Tag Archives: IT security

WannaCry Ransomware Outbreak Drives Surge in Security Software Sales

It’s that time again when hundreds of exhibitors showcase the most relevant IT security solutions and discuss the issues that keep businesses awake at night at this week’s Infosecurity Europe show in London. Ransomware, IoT, Business Email Compromise, these are just some of the hot topics being discussed at the annual event.

It’s been over three weeks since WannaCry caused widespread chaos as it wormed its way through servers and PCs across the planet. The threat itself has at this stage largely been contained, but now the dust has settled on one of the highest profile malware campaigns in recent memory, we thought it would be useful to examine whether there’s been any impact on channel sales.

The 4000% year over year increase in Week 20 security sales is a strong indicator that organisations have indeed been prompted by the ransomware outbreak to invest in cybersecurity tools.

A global incident
Cyber attack campaigns don’t come much bigger than WannaCry. The exact scale of the incident is still not fully known, but after less than two days the ransomware had infected over 200,000 users and organisations across 150 countries, according to Europol. In fact, the total number of infections could now be in the millions, according to reports. It featured two NSA exploits, dubbed DoublePulsar and EternalBlue, which had been published online by a group known as the Shadow Brokers. It’s widely believed that another group then took these and repackaged them so that, once on a target network, the malware searched worm-like for other machines to infect, both inside that network and externally.

The speed and scale with which WannaCry spread raises some interesting questions about the state of security in many organisations. For one thing, it exploited a known Windows vulnerability, patched weeks earlier by Microsoft after the NSA informed the company. That tells us many organisations and consumers fail to follow best practice security by keeping their systems up-to-date at all times.

It also highlighted the catastrophic real-world impact that malicious code can have. Scores of NHS organisations were affected and had to shut down key IT systems, causing the cancellation of operations, chemotherapy sessions and other patient appointments. For companies, a similar outcome will have led to lost productivity and service outages, impacting the bottom line and brand reputation.

Prioritising security
It’s perhaps not surprising, therefore, that CONTEXT data tells us the WannaCry outbreak generated a significant rise in cybersecurity channel sales. We tracked license sales for two categories: Security Suites and Mail Security. The combined figures reveal that sales increased by 4,090 times from week 20 in 2016 to week 20 in 2017. More telling still is the fact that 1.2 million units were sold in the weeks post-WannaCry, compared to a normal run-rate of 20-50,000 units per week.

Cybersecurity specialists need to tread a fine line when engaging with prospective customers, between educating the market and straying into the territory of over-hyping threats to sell products. Yet the uptick in sales following WannaCry shows us that such incidents can certainly focus the minds of IT buyers, and move certain purchases up the priority list.

by MK

Leave a comment

Filed under Enterprise IT, Security, Uncategorized

Introducing the Smart Home Cyber Security Manifesto

Last week CONTEXT hosted the retail segment of the Smart Homes & Building Association (SH&BA) ‘Smart Home Breakthrough’ summit. The event brought together leading technology providers, retailers, academics and industry bodies to discuss privacy and security in the smart home. It was a groundbreaking day with an exchange of varying perspectives from retailers, consumer associations, industry, Government and academics about how we approach the increasingly connected home, the data that it generates, and what this all means for the end-consumer.

Cyber security in the smart home is an increasingly important topic that will underpin the smart home breakthrough. CONTEXT recently participated in Sky News’ technology show Swipe to discuss this, and the key message is that consumers need to acquire both the confidence in the technology, and learn about their responsibilities for protecting their data and their privacy. This is brought into sharp relief because of continued company data breaches.

So in preparation for the summit, we developed an industry manifesto aimed at manufacturers and services providers. The manifesto formalises much of the current discourse on smart home security, providing a range of principles to be taken into consideration during the development of smart home devices, appliances and services.

Many leading industry voices contributed invaluable insight including Dixons Carphone, Euronics, the Which Association, the SH&BA, Intel, D-Link, Deutsche Telekom, and Nottingham Universities. The recommendations for building consumer trust in the smart home sit across three categories; data security, data policy and consumer support.

The Smart Home Cyber Security Manifesto

Data Security

  1. The smart home must be secure by design – Security cannot be added as an afterthought. Products and services must be secure across design, development, promotion and maintenance stages, and throughout the entire supply chain.
  2. The smart home must be able to authenticate all users – From knowing your heating preferences, to recommending which movie to watch, it is vital that everyone connected to the home network can be accounted for.
  3. All data that flows through the smart home must be encrypted – This is especially true of the personal and financial data of users.
  4. More must be done to deliver end-to-end security – As most smart home devices and services will connect through the cloud and other data centres, each step must be secure and not endanger the end-user.

Data Policy

  1. Companies must adopt transparent data policies – It must be made explicitly clear what personal data is collected and what that data is then used for. Consumers must be told if any company sells their data to marketers or any other third-party.
  2. All smart homes must offer the same level of privacy as homes do now. That means when the doors are closed, and the curtains pulled down, no company or person should expect to be able to access any activity of the home owner.

Consumer Support

  1. All smart home devices and services must be accessible and understandable for all users, regardless of technical prowess – The end-user should never be blamed for a security vulnerability that arises in the installation or the running of a product or service.
  2. All devices and services must launch with long-term support – This means regular security updates and on-going support must be made available to ensure consumer peace of mind.

If the smart home industry acts on these recommendations, we believe that consumer trust will grow and adoption of the smart home will accelerate.

We are very interested in hearing your thoughts on this manifesto, so please do not hesitate to get in touch.

by AS

 

Leave a comment

Filed under Home automation, Smart Home, Smart Technology