Category: IT Security

Cambridge Analytica Ordered To Turn Over All Data On US Professor

Posted on by Rob Burdett

The UK data watchdog, the Information Commissioner’s Office (ICO), has ordered the consulting firm Cambridge Analytica to hand over all the personal information it has on US citizen Professor David Carroll, or face prosecution.

Demand Made in May 2017

The consulting firm, which is reported to have ceased operations and filed for bankruptcy in the wake of the recent scandal involving its access to and use of Facebook users’ details is facing the Enforcement Notice and possible legal action (if it doesn’t comply) because it has not fully met a demand made by Professor Carroll early last year.

Who Is Professor David Carroll?

David Carroll is a professor at the New School’s Parsons School of Design. Although Professor Carroll is based in New York and is not a UK citizen, he used a subject access request (part of British data protection law) to ask Cambridge Analytica’s branch in the UK to provide all the data it had gathered on him. With this type of request, organisations need to respond within 40 days with a copy of the data, the source of the data, and if the organisation will be giving the data to others.

It has been reported that Professor Carroll, a Democrat, was interested from an academic perspective, in the practice of political ad targeting in elections. Professor Carroll alleges that he was also concerned that he may have been targeted with messages that criticised Secretary Hillary Clinton with falsified or exaggerated information that may have negatively affected his sentiment about her candidacy.

Sent A Spreadsheet

Some weeks after Professor Carroll filed the subject access request in early 2017, Cambridge Analytica sent him a spreadsheet of information it had about him.

It has been reported that Cambridge Analytica had accurately predicted his views on some issues, and had scored Carroll a nine 9 of 10 on what it called a “traditional social and moral values importance rank.”

What’s The Problem?

Even though Carroll was given a spreadsheet with some information, he wanted to know what that ranking meant and what it was based on, and where the data about him came from. Cambridge Analytica CEO Alexander Nix told a UK parliamentary committee that his company would not provide American citizens, like David Carroll, all the data it holds on them, or tell them where the data came from, and Nix said that there was no legislation in the US that allowed individuals to make such a request.

The UK’s Information Commissioner, Elizabeth Denham, sent a letter to Cambridge Analytica asking where the data on Professor Carroll came from, and what had been done with it. Elizabeth Denham is also reported to have said that, whether or not the people behind Cambridge Analytica decide to fold their operation, a continued refusal to engage with the ICO will still potentially breach an Enforcement Notice, and it will then become a criminal matter.

What Does This Mean For Your Business?

Many people have been shocked and angered by the recent scandal involving Facebook and its sharing of Facebook user data with Cambridge Analytica. The action by Professor Carroll could not only shed light on how millions of American voters were targeted online in the run-up to the 2016 election, but it could also lead to a wider understanding of what data is stored about us and how it is used by companies and organisations.

The right to request personal data that an organisation holds about us is a cornerstone right in data protection law, and this right will be brought into even sharper focus by the introduction of GDPR this month. GDPR will also give EU citizens the ‘right to be forgotten’, and has already put pressure on UK companies to put their data house in order, and prepare to comply or face stiff penalties.

This story also shows that American citizens can request information from companies that process their data in the UK.

Fake Online Reviews Investigation

Posted on by Rob Burdett

A recent investigation as part of a BBC 5 Live programme has led to the underground trade in fake online reviews coming under the spotlight.

What Reviews and Why Does It Matter?

The kinds of reviews of products and services that can allegedly be purchased and displayed online in order to influence purchasing decisions are reported to be those on sites such as Trustpilot and Amazon.

Three quarters of UK adults use online review websites, and the government’s Competition and Markets Authority estimates that such reviews potentially influence £23 billion of UK customer spending every year.

Younger consumers are thought to be particularly influenced by the reviews of others / their peers when it comes to purchasing decisions.

The key motivator for businesses buying fake reviews is, orf course, to rank top for your product because this can lead to a lot of extra sales.

How Bad Is The Problem?

A Chartered Institute of Marketing (CIM) Study shows that almost half of UK adults believe they have seen fake reviews, and according to US analysts, as many as half of the reviews for some products posted on international websites like Amazon may be potentially unreliable

What’s Been Happening?

According to the recent BBC investigation of the problem, buyers are offered full refunds on products bought on Amazon in exchange for positive reviews. This practice is believed to be something that was driven underground back in 2016 after Amazon introduced measures designed to prohibit ‘incentivised reviews’ i.e. businesses offering customers free goods in exchange for positive reviews.

The BBC 5 Live team investigators have reported that they were offered deals for Amazon reviews, and were able to use eBay to purchase a false 5-star review on Trustpilot.
Denied

In response to the findings of the BBC investigation, Amazon has stated that it does not permit reviews in exchange for compensation of any kind and that customers and Marketplace sellers who don’t follow review guidelines are subject to action including potential termination of their account.

Trustpilot has said that it uses specialist software to screens reviews against 100’s of data points around the clock in order to automatically identify and remove fakes, and that it has a zero-tolerance policy towards any misuse.

E-bay has also stated that the sale of fake reviews is banned from its platform, and that any listings will be removed.

What Does This Mean For Your Business?

The potential rewards of more sales an profits, getting a competitive edge, and boosting brand awareness are powerful motivators for some businesses who may feel that when weighed up against the lack of any serious penalties, buying fake reviews may appear to be worth the risk. For the vast majority of review-reading customers, however, this is a deceptive practice that may cause them to purchase products that do not meet their needs or expectations.

The proliferation of fake reviews also undermines public trust in reviews, and this can be particularly unfair for those companies who have worked hard to get genuine positive reviews through simply providing superior products and service levels.

There is an argument that more preventative action needs to be taken by these platforms to stop fake reviews being published in the first place, and that stronger penalties are needed for those caught selling fake reviews.

Sadly, many commentators believe that we are currently in a ‘post-truth era’ where many people get their news from social media and where we are becoming conditioned to put less emphasis on the need for objective facts. It is with this backdrop that the trade in fake reviews has been allowed to grow.

There is still a strong argument, however, that there is no substitute for striving to provide quality products and great customer service as these strengthen a business anyway, ensure that reviews are positive, and should ultimately win over short-term deceptive practices.

Google Chrome Leads Digital Certificate Clean Up

Posted on by Rob Burdett

The Google Chrome Browser is being equipped with transparency logs that are designed to prevent potentially costly digital certificate errors by Certificate Authorities (CAs) and to guard against cyber-criminals issuing their own certificates.

Stopping Misuse

The move has been designed to improve all-round transparency, and to better protect both users and companies from becoming victims of certificate misuse.

Triggers A Warning Message If Not Logged

The change means that all CAs must now log every digital certificate they issue in certificate transparency logs so that any website with a secure socket layer (SSL) or transport layer security (TLS) certificate that isn’t logged will trigger a browser warning. The warning will tell users the website’s certificate doesn’t comply with Google Chrome’s transparency policy, and therefore, may not be safe.

In fact, any part of a website that’s served over an https connection that doesn’t comply with Google’s policy will not load and will display an error in Chrome DevTools.

The change applies to all TLS server certificates issued after 30 April, 2018.

Driving Positive Change

With Google Chrome reportedly being used by 60% of web users, this move is being seen by some as Google using its market dominance to drive better practices. It is expected, therefore, that most other major browsers will follow Google’s example.

What Does This Mean For Your Business?

This is really just an industry change that primarily affects parties issuing the certificates e.g. a Certificate Authority. The change isn’t retroactive and so isn’t going to affect SSL certificates that were issued but not logged before April 30, 2018. This change will not (immediately) directly affect end users, although the clean-up effect that it may have on the whole business around certificates, and in thwarting some of the activities of cyber criminals could contribute towards a more secure internet generally. For example, cyber-criminals have been able to target internet users by finding ways to issue their own certificates.

The change should also give businesses a way to take action to protect themselves and their customers against any potential damage done to their business by mis-issuance of certificates.

This story should also be a reminder that from June, if your website doesn’t have a secure certificate i.e. if it doesn’t have https in the URL, Chrome will post a security warning to visitors which could mean that you lose enquiries and sales. Not having a secure certificate could also potentially mean that your website could suffer in the search engine rankings.

TSB Computer Meltdown – Problems Nearly 2 Weeks On

Posted on by Rob Burdett

Customers of TSB are reportedly still experiencing difficulties with internet and mobile banking services nearly 2 weeks after problems first began.

What Happened?

TSB, which was acquired by Spanish bank Sabadell in 2015, tried to fully migrate its computer systems from its old Lloyds Bank systems to its new core banking system, known as Proteo4UK. Proteo4UK is basically a version of Sabadell’s in-house core banking platform Proteo which has been designed for TSB.

The system had already been rolled out to staff in November 2017, and the full rollout to customers was also supposed to have happened in November but was put back until April to avoid potential confusion of the expected interest rate rise.

Why Migrate?

The expected benefits behind TSB’s decision to migrate were cost savings through not having to pay £160 million per year to Lloyds Bank for hosting, and the opportunity to be able to implement its own customer-facing systems offering digital banking services.

TSB had already launched a mobile app for Android and iOS devices to enable customers to use banking services via the new system in a convenient way, and was in the process of offering iPhone X users the opportunity to use their faces as identification.

Meltdown

Unfortunately for 1.9 million TSB customers, the bank staff, and TSB’s reputation, the migration did not go to plan and resulted in what some commentators have described as a ‘meltdown’ of its banking systems.

Some of the problems experienced by customers have included not being able to access their own money, no access to any mobile and online services, problems with direct debits, and amounts of money appearing and disappearing. It was even reported that one customer was mistakenly credited with £13,000. TSB has also been deluged, understandably, with complaints, with TSB staff facing hostility, and the reputation of the bank taking a battering in the media.

Response

Several apologies later, and even though TSB’s CEO Paul Pester announced in BBC Radio 4 interview that he would take direct control from the banks’ platform, and that he’d drafted in a team of global experts from IBM, and although the mobile app is now reportedly fixed, some customers are still reported to be experiencing problems. Some have appeared in tv news reports telling of their experiences and of their fears that important bills may not have been paid as a result of the system’s problems.

Treasury Committee Wants Answers

Executives from TSB and parent company Sabadell have been asked to appear before MPs to respond to questions and give evidence to the Treasury Select Committee on Wednesday 2nd May over the ongoing IT system outage.

What Does This Mean For Your Business?

It is well known that many banks run on old systems which have led to glitches in the past i.e. customers not being able to access their money, and have been the cause of worries about security. The case of TSB illustrates how the company had good commercial intentions as a challenger bank in migrating its systems to reduce costs and meet the modern customer’s digital expectations, but ended up creating a PR disaster for itself. It is thought that the problems could cost the bank millions in lost customers, compensation, and damage to the brand.

Some commentators have criticised the bank for mismanaging the migration and for focusing too much on creating fancy apps rather than focusing on just getting the migration to happen as smoothly as possible.

It has also been suggested that, if joining or switching to a new bank, customers could do worse than to ask their proposed new bank what their plans are in terms of core banking platforms, whether they have any major IT projects planned, and how up to date is the core banking system is.

The problems with TSB’s banking systems will undoubtedly have impacted many businesses as customers were unable to access funds or to spend as they normally would, or to pay existing agreements, and this all adds up to extra costs, reduced profits, and stress for business owners.

This story is also a reminder to businesses that unforeseen and potentially costly IT problems can happen, particularly with cyber-crime activity, and that having a good Business Continuity Plan and Disaster Recovery Plan is important.

GDPR: Don’t Get Caught Out By Your Logfiles

Posted on by Rob Burdett

With all the focus on the more visible elements of GDPR compliance ahead of the Regulation’s introduction of May 25th, one EU Working group is warning businesses not to forget what’s stored in the logfiles of their Internet-facing servers.

What Are Logfiles and Why Should We Care?

Logfiles record either events that occur in an operating system or other software, or messages between different users of communication software.

As well as being useful to an organisation e.g. for providing clues about hostile activity affecting the network from within and without, and providing information for identifying and troubleshooting equipment problems, logfiles on Internet-facing computers can also potentially provide information to hackers and cyber-criminals that could compromise your system and data security.

Report Suggestions

A draft report by the Internet Engineering Task Force’s Internet Area Working Group (IETF’s INTAREA) says that changing data regulations have meant that what were established best practices have now become poor practices. The draft, therefore, offers a checklist as a set of updates to RFC6302 designed to help plug this potential GDPR compliance black spot. The “Recommendations for Internet-Facing Servers” draft suggests that sysadmins adopt a data minimisation approach to configuring their server logs, and suggestions include:

  • Full IP addresses should only be stored for as long as they are needed to provide a service;
  • Logs should only include the first two octets of IPv4 addresses, or first three octets of IPv6 addresses.
  • Inbound IP address logs shouldn’t last longer than three days, because that lets logging cover a weekend before it’s flushed.
  • Unnecessary identifiers should not be logged e.g. source port number, timestamps, transport protocol numbers, and destination port numbers,
  • The logs should be protected against unauthorised access.

It should be said that any legally-mandated logging e.g. to comply with local telecommunications data retention laws, isn’t covered by the draft.

Cookie Consent Pop-Ups

We are all used to seeing cookie consent pop-ups when we arrive at websites, but the “implied consent” website owners have assumed existed once people clicked “I Agree” to cookies may no longer apply under GDPR. This is because GDPR is consent specific, and there is no way “implied consent” can get you water-tight compliance. What this means is that cookie consent pop-ups may soon be on legally shaky ground when it comes to GDPR compliance.

What makes this issue more complicated is the fact that the EU had intended to publish an updated ePrivacy Regulation, with the commencement of GDPR, to relax the cookie popup requirements, but didn’t do so. This means that data privacy rules on this matter will be governed by the old ePrivacy Directive and GDPR at the same time, with GDPR having the precedence.

What Does This Mean For Your Business?

This story shows that with GDPR just around the corner, some of the finer areas of compliance are starting to come under the spotlight. Yes, data protection, data security and privacy are the responsibility of all of us, not just the ‘technical people’, but when it comes to having to deal with server-logs, there clearly is a need for a technical focus to ensure all-round general compliance. Hackers, by nature, are generally technically proficient, and can employ multi-level and sophisticated attack techniques. It makes sense, therefore, that companies make attempts to plug known technical weak-spots such as those highlighted in this draft.

The cookie consent pop-up issue highlights the complicated area of consent that many companies have anticipated with the introduction of GDPR. The important point to remember is that GDPR is consent specific. Consent can’t simply be implied, and consent must also be unambiguous, informed, a statement or clear affirmative action, and freely given. Also, under GDPR, a data subject has the right to withdraw their consent at any time.

WhatsApp Raises Age To 16 For GDPR

Posted on by Rob Burdett

Facebook’s WhatsApp messaging service is raising its minimum age in Europe to 16 to comply with GDPR which comes into force on May 25th.

Was 13

Up until now, the minimum age has been 13, and that minimum age will remain for the rest of the world, in line with its Facebook parent company. WhatsApp, founded in 2009, has an estimated 1.5 billion users.

Just Asking

Users will be asked to confirm their minimum age by the new WhatsApp Ireland Ltd in the next few weeks, when they will be prompted to agree to new terms of service and a privacy policy. Some critics have pointed out that even though users will be asked if they are 16 or over, it is unclear from the information that the service holds about users how their age can be accurately checked and verified and, therefore, how the new rule can be enforced.

Based on US Law Until Now

The age 13 limit up until now has been based upon the US law “Children’s Online Privacy Protection Rule” (Coppa), which bans online services from collecting personal information about younger children. This is why the usage of many other popular social media apps e.g. Snapchat, YouTube, Instagram, Pinterest, Twitter, Musical.ly and Reddit are restricted to persons aged 13 and over.

WhatsApp’s parent company Facebook faced criticism after announcing last December that it would be targeting younger children with its ‘Messenger Kids’ service. At the time, Facebook’s primary (stated) motive for the new junior version of its platform was to provide a safer, more age-appropriate version, but some tech and business commentators suggested that it may also be an ideal way for Facebook to recruit its next generation of users, and to capture the attention of 6 to 12-year-olds before Snapchat or a similar social network competitor.

Collecting and Sharing Information

The recent Facebook and Cambridge Analytica scandal has brought the matter of collecting and sharing of our personal data into sharp focus. WhatsApp, however, has said that the new changes do not mean that it will be asking for any new rights to collect personal information in the agreement it has created for the European Union. WhatsApp says that the goal of the change is simply to explain how they use and protect the limited information they have about users.

As well as the age restriction change, WhatsApp is also, therefore, rolling out a feature with the latest version of the app that allows users to download a report detailing the data that WhatsApp holds on them e.g. the make and model of the device they used, their contacts, their groups and any blocked numbers.

Facebook Nominate

Facebook is also updating its data policy to comely with GDPR which involves asking 13 and 15-year-old users to nominate a parent or guardian to give permission for them to share information on the platform. If they won’t / cannot do so, the young users will not be able to see a fully personalized version of the social media platform.

Also, Facebook’s Instagram is launching a data download tool to provide users with a file containing the photos, comments, archived stories, contacts and any other personal data that they’ve posted to the service in the past.

Twitter Too

Twitter Inc is also changing its privacy policy so that users can view information they share with the micro-blogging service and show how it’s being used, ahead of the introduction of GDPR. Twitter has said that the changes are to make the privacy policy visually clear and easy to use, and to clarify legalistic or technical language.

What Does This Mean For Your Business?

This story is another clear reminder that the introduction of GDPR is just around the corner as the tech giants, who have more to lose in fines, potential lost customer numbers, and serious reputational damage, make the necessary legal moves to ensure compliance. For Facebook especially, they have faced some very high profile bad publicity this year over their handling and sharing of personal data, so getting their GDPR compliance house in order may be a way to help avoid any further problems.

There is also a very serious ethical element to this story. It is estimated that Facebook has 20 million under-13-year-olds currently using the network, and there may also be a very large number of children using WhatsApp. Parents may understandably have serious concerns about what content children can have access to and, equally importantly, who can have access to children via social networks. Unsuitable material, commercialisation, bullying (or predatory behaviour by some adults) are just some of the issues to consider.

As well as these concerns, governments (such as the UK) are looking to stop end-to-end encryption in WhatsApp, GDPR is just around the corner, Facebook is now facing more tough questions about its Cambridge Analytica links, Martin Lewis (OBE) is taking Facebook to court for defamation and calling for Facebook to take responsibility for its actions … the pressure is now seriously on big social media platforms to make some changes, particularly where EU users are concerned.

Half of UK Manufacturers Hit By Cyber Attacks

Posted on by Rob Burdett

A new report published by manufacturers’ organisation EEF in partnership with insurance firm AIG and the Royal United Services Institute (RUSI) shows that 48% of UK manufacturers have been subject to a cyber-security incident at some time.

Loss and Disruption

Half of those manufacturing companies who admit to being hit by cyber-criminals have said that the incident(s) caused financial loss or disruption to business.

Challenges

The report highlighted several key challenges that the manufacturing industry faces in making itself less vulnerable to cyber-criminals. These challenges include:

  • The age of equipment and the networked nature of production facilities. Many industrial systems are up to 20 years old and were developed before cyber threats became a big issue. As a result, poorly protected office systems, often the first implemented historically within manufacturing businesses, are particularly vulnerable. Also, a networked building, such as many manufacturing sites, can be hacked and exploited.
  • Many manufacturing companies hold a large amount of classified information e.g. intellectual property (IP) and trade secrets, which makes them targets for (for example) financially motivated, state-sponsored hackers.
  • Having no idea of the nature and size of the risks. 41% of manufacturing companies don’t believe they have access to enough information to assess their true cyber risk, and 12% of manufacturers admit they have no technical or managerial processes in place to even start assessing the real risk.
  • A lack of basic detection that a cyber attack is taking place / has taken place, and a lack of investment in training i.e. 34% do not offer cyber-security training.
  • Feeling that they are not equipped to tackle the risk anyway. For example, 45% are not confident they are prepared with the right tools for the job.
  • A lack of confidence. Although 91% of the 170 UK manufacturing businesses polled are investing in digital technologies, 35% think that cyber vulnerability is inhibiting them from doing so fully.

What Does This Mean For Your Business?

For manufacturing businesses facing the very real threat of sophisticated, multi-level attacks, now is not the time to be left with a vulnerable outdated system. Advice from the report includes following the advice of the Government backed ‘Cyber Essentials’ scheme. This includes the 5 security essentials of using a firewall to secure your Internet connection, choosing the most secure settings for your devices and software, controlling who has access to your data and services, protecting yourself from viruses and other malware by using antivirus software, only downloading apps from manufacturer-approved stores, or running apps and programs in an isolated environment, and continually ensuring that operating systems and software are up-to-date and running the latest security patches.

Clearly, manufacturing companies with old systems may need to bite the bullet and invest in more modern, digitised, and well-protected systems. The report also indicates that greater investment in staff training is needed to help them spot and deal with risks, and to avoid the kind of human error that is needed in many modern cyber-attacks e.g. malware / viruses sent by email, phishing, and other social engineering attacks.

Another opportunity for manufacturing companies to boost cyber-security could also come from cyber-insurance. For example, many cyber insurers offer a comprehensive package of pre-loss services to businesses to carry out a cyber health check which could help to highlight gaps in cyber risk management and help identify what security measures should be prioritised.

Russia Suspected of Hacking Campaign

Posted on by Rob Burdett

The UK’s National Cyber Security Centre (NCSC), the FBI and the US Department of Homeland Security have warned that Russia may be behind a broad hacking offensive targeting millions of machines that direct data around the net.

Networking Equipment Targeted

US and UK security agencies have issued a joint internet security alert warning and have been reported as suggesting that a surge in global hacks targeting the networking equipment used to move traffic across the net is the result of a Russian state-sponsored campaign.

Why?

Some commentators have suggested that the deterioration between the relationship between Russia and the West resulting from issues like accusations of election meddling, the poisonings in Salisbury, and arguments over the Syrian conflict may have contributed to an online revenge offensive.

As well as the disruption caused, the aim appears to be espionage / the theft of information (which actually dates back at least to the late 1990s), and the threat (so far) of destructive acts of sabotage e.g. disabling parts of the electricity grid. These kinds of suspicions have arisen because many recent hacks appear to be pre-positioning in networks that are part of the critical national infrastructure.

Cyber War Ahead?

While we are being told that we have returned to another ‘Cold War’ situation, some commentators have suggested that we may be on the brink of a cyber-war with Russia, even though there has not been any real significant cyber-attack or change of behaviour from Russia.

Although Russia has been accused of launching destructive attacks against Ukraine, which had a negative effect on businesses there, and despite the apparent reported increase in cyber-attacks from Russia, it is still difficult for many to say whether Russia has the capability to carry out very destructive cyber attacks. Cyber attacks are often harder to trace and easier to deny than military attacks.

UK’s Own Offensive

It is worth remembering too, that as well as having defences in place, the UK has its own offensive cyber-capability, honed for over a decade, starting in the conflict in Afghanistan. Recently, for example, the UK and the US are reported to have targeted the Islamic State group with cyber attacks, with some degree of success. It would be naive to assume, therefore, that the UK is not planning / undertaking its own activities in Russia e.g. pre-positioning in Russian networks to be able to respond to any Russian cyber aggression.

What Does This Mean For Your Business?

At the moment, it is simply a case that a warning has been issued. If a cyber-conflict does start in a noticeable way, as in real war, it is likely to be individuals, businesses, and other organisations and other services that suffer e.g. service providers, firms running critical infrastructure, government departments and large companies first, followed by other UK businesses. The Internet plays an essential role in modern business and disruption of vital network infrastructure could damage UK businesses and their competitiveness in the home and global market.

UK businesses also face the threat of foreign state-sponsored attacks designed to spy on / steal data, and undermine firewalls and intrusion detection systems used to spot malicious traffic before it reaches users. It has never been more important, therefore, for businesses to configure security systems correctly, apply patches and address any hardware vulnerabilities, and to make sure that their cyber resilience is at its best across all possible channels.

UK Launched Major Cyber Attack Against ISIS

Posted on by Rob Burdett

GCHQ’s new director has revealed that last year, the UK has conducted a large-scale cyber-attack against ISIS that was designed to suppress online terrorist propaganda and hinder ISIS’s ability to coordinate attacks.

Growing For A Decade

Confirmation that the attack took place came as part of the first public speech by GCHQ’s new director and former MI5 agent, Jeremy Fleming. During his speech at the National Cyber Security Centre’s (NCSC) flagship event in Manchester, Mr Fleming said that the cyber attack is just the latest part in what have been GCHQ’s efforts to grow its online counterterrorism capabilities over more than a decade.

The outcomes of cyber attacks as weapons against any enemy can range from denying online services, disrupting a specific online activity, and deterring individuals or groups, to effectively destroying equipment and networks.

Degraded Infrastructure

The UK’s cyber-attack against ISIS is reported to have degraded the terror group’s online infrastructure, made a significant contribution to coalition efforts to suppress any Daesh propaganda, hindered the terror group’s ability to coordinate attacks, and provided more protection for coalition forces on the battlefield.

Over-Achievers

It seems that this latest big cyber-attack success is only the tip of the iceberg, as a report by Parliament’s Intelligence and Security Committee (ISC) has said that GCHQ spies had “over-achieved” in 2017, and that GCHQ had delivered on the first of three stages in its mission to bolster its cyber capabilities thanks to staging almost twice as many potential hacks than its targets.

Russia In The Spotlight

The recent deterioration of the relationship between the West and Russia means that its cyber-behaviour, as well as that of ISIS, is now reported to be more of a focus for GCHQ. In the director’s speech in Manchester, Mr Fleming said that the Russian state should be held accountable for what it does, and that the UK will continue to respond to malicious cyber-activity in conjunction with international partners such as the United States.

Helpful Tool

Another helpful tool that could be used to combat terrorist propaganda online could include the auto-blocker for extremist content that was mentioned by Home Secretary Amber Rudd. The tool, which Home Secretary Rudd would like to see adopted by ISPs can be configured to detect 94% of extremist video uploads.

What Does This Mean For Your Business?

It stands to reason that the UK is launching its own cyber-attacks against what it sees as legitimate targets elsewhere in the world. Cyber-attack and security capabilities are now being used worldwide to support military operations, damage enemy communications and infrastructure and thereby degrade the threat they pose, as well as protecting home infrastructure and vital networks.

Attacks by other states, criminal and terror groups e.g. hacks, DDoS attacks and viruses, can end up impacting many UK businesses, so its good to hear that GCQH, MI5 and other actors are ‘over-achieving’ in their efforts to protect the UK, and reduce the threats that we face in a time of shifting geopolitical and technological landscapes. We can assume, therefore, that the successful actions of our security agencies must be indirectly protecting many of the interests of UK businesses.

Phishing Attack Simulator: Microsoft Goodies

Posted on by Rob Burdett

Microsoft has announced a set of business security tools, including a phishing attack simulator, that make it easier and more affordable for businesses to identify and fix vulnerabilities before they become an issue.

Attack Simulator

One of the key tools announced to coincide with the annual RSA conference in San Francisco, is the Attack Simulator. This tool is included in Office 365 Threat Intelligence, and is currently still in preview.

Spear Phishing Simulator

The tool, which simulates display name spear-phishing attacks, password-spray attacks, and brute-force password attacks, enables businesses to determine how end users behave in the event of an attack, and update policies to ensure that appropriate security tools are in place to protect the organization from threats.

A spear-phishing attack, for example, is used to gain access to users’ credentials or financial information, and often involves sending emails, purporting to be from a person of influence in an organisation to other users. The Microsoft attack simulator tool applies machine learning models and impersonation detection algorithms to incoming email messages. The AI system is trained to detect phishing messages. It also uses algorithms to protect against various user and domain impersonation attacks.

Intelligent Security Graph

Microsoft credits its ‘Intelligent Security Graph’ as being the ‘central nervous system’ that is at the heart of its tools for tracking and mitigation of attacks across platforms and services. This combines AI with data gained from analyzing web pages, emails and malware threats on Windows 10 and the cloud. This enables Microsoft to warn users of existing and new threats.

Only Access SaaS Service If Your Device Is Healthy

Another important development of Office 365’s Conditional Access service is an update (currently in preview) which combines Conditional Access Information with data from the Windows Defender Advanced Threat Protection (ATP) security scanner to ensure that a user can only access a given SaaS service if their device is healthy.

Security Score

A potentially important new tool that Microsoft has developed for IT admins is an expanded version of the Office 365 Secure Score tool, which gives a single measure for evaluating the risk profile across Office 365 service and their users’ devices.

What Does This Mean For Your Business?

For many businesses e.g. SMEs, up-to-date cyber attack simulators would be beyond their resources. These new tools from Microsoft have been ‘trained’ thanks to AI and real-world analysis via Windows 10, thereby making them an affordable, accessible, and hopefully effective and welcome addition to the security options that businesses have at their disposal.

There is no doubt that human / employee error is at the heart of many successful cyber-attacks. With a phishing attack simulator that allows the creation of a fake phishing email, companies can see, for example, which employees fall for them, and this could serve as a way of identifying who needs extra security extra security training.

The combination of these new tools from Microsoft could provide an effective way that companies of all sizes could take proactive measures to plug gaps in their cyber-security shield, and guard against the kind of breaches that could be expensive and damaging, especially with the introduction of GDPR.