A freedom of information (FoI) request has found that British regulatory authority Ofcom faced 1,658 attempted cyber attacks in October and November, including 188 malware incidents, 382 SQL injection attacks and 1,088 phishing emails.
The number of attacks faced by the broadcasting and telecoms regulator proves how important it is to have robust information security systems in place, and the range of attack vectors demonstrates the need for those systems to provide an adequate response. Ofcom successfully rebutted all attacks but other organisations may not be so well prepared.
SQL injection attacks
The Information Commissioner’s Office (ICO) last month warned about the prevalence of SQL injection attacks, having fined Worldview Ltd, a hotel booking site, £7,500 for a security breach that saw the loss of nearly 4,000 customers’ credit card details.
ICO group manager for technology Simon Rice said:
“Organisations must act now to avoid one of the oldest hackers’ tricks in the book. If you don’t have the expertise in-house, then find someone who does, otherwise you may be the next organisation on the end of an ICO fine and the reputational damage that results from a serious data breach.”
SQL injection works by targeting coding vulnerabilities in organisations’ web and mobile apps to access information. Malicious SQL statements are inserted into entry fields, which the application then mistakenly fulfils. Injection flaws remain the top vulnerability in OWASP’s Top 10.
If you’re concerned that your organisation is vulnerable to injection attacks, then you need IT Governance’s Combined Infrastructure Web Application Penetration Test.
Penetration testing will identify potential vulnerabilities in your infrastructure and web applications, and provide recommendations to improve your network security. Our expert, CREST-accredited penetration testers combine a range of advanced manual tests with a number of automated vulnerability scans, using multiple tools and techniques, to enable you to protect your organisation from malicious attack, ensure customer confidence, and make the most of the holiday season. Click here for more information >>
Phishing emails exploit users by masquerading as legitimate communications, either diverting them to malicious webpages via fake links or persuading them to open infected attachments that download malware onto their devices.
According to a recent Google study, phishing attacks work 45% of the time. If you’re concerned about your employees’ susceptibility to phishing attacks, then you need IT Governance’s Employee Phishing Vulnerability Assessment.
It will identify potential vulnerabilities amongst your employees and provide recommendations to improve your security, enabling you to have a broad understanding of how you are at risk, and what you need to do to address these risks. Click here for more information >>