Business Info - issue 147

01732 759725 magazine 07 BULLETIN CYBER SECURITY EARLY AND LATE AFTERNOON ARE WORST TIMES FOR MALICIOUS EMAIL Human Layer Security company Tessian has analysed two million malicious emails flagged by its inbound email security solution Tessian Defender, from July 2020- July 2021, to find out how they slipped past existing defences, like secure email gateways, and the tactics cybercriminals use to carry out advanced spear phishing attacks. Its analysis shows that malicious emails spiked in the last three months of the year, with 45% more malicious emails detected in October, November and December 2020 than in the preceding quarter. November 2020 saw the biggest spike, with around 90,000 malicious emails detected in the week of the Black Friday sales. Malicious emails are typically delivered around 2 p.m. and 6 p.m. in the hope that one will get past a tired or distracted employee. The most popular techniques are display name spoofing, where the attacker changes the sender’s name to someone the target recognises (used in 19% of detected threats), and domain impersonation, where the attacker sets up an email address that looks like a legitimate one (11%). The five most impersonated brands during the period in question were Microsoft, ADP, Amazon, Adobe Sign and Zoom. Tessian Chief Information Security Officer Josh Yavor said: “Gone are the days of bulk spam and phishing attacks, and here to stay are highly targeted spear phishing emails. Why? Because they reap the biggest rewards. The problem is that these types of attack are evolving every day. Cybercriminals are always finding ways to bypass detection and reach employees’ inboxes, leaving people as organisations’ last line of defence. It’s completely unreasonable to expect every employee to identify every sophisticated phishing attack and not to fall for them. Even with training, people will make mistakes or be tricked. Businesses need a more advanced approach to email security to stop the threats that are getting through.” DATA SECURITY SECURING HOMEWORKERS THE GREATEST HEADACHE FOR IT TEAMS Data leaks in the home are predicted to be the biggest security headache over the next two years as hybrid working arrangements see employees buying and installing their own technology, including laptops, printers and scanners. In a survey of 500 IT decision-makers by Brother UK, 34% of respondents cited the issue as their top concern, ahead of data security in the office (27%), network security for remote workers (13%) and accountability (12%). To mitigate the risk over the next two years, 23% expect office technology to be procured centrally, with employees purchasing home tech from approved supplier lists (up from 19% today). One in ten (11%) expects employees to be responsible for buying all office and home technology (up from 5% today). Overall, security was seen as a ‘very important’ consideration by 63% of IT decision-makers, above productivity (52%), cost-efficiency (50%) and sustainability (48%). www.brother.co.uk/business-solutions/ mps AI A FLYING START Energy company SSE is collaborating with Avanade, Microsoft and NatureScot on the roll-out of cutting-edge AI technology to continuously monitor sea bird populations at its renewable energy sites around Scotland, including hydro power stations and wind farms. The Flying Squad initiative, which will enable SSE to make sure that these developments are not having any detrimental effects on wildlife, follows a successful pilot in which four cameras were used to record footage of puffins on the Isle of May in the Firth of Forth during the breeding season and automatically detect and count them. The combination of the cameras and AI technology is less invasive for the puffins and more accurate and efficient. GDPR SPAIN TOPS GDPR FINES TABLE The countries that have handed out the most GDPR-related fines since 2018, according to analysis by cybersecurity specialist ESET Rank Country Number of fines Average fine Total amount fined 1 Spain 273 € 118,831 € 32,440,810 2 Italy 75 € 1,126,584 € 84,493,770 3 Romania 60 € 11,659 € 699,550 4 Hungary 43 € 18,881 € 811,883 5 Norway 31 € 49,527 € 1,535,350 6 Germany 28 € 1,756,673 € 49,186,833 7 Sweden 26 € 697,374 € 18,131,730 8 Belgium 25 € 40,720 € 1,018,000 9 Poland 24 € 86,242 € 2,069,798 10 Bulgaria 20 € 160,535 € 3,210,690 The UK is one of the lowest ranked countries, in terms of number of fines imposed, with just 5. However, it has the second highest average fine size ( € 8,850,000), exceeded only by Luxembourg ( € 124,343,383). (source https://www.eset.com/uk/about/newsroom/blog/the-gdpr-report-2021/ )