Tag Archives: talktalk

Red Team Alert: How Forward Planning Can Minimise the Effects of a Data Breach

by Ross Dyer

Data breach stories make the news so often these days that no IT security leader can pretend to be unaware of the threat out there. If anything, the situation is getting worse, not better, with attacks becoming more sophisticated and harder to spot. If nothing else, news that TalkTalk lost 7% of its broadband customers in Q4 should focus minds on the issue at hand.

If you don’t prepare now for a potential data breach, if and when one finally hits it could have a far more serious impact on the company. Continue reading

Extortion, Destruction and Lethal IoT Failures Make 2016 a Year to Watch

by Bharat Mistry

It’s been a pretty hectic 12 months, but for UK CISOs the bad news is that 2016 is unlikely to bring with it any respite. Over the past year we’ve seen a never-ending avalanche of data breaches, nation state espionage attacks and hacktivist campaigns; sophisticated new malware; and a return of some old attack techniques. And all of this against an ever more volatile regulatory compliance backdrop that threatens to turn up the pressure even more next year.

We’ll be doing our bit by continuing to protect our customers from the latest threats with innovative new products, and working with law enforcement to hit the bad guys where it hurts. But security bosses should also start planning now to overcome the key challenges Trend Micro predicts for 2016.

A year in security
Organisations on both sides of the Atlantic showed they are still ill-equipped to cope with targeted attacks and continue to make basic security errors allowing hackers to strike. Whether it was the apparently insider-related attack on infidelity site Ashley Madison or the more traditional targeted intrusions at major US healthcare firms Anthem and Premera and the massive OPM federal breach, it was no real surprise that the data breaches kept on coming in 2015. The UK had its fair share of incidents too, many of which were punished by the Information Commissioner’s Office (ICO). The TalkTalk breach turned out to be less serious than at first thought but shows that some British firms are no better at securing customer data than their global counterparts.

At a nation state level our tracking of the Pawn Storm crew’s attacks on NATO members and the White House proved it’s not just China and the US with cyber espionage capabilities. And a devastating strike which took out several TV5Monde TV channels reminded us of the real world damage that cyber attacks can inflict. It was disappointing to see the results of a new Quocirca study sponsored by Trend Micro which found that although complacency about breaches has dropped this year, 12% of the firms that said they’d been targeted didn’t know whether data had been taken or not. Some didn’t even know how much data they’d lost.

Another study we released, this time with the Ponemon Institute, warned of the threat to privacy and security from nascent IoT technologies.

Fighting back
We’ve done our best to help our customers stem the rising tide of attacks this past year, beyond providing industry leading products which received accolades from the likes of NSS Labs (Deep Discovery), Gartner, the V3 Awards (Deep Security) and the IAIR Awards (cloud security company of the year). Deep Security’s virtual patching capabilities have helped countless businesses continue to run Windows Server 2003 beyond the deadline for end of support earlier this year. And a landmark MoU agreement with the NCA has seen our threat researchers working hand-in-hand with the crime agency on cases – already resulting in the arrest of two suspects in the UK. Those same researchers have also lifted the lid on the shadowy Deep Web cybercrime markets of Japan, China, Germany and beyond in some fantastic reports this year.

We’ve also been awarded the “EICAR trusted IT security” seal of quality for Deep Security, Deep Discovery and OfficeScan – independent proof that none of these products have been tampered with by nation states.

Trouble ahead
But unfortunately the hard work never stops. Already lined up for next year are major changes to the regulatory environment, with the European General Data Protection Regulation and Network and Information Security Directive set to be finalised. And there’s a new Safe Harbour agreement to be thrashed out with US negotiators. Organisations desperately need their own Data Protection Officers (DPOs) to handle these coming compliance requirements and co-ordinate an effective response to data security threats. Yet we predict that fewer than 50% of organisations will have one installed by the end of next year.

Our other predictions for 2016 include the following:

  • Threats will increasingly focus on extortion
  • A failure in at least one consumer-grade IoT device will prove lethal
  • Mobile malware will hit 20 million, driven by China
  • Destructive cyber attacks will increase
  • Ad blocking will kill malvertising
  • Cybercrime prevention efforts will get more successful

Check out our latest report, The Fine Line: 2016 Security Predictions, for more. And we wish you all a very happy Christmas and prosperous New Year.

 

Why it’s Time We Improved Visibility into Targeted Attacks

by Bharat Mistry

The cyber attack and subsequent breach of UK ISP and phone company TalkTalk has dominated the IT headlines over the past few weeks. It’s already predicted to cost the firm an estimated £35 million and is just the latest example of a growing threat that is undermining CISOs’ efforts to keep IP and customer data safe and secure: targeted attacks. We’re not talking about limited nation state activity here. The ability to launch laser-focused data-stealing attacks designed to lift your company’s most sensitive data right from under your noses, without tripping any alarms, is now in the hands of the many.

New research in conjunction with Quocirca reveals that UK and European organisations just aren’t equipped to deal with this new epidemic of silent cyber theft. Continue reading