Cyan Approved to Join NCSC Cyber Information Security Partnership (CiSP)

Cyber threats are at an all-time high, and as cybercriminals become increasingly sophisticated and threats continue to rise, organisations across the globe are becoming more and more susceptible to very serious potential cyber-attacks.

In recent years, a multitude of new and evolving cybersecurity threats have put businesses in varying industries on high alert. Increasingly complex cyber attacks involving malware, phishing, machine learning, artificial intelligence and cryptocurrency have placed the data and assets of many businesses at risk.

New Membership with CiSP

Because the safety of your information is at the forefront of everything we do, we are delighted to announce that we have been approved to join the National Cyber Security Centre (NCSC) Cyber Security Information Partnership (CiSP).

A cyber threat does not become a managed organisational risk until it is fully understood, and at Cyan, you can be guaranteed that we understand the significance of cyber risks and how to prevent them from creating a catastrophic outcome. Good situational awareness is key to managing cyber risks, and as an approved member of CiSP, we will have the full backing and regulated support to be able to ensure cyber threats to the businesses we support are significantly reduced.

In order for Cyan to have become a recognised member of CiSP, we have gone through a process of being vetted, and sponsored, which has led to us being successfully approved. Our sponsors is the highly regarded and skilled UK South East Regional Organised Crime Unit.

What Are the Benefits of CiSP To Your Business?

In recent years, there have been a number of notable attacks on both large and small-scale organisations, with some high-profile cases taking the limelight. A particular spate of cyber-attacks had detrimental effects on the political frontier, and more importantly, the government.

This particular incident was the 2017 attack on Managed IT Service Providers (MSP’s) that was conducted through popular platforms such as Gmail and Twitter (to name but a few) on which sensitive and confidential information was leaked. Following on from this targeted attack, the NCSC, which is part of the Government Communications Headquarters (GCHQ), recommended the following crucial advice to organisations who outsource their IT:

“Organisations who outsource IT infrastructure are recommended to have an open dialogue with their provider and to understand what model they use to manage your services. If their model is unsatisfactory, the organisation should demand that they change it immediately.”

The NCSC recommends that MSP’s who are unwilling to work closely with customers, or are reluctant to share information, should be treated with extreme caution. They also advise that having an independent audit of your MSP is critical for security management – “an organisation that neglects such monitoring is unlikely to ever be able to effectively manage the risk.”

This reinforces the importance of being a member of CiSP. We will get early warnings of cyber threats, such as the above, meaning we can manage and prevent an entire host of potential cyber threats from actually happening to the businesses we work with.

How Will Cyan Help My Business Benefit from CiSP?

As briefly touched upon above, there is a massive benefit to you in that Cyan will always be alerted of potential cyber threats, meaning that we can act fast and take preventative measures. Some other key benefits as detailed by CiSP are:

  1. Engagement with industry and government counterparts in a secure environment
  2. Early warning of cyber threats
  3. Ability to learn from experiences, mistakes, successes of other users and seek advice
  4. An improved ability to protect your company network
  5. Access to free network monitoring reports tailored to your organisations’ requirements

From the above list provided by CiSP, point 4 refers to Cert-UK Network Reporting Service (CNR). To be described in a nutshell, CNR is a free but intellectual service that can scan for any signs of potential network abuse events (such as cyber threats or potential attacks) and vulnerable network services. These searches are conducted on an organisation’s Internet-facing services so that all possible threats can be picked up and dealt with effectively. As we’re now a member of CiSP, we are able to offer this excellent and comprehensive network protection service to all of our valued existing and future clients.

Here to Serve You

By providing enterprise-class IT solutions and exceptional support to businesses, our professional team of IT specialists, consultants and advisors are passionate about cybercrime and ensuring that your business doesn’t face what many others have to.

We work closely in partnership with businesses like yours to deliver tailored technology solutions, provide expert advice, and above all, offer comprehensive IT support. The fact that we are now members of CiSP adds another string to our bow and will help us to serve your business with the utmost professionalism and industry understanding. To find out more about the services we offer or if you’d like to know more about our new membership with CiSP and what this means for your business, please get in touch.

What Is Ransomware and How Should I Protect My Business?

With more and more business transactions taking place online, it’s vital that you have the correct and preventative measures in place to protect your business from cyber-attacks. One form of cyber-attack that has been on the rise in recent year is ransomware. But what exactly is it?

Ransomware is malware that demands some form of payment from an individual or business in order to recover control of their computer or data. Most commonly, when it comes to personal attacks, the attacker will encrypt personal files on the victim’s computer in a way that means they cannot be opened unless the victim has access to the decryption key. Thus, access to the decryption key is what the attacker wants the victim to pay for. In other cases, such as in a business setting, the attacker may threaten to publicise or leak sensitive information that could be detrimental to business.

A Spike in Ransomware

Based on data from a report by California-based cybersecurity firm, SonicWall, findings revealed that in the first 6 months of 2019, ransomware was on the up. Here are some key findings:

  • Ransomware volume was up 15% globally
  • Encrypted threats spiked 76%
  • IoT malware attacks were up 55%
  • Malware attacks across non-standard ports dipped 13%
  • With bitcoin value spiking, crypto-jacking volumes were up 9%

What’s more worrying is that the firm reported; “The UK has been the biggest target for ransomware attacks for the first half of 2019 with the number rising 195%, as compared to the 59% reduction in attacks of the same kind in 2018, it has been claimed.”

They went on to say that “Almost half of all infected businesses in the UK now opt for paying the ransom.” This is the main reason that ransomware has spiked. In addition, with more businesses taking out cyber insurance, there is a higher chance that a business will just fall back on their cyber insurance policy and let their insurance provider pay-out, making ransomware a lucrative business for attackers.

High-Profile Attack

In recent cases of ransomware, Travelex is among one of the more high-profile cases. On New Year’s Eve 2019, hackers launched their attack on the Travelex network. As a result, the company took action by taking down its websites across 30 countries to, in their words, contain “the virus and protect data”. The way in which Travelex handled this attack really highlights the importance and need for a good business continuity plan (BCP) should the worst happen.

But despite ransomware being a lucrative venture for hackers, it’s not just large companies like Travelex that are being hit. In relation to this, Simon Bond, CEO of Cyan, says; “Unfortunately, it has become more common for cyber criminals to develop and use sophisticated tools to target the vulnerabilities of smaller businesses.”

“These vulnerabilities are caused due a range of system issues such as technical glitches, unpatched software, or by hardware that hasn’t been configured properly. However, the most common of the vulnerabilities tend to involve employees who use weak or compromised passwords, or inadvertently click on something that opens the business up to an array of issues.”

Glyn Cheesman, IT Security Manager at Cyan, believes many cyber criminals know that SME leaders may not truly understand the impact and importance of cyber security. He goes on to say, “We live in an age where cyberattacks continue to evolve, and of course there is a threat to businesses of all sizes, but it’s particularly more challenging for small to mid-size businesses. It’s therefore critical for companies to understand the risks and work on developing strong risk-mitigation strategies to lessen the devastating impact of cyber threats and attacks.”

How Do I Protect My Business?

The best thing you can do to protect your business and colleagues is to cyber insure your business. Insuring against cybercrime and data risks means you’re protected against new and existing threats, but with cyber insurance, your business will you will also receive help with the practicalities of getting experts to restore systems, recreate data and deal with any demands being made where data is stolen.

Additionally, you can carry out some good business practice to prevent cyber-attacks, which include but are not limited to:

  • Ensuring access control is in place. Restricting user access can limit the extent of the encryption to just the data owned by the affected user. Often, employees can have access to data that’s not relevant to their role. Therefore, it’s crucial to re-evaluate the permissions placed on shared network drives regularly in order to prevent the spreading of ransomware. System administrators with high levels of access should always strive to avoid using their admin accounts for email and web browsing.
  • Backing up your data. Organisations should ensure that they have thoroughly tested backup solutions in place whether controlled in house or externally. But remember that backed up files should not be accessible by machines that are at risk of encountering ransomware. Remember that backups should not be the only protection you have in place against ransomware; the implementation of adequate security practices will mean not getting ransomware in the first place.

To Pay or Not to Pay: What to Do If You Are Held to Ransom?

The general advice is not to pay if you or your business are held to ransom. However, it is likely that in some cases, insurers will pay out on your behalf depending on the specific circumstances. The reason businesses are advised not to pay out is because there is no guarantee that the attacker will provide the decryption key and/or not sell or publish any company sensitive information.

Almost half of all infected businesses in the UK now opt for paying the ransom, but if you do find yourself in that situation, immediately report the incident to your IT helpdesk. In addition, report the attack to the authorities and your cyber insurance policy provider.

Top Tips to Protect Your Business Against Ransomware

It may not happen, but it’s always better to have preventative measures in place should your business encounter ransomware. There are a few ways to do this, including:

  • Implement an incident response plan to help identify, respond and recover from an attack. This will include the steps you plan to take should your business encounter an attack.
  • Ensuring there are strong technical and administrative controls in place with security control frameworks.
    • A secure and robust Internet connection
    • Secure/password-protected devices and software
    • Robust access control measures in place
    • Updated virus protection software
    • Keep your devices and software up to date

For further advice and to discuss implementing robust and secure security measures, get in touch.

The End of Life for Windows 7

Windows 7 end of life

On 14th January 2020, Microsoft will officially ‘end the life’ of support for Windows 7 and Windows Server 2008 (including 2008 R2); a change that will pose a significant challenge for many businesses throughout the UK.

Not only does 2020 mark the beginning of a new decade, but it also commemorates the end of an era for Windows 7 and Server 2008. Not so long ago, these trusted operating systems were one of Microsoft’s most popular, so much so, that many businesses still use them on a daily basis.

But what exactly does end of life mean for small and medium-sized enterprises (SMEs)? Well, if you continue to use these operating systems after support has ended, your systems will still work, but will become considerably more vulnerable to security risks and viruses. As SMEs represent 99% of all businesses in the UK, there’s potential for a significant number of companies to be effected.

Assessing the Risks

In a nutshell, this rather significant operating system end of life means no more bug-fixes, security patches or new functionality. In addition, Microsoft customer service will no longer be available to provide technical support and related services will also be discontinued over time.

This considerable change, therefore, may cause concern for existing users as the risk of running systems beyond 14th January means that computers and data can become vulnerable to exploitation, hackers and bugs, to name but a few.

Vulnerabilities can be very dangerous as attackers can more easily comprise unpatched systems. Once compromised, the attacker can gain control of the system to steal information and potentially launch further attacks on other IT systems within an organisation’s network.

When an operating system becomes end of life, the vendor will no longer release security updates or patches to remediate any discovered vulnerabilities. This leaves systems at serious risk of being compromised.

Is Your Company at Risk?

It’s vital to assess the risks to business before deciding what action needs to be taken – and, in this case, both the likelihood and impact need to be determined. To achieve this it’s essential to consider the following:

  • Does the system contain business-critical and/or confidential data?
  • Does the system contain any sensitive data such as personally identifiable information?
  • Does the system support a business-critical process?
  • Will running an end of life operating system be in non-compliance of:
    • GDPR
    • PCI
    • Supply chain agreements
    • Insurance policies
  • What would the cost be to the business if the system was compromised?
  • Would the reputation of the business be damaged if the system was compromised?
  • Is the system exposed to the internet, if so, can this be limited or removed completely?
  • Has the user(s) of the system received adequate security awareness training?
  • Do we have the capabilities, including the skills and knowledge to manage the risk?

Once the likelihood and impact have been determined, it’s then about calculating the risk. If the risk is low, it should then be recorded in a risk register and treated to reduce the likelihood of it occurring.

Managing the Risks

At CYAN, we believe that the best option and one that should always be considered before anything else is to terminate all risks by upgrading operating systems to a supported operating system before the end of life date. Which in this case, is 14th January.

However, in some cases, it may be necessary to run a system with an operating system beyond its end of life date. This could be due to several reasons, from budget constraints to a dependency on a legacy application that requires a specific version of an operating system version in order to work. If this is the case, the risk should be assessed and treated to reduce the likelihood of the system being compromised.

But it’s important to note that this should only be a short-term measure while measures are put in place to upgrade to an updated operating system. We know that business survival during a huge change such as this requires having a strong IT security strategy in place.

Effectively Treating Risks

At CYAN, we balance our intricate knowledge of IT with a personal approach to understanding the businesses and people that use it every day. And so, to reduce the likelihood of the risk occurring when Windows 7 or Server 2008 reach end of life, multiple techniques and controls can be applied to treat the risk. There are a number of ways in which this can be done:

Reducing the Attack Surface

Removing all unnecessary applications from the system and only allowing signed and trusted applications to run can effectively reduce the risk. Additionally, isolating the system to a tightly controlled security zone and limiting exposure to the internet can also help to decrease the attack surface.

Applying Patches

First of all, it’s important to know what patches are in the IT realm. A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. So, by applying the final update and security patch from Microsoft, as well as continually keeping all required applications up to date, can significantly treat risks.

Implementing Strong Technical Controls

Use a comprehensive endpoint security solution to protect against malware and unauthorised access and harden the system by disabling unrequired services and system features. Not sure where to start? Speak to us for expert help and advice.

Control Access

You can also prevent access by removing unused accounts and restricting access on a need to know basis. Using strong passwords and multi-factor authentication can also be highly effectively when it comes to watertight access control.

Backup and Event Logging

Regularly performing backups as well as enabling event logging to a safe, secure and restricted location is vital to contain, eradicate and recover from a security breach.

Security User Awareness Training

Within a business, it’s vital to practice safe clicking and carry out regular security awareness training and measure its effectiveness with all members of the team. This is of the utmost importance when it comes to the end of life of operating systems such as Windows 7.

The Next Steps…

While end of life operating systems will continue to work after their end date and additional techniques and controls can be applied to reduce the likelihood of the system being compromised, it’s best practice to terminate the risk by upgrading the system to a supported operating system before the end of life date.

This means the end of regular security updates which puts any system running Microsoft Windows 7 or Server 2008 beyond 14th January 2020 at serious risk. Businesses that use these systems and that have failed to update to newer systems are at risk of severe and very dangerous security breaches.

Skill and Knowledge for The Steps Ahead

It’s worth noting that to manage the risks involved in such a drastic change will require skilled resources and additional time and effort, which isn’t always something that can be carried out within a small or medium sized business. And much like any massive business change, the cost of managing the risk should be weighed up against terminating the risk by upgrading the system to the next available operating system. You might just find that it’s more cost-effective, and ultimately, will be far safer for the business to simply upgrade the operating system.

At CYAN, we have seen security threats from outdated operating systems, unpatched vulnerabilities, and various other security breaches. The longer your company waits to update systems, the bigger the risk becomes of a potentially costly and nasty attack. Please don’t wait any longer, get in touch to find out more about how we can help you with a safe and speedy upgrade.

Wherever your organisation goes after Windows 7, upgrading should be done in a measured and controlled way, and certainly not rushed at the last moment without careful consideration of the impact to business.

IT Security Strategy: What You Need to Know

Most businesses are critically dependent on the internet. Survival means having a strong IT security strategy in place. The hacking of telecommunications giant Talk Talk in 2015 reminds us that it’s not just smaller businesses that are at risk either.

The Government has taken steps to build a national cybersecurity strategy and this acknowledges that threats can come from many different sources: foreign governments or state sponsored actors, terrorists, hackers, hacktivists concerned about a particular issue, and even insiders, people who work for a company and who have a grievance of some sort.

Protecting your business has never been more important or more challenging. Having the right tools and processes in place is key if you want to stay safe.

How to Develop an IT Security Strategy

The digital landscape has become increasingly complicated over the last couple of decades. Businesses will not only operate online through portals and third-party sites but use tools such as social media to market their services and products. On top of that, they will have key IT requirements within their office environment that need solutions. Many will use remote working and promote collaboration and better communication through cloud-based services.

All this means that there is no clearly defined, one-size-fits-all IT security strategy for modern businesses.

1. Understand What You Have

The first major step to developing the appropriate IT security strategy is defining what you are trying to protect in the first place. Yes, you may have lots of customer and employee data but what about documents relating to your business such as your plan for the future or a new product you are intending to bring onto the market?

To make sense of everything, you need to understand what each asset is and clearly define its value to your business.

2. IT Security Risk Assessment

The next part of the process is to look at the current state of your IT security in relation to these assets and whether it fulfils its purpose. A risk assessment looks at a range of different aspects of your business, including the software you have in place, who has access to data, what they do with it when they are using it, and what protocols other than digital that you have in place to ensure security.

3. Elements of Strong Cybersecurity

The Government has produced a useful infographic (download here) relating to IT security which includes 10 steps all businesses and organisations should be taking:

  1. You need to implement a risk management regime that allows you to regularly review your cybersecurity processes.
  2. You must protect your network from attacks using anti-virus software and other technological solutions.
  3. You need a process in place to educate users and build awareness through activities such as staff training and the production of easy to follow practices (such as having a definitive password policy for your business).
  4. You need to establish anti-malware practices and defences to protect your business like having the appropriate software and educating staff on threats such as phishing emails.
  5. You need to limit or control the use of removable media such as flash sticks which can hold malware.
  6. You need to update your systems when a new patch or update is available and ensure they are configured properly across your whole business.
  7. You should carefully manage user privileges particularly for parts of your network that have access to sensitive data.
  8. Your business should have a process in place for handling any breach incidents or disaster recovery and be able to test these plans. If you lose data for whatever reason, being able to get up and running again may be vital to the survival of your business.
  9. Your business also needs to have in place a system or protocol for monitoring your IT and cybersecurity, producing reports and understanding if you are at risk of attack.
  10. You need to develop a policy for home and mobile working especially if you advocate using BYOD. Your company needs to create a secure baseline for all devices and build this into its cybersecurity activity.

While many businesses will be able to implement some of these measures, it can be challenging to get them all in place. That’s why it’s important to work with an IT and cybersecurity specialist to make sure all the bases are covered.

At Cyan Solutions, we have the teams in place who will be able to help you develop a robust IT security strategy that will safeguard your business now and in the future. Contact us today to find out more.

Cybercrime Is On The Increase

 

Businesses have been facing a growing threat from data breaches, ransomware and supply chain weaknesses in recent years. According to the annual report of the National Cyber Security Centre, the number of cyber-attacks on UK businesses increased in the last year and is only expected to continue to rise.

Cybercrime is a very real issue that businesses today must address and protect themselves against, especially with the newly introduced General Data Protection Regulations (GDPR) that took effect in May this year. IT infrastructures and systems are continuing to grow and evolve rapidly and the more technology systems a company has, the more potential there is for a security breach.

Cybercriminals are continually finding new and innovative ways to hack IT systems and to keep your business safe; it is essential to stay one step ahead.

The growing cybercrime problem

Cybercrime among businesses is a growing issue, with almost half of UK firms being hit by a cyber breach or attack in the last 12 months. Organisations of all sizes are under threat from cybercriminals, with firms that hold personal data the most likely to be a target for cybercrime. These cyber-attacks can come in many shapes and sizes, and cybercriminals are getting more intelligent in carrying out these attacks subtly and quickly.

The most common types of attack from the last 12 months were fraudulent emails, closely followed by viruses and malware. In 2017, The Cyber Security Breaches Survey identified that nearly seven in ten large businesses came under a security breach or attack during the year, and these attacks cost each firm an average of £20,000.

It is no secret that cybercriminals are targeting businesses across the UK on a daily basis, and this threat is continuing to grow. A serious security breach can not only be costly to a company but also have a significant impact on customer confidence, and many big brands have been hitting the headlines recently for being victims of massive data breaches. Dixons Carphone recently admitted a considerable data breach where 5.9 million customer bank cards and 1.2 million personal records were compromised, resulting in the most significant data breach ever in the UK.

GDPR and cybercrime

In May 2018, the new General Data Protection Regulations (GDPR) came into effect, in a bid to protect customers personal data and help individuals have more control over how and where their personal data is used and stored. The new regulations mean there are some drastic changes for businesses, as there is now a much higher level of responsibility for how customer data is stored and managed.

The main impact on businesses in the UK from GDPR is the vast fines that can be enforced should a data breach occur. Following a data breach, a firm can either be fined €20 million or 4 per cent of their global turnover, whichever is higher.

Compared with the previous fines, this is a considerable increase and could land a lot of small businesses in trouble should a data breach occur. In 2016 TalkTalk was fined £400,000 for a security breach that gave hackers access to their customer’s data, today that fine would have been a huge £59 million under GDPR.

With the risk of fines that are large enough to put many companies out of business and the increase in security attacks on businesses in recent years, it is more important than ever to make sure your data and security are safe and protected.

How to protect your business from cybercrime

In this day and age, no matter what size your business is or what industry you operate in, someone will try to steal your data, use your systems to spread viruses or hold your computers for ransom. Smaller companies are often considered better targets for cybercrime, because cybercriminals expect them to have weaker security systems in place, and they probably have a point.

Smaller businesses often have less money to spend on protecting themselves than their larger counterparts, but cybersecurity is a vital investment. It can be a struggle to know where to start, especially if you aren’t an expert in the IT. Technology systems are becoming increasingly complex, making protecting them from attackers ever more challenging.

Enlisting the help of an expert such as Cyan for your businesses computer and data security needs is beneficial and well worth the extra money involved. A professional in the field of cybersecurity will be top of the game and the first to know about new viruses and issues, giving them the ability to stay one step ahead of the cybercriminals and implement security patches before a breach has the chance to occur.

It is also vital to remember that under GDPR you are also responsible for how all your chosen suppliers and providers handle your customer’s data. When employing third-party companies to run systems or software for you, be sure to understand exactly how they are working to protect themselves from cybercrime. You could have the best cybersecurity in the world, and if one of your external suppliers doesn’t keep the same standard, you can still be at risk of a cyber attack or data breach.