What is a Bad Actor in Cyber Security?

Categories: Security

Michael Caine, Cameron Diaz, Will Smith, Barbara Streisand, Patrick Swayze, (that’s not fair), Halle Berry and even Robert de Niro have won one. ‘The Golden Raspberry Award for Bad Acting’ has been giving actors a hard time about their roles for the last 40+ years. Held the night before the Oscars, the nadir award is just a bit of fun, an ignominious slap on the back for film flops in the panel’s opinion.

I have to say, I would rather watch a Sylvester Stallone film (he holds the record for most bad actor nominations) than the other kind of bad actor. One thespian that is doing an incredible amount of damage to IT systems around the world is the cybercriminal or bad/threat actor as they are otherwise called. These con artists seem to have gone on a spree of debilitating companies and robbing them, not just of riches but of brand reputation and time.

A bad or threat actor is a cybercriminal or organisation that will do
anything to exploit vulnerabilities in your network for financial gain,
using malware, ransomware, or intercepting communications.

T-Mobile US, hacked. Some 37 million accounts with all of their personal details stolen and, it’s not the first time for the wireless network operator. Royal Mail International has been brought to an absolute standstill! The 500-year-old company was hacked and is asking customers to not use their service, whilst they solve the problem.

34,942 PayPal customers were hacked, with transaction histories and other personal information details stolen by bad actors. The NHS 111 service which provides medical advice to people in need of medical attention, was hacked.

Hackers demanded millions from Glasgow-based Arnold Clark, the car dealer who sponsors Channel 4 films, suffered a near-devastating ransom demand attack the night before Christmas. Even the Guardian newspaper has closed its doors and asked its employees, to work from home whilst it handles the aftermath of a criminal ransomware attack on the company’s IT infrastructure. Their offices were closed up until January 23rd to reduce the strain on their network.

When will it end?

Not anytime soon.

The best of times made the worst of times

Christmas is often the jewel in the crown for companies, as they look forward to that welcome seasonal spike in sales. Businesses can often see a 25% increase in receipts for the period and, with everyone focused on getting the cash register to ring and being beyond busy, it’s so easy for a staff member to inadvertently click on a link in the rush of things and that’s all it takes.

It’s so important to be ‘all the time’ cyber security vigilant about your company’s data. It takes only a split second to click on a phishing email and you will have allowed the cybercriminal entry onto your IT network and, from there, they watch.

Hackers, once in your system often won’t do anything at first, they’ll sit and watch how your company works and when the moment is right when you’re at your IT weakest, your staff at their busiest and customers at their neediest – the bad actor strikes and often with an Oscar-winning performance, which would put Laurence Oliver in the shade.

The year-on-year increase in ICO Fines

But, the ropey acting doesn’t stop there! When it comes to fining companies because of a data breach, the Information Commissioners Office (ICO) has dished out some hefty fines over the last few years. British Airways suffered a supply chain cyber-attack in 2020 and was fined £20 million, for allowing hackers access to 400,000 customers’ and staff’s personal information. The Hotel Giant, Marriott International was fined £18.4 million for failing to secure 339 million guests’ personal details worldwide, from a social engineering cyber-attack. Ticketmaster UK was fined £1.25 million as a result of a cyber-attack on the company’s Chat Bot installed on their online payments page. It’s not just global companies that are hacked, small businesses get hacked also.

‘One small business is successfully hacked every 9 seconds in the UK’
Hiscox Insurance

Getting your cyber security ducks all in a row.

It’s all about vulnerability management, where and what are the holes in your IT system? Don’t let malicious, threats, bad actors, hackers, cybercriminals, or anyone that’s not supposed to be in there, circumvent your business. It is possible to take cybercriminals on at their own game and resist their efforts; large or small companies, all you need to do to protect your company is the mindset to do it and, to keep actively protecting it.

Here are some top 10 tips to consider.

1. Do you have an active password policy in place?
2. Have you installed multifactor authentication across your company and all your devices?
3. Are your staff in the loop about Phishing emails and what to do?
4. How often do you back up your data?
5. Are all your security updates and patches in place?
6. Is all your firmware up to date?
7. Have you refreshed your cyber security policy?
8. Is your Antivirus and Firewall up to date and up for the job?
9. Who is in charge of your mobile device management?
10. Monitor your ICT activity at all times!

Protecting your company can be an ongoing challenge for some companies. At CNC, we have changed the odds favouring businesses, with our Complete cyber security solution. We position our customers and their businesses ahead of cybercriminals, with both predictive analysis and a 30-point technology plan to secure their data. If you would like the same kind of peace of mind, contact us at 01273 384100 for further details or email sales@cnc-ltd.co.uk. Protect your company now.