Tag Archives: Cyber Attack

Major life-threatening cyber attack on UK “in little doubt”

The National Cyber Security Centre (NCSC) has published its second Annual Review, in turn revealing that the organisation has prevented Britain from falling victim to nearly 1,200 attacks in the past two years. The NCSC has also warned of the likelihood of a major life-threatening cyber attack on the UK in the near future.

The NCSC states that the UK is hit by ten serious cyber attacks every week. 70% of these attacks are “undertaken by groups of computer hackers directed, sponsored or tolerated by the Governments of [hostile] countries”.

Commenting on these figures, Mishcon de Reya’s cyber security lead Joe Hancock informed Risk Xtra: “1200 attacks may seem like a large number, but the reality is that this is the tip of the iceberg. The majority of these attacks on business, Government and third sector organisations go unreported and often undetected. Behind these high profile attacks there are the millions of online crimes that affect individuals every day.”

NCSCLogoWeb

Focusing on that last point, Hancock continued: “We routinely deal with the often unreported issues. More needs to be done to back law enforcement in supporting both victims and responders to better detect and recover from cyber episodes. A focus on critical infrastructure is welcomed by everyone, but it doesn’t help the millions of victims of cyber fraud. The recent Facebook breach shows the potential downsides of large-scale data collection and reliance on single points, provided by social media to access a wide variety of services across the Internet which can act as a gateway for attackers to further data and services.”

Further, Hancock observed: “Cyber security practices are not consistent globally and an attack against a weaker link in the supply or data chain can have unanticipated consequences for companies and individuals. More is needed to help protect everyday victims of these crimes, and especially so in the international arena. It’s difficult to see how mass cyber crime can be tackled without an international consensus and consequences for nations that turn a blind eye.”

Also, Hancock outlined: “Many of the cyber incidents we deal with have a financial component, often involving the traditional banking system and not only cryptocurrencies such as Bitcoin. Driving cyber criminals out of the financial system will have an impact on cyber crime levels.”

Actions and behaviours

There are specific actions and behaviours that should be adopted now to aid readiness for inevitable cyber attacks. Steve Mulhearn, director of enhanced technologies for the UK and Ireland and DACH at Fortinet, has listed them as prevention, the harnessing of Artificial Intelligence (AI) and adaptive technology and better visibility across the network.

Prevention

Prevention is easier when all employees in the business, not just the IT Department, take responsibility for the security of the business. For example, breaches like the Bupa or Waymo hacks have raised the appreciation of the number of breaches that occur because employees are targeted. The Fortinet Global Enterprise Security Survey 2017 found that 67% of businesses say they’re planning IT security and awareness training for employees in 2018.

Harness AI and adaptive technology

Harnessing the power of AI to learn from breaches, as well analyse data and automate reactions to shut down breaches when they occur, are vital actions. Threats evolve and adapt over time as applications, technologies, configurations, controls and behaviours change, making security an arms race wherein a static solution simply will not do.

Better visibility across the network

A vital tool in this struggle is visibility. You cannot secure what you cannot see. This means control across the distributed network, including endpoints, the Internet of Things and the cloud. According to the Fortinet 2017 Survey, only a small cohort of respondents feel confident that they have full visibility and control of employee access.

*The National Cyber Security Centre’s Annual Review can be accessed online at https://www.ncsc.gov.uk/news/annual-review-2018

Leave a comment

Filed under Risk Xtra

MOBOTIX Global Partner Conference 2017 goes ‘Beyond Human Vision’

MOBOTIX has successfully completed its largest Global Partner Conference which hosted 234 participants from 46 countries to coincide with the launch of the company’s new website and a strategy that focuses on ‘Beyond Human Vision’.

The three-day event in Langmeil, Kaiserslautern included over 20 presentations covering market trends, sales strategy and technical sessions in areas such as cyber security and the Internet of Things (IoT). The breakout sessions on day three included regional updates and Expert Panels that connected partners with senior MOBOTIX product management executives, developers and solution specialists.

The Global Partner Conference also included project examples from invited customers, among them McDonald’s (Germany), Jashanmal Group (Dubai) and Belfius Bank (Belgium) as well as details of exciting initiatives in Singapore, the United States, Australia and Greece.

For the first time, MOBOTIX welcomed an expanded partner showcase including Gold Sponsorship from Konica Minolta, Genetec, Strops and Milestone Systems plus an additional 11 Silver sponsors across diverse areas such as storage, facial recognition, portable surveillance, wireless connectivity and the IoT.

MOBOTIXGPC

“Our Global Partner Conference marks the start of a new journey for MOBOTIX that begins with acknowledging our traditions before embracing the transition to a new path that welcomes the opportunities of tomorrow,” enthused Thomas Lausten, CEO at  MOBOTIX, “MOBOTIX is changing and part of that evolution is embracing a future with a new found passion and openness that includes industry standards and third party partners with the goal of delivering higher value solutions.”

Lausten continued: “Our new mission statement to go ‘Beyond Human Vision’ is at the heart of a philosophy that recognises video surveillance is part of a wider potential with MOBOTIX as a foundational platform for innovative solutions to real world challenges in manufacturing, retail, healthcare, transportation and, indeed, many other areas.”

The event coincided with the launch of a new MOBOTIX website, new company branding and the first version of a global partner locator, plus a new White Paper on the vital role MOBOTIX is playing in protecting its technologies from cyber attack.

Leave a comment

Filed under Risk UK News

ECA/SELECT Survey finds buildings at heightened risk from cyber attack

The use of cyber attacks is becoming more prevalent as an effective tool to disrupt both business and politics. As a result of this, within industry it’s vital that steps are taken to protect buildings and infrastructure against potential threats.

To find out the current state of play, the Electrical Contractors’ Association (ECA) and Scottish Trade Association SELECT surveyed a range of clients in November and December last year on their approach to cyber security.

The feedback received from the ‘Connected Technology Survey for Clients’ emanated from a range of respondents, including consultants, engineers, end clients, local authorities and facilities managers.

ecacybersurvey

The results show that almost four-in-ten clients (39%) don’t take any steps to protect smart installations in buildings from cyber threats. A further 49% cited the risk of hacking as a barrier to installing connected technology.

Steve Martin, head of specialist groups at the ECA, commented: “Given that ‘connected technology’ covers any technology, such as lighting or HVAC installations, this enables devices to communicate with each other over the Internet and undertake tasks. The risks from hacking are substantial.”

Currently, only 20% of the UK’s commercial buildings are considered to be ‘smart’. However, over the next four years, the global ‘Internet of Things’ market is expected to be worth over £1 trillion annually. “If we’re to keep pace with developments,” concluded Martin, “the issue of cyber security needs to be addressed as a matter of urgency.”

Leave a comment

Filed under Risk UK News, Uncategorized

Advent IM outlines detail for ‘Cyber for the C-Suite’ Breakfast Seminar

A breakfast seminar created exclusively for business leaders and senior Board members seeking guidance on the present cyber security threat is to be run by security consultancy Advent IM at the company’s Training Centre near the M5, Birmingham on 7 December.

With many years’ experience in senior level consulting, training and mentoring, the seminar will be delivered by Advent IM’s managing director Mike Gillespie, who’s also director of cyber strategy and research for The Security Institute. As a director, Gillespie understands the place of senior leadership in cyber resilience and risk management.

The seminar is designed to promote and enhance understanding of the organisational threats that Boardrooms need to factor into resilience strategies. Attendees will also have first access to places on the forthcoming training course, again exclusively for senior leaders and the C-Suite, which will start in March 2017.

cybersecuritychallengeuk

Gillespie informed Risk UK: “The cyber threat landscape is high on the agenda of all Boardrooms. Many businesses have felt the impact of cyber attack, either directly or through supply chain partners. No size of business is immune and no kind of service spared the attackers’ attentions, with even hospitals being struck by ransomware.”

He added: “Recent research suggests that 82% of businesses say security is a CEO or Board-level concern, with two-thirds suggesting that they’re increasing cyber security spend. The additional spend is great, but without leadership and solid strategy it may not achieve anything near its potential, and cyber risk may not be reduced. We absolutely have to make sure Boardrooms are well briefed and understand how to go about effective cyber risk management.”

*Details of the seminar and how to book can be found at: http://www.advent-im.co.uk/breakfast-seminar-7th-december-cyber-security-awareness-for-business-leaders/. Alternatively, telephone 0121 559 6699 or 0207 100 1124 or send an e-mail to: bestpractice@advent-im.co.uk

Leave a comment

Filed under Risk UK News, Uncategorized

“Faster response times needed to combat cyber threat” finds BCI survey

Two thirds of respondents to a global survey carried out by the Business Continuity Institute report that they had experienced at least one cyber incident during the previous twelve months, while 15% stated they had experienced at least ten incidents during the same period.

The frequency of these cyber incidents demonstrates exactly why it’s so important for organisations to have plans in place to mitigate them or otherwise lessen their impact.

The Cyber Resilience Report, conducted by the BCI and sponsored by Crises Control, found that there was a wide range of response times for cyber incidents. Almost a third of organisations (31%) stated that they responded within one hour. However, one fifth (19%) take a worrying four hours or more in responding to a cyber event, while almost half (44%) take more than two hours to respond. This has clear implications for the time taken to return to business as usual, and the ultimate cost of the incident to the host organisation.

IntelligenceLedSecurity2

Even if businesses wish to respond immediately to a cyber attack, the nature of the attack may render them unable to do so. The research finds that phishing and social engineering are the top causes of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months and 37% attacked by way of spear phishing.

The BCI has discovered that 45% of companies were hit by a malware attack and 24% by a Distributed Denial of Service episode. All these forms of attack will, in different ways, render an organisation’s own network either contaminated or inoperable. Their website may have been taken down and they may well have to switch off their Internet connection until they can secure themselves from further attack.

A detailed study of 369 business continuity and resilience professionals from across the world, the research also reveals that the costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

David James-Brown FBCI, chairman of the BCI, commented: “This piece of research is one of the most timely, insightful and relevant the BCI has ever produced. Cyber attacks tend to target the weakest links of an organisation. That calls for a greater awareness of cyber crime. As the cyber threat evolves, it’s crucial to stay on top of it, building long-term initiatives and regularly updating recovery plans.”

Rickie Sehgal, chairman of Crises Control, added: “Rapid communication with employees, customers and suppliers is vital for any company in terms of responding effectively to a major business disruption event such as a cyber attack. When your business is at risk, even a one-hour delay in responding to an incident can be too long. Taking more than two hours to respond, as almost half of companies appear to do, is simply unacceptable.”

Leave a comment

Filed under Risk UK News, Uncategorized

‘Demonstrating Cyber Security Readiness to Regulators through Risk Assessments’: White Paper issued by Hatstand

Specialist financial technology company Hatstand has issued a White Paper around regulators in the financial services world increasing their focus on cyber security and the need for businesses operating in this sector to view this as part of the overall enterprise risk management of a company. 

The White Paper discusses how performing a risk assessment can help a business deliver clarity, not only to the regulators, but also to the key stakeholders of its key assets concerning current status and gaps in controls and processes. A baseline assessment can then be used to evolve a Working Plan designed to mitigate the gaps and demonstrate to the regulators and stakeholders that the business is taking its cyber risk management responsibilities extremely seriously.

Cyber security is, of course, a key concern for our senior political leaders, regulators and industry professionals. However, keeping business and client data secure can be a challenge as it crosses global networks, computing and PDA devices.

Hatstand has produced a White Paper on cyber security for those companies operating in the financial services sector

Hatstand has produced a White Paper on cyber security for those companies operating in the financial services sector

Many industry experts predict that it’s not a matter of ‘If’ but ‘When’ a company will experience a cyber security breach. Indeed, it has been reported that the number of cyber security attacks increased by over 50% in 2014 when compared with the statistics recorded for the previous year.

The Security and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) have made cyber security preparedness a top priority for their 2015 member firm examinations. Furthermore, the Commodity Futures Trading Commission (CFTC) is weighing in to the debate as indicated by the recent remarks made by its chairman, Timothy Massad, who said: “Cyber security is the most important single issue facing our markets today in terms of market integrity and financial stability.”

Policies and guidelines

More countries are taking the initiative to educate their ‘net’ citizens and are creating policies and guidelines for firms and individuals to create awareness of such crimes. In Europe, the EU is putting together a Cyber Security Directive that’s planned to apply to all business sectors. Although some of the EU regulations recently passed or currently under consultation have some cyber security elements, nothing has been specifically aimed at the financial services sector.

With cyber security directly affecting clients, data, networks, hardware, software and operations, the need to protect them from theft, business disruption and destruction is paramount.

Hatstand’s White Paper evaluates why businesses need to have sound governance practices in place and recognise that cyber security is more than just an IT-related issue. It also examines how the threat of a cyber attack should be viewed as part of the overall enterprise risk management of the firm, with Board oversight and a proper risk framework covering identification, protection, detection, response and recovery.

Firms should be identifying their possible risks, assessing the likelihood of events occurring and preparing their response(s). Once armed with this information, they can then determine their risk tolerance and prioritise their cyber security counter-measures. This is an iterative process that needs to be continuously reviewed and updated as the environment is constantly changing.

*Download a full copy of Hatstand’s White Paper

Leave a comment

Filed under Risk UK News

AXELOS announces launch of Cyber Resilience Best Practice Portfolio designated RESILIA

AXELOS Global Best Practice has unveiled RESILIA, the new Cyber Resilience Best Practice Portfolio will be launched in June 2015. The Best Practice Portfolio will help organisations gain the confidence they need to recognise, respond to and recover from cyber attacks on an effective and efficient basis.

Information is critical to the success of all innovation and is precious to any organisation. It’s also valued by a range of adversaries and, with the emergence and rapid development of a globally networked information environment, it’s now easier than ever before to target and attack that information.

To address the challenges of this ever-changing landscape, AXELOS has developed the RESILIA Portfolio to encompass detailed publications, training and awareness tools.

The RESILIA Best Practice Portfolio is designed to help any organisation define what good cyber resilience looks like for them, to guide them in effectively managing their cyber risks and to bounce back following an attack with minimal reputational or financial damage.

For organisations to harness this opportunity they have to adopt an enterprise approach that encompasses people, process and technology.

The AXELOS RESILIA Best Practice Portfolio is designed to help businesses mitigate their cyber security risks

The AXELOS RESILIA Best Practice Portfolio is designed to help businesses mitigate their cyber security risks

Nick Wilding, head of cyber resilience at AXELOS, said: “Inside your organisation there’s a powerful force that can protect your reputation, safeguard your information and keep customers close – it’s your people. The focus must be on aligning strategic priorities, operational systems and architectures with the ongoing training and involvement of all people across the business. Applying RESILIA as a Best Practice tool across the enterprise will enable companies to tackle their cyber risks with renewed confidence.”

Peter Hepworth, CEO at AXELOS, added: “Our existing Best Practice Portfolio, including IT Service Management enabled by ITIL and our Project and Programme Management frameworks that encompass PRINCE2 are used by millions of practitioners around the world to successfully manage their operations and to build business value. RESILIA joins that portfolio and strengthens the ability of any organisation to be more effective.”
The RESILIA Portfolio includes:

  • Cyber Resilience Best Practice – aligned with the ITIL lifecycle – that illustrates what good cyber resilience looks like and provides practical guidance for its strategy, implementation and management
  • Cyber Resilience Awareness Learning for building your ‘cyber smart’ workforce. Multiple awareness learning modules are offered in different formats and via multiple channels to get the right information to the right people at the right time across all parts of the business
  • Cyber Resilience Foundation and Practitioner Training and Certification designed for the IT and security professional community. This provides the practical guidance required in assessing, deploying and efficiently managing good cyber resilience within business operations
  • A Cyber Resilience Maturity Management Tool that will assess your current maturity level and propose appropriate improvement action plans.

Leave a comment

Filed under Risk UK News