Archives for posts with tag: cybercrime

So unless you live under a rock you’ve probably heard of the new augmented reality app Pokémon GO, which has attracted huge attention across the world. However, one of the unfortunate lessons we have learned working in cyber security is that if something is popular with consumers, then you can guarantee it’s also going to be a big hit with hackers.

The App was first released in the US, Australia and New Zealand, however people from other countries didn’t want to be left out so found ways of downloading it outside of official app stores.

pikachu

This raised some security concerns which our client, Proofpoint, decided to delve into and research. Upon researching they discovered that a malicious app, pretending to be the official Pokémon GO app, was carrying malware known as DroidJack.  Proofpoint wrote a blog detailing the findings and Eskenzi pitched it out to national press, IT publications and other consumer websites. Quite frankly, the results were far beyond anything we could ever have hoped for.

We picked up an amazing 533 pieces of coverage in the UK, France, Germany and Canada in one week. These include The Independent, The Telegraph, Mirror, Express, The Guardian, Wired, the list goes on and on…and on.

Predicting which news story takes off is out of our control, however, when we align pop culture, global appeal, solid research and strategic media outreach, the chances of success are in our favour.

But more importantly, Pokémon GO has now been released in the UK and is safe to download from trusted sources so knock yourselves out, some of the Eskenzi staff have certainly jumped on the bandwagon.

IE_Logo_Trash-970x546

So, week two of 2016 here at Eskenzi was most definitely no shrinking violet compared to last week’s phenomenal results!

This week, Microsoft released its final patches for Internet Explorer 8, 9 and 10 along with an “End of Life” notice, to encourage users to switch to Internet Explorer 11 and Microsoft Edge, currently only available on Windows 10.

These changes were originally announced back in August 2014, and it is estimated that these older, legacy browsers could account for more than 20% of web traffic. Computerworld reported that as many as 340 million Internet Explorer users are still using IE 8, 9 or 10! NetMarketShare estimates that Internet Explorer accounts for 57% of the browser market, compared with 25% for Chrome, 12% for Firefox and 5% for Apple’s Safari – That’s a lot of people using browsers that are now potentially unsafe, and can no longer be patched.

This means that Internet Explorer won’t receive any more security updates, or other patches. Those still using the browsers could be vulnerable to security threats and even hacks; depending on what other (if any) security software is installed.

A story of this type throws open the rapid response doors for Eskenzi clients, many of which had sound advice on what users, who still use Internet Explorer 8, 9 or 10, can do to ensure they stay protected, despite this news.

Four Eskenzi clients commented on this story – ESET, Tripwire, AppRiver and Bromium – and one from our sister agency, SmileOnFridays – Tenable, which resulted in over 250 pieces of coverage across National newspapers, business publications and trade press.  The coverage obtained was truly global, with publications in the UK, United States, France, Germany, Kenya, Japan, Ghana and Argentina (and many more!) reporting on the news with commentary from our clients included.

Hits include the BBC, The Metro, Business Reporter (included with The Daily Telegraph), BT, SC Magazine, Dark Reading and Yahoo! News.

Several journalists reached out to Eskenzi for specific commentary, as we are so well known to those who report in the security and technology space, knowing they would get great quotes to use in their stories, as well as sound advice for businesses and consumers alike.

We’re lucky to work with so many amazing clients who can, at the drop of a hat, pull amazing quotes and advice out of the bag. I wonder what week three will deliver.

2016-01-06-image-6

logo-date+slogan(banner)

Here’s an event that you’re going to want to be involved in because it’s for every company who takes Security Seriously!

The campaign is called SECURITY SERIOUS and we’ve dedicated an entire week to it from 26-30 October.  The campaign will push the message to the business community that – we’re taking Security Seriously and so should you!

We’re hoping to get 50+ best of breed companies who are good at IT security to help other companies become more security savvy through a range of exciting events! We’ll kick off the week with a photocall outside the Tower of London at 12 noon on 26th October.  Everyone will be there with their company logo and huge banner that states that we’re all pulling together to show that “UK PLC is serious about IT security. We’ve arranged for the press to take pictures at the photocall and then we intend to create a social-media frenzy around the whole week!

During the week we have lots of free lectures and events that companies are offering on a first-come first-served basis. These will be on a range of cyber-security topics – it could be “getting the board’s attention”, “how to stop breaches” – “Finding the right tools to securing an SME” etc.

We’ve already got some amazing large companies behind the week doing some really exciting events, BUT we want to get a huge momentum behind and need your help with the following:

  1. Let us know if you want to be involved in the photocall opportunity – if so we’ll get a huge placard with your logo on it.
  2. Can you support this event by offering something positive to other businesses during the week – it could be a webinar, free software, seminar in London, internal seminar to your staff, something inspiration and creative!  We’ll promote it through Eventbrite and Brightalk and on the website with your logo as a supporter of Security Serious.
  3. Who could you invite to get involved apart from your own company?
  4. Add the event and logo to your email signature
  5.      Blog about it.

YOUR INVOLVEMENT AROUND THIS EVENT WILL NOT COST YOU A PENNY – it’s all about the community collaborating as an industry to get best of breed security professionals from great organisations working to help others become more security savvy – that way we can improve the security posture of UK PLC!

So please let us know how you’d like to get involved asap so we can build your event and idea into the website and campaign.

For more details email Yvonne@eskenzipr.com

ImageThere have been a few stories in the last few days that have made me smile but only one made me want to cry.

Apparently, if Labour was to win the next election, it would make identity fraud a specific criminal offence and consider tougher penalties for cybercrime.

The first thought that springs to mind is, finally, cybercrime is being taken seriously and something is being done about it. However, while that’s to be applauded – I don’t think it should matter who has the keys to 10 Downing Street to keep me safe and my money in my account! And it certainly shouldn’t be used to score points and win seats in Parliament.

As an aside, there is the little voice at the back of my head that screams ‘organised crime on the internet existed when you were in power and you didn’t worry about it then’ but that’s for others to debate. I’ve long accepted that it doesn’t matter who’s in charge the shadow government always believes it could do better. But then I suppose that’s true of most things.

But seriously, the problem isn’t a joking matter – in fact it’s a billion pounds a year matter. According to a report, commissioned by the Cabinet Office in 2011, it’s estimated that cyber crime costs Britain £27 billion a year – including more than £3 billion to individuals and more than £2 billion to the government. Assuming that’s about right, give or take a few quid, that means businesses are losing over £20 billion pounds a year to criminals. That’s huge!

And it’s not as if businesses aren’t taking the matter seriously. A PWC report found that UK businesses are continuing to increase budgets for protective measures against cyber attacks.

However, if the criminals aren’t sufficiently prosecuted where’s the incentive for them to stop?

Rather than argue over who’s going to do what ‘when they grow up’, I want all parties to do what they should be doing now – protect the innocent by penalising the guilty.

With less than six months now until the games come to town, it seems every one and their mum is warning of the carnage it will bring.

Recently I received an email from Transport for London, telling me about its new website – ‘Get Ahead of the Games’, to help me avoid the inevitable travel hotspots from additional people in our great capital.

Then, today, I wake up to the news that the British Government has warned us all to ‘prepare for communications breakdowns’! I don’t remember that being mentioned when Dame Kelly Holmes was jumping around, while Coe and Beckham became embroiled in a manly hug! Perhaps we’d have been better off saying, thank you very much but in retrospect we’ll let our goods friends the French have it.

Apparently, during the Beijing Olympics, there were 12 million “cyber security incidents” so it’s unlikely London won’t attract any. That said, we can take some reassurance that the Olympic Committee isn’t blindly hoping for the best.

We were treated to a display from our elite British security forces who, earlier this year, donned their waterproofs and took to the Thames in high speed boats to practice their strategy to evade a terror attack during the Olympics. Was it impressive – certainly, will it be enough – only time will tell.

There’s also a new guide, produced by London 2012 and the Cabinet Office, giving some useful information to help businesses not only prepare, but also take advantage, of the ‘largest sports event in the world’.

Don’t get me wrong, I’m not ‘anti’ the Olympics – in fact I’m auditioning in a few weeks to take part in either the opening or closing ceremony, but I do think that it’s not just fun and games in the various arenas we need to consider. Such a high profile event is going to put the businesses, and people, living in the UK in a number of spotlights and not all are going to be warm and fuzzy.

While Theresa May has said that the UK government has “robust plans” to deal with cyber attacks on London’s Olympic Games systems, with work underway to strengthen industry’s ability to defend against attacks, I don’t think I’d trust her to come round and lock my front door.

Take a few minutes to think about your security today, and whether you need to change anything for the summer, so you can relax and enjoy the games.

Every day we hear about another data breach, more and more it is becoming a common headline for personal data being lost by a company. Working in the security industry we use these stories as a way to educate the general public and other companies on how to secure their data, what tools to use and how to avoid becoming the next big breach or having your details in the wrong hands…but when will the public as a whole learn?

Sitting in a company meeting last week, we discussed all the different breaches that had happened over the year..as the breaches were mentioned it occurred to me that someone I know has probably lost their details in every one of those breaches….but do they know their details have been lost? Have they taken any actions?

Have they stopped using that website? My guess probably not.

Have they stopped using that bank account? Again probably not.

Have they proactively gone and changed all their passwords? Maybe for some – not all!

Being in the security industry, you become more aware of what is going on and inevitably more cautious. But as data breaches become more of a common daily occurrence, are people sitting up and taking action to protect themselves?

According to a survey by Symantec, 19 people fall victim to cybercrime every minute in the UK – this goes to show that no matter how many breaches we as a nation are still failing to protect ourselves. Why is this? Is it not our job to protect our own data? Do we think the companies should be taking extra steps to look after our data and we cannot do anything? Or with the rise of social networks do we all believe that all our data is out there for all to see – so why protect it?

Maybe its because we do not see how a small piece of information such as our password or date of birth could be of such high value to a hacker who can then access our bank accounts and have a shopping spree at our own expense…