Welcome to the first of our new monthly Cybersecurity Newsletter! Each month, we’ll keep you updated on the latest threats with a review of high-profile breaches.
This month, we’ll be looking at:
- Phishing Email Awareness – can you spot a phishing email address?
- Incident Response Planning – how not to handle a cyber attack
- Supply Chain Risk – information on recent high-profile attacks and what can be done to mitigate them
INCIDENT RESPONSE PLANNING – HOW NOT TO RESPOND TO A BREACH
Capita, a major provider of outsourced services to the public sector, suffered a cyber-attack in March 2023. Initially, they stated that the scale of the attack was “significantly restricted”, only affecting 4% of its IT systems.
Yet over the last few months, it’s come to light that the scale of the attack has affected up to 90 of their customers. To further compound Capita’s problems, client data was released onto the dark web.
- What is the scale of the attack?
- How much data has really been compromised?
- How can you confidently manage communications with affected clients and various Government entities?
By initially downplaying the impact of the attack, subsequent disclosures around its scale and impact have put Capita under increased scrutiny and criticism. This reinforces the important of incident preparedness, which should be an essential part of any security program.
Incident response planning was highlighted at a recent Infosec Conference and the advice was clear. Organisations should carry out desktop cyber incident response planning regularly. Why? So organisations actually know what to do rather than scrambling for documents that no one has properly read before.
The panel also noted the need to ‘normalise’ cybersecurity as a topic of discussion, encouraging open discussion across all areas of the organisation. Cybersecurity shouldn’t be the sole domain of a small number of specialists hidden within the IT department.
phishing email awareness – CAN YOU SPOT THE FAKE ADDRESS?
Take a look at the two email addresses below and see if you can spot the difference:
- maybank2u.com
- maybаnk2u.com
It illustrates a popular method that attackers use to try and get a phishing email to look legitimate. In this case, it’s by replacing letters such as ‘a’ with a character from the Cyrillic alphabet, which in this case, shows up as ‘а’.
It might seem obvious, but it’s worth reiterating the following:
- Be careful with any email that asks you to click on an attachment.
- Be extra vigilant for an email that looks legitimate and comes from a financial organisation or the Government.
If in doubt, use this simple rule:
If in doubt – don’t click on anything.
DOWNLOAD OUR CYBERSECURITY GUIDE
As our technologies and ways of working continue to evolve at a rapid pace, organisations must adapt alongside the newest advancements and place security at the top of their agenda to avoid falling victim to cybercrime.
Explore common security threats and discover handy ways to improve your organisation’s security posture in our consolidated guide to all things cybersecurity.
HOW CAN WE HELP
SUPPLY CHAIN RISK – WHAT YOU NEED TO KNOW
Boots, the BBC, Ofcom and British Airways are the recent victims of what’s called a supply chain attack. They compromise an organisation that is a critical component of other organisation’s operations. In this case, a piece of software called Moveit contained a previously unknown zero-day vulnerability that compromised the software.
As the name might suggest, Moveit is used to transfer computer files, and was utilised by a company called Zellis. In turn, Zellis was a trusted supplier of payroll services to the affected organisations, resulting in staff information like National Insurance numbers being stolen.
This isn’t the first time a supply chain has been breached. In 2020, a significant number of US Government organisations and companies were hacked with a Trojan. The source of the attack was a company called SolarWinds that provided network tools to its end customers.
One of its most popular products – Orion – was infected with the Trojan malware and, once it was past the defensive walls of the target organisations, it delivered its malicious payload. Described as one of the worst attacks in recent history (450 of the US Fortune 500 companies were infected), the original vulnerability has since been discovered. A weak password used by an intern on a secure server was enough to gain access.
By using this strategy, attackers reach their targets by exploiting the vulnerabilities of other organisations. Every organisation needs to be aware of the security stance of our suppliers, ensuring that they are implementing appropriate security measures. And, as the SolarWinds attack reminds us, poor cyber hygiene is the cause of as much as 80% of attacks.
NODE4 AND OUR SECURITY CAPABILITIES
Node4 provides a range of security services, from vulnerability scanning and Security Operations Centre (SOC) services to Incident Response, Dark Web scanning, and Governance and Compliance against recognised standards such as Cyber Essentials, ISO27001, and the NIST Cyber Security Framework.
As we have highlighted, Incident Response (IR) planning is critical, and Node4 provides IR services through its partner company S-RM. In the event of an attack S-RM will respond within 1 hour and can have specialist support on site, if required, within 24 hours.
Node4 also provides a Virtual Chief Information Security Officer (VCISO) capability, offering senior level support in planning and implementing appropriate policies, procedures, and technology to address a broad range of security scenarios. By ensuring that the appropriate security policies are in place, staff are aware of their own role in helping to keep the organisation secure by practising good cyber hygiene.
Interested in finding out how we can make your organisation cyber secure? Click the button below to contact us today.