RegreSSHion: All You Need To Know

The world of cybersecurity is ever changing and evolving – and this also applies to the bugs and glitches that can cause devastation to your system if they slip through the cracks. One of the latest talking points on the topic is RegreSSHion, a family of security bugs with the potential to cause vulnerability and chaos for systems across the world. But just what is RegreSSHion, and how could it impact your business? We took a closer look.

What Is RegreSSHion?

Put simply, RegreSSHion refers to a series of security vulnerabilities identified within the OpenSSH software, hence the clever name. OpenSSH, short for Open Secure Shell, is a widely-used tool for secure communication over networks, enabling encrypted connections between client and server. It’s integral to numerous systems, making any vulnerabilities within it a major concern for cybersecurity.

The Risks

These bugs provide cybercriminals with the opportunity to remotely execute code on a target machine. Remote code execution (RCE) is one of the most severe forms of security vulnerabilities. It allows an attacker to run arbitrary code on a remote machine over a network. With RCE, attackers can potentially gain control over the affected system. This type of vulnerability can have devastating consequences, as it effectively provides the attacker with the ability to manipulate the system as if they were physically sitting in front of it.

Moreover, through these vulnerabilities, attackers can escalate their privileges to gain root access to the affected machine. Root access is the highest level of system permission, providing complete control over the system. When a cybercriminal gains root access, they can alter system configurations, access and manipulate all files, install and run malicious software, and erase any traces of their activity. This level of access poses a significant risk, as it can lead to complete system compromise and data theft, making it a critical concern for anyone using OpenSSH software.

Once attackers have gained such access, they are in a position to inflict extensive damage or conduct malicious activities. These activities can include data theft, system espionage, deploying ransomware, or using the compromised machine as a launchpad for further attacks on other systems or networks.

Long Term Risks For Businesses

RegreSSHion can have serious short-term consequences – but the long term repercussions can also be devastating for businesses. Some of the most significant long-term issues may include:

Data Breaches and Loss of Sensitive Information

The RegreSSHion can lead to unauthorised access and control over systems, which significantly increases the risk of data breaches. Cybercriminals can exploit these vulnerabilities to steal sensitive information such as customer data, intellectual property, financial records, and more. The long-term impact of a data breach can be devastating for a business, resulting in the loss of customer trust, legal repercussions, and costly data recovery efforts.

Damage to Reputation and Brand Trust

As noted, a security incident linked to the RegreSSHion bug can severely damage a business’s reputation. Customers and partners expect their data to be secure, and any failure to protect it can result in a loss of confidence in the company. Rebuilding trust and restoring a damaged brand image can be a long and challenging process, potentially leading to a loss of market share and revenue.

Financial Losses from Downtime and Recovery

Finding yourself the victim of the RegreSSHion can lead to system disruptions, downtime, and the need for extensive recovery efforts. These incidents can halt business operations, leading to a significant loss of revenue. In addition, the costs associated with incident response, system repairs, legal fees, and potential fines for non-compliance can be substantial, impacting the financial stability of your business in the long term.

Intellectual Property Theft and Competitive Disadvantage

If attackers gain access to a company’s intellectual property, including trade secrets, research and development data, and proprietary technology, it can lead to a significant competitive disadvantage. Competitors or malicious actors could use this stolen information to develop similar products, undercut pricing, or enter the market with a competitive edge. Protecting intellectual property is crucial for maintaining a business’s market position and long-term viability.

How To Protect Your Business

As you can see, this is a bug that can have devastating consequences for businesses of all shapes and sizes, putting a serious dent in your finances, causing headaches over lost intellectual property, and damaging relationships with customers and suppliers. Fortunately, there are a few steps your business can take to help create a strong layer of protection, reducing the risk of your systems being targeted and infected.

Conduct Regular Software Updates and Patch Management

One of the most effective ways to protect your systems from vulnerabilities like RegreSSHion is to keep all software, including OpenSSH, up-to-date with the latest security patches. Regularly updating your systems ensures that you have the latest security features and fixes that address known vulnerabilities. Implement a robust patch management strategy to streamline this process and reduce the risk of exposure to security threats.

Implement Strong Access Controls

Ensure that your systems are configured with strong access controls. This includes using complex passwords, enabling multi-factor authentication (MFA), and limiting user privileges to the minimum necessary for their roles. By restricting access to sensitive systems and data, you can minimise the potential damage if a breach occurs.

Monitor and Audit System Activity

Regularly monitoring and auditing system activity can help you detect unusual behaviour that may indicate a security breach. Implementing tools and processes for real-time monitoring of system logs, network traffic, and user activities can provide early warning signs of potential threats and allow you to respond quickly, avoiding the worst of the damage.

Maintain a Comprehensive Incident Response Plan

Having a well-defined incident response plan is crucial for effectively managing and mitigating the impact of security incidents. Your plan should outline the steps to be taken in the event of a breach, including communication protocols, roles and responsibilities, and recovery procedures. Regularly review and update your plan to ensure it remains effective, and make sure that it is accessible to those who need it.

Invest in Cybersecurity Education and Awareness

Educating your employees about cybersecurity best practices is one of the most effective ways to prevent security breaches. Ensure that your team is aware of the latest threats, such as the RegreSSHion, and understands how to recognise and respond to potential security risks. By fostering a culture of security awareness, you can empower your employees to act as the first line of defence against cyber threats.

Final Thoughts

RegreSSHion is a potentially devastating threat – but the good news is that you don’t have to be a victim. By implementing checks and tests, keeping access secure, and boosting your knowledge and understanding, you can ensure that you and your team are in the best possible position to protect yourself from RegreSSHion – as well as any other unwanted visitors who may try to infiltrate your system.

Business Continuity and Cybersecurity: Beyond the initial Crowdstrike disruption, what can we learn?

Friday 19th July started as a normal day for many businesses. The weather forecast was improving, and workers across the world were looking forward to a weekend of relaxation, socialising, and time to unwind.

In truth, however, the end of the week was set to run anything but smoothly: just a few hours into Friday morning, airports, doctors, banks, businesses and stock exchanges around the world were in chaos. News reports showed queues of stranded passengers waiting for flights around the globe, businesses were struck dumb, unable to carry out simple processes, and millions of people found themselves at the mercy of a software update that was, ironically, designed to protect against hackers and minimise IT disruption.

But just what happened in the Crowdstrike meltdown, and how can you protect your business if a similar event occurs in the future?

Who Are Crowdstrike?

To really understand the issue at hand, we first need to understand the name behind the headlines. CrowdStrike Holdings Inc is one of the largest providers of cybersecurity software in the world, focused on endpoint security, threat intelligence, and cyber attack response services.

The Flawed Update

The guilty part in question in this case was a tiny, seemingly harmless file, which was large enough to hold just a single web page image. In an example of size not being truly indicative of power, the file, ‘C-00000291*.sys,” was a small part of a larger update for the Falcon sensor product created by CrowdStrike. Once set into motion, the file created a critical error in the Microsoft Windows operating system, making affected devices unusable, and triggering the blue screen of death which is such a dreaded sight for Windows users.

The Impact on Businesses

The initial impact on businesses was immediately apparent: systems across the world were accosted by the dreaded blue screen of death, and nothing could be done to clear the error. Financial consequences and a lack of productivity were the clearest casualties, but cybercriminals had already discovered a way to potentially make things a lot worse for desperate businesses.

Within hours of the CrowdStrike incident going public a host of new domains appeared, each bearing the name ‘CrowdStrike,’ and offering resolutions and support to those impacted by the chaos. Taking full advantage of the catastrophe, unscrupulous cybercriminals grabbed domains such as ‘crowdstriketoken[.]com,’ and ‘crowdstrikefix[.]com’, reaching out to organisations under the guide of help their true agenda, however, was an elaborate phishing scam designed to obtain credentials and secure details, making an already devastating situation that much worse. In truth, the only fix for the error is to boot into Windows safe mode, delete the rogue file, and reboot – a much simpler solution, but one that would prove much less lucrative for would-be scammers.

The Next Steps For Businesses

The long-term consequences for CrowdStrike remain unclear, and are likely to include a landscape of financial penalties and legal action. The CEO, George Kurtz, has already pledged to fully investigate the incident and prevent repeat occurrences, stating that:

“Nothing is more important to me than the trust and confidence that our customers and partners have put into CrowdStrike. As we resolve this incident, you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again…We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike reps. Our blog and technical support will continue to be the official channels for the latest updates.”

For now, the key focus for many businesses is understanding the steps that can be taken to minimise the impact in the event of a future incident like this via their own business continuity processes.

Ensuring business continuity needs to be a key priority for organisations of all sizes and levels, and there are three main aspects to this:

Testing and Evaluation

Thorough evaluation, updating and testing of business continuity and disaster recovery plans must be a major focus of any business. This should include detailed analysis of potential financial impact on an event such as the CrowdStrike incident, and a full back-up plan to help mitigate risk. Testing further extends to a change strategy. When rolling out major updates or upgrades businesses should test on a subset of devices to ensure any deployed changes are operating as expected, so to minimise any unplanned disruption should things go wrong.

Understanding Critical Infrastructure

A strong understanding of the dependencies and supply chains needed for critical infrastructure are also essential, and businesses need to work to secure the right protection through strong back up plans, good insurance, and clear contractual terms. This includes raising the alarm immediately if there is a fear that an IT or security event has occurred, and reviewing regulatory reporting obligations if an incident does occur.

Maintain Vigilant and Proactive Protection Strategies

Businesses also need to work to develop and implement vigilant and proactive protection strategies, which focus heavily on avoiding cybersecurity threats before they have the chance to cause a major incident. Vigilant monitoring and robust systems can help your organisation to stay ahead of the game, minimising the potential for serious harm or damage.

Final Thoughts

The CrowdStrike meltdown serves as a stark reminder of the vulnerabilities that even the most sophisticated systems can face. The incident, sparked by a seemingly insignificant file within a protective software update, caused widespread disruption across multiple sectors, highlighting the critical importance of robust business continuity measures.

For businesses, the lessons are clear: business continuity plans should form part of your cybersecurity measures, whether an incident is malicious or not, your business needs to be able to function as normal. Prioritise thorough testing and evaluation of disaster recovery plans, ensure a deep understanding of critical infrastructure dependencies, and maintain vigilant and proactive protection strategies. By learning from this incident and fortifying their defences, organisations can better navigate the complexities of the digital landscape and mitigate the impact of future cybersecurity threats.

How Bob’s Business can help your organisation

At Bob’s Business, we are the UK’s Most Trusted Cybersecurity Awareness Training provider, equipping organisations with the knowledge and skills needed to protect sensitive data and ensure business continuity.

In the face of escalating cyber threats in 2024, cybersecurity training is not just a precautionary measure; it’s imperative.

Empower your workforce with the knowledge and skills to prevent cyber threats and fortify your organisation’s defences today.

What is encryption & why does your organisation need it?

Encryption – it sounds like a tool only reserved for top-tier IT experts, right?

Don’t be fooled by its complexity; encryption is more accessible than you think, and might be an essential security tool for your organisation.

But what exactly is encryption, and why should you care about it?

Let’s break it down together.

What is encryption and why does it matter?

Encryption is like a secret code that scrambles your data into an unreadable format without the right key.

It’s like putting your information in a locked box before sending it.

So, even if hackers intercept your data, they won’t be able to decipher it without the key.

Encryption is essential for protecting sensitive data. Whether it’s your passwords, financial details, or personal messages, encryption ensures that only authorised parties can access and understand your information.

The benefits of encryption

Data protection: encryption protects your data from unauthorised access, preventing data breaches and unauthorised disclosure of sensitive information.

Compliance: many industry regulations and data protection laws, such as GDPR, require businesses to encrypt sensitive data. Encryption tools can avoid potential fines or penalties for non-compliance.

Trust building: demonstrating a commitment to data security through encryption can build trust with your customers and partners and enhance the business’s reputation.

Intellectual property protection: Encryption helps to protect intellectual property, trade secrets, and private information from theft, protecting your competitive advantage.

Secure communication: Encryption ensures that communication channels, such as emails and messaging platforms, are secure from interception.

Overall, implementing encryption in your business can mitigate risks and demonstrate your commitment to protecting sensitive data and maintaining strong cybersecurity practices.

Types of encryption

Symmetric encryption

Symmetric encryption uses a single key for both encryption and decryption.

This means the same key is used to scramble and unscramble the data.

It’s like having a single key that locks and unlocks a door, making it efficient for encrypting large amounts of data quickly. One common example of symmetric encryption is the use of password-protected ZIP files.

Asymmetric encryption

Asymmetric encryption uses a pair of keys: a public key and a private key.

The public key is freely available and is used for encryption, while the private key is kept secret and is used for decryption.

This setup allows for secure communication without the need to share a secret key beforehand.

Asymmetric encryption can be used to help employees securely access company networks remotely via VPN, where data is encrypted with the server’s public key and can only be decrypted by the server’s private key.

Hashing

Hashing is a one-way encryption technique that converts data into a fixed-size string of characters, known as a hash value or digest.

Once data is hashed, it cannot be converted back to its original form, this is useful for password storage.

For example, when you create an account on a website and set a password, the website hashes your password before storing it in its database.

When you log in, the website hashes the password you provide and compares it to the stored hash to verify your identity without storing your actual password.

How your business can implement encryption

Setting up encryption without an IT team doesn’t have to be daunting. Here are some easy ways to do it:

Email encryption

Use encrypted email services: many email providers offer built-in encryption features or plugins that enable you to encrypt emails easily.

This ensures that sensitive information shared via email, such as customer details or private data, remains protected.

Financial records encryption

The payroll department can benefit from encryption, particularly when it comes to securing financial records.

Encrypting sensitive financial data, such as bank account information, transaction details, and payroll records, adds an additional layer of security.

By using encryption software or tools for these records, you can prevent unauthorised access and protect your financial information from potential cyber threats.

File-level encryption

File-level encryption allows you to encrypt individual files or folders on your computer or server.

This means that even if someone gains unauthorised access to your device or network, they won’t be able to view the contents of encrypted files without the decryption key.

Full-disk encryption

Full-disk encryption encrypts the contents of your computer’s hard drive or storage device.

Most modern devices have built-in full-disk encryption features that you can easily enable in the settings.

This means that all the data stored on the device remains inaccessible even if the device is lost or stolen.

How Bob’s Business can help your organisation

At Bob’s Business, we are the UK’s Most Trusted Cybersecurity Awareness Training provider, equipping organisations with the knowledge and skills needed to protect sensitive data.

In the face of escalating cyber threats in 2024, cybersecurity training is not just a precautionary measure; it’s imperative.

Empower your workforce with the knowledge and skills to prevent cyber threats and fortify your organisation’s defences today. Interact with the bot below to discover our range of cyber solutions.

What you need to know from the Cyber Security Breaches Survey 2024

Every year, The Department for Science, Innovation and Technology (DSIT), in partnership with the Home Office, releases the findings from their annual Cyber Security Breaches Survey, with the results invariably informing cybersecurity discussion for the 12 months to follow.

This year, 2,000 UK businesses, 1,004 UK registered charities and 430 education institutions were consulted from 7 September 2023 to 19 January 2024. All of this is to say that when it comes to cybersecurity in the UK, there are no more authoritative sources from which to draw.

We’ve reviewed the 2024 survey numbers, pulled out some of the most notable findings, and separated them into categories for your reading pleasure. In this blog, we’ll be sharing those findings. Let’s get started.

Prevalence of cyber breaches and attacks:

Half of businesses (50%) and around a third of charities (32%) reported experiencing some form of cyber security breach or attack in the last 12 months. This was much higher for medium businesses (70%), large businesses (74%) and high-income charities with £500,000 or more in annual income (66%).

Types of breaches and attacks:

The most common type of breach or attack was phishing (84% of businesses and 83% of charities). To a much lesser extent, this was followed by others impersonating organisations in emails or online (35% of businesses and 37% of charities) and then viruses or other malware (17% of businesses and 14% of charities).

Costs of breaches and attacks:

Among those identifying any breaches or attacks, the survey estimates the single most disruptive breach from the last 12 months cost each business, of any size, an average of approximately £1,205. For medium and large businesses, this was approximately £10,830. For charities, it was approximately £460.

Cyber hygiene measures:

There have been slight increases in the deployment of cyber hygiene measures among businesses compared to 2023, such as using up-to-date malware protection (up from 76% to 83%), restricting admin rights (up from 67% to 73%), network firewalls (up from 66% to 75%) and agreed processes for phishing emails (up from 48% to 54%).

Risk management and supply chains:

31% of businesses and 26% of charities had undertaken cyber security risk assessments in the last year, rising to 63% of medium businesses and 72% of large businesses.
33% of businesses and 23% of charities deployed security monitoring tools, rising to 63% of medium businesses and 71% of large businesses.
43% of businesses and 34% of charities reported being insured against cyber security risks, rising to 62% of medium businesses and 54% of large businesses.
11% of businesses and 9% of charities said they review the risks posed by their immediate suppliers, with this being more common for medium businesses (28%) and large businesses (48%).

Board engagement and corporate governance:

75% of businesses and more than six in 10 charities (63%) reported that cyber security is a high priority for their senior management. This proportion is higher among larger businesses (93% of medium businesses and 98% of large businesses, vs. 75% overall) and high-income charities (93% of those with income of £500,000 or more, vs. 63% overall).
Three in ten businesses and charities (both 30%) have board members or trustees explicitly responsible for cyber security as part of their job role, rising to 51% of medium businesses and 63% of large businesses.
58% of medium businesses, 66% of large businesses, and 47% of high-income charities have a formal cyber security strategy.

Seeking external information and guidance:

Four in ten businesses (41%) and charities (39%) reported seeking information or guidance on cyber security from outside their organisation in the past year.
39% of businesses and 32% of charities have taken action on 5 or more of the 10 Steps to Cyber Security, rising to 80% of medium businesses and 91% of large businesses.
12% of businesses and 11% of charities are aware of the Cyber Essentials scheme, with awareness being higher among medium businesses (43%) and large businesses (59%).

Incident response:

22% of businesses and 14% of charities have formal incident response plans in place, rising to 55% of medium businesses and 73% of large businesses.
34% of businesses and 37% of charities reported their most disruptive breach outside their organisation.

Cyber crime:

The survey estimates that 22% of businesses and 14% of charities have experienced cyber crime in the last 12 months, rising to 45% of medium businesses, 58% of large businesses and 37% of high-income charities.
3% of businesses and 1% of charities have been victims of fraud as a result of cybercrime, with the proportion being higher among large businesses (7%).
The survey estimates that UK businesses have experienced approximately 7.78 million cyber crimes of all types and approximately 116,000 non-phishing cyber crimes in the last 12 months. For UK charities, the estimate is approximately 924,000 cyber crimes of all types.

Sector differences in prioritisation:

Businesses in information and communications (65% a “very” high priority), finance and insurance (61% say it is a “very” high priority), and health, social care and social work (62% a “very” high priority) sectors tend to treat cyber security as a higher priority than others.
Unlike previous years, food and hospitality businesses now regard cyber security as a higher priority than businesses overall (72% vs. 75% of businesses overall).
Businesses in the agriculture sector tend to regard cyber security as a lower priority than those in other sectors (59% say it is a high priority, vs. 75% of businesses overall).

Regional differences in prioritisation:

In 2023, businesses in the South East tended to prioritise cyber security higher than the average UK business (80% said it is a high priority, vs. 71% overall).
In 2024, the region with the highest prioritisation on cyber security compared to total businesses is the North West (83% said it is a high priority, vs. 75% overall).

Roku data breach explained: Everything you need to know

Roku, a well-known streaming service offering access to platforms such as Netflix and Disney Plus, recently reported its second breach of 2024.

With two breaches occurring within just four months, questions are beginning to rise about the company’s security measures and reputation.

Let’s explore how such a major player in the streaming industry continues to struggle with their cybersecurity.

Let’s take a look inside…

On March 8th, Roku reported a cyberattack that affected around 15,000 users, and a month later on April 12th, a second incident was reported where 576,000 additional accounts were affected.

It was through the investigation and close monitoring that the second incident was discovered.

Among the affected accounts, approximately 400 fell victim to hacker activity. Unauthorised purchases on the streaming service were made, although no sensitive information was compromised.

Roku promptly addressed the issue by issuing refunds to the hacked accounts.

According to Roku, both attackers employed a technique known as credential stuffing, utilising stolen login credentials to gain unauthorised access to user accounts.

Roku stated ‘It’s possible third-party sources provided the login information’.

Additionally, the company highlighted the role of poor password hygiene among users, which could have contributed to the breaches.

In response to the breaches, Roku has implemented a forced password reset for all users, irrespective of whether they were directly affected by the breaches. Since, Roku have implemented a mandatory two-factor authentication requirement for all accounts,

What role did human error play in this breach?

This breach highlights the vulnerability stemming from human negligence towards cybersecurity.

The technique used, called credential stuffing, thrives on exploiting weak password practices overlooked by many users.

By reusing passwords or choosing weak ones, users inadvertently made it easier for attackers.

Users need to take ownership of their own cybersecurity, especially when trusting large companies, assumed to have strong security.

This incident shows that even big corporations can fall victim to cyber threats, emphasising the collective responsibility of everyone in strengthening cyber defences.

What is credential stuffing?

Credential stuffing is a type of cyberattack where hackers use stolen usernames and passwords from one source and try them on multiple websites or services.

It’s like trying a key that you stole from one door on many different doors, hoping it will unlock some of them.

This technique relies on the fact that many people reuse the same passwords for different accounts, making it easier for hackers to gain unauthorised access.

It’s a sneaky way for cybercriminals to break into accounts and potentially access sensitive information or carry out fraudulent activities.
Strong password practices your organisation can implement to prevent credential stuffing

One of the most effective ways to mitigate the risk of breaches, such as the recent incidents experienced by Roku, is by enhancing password practices.

Here are some essential steps to take to strengthen password security:

Create unique and complex passwords for each online account. Avoid common phrases, predictable patterns, or easily guessable information such as birthdays or pet names.
Utilise passwords that are at least 12 characters long and include a combination of uppercase and lowercase letters, numbers, and special characters. Longer, more complex passwords are more difficult for attackers to crack.
Never use the same password across multiple accounts. Reusing passwords significantly increases the risk of credential stuffing attacks, as compromised credentials from one platform can be leveraged to access others.
Use reputable password managers to securely store and generate strong, unique passwords for each account. Password managers alleviate the burden of remembering multiple passwords while enhancing security.
Remember to regularly update passwords, ideally every three to six months, to reduce the likelihood of unauthorised access due to compromised credentials.
Enable two-factor authentication wherever possible. 2FA provides an additional layer of security by requiring users to verify their identity through a second method, such as a one-time code sent to their mobile device.

How Bob’s Business can help your organisation

At Bob’s Business, we understand the importance of strong cybersecurity measures in protecting your organisation against breaches.

Our comprehensive cyber courses are tailored to provide organisations with the knowledge and tools needed to mitigate cyber risks effectively.

Through engaging and informative training modules, we educate users on the importance of strong password practices, the dangers of credential-stuffing attacks, and the implementation of two-factor authentication.

Our platform equips users with practical skills to identify and respond to potential threats, fostering a culture of cybersecurity awareness and resilience within your organisation. Explore our range of courses here.

Why HR’s role in cyber risk management is growing

Many businesses make the mistake of thinking that cyberattacks only target bigger, higher-profile companies, simply because those stories garner news coverage.

The reality? Small businesses are the most at risk of attack.

Hackers look to take advantage of the smaller IT and training budgets to find vulnerabilities that can be used for financial gain.

This blog explores the increasing role of HR in cyber risk management in creating a stronger defence for organisations.

The role of HR in cybersecurity

While IT provides expertise in installing hardware security solutions, such as antivirus and antimalware software, firewalls, and SSL certificates, HR is the expert in policies and people.

One of the biggest risks to an organisation’s cybersecurity is employee errors, both accidental mistakes and intended data security breaches.

A University study found that employee mistakes cause 88% of data breach incidents.

Therefore, HR has a significant role to play in developing a culture of employees who are cyber risk-averse and display the required behaviours to help keep the organisation protected from cyberattacks.

Why the role is growing

Historically, protecting IT systems was seen as a problem for the IT department, and HR would have minimal involvement in cyber risk management.

However, more organisations are realising that HR has a crucial role in helping them establish strong cyber risk management processes.

How HR can help develop a culture of cyber security

While IT teams diligently defend against digital threats, HR plays a vital role in ensuring the entire company is equipped to minimise errors and enhance cyber resilience.

By promoting a positive cyber culture, HR lightens the load on IT, reducing breaches, costs, and downtime.

Awareness and education: HR can drive cybersecurity awareness by conducting comprehensive training and providing access to webinars, ensuring all employees understand its importance.
Learning and adaptation: HR can facilitate regular workshops and upskilling opportunities in cybersecurity, enabling employees to adapt to evolving threats effectively.
Overcoming challenges: HR can address resistance to change by fostering open communication and transparency about cybersecurity, ensuring alignment with organisational objectives.

How HR can develop a high-quality cybersecurity risk management framework

Policies

HR should ensure that comprehensive company policies, such as those related to information security, social media use, and cybersecurity, are in place.

Although the IT team will have the main responsibility for writing policies that sit within their domain, HR should have a policy management process to ensure that policies are kept up to date and are easily accessed by employees – for example, published on the company intranet site.

Setting data and access controls

Another area HR can support cybersecurity in is by ensuring that access levels are appropriate.

Access to systems and data should be restricted; this ensures that only those who are essentially required to can access data for their job responsibilities.

Background checks

Internal fraud is a problem that can lead to data breaches and HR can implement strict screening processes when recruiting, such as background checks and references.

This can help to detect candidates who represent a higher risk to the organisation.

Training and regulatory compliance

HR is responsible for regulatory compliance, including mandatory training.

Traditional regulatory compliance training is not always effective for organisations seeking to increase employee knowledge and develop a culture of high cybersecurity awareness.

Remember, almost 90% of breaches start with simple human error!

Incident response planning

HR has a vital role in maintaining incident response plans. Working closely with IT and other departments, HR selects suitable individuals for key roles within the incident response team.

HR also oversees their actions to ensure they fulfil their duties effectively during incidents. This careful oversight ensures the response team is prepared to handle cybersecurity incidents as they occur.

How Bob’s Business can help your organisation

Bob’s Business is committed to ensuring not only the effectiveness of your IT defences but also the readiness of your employees.

We work closely with your HR team to identify organisational vulnerabilities and provide tailored courses that can be delivered to employees.

By leveraging our expertise and innovative approach, we empower organisations to navigate the complexities of cybersecurity with confidence.

With Bob’s Business by your side, you can effectively minimise errors, reduce breaches, and mitigate the impact of cyber incidents on your business operations.

The state of cybersecurity, Q1 2024 edition.

Q1 of 2024 is already behind us, and while the weather might be improving, the cybersecurity threat landscape certainly is not.

Rapidly advancing AI, evolving scams, and higher-than-usual staff turnover in many organisations have created a perfect storm for cybercriminals, resulting in major breaches and increased vulnerabilities.

At Bob’s Business, we partner with several companies to support organisations through those challenges, develop their security posture, and promote positive outcomes in all forms of cybersecurity challenges.

While we’re the experts on all things cybersecurity education, we’re proud of our partnerships, and so we’re opening the floor to just a handful of our trusted partners for their thoughts on The State of Cybersecurity. Let’s get to meet our panellists:

Meet the panelists

Simon Nicholls, UK VP of Sales at Keepnet Labs

Simon Nicholls is the UK VP of Sales at Keepnet Labs, a company transforming cybersecurity by prioritising the human element through a holistic platform that integrates cutting-edge technology, behavioural psychology, and nudge theory. Simon joined the business as the first VP of Sales and is helping to scale the EMEA operation from the ground up.

Rowan Sinclair, Founder & CEO at Nayaka Security

Rowan Sinclair is the founder and CEO of Nayaka Security, a next-gen security specialist that helps SMEs navigate the wild and wonderful landscape of cybersecurity. With a handpicked suite of leading cybersecurity tools and a focus on education and awareness, Nayaka Security empowers clients to proactively protect their digital assets, forging a secure future for businesses in the digital age.

Karl Greenfield, CEO at Pentest Cyber

Karl Greenfield has been involved in cybersecurity since the 1980s and has led many successful teams and task forces globally, most recently as CEO of Pentest Cyber Ltd; specialising in the provision of Cyber Essentials Plus and high-end penetration testing services, with a focus on providing “result-driven” objective testing services beyond “auto-scans” to a discerning international audience.

We asked them a series of questions about the state of the industry and what they think the future holds for cybersecurity.

What notable cybersecurity threats have emerged or evolved so far in 2024?

Simon: In a similar trend analysis to the Allianz Risk Barometer, we have seen the largest emerging risk in 2024 as mobile devices. Specifically, in this area, there has been an astronomical rise in attacks targeting employees’ MFA. Over a period of 90 days, Okta’s network logged approximately 113 million attacks targeting MFA. Email security is a well-developed space in cyber, but mobile device security has fallen behind, meaning it is the go-to attack vector for many hackers in 2024.

Rowan: Automated social engineering incorporating LLM (Large Language Models) via LinkedIn / Teams / Slack. However, traditional click-a-link phishing is still prevalent, with users consistently falling prey. In my inbox, in particular, I’ve noticed DocuSign, payroll, and faux-supplier phishing attempts.

Karl: The prevalence of AI-augmented techniques in everything including cybersecurity attack and defence can no longer be ignored. The persistence with which the commodity attacks can now be deployed means that any momentary drop in defences for e.g. patching or reconfiguration that would previously be well covered by “good luck alone” can now be enough to result in compromise.

What innovative approaches or strategies are being used to improve cybersecurity awareness and promote a security-conscious culture within organisations?

Simon: Behavioural-based learning is a key element of a solid human risk management strategy in 2024. A blanket approach to improving cybersecurity awareness isn’t sufficient. Our clients are specifically interested in tracking user behaviour across all known attack vectors and training the users that need it most with targeted and tailored training to their knowledge gaps.

Rowan: As the average staff age staff decreases (or we get older), the importance of shorter, bitesize content is important to trap attention spans. On-the-spot training with email security solutions like Tessian or Egress has also helped increase security awareness.

Karl: Blending several approaches together as a bespoke “force multiplier”. PTC’s “Cyber-Capability-As-A-Service” combines pen-testing with managed accreditation. Cyber Essentials Plus is a favourite since NCSC reported 50% uptake increase in a year. Add the need to build, maintain and monitor cybersecurity culture tailored to each environment. We use Bob’s Business’ strengths to convey subjects clearly, to the largest audience. Key to our needs is the integral automation of admin tasks, scheduling and deployment of learning opportunities against organisational deadlines.

How can organisations better prepare and adapt to the evolving cybersecurity landscape?

Simon: Knowledge is preparation. Immersing yourself in the new advancements in cybersecurity will help keep companies 1 step ahead. Attending well-respected events and a select number of webinars/round tables with topics that align with the overall security strategy is the best way to keep abreast of these developments in the most time-efficient way.

Rowan: Constant surveillance such as automated pen-testing solutions, rigorous IDAM, advanced inbound and outbound email security, and, of course, a fully managed user awareness training so IT teams don’t drop the ball on creating a security awareness culture.

Karl: Start by deploying basic defences such as those inherent in gaining “Cyber Essentials Plus”.“Work up” bespoke to your situation, either by your own organisation’s design or in consultation with an expert such as PTC. Remember no two networks are the same so you must tailor your approach to your unique circumstances. One size, and very rarely, one product seldom “fits all”.

What cybersecurity trends and challenges do you anticipate for the remainder of 2024 and beyond?

Simon: Consolidation is a real trend amongst CISOs. With more security tools than ever on the market, CISOs have the challenge of building a robust toolkit for their security teams without the need for them to log in to multiple different platforms every day to do their job effectively. Identifying top-class consolidated solutions to help resolve this issue and reduce overall security spend will be a challenge and trend this year.

Rowan: As a trend, more security for Kubernetes-based businesses and an increased number of solutions incorporating quantum-resistant algorithms. On the challenge side, security continues to be ROI deficient at an SME level meaning continued difficulty demonstrating its value to senior management until ultimately the organisation is hit by a data breach.

Karl: AI will continue to change things in ways that we can only presently imagine. High-skilled, experienced personnel will remain essential and will become even more scarcely available when needed. New geopolitical developments will continue as a vector for “baddies” to seek to exploit us. The good news is that by taking a structured and measured approach to deploying basic defences, we can continue to protect ourselves effectively.

Partner with Bob’s Business

Eight in ten businesses say that cybersecurity is a high priority for their management boards. Bob’s Business offers a range of solutions designed to reduce their risk of breaches by up to 74%.

With generous compensation, hands-on support and unique differentiation in the market, we’re the best choice for companies looking for a trusted partner within the cybersecurity education space.

Learn more and book in time for a partnership chat here.

The seven video conferencing mistakes you can’t afford to make

When was the last time you stepped out of the office for a face-to-face meeting?

With the rise of online meetings, chances are it’s becoming a rare occurrence.

The perks of not commuting, seamless long-distance communication, and more have made virtual meetings the go-to choice.

But, amidst the convenience, it’s crucial not to overlook the security risks.

As we navigate through the rise of webinars, online meetings, and virtual hangouts, it’s vital to ensure we’re following best practices to keep cyber threats at bay.

The seven video chat mistakes that you simply can’t afford to make

Leaving your microphone on

Let’s start with a classic – leaving the microphone on.

Of course, we all know that video conferencing often takes place within the home, where a myriad of distractions can lead to all sorts of requirements for off-mic moments.

The problem is that pesky microphone recording every word you say.

It’s a privacy nightmare, and without a little awareness, you might find yourself caught out saying something you regret.

This could include conversations around you that contain sensitive information such as GDPR-related discussions or the exchange of passwords, posing a significant privacy and cybersecurity risk to the organisation.

The fix for this one is simple, just remember to turn off your microphone when you’re not speaking!

Sharing your screen with valuable information on it

One of the biggest advantages that video conferencing brings to the business world is the ability to quickly and easily share what’s on our screens with everyone else.

In a world where the majority of our work is done on computer screens, it’s a real positive.
However, it’s more than just the work we do on our screens. Everything from curiosity in Google searches to tabs with classified information are visible if they’re on screen when you share with your workmates, creating a potentially awkward situation.

Some platforms allow you to share only ‘one tab’ or’ one window’ at a time.

This feature allows you to selectively choose what content is visible to others, adding an extra layer of security to your virtual meetings.

You should always check your screen carefully before you share it with your team – you’ll be glad you did!

Sharing photographs of your meetings online

One trend that has led to security risks within online meetings is sharing pictures of video calls.

Popular video conferencing solutions like Zoom require a meeting ID number to join—one that’s visible on screen—and sharing pictures of that meeting means that anyone with a supported device can dial into your call.

With so many vital, highly confidential meetings being held worldwide, it’s crucial that your private information is kept that way—no matter how proud you are of your meeting—so keep your meeting pictures off social media.

Do you remember when Boris Johnson shared an image of the first virtual cabinet meeting back in 2020, exposing the meeting ID and cabinet members’ usernames? – A huge breach of government security, and one that caused real headaches for Government security officials.

Not warning your cohabitors that you’re on a call

We’re all in this together and, for many of us, that means family and cohabitors spending our time under the same roof. It’s a tricky situation, but one that we have no choice but to handle.

If you don’t have a dedicated office space where you can focus solely on your work, it’s crucial that you let the people you’re sharing a space with know that you’re going to be on a call.

We’ve seen plenty of widely shared incidents of unwitting people wandering into compromised positions, so take the time to ask for a little privacy.

Missing end-to-end encryption

It’s important to consider encryption when choosing video meeting platforms.

Without end-to-end encryption, there’s a risk that cyber hackers could intercept sensitive information exchanged during meetings.

Look for video meeting platforms that offer encryption features to protect your data in transit, making it harder for unauthorised parties to access.

Failing to update software

Keeping your video conferencing software up to date is essential for maintaining security.

Neglecting software updates leaves your system vulnerable to cyber threats. After all, there’s a reason why that update was pushed live.

Make sure to regularly update your software to patch security vulnerabilities and strengthen your defences against potential attacks.

Implementing automated update mechanisms can simplify this process and ensure that your video meeting stays secure against growing cybersecurity threats.

Not securing your call

You’d make sure the door was shut before holding a private meeting, wouldn’t you?

Therefore, it goes without saying that you should lock your video call to stop individuals from joining without permission.

Whether you’re using Google Hangouts, Zoom, Skype, or any other video conferencing tool, you’ll find a range of security features that ensure only those who are invited can access the call.

Take the time to review and adjust default settings, such as enabling password protection and waiting rooms, to enhance the security of your virtual meetings.

How Bob’s Business can help you

With the rise of virtual meetings, ensuring the security of your online interactions is crucial.

Our tailored cybersecurity training equips you with the knowledge and skills needed to navigate virtual meetings – and all things cyber – safely.

Our courses cover all aspects of secure online communication, from understanding the risks of leaving your microphone on to securing your calls with password protection.

With practical guidance on adjusting default settings and implementing encryption features, we empower you to confidently navigate virtual meetings and mitigate potential threats.

Our innovative online cybersecurity awareness courses are designed to offer real, actionable advice in fun, short and unique animations – so why wait? Interact with the bot below to find out more.

Vans data breach explained: Everything you need to know

Imagine the sinking feeling of a critical system failure right before a major product launch.

Now imagine having to communicate to millions of customers that their records were exposed in a data breach.

That’s the harsh reality Vans’ parent company, VF Corporation, faced in December 2023.

This breach is a stark reminder for CISOs and CEOs: even industry giants are vulnerable.

While details remain under investigation, the incident highlights the ever-present threat of cyberattacks and the crucial role strong cybersecurity plays in protecting your organisation’s reputation and customer trust.

Let’s dig into the details & explore how your organisation can avoid this same fate.

A look inside the Vans data breach

In December 2023, VF Corporation, Vans’ parent company, fell victim to a cyber-attack.

While the initial details were murky, a later filing with the US Securities and Exchange Commission confirmed the hackers’ haul: an astounding 35.5 million customers’ personal data.

Here’s what we know so far:

While the exact cause remains under investigation, VF Corp. suggests unauthorised actors gained access to their systems.

Thankfully, financial information like credit card details seem to be safe.

However, the stolen data reportedly includes names, email addresses, phone numbers, billing and shipping addresses, and, potentially, purchase history.

The aftermath: Vans emailed customers in March 2024 to inform them of the breach and potential risks associated with compromised data.

They also offered guidance on how to avoid phishing scams that might capitalise on the situation.

From clicks to consequences: Why this matters

Vans’ data breach serves as a stark reminder of the ever-present threat of cybercrime. But beyond the initial shock, it raises crucial questions:

Human error or sophisticated attack?: While details are limited, the incident highlights the vulnerability of even established companies to human error. Remember, even a single unprotected email can be a gateway to a massive data leak.
Beyond financial loss: The repercussions of a data breach extend far beyond monetary compensation. Breaches erode customer trust, a vital asset in today’s competitive retail landscape.
A wake-up call for all: This incident isn’t just about Vans. It’s a cautionary tale for every company entrusted with customer data. Strong cybersecurity practices are no longer a luxury; they’re a necessity.

How to avoid a similar fate

The good news is that businesses can take proactive steps to minimise the risk of data breaches. Here are some key strategies:

Educate your employees: Regular cybersecurity training empowers employees to identify phishing attempts, handle sensitive data responsibly, and adhere to company security policies.
Embrace awareness: Don’t let cybersecurity training become a one-time event. Regular awareness programs ensure employees stay updated on the latest threats and best practices.
Passwords matter: To add an extra layer of security, enforce strong password policies, including mandatory changes and multi-factor authentication.
Encryption is key: Encrypt sensitive data at rest and in transit to minimise the damage if a breach occurs.
Control who sees what: Implement access controls, granting access to sensitive data only to those who absolutely need it.
Prepare for the worst: Develop a comprehensive incident response plan outlining steps to take in case of a breach. This includes communication protocols and measures to mitigate the impact.
Security audits: Conduct regular security audits to identify vulnerabilities before hackers do.
Security is everyone’s job: Foster a culture of security within your organisation. When employees understand the importance of data protection and feel comfortable reporting potential security incidents, everyone wins.

How Bob’s Business can help protect your organisation

The Vans data breach is a cautionary tale. It highlights the importance of robust cybersecurity practices and the devastating consequences of even a single misstep.

By prioritising employee training, implementing strong data security measures, and fostering a culture of security awareness, businesses can take control of their data destiny and protect the trust of their customers.

Remember, in the age of cybercrime, prevention is always better than cure.

Here at Bob’s Business, we’re here to help you grind to a halt on data breaches before they land you in a precarious situation.

From employee training and phishing awareness programs to security audits and incident response planning, we offer a comprehensive toolkit to safeguard your customer data.

Click here to learn more about our cyber solutions.

How to create a proactive incident response plan

Have you ever heard the saying, “Fail to prepare, prepare to fail”?

It is especially relevant in cybersecurity practices.

With AI enabling scammers and hackers to create more sophisticated attacks at scale, being prepared for the worst-case scenario is vital for business success.

While taking steps to prevent attacks is vital, having a strong incident response plan is just as important. It’s like having a safety net – it can minimise the impact of a cyber incident and save you time and money.

Keep reading to learn how to create a strong response plan to keep your organisation safe.

What is a response plan?

Defining the phrase

A response plan is a structured framework outlining the steps to be taken in the event of a cybersecurity incident.

An incident response plan offers a clear approach to:

Identifying the issue
Containing the breach
Mitigating the attack
Recovering from security incidents
Preventing future incidents

It outlines the roles and responsibilities of individuals or teams involved in the response process, establishes communication processes, and defines escalation processes.

The benefits of a response plan

Stronger cybersecurity resilience

Being proactive means preparing for potential cyber threats in advance. By doing so, businesses can identify vulnerabilities, set up defences, and establish response strategies.

This makes them more resilient against cyber-attacks.

Secured business continuity

With a proactive plan in place, businesses can ensure that essential services continue uninterrupted even during cyber incidents.

This minimises downtime, protects data integrity, and maintains customer trust, keeping operations running smoothly.

Savings on costs

Investing in proactive measures can save businesses money in the long run.

By addressing security issues early, companies can avoid expensive consequences such as data breaches, legal fines, and damage control.

Regular security checks and employee training also help prevent incidents, reducing financial losses.

Reputational protection

A well-executed response plan defends against financial losses and shields a business’s reputation.

Clear and prompt communication during and after an incident shows professionalism and accountability. This builds trust with customers and partners, enhancing the business’s image and loyalty.

Faster recovery

With a response plan ready to go, businesses can respond quickly and efficiently to cyber incidents. This enables faster recovery times and reduces the overall impact on operations.

A step-by-step response plan

Step 1: Establish an incident response team

Designate individuals responsible for responding to cybersecurity incidents. Clearly define their roles and responsibilities.

Step 2: Communication

Create a clear communication strategy for reporting incidents internally and externally. Ensure prompt internal communication to halt the breach, followed by updates to stakeholders once the risk is contained.

Step 3: Incident identification criteria

Define clear criteria for identifying security breaches based on their severity and impact on the organisation.

Step 4: Containment

Develop a plan for containing the breach, including monitoring systems and analysing affected areas to determine the extent of the violation and the necessary containment measures.

Step 5: Investigation and analysis

Conduct a thorough investigation and analysis of the incident to determine its cause and impact. Identify vulnerabilities and weaknesses in systems or processes that contributed to the breach.

Step 6: Mitigation and recovery

Implement strategies to mitigate the impact of the incident and recover affected systems and data. Prioritise critical systems and services to minimise downtime and disruption to business operations.

Step 7: Security experts

Consider contacting planned external experts who can offer additional guidance in resolving the incident. Ensure these experts have access to the required resources and support to address the situation effectively.

Step 8: Enhance security measures

Take steps to enhance security measures based on lessons learned from the incident. This may include implementing additional safeguards, updating security policies, or improving security controls.

Step 9: Training, improvement, and awareness

Conduct training sessions to improve incident response capabilities and raise awareness of cybersecurity risks among employees.

Continuously review and update training programs to address the growing threats and vulnerabilities.

How Bob’s Business can help your organisation

At Bob’s Business, we’re dedicated to ensuring your organisation is prepared for any cybersecurity incident.

Through a comprehensive review of your current cybersecurity measures, we identify vulnerabilities and tailor training specifically for your business’ blind spots.

Our courses are built on two principles—behavioural science and psychology—to deliver truly exceptional results to organisations of all sizes in the public and private sectors.

Ready to build your cybersecurity culture? Discover our range of cybersecurity awareness training solutions.