Insecure Communications are Killing Your Business

Online fraud now accounts for over half of all fraud incidents in the UK retail sector as existing deterrents prove ineffective, according to new stats from the British Retail Consortium (BRC).

The BRC’s 2016 Retail Crime Survey revealed that 53% of all fraud in the industry comes from cyber, amounting to estimated losses of £100 million.

The survey also broke out separate stats for cybercrime, including hacking and data breaches, which it said accounted for 5% of the total direct cost of crime to retail businesses – or around £36m.
Hackers are operating from outside the UK with impunity, accessing IT systems remotely, but the report also pointed to an uptick in insider threats for nearly a third (29%) of members.

You may also have heard about the recent breach of a post-production studio resulting in the compromise of next season’s Orange is the New Black. “The Dark Overlord” claimed responsibility for the intrusion and attempted to extort Netflix for a significant amount of money. On Twitter, @thedarkoverlord suggested that other networks would have their shows released next. “Oh, what fun we’re all going to have,” the hacker said, “…we’re not playing any games anymore.”

In a statement, Netflix said: “we are aware of the situation. A production vendor used by several major TV studios had its security compromised and the appropriate law enforcement authorities are involved.

When a hacker really wants something, they will go the extra mile and conduct lots of research on the organisation before launching an attack. They will visit the website, make phone calls to employees and sometimes even meet individuals in person. Social engineering can provide a goldmine of information that an attacker will use before launching a campaign. Attackers will then send a legitimate looking e-mail “from” your boss or a system administrator hoping you will click a link or provide credentials. Most employees won’t pay attention to detail and notice that the domain name is actually one character off, and will respond because the boss just shot them a note. Hackers will leverage simple psychology when conducting these types of “sophisticated” attacks.

As an IT leader within your business, you might ask yourself “How can I prevent this from happening in my company and with my suppliers?” 

Well, enterprises are transforming their security strategies in 2017, moving away from prevention-only approaches to focus more on detection and response. The shift to a detection and response approach encompasses people, process and technology elements (incident hunting services and event monitoring tools). While this does not mean prevention is unimportant or that businesses should give up on preventing security incidents, it certainly puts companies’ detection and response capability under the spotlight. 

This is what I’m calling the “airport model” with an always-on, always available watchtower, available 24/7/365. Security controls are much stricter, and tightened when you want to reach specific areas (i.e. network segmentation, a multi-layered approach). In this model flaw detection and incident monitoring are paramount in order for a quick and efficiently, and the watchtower has to be able to propose a tailored answer depending on the specific threat. In IT, this is the security operation centre’s role, with dedicated teams capable of handling and managing cyber-crises.

It’s also very interesting to note how preventive security controls such as end point protection, firewalling, application security and intrusion prevention systems (IPSs) are being enhanced to provide more intelligence into security operations, analytics and reporting platforms, as this provide more actionable insights to SOC analysts. Dashboards also allow engineers to monitor a very high number of devices with a heat map for the highest priority areas that need service.

So in simple terms, the need to better detect and respond to security incidents in a timely manner is crucial, even vital, for your business. This is not only to comply with GDPR obligations, but above all to keep your business safe and trustworthy for your customers – because insecure communications are killing your business!