Cyber Round-up for 8th March
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
- Marriott Breach has Cost $28m to Date
- What Do You Mean No More Passwords?
- Cyber-attacks Expected to Undermine Western Elections
- Do You Know Your Cyber Terms?
- What Would You Do if You Suffered a Breach?
Marriott Breach has Cost $28m to Date
In their quarterly earnings call last week, the Marriot have reported a total net income of $2.2 billion for 2018, but during the call also disclosed that the huge data breach that occurred in late 2018, has so far cost them a whopping $28 million.
Of this $28 million, $25 million is understood to have been covered by their insurance.
The data breach that hit the news in November 2018 originally reported that the personal details of 500 million customers had been compromised and was a result of malicious actors hacking the Starwood chains network for more than four years.
The ongoing investigation found that the real figure was approximately 383 million, but this still stands as one of the largest single data breaches to date.
According to Marriot the investigation into the security incident has now completed, they believe that impact to the company has been limited and that customer loyalty does not appear to have been affected. Lucky Marriot, others have not been so fortunate.
According to this post by SecurityWeek, some believe that attack was the work of state sponsored actors working for the Chinese government, and that the goal was less likely to be for financial gain, and more targeted at espionage.
What Do You Mean No More Passwords?
In an effort to rid the world of the dreaded password dilemma, the World Wide Web Consortium (W3C) has this week approved the new Web Authentication API standard (called WebAuthn) which will allow users to login to websites without the need of a password.
WebAuthn will enable strong authentication for web applications, through the use of public-key crypto-based credentials, which will effectively remove the need for passwords.
This new API is already supported in common operating systems and browsers such as Windows 10, Android, MS Edge, Firefox and Chrome.
Cyber-attacks Expected to Undermine Western Elections
In his speech earlier today, Jeremy Hunt, the UK Foreign Secretary, has warned that Western democratic elections are an easy target for foreign regimes, and that trust in the democratic process has been undermined.
Although he said that there was no current evidence of any interference in UK elections to date, he is calling for economic and diplomatic sanctions to be enforced in response to any such attacks.
Mr Hunt said:
“At a minimum, trust in the democratic process is seriously undermined.
But in a worst-case scenario, elections could become tainted exercises, robbing the governments they produce of legitimacy.
The greatest risk of all is that a hostile state might succeed in casting a permanent cloud of doubt over an entire democratic system.”
Although not proven, China, Russia, Iran and North Korea are all thought to have been involved with state sponsored cyberattacks in recent times. Numerous attacks have been blamed on North Korean state hacking groups, including the WannaCry Ransomware attack, and the launch of the destructive ‘Olympic Destroyer’ malware, that came close to bringing down the opening ceremony of the 2018 Winter Olympics held in South Korea.
Russian groups on the other hand have been blamed for a number of high-profile attacks against the Ukraine (the Nyetya destructive ransomware attack) and of course the 2016 US Presidential elections.
Mr Hunt believes that Nations involved in such attacks should be ‘named and shamed’ and that they should pay a heavy price, that includes prosecution, for any interference.
What is clear is that Government’s that use online ballot services to cast electoral votes, need to be doing more to protect these systems, and ensure that security is at the forefront during their development and operation.
Do You Know Your Cyber Terms?
Cyber Security is a complex place to live in, it is an ever-evolving landscape of challenges, that changes on a daily basis, and is difficult for the seasoned professional to keep up with.
Just keeping up with and understanding the acronyms and terms associated with Cyber can be daunting.
With this in mind, we have put together a Cyber Glossary that provides an A to Z list of the common terms you might come across in your security travels. Each term comes with a brief and simple explanation to help you with your understanding.
We post periodic updates to the glossary so you can always check in later for new additions.
What Would You Do if You Suffered a Breach?
Data and network breaches are becoming common place, making regular appearances in our everyday news. These days no one is exempt from being a target, as everyone has valuable data that can be used or sold by cybercriminals.
Ask yourself, do you think you are doing enough to protect your systems, users and data? And if you were breached, would you know what action to take?
If the answer is No to either of these why not attend the webinar ‘You have been breached. Now what?’ and find out how Cisco Umbrella and Cisco AMP for Endpoints, can help you not only build strong defensive layers against cyber threats, but how they can be used to quickly respond in the event of a breach.
Sign-up using the link below.
And that’s it for this week, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #32 – 8th March 2019
Ironshare – Security Simplified