Following a spate of high profile corporate hacks, Duncan MacRae examines steps that can be taken to put a stop to them.
In recent weeks and months, all kinds of high-profile hacks have been hitting the headlines.
Global corporations and established British firms, including Apple, Facebook, Burger King, Jeep and homeware supplier Lakeland, have all fallen foul of attacks.
So London-based estate agency Foxtons joined a fairly illustrious list this week when cyber criminals attacked its network and compromised thousands of its customers’ accounts.
The hackers allegedly leaked details of nearly 10,000 property hunters registered with the estate agency, and posted them on popular hacking site PasteBin earlier this week. The details have since been removed from the site, although the 9,800-odd user names, email addresses and passwords are still available elsewhere online.
Foxtons has since obtained the supposedly leaked list, titled ‘Part 1’ and is checking whether the information is genuine or not.
The title is an ominous one. Part 1? We can safely assume Foxtons is not eagerly awaiting the next instalment.
Although the estate agency has not made a public statement about the incident, it has assured its customers that their financial details, including credit card numbers or transaction histories, remain safe with third-party providers – unsurprisingly, it also strongly suggests that users reset their passwords.
An emailed statement to its users reads: "It has come to our attention that there were some reports circulating on the internet today suggesting that a small number of user names and passwords to the MyFoxtons web portal were briefly posted to a website.
"We have been able to download the list of usernames and passwords that were posted and are currently running checks to determine its veracity."
In light of this latest hacking incident, Ross Parsell, director of cyber security at Thales UK, believes that businesses need to take note of these high-profile hacks and ensure they are not the next victim.
He explains: "The recent spate of high-profile data breaches, such as this alleged attack on Foxtons, are evidence that organisations are either not taking cyber security seriously or are bewildered by the problem."
David Howell, European director from enterprise IT management company ManageEngine, agrees, adding: "High profile breach incidents, such as LinkedIn and DropBox experienced, hogged the headlines last year and analysis of these attacks showed that the log-in credentials of users were the main target. The reported attack on Foxtons is just another example of the continued prevalence of these types of data breaches.
"As the saying goes, you are only as strong as your weakest link. When it comes to security that weak link is typically a businesses’ workforce – a fact that is being exploited time and again by hackers."
Combating sophisticated cyber-attacks such as these demand a multi-pronged strategy incorporating a complex set of activities, according to Howell.
"However," he adds, "of all the combat measures bolstering internal controls should be prioritised, as the majority of attacks identify internal breaches as the cause. This will ensure that even if a hacker manages to penetrate the perimeter, privileged identities will not be compromised. The chain will always have weak links or points of vulnerability, such is the ever evolving nature of enterprise security, but with the right measures in place, privileged identities needn’t be one of them."
Parsell feels that one way of helping to prevent corporate cyber attacks is to set a minimum security standard for companies to adhere to.
He says: "Regulation in this case is a necessity to alter corporate behaviour. Once the full extent of the cyber threat is uncovered, greater collaboration on cyber issues should lead to an improvement in cyber awareness and cyber standards.
"In order to make this work there needs to be a holistic approach that tightly integrates cyber-defences with processes, people and physical measures. A cyber security model that can provide a useful indication of the resilience of defences and areas of vulnerability as an important guide through the prime consideration of balancing between price, safety and security, is crucial."