THE TIBERIUM BLOG - recent events, threats, and all things cyber

Cyber Attackers: Are they are coming for the SME’s?

When exactly did cyber-attacks become part of normal everyday life? I don’t think that there is an exact answer to that question. The main stream media only focus on attacks involving large household brands and they don’t really ever report on smaller companies, which in makes them a much easier target for hackers, and when you look at it you give them exactly the same amount of data.

There has been a huge spike in attacks recently. A large part of this is due to more people working remotely and companies being forced into giving more access to their systems to accommodate these remote users. In the case of Twitter back in July a teenager was able to access the back-end systems and take control of some of the worlds more influential celebrities. He did this by sending an email fully loaded with malware and a Twitter employee opened it up. The scary thing is this happens all the time.

Websites such as Firefox Monitor and keep an up to date track of beaches all over the world. Here is some example so some recent hacks that the mainstream media has not reported on.

Aug 22- Live Auctioneers – Passwords, IP Addresses, Email Addresses

Aug 19 – Utah Gun Exchange – Passwords, IP addresses, Email Addresses

Aug 6 – ProctorU – Passwords, Phone Numbers, Email Addresses, Physical Address

July 27 – Dave – Social Security Numbers, Phone Numbers, Email Addresses, Dates of Birth, Physical Address

Jul 19 – Wattpad  – Passwords, IP Addresses, Email Addresses, Dates of Birth, Gender, Geographic Location, Full Names, Social Media Profiles, Usernames

(source Firefox Monitor)

That is just the tip of the iceberg.

Let’s look at Wattpad in a little more detail, the user-generated stories website suffered a huge data breach that exposed almost 270 million records. The data was initially sold then published on a public hacking forum where it was broadly shared.

The incident exposed extensive personal information including names and usernames, email and IP addresses, genders, birth dates and passwords stored as bcrypt hashes. The amount of data people trusted Wattpad with is incredible – dates of birth, gender, geographic location, full names, social media profiles. Whoever has this data could easily steal someone’s identity using this amount of information.

I have never heard of Wattpad until 2 minutes ago, it took researching this blog for me to know this attack ever happened. Shocking really!

What can companies do better to secure your data?

  1. EDUCATION – I say it in bold because it is the single biggest thing a company can do! At the centre of most attacks is human error, whether it’s opening an email attachment or mis-configuring a firewall. Education needs to start for the top down
  2. Cyber Essentials – the clue is in the name! Cyber Essentials is an official UK wide, government-backed certification that helps companies guard against the most common cyber threats and reduce your risk by at least 80%. It also allows you to demonstrate your commitment to cyber security to your customers. As Tiberium is a IASME Certification Body we can help you achieve this glorious certification
  3. Penetration Tests – They don’t have to be expensive, and reduces the likelihood and cost of breach! A penetration is performed by somebody like me who is a trained hacker that wants to help you by showing you the gaps in your security
  4. Do an internal audit of all your IT. Look at what equipment does what for your business. Anything with Windows 7 or older, bin it, buy something new. Make sure that you have installed all the latest security patches, and that somebody like Tiberium oversees and monitors your vulnerability status making sure that you’re always patching when new updates arrive

Investing time in cyber security for your environment reduces the likelihood of a successful attack, simple as. Just because you might not make headline news, you will probably make social media and that will have more reputation impact to your company than any ICO fines ever could.

If you’re intrigued and want to take control of your cyber security posture, do so by contacting us or request a demo where we can show you your current cyber risk expose level.

Share on: