Each week, IRM gathers up (what we think) are the most interesting and important reads from the cybersecurity industry. The weekly roundup includes good and bad examples of cybersecurity practice and thought-pieces from across the globe – all summarised in one handy place for your regular news top-up.
Trump signs directive to protect US from cyber-attacks
Donald Trump has signed a new directive on Thursday aimed at protecting the US from increased cyber-attacks. The classified cyber-strategy focuses on nation state attacks from Russia, China, Iran and North Korea, who Trump believes to be his biggest threats.
When talking about US response to cyber-attacks, the National Security Advisor, John Bolton, stated that they would be “offensive” as well as “defensive”. Additionally, he said that the US response to cyber-attacks would not necessarily be in cyberspace.
The new strategy, which replaces Obama’s previous cyber directive, focuses on four elements: “protecting the American people, homeland and way of life; promoting US prosperity; preserving ‘peace through strength’ and strengthening Washington’s influence on the internet.”
Equifax fined by ICO for 2017 data breach
The credit rating agency Equifax will be fined £500,000 by the ICO after a cyber-attack exposed the information of 146 million people in 2017.
The ICO concluded that Equifax’s UK branch hadn’t put appropriate measures in place to protect UK citizens’ data. It was also uncovered that Equifax originally reported that only 400,000 Britons had been affected, which was later revealed as nearly 700,000 people.
The data exposed included dates of birth, telephone numbers and driving licence details. Equifax have stated their disappointed and claim they have implemented a range of protective measures.
Password stealing attacks on the rise
According to an Akamai report, there has been a monthly average increase of 30% on malicious login attempts between January to June 2018.
With the financial services highlighted as the most vulnerable industry, hackers are using botnets to assume identity and gather information.
Students ‘blamed’ for university cyber-attacks
Based on a study by Jisc, a Government funded agency, students are being labelled as responsible for cybersecurity attacks. This conclusion was drawn after the study showed that the majority of attacks took place during the day in term-time. Additionally, the attacks decreased “dramatically” out of term time, indicating it could be the students (or staff) involved in the hacks.
The research was based on 850 attacks between 2017 and 2018, studying the details and patterns to determine likely responsibility.
Bristol Airport’s flight display boards victim to cyber-attack
It was reported on Thursday that Bristol Airport were still experiencing issues with their flight information display boards. This was after they announced they had been subject to a cyber-attack last week.
After the attack, the Airport decided to shut down certain network applications, including the 140 information screens. The staff took this measure to avoid potential tampering with flight information that would impact passenger information.
Opinion: How a cyber-attack could cause the next financial crisis
So far, the financial sector has mostly suffered from over-lending and forced bankruptcy. The Harvard Business Review puts forward the idea that the next culprit for a crisis is likely to be a cyber-attack.
There is a large risk of cybercriminals using their skills to infiltrate financial systems to create a wider attack on national infrastructure. Considering our reliance on online banking transactions and cashless lifestyles, this type of attack would be highly damaging to our economy.
Cyber-attacks are now ranked as the biggest threat facing business, ahead of terrorism. It’s estimated that cyber-attacks could cost business up to $120 billion of damage. Interestingly, attacks are likely to stem from a rogue nation state attack or a ‘script kiddy’ who doesn’t realise the consequences of their actions. To prevent these scenarios, companies are encouraged to implement systems that enable them to avoid the spread of cyber-attacks, as well as applying thorough incident response plans.
If you would like to speak to our cybersecurity specialists about your protection strategies going forward, feel free to get in touch.