Cyber in the news

Fines of up to £17m launched for uk firms with poor cyber-security

Bbc lock

BBC News

Frankies thoughts:

Companies that fail to protect themselves effectively from cyber-attacks will face fines of up to £17m, the UK government has announced.

Energy, transport, water and health companies are expected to have 'the most robust safeguards'.

Regulators will be able to inspect cyber-security at such companies, under a new government directive.

In August last year, former Digital Minister Matt Hancock said imposing the fines would be a "last resort".

At the time, the penalties were part of plans subject to a consultation that has now been completed.

"We want our essential services and infrastructure to be primed and ready to tackle cyber-attacks and be resilient against major disruption to services," said the current Minister for Digital, Margot James.

Guidance for companies working in the relevant sectors has been published by the National Cyber Security Centre.

The government said the new rules would be effective from 10 May and cover breaches including disruptive ransomware outbreaks, such as the WannaCry attack that hit many NHS facilities in May 2017.

"With so many nations, including the UK, now relying on digitalisation, hackers may look to cause mass disruption by targeting critical national infrastructure," said Jens Monrad, at cyber-security company FireEye.

"This could be systems, which the UK government and citizens rely on, like healthcare systems, water supply and electricity."

Mr Monrad added FireEye had recently detected new strains of malicious software designed to manipulate industrial safety systems.

'They've hijacked my website' - Kiwi's business website taken over by apparent Islamic extremist hacker group

Scczen 310116splhacked1 620x310

View original article

Frankies thoughts:

The thought of having a website or business taken down by a hacker or hacking group is a chilling thought in itself, let alone having it attacked by an extremist hacker group.

A New Zealand woman, Ms Crystella, has had her business website "hijacked" by an apparent Islamic extremist hacker group, which replaced her site with photographs including ones depicting Isis flags. Ms Crystella said when she first noticed the hack, there was a timer on the page, which she worried could be linked to videos of Isis beheadings. Police told her the site needed to be "shut down immediately", because it posed a security risk, and quizzed her for 45 minutes asking "thorough" and "specific" questions.

Last June a number of Australian websites were targeted by the group, with one report claiming thousands were hacked in a single day. Australia's biggest car mechanic group, Ultratune, was hacked in May last year by the same group, in a hijacking which appeared to be making a statement about the conflict in the Middle East.

Embracing Cyber Risk Management

Pdf bg

View original article (PDF)

Frankies thoughts:

Check out this fantastic article from our friends at Delta Insurance, released as a feature from their thought leadership series.

The article provides a real world view of the predominant risks facing New Zealand SMEs, such as simple daily threats like malware, viruses and scams. With the rise of cloud computing we have seen strong cost savings come online applications for many small businesses, however this often comes at the compromise of data security.

The article also provides an overview of the legislation in New Zealand, the gaps in traditional insurance products, risk management strategies and the overall rise and relevance of Cyber Liability Insurance

NZ businesses lagging in data security – survey

Usb drive

View original article

Frankies thoughts:

If a hacker is determined to get into a company's systems, it is hard to stop them.

The Price Waterhouse Coopers (PWC) survey found 43 percent of New Zealand respondents said their employee records had been compromised. In comparison, the global figure is 29 percent.

A new report suggests New Zealand organisations are lagging behind the rest of the world when it comes to privacy and internet security.

Computer hacker steals Kiwi's money before his eyes


View original article

Frankies thoughts:

New Zealand had the fourth-highest number of cyber-attacks in the Asia Pacific region last year. Whether it is at home, or at the office, our connectedness with the internet these days means that we are at risk whenever and however we engage with every day life.

Tips for cybersecurity:

  • Make sure you're using not just strong passwords but unique ones.
  • Use longer passwords - sentences are good.
  • Check permissions and privacy policies before downloading an app.
  • Always change default log-in details and passwords.
  • Keep passwords updated.
  • Use security software and make sure it's up to date.
  • Don't click on suspicious links even if posted from friends or family.
  • Only input personal or bank info into a website you know is genuine.
  • But when all else fails, be sure that you have an adequate safety net in place should the worse occur so that you are not exposed.

Why Cyber, Why Now


View original video

Frankies thoughts:

Check out this great video featured on Insurance Business TV. It provides a more holistic view around the rise of cyber insurance, and why an SME should now expect his broker to discuss cyber insurance as a very real risk prevention strategy. The video covers a range of topics including how Cyber insurance is not new but has become increasingly relevant, especially with new legislation in place.

Hacked! Business bank accounts vulnerable to cybercriminals

Frankies thoughts:

Cybercriminals took an average $32,000 from small business accounts that they hacked in 2015, according to a December survey of owners by the advocacy group National Small Business Association. What is really scary is that businesses don't have the same legal protection from bank account fraud consumers have.

Whether a business is protected depends on the agreement it signs with a bank, says Doug Johnson, a senior vice president with the American Bankers Association, an industry group. If the business hasn't complied with any security measures required by the agreement, it could be liable for the stolen money, he says.

Thieves are increasingly using realistic-looking emails to trick companies into transferring money from their accounts with what's known as wire transfers. Often, an employee receives an email purportedly from a company executive asking them to transfer the money from the company's account into a specific external account. If employees don't check to be sure the request is legitimate, they might go ahead and authorize a withdrawal.

Kiwi Companies Underestimating Risk of Cyber Attack


View original Article

Frankies thoughts:

A great article showcasing the NZ markets exposure to cyber threats and just what a business should consider when assessing its options for protection.

Key takeouts:

  • An anticipated one in every 300 (0.3%) businesses in New Zealand estimated to have cyber insurance in place
  • The majority of those that do have protection are large companies or companies that operate in the software industry who are very aware of the dangers.
  • There is a very real risk for any company that holds an electronic database with client information or operates an email system. A database could be hacked and private information can be accessed in an attack, leaving the business liable.
  • In terms of emails, a virus could be spread from a company's email system, and that company could be liable for the damage that does to others' systems.
  • The amount of insurance cover Kiwi companies need depends on their level of risk, the article says, "For a panel beater operating a private database and email, the minimum amount of $250,000 cover is probably adequate. However, for a company that operates entirely on a cloud system and that has revenue of $100million or more, that cover is going to have to be substantially higher. We know of a * handful of companies who buy a cyber-insurance policy with a $10million limit."

Cyber attacks biggest threat to NZ businesses


View original article

Frankies thoughts:

This article and video suggest that Cyber security is the third biggest risk to businesses however when the Prime Minister was asked recently, what's the biggest risk to New Zealand businesses, he said "cyber security".

The article provides a real world view of how Cyber impacts New Zealand businesses, showcasing Spark's network operations centre in Auckland and how it is attacked thousands of times each day, "on average, about 3800 attacks a day", says Colin Brown, general manager.