Neil Frost x BBC Merseyside: cybersecurity in football

Earlier this month, we discussed the significant role cybersecurity plays in the world of sports, particularly its effect on football clubs, fans, athletes, and employees. 

Building on that discussion, our CEO, Neil Frost, was invited to speak with Giulia Bould on BBC Radio Merseyside, shedding light on how cyber threats can impact all aspects of football clubs—from financial losses and reputational damage and even to day-to-day operations. 

Given the expansive global digital presence of football clubs, safeguarding digital presence and information is more critical than ever. Things like player contracts, medical records, and fans personal data are all key areas within football – and in the wrong hands, these can cause significant harm. Breaches can even lead to disruption of games and could bring the integrity of the game into disrepute.

At the weekend Ipswich Vs Everton was delayed 15 minutes due to an issue affecting the internet and meant fans were not able to get into the turnstile properly, although it is believed this wasn’t due to a cyber attack or breach, it demonstrates the importance of protecting your digital security.

By reinforcing digital security, clubs can better navigate the complexities of modern football and minimise risks.

Listen to Neil’s full BBC piece

Work vs Home vs Home Working – Cybersecurity Doesn’t Differentiate

There is no denying that working from home comes with a multitude of advantages: you save on commute costs, can have more control over your daily schedule, and can often be less formal – how many of us have taken a call from the comfort of our couch? There is no denying that the rise of remote and hybrid working has caused the boundaries between home and work to blur, and while this comes with a number of benefits, it can also pose significant challenges for cybersecurity: after all, the plethora of potential threats cannot distinguish whether you are in the comfort of your home, or in a secure office.

Whether employees are in the office, at home, or moving between both, the risk of cyberattacks remains high, and so the importance of maintaining robust cybersecurity measures across all environments is paramount—especially as the statistics show a significant rise in cyber incidents.

Cybersecurity In The Office Versus At Home

In traditional terms, the classic office seems, and has often been considered, a far more secure space in comparison to working from home: your office will have the money to invest in robust firewalls and cybersecurity protocols, including impenetrable networks and strict procedures. By contrast, employees working from home are often working from personal devices, and are unlikely to have industry-level protection to help prevent cyber attacks. This disparity increases the risk of cyberattacks significantly when working from home.

A study found that 26% of medium-sized businesses and 37% of large businesses experienced cybercrime in 2023, often while employees were working remotely. In addition, just over half – 53% – of cyber breaches in the UK were found to be malicious in nature. The financial costs can be substantial – on average, a data breach in the UK cost £3.9 million in 2021, rising to £4.67 million in 2022, and this number continues to rise.

In many cases, these breaches can occur when cybercriminals exploit weaker security at home, which can have a ripple effect, compromising entire corporate networks.

The Role of Phishing and Ransomware in Home Working Attacks

Phishing remains one of the most commonly favoured methods used by cybercriminals when it comes to breaches and obtaining information – and this can occur whether working at home, or in the office. Approximately 6.4% of UK internet users reported trying to open phishing links in 2021, and the threat has evolved in recent years, especially with the rise of sophisticated ransomware attacks.

Ransomware, in particular, has become a significant concern for businesses, and remote workers are especially vulnerable due to elements such as weak passwords, insecure Wi-Fi connections, and personal devices. Phishing emails with malicious attachments or links can quickly lead to ransomware infections, locking employees out of critical systems until a ransom is paid.  As remote work continues to be part of modern working life, addressing these security gaps becomes increasingly crucial.

The Risks of Home Wi-Fi and Personal Devices

The home environment presents a number of cybersecurity challenges, and the two main issues to be aware of are unsecured Wi-Fi networks and the use of personal devices for work.  Unlike corporate networks, which are protected by firewalls and IT monitoring, many home routers are left with default passwords or outdated firmware, making them an easy target for hackers​. In some cases, businesses will work hard to invest in robust cybersecurity measures, but a weak home network can undo all of this hard work.

The use of personal devices such as laptops, phones, or home printers can increase risk, as these devices will usually lack robust encryption, and tend not to be equipped with the same strict cybersecurity measures as corporate hardware. This opens up further vulnerabilities, where malware or ransomware can be introduced into corporate networks through unprotected personal devices.

The Human Element

One of the most common causes of cyber breaches is human error. Employees are often unaware of the risks associated with clicking on phishing links or using weak passwords. In fact, weak or reused passwords were responsible for a significant portion of remote work-related breaches​. In addition, the UK government found that while 32% of businesses experienced some form of cyberattack in 2023, a lack of cybersecurity awareness among employees was a recurring factor.

Training employees to recognise phishing attempts, secure their home networks, and use strong, unique passwords is essential. Employers must bridge the gap between corporate IT teams and the wider workforce by enforcing regular cybersecurity training and ensuring that workers follow the same security protocols at home as they do in the office​.

What Can Companies Do?

Companies need to adopt a multi-layered approach to cybersecurity, one that does not rely solely on corporate infrastructure but extends to employees’ home offices. There are a number of steps that businesses can take, and these include:

Encryption

All data that could be deemed sensitive must be encrypted – and this is particularly important when considering file sharing, which is essential for home workers, and a potential weak spot for cybercriminals.

Virtual Private Networks (VPNs)

Virtual Private Networks (VPNs) are a key source of protection, and should be mandatory for all employees accessing their companies systems remotely. This can help to add an additional layer of security when workers are using their weaker, less protected home networks.

Multi Factor Authentication (MFA)

Multi Factor Authentication (MFA) can help to reduce the risk of compromised credentials, businesses, and has proven highly effective in mitigating the risks posed by weak or stolen passwords​.

Regular Updates

It is important to ensure that both business and personal devices are updated with the latest software and security patches – outdated software is one of the most common entry points for would-be attackers.

Incident Response Plan

It is imperative that business have a strong formal incident response plan to refer to in the event of an incident. Despite the potential risks of not having a plan in place, research shows that just 21% of all businesses have an adequate incident response plan to rely on. It is also important that these plans have steps in place to cover and consider remote workers, and ensure that your remote and hybrid team members know how to respond to an attack quickly and effectively.

A Universal Threat

Whether you are working at home or in the office, cyber threats are universal. Cybersecurity does not differentiate based on location, and neither should businesses. The blending of work and home environments makes it crucial for organisations to adopt a holistic approach to cybersecurity, covering all potential points of entry.

Businesses must be proactive, investing in both technology and employee education to ensure that remote work does not become the Achilles heel of their security strategy. Given the cost of breaches and the prevalence of cybercrime, the question is not whether to invest in cybersecurity—but how much to invest.

By treating home offices with the same level of security scrutiny as corporate offices, businesses can mitigate the risks posed by remote working and ensure the safety of their data and networks in an increasingly hybrid world.

Deepfakes and AI: What Now?

Over the past two decades, digital technology such as smartphones, computers and the internet have advanced at an unprecedented rate, with about 50% of the global population now using these tools to improve their lives in numerous ways. This surge has brought significant benefits, including enhanced connectivity, improved trade access, and greater financial inclusion. AI has been a key driver in this development, boosting business efficiency and growth.

However, as AI becomes more accessible, it also introduces new threats. AI-driven deepfakes have evolved from a fun novelty and the chance to swap your face with the Mona Lisa, to potentially serious security risks. Initially used for entertainment, deepfakes now have the potential to be exploited for malicious purposes, such as spreading misinformation, committing fraud, and undermining trust in digital content.

What Are Deepfakes?

Deepfakes are created using machine learning algorithms, particularly a type of AI called Generative Adversarial Networks (GANs). GANs work by training two AI systems against each other—one creates fake content, and the other tries to detect it. Over time, the system learns to produce content that is nearly impossible to distinguish from real footage or audio.

While the technology has legitimate uses, such as in film production or video game design, its misuse has become a growing concern. Deepfakes can be used to:

  • Create false information or spread disinformation, such as videos of public figures saying things they never said, fuelling political or social unrest. Donald Trump has been a key target of this kind of attack, and research shows that he is one of the most deepfaked figures ahead of his bid for the Presidency in the 2024 election.
  • Impersonate individuals in scams, where a deepfake voice or video is used to trick businesses or individuals into handing over money or sensitive information. A major example of this kind of attack occurred early in 2024, when Mark Read, CEO of the world’s largest advertising group WPP, fell victim to a scam involving AI voice clones. The sting – which was ultimately unsuccessful – was intended to solicit money from an unnamed agency leader, and saw cybercriminals take a public image of Read, and use this to set up fake WhatsApp and Teams accounts. In meetings, the tricksters used a voice clone of Read, as well as YouTube footage to boost credibility.
  • Commit identity fraud by replicating a person’s appearance or voice to gain access to their personal accounts or systems. This could include stealing a sample of an individual’s voice to pass verification, or using AI to duplicate an individual to bypass biometric security.

The Impact of Deepfakes on Trust

One of the most dangerous aspects of deepfakes is their potential to erode trust. In a world where seeing is no longer believed, people may become sceptical of all digital content, making it harder to discern truth from falsehood. This has far-reaching implications, from damaging personal reputations to undermining public trust in institutions, media, and government.

Businesses are particularly vulnerable to deep fake threats. A deep fake video of a CEO or executive could cause irreparable harm to a company’s reputation or be used to manipulate stock prices. In addition, deepfake voices have been used in Business Email Compromise (BEC) attacks, where fraudsters use AI-generated audio to trick employees into authorising financial transactions.

The Role of AI in Cybercrime

Deepfakes are just one part of the broader picture of the use of AI in cybercrime. Attackers are now using AI to automate phishing campaigns, improve malware, and even hack into systems more efficiently. As AI becomes more sophisticated, so do the methods criminals use to exploit it.

  • AI-enhanced phishing: AI can generate highly personalised phishing emails that are tailored to specific targets, increasing the likelihood of success.
  • AI-driven malware: Hackers are using AI to develop malware that can learn and adapt to the defences of the systems it is attacking, making it harder to detect and remove.
  • Automated cyberattacks: AI can carry out attacks at a much faster rate than human hackers, automating tasks like scanning for vulnerabilities or launching Distributed Denial of Service (DDoS) attacks.

How Can You Protect Yourself and Your Business

With AI and deepfakes becoming more prevalent, individuals and businesses need to take proactive steps to protect themselves. Here are some key measures that can help:

1. Education and Awareness

The first line of defence against AI-driven threats is education. Understanding what deepfakes are, how they work, and what risks they pose is crucial. Businesses should provide employees with training on how to recognise phishing attempts, suspicious communications, and potentially fake media content.

Public awareness campaigns can also help individuals spot deepfakes in their personal lives, especially as these technologies become more widespread in social media, news, and everyday interactions.

2. Invest in Cybersecurity Solutions

Businesses must invest in robust cybersecurity solutions to detect and mitigate AI-based threats. This includes:

  • AI-driven detection tools: Just as AI is used by criminals, it can also be employed by businesses to defend against attacks. Machine learning algorithms can detect patterns that indicate phishing emails, malware, or deep fakes before they cause harm.
  • Deepfake detection software: There are several emerging tools that can detect manipulated content, including deepfake videos. These tools analyse the metadata, inconsistencies in lighting, and other technical aspects of videos to identify whether they have been altered.
  • Secure communication protocols: Implement secure, verified methods of communication within your organisation. This might include multi-factor authentication (MFA) for important transactions or the use of encrypted messaging platforms.

3. Verifying Information

With the rise of deepfakes, verifying the authenticity of information is more important than ever. Encourage employees and individuals to double-check the sources of any video, audio, or image content before acting on it. This can be as simple as verifying the origin of a message or using fact-checking websites to confirm the legitimacy of online information.

4. Legal and Regulatory Measures

Governments and regulators are beginning to take action against the misuse of AI, including deepfakes. New laws are emerging to hold those who create and distribute harmful deep fakes accountable, but regulation is still catching up to the rapid pace of technological advancement.

2023 saw the development of the UK government’s AI Regulation White Paper, and the decision was that it was important to maintain adaptability to keep pace with advances in AI technology. This was changed in 2024, however, when the King’s Speech, which proposed a set of binding measures on AI, and, in particular, an aim to establish “appropriate legislation to place requirements on those working to develop the most powerful [AI] models.” July 26th 2024 saw the commission of an AI Action Plan from the Department of Science, Innovation and Technology, which is designed to evaluate the infrastructure needs of the UK, attract top AI talent, and adopt and promote AI across both the public and private sectors. The results are due in Q4, and the recommendations from groups such as academics, civil society and businesses will be implemented by an ‘AI Opportunities Unit.’

Businesses can stay ahead by following industry best practices and adhering to any new regulations regarding AI and cybersecurity. Participating in industry groups and staying informed about emerging legal frameworks will also help companies navigate the evolving landscape.

The Future of AI and Deepfakes

AI and deepfake technologies are not going anywhere, and as they evolve, so too will the threats they pose. However, with the right defences in place, businesses and individuals can protect themselves from falling victim to these advanced cybercrimes.

The use of AI in the UK also looks set to increase, thanks to an Action Plan commissioned by UK Science Secretary Peter Kyle. The focus of the Plan is to explore ways in which AI can drive economic growth and improve public services, by accelerating AI adoption across the economy, boosting productivity and supporting the development of new AI talent and infrastructure. Any recommendations are set to be implemented by the new AI Opportunities Unit within the Department for Science, Innovation and Technology, and there is a suggestion from the IMF that the use of AI could boost productivity in the UK by up to 1.5% per year.

The future will likely see AI playing a dual role—both as a tool for innovation and efficiency, and as a battleground for cybersecurity. To stay ahead of the curve, investing in AI-driven cybersecurity solutions and fostering a culture of awareness and vigilance will be key to navigating the challenges ahead.

Final Thoughts

In conclusion, while the rise of AI and deepfake technology presents new risks, it also offers the potential for businesses to use AI as part of their defence strategy. By understanding the current threats and staying informed on how to combat them, we can mitigate the risks and continue to benefit from the many positive aspects of AI.

Here at Bob’s Business, we understand how crucial it is to keep your business safe and protected, and we offer a range of tailored solutions to help educate and inform both employees and employers. Our variety of courses are relevant, engaging, and up-to-date, allowing you to invest in a cybersecurity solution that will benefit your business for years to come.

Phishing Evolution in Recent Years

Phishing is one of the most common types of cybercrime, with around 3.4 billion phishing emails being sent every day. For many businesses, being targeted by this type of cybercrime is merely a matter of when, rather than if, and if the thieves are successful, the consequences can be devastating for your business.

In the early days, phishing attacks were relatively simple. Attackers would send out generic emails with malicious links or attachments, trying to fool unsuspecting users into revealing sensitive information, such as login credentials or credit card numbers. These early phishing attempts were often easy to spot due to poor grammar, unusual email addresses, and suspicious content.

However, as technology and security awareness has improved, so too have the sophistication and variety of phishing attacks. Modern phishing campaigns are often highly targeted, making them harder to detect and more dangerous to both individuals and businesses. Let’s take a look at some of the key developments in phishing over the past few years.

Spear Phishing

Spear phishing is one of the most dangerous forms of phishing because it targets specific individuals or organisations. Unlike traditional phishing, which casts a wide net, spear phishing involves attackers researching their targets to create personalised emails that appear more legitimate.

For example, a hacker might pose as a trusted colleague, supplier, or even an executive within the company. The email might reference internal projects or recent communications to make it appear genuine, tricking the recipient into clicking a link or downloading an attachment that compromises the organisation’s security. These highly tailored attacks are often used to steal sensitive data or initiate fraudulent transactions.

Smishing and Vishing: Phishing via Phone and Text

As businesses and individuals become more adept at spotting phishing emails, attackers have diversified their tactics, branching into smishing (SMS phishing) and vishing (voice phishing). These methods leverage the trust people tend to place in mobile communications.

  • Smishing involves sending malicious links or fake alerts via text messages. These might appear to come from a bank, delivery service, or even a government agency, urging the recipient to take immediate action, such as confirming account details or tracking a package. Given that many people have their phones with them at all times, smishing can be highly effective.
  • Vishing, on the other hand, uses phone calls. Attackers often pretend to be tech support, government officials, or financial institutions, convincing victims to hand over sensitive information, such as passwords or credit card numbers, over the phone.

Both of these methods exploit the urgency and personal nature of phone communication, making them difficult for untrained employees to recognise as fraudulent.

Checkout our ‘Phishing Fears‘ course to learn more.

Business Email Compromise (BEC)

One of the most financially damaging forms of phishing is Business Email Compromise (BEC). In BEC attacks, criminals impersonate senior executives or trusted partners, sending urgent emails requesting payments, fund transfers, or confidential information. These attacks have become increasingly common, with companies of all sizes falling victim.

A typical BEC scam might involve a fraudulent email appearing to be from the CEO, asking the finance department to quickly wire money to a specific account for a business deal. The scam succeeds because it often leverages the trust within a company and exploits the speed at which businesses operate.

Clone Phishing

Another increasingly popular phishing tactic is clone phishing, where attackers create an almost identical copy of a legitimate email that the victim has previously received. The cloned email might appear to be from a trusted source, such as a colleague or vendor, and typically contains a modified version of the original attachment or link. By subtly changing the content, the attacker tricks the victim into clicking a malicious link that looks legitimate.

Clone phishing is particularly dangerous because the victim may have interacted with the original email, making them less suspicious of the clone.

How to Protect Your Business from Phishing

With phishing attacks evolving and becoming more sophisticated, it’s crucial for businesses to take proactive steps to protect themselves. Here are some key measures:

  • Cybersecurity Training for Employees

Phishing attacks often rely on human error. Training employees to recognise phishing attempts, whether by email, phone, or text, is one of the most effective defences. Cybersecurity awareness programmes, such as those offered by Bob’s Business, can equip staff with the knowledge they need to spot and report suspicious activity before it becomes a problem. Simulated phishing training helps your staff identify phishing emails and know how to deal with phishing threats when they come in, with courses that can be tailored to your company’s specific weaknesses and needs.

  • Multi-Factor Authentication (MFA)

Enabling MFA adds an extra layer of security to your business accounts. Even if a hacker obtains a username and password, they won’t be able to access the account without the second form of verification.

  • Regular Software Updates

Ensure that your systems and software are always up to date. Patches and updates often contain fixes for security vulnerabilities that attackers could exploit.

  • Email Filtering and Anti-Phishing Tools

Implement robust email filtering solutions to help prevent phishing emails from reaching your inbox in the first place. Many of these systems use machine learning to identify suspicious content based on known phishing techniques.

  • Simulated Phishing Attacks

Simulating phishing attacks within your organisation can help employees learn to spot phishing attempts in a low-risk environment. By exposing them to real-world scenarios, you can measure their responses and identify areas for improvement in your security protocols.

  • Secure Communication Protocols

Encourage employees to verify requests for sensitive information or payments, especially if the request seems urgent or unusual. A quick phone call or in-person conversation can prevent a costly mistake.

The Future of Phishing and Cybersecurity

As technology evolves, phishing techniques will also continue to evolve. Businesses need to stay ahead of the curve by investing in comprehensive cybersecurity solutions and ensuring their teams are well-trained to spot and respond to phishing threats. Cybercriminals are always looking for new ways to exploit vulnerabilities, but with the right training and tools, businesses can stay protected.

At Bob’s Business, we offer cutting-edge cybersecurity training designed to keep your employees one step ahead of the hackers. Don’t wait for your business to become a statistic—contact us today to find out how we can help safeguard your organisation from phishing attacks.

Don’t fall foul of Cybersecurity in Football & Sports

In an age where technology drives nearly every aspect of our lives, the world of sports is no exception. Football clubs and sports organisations are increasingly reliant on digital platforms for everything from ticket sales to player analytics. While this digital transformation offers many advantages, it also exposes the industry to significant cybersecurity risks.

Last week, the English Football League (EFL) warned football clubs following a series of cyberattacks. Since then, both Bristol City and Sheffield Wednesday have suffered breaches in recent weeks and more clubs are now looking to tighten their defences. 

Football and sports as a whole represents a massive industry, with the global sector projected to generate over $700 billion by 2026. This staggering figure highlights the critical importance for football clubs, sports teams, and associations to protect their data effectively. Safeguarding sensitive information is not just a necessity—it’s vital for the sustainability and the success of the industry.

Protecting Sensitive Data in Football

Football clubs handle massive amounts of sensitive data, including player contracts, health records, and fan information. A data breach can lead to severe financial losses, legal issues, and reputational damage. Cybercriminals are constantly searching for vulnerabilities in sports organisations. By implementing strong cybersecurity protocols, clubs can protect their sensitive data and maintain trust with players and fans alike.

Ensuring Fair Play in Sports

Integrity is crucial in competitive sports. Cyberattacks can threaten the fairness of games by manipulating performance analytics or altering betting odds. Ensuring robust cybersecurity protects not only the teams but also the spirit of the game. By investing in cybersecurity, sports organisations can maintain the integrity of competitions, which is essential for preserving the sport’s reputation.

Enhancing Fan Experience Through Secure Platforms

As fan engagement grows through apps and online platforms, ensuring a secure digital environment is paramount. Cyber breaches can compromise fan accounts, leading to identity theft and personal information loss. By prioritising cybersecurity, sports organisations can create a safe space for fans to connect and engage, ultimately enhancing their overall experience.

Staying Ahead of Evolving Cyber Threats

Cyber threats are continuously evolving, making vigilance essential for sports organisations. Regular staff training, updated security protocols, and investment in advanced technologies are crucial steps in mitigating risks. Fostering a culture of cybersecurity awareness empowers employees to recognise and respond to potential threats, further safeguarding the organisation.

Football, Sports and Cybersecurity incidents: 

We’re seeing some clear trends when it comes to fraud and the serious financial and operational impacts that cyberattacks have on sports organisations. It’s becoming increasingly clear that data protection is vital in this industry. Mishandling personal and sensitive information can lead to hefty legal fees and regulatory fines, which is a huge concern.

There’s also a strong need for good security practices at both the player and individual levels, especially when it comes to keeping online social media accounts safe. High-profile athletes, who often have a big digital footprint, really need extra protections to stay secure.

And let’s not forget about the fans! Sports organisations have a big responsibility to protect them. This means ensuring secure online payment systems for tickets and merchandise, as well as addressing safety and privacy with tech like smart turnstiles and CCTV at venues. It’s all about building trust and creating a safer, more enjoyable experience for everyone involved.

The Future of Cybersecurity in Football and Sports

As football and sports embrace digital innovations, prioritising cybersecurity is not just a necessity—it’s a commitment to the future of the sport. Protecting sensitive data, ensuring fair play, enhancing fan experiences, and staying ahead of evolving threats are critical for organisations looking to thrive in today’s digital landscape. By investing in cybersecurity, sports teams can safeguard their legacy and maintain the trust of fans, players and stakeholders.

Free Cybersecurity Awareness Month 2024 pack

October is Cybersecurity Awareness Month, and we’re thrilled to announce the release of our new 2024 Free Cybersecurity Awareness Month Pack! 🎉

This pack will equip you and your team with resources to enhance your cybersecurity awareness throughout October and beyond. Here’s what you’ll find in the pack:

  • 4-minute video: An easy way to set the scene for the month with this video showcasing the importance of cyber security
  • Cybersecurity Awareness Quick Wins Checklist: A handy guide to quickly bolster your cybersecurity defences with actionable tips and best practices.
  • Cybersecurity Awareness Month Desktop Wallpaper: Keep the importance of cybersecurity at the forefront of your mind with a stylish desktop wallpaper.
  • Email Footer Promoting Good Cyber Health: Easily add an email footer to your communications, spreading awareness about cybersecurity best practices.
  • Jargon-Busting A-Z : Decode all the buzzwords with this handy A-Z that can be shared with your staff.
  • Suggested Quiz: to bring a fun element to the month.
  • 4x Posters showcasing cyber issues: print yourself posters to provide talking points around the office.
  • 4x Email Templates: Effortlessly communicate the importance of cybersecurity to your team with our pre-designed email templates, discussing common social engineering techniques.
  • 4x Guides on Passwords, Onboarding, Phishing, and Remarkable Realities: Dive deep into crucial aspects of cybersecurity with our comprehensive yet approachable guides.

Ready to get started? Interact with the bot below to gain instant access now! 👇

Why Is Cybersecurity Awareness Month Needed?

Cybersecurity Awareness Month is fast approaching, bringing with it a series of essential educational events, growth opportunities, and industry gatherings. In today’s hyperconnected world cybersecurity has become critical to maintaining the safety and integrity of our data. 

Despite this, an alarming number of individuals and businesses remain unaware of basic cybersecurity practices, leaving them vulnerable to cyberattacks. 

Download our FREE Cybersecurity Awareness Month pack here .

The True Cost of Cyber Threats to Business

Cybercrime is one of the most expensive challenges businesses face today, with the cost of global damages projected to reach $6.4 trillion between 2024 and 2029, an increase of 69.41%.

High-profile cyberattacks on companies like Colonial Pipeline in the U.S. and British Airways in the UK underscore the massive financial risks. More recently, Ticketmaster experienced a significant data breach in July 2024, where the personal details of 560 million customers were leaked after hackers gained access by stealing login details from Snowflake, Ticketmaster’s cloud storage provider. Similarly, American Express fell victim to a cyberattack in March 2024, showcasing the widespread vulnerability of even the most well-established companies.

In the UK, the costs of cyberattacks are rising sharply. The UK Government’s Cyber Security Breaches Survey 2023 reported that 32% of UK businesses were targeted by cyberattacks in the previous 12 months. This number rose to 59% for medium sized businesses, and an eye watering 69% for large businesses. The cost for large corporations can easily escalate into millions, as seen in the £20 million fine imposed on British Airways in 2020 following their data breach.

The Rise in Cyber Threats

As technology evolves, naturally so do the threats. The number of cyberattacks has skyrocketed in recent years. In the UK alone, the National Cyber Security Centre (NCSC) handled almost 300 cyber incidents between 2022 and 2023, 28 of which were considered “NCSC-managed incidents”, and 18 of which were categorised as C3 and above.  Globally, there were around 623.3 million ransomware attacks across 2021, with ransomware accounting for around a fifth of cyber crimes in 2022.

Sectors like healthcare and finance have been particularly affected, with a recent attack said to have cost the NHS 4913 in acute outpatient appointments, with 1391 operations postponed. According to the stats, the average cost of a data breach anywhere in the healthcare industry can reach $9.77 million, causing serious long-term financial repercussions.

The Importance of Promoting Best Practices

Many of the most damaging cyber incidents stem from avoidable human errors, such as weak passwords, phishing scams, and failure to apply software updates. According to Verizon’s 2023 Data Breach Investigations Report, 74% of breaches involved a human element. In the UK, phishing remains the most common form of cybercrime, with 79% of UK businesses reporting incidents in the last year.

The Ticketmaster and American Express breaches serve as reminders of the importance of secure password management and strong access controls. Simple measures can significantly reduce the risk of data breaches for individuals and businesses alike, like using strong, unique passwords, enabling multi-factor authentication, and remaining vigilant against phishing attacks.

Closing the Knowledge Gap

One of the major challenges in cybersecurity is the widespread knowledge gap between IT professionals and the general public. A recent survey released by Proofpoint Inc showed that around a third of CISO (Chief Information Security Officers) feel unprepared to cope with a targeted cyber attack. 

With human error the most significant vulnerability to cybersecurity, understanding and education are more important than ever before. 

The Ticketmaster breach was, in part, a result of insufficient understanding of cloud security protocols, which highlights how critical it is for businesses to understand cybersecurity protocols. Cybersecurity Awareness Month aims to educate and empower people across all levels with accessible, up-to-date cybersecurity knowledge to reduce these vulnerabilities.

Adapting to the Changing Digital Landscape

As businesses increasingly rely on new technologies such as cloud computing, artificial intelligence, and the Internet of Things (IoT), they introduce new vulnerabilities. In 2024, the Ticketmaster breach underscored the potential risks of cloud storage if not properly secured. Similarly, the American Express cyberattack demonstrated that even financial institutions with robust defences can be susceptible to emerging threats.

Cybersecurity Awareness Month serves as a reminder of the need to stay informed about these changes. Whether it’s understanding the security risks of IoT devices or learning about new data privacy regulations like GDPR, businesses must adapt to the evolving digital landscape to stay secure.

Empowering Individuals to Act

At its core, Cybersecurity Awareness Month is about empowerment. It provides individuals with the knowledge and tools they need to protect themselves in an increasingly digital world. The campaign demystifies cybersecurity, making it more approachable for people from all backgrounds and skill levels. 

In the UK, initiatives led by the NCSC, such as the “Cyber Aware” campaign, complement Cybersecurity Awareness Month by offering practical advice and resources for businesses and the public.

By raising awareness, you can help individuals and businesses take proactive steps to reduce their risk and build a more resilient digital future: when it comes to cybersecurity, knowledge really is power.

Final Thoughts

Cybersecurity Awareness Month provides a platform for raising public and organisational awareness of these growing threats. By promoting a proactive approach, businesses can implement protective measures like incident response plans, stronger firewalls, and employee training programs to mitigate risk.

With cyber threats increasingly targeting both the U.S. and the UK—exemplified by the Ticketmaster and American Express breaches—this October is an opportunity for individuals and businesses alike to commit to learning, sharing, and adopting good cybersecurity habits that will benefit everyone throughout the year.

Don’t forget to download our FREE Cybersecurity Awareness Month pack.

When Giants Fall: Cyberattacks on the NHS and TfL Highlight Growing Threats

The importance of cybersecurity cannot be overstated; it’s an issue which impacts businesses of all shapes and sizes, and which can have devastating effects in terms of finances and reputation. While cyberattacks on small businesses and individuals often make headlines, some of the biggest organisations in the UK have also fallen victim to these dangerous threats, including two of the UK’s largest public sector organisations—Transport for London (TfL) and the National Health Service (NHS). We discuss what they’ve done to respond, and what this means for the future.

The Growing Threat of Cybersecurity Breaches

Cybersecurity is a critical issue across the globe, and the UK is no exception. With the increasing digitisation of services, organisations are handling more data than ever, making them prime targets for cybercriminals. According to recent reports, cyberattacks have surged across all sectors in the UK, with government institutions and healthcare organisations among the hardest hit.

The types of attacks faced by large organisations are often more sophisticated and damaging. Common threats include ransomware, phishing schemes, and DDoS (Distributed Denial of Service) attacks, all of which can disrupt operations and compromise sensitive data. Public sector organisations like TfL and the NHS are particularly vulnerable due to the essential services they provide and the sensitive information they hold.

Transport for London

Transport for London (TfL) recently made headlines for all the wrong reasons when they found themselves facing a cyberattack, and enlisted the help of the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC). Although TfL initially assured the public that no customer data had been compromised, it later appeared that a small number may have been affected. Services were largely unaffected, however concerns about the breach’s severity remained, resulting in TfL restricting access to its systems, and advising staff to work remotely. 

Cybersecurity experts, such as Adam Pilton from CyberSmart, suggested that continued changes to TfL’s internal systems indicated the attacker might still have had access to the network. Speculation surrounded potential perpetrators, with some pointing to previous attacks by Russian-linked groups, such as the Clop ransomware gang, which had targeted TfL the previous year, stealing personal data from around 13,000 individuals.

The National Crime Agency have since said a 17-year-old boy has been arrested in connection with the incident.

This cyberattack serves as a stark reminder of the critical importance of cybersecurity training. TfL’s swift response was commendable, but it highlights the need for organisations to equip their staff with the necessary knowledge and protocols to defend against evolving threats. With cyberattacks becoming increasingly sophisticated, businesses must invest in proactive cybersecurity measures to safeguard both their systems and customer data.

NHS

2024 also saw the NHS hit with yet another cyber attack, this time involving Synovis, a major pathology services provider in partnership with Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital. The breach impacted both internal operations and patient services, leading to some activities being cancelled or redirected as Synnovis prioritised urgent care, and the impact was felt across a wide range of London boroughs, with areas such as Bexley, Southwark, and Lambeth all reporting an impact on local GP practices, and general NHS services. 

Although an investigation involving the NHS, the National Cyber Security Centre, and law enforcement is ongoing, the attackers reportedly released data they claimed to have stolen from Synnovis, and the incident highlighted the vulnerability of healthcare infrastructure to cyber threats, stressing the importance of robust cybersecurity measures to protect sensitive medical data​ for a crucial sector in society. 

The Bottom Line

As these attacks illustrate, cybersecurity is a concern that affects us all. It’s crucial for everyone within an organisation to be vigilant and proactive in maintaining safety and security across every aspect of their business. Regardless of the size of your budget or the sophistication of your security system, these incidents highlight that anyone can fall victim to a cyber attack—and the threat continues to grow.

To stay ahead of these evolving risks, investing in top-notch cybersecurity training is essential.

Bobs Business offers reliable, trustworthy, and engaging cybersecurity training that equips you and your team with the knowledge to think critically before you click and to safeguard your business effectively. Don’t wait for an attack to highlight gaps in your security. 

Contact Bob’s Business today to ensure your organisation remains secure for many years to come.

RegreSSHion: All You Need To Know

The world of cybersecurity is ever changing and evolving – and this also applies to the bugs and glitches that can cause devastation to your system if they slip through the cracks. One of the latest talking points on the topic is RegreSSHion, a family of security bugs with the potential to cause vulnerability and chaos for systems across the world. But just what is RegreSSHion, and how could it impact your business? We took a closer look.

What Is RegreSSHion?

Put simply, RegreSSHion refers to a series of security vulnerabilities identified within the OpenSSH software, hence the clever name. OpenSSH, short for Open Secure Shell, is a widely-used tool for secure communication over networks, enabling encrypted connections between client and server. It’s integral to numerous systems, making any vulnerabilities within it a major concern for cybersecurity.

The Risks

These bugs provide cybercriminals with the opportunity to remotely execute code on a target machine. Remote code execution (RCE) is one of the most severe forms of security vulnerabilities. It allows an attacker to run arbitrary code on a remote machine over a network. With RCE, attackers can potentially gain control over the affected system. This type of vulnerability can have devastating consequences, as it effectively provides the attacker with the ability to manipulate the system as if they were physically sitting in front of it.

Moreover, through these vulnerabilities, attackers can escalate their privileges to gain root access to the affected machine. Root access is the highest level of system permission, providing complete control over the system. When a cybercriminal gains root access, they can alter system configurations, access and manipulate all files, install and run malicious software, and erase any traces of their activity. This level of access poses a significant risk, as it can lead to complete system compromise and data theft, making it a critical concern for anyone using OpenSSH software.

Once attackers have gained such access, they are in a position to inflict extensive damage or conduct malicious activities. These activities can include data theft, system espionage, deploying ransomware, or using the compromised machine as a launchpad for further attacks on other systems or networks.

Long Term Risks For Businesses

RegreSSHion can have serious short-term consequences – but the long term repercussions can also be devastating for businesses. Some of the most significant long-term issues may include: 

Data Breaches and Loss of Sensitive Information

The RegreSSHion can lead to unauthorised access and control over systems, which significantly increases the risk of data breaches. Cybercriminals can exploit these vulnerabilities to steal sensitive information such as customer data, intellectual property, financial records, and more. The long-term impact of a data breach can be devastating for a business, resulting in the loss of customer trust, legal repercussions, and costly data recovery efforts.

Damage to Reputation and Brand Trust

As noted, a security incident linked to the RegreSSHion bug can severely damage a business’s reputation. Customers and partners expect their data to be secure, and any failure to protect it can result in a loss of confidence in the company. Rebuilding trust and restoring a damaged brand image can be a long and challenging process, potentially leading to a loss of market share and revenue.

Financial Losses from Downtime and Recovery

Finding yourself the victim of the RegreSSHion can lead to system disruptions, downtime, and the need for extensive recovery efforts. These incidents can halt business operations, leading to a significant loss of revenue. In addition, the costs associated with incident response, system repairs, legal fees, and potential fines for non-compliance can be substantial, impacting the financial stability of your business in the long term.

Intellectual Property Theft and Competitive Disadvantage

If attackers gain access to a company’s intellectual property, including trade secrets, research and development data, and proprietary technology, it can lead to a significant competitive disadvantage. Competitors or malicious actors could use this stolen information to develop similar products, undercut pricing, or enter the market with a competitive edge. Protecting intellectual property is crucial for maintaining a business’s market position and long-term viability.

How To Protect Your Business

As you can see, this is a bug that can have devastating consequences for businesses of all shapes and sizes, putting a serious dent in your finances, causing headaches over lost intellectual property, and damaging relationships with customers and suppliers. Fortunately, there are a few steps your business can take to help create a strong layer of protection, reducing the risk of your systems being targeted and infected.

Conduct Regular Software Updates and Patch Management

One of the most effective ways to protect your systems from vulnerabilities like RegreSSHion is to keep all software, including OpenSSH, up-to-date with the latest security patches. Regularly updating your systems ensures that you have the latest security features and fixes that address known vulnerabilities. Implement a robust patch management strategy to streamline this process and reduce the risk of exposure to security threats.

Implement Strong Access Controls

Ensure that your systems are configured with strong access controls. This includes using complex passwords, enabling multi-factor authentication (MFA), and limiting user privileges to the minimum necessary for their roles. By restricting access to sensitive systems and data, you can minimise the potential damage if a breach occurs.

Monitor and Audit System Activity

Regularly monitoring and auditing system activity can help you detect unusual behaviour that may indicate a security breach. Implementing tools and processes for real-time monitoring of system logs, network traffic, and user activities can provide early warning signs of potential threats and allow you to respond quickly, avoiding the worst of the damage.

Maintain a Comprehensive Incident Response Plan

Having a well-defined incident response plan is crucial for effectively managing and mitigating the impact of security incidents. Your plan should outline the steps to be taken in the event of a breach, including communication protocols, roles and responsibilities, and recovery procedures. Regularly review and update your plan to ensure it remains effective, and make sure that it is accessible to those who need it.

Invest in Cybersecurity Education and Awareness

Educating your employees about cybersecurity best practices is one of the most effective ways to prevent security breaches. Ensure that your team is aware of the latest threats, such as the RegreSSHion, and understands how to recognise and respond to potential security risks. By fostering a culture of security awareness, you can empower your employees to act as the first line of defence against cyber threats.

Final Thoughts

RegreSSHion is a potentially devastating threat – but the good news is that you don’t have to be a victim. By implementing checks and tests, keeping access secure, and boosting your knowledge and understanding, you can ensure that you and your team are in the best possible position to protect yourself from RegreSSHion – as well as any other unwanted visitors who may try to infiltrate your system.

Business Continuity and Cybersecurity: Beyond the initial Crowdstrike disruption, what can we learn?

Friday 19th July started as a normal day for many businesses. The weather forecast was improving, and workers across the world were looking forward to a weekend of relaxation, socialising, and time to unwind. 

In truth, however, the end of the week was set to run anything but smoothly: just a few hours into Friday morning, airports, doctors, banks, businesses and stock exchanges around the world were in chaos. News reports showed queues of stranded passengers waiting for flights around the globe, businesses were struck dumb, unable to carry out simple processes, and millions of people found themselves at the mercy of a software update that was, ironically, designed to protect against hackers and minimise IT disruption. 

But just what happened in the Crowdstrike meltdown, and how can you protect your business if a similar event occurs in the future?

Who Are Crowdstrike?

To really understand the issue at hand, we first need to understand the name behind the headlines. CrowdStrike Holdings Inc is one of the largest providers of cybersecurity software in the world, focused on endpoint security, threat intelligence, and cyber attack response services.

The Flawed Update

The guilty part in question in this case was a tiny, seemingly harmless file, which was large enough to hold just a single web page image. In an example of size not being truly indicative of power, the file, ‘C-00000291*.sys,” was a small part of a larger update for the Falcon sensor product created by CrowdStrike. Once set into motion, the file created a critical error in the Microsoft Windows operating system, making affected devices unusable, and triggering the blue screen of death which is such a dreaded sight for Windows users.

The Impact on Businesses

The initial impact on businesses was immediately apparent: systems across the world were accosted by the dreaded blue screen of death, and nothing could be done to clear the error. Financial consequences and a lack of productivity were the clearest casualties, but cybercriminals had already discovered a way to potentially make things a lot worse for desperate businesses.

Within hours of the CrowdStrike incident going public a host of new domains appeared, each bearing the name ‘CrowdStrike,’ and offering resolutions and support to those impacted by the chaos. Taking full advantage of the catastrophe, unscrupulous cybercriminals grabbed domains such as ‘crowdstriketoken[.]com,’ and ‘crowdstrikefix[.]com’, reaching out to organisations under the guide of help their true agenda, however, was an elaborate phishing scam designed to obtain credentials and secure details, making an already devastating situation that much worse. In truth, the only fix for the error is to boot into Windows safe mode, delete the rogue file, and reboot – a much simpler solution, but one that would prove much less lucrative for would-be scammers.

The Next Steps For Businesses

The long-term consequences for CrowdStrike remain unclear, and are likely to include a landscape of financial penalties and legal action. The CEO, George Kurtz, has already pledged to fully investigate the incident and prevent repeat occurrences, stating that:

“Nothing is more important to me than the trust and confidence that our customers and partners have put into CrowdStrike. As we resolve this incident, you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again…We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike reps. Our blog and technical support will continue to be the official channels for the latest updates.”

For now,  the key focus for many businesses is understanding the steps that can be taken to minimise the impact in the event of a future incident like this via their own business continuity processes.

Ensuring business continuity needs to be a key priority for organisations of all sizes and levels, and there are three main aspects to this:

  • Testing and Evaluation

Thorough evaluation, updating and testing of business continuity and disaster recovery plans must be a major focus of any business. This should include detailed analysis of potential financial impact on an event such as the CrowdStrike incident, and a full back-up plan to help mitigate risk. Testing further extends to a change strategy. When rolling out major updates or upgrades businesses should test on a subset of devices to ensure any deployed changes are operating as expected, so to minimise any unplanned disruption should things go wrong.

  • Understanding Critical Infrastructure

A strong understanding of the dependencies and supply chains needed for critical infrastructure are also essential, and businesses need to work to secure the right protection through strong back up plans, good insurance, and clear contractual terms. This includes raising the alarm immediately if there is a fear that an IT or security event has occurred, and reviewing regulatory reporting obligations if an incident does occur.

  • Maintain Vigilant and Proactive Protection Strategies

Businesses also need to work to develop and implement vigilant and proactive protection strategies, which focus heavily on avoiding cybersecurity threats before they have the chance to cause a major incident. Vigilant monitoring and robust systems can help your organisation to stay ahead of the game, minimising the potential for serious harm or damage.

Final Thoughts

The CrowdStrike meltdown serves as a stark reminder of the vulnerabilities that even the most sophisticated systems can face. The incident, sparked by a seemingly insignificant file within a protective software update, caused widespread disruption across multiple sectors, highlighting the critical importance of robust business continuity measures. 

For businesses, the lessons are clear: business continuity plans should form part of your cybersecurity measures, whether an incident is malicious or not, your business needs to be able to function as normal. Prioritise thorough testing and evaluation of disaster recovery plans, ensure a deep understanding of critical infrastructure dependencies, and maintain vigilant and proactive protection strategies. By learning from this incident and fortifying their defences, organisations can better navigate the complexities of the digital landscape and mitigate the impact of future cybersecurity threats.

How Bob’s Business can help your organisation

At Bob’s Business, we are the UK’s Most Trusted Cybersecurity Awareness Training provider, equipping organisations with the knowledge and skills needed to protect sensitive data and ensure business continuity.

In the face of escalating cyber threats in 2024, cybersecurity training is not just a precautionary measure; it’s imperative.

Empower your workforce with the knowledge and skills to prevent cyber threats and fortify your organisation’s defences today.