Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Our latest published article, How Contracts Can Manage Your Risk In A Cyber Incident, Black Arrow with Sean Cheong
Our latest published article, How Contracts Can Manage Your Risk In A Cyber Incident, Black Arrow with Sean Cheong
‘Don’t get scammed online this Christmas’ - Guernsey Press 17 December 2021
‘Don’t get scammed online this Christmas’ - Guernsey Press 17 December 2021
‘Don’t get scammed online this Christmas’
https://guernseypress.com/news/2021/12/17/dont-get-scammed-online-this-christmas/
Bruce McDougall, a director at local firm Black Arrow Cyber Consulting, pictured, said online shopping was the norm for many people and that trend had been further accelerated due to the Covid-19 pandemic.
But he urged people to take care when shopping online.
‘People accessing and buying from websites that they do not know run a greater chance of being the victim of an attack,’ said Mr McDougall.
‘Some websites give you the opportunity to sign in using your Google or Facebook account, but that is sometimes a fake screen that allows the attacker to skim off your credentials and then use them maliciously.’
A lot of people also use the same email address and password for different sites – which means that if an attacker knows a person’s log-on details for Facebook, they could try to use those same credentials to access that individual’s email account or Amazon account.
He said that there were three simple actions that could help increase security online.
‘Use multi-factor authentication. This is where you have to enter more than one piece of information to confirm your identity. For example, in addition to entering your username and password, you would enter a code that is generated from your phone.
‘If you have to use your fingerprint to access the phone that will give you the code, then that is an even greater level of security.
‘So, even if the attacker has harvested your username and password, they cannot access your account because they do not have your phone with the code.’
Using a different password for each website and account is also important.
‘Never recycle passwords. Follow the current best practice, which is to use a string of three random words, but make sure this is not text from a song or other well-known phrase.
‘Surprisingly, it can take years for a computer to crack a password made up of three random words. The problem is that many people try to create a complicated password themselves but in reality they are following a predictable pattern that attackers already know.’
Finally, Mr McDougall said that when making payments online, people should use their credit card rather than their debit card to get better buyer protection.
‘Some providers can give you a disposable single-use virtual credit card that you can use for purchases online, which means that even if the card number falls into the wrong hands, they cannot use the number to extract money from you.’
Our latest piece in the Guernsey Press - The new GFSC Cyber Security Rules: What the GFSC demands of firms, and why leaving it all to your IT provider won't make you compliant
Our latest piece in the Guernsey Press - The new GFSC Cyber Security Rules: What the GFSC demands of firms, and why leaving it all to your IT provider won't make you compliant
Cyber Security Guidance for Firms during Lockdown 2.0 - What Should Firms Be Doing? Guernsey Press 04 February 2020
Cyber Security is a key consideration for businesses during lockdown. In this article, the team from Guernsey’s Black Arrow Cyber Consulting consider some the issues and how to manage the risks
Article in the current edition of the Guernsey Chamber of Commerce Contact magazine - 'Cyber Criminals Exploit People'
Article in the current edition of the Guernsey Chamber of Commerce Contact magazine - 'Cyber Criminals Exploit People'
Article in the current edition of the Guernsey Chamber of Commerce Contact magazine - 'Uncomfortable Truths: How any Director or NED poses a major Information Security Risk'
Article in the current edition of the Guernsey Chamber of Commerce Contact magazine - 'Uncomfortable Truths: How any Director or NED poses a major Information Security Risk'
Our latest article in this month's Channel Islands Business Brief publication - The Board, not IT, is responsible for cyber and information security
Our latest article in this month's Channel Islands Business Brief publication - The Board, not IT, is responsible for cyber and information security
Our latest published article - Boards, not IT, are responsible for Cyber and Information Security
Our latest published article - Boards, not IT, are responsible for Cyber and Information Security
In the 19 May 2020 Guernsey Press ‘Wealth & Investments’ supplement
The online version of the supplement can be found here: https://edition.pagesuite-professional.co.uk/html5/reader/production/default.aspx?pubname=&pubid=b3a7a6a9-d5c4-49ea-94d5-aefb3f6072a9
Maintaining Good Cyber Hygiene during the Coronavirus Crisis - Guernsey Press 24 March 2020
With more of us working from home in the coronavirus crisis, there is evidence of increasing attacks by cyber criminals who are exploiting those unaware of the risks, according to Tony Cleal, director of Guernsey’s Black Arrow Cyber Consulting BUSINESSES are making significant changes in response to the virus, including asking employees to work from home for the first time. These new practices have often been implemented as quickly as possible, with a priority on keeping the business operations going. At the same time, the cyber and information security consultants at Black Arrow are seeing reports from specialist intelligence and the wider media which show cyber criminals are feasting on the current chaos as they target employees and companies who let their guard down. ‘Cyber criminals usually target people, not technology, to get into their employer’s systems. Companies need to ensure they consider all the basic risks to prevent this, and implement layers of defence that start with the user. As an analogy, the easiest way for a criminal to get into someone’s home is to convince the resident to let them in, for example by pretending to repair an emergency gas leak. It doesn’t matter how good the window locks are, or how sophisticated the burglar alarm is; all they need to do is knock on the front door and be convincing. Thousands of coronavirus scam and malware sites are being created on a daily basis, and we see cyber criminals taking advantage of the crisis to get access to the organisation’s money and information’. That means companies and employees need to maintain good cyber hygiene when working from home, just as they do in the office. People behave differently at home, and are often less alert to information security risks than in the office. ‘We have seen Guernsey employees posting pictures on Facebook to show their new desk at home, but these pictures risk showing confidential documents on the table and screen. This is further evidence that cyber security is a business-wide risk that needs the aligned strength of people and culture, as well as business operations and technology’. Some smaller businesses consider cyber security to be more relevant for larger organisations. ‘Weakened defences will always be exploited, whether by biological viruses or malicious actors. 43% of cyber attacks hit smaller businesses, and a breach now on top of everything else would likely be catastrophic. Luckily, there are things you can do to protect yourself, even with limited resources; we can help ensure that the scarce money is spent wisely by addressing cyber security as a business-wide risk owned by the business leadership.’ Tony concluded: ‘Now more than ever, because of the disruption and changes to business practices, companies need to take appropriate steps to protect themselves against cyber-attacks. We are committed to helping improve cyber hygiene in Guernsey. This started when I used my experience in British Intelligence to lead the review of cyber security across the Bailiwick for the GFSC, which informed the forthcoming new standards. Now at Black Arrow we are reducing our prices during this crisis, to make cyber hygiene easier for all organisations; of course, charities and non-profits can continue to contact us for help free of charge.’ https://guernseypress.com/news/2020/03/24/maintaining-good-cyber-hygiene/
With more of us working from home in the Coronavirus crisis, there is evidence of increasing attacks by cyber criminals who are exploiting those unaware of the risks, according to Tony Cleal, Director of Guernsey’s Black Arrow Cyber Consulting
Businesses are making significant changes in response to the virus, including asking employees to work from home for the first time. These new practices have often been implemented as quickly as possible, with a priority on keeping the business operations going.
At the same time, the cyber and information security consultants at Black Arrow are seeing reports from specialist intelligence and the wider media which show cyber criminals are feasting on the current chaos as they target employees and companies who let their guard down.
‘Cyber criminals usually target people, not technology, to get into their employer’s systems. Companies need to ensure they consider all the basic risks to prevent this, and implement layers of defence that start with the user. As an analogy, the easiest way for a criminal to get into someone’s home is to convince the resident to let them in, for example by pretending to repair an emergency gas leak. It doesn’t matter how good the window locks are, or how sophisticated the burglar alarm is; all they need to do is knock on the front door and be convincing. Thousands of coronavirus scam and malware sites are being created on a daily basis, and we see cyber criminals taking advantage of the crisis to get access to the organisation’s money and information’.
That means companies and employees need to maintain good cyber hygiene when working from home, just as they do in the office. People behave differently at home, and are often less alert to information security risks than in the office.
‘We have seen Guernsey employees posting pictures on Facebook to show their new desk at home, but these pictures risk showing confidential documents on the table and screen. This is further evidence that cyber security is a business-wide risk that needs the aligned strength of people and culture, as well as business operations and technology’.
Some smaller businesses consider cyber security to be more relevant for larger organisations.
‘Weakened defences will always be exploited, whether by biological viruses or malicious actors. 43% of cyber attacks hit smaller businesses, and a breach now on top of everything else would likely be catastrophic. Luckily, there are things you can do to protect yourself, even with limited resources; we can help ensure that the scarce money is spent wisely by addressing cyber security as a business-wide risk owned by the business leadership.’
Tony concluded: ‘Now more than ever, because of the disruption and changes to business practices, companies need to take appropriate steps to protect themselves against cyber-attacks. We are committed to helping improve cyber hygiene in Guernsey. This started when I used my experience in British Intelligence to lead the review of cyber security across the Bailiwick for the GFSC, which informed the forthcoming new standards. Now at Black Arrow we are reducing our prices during this crisis, to make cyber hygiene easier for all organisations; of course, charities and non-profits can continue to contact us for help free of charge.’
https://guernseypress.com/news/2020/03/24/maintaining-good-cyber-hygiene/