Tackling Push Payment Scams

The Payment Systems Regulator (PSR) has announced an industry-wide action plan to tackle push payment scams. A push payment is where a bank or other payment service provider (PSP) is instructed to transfer money from a customer’s account to another account. When a customer gives consent for a transaction to be processed, it becomes an authorised push payment.

Push payment scams are the second biggest cause of payment fraud in the UK, claiming £100m from 19,000 people between January and June 2017 alone. Authorised push payment scams occur when customers are tricked into authorising payments to an account that doesn’t belong to their intended payee.

From a digital security perspective, authorised push payments scams are a type of man-in-the-middle attack. These attacks happen when digital communications between two systems are intercepted by an outsider. There are several forms of man-in-the-middle attack, but two are especially common.

Cybersecurity Predictions for 2018 – Part Two

In the first part of our overall look at 2018 predictions, we determined six of the top 11 trends that were predicted for this year. In this second installment we will look at the remaining five overall topics that are expected to shake cybersecurity in 2018.

IoT Legislation
The Internet of Things (IoT) may be the most affected sector by the Meltdown and Spectre bugs, but it’s the legislation that many determine will be the biggest game changer. Gary Hayslip, chief information security officer of Webroot, said: “Legislation will require IoT manufacturers to be responsible for producing products without known defects.”

It is also predicted that the power of IoT will be felt by businesses in a repeat of the Mirai botnet activity. Paul Barnes, senior director product strategy at Webroot, predicted a mass IoT breach spanning consumers and businesses, but this time with little ability to remediate based on the attack disabling hardware and demanding a ransom payment.

In the first part of our overall look at 2018 predictions, we determined six of the top 11 trends that were predicted for this year. In this second installment we will look at the remaining five overall topics that are expected to shake cybersecurity in 2018.

IoT Legislation
The Internet of Things (IoT) may be the most affected sector by the Meltdown and Spectre bugs, but it’s the legislation that many determine will be the biggest game changer. Gary Hayslip, chief information security officer of Webroot, said: “Legislation will require IoT manufacturers to be responsible for producing products without known defects.”

It is also predicted that the power of IoT will be felt by businesses in a repeat of the Mirai botnet activity. Paul Barnes, senior director product strategy at Webroot, predicted a mass IoT breach spanning consumers and businesses, but this time with little ability to remediate based on the attack disabling hardware and demanding a ransom payment.

Cybersecurity Predictions for 2018 – Part One

Over the course of December and into the New Year, my inbox fills up with predictions for what 2018 will bring cybersecurity.

At the end of 2016 we assessed a whole host of industry predictions and determined 12 topics that would dictate 2017: skills gap, ransomware, poor routine IT practices, political disruption, CIO activities, social media attacks, AI, advanced cyber-criminals, GDPR, a cloud vendor compromise and better security collaboration.

Most of that came true, although the predictions on ransomware came nowhere close to the impact that WannaCry and NotPetya would come to have. So with an inbox bursting with predictions for 2018, I triaged all of the comments into 11 themes. In no particular order, here are the first six:

Ransomware
It is no surprise that this features so highly after 2017’s headlines. In terms of evolution, it was predicted that after the mass distribution we would see more targeted attempts, with Eric Klonowski, senior advanced threat research analyst at Webroot, predicting the first health-related ransomware targeting devices like pacemakers. “Instead of ransom to get your data back, it will be ransom to save your life.”

GDPR: The Silver Lining

ARE there four letters presently capable of generating greater fear and anxiety for organisations around the world than GDPR? Colin Tankard, managing director, Digital Pathways, seeks to alleviate those concerns

The majority of conversations surrounding the imminent arrival of GDPR – General Data Protection Regulation – strike a tone similar to the way citizens were prepared for nuclear Armageddon during the Cold War. But all is not what it seems; there are definite benefits to the GDPR and here are a few of them.

1. REDUCING DATA STORAGE COSTS
Before the digital era, businesses had a finite capacity for data storage. As filing cabinets looked ‘fit to burst’, it was time to assign non-useful or irrelevant documents to the shredder. The transition from hard to digital copy left the need to maintain ‘good housekeeping’ somewhat redundant with data very much out of sight, out of mind.

But storing data is costly, as is the storage of back-ups. It is estimated that over half of all information stored and processed by organisations has an unknown commercial value, with at least a third estimated to be redundant, obsolete or trivial!

GDPR: new warning about data security, including job applications

There’s a new warning being issued for estate agents and all other businesses to ensure they are prepared for the General Data Protection Regulation, coming into effect on May 25 this year.

GDPR will impact how agents collect data from prospective clients in-branch, over the telephone, and how they communicate with portal leads. In practical terms it means that communications can only contain information a client specifically consents to receive.

GDPR replaces the 1998 Data Protection law and aims to protect individuals and organisations against data breaches by reducing risks which could allow data to be exploited by hackers or others. The law will apply across the EU and will take effect in the UK irrespective of the Brexit referendum and negotiations.

Securing email is essential

Colin Tankard, Managing Director, Digital Pathways, examines why email is now such an essential communications and collaboration tool for both employees and consumers

According to the Radicati Group, there are currently more than 3.7 billion people using email on a worldwide basis, which it estimates will grow to more than 4.1 billion by the end of 2021. Part of this growth is anticipated to come from the migration of premise-based mailboxes to those based in the cloud.

The development of email was a revolution in communications. As a result, email has become the single most used application for the typical corporate user and is the primary method for sending information in and out of an organisation.

Content filtering a potential challenge in digital single market

The proposed digital single market directive is intended to harmonise e-commerce and copyright throughout the European Union, but concerns have been raised over the technological impact this would have on UK industry

Cloud storage providers often use encryption to protect their users’ content, which could hinder content filtering. “Dropbox and other cloud storage providers talk about their content being encrypted as it is going into store,” says Colin Tankard, managing director of Digital Pathways. “So the ability to actually scan that content for any licence infringement becomes impossible.”

Predictions for the Data Security Market in 2018

November 2017 by Colin Tankard, Managing Director of data security company, Digital Pathways

2017 was another year of major data loss and hacks. These breaches have increased pressure on business and individuals alike, to clearly focus on the importance of securing data. Whether the warnings are heeded, remains to be seen.

Colin Tankard, Managing Director of data security company, Digital Pathways, offers the following 10 predictions for the cyber market in 2018.

1. A major cloud player will be shut down for 24 hours due to a cyber attack and data loss. This will trigger users to question their existing providers as to levels of encryption, where are the keys held and who in the cloud organisation has access to the keys? This will see the growth in third party security services such as Bring Your Own Key (BOYE) will be the mantra, as companies will no longer trust a single cloud vendor and will spread their data around a number of providers to lower the overall risk of data outage.

2. IOT security will remain weak, even with the launch of light encryption. This will be due to manufacturers still using old chipsets that have security flaws.

Uber Disaster: Here We Go Again

The revelation that the data of some 57 million Uber customers and drivers has been leaked, with the company then paying the hackers $100,000 to delete the data and keep quiet about it, has come as yet another ‘nail in the coffin’ to the data security strategies employed by business – both large and small.

Not only did Uber’s systems allow such a hack, they failed to disclose the breach.

Says Colin Tankard, Managing Director of data security company, Digital Pathways, “ Well, here we go again! This seems to be some kind of ransom attack and of course, under the forthcoming GDPR regulations (due to take effect in 2018) such a breach would cost the company dear, some 4% of their global turnover.

Uber Disaster: Here We Go Again!

The revelation that the data of some 57 million Uber customers and drivers has been leaked, with the company then paying the hackers $100,000 to delete the data and keep quiet about it, has come as yet another ‘nail in the coffin’ to the data security strategies employed by business – both large and small.

Not only did Uber’s systems allow such a hack, they failed to disclose the breach.