissioner’s Office.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

723 Serious Cyber Attacks Stopped

The job of the National Cyber Security Centre (NCSC) is to protect the UK against cyber threats, whether that’s from hostile nations and groups or simply criminals.

Since it became operational in 2016, GCHQ’s cyber crime defence centre has defended the UK against 1,167 serious such threats.

The majority of the attacks were carried out by hackers “directed, sponsored or tolerated” by foreign governments, according to NCSC chief executive Ciaran Martin.

“These groups constitute the most acute and direct cyber threat to our national security,” he said.

In these days of coronavirus, NSCSC has also had to help protect scientists working on a vaccine, NHS hospitals, essential infrastructure and more.

The Wannacry ransomware in 2017 did huge damage to the NHS hospitals caught out.

NCSC also work to stamp out phishing and similar scams and what they call ‘high commodity attacks’ including the removal of 138,398 phishing sites between September 2017 and August 2018.

Cyber attacks are increasing in volume, scale and range of targets every year so business and all organisations need to take this seriously and protect themselves accordingly.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature