Currently, 97 per cent of the websites worldwide are insufficient secured, adding to mounting concerns over the strength of the darknet.
There were a reported 2.5 million cyber-crimes in the UK last year, the majority were various forms of fraud with the loss typically borne by the financial sector. City firms have the data, money and profile to attract the full range of attackers, including those seeking to undermine the financial system.
The recent news of a hacker hawking LinkedIn log-ins in the darknet suggests that no one is safe in cyber space.
“This is another in a long line of hacks against big name brands. What’s striking about this one is the value and currency of the data some four years after the cyber-attack took place – we are seeing hackers capitalising on the chance to monetise a data theft. In this case, data that might otherwise be considered stale has been put up for sale long after LinkedIn thought it had dealt with the problem,” Mishcon de Reya Cybercrime Partner, Hugo Plowman, said.
According to Plowman, LinkedIn was a perfect target for hackers with its blend of private and business sensitive data. “The login details of over 100 million users grants cyber criminals access to a treasure trove of information that can be used to commit fraud.”
“Generally speaking, the more private and sensitive the information, the more attractive the site will be to hackers. So whether it is your sex life (Ashley Maddison) or your bank details (TalkTalk) that you want to keep confidential, this is a reminder to individual users to be cautious about sharing sensitive data online and to be mindful of who else might be targeted to gain access to your personal and confidential information: the greatest threat to cyber security are the people who use the hardware and software.
“Hackers know this and deliberately target people to gain access to the information that they hold, often enabling them to bypass security measures. Raising awareness and training people can help mitigate against this risk,” he said.
Pulling information from 24 security operations centres, seven R&D centres, 3.5 trillion logs and 6.2 billion attacks in 2015, the GTIR shows that over the last three years, on average 77 per cent of organisations fall into the ‘unprepared’ category, leaving just 23 per cent with the capability to respond effectively to critical security incidents.
“Facing security challenges that didn’t exist last year, let alone a decade ago, and struggling with a shortfall in information security professionals, many organisations no longer have the necessary skills or resources to cope. Our mantra is prevention is better than cure and get the security basics right, including having a clear, well-communicated incident response plan,” advised Garry Sidaway, VP Security Strategy & Alliances, NTT Com Security.
Mischon de Reya’s Plowman advised: “There are legal steps that can be taken to identify hackers, recover data and prevent its misuse that are presently being overlooked by some businesses. Asset recovery action should be part and parcel of any crisis response plan.”