Your weekly Cyber Snapshot.
Cyber Skills are now a Universal Requirement
No business can afford not to train its staff in information security, writes PGI’s Stephanie Perry in a recent Spotlight Magazine article.
The UK economy, like much of the world, is becoming increasingly digital. The Tech Nation 2017 report found that the UK digital economy was growing at twice the rate of the non-digital economy, and had a turnover of £170bn in 2015.
Businesses of all sizes are releasing how important it is to get online; according to the Federation of Small businesses, “Almost all (99 percent) of the UK’s 5.4 million small firms rate the internet as being highly important to their business, with two in three (66 percent) offering, or planning to offer, goods and services online”.
It is important that businesses know that yes, the risk is there, but managing it doesn’t have to involve outsourcing, which can sometimes be expensive. There are a number of ways businesses can protect themselves. Hiring experts on a consultancy basis for the more complicated tasks come with its own benefits, but upskilling staff has never been more important.
Courses such as CSF (Cyber Security Fundamentals), which is an introduction to cyber awareness and provides a broad overview of the cyber threat landscape, is perfect for those accountable for the protection of data, especially with the new GDPR guidelines looming. It is a good stepping stone to the more technical courses, such asQSTM (Qualified Security Team Member). QSTM covers current techniques and associated skills used for ethical hacking and penetration testing, allowing your staff to think like a hacker and test your systems and staying one step ahead of anyone looking to compromise them…
Read the full article here
Police Hand Out Malware-Infected UBS’s as Prize in Cyber-Security Quiz.
|“Taiwanese police have handed out malware-infected USB thumb drives to the winners of a cyber-security quiz at a data security expo hosted in December last year by the country’s Presidential Office.
The Criminal Investigation Bureau said last week that 54 of the 250 8GB thumb drives it handed out to winners contained malware.
The incident came to light after quiz winners reported that antivirus software showed alerts when users inserted the thumb drive into computers…”
|Out of the 250 prizes, 54 drives picked up the executable malware file XtbSeDuA.exe. Unfortunately, only 20 of them have been recovered so far and 34 remain unaccounted for. This is a clear example of why companies must ensure their supply chain is reliable and trustworthy, for both security reasons and reputational damage. It is also a reminder of the dangers of USB baiting, whereby criminals purposely leave ‘lost’ USB drives in public spaces in the hope that curious individuals will pick up the infected device and plug it into a workstation. We remind all users to be suspicious of any USB device they find, or indeed any that are given out as prizes or free gifts at events.
Cryptocurrency as the lure, an ISO as the attachment – why not open it?
|“You can’t move these days without bumping into words such as cryptocurrency, Bitcoin, coinminer and blockchain.
With Bitcoin’s value up more than 1000% in the past year, and with companies multiplying their share price simply by adding “Blockchain” to their names, you can see why these words are everywhere.
As you’ll have seen in many Naked Security articles, cryptocurrency is popular with cybercrooks, too.
Usually, cryptocurrency is the end, rather than the means of the crime, for example when crooks infect your computer with coinmining software to hijack your CPU to earn them money, or scramble your data with ransomware and demand that you pay them in cryptocoins to get it back…”
|Phishing emails are by far the single most common social tactic in use to cause a data breach or to for installing malicious software. It is so easy to click on an email link, which may have dangerous repercussions. All smartphone and computer users must understand the need for vigilance, and they must be on their guard at all times. This is fundamental 21st century personal security awareness, and this article includes some useful pointers for both systems administrators specifically regarding ISO file types; but also a reminder to all users, that if something doesn’t look and feel right, leave it alone!
Do you know how vulnerable your workforce is to phishing e-mails?
We are in the process of launching a brand new service – a Phishing Vulnerability Assessment – with the purpose of measuring the current cyber awareness of your workforce, and delivering targeted training to reduce your risk of exposure to this type of attack.
We will conduct a bespoke test e-mail phishing campaign carried out over a number of weeks, followed by a vulnerability report and training for your staff. Prices start at £499 for our most basic package based on a small business.
Interested? Please e-mail email@example.com for more information.
Click here for more information
To see our full list of exclusive services click here