Tackling the Man in the Middle Attack

The Payment Systems Regulator (PSR) has announced an industry-wide action plan to tackle push payment scams.

Push payment scams are the second biggest cause of payment fraud in the UK, claiming £100m from 19,000 people between January and June this year alone. The consequences can be devastating for individuals and businesses alike. So far, financial organisations, including banks, PayPal, and WorldPay, have returned just £25m to victims of these scams. Read more

Predictions for the Data Security Market in 2018

November 2017 by Colin Tankard, Managing Director of data security company, Digital Pathways

2017 was another year of major data loss and hacks. These breaches have increased pressure on business and individuals alike, to clearly focus on the importance of securing data. Whether the warnings are heeded, remains to be seen.

Colin Tankard, Managing Director of data security company, Digital Pathways, offers the following 10 predictions for the cyber market in 2018.

1. A major cloud player will be shut down for 24 hours due to a cyber attack and data loss. This will trigger users to question their existing providers as to levels of encryption, where are the keys held and who in the cloud organisation has access to the keys? This will see the growth in third party security services such as Bring Your Own Key (BOYE) will be the mantra, as companies will no longer trust a single cloud vendor and will spread their data around a number of providers to lower the overall risk of data outage.

2. IOT security will remain weak, even with the launch of light encryption. This will be due to manufacturers still using old chipsets that have security flaws.

Read more

Uber Disaster: Here We Go Again

The revelation that the data of some 57 million Uber customers and drivers has been leaked, with the company then paying the hackers $100,000 to delete the data and keep quiet about it, has come as yet another ‘nail in the coffin’ to the data security strategies employed by business – both large and small.

Not only did Uber’s systems allow such a hack, they failed to disclose the breach.

Says Colin Tankard, Managing Director of data security company, Digital Pathways, “ Well, here we go again! This seems to be some kind of ransom attack and of course, under the forthcoming GDPR regulations (due to take effect in 2018) such a breach would cost the company dear, some 4% of their global turnover.

Read more

BYOE: New kid on the block

The cloud has opened up incredible opportunities and efficiency for businesses. However, with these opportunities there is also an increase in security risks. How can you be sure your data is safe in the cloud?

traditional ways of protecting data, such as passwords, firewalls and other defensive strategies are no longer enough. For greater protection, encryption protects your data from being accessed by anyone without the corresponding key.

Cloud service and storage providers have been keen to demonstrate their commitment  to securing their customers’ data. This is why many offer cloud encryption as part of their service. Read more

Are passwords the weakest link to your data security?

Removing the Barriers to Two-Factor Authentication

It shouldn’t come as a surprise that passwords are the weakest security for authentication. Organisations cannot afford to rely on passwords alone as their primary method for verifying user access to their crucial systems and data.

In the quest for greater protection from ever-increasing threats, digital security hasn’t always been centred around the needs and convenience of the individual user. It is often a hindrance for users to remember complex passwords that conform to specific conditions, or to change their password every three months. Read more

Why is patching a problem for so many organisations?

The root cause of most digital security breaches is unpatched software with known vulnerabilities.

A vulnerability is like a back door in which hackers and cyber-criminals can access your systems. Once inside, your data is in their hands.

The WannaCry ransomware attack, is a recent example of a known vulnerability being exploited to great effect. This attack locked affected users out of their information, demanding payment to return access to their files. As with most ransomware attacks, paying the ransom is not a guarantee the files will be unlocked. Read more