2017 – A great year for the hackers

Posted on : 29-12-2017 | By : Tom Loxley | In : Cloud, compliance, Cyber Security, Data, data security, FinTech, GDPR, Uncategorized

0

This year saw some of the biggest data breaches so far, we saw cover-ups exposed and ransoms reaching new highs.

Of course, it’s no secret that when it comes to cybersecurity this was a pretty bad year and I’m certain that there are many CIO’s, CISO’s and CTO’s and indeed CEO’s wondering what 2018 has to offer from the hackers.

That 2018 threat landscape is sure to be full of yet more sophisticated security attacks on the horizon. However, the big win for 2017 is that people have woken up to the threat, “not if, but when” has been finally been acknowledged and people are becoming as proactive and creative as the attackers to protect their companies. The old adage of “offence is the best form of defence” still rings true.

With that in mind we’re going to look back at some of what 2017 had to offer, the past may not predict the future, but it certainly gives you a good place to start your planning for it.

So let’s take a look at some of the most high profile data breaches of 2017.

Equifax (you guessed it) – No doubt you’ll have heard of this breach and because of its huge scale its very likely that if you weren’t directly affected yourself, you’ll know someone who was. This breach was and still is being highly published and for good reason. A plethora of litigation and investigations followed the breach in an effort to deal with the colossal scale of personal information stolen. This includes over 240 individual class-action lawsuits, an investigation opened by the Federal Trade Commission, and more than 60 government investigations from U.S. state attorneys general, federal agencies and the British and Canadian governments. More recently a rare 50-state class-action suit has been served on the company.

Here are some of the facts:

  • 145.5 million people (the figure recently revised by Equifax, now 2.5 million more than it initially reported) as its estimate for the number of people potentially affected.
  • U.K. consumers unknown. Equifax said it is still determining the extent of the breach for U.K. consumers.
  • 8,000 potential Canadian victims (recently revised down from 100,000).
  • High profile Snr leaders to leave since the breach. Former CEO Richard Smith retired (Smith is reported to have banked a $90 million retirement golden handshake), the chief information officer and chief security officer have also “left”.
  • There are an unknown number of internal investigations taking place against board members (including its chief financial officer and general counsel), for selling stock after the breach’s discovery, but before its public disclosure.
  • The breach lasted from mid-May through July.
  • The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
  • They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people

Uber – The big story here wasn’t so much the actual breach, but the attempt to cover it up. The breach itself actually happened 2016. The hackers stole the personal data of 57 million Uber customers, and the Uber paid them $100,000 to cover it up. However, the incident wasn’t revealed to the public until this November, when the breach was made known by the new Uber CEO Dara Khosrowshahi.

Uber has felt the impact of the backlash for the cover-up globally and on varying scales. From the big guns in the US where three senators in the US introduced a bill that could make executives face jail time for knowingly covering up data breaches. Right through to the city of York in the UK where the city voted against renewing Uber’s licence on December 23 due to concerns about the data breach.

Deloitte – According to a report from the Guardian in September earlier this year, a Deloitte global email server was breached, giving the attackers access to emails to and from the company’s staff, not to mention customer information on some of the company’s most high-profile public and private sector clients. Although the breach was discovered in March 2017, it is thought that the hackers had been in the company’s systems since October or November 2016. During in this period, the hackers could have had access to information such as usernames, passwords, IP addresses and architectural design diagrams. Deloitte confirmed the breach, saying that the hack had taken place through an admin account and that only a few clients were impacted by the attack

Now if I covered even half of the high profile cyber-attack cases in detail this article would look more like a novel. Plus, as much as I love to spend my time delighting you my dear readers it is Christmas, which means I have bad tv to watch, family arguments to take part in and copious amounts of calories (alcohol) to consume and feel guilty about for the next 3 months. So, with that in mind let’s do a short recap of some of the other massive exploits and data breaches this past year:

  1. Wonga, the payday loan firm suffered a data breach which may have affected up to 245,000 customers in the UK.
  2. WannaCry and Bad Rabbit, these massive ransomware attack affected millions of computers around the world including the NHS.
  3. The NSA was breached by a group called The Shadow Brokers. They stole and leaked around 100GB of confidential information and hacking tools.
  4. WikiLeaks Vault 7 leak, WikiLeaks exposed the CIA’s secret documentation and user guides for hacking tools which targeting the Mac and Linux operating systems.
  5. Due to a vulnerability, Cloudflare unwittingly leaked customer data from Uber, OKCupid and 1Password.
  6. Bell Canada was threatened by hackers with the leak of 9 million customer records. When the company refused to pay, some of the information was published online.
  7. Other hacks include Verizon, Yahoo, and Virgin America, Instagram…it goes on.

So, all in all not a great year but looking on the bright side if you weren’t on the wrong end of a cyber-attack this year or even if you were, there are plenty of lessons that can be learnt from the attacks that took place and some easy wins you can get by doing the basics right. We’ll be exploring some of these with our newsletter in 2018 and delving into the timelines of some of the more high-profile attacks that took place to help our readers understand and deal with the attack if they’re ever unfortunate enough to be in that situation. But if you can’t wait that long and want some advice now please feel free to get in touch anytime

 

The 2018 Broadgate Predictions

Posted on : 19-12-2017 | By : richard.gale | In : Predictions

Tags: , , , , , , , , , ,

1

Battle of the Chiefs

Chief Information Officer 1 –  Chief Digital Officer 0

Digital has been the interloper into the world of IT – originating from the Marketing Department through the medium of Website morphing into Ecommerce. The result was more budget and so power with the CDiO than the CIO and the two Chiefs have been rubbing along uncomfortably together, neither fully understanding the boundaries between them. 2018 will see the re-emergence of CIO empire as technology becomes more service based (Cloud, SaaS, Microservices etc) and focus returns to delivering high paced successful transformational change.

 

Battle of the Algorithms

Quantum 2 – Security 1

All the major Tech companies now have virtual Quantum computers available (so the toolkits if not the technology). These allow adventurous techies to experiment with Quantum concepts. Who knows what the capabilities are of Quantum but through its enormous processing power it will have the capability to look at every possible combination of events for a giving situation at once. That is great in terms of deciding which share to buy or how people interacting on Facebook but it will also have the potential to crack most current encryption mechanisms. Saying that it will enable another level of secure access too!

 

Battle of the Search Engines

Voice 2 – Screen 0

OK Google, Alexa, Siri…. There’s a great video of Google talking to Alexa on infinite loop. That’s all fun but in 2018 Voice will start to become a dominant force for search and for general utility. Effectively stopping what you are doing and typing in a command or search will start to feel a little strange and old-fashioned. OK in the office we may not all start shouting at our computers (well not more than normal) but around the home, car using our phones it is the obvious way to interact. This trend is already gathering momentum. VR and especially AR will add to this, the main thing holding it back is the fact you look like an idiot with the headset on. Once that is cracked then there will be no stopping it.

 

RoboWars – to be continued…

Robots 1 – People 1

AI and ‘robot process automation’ RPA are everywhere. Every services firm worth its salt has process automation plans and the hype around companies such as Blue Prisim is phenomenal.  This is all very exciting and many doomsayers have been predicting the end of most jobs (and some the end of most people!). Yes. Automation of processes is here. It’s been here for years – that is what most ERP (aka workflow) systems do. It makes absolute sense to automate mundane processes and if you can build in a bit of intelligence to deal with slight differences in the pattern then all the better. Will it result in the loss of millions of jobs… well maybe and probably in the short-term but once again, as every time in the past, technology will replace human endeavour whilst humans will be busy building the next creative, innovative wave.

 

The Lightbulb Moment

Internet 1 – Internet of Things 3

Is there anything left which is not internet connected? Two years ago, there were very few people that had any interest in communicating with a lightbulb – apart from flicking a light-switch. Now IoT connected lightbulbs appear be everywhere and the trend will grow and grow. The speed this happening is accelerating and the scope of connected devices is expanding beyond belief. Who would have thought we needed a smart hairbrush? This is all fine and will enrich our lives in ways we probably haven’t even thought about yet but there is a cost. We are allowing these devices to listen, see, control parts of our lives and the data they gather has value both for good and bad reasons. There is no ‘culture of security’ for IoT. Many of the devices are cheaply designed and manufactured with no thought towards security or data privacy. We are allowing these devices into our lives and we don’t really know what they know and who knows what they know. This may be a subtler change for 2018 – the securing of ‘the Thing’ – well lets hope so!

 

Welcome to our ESports Day

Call Of Duty 2 – Premiership Football 1

Sport is a big business. From Curling to Swimming to Indy Car racing it has a thousand differing forms, millions of participants and billions of armchair viewers. Top class athletes in a popular sport can earn millions of dollars a year both from performing and through product endorsements.

Video games have been popular for years. They started as single, two player games and now are worldwide multiplayer extravaganzas where you can battle, race or fight against people throughout the world. A number of superstars or EAthletes have emerged, first through winning competitions and then through youtube etc where their tournaments are recorded and watched again and again. This business has now broken the $1B mark – still way off ‘real’ sport but its growing massively and some point soon will become part of the mainstream.