Five reasons businesses are moving their security to a Managed Services Provider

Cyber Security threats are continuing to increase in size and complexity, and pose greater risks to enterprises than ever before. The malware and threats we face now are extremely difficult to remediate. Enterprises are slowly coming to realise that their IT management teams are not Cyber Security experts, and consequently skills outside of the enterprise are required.

With a Managed Security Service that bridges the skills gap, enterprises of all sizes can be more secure in their day to day operations.

Here are five key signs that indicate when a business should consider partnering with a Managed Security Service Provider (MSSP):

Are you ignoring alerts? Enterprises ignore security alerts because they get so many and ultimately find them useless. According to a recent study, the average enterprise generates nearly 2.7 billion alerts from its devices per month.  A tiny fraction of these are actual threats – less than one in one million. More than 31 percent of the study respondents admitted ignoring alerts altogether because they think so many alerts are false positives, and more than 40 percent feel the alerts they receive lack actionable intelligence. If you are ignoring alerts, you could use an MSSP as a frontline of defense, limiting the opportunity of false positives and offering actionable information. VCG Monitoring and Alerting can not only manage alerts for you and provide the added analysis you need to justify action, VCG can and will resolve the real threats as part of the service.

Are you making the same mistakes? Enterprise IT Management teams are so overwhelmed with threat management and response they don’t have the time to debrief afterwards to analyse what worked and what didn’t. This is an important part of the process because there is something to be learned from each event that can help when dealing with future events. If you are repeating errors then VCG SOC services can help. VCG will analyse every alert and provide information back to you that will help you learn from each event and improve future response.

You have many different cybersecurity solutions. Most organisations have a multitude of cyber security platforms and often from different vendors. Some security standards encourage vendor diversity, to provide defence in depth. Even if you have done your homework and created a complimentary environment for your cyber security estate, it is impossible to see what is happening on each one all the time. The VCG cyber security monitoring and alerting can take in the output from the platforms and centralise all the solutions and data together for better incident management.

You don’t know when or how incidents are resolved. Because of the variety of platforms, all of which are being updated at least daily, it is difficult to find out how a threat or threat treatment was resolved.  VCG Monitoring and alerting platform can provide complete visibility from alert to resolution so you know the exact, at-the-moment status of each and every threat, as well as how it was resolved.

Your CEO needs the company to be trusted! There is a real need today for companies to be trustworthy in their dealings.  Managing the data from their customers, for their clients and for the brand of the business is critical. Trust these days is earned (business to business) by either accreditation (Cyber Essentials, ISO27001, PCI-DSS and others) or by simple proof. That proof, although it exists on all the devices in your enterprise, is in silo’s. VCG’s Monitoring and Alerting allows an instantaneous assessment of an enterprises Cyber Security status and can produce on an ad-hoc basis a report that can be shared with business partner organisations.

Learn more about a Security Managed Service from VCG, or speak to one of our customer experience team to see how a Managed Service can work for you.

VCG expands Secure Operations Centre with Cyber Security Monitoring and Alerting Service

Do you know how often your organisation is targeted by cyber security events? Are you able to assess how serious these events are, and do you know how to respond? Do you have the expertise available 24×7 to act swiftly in order to limit the damage?

For businesses that answered “no” to any of these questions, VCG have launched a new Cyber Security Monitoring and Alerting ServiceOur service uses a global-monitoring platform and analyst support to provide you with real-time cyber security analysis and response for your business 24x7x365.   

In an environment where businesses are overwhelmed with data, organisations that can prove they are fully protected, trustworthy and compliant will not only win more customers, build powerful partnerships and secure more investment, they will also be free to innovate and grow at speed, safe in the knowledge they are secure. 

Maintaining compliance – an uphill battle? 

An unprecedented level of remote working and cloud-based services means organisations are required to analyse huge volumes of data to find and remediate threats. Businesses must continually invest in ever-more sophisticated cyber security solutions to protect their estate, along with hiring and continually training the skilled cyber security personnel to manage those solutions 24x7x365. With a growing pressure on budgetsprotecting your business has become increasingly expensive.  

Bringing security in-house can raise more questions than solutions. This is because businesses and third parties employ a patchwork-quilt approach, using both security incident and event management (SIEM) logging and alerting platforms, as well as setting up a security operations centres (SOC). Without the right levels of investment and expertise, the result can be a mass of data, lots of questions and very few immediately actionable insights.  

VCG’s monitoring and alerting service uses both SIEM and SOC approaches, but we overlay these systems with human expertise to generate powerful actionable insights on your behalf. You get a fully trained SOC team at your disposal 24x7x365, access to your own customisable real-time dashboard and instant access to pre-defined compliance reports.    

VCG’s new monitoring and alerting service enables you to confidently outsource the job of protecting your businesswhilst receiving a set-price, and a cost-effective and fully scalable solution – while freeing up your IT teams to innovate.  

Monitoring, detecting and analysing threats 

Our solution is designed to monitor, detect and analyse anomalies and indicators of compromise (IOCs) in real time, right across your business, assessing the levels of risk and alerting you when necessary. The VCG Monitoring & Alerting Portal (ProVision) provides critical visibility into your security posture. It features 

  • A fixed-cost service including; analyst by name, regular reports, 24x7x365 alerting, monitoring and escalation 
  • Monitor your environment for compliance or customer requirement  
  • Constant vision and analysis of your network and facilities status 
  • A fully experienced SOC team assigned to you at all times  
  • Have a team that covers “your people” out of hours 
  • Build customer confidence. 

All these benefits are available regardless of geography, technology or whether your networks are cloud-based or on premise. The VCG  team will deliver all of this protection 24x7x365. 

Overcoming barriers to growth 

Cyber security threats present three universal barriers to growth. Our new monitoring and alerting service has been designed to address these barriers so that your organisation can thrive within a safe environment. These barriers are: 

The trust deficit 

Third-party attacks, in which threat actors gain access to their target’s network via a supplier or contractor, are becoming increasingly common. Airbus suffered at least four such attacks in 2019, in which hackers attempted to steal valuable intellectual property regarding the manufacturer’s military and commercial aircraft technology. The risk of third-party attacks can drive a wedge between trading partners, reducing opportunities for fast and effective collaboration.     

VCG’s service will reassure your partners that your business is fully secure and trustworthy at all times.   

Proving compliance  

Whether you have Cyber Essentials Plus or ISO27001 accreditation, every time you change or modify your environment you can potentially invalidate your accreditation and introduce opportunities for a cyber security breach.  

Our service provides solid evidence to help your organisation become fully compliant and up to accreditation standards at all times.   

Shouldering the regulatory burden 

The regulatory burden on businesses has never been greater. In particular IT teams, data owners and users need to prove they are adhering to strict rules around protection of personally identifiable information and confidential data. GDPR and the UK Data Protection Act 2018 set out in fine detail the responsibilities organisations must shoulder – and the consequences they face should they fall short of the mark.  

Our service takes care of all the relevant regulation so you don’t have to. You can then prove beyond doubt there has been no data breach of your digital networks.  

Find out more about VCG’s Cyber Security Monitoring and Alerting Service, contact our team now.

How a Security Managed IT Service can boost productivity during the home-working boom

Less than a year ago regular home working was a perk enjoyed by just 5% of the UK’s 32.6 million workforce. Now, due to Covid-19, remote working is no longer a perk, it’s an essential ingredient in business continuity.

Fifty of the UK’s biggest employers have said they have no plans to return all staff to the office yet and the Bank of England’s executive director for financial stability recently said social distancing guidelines meant there would be no “sharp return…to dense office environments” for the foreseeable future.

The challenge for IT teams has been refocusing their cybersecurity efforts from office-based networks and devices to cloud-based remote solutions which rely on employees’ domestic internet connections and personal devices.

At the start of lockdown, switching IT focus was typically done at speed with continuity the goal, rather than market-leading cyber security.
Now, however, IT teams are having to ensure long-term, mass remote working can be achieved safely.

New and emerging digital technology

It isn’t just that more employees are working offsite. There is also an unprecedented reliance on new and emerging digital technology which employees are using to connect, collaborate and remain productive while out of the office.

Video conferencing and messaging platforms such as Cisco Webex have kept operations running for businesses of all sizes and sectors. Data from Ofcom reveals, for example, more than seven-in-ten UK workers are now making video calls at least weekly – up 35% from pre-lockdown.

This increased level of employee connectivity comes with increased risk. The more employees remotely access resources on their corporate network, the more they use cloud-based software and the more they use unprotected personal devices, the greater the vulnerability. Now, more than ever, organisations need greater visibility of their remote worker’s activity when they are working from home – what are their employees doing, what websites are they accessing and what devices are they using? The most effective cybersecurity solutions create a secure and visible connection between the home worker and the corporate resources they use.

Building a secure foundation for growth

Widespread home working has transformed and dramatically increased organisations’ so-called ‘attack surface’. But organisations that can effectively and confidently secure their networks are then free to grow their businesses, increase productivity, capitalise on flexible working opportunities and give all their employees the high-quality IT user experience they need.

The big challenge is ensuring IT teams have sufficient expertise, resources and personnel to protect their networks 24/7, 365 days a year from an ever-changing and increasingly complex adversary.

This is where investing in a managed cybersecurity service pays dividends. A managed security service enables you to confidently outsource the job of protecting your networks, safe in the knowledge that you’re getting a cost-effective solution and freeing up your IT teams to innovate.

A market-leading managed security services provider (MSSP) such as VCG, can implement a wide range of cybersecurity measures designed to enable your employees to safely access your network from home. These measures range from establishing secure VPNs, to managing firewalls and much more.

For example an MSSP can monitor remote network access and activity, collecting, analysing and logging all activity across your entire IT infrastructure. It can also:

  • Identify and remediate threats on the corporate network
  • Secure connections from all devices and locations
  • Increase visibility of user activity
  • And respond to incidents as they occur.

MSSPs’ detailed cybersecurity knowledge

Covid-19 and the dramatic switch to remote working has transformed the technology landscape almost overnight. Understanding how to build robust security infrastructure in this rapidly evolving environment is an uphill battle and requires teams to continually invest in new skills, technology and resources.

An in-house IT team may have little or no experience of installing, calibrating and running the cybersecurity solutions needed in the ‘new normal’. A market-leading MSSP such as VCG, however, will have detailed experience having partnered with clients to understand how they operate, their objectives and manage their cybersecurity requirements accordingly.

Other benefits of partnering with an MSSP include reduced costs thanks to economies of scale, access to unique cybersecurity expertise and tools and improved scalability, so you can be sure of extra support in times of need.

A market-leading MSSP, such as VCG, will focus all its efforts on investing in the skills and technology needed to defeat the cybersecurity threats organisations are likely to face from increased home working. It will also leverage its links with vendors to ensure its partners benefit from the latest and best cybersecurity technology. An MSSP can also guarantee technical support 24 hours a day, 365 days a year – something organisations may struggle to achieve with a smaller in-house team.

At a time of great uncertainty and increasingly complex threats it pays for organisations of all sizes to build meaningful partnerships with experienced cybersecurity providers. The organisations that can secure their networks as part of a holistic business strategy will be able to empower their employees, unlock productivity, foster collaboration and even confidently grow their businesses during these challenging times.

Are your digital networks at greater risk in the age of Covid-19?

It’s time for the hospitality sector to learn from the Covid crisis before it’s too late. Follow our six-point health check to ensure your networks are fit for purpose and ‘work-from-home safe.

With lockdown measures finally easing, now is the perfect time to give your digital networks a thorough coronavirus health check. Think of it as your chance to learn from the Covid-19 crisis and create a master plan for what could be tough months ahead. Your ideal Covid continuity plan should be built around the need to guarantee future core operations in the event of a feared second wave and also the urgent job of protecting networks, customers and staff from infection – both viral and cyber.

Our conversations with hospitality firms show that many companies are already preparing their plans, but it should really be a case of sooner rather than later. Here are the critical areas we recommend you address in your network health check:

1. Consolidate network changes made on the fly

When the pandemic first hit, and head office core functions were suddenly forced to work from home, the initial IT response was often more ‘quick and dirty’ than ‘market leading’. Some employees may have already been set up for home working, but the wholesale switch put a massive strain on networks and their administrators.

Quite often this switch was done on the fly, with the focus quite rightly on business continuity first, rather than best practice. With fresh Covid-19 outbreaks recently reported in Wales, Germany and South Korea it would be short sighted to ignore the very real possibility of a second lockdown. The difference this time is that the hospitality sector has a chance to bake in the kind of network agility that enables all head office staff to switch between home and office working when necessary – at the drop of a hat.

2. Switch to digital telephony for speed and instant scalability

Perhaps the minimum level of remote working connectivity is the ability to transfer work phone calls to either your employee’s mobile phone or home landline. Modern telephony systems can do this and much more, ensuring important calls get through to the right people every time – no matter where or when they are working.

Digital telephony systems can cater for any size of hospitality business, from 20 to 2,000 lines. They can also be scaled up and down at the press of a button – perfect if a workforce has to shift to home working overnight. No extra hardware or third-party systems are necessary and the whole package can be delivered and managed for you, if desired.

3. Make sure your network is ‘work-from-home safe’

After months of working from home, your head-office employees may now all be online, but is your network safe? Cyber criminals are notorious for exploiting human as well as network weaknesses, and you can bet they won’t call a ceasefire during the pandemic. If they’re not phishing for log-in credentials, they’re using the cover of public holidays and office downtime to attack companies. For example, the Travelex hack, which put the currency trading firm offline for weeks, costing millions, was launched on New Year’s Eve to exploit employee holidays. Similar challenges around Covid-19 offer a potential treasure trove of opportunities for criminals.

So, how should hospitality firms address the threats raised by an increase in home working?

The first question organisations need to ask themselves is whether their employees are using their personal devices to log on, view and store company data. A VPN and firewall will go a long way towards preventing a hack or malware infection of your network, but a privately-owned laptop is still a big risk if the user is viewing sensitive data. Assuming your network already has a high-level of cyber security, the next step for any hospitality firm should be penetration testing every time a significant change is made to the network.

While a regime of quarterly vulnerability assessments are beneficial, a full penetration test is best practice following any major network change, with a Qualified Security Assessor (QSA) able to highlight network weaknesses and potential back doors.

4. Get smart and adopt a layered approach to network security

The belt-and-braces solution to securing your hospitality network during the ‘new normal’ involves real-time visibility of all activity on your network. You can do this by installing a Security Information and Event Management (SIEM) solution which collects, analyses and logs activity across your entire IT infrastructure. A SIEM solution collects activity data from a wide range of sources including network devices, servers and domain controllers, to name but a few. It can detect attacks missed by enterprise security systems, help with compliance and make a wide range of data available on one dashboard.

A natural extension to SIEM is a full User and Entity Behaviour Analytics (UEBA) solution. Rather than focusing on devices on your network, this analyses who is responsible for the activity and whether their behaviour is risky. For example, if the log-in credentials belonging to your Manchester-based finance director are suddenly used on device in Nicaragua the system will sound the alarm and deny access. Similarly, if a junior member of your legal team attempts a bulk download of personnel files, UEBA will flag it up and slam the door shut until administrators sound the all-clear.

5. Upgrade Wi-Fi to protect your staff and customers from infection

Your digital networks also have a critical role to play supporting front-line operations and preventing human infection. In addition to using app ordering and contactless payment which Wi-Fi can support, hospitality firms are now required to capture the contact details of your customers to support Track and Trace. By implementing a Wi-Fi overlay solution, you can capture the contact details of your customers before they enter your venue, using the Guest WiFi authentication process. When visitors are advised to connect to Wi-Fi, they can be presented with a Track & Trace registration page where they submit their contact information, ensuring that you capture all the relevant details required by government guidelines. On completion of the log-in process, the visitor can be immediately sent an email with a code that is used to confirm their registration. This message can then be shown to staff on the door to allow access.

The question is whether your on-premise Wi-Fi networks are strong and reliable enough to cover all of your estate, delivering the kinds of experiences your customers expect. Can you offer your customers Wi-Fi-powered mobile ordering and mobile point of sale or will they be forced to endure long waits and socially distanced queues? Overnight, Wi-Fi has been transformed from a ‘nice-to-have’ to a health and safety ‘must-have’ by Covid-19.

6. Don’t overlook GDPR compliance…the sting in Covid’s tail

In addition to capturing the details of all customers, as part of the government’s efforts to track and trace infected people, hospitality firms now also have to retain those records for a minimum of 21 days.

This clearly adds a new GDPR burden on hospitality firms. A Wi-Fi overlay solution, as described above, may already be GDPR compliant, but otherwise, the processes around customer data capture and retention should be reviewed to ensure GDPR compliance. Many companies may not feel confident enough to shoulder this burden alone – and luckily, they don’t need to. Third parties, including VCG, now offer a GDPR consultancy service featuring an initial GDPR review, an employee training package and even a Data Protection Officer as a Service.

The fact that the hospitality sector (along with the rest of the economy) was blind-sided by the first coronavirus wave is entirely understandable. Now, however, as well as putting in place systems to enable secure re-openings, we all know what we face should a second wave strike an already damaged hospitality sector. Hopefully all our best laid plans will never be used.

Want to find out more about how we have helped our retail and hospitality customers during the current crisis? Contact VCG now.

What’s the difference between a Next Generation Firewall and a Web Application Firewall?

When it comes to protecting web applications we’re often asked: “Why use a web application firewall if there is a next generation firewall in place?” The short answer is, you need both.

So, what is a Web Application?

During the web’s infancy, websites were just static pages with very little user interaction. This changed in the 1990’s as web servers started to allow communication with server-side custom scripts [1], and developers now had the ability to build solutions such as web-based email, web stores and blogs. These are all examples of web applications, a program that is stored on a remote server and delivered over the internet through a browser [1].

Nowadays, web applications are more complicated, with a dependence on HTML5, JavaScript and databases etc. They may be a repository for corporate data, customer data or payment information and as a result have become an attractive target for attackers and must be secured correctly.

What is a Next Generation Firewall?

A NGFW combines the functions of a traditional firewall with additional features like intrusion detection and prevention, URL filtering, Antivirus/Anti malware, identity awareness, time-based decisions and location awareness.

Most importantly, a NGFW provides ‘application awareness.’ A traditional firewall is based solely on network-layer attributes (like IP address, port and protocol) but this is not enough information to accurately identify or police an application. A NGFW looks for abnormal information in the headers of a message and even within the data itself, and can be set to look for specific character strings (words or phrases) within the message body to identify an application. From there it makes context-based decisions on application traffic in order to protect the network, typically this would be internal users heading outside the network.

Protecting the Application Layer isn’t Enough

The issue here comes from the terms used by typical networking frameworks, in the OSI model for example the application layer is used to define “the collection of shared communications protocols and interface methods used by hosts in a communication network” [2], examples of which include HTTP, FTP, BitTorrent and SNTP.

Protecting the traditional application layer fails to fully protect an “application”. As shown in Figure 1, additional resources within infrastructure applications need protecting, such as web servers, business applications and application data.

Figure 1 – The full computing stack model [3]

To protect Infrastructure apps, business apps and data, application fluency is required. Although a NGFW can identify an application regardless of the port and protocol being used this is not the same as application fluency, which needs the ability to truly understand how an application works rather than just what it is.

Enter the Web Application Firewall

A Web Application Firewall protects web servers and hosted web applications from threats at the highest level of the full computing stack and from non-volumetric attacks in the network layer.

WAFs are different from NGFWs in that they have the ability to:

  • Provide DDoS protection at the application level
  • Validate inputs (Stopping SQL injection)
  • Provide cross site scripting protection
  • Provide virtual patching to apps before vendors release official patches
  • Block attacks based on known or custom defined application vulnerabilities
  • Detect cookie and session tampering attacks
  • Block unwanted web traffic from websites and applications
  • Block potentially sensitive server responses from attackers
  • Increase site speed and performance through advanced caching mechanisms

A WAF achieves critical application fluency in a few different ways. Many modern WAFs use automated learning to understand typical application behaviour over time, and as a result can differentiate between malicious and legitimate traffic. Manual configuration of application policies allows developers/ admins to tell the WAF exactly how their application works and the application fluency required to make decisions on traffic. High spec WAF’s and many cloud solutions will have the ability to conduct HTTPS decryption, enabling the WAF with deeper insights into application traffic. Couple these features with a default security capability and some business logic and it can make decisions a NGFW couldn’t on how to process web app traffic, which in turn grants them a greater level of protection.

Figure 2 – A WAF in the Data Path [4]

WAFs are typically deployed inline, behind a traditional or next-gen firewall (See figure 2) functioning as a transparent reverse proxy or a reverse proxy. A transparent WAF allows traffic to be sent directly to the application server, whereas a non-transparent WAF will have a client’s traffic sent to it first and can provide greater protection to the application server, although often at the cost of performance.

References:

[1] https://securelink.net/en-be/insights/waf-vs-ngfw/

[2] https://osi-model.com/application-layer/

[3] https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/web-application-firewall-delivering-must-have-protection-for-the-modern-enterprise.pdf

[4] https://www.f5.com/company/blog/where-does-a-waf-fit-in-the-data-path

Keeping your guard up as new cyber threats emerge

Cyber criminals never take a break and they are currently using the Covid 19 pandemic to their advantage.

Professional services network KPMG reports they have seen over 15’000 new websites created last week alongside massive global email phishing campaigns, and these emails and websites aim to prey on people’s fears regarding COVID-19.

The sites and emails that aim to entice a user contain some of the following themes:

  • Selling COVID-19 key supplies.
  • Maps and resources containing hidden malware.
  • Masquerading as Health organisations like the NHS or WHO.
  • Masquerading as Government organisations offering tax benefits and advice.
  • Fake charitable collections for health workers.

If a user is successfully hooked an attacker will aim to achieve one of the following:

  • Ransomware Infection
  • Crypto Currency Fraud
  • Business Email Compromise Fraud
  • Office 365 Credential Theft

All of which can have devastating consequences to an organisation.

The age old saying, ‘if it sounds too good to be true then it probably is’ can be applied to phishing, however there are some other typical giveaways that an email or website is suspect:

  • Poor grammar, punctuation and spelling
  • Design and quality of the email or website isn’t what you would expect
  • Not addressed to you by name, but something more generic like “Dear Friend” or “Dear Valued Customer”
  • Includes a veiled threat or sense of urgency
  • Directly solicits personal or financial information

We are currently living in a completely unprecedented situation regarding healthcare and personal well-being, but it is important to make sure that you stay vigilant and don’t allow your fears and/or curiosity regarding COVID19 to catch you off-guard.

Secure remote working – how VCG is helping customers

In response to COVID-19 organisations are moving their workforce to the virtual workspace. The speediness of this rollout by our customers has been fantastic.

The first step taken by IT teams has been to quickly enable the workforce to access corporate resources when working from home, when they need to. However, with the speed and scale of this roll out, protecting your remote workers is a challenge.

In this blog we’ll outline some of the key security considerations and how VCG are helping customers work not just remotely, but securely, and how to prevent breaches at a time of increased risk.

Secure VPN access

A VPN client like Cisco AnyConnect will help ensure end-to-end encryption, prevent man in the middle attacks and ensure data integrity, but there are some additional decisions that need to be considered.

Some organisations will send all user internet activity (corporate and non-corporate) back through the corporate firewall for deeper inspection, malware analysis and content classification etc. While this is secure, it effectively doubles the bandwidth for a single remote user vs. an office user. As a result, many customers are now finding the Internet connection to be a bottleneck.

To ease bandwidth congestion organisations can forward only corporate requests via the secure VPN connection. Great, but how do you ensure your users are protected from accessing non-corporate domains on the internet that could pose a risk to them and the data they can access, or from using unapproved applications or accessing sites in breach of corporate usage policy?

Protect users everywhere with DNS security

The answer here is Cisco Umbrella. Umbrella provides security for users at the DNS layer, forwarding all DNS requests to Umbrella to identify whether a domains content category is associated with malicious intent (such as phishing, malware, crypto-mining, command and control etc). If so, Umbrella will block access to these sites before the user can connect. As Umbrella is a cloud delivered service, and with no required connection to the corporate VPN, your users will be protected whether working from home or from the local coffee shop (when they re-open).

Verify the identity of your users

Finally, we have the question of user verification and device posturing. The last thing you want is a misplaced corporate laptop or stolen log on credentials to be able to access your network via the VPN, or a device that is vulnerable through outdated operating systems, browsers or anti-virus potentially causing a breach. Cisco Duo enables both Multi-Factor Authentication (MFA) and device posturing. With these in place, when a user enters their credentials, they will also be prompted for a second input such as a code via text, a call to a mobile device with authentication or as simple as a push notification via the Duo App to a registered smartphone. Duo can also confirm operating system, browser and anti-virus are all up to date before permitting access, and if not up to date, inform the user on the actions that need to be carried out in order to gain access.

Trial Umbrella and DUO for your business

To see how these solutions can improve your security posture for remote workers, VCG can help you set up free software trials of Cisco security solutions within your own organisation and environment.

Revealed: the secret cyber scams targeting the hospitality sector

We’re all aware of the risks around customer data theft in the hospitality industry. But the fact that such a wide range of sensitive information is held by hospitality firms — everything from credit card details to car registration numbers — hasn’t gone unnoticed by cybercriminals who use every trick in the book to hack into hotel computer systems.

What doesn’t tend to get so much airtime is what hackers do with all this information once they’ve stolen it. A quick trawl of the internet, including its murkier corners known as the dark web, however, reveals how criminals make money from this patchwork of stolen customer data.

One of the biggest scams employed by organised crime gangs is to use hacked data to set up what are effectively dark web travel agencies. A recent report by Vice.com reveals how these illegal agencies use a wide range of stolen data to sell super-cheap holidays which can include five-star hotel stays, business-class flights, restaurant meals, shopping, entertainment and guided tours.

Seriously out of pocket

Hackers often offer discounts of more than 70% thanks to hacked customer loyalty point accounts, employee discount schemes and credit card details, leaving law-abiding customers and businesses seriously out of pocket.

These black-market travel agents can be found on dark web market places such as Dream Market, with threads written predominantly in Russian, English and Arabic. Even where these market places are closed down, given the demand, new dark web sites rapidly spring up.

Typically, the travel agents advertise their prices along with other information such as how many days in advance of travel the client can book. Some underground travel agencies offer all-inclusive services, with flights, hotels, and taxis all covered by one price.

Most of the adverts for these agencies are highly designed with images portraying what some may consider the high life: attractive women, fast cars, speed boats and international landmarks. Once a customer contacts a black-market agent they are most likely directed to a messaging app where a service agent or bot will discuss hotel and travel arrangements.

Dark web travel agents

A common method is to provide the agent with a screen shot from a hospitality aggregation site such as Trivago, with all the necessary hotel check-in and check-out dates added. The agent then uses stolen data to secure a hugely discounted stay and adds a commission for themselves. Another method is to sell hacked loyalty points so the customer can make the booking themselves.

As you can imagine all of these transactions are carried out using fake identities, which are also readily available on the dark web, and bitcoin to ensure the buyer remains anonymous.

Buyers’ attempts to remain anonymous don’t always work, however. In May 2019 British hacker Grant West was jailed by UK law enforcement after he used stolen data to fund gambling holidays to Las Vegas.

There are no official figures for the amount of money lost by the hospitality industry every year to this kind of crime but all the estimates run into the billions.

If you’ve ever tried to justify the cost of enhanced cyber security to your budget holder or company board it may make sense to take them on a short shopping excursion to the dark web to show them the very real dangers of data theft. It’s certainly a sobering experience.

What is Multi-Factor-Authentication and why do you need it?

A password is not enough

Like many organisations, your workers are using corporate and personal devices, and your applications, network, and data can be accessed remotely. IT must enable both seamless and secure access to applications, but with weak, default, or stolen passwords responsible for around 80% of all network and data breaches*, is ‘the password’, a secure enough system? The answer is no – this is a system that grants access to anyone that enters the required password, regardless of whether that person is authorised. If you’re looking for the simplest, and most effective way to make sure your users are who they say they are, then Multi-Factor-Authentication (MFA) is a must.

How does multi-factor authentication work?

With MFA you can authenticate the identity of a user with multiple independent credentials, or ‘factors.’ Unless an attacker has all of the factors required, access will be denied. How does this work? These factors are mostly separated into 3 categories: knowledge factors, (password, pin number etc.), possession factors (smartphone, laptop etc.), and inherence factors (biometrics). For example – a major flaw with passwords is that they cannot prove your identity. Biometrics solve that problem, because your biometrics are you. Similarly, push notifications delivered by an MFA App on your mobile device ensures you are in control of your access.

What to look for in your MFA solution

Any authentication solution must be effective against threats related to credential theft, AND, must have underlying security and reliability. You’ve correctly invested in the firewall, anti-virus software, cloud security, but the reality is that without MFA, these security measures can be bypassed

Policies and controls

As a best practice you need to categorize any systems that contain access to critical data and add MFA to those. Make sure you can enforce granular, contextual policies based on user, devices, and location to protect access to these applications. For example. Is the user logging on from a new location for the first time? Make sure to add MFA into the mix here.

Visibility

See what’s happening across your estate with insight into the users and devices accessing your apps and data. Make sure you can see authentication attempts and statistics.

User experience

If you’re correctly making your users undergo this process, at least make it efficient for them! The more intuitive the software and authentication methods available, the more flexibility your users have. Single sign on (SSO) can actually speed up the login process, giving access to all applications after the first login via that device

Authentication methods

Popular methods include biometrics and Push Notification Apps for factors that are the hardest to break. Other methods include (U2F Security Tokens, Phone Callback, Mobile Passcodes, Hardware Tokens, SMS Passcodes, Bypass codes).

Scalable for growth

As your business grows MFA needs to support new users, applications, and devices, without having to rip and replace the existing infrastructure. Consider how it may integrate with ongoing or future business initiatives, including Bring Your Own Device (BYOD), mobile enablement or the adoption of cloud applications

What are some examples of multi-factor authentication?

We recommend DUO MFA and Single Sign-On (SSO) solutions, combining a robust underlying security infrastructure along with a choice of authentication methods that for intuitive user experience. DUO Push allows users to approved push notifications and verify their identity via the DUO mobile app.

It's time to rethink your denial of service protection

When you think of distributed denial of service (DDoS) attacks chances are you conjure up an image of an overwhelming flood of traffic that incapacitates a network. This kind of cyber-attack is all about overt, brute force used to take a target down. Some hackers are a little smarter using DDoS as a distraction while they simultaneously attempt a more targeted strike, as was the case with a Carphone Warehouse hack in 2015, but generally DDoS isn’t subtle.

Now, however retailers are having to re-think DDoS protection following the rise of a smaller stealthier incarnation of threat. A recent report by cybersecurity experts Neustar reveals a significant increase in small-scale DDoS attacks and a corresponding reduction in conventional large-scale events. The hacker’s aim here is to remain below the conventional ‘detect and alert’ threshold that could trigger a standard DDoS mitigation strategy so that an attack can continue unnoticed while specific areas of the target network are incapacitated.

The Neustar report reveals that between April and June of 2019, over 75% of all attacks mitigated by Neustar were 5 Gigabits per second (Gbps) or less, while large attacks – those of 100 Gbps and over – decreased by 64%.

These smaller, stealthier DDoS attacks are designed to enable the perpetrator to get in and get out of a network unnoticed or allow the attack to continue for quite a long time undetected. In fact, the longest duration for a single stealthy DDoS attack in Q2 of 2019 was nearly two days. Under-the-radar incursions like these are aimed at specific services, gateways and applications so they need less traffic to bring them down.

When quizzed by Neustar, 72% of CTOs, CISOs and security directors revealed that their systems would be unable to detect and protect against this new breed of stealth DDoS attacks.

The answer to the emerging threat is for organisations to deploy an ‘always on’ DDoS mitigation service that can constantly monitor traffic to ensure threats of all sizes are quickly detected, managed and neutralised. Organisations also need to create a business ‘risk register’ which enables them to focus primarily on their most-critical business assets so security efforts can be prioritised correctly.

As well as the rise of stealth attacks DDoS has evolved in five other critical ways:

  • Access: Black market services, known as “rent-a-bot,” make it easy for almost anyone to launch a powerful DDoS attack against a business for a nominal fee.
  • Complexity: New DDoS techniques have made DDoS exponentially more powerful and harder to defend against due to increased complexity and sophistication.
  • Cost: DDoS attacks now cost victims £40,000 per hour, with an average duration of six to 24 hours.
  • Ransom: Cyber extortion is now common with DDoS – 46% of DDoS’ed companies admit they received a ransom note.
  • Diversion: DDoS is frequently used as a smokescreen for other attacks, like stealing customer data (33%) or implanting viruses and malware (50%).

Effectively combatting the DDoS threat requires a culture shift for many retailers as, until now, they have been heavily focused on point-of-sale malware and online attacks targeting credit card data. In fact, some 33% of all cyberattacks on retailers come from DDoS, making it the most common digital threat the sector currently faces.

While in years past this type of attack was primarily used for pranks and petty mischief, it is now increasingly used by organised cyber-criminals to threaten retailers’ operational and financial security.

When executing a DDoS attack, threat actors set their sights on any organization that relies heavily on its website to generate revenue. This makes retailers ideal targets. Attacks can start with a threat of DDoS action followed by a ransom demand so the threat actor’s success depends on their capabilities and credibility. While the accessibility of off-the-shelf tools to execute DDoS attacks has lowered barriers to entry, low-credibility, low-capability actors do exist.

Here are some key steps retailers should take to protect themselves from the DDoS threat:

  • Identifying an Attack:It’s critical to identify a DDoS attack immediately, in order to prevent further damage, reputational loss and secondary attacks. To do this, establish a baseline of what normal network traffic looks like, that way you can quickly detect network traffic anomalies and attribute spikes in traffic to DDoS attacks.
  • Establish a DDoS Policy: At a bare minimum, every retailer should have a policy in place for educating staff about DDoS attacks and the various risks they pose, as well as how the company is expected to respond. For example: What will the company do to inform/reassure customers? How will the company deal with ransom requests?
  • Preventing Secondary Attacks:To prevent a secondary attack during a DDoS event, avoid key mistakes: don’t overlook alerts issued by your monitoring system; be cautious of any other unusual activity on your network; and be on the lookout for ‘social engineering’ attempts on IT personnel or other company staff, such as phishing emails or phone call scams.
  • Cyber Insurance:Retailers should also make sure DDoS incidents are covered by their cyber insurance plans, including costs associated with mitigation attempts, downtime, cyber ransoms, etc.
  • Conduct a Simulated DDoS Attack:DDoS “black-box” testing is the only way to test a retail network against a simulated real-world attack. This allows retailers to see exactly how their networks will react to a sophisticated DDoS attack and whether the defenses put in place are sufficient.
  • Call in the experts:Every retailer, no matter how big, should have a third-party always-on DDoS mitigation service that will reroute traffic and scrub out illegitimate traffic once an attack begins.

Want to find out more about DDoS might be affecting your retail operation? Get in touch and see how our team can secure your retail networks for a more secure future, safe from DDoS attacks.

Book a free consultation for your business today Get in touch