NCSC releases 2022 Cyber Security Breaches Survey

Written by

The National Cyber Security Centre (NCSC) has released its annual ‘Cyber Security Breaches Survey’.

The survey is used to inform government policy on digital security, educate British businesses, and ensure UK cyber space remains safe.

Data collected across over 2,400 business and 850 charities produced some startling statistics concerning the ever-looming threat of cyber-attacks infiltrating UK businesses’ digital footprint.

The report discovered that 39% of UK businesses detected an incoming cyber-attack during 2021. Phishing attacks made up a fifth of all threats identified – the most frequent type of malicious attack.

Organisations also revealed that ransomware was being recognised as a serious digital threat with 56% of businesses stating they have installed or will be introducing a company policy to not pay ransoms to cyber criminals.

Whilst 58% of small and medium businesses disclosed to outsourcing their IT Support service, only 23% of surveyed businesses had a cybersecurity incident management strategy in place that is more advanced than a basic endpoint antivirus.

NCSC promote a blend of regular cyber security learning and training processes within your business to better inform the deployment of traditional cybersecurity software measures across all the organisation’s IT systems.

This multi-layered approach aims to counteract the report’s discovery that a lack of cyber technical expertise amongst UK businesses is to blame for threats going undetected.

Similarly, a company-wide policy of digital hygiene erodes the false assumption that managed cybersecurity strategies are a cost to the business rather than a strategic, protective investment.

31% of business admitted being attacked at least once a week showing that any weak link in an organisation’s cyber defence can have grievous financial implications.

To mitigate this, we recommend organisations follow the NCSC’s guidance and adopt Cyber Essentials and Cyber Essentials +. The scheme requires businesses to meet or exceed an assured set of security requirements each year to protect against common forms of online crime, technology dangers and digital threats.

It is estimated that a Cyber Essentials certification can reduce your organisation’s risk of a cyberattack by 98.5% – contact Lineal to assist with your organisation’s application and to help you meet the requirements for a successful certification or re-certification today.

easyJet Hit by Cyber Attack

Written by

Popular short-haul airline easyJet has been hit by a cyber attack, affecting around nine million customers.

In a statement, easyJet says that a “highly sophisticated cyber-attack” discovered in January 2020 compromised email addresses and travel details of roughly nine million travellers. For 2,208 customers, credit card information was also accessed.

No further detail has yet been publicised as to the nature of the breach, although the company stated that it had “closed off unauthorised access”.

The bad news comes at a difficult time for airlines, as air-travel has declined dramatically in the wake of Covid-19 restrictions. When faced with a similar situation in 2018, British Airways received a large financial penalty of £183m from the Information Commissioner’s Office.

The airline are making contact with all affected customers warning extra vigilance towards ‘unsolicited communications’, due to the heightened risk of phishing attempts from criminals masquerading as easyJet who may have gained access to customers’ personal details.

Under new GDPR guidelines introduced in 2019, it is mandatory that breached organisations report to the UK Information Commissioner’s Office (ICO), who are currently investigating.

 

For cybersecurity and IT Support expertise, please contact Lineal today.

Yahoo data breach compromised all 3 billion accounts

Written by

Yahoo has disclosed that all 3 billion Yahoo accounts were compromised in 2013, rather than the 1 billion previously reported.

The once powerful search engine, which was breached in 2013, only reported the impact on its security failure in 2016. Now under the ultimate ownership of Verizon Communications, the company believes that anyone with a yahoo email address, Flikr credentials or other account details for a Yahoo service pre-dating 2013 was put at risk.

Fresh evidence of the scale of the breach was unearthed by Oath, Verizon’s subsidiary which recently merged Yahoo and AOL into a media battalion it hopes can help combat the ever consolidated global power of Google, and bigger second-tier competitors Bing and Baidu.

Compromised user data includes names, email addresses, telephone numbers, dates of birth, and in some cases passwords or private security questions/answers. Financial data, such as card or bank information, held on separate systems, were not affected.

Users are strongly advised to change passwords, including those of accounts on other platforms which may use similar credentials.

Although Yahoo took decisive action to secure the breached accounts – forcing all users to changes their passwords, Yahoo’s very late disclosure of the data breach itself was widely condemned by the technology community, and was ultimately responsible for it’s $350m discounted valuation upon acquisition by Verizon. The Guardian reports that Yahoo itself is also currently facing 43 class action lawsuits over the security failing.

Under new UK General Data Protection Regulation (GDPR) rules, set to come into force next year, all UK companies (or those dealing with personal data from the EEA) must notify users within 72 hours of being made aware of a data breach – with strict penalties expected to be levied against breached companies which fail their statutory data protection duties.

 

For cybersecurity assistance and IT Support, please contact Lineal today.