Tag Archives: Cyber Attacks

BT to lead creation of 2017 Cyber Security Challenge UK Masterclass

Cyber security experts from BT, Airbus, the National Crime Agency, the Bank of England, Cisco, McAfee, Checkpoint, De Montfort University’s Cyber Technology Institute and 4PumpCourt have announced that they will stage “the most advanced Cyber Security Challenge UK Masterclass ever” on 12-14 November in London.

Spanning two-and-a-half days, Masterclass is the culmination of a year’s worth of nationwide face-to-face and online competitions designed to unearth and nurture new talent for the cyber security industry and address a critical skills shortage that affects Government, businesses and the public.

Led by BT in partnership with Airbus, the competition will see dozens of the UK’s top cyber enthusiasts face each other in a battle that will test their capabilities to deal with cyber attacks and their understanding of business know-how. The challenges will evaluate contestants’ technical, business and soft skills, in turn mirroring the different ways in which professionals communicate today.

This year’s Masterclass will demonstrate how cyber security can be an accessible career choice that has a number of different facets and pathways. BT recently identified 87 different roles in the cyber security industry, each requiring a different skill set, which will be reflected in this year’s competition.

CyberSecurityChallengeUKLogoWeb

Highly experienced professionals from Government as well as public and private sector organisations across the country will judge the contestants for a number of aptitudes that will rank their suitability for jobs in the sector. The best performing candidate will be crowned Cyber Security Challenge UK Champion.

Thousands of pounds’ worth of career-enabling prizes will be issued to those who take in the finale including training courses, tech equipment and even a fully paid-for Master’s degree sponsorship at De Montfort University, allowing one lucky contestant the chance to study for an MSc in Cyber Security.

Over the years, more than half of the contestants in the Challenge’s face-to-face and Masterclass competitions have moved into jobs in the industry after demonstrating their skills in front of assessors.

Competitions like this are crucial for identifying top quality recruits that could reduce the skills deficit. Industry association (ISC)2 predicts the skills gap will reach 1.8 million unfilled positions by 2022, leaving a lack of professionals able to defend our infrastructure from hackers.

Nigel Harrison, acting CEO at Cyber Security Challenge UK, said: “This year’s consortium of sponsors is working on taking Masterclass to the next level, adding new dimensions and levels of game-play that we’ve yet to see in our competitions to date. We’re always trying to match our challenges to the way in which industry is evolving and ensure that they test for the skills industry requires. We look forward to seeing how the finalists fare in a modern cyber security scenario.”

Rob Partridge, head of BT’s Cyber Academy, added: “Filling the cyber security skills deficit is immensely important for the long-term safety of the UK’s digital economy. We need to make sure that industry and Government are collaborating such that young people are engaged and switched on to the breadth of roles in cyber security and the various career paths available to them. These competitions are vitally important for unearthing hidden talent and helping to develop the next generation of UK cyber talent to the standard being set in many other countries.”

Kevin Jones, head of cyber security architecture and innovation at Airbus, explained: “In order to continue protecting vital UK infrastructure and businesses from both current and future cyber threats, it’s particularly important that we address the skills shortage. Competitions such as Cyber Security Challenge UK help to provide a safe and representative environment for contestants to gain experience and learn from industry experts, which in turn will help them understand the variety of skills needed and the careers available within the cyber security sector.”

Advertisements

Leave a comment

Filed under Risk UK News

Nedap shows latest innovation in cyber-secured access control at Milestone Systems’ Integration Expo

Nedap is playing a key role at Milestone Systems’ Integration Expo event on Tuesday 12 September in Daventry as it shows its AEOS end-to-end security solution.  The free-to-attend event affords delegates a unique opportunity to see how integrated solutions are developed, and will bring together installers, developers, integrators and specially-selected Milestone Alliance Partners including Nedap (Milestone Systems’ New Solution Partner of the Year).

In dedicated sessions throughout the day, Nedap will describe its collaborative approach with a ‘Best of Breed’ partner, namely Milestone. Delegates will have the opportunity to see first-hand how the integration between Nedap’s AEOS and the Milestone X-Protect Access Plug-In allows end users to enjoy the features of an advanced access control system inside the Milestone VMS environment. This allows operators to exchange cardholder information, monitor entrances, manage alarms and perform full video verification, all in one integrated system.

“As Milestone’s New Solution Partner of the Year, NEDAP is thrilled to be involved in Milestone’s Integration Expo,” said Jeroen Harmsen, director of product management for NEDAP Security Management. “We look forward to showing delegates how innovative access control solutions can drive opportunities for their businesses.”

NedapDigitalDoorCrucially, Nedap’s AEOS end-to-end solution provides end-to-end security, a key requirement given increasing concerns about connecting devices to the Internet of Things (IoT). An open platform is essential if all the information between IoT-connected devices is to be processed and shared with other systems.

While any system that connects to the Internet will imply a high security risk, Nedap’s solution effectively manages the risk of cyber attacks. By encrypting all communication between a card, the controller and the server, security is ensured at every level of the access control system: from the level of the door to the very core of the AEOS system.

Card readers have no role in decrypting data, for example, so secure communication between card and controller is guaranteed.

Digital certificates, meanwhile, are stored in the same Secure Access Module, in turn ensuring secure communication between controller and server.

For the first time in the market, AEOS end-to-end security offers protection against both physical and digital threats and limits the risks of attack.

More information on the end-to-end security assured by Nedap’s AEOS can be found in this video: http://www.nedapsecurity.com/news/end-end-security-helps-customers-secure-their-network

Leave a comment

Filed under Risk UK News

360 Vision Technology and Visual Management Systems guard against cyber attacks

As more and more security systems and devices become IP networked, it’s important for security installers and end users alike to consider how their systems will be protected against the possibility of cyber attacks. Providing a solution to the concerns around cyber security and hacking, CCTV specialist 360 Vision Technology has partnered with software control provider Visual Management Systems to provide security operators with an effective solution designed to guard against IP surveillance system cyber attacks.

Without the right level of network security measures in place, system users can be left vulnerable, resulting in exposure to the type of hacking and malware attacks that have recently hit the news headlines.

A serious security breach of an IP network can lead to system inoperability and network downtime and, at worst, direct access to corporate networks for the cyber criminals.

To provide IP surveillance system installers and operators with peace of mind, when used together both 360 Vision Technology cameras and Visual Management Systems’ TITAN SECURE Physical Security Information Management system can exceed 802.1x authentication protocols and encryption to provide “the ultimate protection” for surveillance networks via the latest patent pending technology.

360VisionTechnologySSL8022C5A19E

Designed to Centre for the Protection of National Infrastructure standards, this advanced protocol and encryption technology is said to offer a “far higher level” of hacking protection.

Advanced cyber attack protection

Ultimately, security and IT managers have much to gain by implementing the security advantages of a 802.1x authenticated network. Conversely, they also have a lot to lose should they ignore the security risks involved.

“As part of our ongoing development of products and deep integration techniques, we looked closely at the vulnerabilities of current camera systems and found that expert hackers could easily take control of standard network cameras, and even those models with HTTPS certification,” explained John Downie, sales director at Visual Management Systems. “Employing 802.1x authentication at both the camera and control end using 360 Vision Technology cameras and TITAN SECURE in combination is the most effective way in which to fully secure an IP camera network.”

Mark Rees, business development director at 360 Vision Technology, added: “Designed to protect organisations against hacking and ransomware attacks, the latest 360 Vision Technology IP surveillance cameras include advanced 802.1x encryption protection. Designed and built in the UK, our high-performance camera technology offers customers proven reliability, advanced imaging performance and effective cyber security for use within any high or general level camera surveillance application.”

Leave a comment

Filed under Risk UK News

Hanwha Techwin Europe awarded Government’s prestigious Cyber Essentials certification

Hanwha Techwin Europe has been certified as being compliant with the UK Government-backed Cyber Essentials scheme. Administered by the Department for Business, Energy and Industrial Strategy, the industry-supported scheme is designed to help organisations protect themselves against common cyber attacks.

The certificate awarded to Hanwha Techwin Europe verifies that the business has procedures in place specifically designed to minimise the threat of an attack on the IT infrastructure at the company’s headquarters in Chertsey, Surrey and extends to cover laptops used by field-based employees.

HanwhaTechwinEuropeHQ

“We’re constantly evaluating and updating our IT security in order to negate the risk of any disruption to our business or our business partners,” said Bob Hwang, managing director of Hanwha Techwin Europe. “Our cyber security programme is a key element of our ‘We Move With Trust’ philosophy and reflects the proactive stance we’re taking to protect confidential data.”

CyberEssentialsLogo

Hwang continued: “Beyond the scope of the Cyber Essentials scheme, we remain vigilant to ensure that our Wisenet cameras, recording devices and software entrusted to protect property, people and assets are equipped to minimise the threat from cyber attacks. We have a sustained testing and monitoring programme in place designed to identify evolving new threats to the integrity of our solutions. We’re determined to be open and honest with our customers when new cyber security threats are identified and will move quickly to develop further advanced versions of our firmware to combat them.”

Leave a comment

Filed under Risk UK News

London Digital Security Centre introduces ‘Cyber Crisis Simulation’ event to help businesses prepare for cyber breaches

The London Digital Security Centre (LDSC) is inviting senior representatives from SMEs across London to attend its ‘Cyber Crisis Simulation’ Breakfast Briefing at the University of Greenwich. The event takes place on Thursday 3 August from 10.00 am to noon. The ‘Cyber Crisis Simulation’ itself will be run by Cyber Rescue, which is one of the LDSC’s carefully selected partners.

Reputations are ruined when businesses are unprepared for the consequences of a cyber breach. With that in mind, this new event will help businesses to prepare for the day that happens so that they can act accordingly in mitigating disaster.

The simulation will be based on learnings from over 100 major data breaches and cover the following topics: why shock and ambiguity are common responses in the Boardroom, where Command and Control systems are stressed after a major breach, who expects what among regulators, customers, partners and the police, how the exponential growth in cyber attacks puts jobs on the line and what companies can do today to protect themselves from the cyber attacks of tomorrow.

LondonDigitalSecurityCentreLogoWeb

There are an estimated one million SMEs operating in London and, each month, more than 1,000 of them report being the victim of a cyber crime or fraud to Action Fraud. The Department for Digital, Culture, Media and Sport’s Report published in April this year found that just under half (46%) of all businesses have identified at least one breach or attack in the last year. Of those, 45% were micro or small businesses.

The new event is part of a series organised by the London Digital Security Centre to help protect businesses – and primarily micro to medium-sized concerns – to operate in a secure digital environment.

John Unsworth, CEO of the London Digital Security Centre, commented: “Small and medium-sized businesses shouldn’t be fooled into thinking that criminals don’t target them, or that they’re safe from online vulnerabilities. Any company that holds data is a viable target.”

For further details and to register for the event visit: https://www.eventbrite.co.uk/e/cyber-crisis-simulation-tickets-36271637444

Leave a comment

Filed under Risk UK News

Cyber criminals “exploiting human weaknesses” to make their gains

Cyber attackers are relying more than ever on exploiting people instead of software flaws to install malware, steal credentials or confidential information and transfer funds. A study by Proofpoint found that more than 90% of malicious e-mail messages featuring nefarious URLs led users to credential phishing pages, while almost all (99%) email-based financial fraud attacks relied on human clicks rather than automated exploits to install malware.

The Human Factor Report found that business e-mail compromise (BEC) attack message volumes rose from 1% in 2015 to 42% by the end of 2016 relative to e-mails bearing banking Trojans. BEC attacks, which have cost organisations more than $5 billion worldwide, use malware-free messages to trick recipients into sending confidential information or funds to cyber criminals.

BEC is now the fastest-growing category of email-based attacks.

Clicking

“Accelerating a shift that began in 2015, cyber criminals are aggressively using attacks that depend on clicks by humans rather than vulnerable software exploits, tricking victims into carrying out the attack themselves,” said Kevin Epstein, vice-president of Proofpoint’s Threat Operations Centre.

“It’s critical for organisations to deploy advanced protection that stops attackers before they have a chance to reach potential victims. The earlier in the attack chain you can detect malicious content, the easier it is to block, contain and resolve.”

Nearly 90% of clicks on malicious URLs occur within the first 24 hours of delivery, with 25% of those clicks occurring in just ten minutes and nearly 50% within an hour. The median time-to-click (the time between arrival and click) is shortest during business hours from 8.00 am to 3.00 pm EDT in the US and Canada, a pattern that generally holds for the UK and Europe as well.

Watch your inbox closely on Thursdays. Malicious e-mail attachment message volume spikes more than 38% on Thursdays over the average weekday volume. Ransomware attackers in particular favour sending malicious messages from Tuesday through until Thursday. On the other hand, Wednesday is the peak day for banking Trojans. Point-of-Sale campaigns are sent almost exclusively on Thursday and Friday, while keyloggers and backdoors favour Mondays.

Attackers understand e-mail habits and send most e-mail messages in the four-to-five hours after the start of the business day, peaking around lunchtime. Users in the US, Canada and Australia tend to do most of their clicking during this time period, while French clicking peaks around 1.00 pm.

Swiss and German users don’t wait for lunch to click. Their clicks peak in the first hours of the working day.

UK workers pace their clicking evenly over the course of the day, with a clear drop in activity after 2.00 pm.

Leave a comment

Filed under Risk UK News

“Watering hole-style cyber attacks on the rise” warns High-Tech Bridge

On Sunday 12 February, security firm Symantec released an analysis of a new wave of attacks that has been underway since at least October 2016 and came to light when a bank in Poland discovered previously unknown malware running on a number of its computers.

The bank then shared indicators of compromise with other institutions and a number of those other organisations confirmed that they too had been compromised.

These ‘watering hole’ attacks attempted to infect more than 100 organisations in 31 different countries.

Symantec has blocked attempts to infect customers in Poland, Mexico and Uruguay by the same exploit kit that infected the Polish banks. Since October, 14 attacks against computers in Mexico have been blocked, 11 against computers in Uruguay and two against computers in Poland.

wateringholecyberattack

Preliminary investigations suggested that the starting point for the Polish infection could have been located on the web server of Poland’s financial sector regulatory body, namely the Polish Financial Supervision Authority (www.knf.gov.pl).

Commenting on this news, Ilia Kolochenko (CEO of High-Tech Bridge) said: “We should expect that cyber criminals will find more creative and reliable ways to compromise their victims. Trustworthy websites, such as governmental ones, represent great value for cyber criminals, even if they don’t host any sensitive or confidential data.”

Kolochenko continued: “In the past, hackers used one-off or garbage websites to host malware, but as corporate users become more educated and vigilant, attackers need to find more reliable avenues to deliver malware and enter corporate networks. That’s why Gartner, as well as other independent research companies, continuously say that the risk posed to corporate web applications is very high and seriously underestimated. Spear phishing and watering hole attacks against high-profile websites will grow significantly in the near future.”

Leave a comment

Filed under Risk UK News, Uncategorized