The latest report from the National Cyber Security Centre (NCSC) and National Crime Agency (NCA) highlights the growing number of cyber-attacks against UK businesses over the last 18 months.

Among other things, the report found that 2017 was the year of ransomware attacks, massive data breaches, and supply chain threats.

The WannaCry ransomware attack that hit organizations across the globe last May spread quickly due to its use of a self-replicating worm. Over 300,000 devices were infected across 150 countries, with services knocked off worldwide, including the NHS. This attack proves that cyber-attacks designed to self-replicate and spread can have a detrimental impact on business operations and result in serious costs, from the remediation efforts, repairing reputational damage, and regaining public trust after the fallout.

 

The NCSC recommends that you do the following to protect against ransomware attacks:

  • Deploy critical security patches as soon as possible
  • Deploy an always-on antivirus solution that scans new files
  • Conduct regular vulnerability scans and action critical results
  • Implement application whitelisting technologies to prevent malware running on hosts
  • Implement a policy of least privilege for all devices and services
  • Establish configuration control and management

 

The report also found that the sheer volume of data breaches continued to rise throughout 2017. Many of these breaches were executed with very simple techniques like exploiting unpatched vulnerabilities and conducting spear phishing campaigns. Many of the large-scale breaches were found to have been linked to state actors- sometimes described as advanced persistent threats (APTs). Organizations will soon face a harsh reality with the enforcement of the General Data Protection Regulation (GDPR) in May 2018 if they fail to prevent data breaches from happening within their organization.

Yahoo admitted in October 2017 that all 3 billion of its customers had been impacted by the 2013 data breach. Equifax disclosed in September that the information belonging the 145 million US and 700,000 UK Equifax customers was compromised by attackers after a security vulnerability was ignored by the company for over 2 months. Verizon’s data belonging to 14 million customers stored in the cloud, controlled by a third party provider, was exposed to anyone who could guess the web address. But the worst has to be Uber. Uber was forced to admit that it deliberately covered up a year old data breach by paying hackers nearly $100,000 to destroy the data belonging to the 57 million accounts they had stolen.

 

The NCSC recommends that you do the following to prevent your organization from suffering from a data breach:

Protect Endpoints:

  • Use up-to-date and supported operating systems and software
  • Deploy critical security patches as soon as possible
  • Implement application whitelisting technologies to prevent malware running on hosts

Protect the Network:

  • Use firewalls and network segregation to protect services
  • Deploy an always-on antivirus solution that scans new files
  • Perform regular vulnerability assessments against both internal and external services to scan for any insecure configuration

Protect the Information:

  • Implement a policy of ‘least privilege’ for all devices and services
  • Use multi-factor authentication to protect sensitive information
  • Ensure that all services are protected by strict authentication and authorization controls
  • Use password managers to help prevent password reuse between systems
  • Implement a practical monitoring and alerting service

 

 

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies LLC
Rivers Lodge
West Common
Harpenden
Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute Now Certified
Copyright 2018, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.