IBS Journal January 2018

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

IBS Journal January 2018

29

to sustained cyber-attacks. The report, The FTSE 100: Targeted Brand Attacks and Mass Credential Exposures, executed by Anomali Labs also revealed that: five of the FTSE 100 companies had more than 1,000 credential exposures, access to these enable cyber criminals to harvest and misuse additional credentials and company data and that the banking sector accounted for a quarter (23%) of the total exposed credentials

“Our research has uncovered a staggering increase in compromised credentials linked to the FTSE 100 companies. Security issues are exacerbated by employees using their work credentials for less secure non-work purposes. Employees should be reminded of the dangers of logging into non-corporate websites with work email addresses and passwords.

“Companies should invest in cyber security tools that monitor and collect IDs and passwords on the Dark Web, so that staff and customers can be notified immediately and instructed to reset accounts,” said Colby DeRodeff, chief strategy officer and co-founder at Anomali.

For the second year, the vertical hit hardest by malicious domain registrations was banking with 83, which accounted for 23%. This is double that of any other industry. To avoid a breach, banks will have to be more accountable and adopt a stronger cybersecurity posture for themselves and to protect the partners and customers they directly impact.

“Monitoring domain registrations is a critical practice for businesses to understand how they might be targeted and by whom. A threat intelligence platform can aid companies with identifying what other domains the registrant might have created and all the IPs associated with each domain.

“This information can then be routed to network security gateways to keep inbound and outbound communication to these domains from occurring. No one is 100% secure against actors even with the intent and right level of capabilities. It is essential to invest in the right tools to help secure every asset, as well as collaborate with and support peers to reduce their risks to a similar attack,” said DeRodeff.

Research from Intercede has revealed that UK businesses are playing Russian Roulette with our information, by continuing to rely on the one security method that is the exploit target in the majority of today’s hacks and data breaches – the humble password.

According to Intercede’s research: • 86% of those individuals responsible for managing computer systems (those with ‘system administrator’ access) within major UK companies use only the most basic username and password authentication to access and protect their main business account on-site

• 17% of the respondents to the survey fail to even use complex passwords – something consumers are continually warned about.

Greg Day, vice president, Palo Alto networks

• Half of UK companies admit that business user accounts in their organisation are ‘not very secure.’

• The retail sector is the worst culprit for playing fast and loose with security – 92% of those with systems administrator access at retailers are still using passwords as the primary form of access, followed by manufacturing (82%).

• Just a quarter of companies in the financial services sector are using alternative, more secure, methods including virtual smart cards and PINs.

The 2017 Verizon Data Breach Investigations Report, which has some fascinating information on the current state of financial security, and offers some best practice tips for FS organisations, had the following key findings:

• 24% of all breaches affected financial organisations.

• 37% of breaches in the financial services sector involved privilege misuse.

•Denial of Service (DoS) attacks were most common incidents for the FS sector, with 45% of incidents involving an attack of this kind.

• Confirmed data breaches were often associated with banking Trojans stealing and reusing customer passwords, along with ATM skimming operations.

“ 86% of individuals who

manage computer systems within major UK companies use only the most basic authentications

www.ibsintelligence.com

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44