Tag Archives: Cyber Attack

Major life-threatening cyber attack on UK “in little doubt”

The National Cyber Security Centre (NCSC) has published its second Annual Review, in turn revealing that the organisation has prevented Britain from falling victim to nearly 1,200 attacks in the past two years. The NCSC has also warned of the likelihood of a major life-threatening cyber attack on the UK in the near future.

The NCSC states that the UK is hit by ten serious cyber attacks every week. 70% of these attacks are “undertaken by groups of computer hackers directed, sponsored or tolerated by the Governments of [hostile] countries”.

Commenting on these figures, Mishcon de Reya’s cyber security lead Joe Hancock informed Risk Xtra: “1200 attacks may seem like a large number, but the reality is that this is the tip of the iceberg. The majority of these attacks on business, Government and third sector organisations go unreported and often undetected. Behind these high profile attacks there are the millions of online crimes that affect individuals every day.”

NCSCLogoWeb

Focusing on that last point, Hancock continued: “We routinely deal with the often unreported issues. More needs to be done to back law enforcement in supporting both victims and responders to better detect and recover from cyber episodes. A focus on critical infrastructure is welcomed by everyone, but it doesn’t help the millions of victims of cyber fraud. The recent Facebook breach shows the potential downsides of large-scale data collection and reliance on single points, provided by social media to access a wide variety of services across the Internet which can act as a gateway for attackers to further data and services.”

Further, Hancock observed: “Cyber security practices are not consistent globally and an attack against a weaker link in the supply or data chain can have unanticipated consequences for companies and individuals. More is needed to help protect everyday victims of these crimes, and especially so in the international arena. It’s difficult to see how mass cyber crime can be tackled without an international consensus and consequences for nations that turn a blind eye.”

Also, Hancock outlined: “Many of the cyber incidents we deal with have a financial component, often involving the traditional banking system and not only cryptocurrencies such as Bitcoin. Driving cyber criminals out of the financial system will have an impact on cyber crime levels.”

Actions and behaviours

There are specific actions and behaviours that should be adopted now to aid readiness for inevitable cyber attacks. Steve Mulhearn, director of enhanced technologies for the UK and Ireland and DACH at Fortinet, has listed them as prevention, the harnessing of Artificial Intelligence (AI) and adaptive technology and better visibility across the network.

Prevention

Prevention is easier when all employees in the business, not just the IT Department, take responsibility for the security of the business. For example, breaches like the Bupa or Waymo hacks have raised the appreciation of the number of breaches that occur because employees are targeted. The Fortinet Global Enterprise Security Survey 2017 found that 67% of businesses say they’re planning IT security and awareness training for employees in 2018.

Harness AI and adaptive technology

Harnessing the power of AI to learn from breaches, as well analyse data and automate reactions to shut down breaches when they occur, are vital actions. Threats evolve and adapt over time as applications, technologies, configurations, controls and behaviours change, making security an arms race wherein a static solution simply will not do.

Better visibility across the network

A vital tool in this struggle is visibility. You cannot secure what you cannot see. This means control across the distributed network, including endpoints, the Internet of Things and the cloud. According to the Fortinet 2017 Survey, only a small cohort of respondents feel confident that they have full visibility and control of employee access.

*The National Cyber Security Centre’s Annual Review can be accessed online at https://www.ncsc.gov.uk/news/annual-review-2018

Leave a comment

Filed under Risk Xtra

MOBOTIX Global Partner Conference 2017 goes ‘Beyond Human Vision’

MOBOTIX has successfully completed its largest Global Partner Conference which hosted 234 participants from 46 countries to coincide with the launch of the company’s new website and a strategy that focuses on ‘Beyond Human Vision’.

The three-day event in Langmeil, Kaiserslautern included over 20 presentations covering market trends, sales strategy and technical sessions in areas such as cyber security and the Internet of Things (IoT). The breakout sessions on day three included regional updates and Expert Panels that connected partners with senior MOBOTIX product management executives, developers and solution specialists.

The Global Partner Conference also included project examples from invited customers, among them McDonald’s (Germany), Jashanmal Group (Dubai) and Belfius Bank (Belgium) as well as details of exciting initiatives in Singapore, the United States, Australia and Greece.

For the first time, MOBOTIX welcomed an expanded partner showcase including Gold Sponsorship from Konica Minolta, Genetec, Strops and Milestone Systems plus an additional 11 Silver sponsors across diverse areas such as storage, facial recognition, portable surveillance, wireless connectivity and the IoT.

MOBOTIXGPC

“Our Global Partner Conference marks the start of a new journey for MOBOTIX that begins with acknowledging our traditions before embracing the transition to a new path that welcomes the opportunities of tomorrow,” enthused Thomas Lausten, CEO at  MOBOTIX, “MOBOTIX is changing and part of that evolution is embracing a future with a new found passion and openness that includes industry standards and third party partners with the goal of delivering higher value solutions.”

Lausten continued: “Our new mission statement to go ‘Beyond Human Vision’ is at the heart of a philosophy that recognises video surveillance is part of a wider potential with MOBOTIX as a foundational platform for innovative solutions to real world challenges in manufacturing, retail, healthcare, transportation and, indeed, many other areas.”

The event coincided with the launch of a new MOBOTIX website, new company branding and the first version of a global partner locator, plus a new White Paper on the vital role MOBOTIX is playing in protecting its technologies from cyber attack.

Leave a comment

Filed under Risk UK News

ECA/SELECT Survey finds buildings at heightened risk from cyber attack

The use of cyber attacks is becoming more prevalent as an effective tool to disrupt both business and politics. As a result of this, within industry it’s vital that steps are taken to protect buildings and infrastructure against potential threats.

To find out the current state of play, the Electrical Contractors’ Association (ECA) and Scottish Trade Association SELECT surveyed a range of clients in November and December last year on their approach to cyber security.

The feedback received from the ‘Connected Technology Survey for Clients’ emanated from a range of respondents, including consultants, engineers, end clients, local authorities and facilities managers.

ecacybersurvey

The results show that almost four-in-ten clients (39%) don’t take any steps to protect smart installations in buildings from cyber threats. A further 49% cited the risk of hacking as a barrier to installing connected technology.

Steve Martin, head of specialist groups at the ECA, commented: “Given that ‘connected technology’ covers any technology, such as lighting or HVAC installations, this enables devices to communicate with each other over the Internet and undertake tasks. The risks from hacking are substantial.”

Currently, only 20% of the UK’s commercial buildings are considered to be ‘smart’. However, over the next four years, the global ‘Internet of Things’ market is expected to be worth over £1 trillion annually. “If we’re to keep pace with developments,” concluded Martin, “the issue of cyber security needs to be addressed as a matter of urgency.”

Leave a comment

Filed under Risk UK News, Uncategorized

Advent IM outlines detail for ‘Cyber for the C-Suite’ Breakfast Seminar

A breakfast seminar created exclusively for business leaders and senior Board members seeking guidance on the present cyber security threat is to be run by security consultancy Advent IM at the company’s Training Centre near the M5, Birmingham on 7 December.

With many years’ experience in senior level consulting, training and mentoring, the seminar will be delivered by Advent IM’s managing director Mike Gillespie, who’s also director of cyber strategy and research for The Security Institute. As a director, Gillespie understands the place of senior leadership in cyber resilience and risk management.

The seminar is designed to promote and enhance understanding of the organisational threats that Boardrooms need to factor into resilience strategies. Attendees will also have first access to places on the forthcoming training course, again exclusively for senior leaders and the C-Suite, which will start in March 2017.

cybersecuritychallengeuk

Gillespie informed Risk UK: “The cyber threat landscape is high on the agenda of all Boardrooms. Many businesses have felt the impact of cyber attack, either directly or through supply chain partners. No size of business is immune and no kind of service spared the attackers’ attentions, with even hospitals being struck by ransomware.”

He added: “Recent research suggests that 82% of businesses say security is a CEO or Board-level concern, with two-thirds suggesting that they’re increasing cyber security spend. The additional spend is great, but without leadership and solid strategy it may not achieve anything near its potential, and cyber risk may not be reduced. We absolutely have to make sure Boardrooms are well briefed and understand how to go about effective cyber risk management.”

*Details of the seminar and how to book can be found at: http://www.advent-im.co.uk/breakfast-seminar-7th-december-cyber-security-awareness-for-business-leaders/. Alternatively, telephone 0121 559 6699 or 0207 100 1124 or send an e-mail to: bestpractice@advent-im.co.uk

Leave a comment

Filed under Risk UK News, Uncategorized

“Faster response times needed to combat cyber threat” finds BCI survey

Two thirds of respondents to a global survey carried out by the Business Continuity Institute report that they had experienced at least one cyber incident during the previous twelve months, while 15% stated they had experienced at least ten incidents during the same period.

The frequency of these cyber incidents demonstrates exactly why it’s so important for organisations to have plans in place to mitigate them or otherwise lessen their impact.

The Cyber Resilience Report, conducted by the BCI and sponsored by Crises Control, found that there was a wide range of response times for cyber incidents. Almost a third of organisations (31%) stated that they responded within one hour. However, one fifth (19%) take a worrying four hours or more in responding to a cyber event, while almost half (44%) take more than two hours to respond. This has clear implications for the time taken to return to business as usual, and the ultimate cost of the incident to the host organisation.

IntelligenceLedSecurity2

Even if businesses wish to respond immediately to a cyber attack, the nature of the attack may render them unable to do so. The research finds that phishing and social engineering are the top causes of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months and 37% attacked by way of spear phishing.

The BCI has discovered that 45% of companies were hit by a malware attack and 24% by a Distributed Denial of Service episode. All these forms of attack will, in different ways, render an organisation’s own network either contaminated or inoperable. Their website may have been taken down and they may well have to switch off their Internet connection until they can secure themselves from further attack.

A detailed study of 369 business continuity and resilience professionals from across the world, the research also reveals that the costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

David James-Brown FBCI, chairman of the BCI, commented: “This piece of research is one of the most timely, insightful and relevant the BCI has ever produced. Cyber attacks tend to target the weakest links of an organisation. That calls for a greater awareness of cyber crime. As the cyber threat evolves, it’s crucial to stay on top of it, building long-term initiatives and regularly updating recovery plans.”

Rickie Sehgal, chairman of Crises Control, added: “Rapid communication with employees, customers and suppliers is vital for any company in terms of responding effectively to a major business disruption event such as a cyber attack. When your business is at risk, even a one-hour delay in responding to an incident can be too long. Taking more than two hours to respond, as almost half of companies appear to do, is simply unacceptable.”

Leave a comment

Filed under Risk UK News, Uncategorized

‘Demonstrating Cyber Security Readiness to Regulators through Risk Assessments’: White Paper issued by Hatstand

Specialist financial technology company Hatstand has issued a White Paper around regulators in the financial services world increasing their focus on cyber security and the need for businesses operating in this sector to view this as part of the overall enterprise risk management of a company. 

The White Paper discusses how performing a risk assessment can help a business deliver clarity, not only to the regulators, but also to the key stakeholders of its key assets concerning current status and gaps in controls and processes. A baseline assessment can then be used to evolve a Working Plan designed to mitigate the gaps and demonstrate to the regulators and stakeholders that the business is taking its cyber risk management responsibilities extremely seriously.

Cyber security is, of course, a key concern for our senior political leaders, regulators and industry professionals. However, keeping business and client data secure can be a challenge as it crosses global networks, computing and PDA devices.

Hatstand has produced a White Paper on cyber security for those companies operating in the financial services sector

Hatstand has produced a White Paper on cyber security for those companies operating in the financial services sector

Many industry experts predict that it’s not a matter of ‘If’ but ‘When’ a company will experience a cyber security breach. Indeed, it has been reported that the number of cyber security attacks increased by over 50% in 2014 when compared with the statistics recorded for the previous year.

The Security and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) have made cyber security preparedness a top priority for their 2015 member firm examinations. Furthermore, the Commodity Futures Trading Commission (CFTC) is weighing in to the debate as indicated by the recent remarks made by its chairman, Timothy Massad, who said: “Cyber security is the most important single issue facing our markets today in terms of market integrity and financial stability.”

Policies and guidelines

More countries are taking the initiative to educate their ‘net’ citizens and are creating policies and guidelines for firms and individuals to create awareness of such crimes. In Europe, the EU is putting together a Cyber Security Directive that’s planned to apply to all business sectors. Although some of the EU regulations recently passed or currently under consultation have some cyber security elements, nothing has been specifically aimed at the financial services sector.

With cyber security directly affecting clients, data, networks, hardware, software and operations, the need to protect them from theft, business disruption and destruction is paramount.

Hatstand’s White Paper evaluates why businesses need to have sound governance practices in place and recognise that cyber security is more than just an IT-related issue. It also examines how the threat of a cyber attack should be viewed as part of the overall enterprise risk management of the firm, with Board oversight and a proper risk framework covering identification, protection, detection, response and recovery.

Firms should be identifying their possible risks, assessing the likelihood of events occurring and preparing their response(s). Once armed with this information, they can then determine their risk tolerance and prioritise their cyber security counter-measures. This is an iterative process that needs to be continuously reviewed and updated as the environment is constantly changing.

*Download a full copy of Hatstand’s White Paper

Leave a comment

Filed under Risk UK News

AXELOS announces launch of Cyber Resilience Best Practice Portfolio designated RESILIA

AXELOS Global Best Practice has unveiled RESILIA, the new Cyber Resilience Best Practice Portfolio will be launched in June 2015. The Best Practice Portfolio will help organisations gain the confidence they need to recognise, respond to and recover from cyber attacks on an effective and efficient basis.

Information is critical to the success of all innovation and is precious to any organisation. It’s also valued by a range of adversaries and, with the emergence and rapid development of a globally networked information environment, it’s now easier than ever before to target and attack that information.

To address the challenges of this ever-changing landscape, AXELOS has developed the RESILIA Portfolio to encompass detailed publications, training and awareness tools.

The RESILIA Best Practice Portfolio is designed to help any organisation define what good cyber resilience looks like for them, to guide them in effectively managing their cyber risks and to bounce back following an attack with minimal reputational or financial damage.

For organisations to harness this opportunity they have to adopt an enterprise approach that encompasses people, process and technology.

The AXELOS RESILIA Best Practice Portfolio is designed to help businesses mitigate their cyber security risks

The AXELOS RESILIA Best Practice Portfolio is designed to help businesses mitigate their cyber security risks

Nick Wilding, head of cyber resilience at AXELOS, said: “Inside your organisation there’s a powerful force that can protect your reputation, safeguard your information and keep customers close – it’s your people. The focus must be on aligning strategic priorities, operational systems and architectures with the ongoing training and involvement of all people across the business. Applying RESILIA as a Best Practice tool across the enterprise will enable companies to tackle their cyber risks with renewed confidence.”

Peter Hepworth, CEO at AXELOS, added: “Our existing Best Practice Portfolio, including IT Service Management enabled by ITIL and our Project and Programme Management frameworks that encompass PRINCE2 are used by millions of practitioners around the world to successfully manage their operations and to build business value. RESILIA joins that portfolio and strengthens the ability of any organisation to be more effective.”
The RESILIA Portfolio includes:

  • Cyber Resilience Best Practice – aligned with the ITIL lifecycle – that illustrates what good cyber resilience looks like and provides practical guidance for its strategy, implementation and management
  • Cyber Resilience Awareness Learning for building your ‘cyber smart’ workforce. Multiple awareness learning modules are offered in different formats and via multiple channels to get the right information to the right people at the right time across all parts of the business
  • Cyber Resilience Foundation and Practitioner Training and Certification designed for the IT and security professional community. This provides the practical guidance required in assessing, deploying and efficiently managing good cyber resilience within business operations
  • A Cyber Resilience Maturity Management Tool that will assess your current maturity level and propose appropriate improvement action plans.

Leave a comment

Filed under Risk UK News

KPMG on cyber crime in 2015: ‘This time it’s personal’

‘This time it’s personal’ will be the motto of 2015 as cyber criminals are predicted to become more selective in the way that they target victims.

According to Stephen Bonner, a partner in KPMG’s cyber security practice, the next 12 months will see criminals move away from mass spear-fishing tactics in favour of highly-targeted ‘campaigns’ based on the data trail people leave in their online lives.

“Over the past year, the Internet of Things took its first tentative steps into the mainstream,” said Bonner, “but consumers’ willingness to adopt the latest trend has come at a price. Their desire to be seen has overtaken their desire to be secure, meaning that we can expect organised crime to find new ways in which to make money in our increasingly digitised society.”

Bonner continued: “It’s possible that our willingness to share and shop online will let criminals become more selective about who they target. They will not need to maintain the current ‘hit and hope’ approach of spear phishing, instead only attacking specific users and computers based on the data these give away about their owners.”

According to Bonner, the result will be a business world in which cyber protection matures and where Governments come together to improve ways in which confidential data is secured.

The next 12 months will see criminals move away from mass spear-fishing tactics in favour of highly targeted ‘campaigns’ based on the data trail people leave in their online lives

The next 12 months will see criminals move away from mass spear-fishing tactics in favour of highly targeted ‘campaigns’ based on the data trail people leave in their online lives

“2014 may have been a year in which hardly any time went by without news of a cyber attack,” asserted Bonner, “and the next 12 months will be no different. This time, however, third party assurance will become a burgeoning industry as firms seek to protect themselves against lawsuits for loss of data or revenue. As part of this, my hope is that EU Governments will reach agreement on data protection legislation in a post-Snowden world and implement a data breach disclosure regime.”

In conclusion, Bonner explained: “Ultimately, cyber defence will be akin to a game of whack-a-mole with more emphasis on spotting attacks, more sharing of intelligence in near real-time and enhanced efforts by companies and Governments to counter and disrupt cyber attacks as quickly as they can. However, to win the game a change in mindset is needed, with security teams necessarily having to reinvent themselves by engaging with the business to really understand its priorities and justify the budget, in turn ensuring that their efforts are focused on defending key business assets while being seen as an enabler for doing business in the digital world.”

Leave a comment

Filed under Risk UK News

UK businesses “sleepwalking” into reputational time bomb

According to research conducted by BSI, the business standards company, UK businesses are at risk of sleepwalking into a reputational time bomb due to a lack of awareness on how to protect their data assets. As cyber hackers become more complex and sophisticated in their methods, UK organisations are being urged to strengthen their security systems in order to protect both themselves and consumers.

The BSI survey of IT decision-makers1 finds that cyber security is a growing concern, with over half (56%) of UK businesses being more concerned about this issue than was the case 12 months ago. Seven-in-10 (70%) attribute this to hackers becoming more skilled and better at targeting businesses.

However, while the majority (98%) of organisations have taken steps to minimise risks to their information security, only 12% are extremely confident about the security measures they have in place to defend against these attacks.

Worryingly, IT directors appear to have accepted the risks posed to their information security, with nine-in-10 (91%) admitting their organisation has been the victim of a cyber attack at some point. Around half have experienced an attempted hack and/or suffered from malware (49% in both instances). Around four-in-ten (42%) have experienced the installation of unauthorised software by trusted insiders, while nearly one third (30%) report having suffered from a loss of confidential information.

Managing risks: key to protecting data assets

Despite confidence in the security measures they have in place, three-in-five (60%) of those organisations surveyed have not provided staff with information security training. Over a third (37%) haven’t installed anti-virus software and only just under half (49%) monitor their user’s access to applications, computers and software.

Conversely, organisations that have implemented ISO 27001 – the international Information Security Management System Standard – are more conscious about potential cyber attacks than those who haven’t (56% versus 12%). As such, 52% of organisations with ISO 27001 already implemented are extremely confident about their level of resilience against the latest methods of cyber hacking.

Maureen Sumner Smith: UK managing director at BSI

Maureen Sumner Smith: UK managing director at BSI

“The research reveals that businesses who can identify threats are more aware of them,” said Mike Edwards, information security specialist and tutor at BSI. “Our experience confirms this. We know that organisations with ISO 27001 in place can better identify the threats and vulnerabilities posed to their information security and put in place appropriate controls designed to manage and mitigate risk.”

Consumers looking to organisations that go ‘above and beyond’

As consumers are now spending more and more of their time and money online, so their vulnerability to cyber attacks is increasing. A recent survey2 showed that nearly half of consumers questioned had suffered from a cyber attack/crime event, yet only 4% have stopped using online services to reduce the risks.

Consumers are looking to companies for protection, who in turn need to safeguard themselves and their customers’ data. However, there’s an inherent lack of trust from consumers on how their data is handled by organisations, with one third of those questioned admitting they don’t trust organisations with their data.

On the other hand, there’s a level of acceptance that nothing online will ever be wholly safe, leading to a false sense of security that: ‘This will not happen to me’ among those who have not suffered from a cyber attack/crime.

Maureen Sumner Smith, UK managing director at BSI, explained: “Consumers want their information to be confidential and not shared or sold. Those who want to be reassured that their data is safe and secure are looking to organisations willing to go the extra mile to protect and look after their data.”

Sumner Smith continued: “Best Practice security frameworks, such as ISO 27001 and easily recognisable consumer icons like the BSI Kitemark for Secure Digital Transactions can help organisations benefit from increased sales, fewer security breaches and protected reputations. Our research shows that the onus is very much on businesses to wake up and take responsibility if they want to continue to be profitable and protect their brand reputations.”

References
1Research interviews conducted with 200 IT decision-makers in UK businesses employing between 250 and 1,000 members of staff. Interviews carried out in October 2014 by Vanson Bourne
2Consumer research involving 1,589 UK adults. Conducted in September 2014 by Opinion Matters

Leave a comment

Filed under Risk UK News

Cyber Europe 2014: ‘Biggest ever cyber security exercise in Europe’ states ENISA

Today, more than 200 organisations and 400 cyber security professionals from 29 European countries are testing their readiness to counter cyber attacks in a day-long simulation exercise organised by the European Union Agency for Network and Information Security (ENISA).

During the course of Cyber Europe 2014, experts from the public and private sectors including cyber security agencies, national Computer Emergency Response Teams, ministries, telecoms companies, energy firms, financial institutions and Internet Service Providers will be testing their procedures and capabilities against a life-like, large-scale cyber security scenario.

#CyberEurope2014 is the largest and most complex exercise of this nature organised in Europe. More than 2,000 separate cyber incidents will be dealt with, including Denial of Service attacks to online services, intelligence and media reports on cyber attack operations, website defacements (attacks that change a website’s appearance), ex-filtration of sensitive information, attacks on critical infrastructure (such as energy or telecoms networks) and the testing of EU co-operation and escalation procedures.

This is a distributed exercise involving several exercise centres across Europe and co-ordinated by a central exercise Control Centre.

More than 200 organisations and 400 cyber security professionals across Europe join forces today during the first phase of ENISA’s bi-annual cyber security exercise designated Cyber Europe 2014

More than 200 organisations and 400 cyber security professionals across Europe join forces today during the first phase of ENISA’s bi-annual cyber security exercise designated Cyber Europe 2014

Speaking about today’s event, European Commission vice-president Neelie Kroes commented: “The sophistication and volume of cyber attacks are increasing every day. These attacks cannot be countered if individual states work alone or just a handful of them act together. I’m pleased that EU and EFTA Member States are working alongside the EU institutions with ENISA bringing them all together. It’s only this kind of common effort that will help keep today’s economies and societies fully protected.”

Professor Udo Helmbrecht (ENISA’s executive director) added: “Five years ago there were no procedures in place to drive co-operation between EU Member States during a cyber crisis. Today, we have the procedures in place on a collective basis to mitigate a cyber crisis on a European level. The outcome of today’s exercise will tell us where we stand and identify the next steps to take in order that we make continual improvements.”

Sharing of operational information

Among other things, the Cyber Europe 2014 exercise will test procedures for the sharing of operational information on cyber crises in Europe, enhance national capabilities for tackling cyber crises and explore the effects of multiple and parallel information exchanges between private-public and private-private at both the national and international levels.

The exercise is also designed to test the EU Standard Operational Procedures (EU SOPs), a set of guidelines specifically designed for the sharing of operational information on cyber crises.

Professor Udo Helmbrecht: executive director of ENISA

Professor Udo Helmbrecht: executive director of ENISA

Increased sophistication of cyber attacks

According to ENISA’s Threat Landscape Report, which was published last year, threat agents have increased the sophistication of their attacks. It has become clear that maturity in cyber activities is not a matter for just a handful of countries. Rather, criminals in multiple countries have developed capabilities that can be used to infiltrate all kinds of targets – Governmental and private – in order to achieve their objectives.

In 2013, global web-based attacks increased by almost 25% while the total number of reported data breaches was 61% higher than in 2012. Each of the eight most prevalent forms of data breach resulted in the loss of tens of millions of data records, in turn exposing no less than 552 million identities.

According to industry estimates, cyber crime and espionage accounted for between $300 billion and $1 trillion in annual global losses during 2013.

This latest exercise simulates large-scale crises related to critical information infrastructures. Experts from ENISA will issue a report with key findings after the exercise ends.

#CyberEurope2014 is a bi-annual, large-scale cyber security exercise. It’s organised every two years by ENISA, and this year counts 29 European countries (26 from the EU and three from the EFTA) plus EU Institutions among its cohort. The exercise takes place in three phases throughout the year, as follows:

*Technical: Involves incident detection, investigation, mitigation and information exchanges (completed in April)
*Operational/tactical: Dealing with alerts, crisis assessment, co-operation, co-ordination, tactical analysis, advice and information exchanges at the operational level (taking place today and during early 2015)
*Strategic: Examines decision-making, political impacts and public affairs

ENISA's headquarters in Greece

ENISA’s headquarters in Greece

In the cyber security strategy for the EU and the proposed Directive for a high common level of network and information security, the European Commission calls for the development of national contingency plans and regular exercises, testing large-scale networks’ security incident response and disaster recovery capabilities.

ENISA’s new mandate also highlights the importance of cyber security preparedness exercises in enhancing trust and confidence when it comes to online services across Europe. The draft EU SOPs have been tested over the last three years, including during the course of Cyber Europe 2012.

Leave a comment

Filed under Risk UK News