Tackling Push Payment Scams

The Payment Systems Regulator (PSR) has announced an industry-wide action plan to tackle push payment scams. A push payment is where a bank or other payment service provider (PSP) is instructed to transfer money from a customer’s account to another account. When a customer gives consent for a transaction to be processed, it becomes an authorised push payment.

Push payment scams are the second biggest cause of payment fraud in the UK, claiming £100m from 19,000 people between January and June 2017 alone. Authorised push payment scams occur when customers are tricked into authorising payments to an account that doesn’t belong to their intended payee.

From a digital security perspective, authorised push payments scams are a type of man-in-the-middle attack. These attacks happen when digital communications between two systems are intercepted by an outsider. There are several forms of man-in-the-middle attack, but two are especially common.

Rethinking Cloud Storage Platforms for Business

In the rush to take advantage of the many benefits of cloud storage, organisations are failing to consider the legality and security of these solutions. Dropbox, OneDrive, BT Cloud, and Google Drive are used every day by millions of individuals and organisations around the world. However, entrusting the same third-party cloud storage provider with your holiday photos and your company’s intellectual property is often unwise. If you haven’t already, it is essential to stop and think about which platform is right for your data.

Location

Organisations must know exactly where their data will be physically stored.

One reason for this is because some data, such as personally identifiable information (originating from inside the EU), is subject to EU laws governing its storage and processing.

With the imminent arrival of the EU’s General Data Protection Regulations (GDPR) it has never been more important for your organisation to remain compliant when storing and transferring data. The regulations specify that personal data can only be transferred outside of the EU in compliance with the conditions for transfer. Fines for companies in breach of GDPR will be up to €20m or 4% of the organisations global annual turnover (whichever is greater). Getting this wrong could have serious and irrevocable consequences.

Cybersecurity Predictions for 2018 – Part Two

In the first part of our overall look at 2018 predictions, we determined six of the top 11 trends that were predicted for this year. In this second installment we will look at the remaining five overall topics that are expected to shake cybersecurity in 2018.

IoT Legislation
The Internet of Things (IoT) may be the most affected sector by the Meltdown and Spectre bugs, but it’s the legislation that many determine will be the biggest game changer. Gary Hayslip, chief information security officer of Webroot, said: “Legislation will require IoT manufacturers to be responsible for producing products without known defects.”

It is also predicted that the power of IoT will be felt by businesses in a repeat of the Mirai botnet activity. Paul Barnes, senior director product strategy at Webroot, predicted a mass IoT breach spanning consumers and businesses, but this time with little ability to remediate based on the attack disabling hardware and demanding a ransom payment.

In the first part of our overall look at 2018 predictions, we determined six of the top 11 trends that were predicted for this year. In this second installment we will look at the remaining five overall topics that are expected to shake cybersecurity in 2018.

IoT Legislation
The Internet of Things (IoT) may be the most affected sector by the Meltdown and Spectre bugs, but it’s the legislation that many determine will be the biggest game changer. Gary Hayslip, chief information security officer of Webroot, said: “Legislation will require IoT manufacturers to be responsible for producing products without known defects.”

It is also predicted that the power of IoT will be felt by businesses in a repeat of the Mirai botnet activity. Paul Barnes, senior director product strategy at Webroot, predicted a mass IoT breach spanning consumers and businesses, but this time with little ability to remediate based on the attack disabling hardware and demanding a ransom payment.

Cybersecurity Predictions for 2018 – Part One

Over the course of December and into the New Year, my inbox fills up with predictions for what 2018 will bring cybersecurity.

At the end of 2016 we assessed a whole host of industry predictions and determined 12 topics that would dictate 2017: skills gap, ransomware, poor routine IT practices, political disruption, CIO activities, social media attacks, AI, advanced cyber-criminals, GDPR, a cloud vendor compromise and better security collaboration.

Most of that came true, although the predictions on ransomware came nowhere close to the impact that WannaCry and NotPetya would come to have. So with an inbox bursting with predictions for 2018, I triaged all of the comments into 11 themes. In no particular order, here are the first six:

Ransomware
It is no surprise that this features so highly after 2017’s headlines. In terms of evolution, it was predicted that after the mass distribution we would see more targeted attempts, with Eric Klonowski, senior advanced threat research analyst at Webroot, predicting the first health-related ransomware targeting devices like pacemakers. “Instead of ransom to get your data back, it will be ransom to save your life.”

GDPR: The Silver Lining

ARE there four letters presently capable of generating greater fear and anxiety for organisations around the world than GDPR? Colin Tankard, managing director, Digital Pathways, seeks to alleviate those concerns

The majority of conversations surrounding the imminent arrival of GDPR – General Data Protection Regulation – strike a tone similar to the way citizens were prepared for nuclear Armageddon during the Cold War. But all is not what it seems; there are definite benefits to the GDPR and here are a few of them.

1. REDUCING DATA STORAGE COSTS
Before the digital era, businesses had a finite capacity for data storage. As filing cabinets looked ‘fit to burst’, it was time to assign non-useful or irrelevant documents to the shredder. The transition from hard to digital copy left the need to maintain ‘good housekeeping’ somewhat redundant with data very much out of sight, out of mind.

But storing data is costly, as is the storage of back-ups. It is estimated that over half of all information stored and processed by organisations has an unknown commercial value, with at least a third estimated to be redundant, obsolete or trivial!

GDPR: new warning about data security, including job applications

There’s a new warning being issued for estate agents and all other businesses to ensure they are prepared for the General Data Protection Regulation, coming into effect on May 25 this year.

GDPR will impact how agents collect data from prospective clients in-branch, over the telephone, and how they communicate with portal leads. In practical terms it means that communications can only contain information a client specifically consents to receive.

GDPR replaces the 1998 Data Protection law and aims to protect individuals and organisations against data breaches by reducing risks which could allow data to be exploited by hackers or others. The law will apply across the EU and will take effect in the UK irrespective of the Brexit referendum and negotiations.

Bluetooth: How Vulnerable Are You?

Serious Bluetooth vulnerabilities, affecting Android, Linux, Windows, and iOS users, were announced this September. Discovered earlier in the year, the public announcement was postponed to provide vendors time to introduce security patches for their software.

The 8 identified vulnerabilities have been collectively named BlueBorne due to the nature of these attacks happening ‘over the air’ as opposed to over the internet. Blueborne allows attackers to take control of devices that have Bluetooth enabled and run malicious code without the knowledge of the device’s owner. Worryingly, a hacker only needs to exploit one device to penetrate further into a network or spread to other devices.

Securing email is essential

Colin Tankard, Managing Director, Digital Pathways, examines why email is now such an essential communications and collaboration tool for both employees and consumers

According to the Radicati Group, there are currently more than 3.7 billion people using email on a worldwide basis, which it estimates will grow to more than 4.1 billion by the end of 2021. Part of this growth is anticipated to come from the migration of premise-based mailboxes to those based in the cloud.

The development of email was a revolution in communications. As a result, email has become the single most used application for the typical corporate user and is the primary method for sending information in and out of an organisation.

European Move to Increase Liability of Online Platforms

Proposed new European regulations seek to place an unprecedented onus on online platforms to detect copyright infringements.

The move comes as part of wider consultations on the EU’s Digital Single Market strategy.

What is being proposed?

Article 13 of the proposed directive on copyright in the Digital Single Market addresses the use of protected content by online services. Should the regulations go ahead, online service providers, which host and make large amounts of user-uploaded work available, will have greater responsibility for monitoring and filtering this content. This would affect ISPs, social media sites, and other hosting and sharing platforms.

Content filtering a potential challenge in digital single market

The proposed digital single market directive is intended to harmonise e-commerce and copyright throughout the European Union, but concerns have been raised over the technological impact this would have on UK industry

Cloud storage providers often use encryption to protect their users’ content, which could hinder content filtering. “Dropbox and other cloud storage providers talk about their content being encrypted as it is going into store,” says Colin Tankard, managing director of Digital Pathways. “So the ability to actually scan that content for any licence infringement becomes impossible.”