Posts Tagged :

Security

Five: The average number of cybersecurity incidents UK business report each year

399 226 Stuart O'Brien

Attackers are seizing on vulnerabilities in hybrid working environments, creating more work – and also larger budgets – for security teams, despite organisations accelerating digital transformation projects.

The latest State of Security Report from Infblox, which surveyed 100 UK respondents in IT and cybersecurity roles in the UK as part of its global sample, discovered that the recent surge in remote work has changed the corporate landscape significantly.

In fact 64% of UK organisations have accelerated digital transformation projects in order to support remote workers since 2020. This is higher than the global (52%) average.  

  As part of this shift just under half (49%) of organisations have increased customer portal support for remote engagement and 43% have added resources to their networks and data basis. Given that over a third (34%) have close their physical offices for good, this investment may prove to be a strong strategic move.  

Cybersecurity still causing headaches   

An increased digital footprint inevitably brings increased digital risk and the reality of a hybrid workforce is causing headaches for IT teams and business leaders. The data reveals that the loss of direct security controls and network visibility has half (50%) of UK companies more concerned about data leakage than anything else. Almost as many (45%) are worried remote worker connections will come under attack.    

It appears that organisations have good reason to worry, given the report found that 61% experienced up to five security incidents in the last year. However, there is some good news: 66% report that these incidents did not result in a breach. This may be because 73% were able to detect and respond to a security incident within 24 hours.   

Of the 44% reporting a breach, insecure WiFi access (47%) was the biggest cause. The data also suggests that UK workers are continuing to fall for phishing scams. In fact 4 in 5 (82%) breaches reported in the last 12 months were caused by this attack method. Phishing usually signals the need for or failure of employee and customer security awareness training that require technological backstops  

Defense in depth   

Infoblox’s report discovered that the majority of organisations are investing heavily in security tools to protect their hybrid environments. In fact, 59% of respondents saw bigger budgets in 2021 and 64% anticipate an increase in 2022.   

Many are turning to defense-in-depth strategies, using everything from data encryption and network security to cloud access security brokers and threat intelligence services to defend their expanded attack surface. As part of this, almost half of organisations (47%) are relying on DNS (Domain Name System) to block back traffic.    

“The pandemic shutdowns over the past two years have reshaped how companies around the world operate,” said Anthony James, VP of Product Marketing at Infoblox. “Cloud-first networks and corresponding security controls went from nice-to-have features to business mainstays as organisations sent office workers to work from home. To address the spike in cyberattacks, security teams are turning to DNS security and zero trust models like SASE for a more proactive approach to protecting corporate data and remote devices.”  

The full report is available for download here.  

DASA on the hunt for human augmentations that can benefit defence and security

960 640 Stuart O'Brien

The Defence and Security Accelerator (DASA) has launched a new Innovation Focus Area (IFA) called Human Augmentation, seeking proposals which present GAN solutions to operational challenges for UK Defence and Security, where the human performance is the limiting factor for delivering operational effect.

DASA expects to fund proposals to a value around £70K, which provide a proof of concept within a 6 month contract

HA is the use of Science and Technology (S&T) to temporarily or permanently modify human performance. DASA says that as the battlefield becomes more complex and more advanced technologies become available, the operational demands and technical challenges on our defence and security personnel will increase.

It is vital to explore if human augmentation technologies can be harnessed safely, legally and ethically to develop enhanced levels of operator (and system) performance in military and security capability.

DASA is interested in GAN technologies that deliver a competitive advantage to UK Defence and Security by:

  • optimising physical and/or psychological performance
  • enhancing physical and/or psychological performance
  • enabling an individual to work for longer at a desired level (baseline) of performance
  • supporting performance restoration

Examples of candidate HA technologies include, but are not limited to:

  • wearable assistive devices (e.g. exoskeletons and technologies to enhance senses)
  • sensory enhancement technologies
  • nutritional supplements
  • pharmacological interventions
  • manipulation of the microbiomes
  • neurotechnologies
  • novel materials
  • implantable devices
  • synthetic biology
  • cross reality
  • robotics
  • artificial intelligence

Companies with a ‘solution or novel approach’ that may help contribute to the portfolio of human augmentation capabilities and promote UK Government’s understanding of their appropriate (potential) use can submit their interest here.

Physical security market to hit $243.6bn by 2031

960 640 Stuart O'Brien

The global physical security market is projected to expand at a CAGR of 8.10% between 2021 and 2031 to reach $243bn, driven by uptake in BFSI, retail, and manufacturing to counter the increasing risk of real-world threats, such as unauthorized access and natural disasters.

The latest report from Transparency Market Research says the need for robust operational control over disparate physical security systems to keep people, assets, and facilities safe from real-world threats is fueling the growth of the physical security market.

Meanwhile, the integration of Industrial Internet of Things (IIoT) and IoT has led to an increasingly interconnected network of Cyber-Physical Systems, which diminishes the distinction between physical security and cybersecurity.

The deployment of a large number of security systems in organizations that has increased the complexity of managing and controlling incidents due to gap in communication with other systems has led to the rise in security breaches.

Changing work practices over the past few years wherein enterprises rely on both physical and virtual ecosystems hosted on public or private clouds to expand business capabilities is susceptible to real-world threats. This stimulates demand for physical security solutions.

Physical Security Market – Key Findings of Report

  • Need for recurring security of IoT ecosystems increases with rise in value of assets and number of connected devices. The fragmented and distributed nature of IoT is subject to larger attack surface with proximity to devices. Lack of sufficient physical security can pose severe security threats to the IoT ecosystem and lead to security breach, thus driving growth of physical security market.
  • Consistent technological advancements in physical security solutions such as smartphones, video surveillance, and RFID key card door locks that protects data from unauthorized users amplify demand for physical security solutions
  • Innovations in cloud computing and IoT expands vistas for the physical security market. Advent of novel technologies protects networks and data from physical activities that can cause serious loss or damage to an agency, institution, or business enterprise.
  • Presence of a robust technology underlying physical security systems does not require control box to control all operations; verifications in physical security system occur at the credential scanner
  • Significance of credential scanner lies in verification of physical security systems, which is connected to a network and provides safety solutions to IoT ecosystem
  • North America is anticipated to hold the leading share of the physical security market during the forecast period. Significant rise in demand from BFSI and government sectors for physical security solutions for safety of personnel, software, hardware, networks, and data from is creating opportunities in the physical security market of North America.

OPINION: Is the UK prepared for smart city threats?

960 640 Stuart O'Brien

By Professor Kamal Bechkoum (pictured), Head of the School of Computing and Engineering at University of Gloucestershire

People across the UK are increasingly living in smart cities – urban spaces packed with technology that receives, processes and transmits data on a 24/7 basis.

But despite the very real benefits on offer, the threat of cyberattacks to homes and businesses is increasing, writes Professor Kamal Bechkoum, Head of the School of Computing and Engineering at University of Gloucestershire:

On average we create 2.5 quintillion bytes of data, or one billion billion bytes, every day. Smart cities gather vast quantities of this ‘big data’ from digitally-linked objects and our online activities, and then use this to improve new services and products that aim to make city living better.

In ‘connected places’ this might involve any ‘Internet of Things’ connected system, ranging from better traffic management and pollution control, through to improved security, public transport and intelligent street lighting.”

Smart cities gather vast quantities of this ‘big data’ from digitally-linked objects and our online activities, and then use this to improve new services and products that aim to make city living better.

Although this offers the potential to transform our lives, it also comes with the same privacy concerns posed by any large-scale digital transformation.

While tracking, monitoring and automated systems can enhance safety, productivity and cost-effectiveness, potentially unethical and ongoing surveillance, along with the ever-present threat of cybersecurity breaches, can negatively impact people’s lives in new and unexpected ways.

The Cityware project, for example, tracked the physical interactions of 30,000 people using a combination of Facebook profiles and smartphone signals, resulting in reports that almost 250,000 owners of Bluetooth devices, mostly mobile phones, were spotted by Cityware scanners worldwide.

Privacy International, a UK charity with a stated aim of ‘defending and promoting the right to privacy across the world’ puts it like this: “Next time you’re lured into a coffee joint with the promise of free WiFi, be aware that what you are doing online could potentially be exposed especially, as is often the case, if the WiFi network does not require a passcode to get online.

“Unsecure networks like this make it easier for cybercriminals to eavesdrop on what you do online. You should also be aware of ‘rogue’ WiFi hotspots, which might deliberately use a name similar to the coffee shop you’re currently sitting in but has nothing to do with them. So be careful before you connect to ‘Stirbucks_wifi.’” It’s an easy slip-up to make.

Data generated by smart city infrastructure can even be culled from sources such as unprotected parking garages, EV charging stations or surveillance feeds, all of which offer cyber attackers targeted personal information that could be exploited for fraudulent transactions and identify theft.

A new report from the Department for Digital, Culture, Media & Sport shows that while cyberattacks are becoming more frequent, only 13% of businesses are using managed IT providers to review security risks.

In addition the National Cyber Security Centre (NCSC), a part of GCHQ, has published guidance for local authorities on how to secure connected places and notes that critical public services need to be protected from disruption.

One of the biggest challenges for smart city progression is a lack of technical skills, local authority funding, regulatory hurdles for large-scale projects, and low public trust in digital initiatives.

Research has found that security and privacy concerns have been raised about the use of smart city technologies, particularly those that collect data about citizens’ behaviour, public services or critical infrastructure.

Smart city projects may also raise inequality issues if the benefits or projects are not experienced equally by rural and urban communities, of if they disadvantage those without digital skills or access to digital technology such as smart phones.

The weakest link in any chain can have detrimental effects for an entire urban environment. To address this, councils and city planners should always invest in the data security of their cities’ critical infrastructure to minimise risk and ensure reliable and secure smart systems.

It is important to employ frameworks that promote a common security language wherever possible, and feature protocols for ‘Industry 4.0’ – shorthand for industrial digitalisation – that:

  • Identify specific security levels between cooperating partners and companies across a supply chain, covering the three essential cybersecurity components: People, processes and technologies
  • Include rigorous, transparent, and replicable testing of all new tools and technologies before they are introduced

These points are the minimum steps to take when introducing smart city living protocols. Longer term, if the UK is to move forward in the current hybrid divide that exists between office and home-working driven by the COVID-19 pandemic, there is an urgent need for legislative authorities and organisations to address their digital transformation plans.

Ultimately these actions are best guided by a strategy which addresses data-gathering legalities and key cybersecuritycomponents to ensure risk is appropriately managed at every stage of the process.

Protecting the Nation’s Critical Infrastructure’s Against Cyber Attacks is a key theme of this year’s University of Gloucestershire and C11 Cyber Security and Digital Innovation Centre ‘Cyber Tech Symposium’ on Thursday 7th July, 2022.

Industry leaders to appear at CYBERUK 2022 conference

960 640 Stuart O'Brien

Two of U.S. President Joe Biden’s key advisers on cyber security will join representatives shaping the UK’s digital landscape at a flagship summit in Wales next month.

CYBERUK 2022 will see the ICC Wales in Newport transformed into a vibrant celebration of the digital age, with over 1,500 attendees from industry, academia and government brought together to engage in interactive workshops, see exhibitions of emerging technology and listen to keynote speeches from leading experts. Among those delivering speeches will be:

  • Rob Joyce, Director of Cybersecurity at the U.S. National Security Agency (NSA)
  • Jen Easterly, Director of the U.S. Cybersecurity & Infrastructure Security Agency (CISA)
  • Steve Barclay MP, Chancellor of the Duchy of Lancaster
  • Sir Jeremy Fleming, Director GCHQ
  • Lindy Cameron, National Cyber Security Centre (NCSC) Chief Executive Officer

Lindy Cameron, CEO of the NCSC, said: “There is nothing quite like CYBERUK in the world – it brings leading private sector experts under the same roof as the Government’s national security workforce for two days of vibrant discussion, debate and displays of cutting-edge tech.

“I’m delighted to confirm senior colleagues from the U.S. cyber security community will be among an array of distinguished attendees at this year’s conference in Wales.

“There is still time to register and we strongly encourage cyber security leaders and professionals to sign-up for this rare opportunity to share their wisdom and engage with other thought leaders.”

The annual event is returning to an in-person format for the first time since 2019, and will be hosted by the National Cyber Security Centre (NCSC) – which is a part of GCHQ – at the ICC Wales in Newport on 10-11 May.

The overarching theme of this year’s event is ‘Cyber Security for the Whole of Society’, and will feature content of interest to cyber security leaders and professionals, risk owners, and interested citizens.

Building on the success of last year’s virtual event, keynote speeches will also be streamed on the CYBERUK YouTube channel in order to maximise accessibility for all.

Global employers urged to put overseas emergency plans in place

960 640 Stuart O'Brien

The current situation in Ukraine has highlighted how quickly things can escalate and the vital need for employers with overseas staff to have an emergency plan in place in case of political or civil unrest.

That’s according to Sarah Dennis, Head of International at Towergate Health & Protection said: “Employers need to be aware of the differences between security and medical evacuation plans. They must have both in place to ensure all bases are covered and they must be aware of the level of the support offered.”

Security evacuation
International medical insurance is specifically for the sick or injured. Security evacuation is different. While a political incident could result in grave physical harm or death, it is not actually a medical emergency and is unlikely to be covered by a medical emergency plan. Any region or country in which employees are working can be at risk. Terror attacks, for example, happen all around the world and often with no prior indication. With support ranging from ‘point of incident evacuation’ and ‘political or natural disaster evacuation’, to ‘security evacuation’, it is vital to take specialist advice on exactly how to offer emergency support for employees abroad.

Evacuation and repatriation
Employers and their employees abroad should be aware that evacuation is different from repatriation. With regards to medical evacuation, for example, this means that if there are no appropriate medical facilities in the employee’s current location, they will be evacuated to the nearest centre of medical excellence to undergo care. Repatriation, however, means that the employee will be transported back to their home nation for treatment. Under security evacuation, an employee may find they are taken to the nearest safe location, rather than to their home country, unless repatriation is a specific part of the support offered.

International medical insurance
International medical insurance is also crucial for any employee abroad. It must be fit for purpose, and this will be different on a case-by-case basis. If an employee falls seriously ill abroad, it is imperative that they are fully covered for all eventualities. Travel insurance is for short holidays and is not to the level required by someone working overseas.

Local expertise
Local knowledge can form an important part of the decision-making process when sending employees abroad. Guidance from experts in country can provide an insight into the situation into which staff are being sent. They will be able to give guidance on the risks associated with an area, and help employers to make informed decisions on what support is required.

Dennis added: “Support for employees abroad is not something that a company can take short cuts on, neither is it something that should be undertaken without advice. It is a very specialist area. Hopefully, employees and their employers will never have to rely on evacuation or repatriation services, whether for medical or security reasons. It is vital, however, that both are in place in case it is needed, and that the extent of the support is fully understood.”

New report reveals impact of defence sector on UK economy

960 640 Stuart O'Brien

A new economic report published has outlined the huge value of the defence sector to UK jobs, businesses and exports.

The report has been published by the Joint Economic Data Hub (JEDHub), a collaborative initiative to improve understanding of the defence sector’s contribution to the UK economy and an important deliverable of the 2021 Defence and Security Industrial Strategy (DSIS).

Key stats in the report include:

  • 10,000 – Organisations paid directly by the MOD globally in 2020/21
  • 5,000 – Estimated apprentices employed in the UK defence sector
  • $4.6 billion – Average of annual UK defence exports between 2016-2020

Minister for Defence Procurement, Jeremy Quin said: “The defence sector is driving prosperity, strengthening the economy, supporting jobs and building skills right across the UK. The first report from the JEDHub provides new insights on the value of the sector – beyond keeping us safe in times of trouble – and I am delighted to see industry and government working together to help us grow our understanding of that vital contribution. I would particularly like to thank the companies in the Defence Growth Partnership and members of their supply chains for their support in this important initiative.”

Based in the UK Defence Solutions Centre, the JEDHub is designed to provide better, consistent and impartial data to help inform decision-making processes. The JEDHub is supported by government, industry and academia. Fresh insights from the report include:

  • 37% – Number of the surveyed jobs supported by overseas sales, showing the contribution of defence exports to sustaining jobs in the UK
  • 4.6% – Increase in graduate and apprenticeships entrants into surveyed companies from 2019 to 2020
  • £45,000 – Average full-time salary for surveyed defence roles, over 16% higher than the UK mean average annual full-time salary in 2020

Chief Executive of ADS, Kevin Craven, said: “Through the collaboration between the Ministry of Defence, UK Defence Solutions Centre and industry, the JEDHub annual economic report published today shows the scale of our defence sector’s activity. Employers in this industry are investing heavily in skills and supporting tens of thousands of high value jobs that are essential to the prosperity of communities in all parts of the UK.”

The defence sector continues to invest in developing highly skilled careers for the future, with the report including an estimate from ADS of 5,000 apprentices in employment in the UK defence sector in 2020. The JEDHub survey also covers recruitment of apprentices and graduate trainees and that figure shows growth of 4.6% from the previous year.

The report also follows the recently refreshed SME Action Plan – designed to further improve engagement with Small and Medium Sized Enterprises, focusing on procurement models that are easier to navigate, a recognition of the role the MOD and its major suppliers play in supporting the whole of the defence supply chain and understanding how best to support innovation and exports for UK suppliers.

The latest data shows the MOD spent £1.1 billion directly with SMEs in 2019/20 and a further £3.4 billion indirectly through the supply chain. This accounts for 21.3% of procurement spend that year and shows procurement spending with SMEs continues to grow, with the intention of procurement spending with SMEs reaching 25% by 2022.

The government says research and development (R&D) is central to the Armed Forces being able to stay ahead of adversaries for combating future threats. The JEDHub report shows the MOD spent £1 billion on R&D in 2019/2020 noting that UK Research and Innovation estimates every £1 of public R&D investment generates around £7 of benefit to the UK. Over the past five years industry’s own private investment in UK R&D has also grown, by 8.9% across 2015-2019 to £464 million.

The government states that the JEDHub’s report is an important deliverable of the 2021 Defence and Security Industrial Strategy, building on the Dunne Report which highlighted the crucial contribution of the defence sector to UK prosperity.

In the coming year, the JEDHub aims to provide more data about the economic contribution at a national, regional, and local level.

Global physical security industry to hit $153bn in 2023

960 640 Stuart O'Brien

The global physical security industry is projected to reach $153 billion by 2023, equivalent to a CAGR of 10.3% between 2017 and 2023.

That’s according to a new report by Allied Market Research, which conlcudes that based on region, North America is the largest supplier of physical security solutions across the world.

Seapee Bajaj, a Lead Analyst, ICT at Allied Market Research, said: “North America dominates the global physical security market pertaining to increased terrorism incidence and enhanced security measures across diverse verticals including commercial; transportation, banking, financial services, and insurance (BFSI); residential; and others. Furthermore, growth in Asia-Pacific is expected to be the fastest among other regions, owing to prominent initiatives from the governments for enhancing safety and security standards.”

COVID-19 scenario according to the research:-

• The Covid-19 pandemic provided new growth opportunities as security measures have been implemented across various verticals to ensure business continuity during the post-lockdown period. The thermal cameras have been installed to detect the temperature of visitors and employees in commercial, industrial, and banking spaces.
• In residential spaces, building operators have been installing “Building Wellness” systems and various products to meet the new standards of safety for its residents.
• The demand for ACaaS and VSaaS services has grown significantly as customers want more value from their investments in the times of economic turbulence and investing less upfront capital expenditure.

The report offers detailed segmentation of the global AEC market based on type, industry vertical, and region. Based on type, the services segment contributed to the highest market share in terms of revenue in 2016, and will maintain its highest contribution throughout the forecast period. However, the system segment is projected to register the highest CAGR from 2017 to 2023.

Based on industry vertical, the education, healthcare, retail, energy & utilities, manufacturing & industrial segment collectively garnered the highest revenue share in 2016, and will maintain its dominance during the forecast period. However, the residential sector is estimated to witness the highest growth rate by 2023.

Based on region, North America is the largest supplier of physical security solutions across the world, and the U.S. leads the global market as compared to other countries. However, Asia-Pacific is expected to register a considerable growth throughout the forecast period. China leads the market in Asia-Pacific.

Key players of the global physical security market analysed in the report include Anixter International Inc., Cisco Systems, Inc., Tyco International PLC., Stanley Security, ADT Corporation, Genetec Inc., Bosch Security Systems, Inc., Honeywell International, Inc., and Senstar Corporation.

DDoS attacks were ‘bigger and more complex’ in 2021

960 640 Stuart O'Brien

Distributed Denial-of-service (DDoS) attacks decreased slightly in 2021 but are becoming larger and more complex in nature, new analysis from F5 has found.

Data collected from F5 Silverline showed a 3% year-on-year decline in the overall volume of attacks recorded in 2021. However, while volume may have declined, the severity of attacks ramped up markedly over the course of the year.

By Q4 2021, the mean attack size recorded was above 21 Gbps, more than four times the level from the beginning of 2020. Last year also saw the record for the largest-ever attack broken on multiple occasions.

“The volume of DDoS attacks has fluctuated by quarter, but the unmistakable trend is that these attacks are getting larger,” said David Warburton, Director of F5 Labs. “While the peak size of attack remained steady throughout 2020, last year we saw it climb consistently. This includes Silverline DDoS Protection tackling several attacks that were successively the largest we had ever seen by an order of magnitude.”

While most attacks recorded in 2021 were under 100 Mbps, there were some notable exceptions.

After the largest attack of 2020 topped out at 253 Gbps, there was one that struck in February 2021 measuring 500 Gbps. The record was shattered again in November with an attack weighing in at 1,4 Tbps—more than five times larger than the previous year’s record.

Targeting an ISP/hosting customer, maximum attack bandwidth was reached in just 1,5 minutes, and lasted only four minutes in total, harnessing a combination of volumetric (DNS reflection) and application-layer (HTTPS GET floods) methods.

Volumetric attacks, which use publicly available tools and services to flood a target’s network with more bandwidth than it can handle, continued to be the most common form of DDoS in 2021, comprising 59% of all recorded attacks. This represented a slight decline from 66% in the previous year, as the prevalence of protocol and application-type DDoS attacks ticked up, the latter increasing by almost 5% year-on-year.

This slight shift was underlined by changing the utilisation of protocols. 27% of attacks in 2021 harnessed TCP, up from 17% the previous year, and indicative of the requirements of more complex application and protocol-based attacks.

In terms of specific attack methods, there were some notable changes in prevalence: DNS query attacks became more common, up 3,5% year-on-year and the use of UDP fragmentation declined 6.5%. LDAP reflection also diminished by 4,6% and DNS reflection by 3,3%.

“Alongside changes in attack type, we continued to observe strong prevalence of multivectored attacks, including the 1,4 Tbps incident that utilised a combination of DNS reflection and HTTPS GETS,” added Warburton. “This was particularly true at the start of the year, when multivectored attacks significantly outnumbered single-vector assaults. It illustrates the increasingly challenging landscape for threat protection, with defenders needing to employ more techniques in parallel to mitigate these more sophisticated attacks and prevent a denial of service.”

Banking, financial services and insurance (BFSI) was the industry most targeted by DDoS attacks in 2021, subjected to more than a quarter of the total volume. That continued a trend which has seen attacks against BSFI steadily rising since the beginning of 2020.

By contrast, technology, the most targeted sector of 2020, fell into fourth place behind telecommunications and education. Between them, these four industries accounted for 75% of all recorded attacks, with a long tail of others including energy, retail, healthcare, transportation and legal that saw hardly any adverse activity.

“Even though the number of attacks tapered off slightly in 2021, the DDoS problem is by no means abating,” said Warburton. “Both the size and complexity of these attacks are increasing, demanding a more agile and multi-faceted response from defenders.

“Although it is reasonable to question the efficacy of attacks that may only last for a few minutes, threat actors know that even a short interruption to a service can have significant consequences and adversely impact brand and reputation.

“As the sophistication and variety of DDoS attacks increases, organisations will find themselves using a wide variety of measures to protect against them, including upstream controls to inspect and limit the traffic reaching endpoints, and managed service providers who can work alongside internal security teams both to prevent attacks and move quickly to mitigate those in progress.”

52% of women believe their gender is limiting their careers in the tech industry

960 640 Stuart O'Brien

Today we can celebrate many great women who have helped shape the world of technology as we know it. Nevertheless, women are still largely underrepresented in the tech industry and face many obstacles when pursuing a career in the field.

According to data presented by Atlas VPN, 52% of women believe their gender is limiting their career in tech, and one-fifth of women are thinking about leaving their current position.

Women see a lack of promotion opportunities as the most significant barrier to their career advancement in the tech industry. Overall, 38% of women surveyed cited this as a career hinderer.

For 35% of women, a lack of confidence is one of the core impediments of career continuation in tech. Meanwhile, 33% find a lack of relatable senior role models and senior sponsorship a problem.

Other tech career barriers for women include difficulty balancing work and other responsibilities (31%), and sexism and gender bias (29%).

Despite increasing discussions about gender diversity in the technology industry, men still hold the vast majority of positions in tech, even in top companies.

As of June 2021, women made up about 47% of the US workforce. However, in top tech companies like Amazon, Facebook, Apple, Google, and Microsoft, the percentage of female employees ranged from 45% to 29%.

The number of women in technical positions at these companies was even lower. On average, women occupied less than one in four technical positions (25% to 23%) at the aforementioned companies.

Overall, all of the top five tech companies had more female employees in leadership roles than technical jobs. Still, the numbers are far from parity, and gender equality in the tech workforce has a long way to go.

Ruta Cizinauskaite, the cybersecurity researcher and writer at Atlas VPN, said: “The lack of women representation in tech is an issue that has been ignored for far too long. To begin with, we should acknowledge the barriers that prevent women from continuing to pursue careers in tech and work to remove them. Only by working together can we make a difference.”