C
A
B
C
I
G
Internet of Things
IS FOR
F
F
D
E
G
G
H
H
I
I
MORE
J
K
L
Jail terms
J
K
L
M
N
P
O
F
Grant Thornton’s
cyber security services
cyber security services
B
C
A
D
E
Employees
the Dark web
Fake boss fraud
Cyber attacks
Assurance
'BYOD'
IS FOR
IS FOR
IS FOR
IS FOR
Paul Lipman, says that the mundane nature of many devices prevents them being properly protected, and smart connected devices are
highly susceptible.
highly susceptible.
What’s more vulnerable than a device containing your personal data? A network of interconnected devices. European vice president of cyber security at Nuvias Group, Ian Kilpatrick, says the Internet of Things (IoT) is a growing concern: “Driven by the convenience and benefits that IoT can deliver, the technology is being increasingly deployed by many organisations, with minimal thought as to the cyber security risks and potential consequences.” CEO of BullGuard,...
BACK
Want to find out more about digital risk?
Click here for more insights
Click here for more insights
M
Open doors
IS FOR
IS FOR
O
P
and the story makes local or even global news headlines.
With cyber-crime still on the rise, it’s no surprise that across the globe news headlines frequently feature major companies like Marriott, Equifax and Facebook who’ve suffered a cyber-attack. Failing to shore up your cyber defences can, at best, be costly and, at worst, threaten the very survival of a company. The direct financial hit that a business takes doesn’t account for the long-term reputational damage and loss of trust that it suffers when its systems are breached...
companies to conduct regular software updates to patch infrastructure vulnerabilities that could be creating cyber security loopholes.
Interestingly, two-thirds of businesses focus more effort on mitigating data privacy than on cyber security risks, according to Grant Thornton’s latest International Business Report (IBR) survey. And the majority (59%) are actively preparing for the next wave of privacy regulation. This comes as no surprise given the proliferation of data privacy regulation. But privacy is only possible if businesses ensure their security settings are up to date. Fraud prevention service Cifas advises...
Q
R
W
Y
X
Z
Your future
Vulnerabilities
Zero-day
V
Updates
TTPs
WannaCry
XCyber
U
S
Q
R
Supply chain risk
Risk management
N
News
H
Hacking
IS FOR
IS FOR
IS FOR
IS FOR
Instead of relying too heavily on software to fight digital threats, ramp up investment in digital risk skills for employees.
Businesses have ploughed billions of dollars into technology and software that promises to keep cyber threats at bay. Total global spend on antivirus software, for instance, will reach $3.77bn in 2019, according to market research group ARC . Companies might have sophisticated cyber security software, but that won’t prevent the human error that’s behind many cyber breaches. After all, it’s the human workforce that responds to phishing emails and installs unauthorised software...
Bring your own device (BYOD) is a growing trend in which employees use their own smartphones, tablets and laptops to access business servers and data. “Employees want to use the devices they are comfortable with,” says Mark Coates, EMEA AP at Dtex Systems. “By giving them what they want, companies will ultimately benefit.” The flexibility, IT cost savings and convenience of this strategy do, however, have to be weighed against the cyber security risk of connecting unsecured...
devices to a company’s system.
Can you rest in the knowledge that your organisation is safe from cyber attacks? The continuous development of new methods to connect and share information increases the chance of a cyber security threat, and cyber incidents are unpredictable and unforgiving. So protecting your intellectual property, your customer’s data and other business critical information is pivotal to your growth, innovation and reputation. Robust assurance includes assessing how effective your current...
systems are, identifying key cyber risks, reviewing third party risk management arrangements, complying with industry, regulatory and legal standards, and creating ongoing programmes to preserve and enhance your privacy and cyber security systems.
Hacking has even developed into a highly organised industry.
“The sophistication allows criminals to mount cyber attacks against huge numbers of organisations at very low cost,” adds technical manager at the ICAEW’s IT Faculty, Mark Taylor.
“The sophistication allows criminals to mount cyber attacks against huge numbers of organisations at very low cost,” adds technical manager at the ICAEW’s IT Faculty, Mark Taylor.
References
The number of cyber attacks causing losses in excess of $1m have increased by 63% during the past three years (1).
Cybersecurity Ventures (2) estimates the annual global cost of cyber attacks will hit $6 trillion by 2021, with companies set to spend in excess of $1 trillion on cyber security. According to the National Audit Office (3), 80% of all cyber attacks could potentially be avoided by exercising good cyber hygiene.
Cybersecurity Ventures (2) estimates the annual global cost of cyber attacks will hit $6 trillion by 2021, with companies set to spend in excess of $1 trillion on cyber security. According to the National Audit Office (3), 80% of all cyber attacks could potentially be avoided by exercising good cyber hygiene.
1. Global cyber-incidents soar by 63% in the last three years, Linklaters, January 2019
2. Cybercrime Damages $6 Trillion By 2021, Cybersecurity Ventures, 2018
3. The UK cyber security strategy: Landscape review, National Audit Office, 2013
2. Cybercrime Damages $6 Trillion By 2021, Cybersecurity Ventures, 2018
3. The UK cyber security strategy: Landscape review, National Audit Office, 2013
MORE
Part of the internet not visible to ordinary search engines, the dark
web requires the use of an anonymising browser to be accessed.
Despite many legitimate uses, it is overwhelmingly used for criminal activity. You can buy credit card numbers, counterfeit money, stolen subscription credentials and hacking kits.
web requires the use of an anonymising browser to be accessed.
Despite many legitimate uses, it is overwhelmingly used for criminal activity. You can buy credit card numbers, counterfeit money, stolen subscription credentials and hacking kits.
We have identified that business rather than technology issues are exposing companies to risk. We work with organisations across the globe to identify their cybersecurity needs and plan a response to the threats. We efficiently assess risk and help our clients manage it by improving culture, technologies and processes across the enterprise. In the event of a security incident, we can provide a rapid, practical response to get organisations operating securely again as fast as possible.
The term might be overused, but hacking – any unauthorised access to information, data or systems – remains a major threat. “People traditionally think of hackers with cyber tans, sitting in their bedrooms at two o'clock in the morning, trying to attack invisible organisations,” says partner at Grant Thornton LLP, James Arthur. “Now, hacking is often more sophisticated than just one individual trying to hack into one system.”...
1. Global Antivirus Software Market Growth (Status and Outlook) 2019-2024, Analytical Research Cognizance (ARC), February 2019
References
1. ‘Fake boss’ scams highlighted in Fraudstars awareness campaign, Get Safe Online
and Lloyds Bank, 2018
and Lloyds Bank, 2018
MORE
BACK
MORE
BACK
BACK
MORE
BACK
BACK
BACK
MORE
Want to find out more about digital risk?
Click here for more insights
Click here for more insights
Click here for more insights
Hacking kits
Liability insurance
IS FOR
IS FOR
IS FOR
Among 2018’s cyber sentences (1) were:
10 months: Briton Gavin Prince, for a revenge cyber attack against his former employer
5 years each: Ukrainians Inna Yatsenko and Gayk Grishkyan, for multiple attacks and extortion, including of a dating site
9 years: American Travon Williams, for leading a gang making fake credit cards from data bought on the dark web...
10 months: Briton Gavin Prince, for a revenge cyber attack against his former employer
5 years each: Ukrainians Inna Yatsenko and Gayk Grishkyan, for multiple attacks and extortion, including of a dating site
9 years: American Travon Williams, for leading a gang making fake credit cards from data bought on the dark web...
compromise your system or data, as well as potentially creating a back door so they can continue to exploit the company over the long-term.
On the dark web, hacking kits are often sold alongside user manuals
that guide people on how to use them against victims.
On the dark web, hacking kits are often sold alongside user manuals
that guide people on how to use them against victims.
12 years: Russian Vladimir Drinkman, for selling 160 million credit
card numbers
32 years: Briton Matthew Falder, for online torture of victims via the
dark web
card numbers
32 years: Briton Matthew Falder, for online torture of victims via the
dark web
Available cheaply on the dark web as well as through legal channels, hacking kits contain a variety of tools that a wannabe hacker might use to gain access to your system. Including items such as anonymity tools, carding software, keyloggers, wifi pineapples and malware, these are used to exploit weaknesses in your cyber security to gain access to confidential information. They can also be custom built to target particular software and databases, allowing the hacker to...
Designed to support your business if it experiences a data breach or is the subject of cyber attacks, liability insurance may include protection against cyber extortion, costs of investigating a breach and support to mitigate reputational damage. However, insurers often use different terms and inclusions and many claims end up being disputed.
Malware
References
1. Quarterly cybercrime digest: Sentencing, We live security, 2018
IS FOR
BACK
BACK
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Malware – malicious software – is designed to do damage.
“Cyber criminals create malware to exploit the vulnerability, to gain access to your systems, hold your data to ransom, or steal it. They may impersonate a well-known brand to deliver it via email, convincing you to click on a link or open an attachment,” says head of security at Xero,
Paul Macpherson.
“Cyber criminals create malware to exploit the vulnerability, to gain access to your systems, hold your data to ransom, or steal it. They may impersonate a well-known brand to deliver it via email, convincing you to click on a link or open an attachment,” says head of security at Xero,
Paul Macpherson.
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Quick response
BACK
IS FOR
IS FOR
IS FOR
IS FOR
IS FOR
IS FOR
IS FOR
IS FOR
IS FOR
S
T
Click here for more insights
Click here for more insights
Click here for more insights
Also commonly referred to as patching, one of the key tenants of any cyber security arrangement is ensuring that you run software updates. The majority of cyber attacks make use of known software exploits for which updates are available. For example, if all UK NHS Trusts had conducted software updates when advised, most of the world would never have heard of WannaCry.
XCyber is a cyber security firm focused on the human side of cyber attacks. Formed by a team with more than 200 years of cyber experience and leadership in the British government, it has advised law enforcement, intelligence and security services across the globe on cyber security and defence. It produces intelligence-led, data driven and evidence based reporting to provide insights organisations case use...
Cyber security can be one of the greatest risks to a business anywhere in the world. This is due to the damage cyber attacks can cause to a company’s immediate business capability and its reputation. The extent of the damage may depend on the size of the breach, how quickly and effectively the company is perceived to have acted, the number of stakeholders affected and the company’s pre-existing reputation...
No ransom was paid, but the government put the cost of WannaCry to the NHS at £92 million.
Its proprietary intelligence platform, Tsunami Buoy, is a key component in our covert imminent breach system (CIBS) subscription.
On 12 May 2017, the WannaCry global ransomware attack hit, locking down more than 200,000 computers in over 100 countries. Although not a specific target, the NHS was the UK’s biggest victim. Some 19,000 patient appointments had to be cancelled, with five A&E departments turning patients away until 19 May, when the NCSC and the National Crime Agency managed to halt the attack. It used a known exploit that the majority of NHS bodies had applied a patch against...
Having all the protections and systems in place to prevent a breach and mitigate any fallout is crucial for the longevity of your company.
A zero-day vulnerability refers to a cyber security hole in software that is unknown to its maker, or to antivirus companies. This means the vulnerability is also not yet publicly known, though it may already be known by cyber criminals who are quietly exploiting the flaw. Zero-day refers to the fact that developers have zero days to fix the problem once the vulnerability does become publicly known, at which point they have to work quickly to fix the issue and protect users.
No organisation wants to fall victim to successful cyber attacks.
Working out the impact of the immediate damage, worrying about what’s still to come, wanting to act but knowing it’s probably too late. Having good perimeter defences and effective controls are the foundation of good cyber security, but they are not a fail-safe. You also need to think about your response when there is an incident and who can help you when it’s really needed.
Working out the impact of the immediate damage, worrying about what’s still to come, wanting to act but knowing it’s probably too late. Having good perimeter defences and effective controls are the foundation of good cyber security, but they are not a fail-safe. You also need to think about your response when there is an incident and who can help you when it’s really needed.
As with all internal and external risks, this is something boards need to do as part of their overall risk strategy and not just assume their head of IT has it handled.
Cyber isn’t just a technical problem – it’s a risk that should be managed in a similar way to all other business risks. While it may not be possible to completely prevent risk, understanding how your organisation functions around technology, from hardware and data to people and business processes, will help identify particular areas of weakness...
Vulnerabilities exist in almost every computer environment, including in software, hardware and their human operators. Hackers are adept at identifying them with increasing ingenuity, across every manner of system. We are seeing double digit increases in overall system vulnerabilities, across every variant of device.
U
V
MORE
MORE
BACK
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Click here for more insights
T
IS FOR
Even if you think your supply chain and systems are secure, cyber criminals might choose to attack you through third parties. In 2014,
US retailer Target suffered a breach using network credentials stolen
from an HVAC vendor that compromised the data of more than 70 million customers, cost $18.5 million in settlements and led to the resignation
of its CEO.
US retailer Target suffered a breach using network credentials stolen
from an HVAC vendor that compromised the data of more than 70 million customers, cost $18.5 million in settlements and led to the resignation
of its CEO.
MORE
BACK
BACK
manager at the ICAEW’s IT Faculty, Mark Taylor. Some 53% of report respondents said they had experienced scammers posing as their CEO, with 8% having fallen victim to impersonation fraud. Data from Lloyds Bank reveals a 58% rise in reported impersonation frauds in 2018.
A 2018 UK report by Get Safe Online and Lloyds Bank (1) showed that 454,960 businesses had been hit by ‘fake boss’ scams, with SMEs losing an average of £27,000 when targeted. Using personal data to impersonate managers or business contacts, fraudsters contact staff asking them to transfer money. “The email will be carefully crafted. It may contain reference to some personal information – often gained from social media – to make it look genuine,” says technical...
MORE
Click here for more insights
Click here for more insights
Privacy
MORE
MORE
Tactics, techniques and procedures (TTPs) are the “patterns of activities or methods associated with a specific threat actor or group of threat actors,” according to the Definitive Guide to Cyber Threat Intelligence. Penetration testing is designed to simulate TTPs used by hackers in order to strengthen security postures and ensure greater resilience to
cyber threats.
cyber threats.
MORE
BACK
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
IS FOR
MORE
Click here for more insights
Open doors are parts of internet-facing infrastructure where personal information can be accessed by anyone who knows where to look.
Web pages and databases that contain personally identifiable information, that aren’t secure or encrypted, can be a veritable goldmine for cyber criminals.
Web pages and databases that contain personally identifiable information, that aren’t secure or encrypted, can be a veritable goldmine for cyber criminals.
BACK
MORE
References
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
Want to find out more about digital risk?
X
W
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Click here for more insights
Y
Z