The BA Hack is focusing minds

Simple Cyber Risks are being missed as large enterprise organisations focus too much attention on investment in the tooling they need to collect the critical intelligence on the increasing number of sophisticated Cyber threats hitting their networks every day.

This investment in Cyber detection and protection services is missing simple security measures that stop malicious traffic in its tracks, and like your House Alarm, act as a deterrent to Cyber Criminals.

Unfortunately, this is only one part of a much bigger picture.

These are the 2 stand-out risks highlighted by the recent BA Hack that should not have been missed.

 

Free SSL Certificates

Free Certs Problem

Cyber Criminals are using free SSL certificates to legitimise their fake websites. Free SSL certificates are issued by certificates authorities who do not check the authenticity of the website owner and criminals are using this security hole to acquire them without going through any checks.

This means that you can be fooled into giving your payment card details and other personal data to Cyber Criminals even when you are told the site is SECURE by the new browser security indicators.

This was part of the method used in the BA hack.

LEI EV SSL Solution

BA could have implemented Brand Monitoring & Protection Services to track down the offending spoof site, blocked it and advised customers to avoid using it.

Consumers should look for an EV SSL certificate in the browser’s address bar, which is the only way of determining the authenticity of the website they are visiting. It presents the organisation’s name clearly as the organisation has been vetted and the ownership of the domain has been verified by the issuing Authority. Free certificate providers do not check the authenticity of the site owner.

Get LEI EV SSL Certificates Today

Security of Code

Security of Code Problem

The BA Hackers also compromised unsecure website code to redirect users to their fake site, which then collected the payment card details of 380,000 BA customers.

Cyber Risk Manager Solution

This hack could have been prevented by cleaning and securing the code, using a Code Signing Certificate before it was published on the BA.com website.

Cyber Risk Manager offers a complete solution to the millions of Cyber Risks affecting UK businesses on a daily basis.

We protect your customers, employees and supply chain, so you can do business safely and securely.

GDPR

We do the hard work: you complete the Q&A and we give you the compliant fix.

No cost consultation.

Simple and effective Compliance Reporting.

Automated monitoring of your compliance state.

Vulnerability Scan

Standards-based security scan of your websites and Cloud Services (NIST, SANs, OWASP).

Identifies security gaps and weaknesses in your Cloud Services & Websites.

Gives you the tools and expertise to fix them.

Automates the monitoring of your compliance state.

Code Scan

Looks for security holes in your application code and get a remediation plan.

Tracks down known vulnerabilities and poor coding practice.

Recommends a remediation plan.

Monitors the security state of new and existing application code.

Network Scan

Finds the weak spots across your Network and Devices, and fix them.

Identifies the security holes in your network and user devices.

Gives you the tools and expertise to fix them.

Automates network security reporting and protection.

Secure Your Cloud Services, Network & Apps

Trusted By

We help to protect some of the UK’s leading organisations