Octree Observer

  • Alert: New Wave of Ransomware is Bypassing Security

    by : Octree

    Your traditional anti-virus solution is defenseless to this attack!!!

    My thanks to Jonathan Crowe from Barkly for this article. Illuminating and very, very worrying. You really need to act now.

    Key details:
    • Type of attack: Ransomware hidden in NSIS installer files
    • Attack vector: Email
    • Damage: As of yet unknown, but researchers have spotted a major uptick in infections beginning in December

    A new slew of ransomware campaigns are infecting companies thanks to an improved method of avoiding detection — hiding malicious code deep within NSIS installers.

    According to researchers at Microsoft, adoption of the technique appears to be widespread, with Cerber, Locky, and other popular ransomware families all getting in on the act in
    "a collective move by attackers to once again dodge AV detection."

    Beginning last December, the volume of these attacks has experienced a significant uptick, putting more and more companies at risk.

  • 75% of UK consumers won't do biz with a company that has been hacked

    by : Octree

    Three quarters of UK consumers would stop doing business or cancel memberships with an organisation if it was hacked.

    New research from Centrify discovered that 73 percent of consumers in the UK admit that it has become normal or expected for businesses to be hacked, yet only half feel they are taking enough responsibility for their customer's information security. The survey evaluated responses from 2,400 people across the UK, Germany and the US.

    About two thirds of respondents in each studied country rated organisations as a nine or 10 on a 10-point scale when it comes to how responsible they should be for preventing hacks and securing the personal information of their customers.

    Those that are more than likely to take their business elsewhere following a data breach include individuals who have had their personal information compromised previously in a hack, tech savvy people and those who shop regularly online.
  • What should business owners do on Monday morning?

    by : Octree

    Over the weekend there has been much publicised and printed regarding the recent breach at TalkTalk but we’ll leave it to the ongoing investigation by the appropriate authorities to report on the facts in due course.



    It has however raised calls by leading business organisations for urgent action to be taken to tackle cyber-crime with the Institute of Directors (IOD) claiming only “serious breaches” of crime make the headlines but attacks on British businesses “happen consistently”.

    Little over 12 months ago the UK Government launched a cyber hygiene standard for businesses called Cyber Essentials, by implementing Five Key Controls it is claimed that around 80% of cyber-attacks could be prevented if businesses implemented controls covering.....
  • 90% of data breaches could be avoided

    by : Octree

    Online Trust Alliance advises a best practice approach to information security

    The Online Trust Alliance (OTA), the global non-profit organisation "with the mission to enhance online trust and empower users, while promoting innovation and the vitality of the internet", released its 2015 Security & Privacy Best Practices and Security & Privacy Risk Assessment guides last week.

    According to its analysis of “nearly 500 breaches reported in the first half of 2014", more than "90% could have been avoided had simple controls and security best practices been implemented."

  • UK businesses suffer £10.5 billion in losses due to inadequate IT security

    by : Octree

    The vast majority of UK businesses remain behind the global curve for data protection

    A recent data protection study conducted by EMC revealed the impact of data loss and downtime on businesses across the globe, amounting to over £1 trillion in financial losses annually, £10.5 billion of that in the UK alone.

    Examining organisations across 24 countries — their adoption of various data protection strategies and abilities to fully employ them — the report demonstrates that companies are still unable to successfully meet the challenges presented with emerging data storage, mobile and cloud technologies. In the UK some 200 IT decision makers, in businesses of more than 250 employees, across both private and public sector organisations were interviewed.

    According to EMC, businesses are still quite hesitant to disrupt their “complex” workloads by strategically creating data protection plans. In the UK the vast majority of businesses remain behind the global curve for data protection and maturity, with only two percent cited as “leaders” in the field, and eleven percent as “adopters.” This is especially surprising considering that more than three quarters of UK enterprises are “not confident” of full recovery after a disruption, and already this year 60 percent have suffered downtime and 23 percent suffered data loss in the UK.
  • Londoners agree to give child away in return for free WiFi

    by : Octree

    Hundreds trapped and exposed by fake 'poisoned' WiFi hotspot.

    My thanks to SC Magazine for this article once again highlighting the reckless and carefree way we access public wifi.

    Researchers have exposed the public's “reckless” attitude to WiFi security by trapping hundreds of people in a free “Trojanised” hotspot in London that harvested their account details - and even got people to sign away their first-born child in its terms and conditions agreement.

  • It’s a fact……….small businesses know nothing about cybercrime!

    by : Octree

    SMEs face a relentless barrage of cyber threats today.

    What a way to start the week! A 7.30am Monday breakfast meeting to highlight cybercrime and how it threatens SMEs, organised by our Chamber of Commerce, and hosted by the good people of PwC. Charlie McMurdie was the keynote presenter, formerly Head of Law Enforcement National Cyber capability, Police Central e-Crime Unit, and now Senior Cyber Crime Advisor at PwC.

    And Charlie pulled no punches when, in a hopelessly short period of time, she delivered a whistle-stop assessment and some very high profile examples of the online threat posed by cyber criminals. What is really frightening is how organised these criminal gangs are, as well as astute and skilful computer hackers. And the expectation of almost complete anonymity as well as abundant financial rewards further amplifies their motivation.
  • The ex-employee menace: why companies need a security 'exit' strategy

    by : Octree

    Insider threat to corporate data

    Rogue employee, internal threat, security awareness training, internal security, (whatever you can think of that people may use to search!)

    It would appear that few SMEs take the threat of a rogue employee seriously, and even fewer consider the implications after they have left. Yet the threats from rogue access are vast, from lost critical data to compliance failures, leading to potentially crippling damages. Read Edward Snowden as a high profile recent example.
  • GOZeus, Cryptolocker and other deadly creatures (Part 2) [And how to avoid them]

    by : Octree
    I sincerely believe I would be hard pushed to find a business owner / partner / manager who has not been beaten around the head with news of the latest cash stealing, file locking trojan that is infiltrating computer systems on a global and prolific scale. Not least because every news medium, whether online, hard copy or television, as well as a plethora of industry newsletters and periodicals, has covered the threat story in some detail and at considerable length. The FBI has also given us two weeks until the end of the world! And, we have also witnessed, possibly for the first time, government departments and business advisory networks such as the Federation of Small Businesses (FSB) highlighting this highly dangerous and very real threat in isolation.

Octree Cyber Essentials
Cyber security – don’t know where to start?
Talk to Octree, specialists in helping SMEs achieve Cyber Essentials status.
GDPR Survey

Recent Posts

Blog Categories

Blog Archive