Tag Archives: Cyber Attacks

Professional Liverpool – An Introduction to the Dark Web with Aabyss

The World Wide Web has transformed our world completely beyond recognition. From communicating via email, shopping and streaming videos, performing business transactions with clients online and more, the Internet and its associated technologies has given people and businesses so much to greatly benefit from.

There is also a disturbing side known as the Dark Web. This is the darker and mysterious side of the Internet, making it a dangerous and illegal haven for criminal activity, including hackers with the intent of causing cyber crimes, and even malicious attacks to businesses through viruses, trojans, ransomware and malware.

Attendess at this month’s Professional Liverpool Dark Web breakfast event at Avenue HQ.

Earlier this month, I attended a networking breakfast event organised by Professional Liverpool. Held at Avenue HQ in Liverpool and hosted by Aabyss Limited, the event featured a talk from Phil McGowan of Datto on what the Dark Web is, and of how it poses a threat to businesses. This also included a live demonstration of a simulated ransomware attack on a virtual system. Working in technology, I was intrigued by the topic as I found it to be mind-blowing, interesting, thought-provoking, and at times disturbing to learn about. I also sensed the other attendees felt similar too!

Phil gave a brief overview of the Dark Web, by describing how it can be used by hackers. Listening carefully, I gleamed several interesting facts about the Dark Web, of which I have included some below.

  1. With the Dark Web, this has seen the proliferation of ransomware.
  2. Over an estimated 6 million people use the Dark Web.
  3. As well as malware and ransomware, illicit services can be purchased for reasons of committing cyber and other crimes.
  4. No skills are required to be a hacker.
  5. Cyber attacks through malware and ransomware are rampant and is an increasing cause of downtime for businesses.
  6. £500 million in ransoms was paid by businesses affected by ransomware in 2018.
  7. Within the Dark Web, there are hacking companies who are getting more sophisticated with their techniques.
  8. In the UK, the average cost of downtime for businesses is £7000 per hour.
  9. Even though more data has moved to the cloud through SaaS (Software as a Service) it is still vulnerable.

From all the above, this paints a terrifying picture of the threats posed to businesses by ransomware. With personal and other sensitive data at risk from many security threats, this is also compounded by the fact that there are no simple solutions or silver bullets, that can easily address all these concerns. This means complex and detailed solutions are needed to minimise and manage risks effectively to maintain business continuity, and keeping services running through disruption. As I mentioned some time ago in a previous post, the responsibility for cyber and data security lies with everyone.

Overall, I was delighted and glad to have attended this event. This is because I appreciated Phil sharing his knowledge of cyber security, and of how ransomware and malware poses a real threat to businesses. With the proliferation of black-market services available on the Dark Web, I can honestly say what I learned was not only educational but has also reinforced my own beliefs, about why everyone must take cyber security seriously. I only hope the other attendees felt the same and to spread the message, as I heard one saying he was going to speak to his company’s IT department about the threat of ransomware.

I would like to thank several people for making this event possible. This includes Phil for giving a superb talk, Kelsey Lee Connors from Professional Liverpool and Andrew Allen, Greg Jones, Troy Midwood and Keith Smith from Aabyss, for putting together this successful and educational event. My thanks also go to Avenue HQ for providing the delicious breakfast of coffee, croissants, fruit and Danish pastries. On a final note, I am delighted that Phil’s talk and demonstration had a strong impact on everyone including myself. My only regret is the event and the topic deserved a bigger audience, but even still it was excellent and worth attending, and one that I have taken so much from.

Breakfast provided by Avenue HQ

Busting the Myths of Data Security

In this modern era of technology, the security of data is often taken for granted. This is because myths have been built up, perpetuating a false reality of data security, and undermining an organisation’s capability to secure data resulting in increased risks of data breaches, through malicious attacks. As you read this post, I sincerely hope, you learn more about the importance of securing data.

I have includes some examples of data security myths below, and you can find more here.

These examples are:

  1. An organisation believes they are not a target.
  2. Data security is the sole responsibility of the IT department.
  3. This product or tool (e.g. firewall & anti-virus) can protect you 100%.

The reason that I am writing about this, is because last month I attended an event on this subject in Liverpool. Organised by Gardner Systems plc, this included three interesting speakers, with a great wealth of experience, knowledge and technical expertise in the IT industry. The speakers included Seth White from Nexthink, Liam Bridge from Varonis and Paul Stringfellow from Gardner Systems (who also writes an excellent IT blog). Having attended one of Gardner’s events last year (you can read about it here), I was once again looking forward to re-educating and reinforcing my understanding of this subject.

The purpose of the event was to debunk the myths surrounding data security in detail. In addition, the speakers also sought to highlight the need for an intelligent and proactive approach to dealing with issues. This included focusing on more detailed approaches to data security, such as controlling and removing access to prevent inside attacks, and using encryption to protect data as the cornerstone of any security policy.

I was also interested to listen and learn about targeted monitoring of IT resources, through the use of analytics. Through this, I learnt that analytics can be used to monitor infrastructure activities and behavioural patterns. Therefore analytics enable for the proactive management of potential security issues, and to identify and resolve them.

In addition, I also learned some shocking points regarding data security, which I have included below. These points are a snapshot of the modern reality of IT, and of the vulnerability of data, to potential breaches and losses.

  1. Data is more mobile as it is stored on PCs, laptops and smartphones.
  2. 80% of threats come from end users.
  3. The average costs of data breaches in the UK are £1,15m.
  4. Cyber attacks are more targeted and smarter now!
  5. IT configuration changes increases risk.
  6. Attacks and breaches can lie for months quietly undetected.
  7. 10-15% of notebooks are lost daily.
  8. Easy for internal users to get inside and steal valuable data.
  9. 23% of users open a phishing e-mail that steals sensitive information, whilst disguised as a legitimate message.
  10. 45% of organisations cannot always tell if they have suffered an internal breach.

Recalling the points above, have served to reinforce my understanding of the importance of securing data. In addition, I have also learned and understood that cyber attacks are more intelligent today. This means that intelligence is an important countermeasure, as part of a multi-layered approach to safeguarding data, along with technologies, processes, procedures and even common sense.

With recent high profile cyber attacks such as the hacking of Sony Pictures, and more recently TalkTalk, businesses are more vulnerable than ever before. As technology has transformed our lives, the most valuable asset of all businesses is data. From holding and processing it, data is so important to businesses, as they would not exist without it. If data was lost, stolen or misused, the consequences for companies include brand and reputational damage, heavy fines, prosecutions, potential millions in revenue losses and even bankruptcy!

I would like to thank all of the speakers and Gardner Systems, for this important event. Working in IT myself, I appreciate and acknowledge the speakers and everyone involved, for sharing their knowledge and expertise, which I found very educational and important.

To conclude, I hope you have found this article extremely useful, as data security is a very serious matter. There is help and assistance from IT suppliers and vendors, and I strongly insist that you work with them to help protect your data and resources. Data security must never be taken lightly, as businesses, organisations and even individuals are at more risk than ever!

Finally, I would like to leave you with these six important words that encapsulate what I have learned, and what you must learn too.

Everyone is responsible for data security!