Posts Tagged :

Cyber-security

Attacks on IP-based CCTV on the rise

960 640 Stuart O'Brien

Trend Micro says it blocked five million cyber-attack attempts against internet protocol (IP) cameras during a five month period, further highlighting the risks impacting IP-based surveillance devices.

7,000 anonymously aggregated IP cameras were analysed by Trend Micro, with 75% brute force login attempts, showing a clear pattern of malicious attackers targeting IP surveillance devices with malware, such as  Mirai variants.

“More verticals are seeking connected, AI-powered video surveillance applications causing a clear paradigm shift from a relatively closed-off network to a more interconnected network operated heavily by cloud-based technologies,” said Oscar Chang, executive vice-president and chief development officer for Trend Micro. 

“Due to this shift in the landscape, manufacturers and users must pay attention to the security of these IoT devices.”

Dr Steve Ma, vice-president of engineering, Brand Business Group for VIVOTEK, said: “While the industry has known about cyber-risks, manufacturers have been unable to properly address the risk without knowing the root cause and attack methods.”

Trend Micro has suggested a shared responsibility model for all parties involved in video surveillance to help mitigate the potential impact of IoT-based threats, involving manufacturers, service providers system integrators and end users, with complete end-to-end protection and risk awareness key to a secured video system. 

Image by ElasticComputeFarm from Pixabay

Petition started for minimum IT security for UK business

960 640 Stuart O'Brien

Evaris has called for action to establish a mandatory minimum level of IT security for all businesses.

The Manchester-based business has launched a petition, backed by IT and cyber security professionals, to put pressure on the government to make the currently optional National Cyber Security Centre’s (NCSC’s) Cyber Essentials Scheme compulsory for businesses to protect them in the event of a cyber attack and reduce the cost of cyber crime to the UK economy, as well as the public.

According to the recent Cyber Security Breaches Survey, less than three in 10 (27%) businesses have a formal cyber security policy in place, while large companies reported an average of 12 attacks per year that they knew about. Six attacks per year were reported by medium-sized companies.

As a result, Evaris is calling for all businesses to take steps to prevent such attacks from occurring.

The petition aims to ensure small organisations with up to 50 employees and medium-sized firms with between 51 and 250 staff should meet at least the criteria for certification for the Cyber Essentials scheme. Large businesses (those with more than 250 employees) should at least meet the criteria for the Cyber Essentials Plus scheme.

Terry Saliba, Solutions Architect at Evaris, said: “Data shows that more than four in ten businesses experienced a cyber security breach in the past 12 months, and these are becoming increasingly sophisticated and costly for businesses across all industries.

“Unfortunately, we still see that many firms are failing to understand the extent of this issue, and so we believe this petition is vital for establishing a compulsory baseline adhered to by all businesses.

“We’re extremely pleased to see our campaign to make Cyber Essentials compulsory for all companies has gained the support of industry bodies. These organisations see the extent of the damage caused by a lack of IT security and training on a daily basis.”

Vince Warrington, CEO of Protective Intelligence, said: “I’m supporting the petition because I’ve had to deal with the consequences of cyber attacks and seen the destruction they can cause.

“At the moment, far too many companies still see cyber security as a ‘nice to have’ rather than an essential part of everyday business, or feel they don’t understand what they need to do to protect themselves. But cyber attacks are not going to simply disappear – the criminals behind them will target your business if you haven’t taken even the most basic steps to keep them out.

“By driving all companies to adopt Cyber Essentials the government can not only create a good level of basic cyber hygiene across UK Plc, but also create a regular flow of work small cyber security businesses can themselves bring onboard new staff and train them up, thus reducing the predicted shortfall in qualified cyber security experts that the country will need in the decades to come.”

In order to be certified by the Cyber Essentials Scheme, applicants must, as a minimum:

  • Use a firewall to secure their internet connection
  • Choose the most secure settings for their devices and software
  • Control who has access to data and services
  • Have protection against viruses and other malware
  • Keep devices and software up to date

Image by Gerd Altmann from Pixabay

UK businesses warned to take action to prevent cyber attacks

960 640 Stuart O'Brien

Stats from the Department for Digital, Culture, Media and Sport (DCMS) have shown a reduction in the percentage of businesses suffering a cyber breach or attack in the last year.

The 2019 Cyber Security Breaches Survey shows that 32% of businesses identified a cyber security attack in the last 12 months – down from 43% the previous year.

The reduction is partly due to the introduction of tough new data laws under the Data Protection Act and the General Data Protection Regulations (GDPR). 30% of businesses and 36% of charities have made changes to their cyber security policies and processes as a result of GDPR coming into force in May 2018.

However, of those businesses that did suffer attacks, the typical median number of breaches has risen from 4 in 2018 to 6 in 2019. Therefore, businesses and charities suffering cyber attacks and breaches appear to be experiencing more attacks than in previous years.

Where a breach has resulted in a loss of data or assets, the average cost of a cyber attack on a business has gone up by more than £1,000 since 2018 to £4,180. Business leaders are now being urged to do more to protect themselves against cybercrime.

The most common breaches or attacks were phishing emails, followed by instances of others impersonating their organisation online, viruses or other malware including ransomware.

Digital Minister Margot James said: “Following the introduction of new data protection laws in the UK it’s encouraging to see that business and charity leaders are taking cyber security more seriously than ever before. However, with less than three in ten of those companies having trained staff to deal with cyber threats, there’s still a long way to go to make sure that organisations are better protected.

“We know that tackling cyber threats is not always at the top of business and charities list of things to do, but with the rising costs of attacks, it’s not something organisations can choose to ignore any longer.”

Through the CyberFirst programme, the Government is working with industry and education to improve cyber security and get more young people interested in taking up a career in cyber.

The Cyber Discovery initiative has already encouraged 46,000 14 to 18 year olds to get on a path towards the cyber security profession, over 1,800 students have attended free CyberFirst courses and nearly 12,000 girls have taken part in the CyberFirst Girls competition. The Government’s initial Cyber Skills Strategy, published in December, will be followed by a full strategy later this year.

Business and charity leaders are being encouraged to download the free small business guide and free small charity guide to help make sure that they don’t fall victim to cyber attacks. This is available through the National Cyber Security Centre (NCSC).

Clare Gardiner, Director of Engagement at the NCSC, said: “We are committed to making the UK the safest place to live and do business online, and welcome the significant reduction in the number of businesses experiencing cyber breaches.

“However, the cyber security landscape remains complex and continues to evolve, and organisations need to continue to be vigilant.”

The NCSC has a range of products and services to assist businesses, charities and other organisations to protect themselves from cyber attacks, and to deal with attacks when they occur. These include the Board Toolkit providing advice to Board level leaders, and guides aimed at small businesses and small charities.

The threat of cyber attacks remains very real and widespread in the UK. The figures published today also show that 48% of businesses and 39% of charities who were breached or attacked, identified at least one breach or attack every month.

Cyber security is becoming more of a priority issue, especially for charities. Those charities who treated cyber security as a high priority has gone up to 75% in 2019, compared with just 53% the year before, and is now at the same level as businesses.

Small businesses and charities are being urged to take up tailored advice from the National Cyber Security Centre. All businesses should consider adopting the Ten Steps to Cyber Security, which provides a comprehensive approach to managing cyber risks. Implementation of the 10 Steps will help organisations reduce the likelihood and cost of a cyber attack or cyber related data breach.

Organisations can also raise their basic defences by enrolling on the Cyber Essentials initiative and following the regularly updated technical guidance on Cyber Security Information Sharing Partnership available on the NCSC website.

Thales announces £20m Wales security hub

960 640 Stuart O'Brien

The Welsh Government is working with Thales to establish a £20m cyber centre which will sit at the heart of its Tech Valleys programme.

The National Digital Exploitation Centre (NDEC) will be the first research and development facility of its kind in Wales, and will provide a home for SMEs and microbusinesses to test and develop their digital concepts.

It will also provide a research lab in which big multinationals can develop technology and will connect Wales to major tech centres across the UK and globally.

Not only will the cyber centre help Wales to exploit the global opportunities of digital transformation, it will also equip businesses with the skills and knowledge they need to win a greater share of large regional and national projects.

The NDEC, located in Blaenau Gwent will be delivered by Thales in collaboration with the University of South Wales (USW).

The University will run an Advanced Cyber Institute at the Centre that will provide a base for major, multi million pound, academic research, and will also operate a Digital Education Centre that will enable SMEs, schools and individuals with the skills they need to protect themselves online.

As well as providing a vital facility for Welsh SMEs and academic research, the NDEC will also root technology giant Thales firmly in the South Wales valleys. The centre will be managed by a small team, some of whom have already been recruited from the local community.

Both the Welsh Government and Thales have committed £10m each to the project which is expected to generate significant income. All elements, apart from the educational aspects of the centre, are expected to be fully self-sufficient within five years.

TheWelsh Government’s Economy Minister Ken Skates said: “The centre will help ensure that Wales exploits the global opportunities of digital transformation, provide a base for ground breaking research and will equip businesses of all shapes and sizes with the skills and knowledge they need to win a greater share of large regional and national projects.”

“I am confident that through our partnership with Thales and the University of South Wales we will work to stimulate and create employment in high value technology businesses – an ambition that is right at the heart of our Tech Valleys project.”

Gareth Williams, Vice President, Secure Communications and Information Systems, Thales, said: “We are very pleased to be working with the Welsh Government, University of South Wales and Blaenau Gwent Council to develop and deliver the NDEC. This will act as a cornerstone of our cyber security capabilities in the UK, providing a test bed for our technology, whilst also providing a catalyst for regeneration in the region.

“This highly technical and accessible facility will be a centre of cyber and digital development and education, and a connection for South Wales to major technology centres across the United Kingdom.”

Professor Julie Lydon, University of South Wales (USW) Vice-Chancellor, said: “USW is already a recognised expert in cyber security, with our Newport-based National Cyber Security Academy (NCSA) working closely with businesses to give students real-life experience in the sector.

“This expertise in preparing students for a career in industry means we are ideally placed to support the NDEC’s aim of harnessing academic research and graduate education to develop market insight, enhance technological capability, and develop a skilled labour force in Ebbw Vale and the wider South Wales region through its educational outreach, CPD courses, and support for SMEs.

“This project will be a significant step in building the region’s reputation in the ever-expanding global market for cyber graduates and research expertise.”

The Tech Valleys project is a key commitment of the Ministerial Taskforce for the South Wales Valleys.

Demand for cyber security professionals on the rise

960 540 Stuart O'Brien

A new report has revealed that nearly 40% of European firms are looking to grow their cyber security teams by at least 15% over the next 12 months.

Commissioned by security certification body (ISC)2, The 2017 Global Information Security Workforce Study was based on a survey of 19,000 global cyber security professionals, including 3,700 European security professionals.

The report also goes on to say that while European companies have the most ambitious plans for hiring security professionals, two-thirds say they have too few cyber security professionals, with Europe facing a shortage of 350,000 security professionals by 2022.

92% of the respondents admitted that they looked for previous cyber security experience when choosing candidates, with most recruitment coming from their own professional networks. Social and professional networks are preferred (48%) followed by the company’s HR department (47%).

The report calls for employers to be more proactive when it comes to embracing newcomers and a changing workforce.

Globally, the report revealed that 70% of employers are looking to increase the size of their cyber security staff by the end of 2017. However strong recruitment targets, a shortage of talent and lack of training have all contributed to the skills shortages.

“The combination of virtually non-existent unemployment, a shortage of workers, the expectation of high salaries, and high staff turnover that only increases among younger generations, creates both a disincentive to invest in training and development and a conundrum for prospective employers of how to hire and retain talent in such an environment,” the report says.

Adrian Davis, managing director for Europe, the Middle East and Africa at (ISC)2 said: “There are real structural concerns hampering the development of the job market today that must be addressed.

“It is particularly concerning that employers appear reluctant to invest in their workforce and are unwilling to hire less-experienced candidates. If we cannot be prepared to develop new talent, we will lose our ability to protect the economy and society.”

The 2017 Global Information Security Workforce Study can be viewed here.

CEO Phone

75% of CEOs using unapproved programs and applications

960 640 Stuart O'Brien

A study by data security experts Code42 has revealed that 75% of CEOs admit that they are using applications and programs that are not approved by their IT departments, playing a game of chance with critical corporate data.

Despite the known risks facing organisations today, such as data breaches, business decision makers (BDMs) and CEOs are putting critical data at jeopardy, according to the report.

Three quarters of CEOs and more than half (52%) of BDMs admit that they use applications/programs that are not approved by their IT department. This is despite 91 percent of CEOs and 83 percent of BDMs acknowledging that their behaviours could be considered a security risk to their organisation.

IT decision makers (ITDMs) say that half (50%) of all corporate data in the enterprise is held on laptops and desktops, instead of in the data centre or centralised servers. In the U.S., this rises to as much as 60%.

Simultaneously, the significance of this data to the productivity and security of the business is well understood at the top of the organisation — with 63% of CEOs stating that losing this data would destroy their business. But, awareness of the risk is doing little to change adherence to proper security practices.

“Modern enterprises are fighting an internal battle between the need for productivity and the need for security—both of which are being scrutinised all the way to the CEO,” said Rick Orloff, VP and CSO at Code42. “By using unauthorised programs and applications, business leadership is challenging the very security strategies they demanded be put in place. This makes it clear that a prevention-based approach to security is not sufficient; recovery must be at the core of your strategy.”

www.code42.com

London

‘Nearly half’ of UK businesses have suffered a cyber breach

960 640 Stuart O'Brien

Figures released by the government have revealed that nearly half (46%) of UK businesses had experienced at least one cybersecurity breach or attack in the past year, with the figure rising to two-thirds among medium and large companies.

Breaches and attacks included fraudulent emails, spyware or malware. On average, the cost of being hit for larger companies was around £20,000, but in some instances this figure went into millions of pounds.

The survey was completed by 1,500 UK businesses along with 30 in-depth interviews.

While many of the companies had basic rudimentary technical controls, only one-third had a formal policy covering cybersecurity risks, with the government warning that a “sizeable proportion” of the businesses still did not have “basic protections” in place. The report claims that attacks could easily have been prevented or dealt with if companies had taken advantage of the government’s own expert guidance.

Only 29% of companies had staff in place to specifically deal with cybersecurity.

The report describes how the threat against UK businesses is growing every day, with companies large and small facing regular attacks that are continually on the rise.

Ciaran Martin, Chief Executive Officer of the National Cyber Security Centre, said: “UK businesses must treat cyber security as a top priority if they want to take advantage of the opportunities offered by the UK’s vibrant digital economy.

“The majority of successful cyber attacks are not that sophisticated but can cause serious commercial damage. By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities.”

The report also revealed that fewer businesses in 2017 consider cybersecurity to be of “very low priority,” with 74% now agreeing that senior management had placed it as a high priority issue.

Coding

Cardiff home to Europe’s first cyber attack research centre

960 640 Stuart O'Brien

A new research centre aimed at tackling cyber attacks has been launched in Cardiff.

The Centre of Excellence in Cyber Security Analytics has been set up by Airbus Defence & Space and Cardiff University, located at the university’s School of Computer Science and Informatics. It’s the first centre of its kind in Europe.

The research carried out will aim to protect corporate IT networks, national infrastructure and intellectual property, along with data analytics and artificial intelligence for cyber-attack detection.

The university has been awarded £2 million to develop and create software that is able to detect cyber threats.

“Cyber security analytics is about improving our resilience to cyber-attacks through data modelling to detect and block malicious behaviour before it causes its full impact,” said Dr Pete Burlap, the centre’s director.

“But (it’s) also about understanding what motivates the behaviour, what its likely impact will be, and how to communicate security alerts among decision and policy-makers.”

Dr Kevin Jones, head of cyber security innovation at Airbus, said collaborating with universities was “a key approach in the future protection of critical systems”.

He said the centre would enable the rapid transfer of research into operational activities and ensure researchers are able to access the latest techniques and data.

Cyber security is a priority research area at Cardiff University, with collaborative projects receiving more than £5 million in funding from UK Research Councils (EPSRC, ESRC), Welsh Government (Endeavr Wales) and Industry (Airbus).

www.cardiff.ac.uk

NATO-Foreign-Ministers

NATO to upgrade its IT & satellite technology for 3 billion Euros

960 640 Stuart O'Brien

A senior official at the NATO Communications and Information Agency has revealed how the organisation are set to spend over 3 billion euros (£2.6 billion) upgrading its satellite and computer technology over the next three years.

Plans include a 1.7 billion euro investment upgrading satellite communications  in a bid to support troops more effectively, along with aiding the use of Unmanned Aerial Vehicles (UAVs) or ‘drones’.

The investment is a result of realisation by the North Atlantic Treaty Organisation (NATO) that modern warfare is fought as much online as in traditional air, sea and land combat, with the new technology helping to deter hackers and cyber terrorism.

It is not yet clear whether NATO allies would fund a new military communications satellite to be launched into space, or whether an increase in broadband capacity could be gained from existing US and other allied satellites.

Back in January of this year, non-NATO member Japan launched its first military communications satellite to help boost the broadband capacity of its Self Defence Forces, reinforcing an island chain stretching along the southern edge of the East China Sea.

The NATO official also revealed that proposals include around 800 million euros invested in upgrading computer systems that help command air and missile defences, although some of the funding was yet to be approved by NATO governments.

Improving the protection of NATO’s 32 main locations from cyber attacks would cost 71 million euros. A further 180 million euros is to be spent to provide more secure mobile communications for alliance soldiers in the field.

The proposals are likely to attract major Western defence contractors including Airbus Group, Lockheed martin Corp and Raytheon.

NATO prevents contractors from non-NATO companies of bidding, although Russian or Chinese suppliers are allowed if there is a specific need that allied companies cannot provide.

www.nato.int

Total Security Summit logo

Crises, CCTV and Cyber Crime top the total security summit

800 450 Jack Wynn

The global landscape has experienced a rather monumental change over the last year, with security being more relevant than ever as we go into 2017.

The first Total Security Summit of the year is determined to address these issues and uncertainties in a bespoke two-day event for security professionals.

Meet, share, connect and debate business relevant to your current and future projects with matchmade face-to-face meetings, experience a day of dining, drinks and discussion as you network with fellow business professionals and attend seminars covering a range of relevant topics.

Reaching a landmark age in political global challenges and uncertainties, it’s vital to prepare for the future, protecting crowded areas, addressing terror threats and discussing counter-terrorism is Dr Anna Maria Brudenell, Lecturer in Military and Security Studies,
Cranfield Defence and Security for the first seminar on Global Security Strategy.

As terror threats continue to rise and evolve without warning, discussing and understanding the implications is crucial to develop your security in a crisis. Chris Phillips, Managing Director, International Protect and Prepare Security Office (IPPSO) is presenting seminar 2 on Crisis Management and Communications

Video surveillance is being used in greater quantity and with higher quality expectations, with Britain among the leaders in CCTV operation, but are the benefits worth the cost? With few resources and increasing legal parameters, Simon Lambert, Independent CCTV Consultants, Lambert Associates is discussing  CCTV and Video Surveillance in seminar 3.

axis-excell-4

John Marsden, Head of Fraud, Equifax, is discussing how to identify and tackle theft as it happens, assessing risk, detecting threats and ensuring on-going training in Seminar 4: Keeping your Business’ Cash and Assets Safe and Secure

Going into your second day, and following morning networking, James Willison, Founder, Unified Security Ltd goes digital. As our dependency on technology grows, many companies are more vulnerable than ever, between data and privacy risks to ransomware, hackers are becoming more sophisticated, and businesses need to adapt quickly for Seminar 5 on Cyber Crime – the United Security Response.

With a continuing rise in companies at risk of fraud, from physical fraud to high level hacking, security needs to be tight across the board, and the final seminar before more discussion and networking addresses these fears. Fraud Prevention with David Lee, Fraud Prevention Manager, Transport for London sees the summit almost to a close.

Taking place between the 13-14 March at the Radisson Blu Hotel, London Stansted, this year’s Total Security Summit is the industry go-to for professionals.

To secure a complimentary delegate place at either of the two annual Total Security Summit events, call Liz Cowell on 01992 374 072 or email l.cowell@forumevents.co.uk.

Or, to attend either event as a supplier, call Nick Stannard on 01992 374 092 or email n.stannard@formumevents.co.uk.

For more information, visit www.totalsecuritysummit.co.uk.