The latest Digital Health cyber security round-up examines research warning that airports are ill-equipped to deal with attacks from cyber space, and a report that suggest businesses that operate bring your own device policies are more likely to suffer security breaches. Meanwhile, new data suggest that cyber-attacks in Europe were up by nearly a third the first quarter of 2018.
Need to stay connected is making airports vulnerable to cyber-attacks
Holidaymakers’ need to stay connected to the digital world at all times is making airports more vulnerable to cyber-attacks, new research suggests.
A report by PA Consulting Group concluded that passengers’ desire to connect to high-speed internet services in airports is increasing demand for digital infrastructure in terminals, thus creating a bigger bulls-eye for cyber-attacks.
According to the firm, airports and aviation systems currently experience roughly 1,000 cyber attacks every month globally. This is expected to rise as airlines and airport operators bring in new technologies to allow passengers to interact with airline services, and aviation firms introduce new systems for remotely monitoring air traffic.
David Oliver, global transport security lead at PA Consulting Group, said the industry urgently needed to build resilience so as to protect infrastructure from “potentially catastrophic cyber-attacks.”
He added: “If the industry does not act now, it will find itself at increased vulnerability to cyber-attacks as new technologies become part of everyday operations.”
Businesses see breaches grow
Despite the ever-growing threat landscape, businesses are getting worse at defending themselves against cyber-attacks, according to the Institute of Information Security Professionals (IISP).
A survey of private and government sector workers revealed that cyber security breaches had risen from 9% to 18% in the past three years. Interestingly, however, more businesses reported feeling equipped to deal with cyber security incidents, rising from 47% to 66% in the same period.
The same survey also suggested that cyber security was stretching budgets as threats grew at a quicker rate than cash flow could keep up with: the number of businesses reporting increased budgets dropped from 70% to 64%, while businesses with falling budgets increased from 7% up to 12%, IISP reported.
“These results reflect the difficulty in defending against increasingly sophisticated attacks and the realisation that breaches are inevitable – it’s just a case of when and not if,” said IISP director, Piers Wilson.
“Security teams are now putting increasing focus on systems and processes to respond to problems when they arise as well as learning from the experiences of others.”
B.Y.O.D a B.A.D idea?
A study by merchant service provider Paymentsense has found that firms that practice bring your own device (BYOD) policies put themselves at higher risk of falling victim to security breaches.
Results from the study of 502 small business owners in January 2018 found that more than half (6 in 10) of firms that had introduced BYOD policies had experienced a cyber security incident in the 12 months since doing so.
Most of these were malware-related, reported by 65% of SMEs. This was followed by viruses (42%), distributed denial of service (26%), data theft (24%) and phishing (23%).
Chafic Badr, head of digital at Paymentsense, suggested that poor technology habits by staff needed to be curbed through best practice guidelines.
Badr added: “Although our study shows the popularity of BYOD amongst small businesses, it’s alarming to see so many reporting incidents since implementing these schemes. As with all cybersecurity issues, the biggest factor is the human one – employees need to be aware of their responsibilities and the risks associated with a BYOD system.
“This is particularly important when you consider personal data responsibilities in the post-GDPR landscape”.
European cyber-attacks increase a third in three months
Europe continues to present a “cyber-crime hub”, as cyber-attacks on the continent were found to have increased by nearly a third in the first quarter of 2018.
According to a threat report by ThreatMetrix that analysed 1.9bn digital transactions in Europe, cyber-attacks on businesses increased by 30% year on year between January and March.
This included some 80 million fraud attempts: ThreatMetrix found that 60 million digital transactions were rejected as fraudulent in Q1 2018, a near-50% increase compared to 2017.
Identity spoofing saw a significant uptick across the region, which ThreatMetrixs put down to the huge volume of stolen personal data uploaded to the dark web. In Germany, for example, identity spoofing more than doubled compared to Q1 2017.
Alisdair Faulkner, chief products officer at ThreatMetrix, commented: “As European digital businesses face intense onslaughts of identity abuse and fraud attacks, they need to prioritise investments in new technologies that give insight into true identity of their users in a way that is invisible to the consumer.
“This enables them to provide the low-friction experience they need to grow their business, without compromising on security,”