Tag Archives: National Cyber Security Centre

Major life-threatening cyber attack on UK “in little doubt”

The National Cyber Security Centre (NCSC) has published its second Annual Review, in turn revealing that the organisation has prevented Britain from falling victim to nearly 1,200 attacks in the past two years. The NCSC has also warned of the likelihood of a major life-threatening cyber attack on the UK in the near future.

The NCSC states that the UK is hit by ten serious cyber attacks every week. 70% of these attacks are “undertaken by groups of computer hackers directed, sponsored or tolerated by the Governments of [hostile] countries”.

Commenting on these figures, Mishcon de Reya’s cyber security lead Joe Hancock informed Risk Xtra: “1200 attacks may seem like a large number, but the reality is that this is the tip of the iceberg. The majority of these attacks on business, Government and third sector organisations go unreported and often undetected. Behind these high profile attacks there are the millions of online crimes that affect individuals every day.”

NCSCLogoWeb

Focusing on that last point, Hancock continued: “We routinely deal with the often unreported issues. More needs to be done to back law enforcement in supporting both victims and responders to better detect and recover from cyber episodes. A focus on critical infrastructure is welcomed by everyone, but it doesn’t help the millions of victims of cyber fraud. The recent Facebook breach shows the potential downsides of large-scale data collection and reliance on single points, provided by social media to access a wide variety of services across the Internet which can act as a gateway for attackers to further data and services.”

Further, Hancock observed: “Cyber security practices are not consistent globally and an attack against a weaker link in the supply or data chain can have unanticipated consequences for companies and individuals. More is needed to help protect everyday victims of these crimes, and especially so in the international arena. It’s difficult to see how mass cyber crime can be tackled without an international consensus and consequences for nations that turn a blind eye.”

Also, Hancock outlined: “Many of the cyber incidents we deal with have a financial component, often involving the traditional banking system and not only cryptocurrencies such as Bitcoin. Driving cyber criminals out of the financial system will have an impact on cyber crime levels.”

Actions and behaviours

There are specific actions and behaviours that should be adopted now to aid readiness for inevitable cyber attacks. Steve Mulhearn, director of enhanced technologies for the UK and Ireland and DACH at Fortinet, has listed them as prevention, the harnessing of Artificial Intelligence (AI) and adaptive technology and better visibility across the network.

Prevention

Prevention is easier when all employees in the business, not just the IT Department, take responsibility for the security of the business. For example, breaches like the Bupa or Waymo hacks have raised the appreciation of the number of breaches that occur because employees are targeted. The Fortinet Global Enterprise Security Survey 2017 found that 67% of businesses say they’re planning IT security and awareness training for employees in 2018.

Harness AI and adaptive technology

Harnessing the power of AI to learn from breaches, as well analyse data and automate reactions to shut down breaches when they occur, are vital actions. Threats evolve and adapt over time as applications, technologies, configurations, controls and behaviours change, making security an arms race wherein a static solution simply will not do.

Better visibility across the network

A vital tool in this struggle is visibility. You cannot secure what you cannot see. This means control across the distributed network, including endpoints, the Internet of Things and the cloud. According to the Fortinet 2017 Survey, only a small cohort of respondents feel confident that they have full visibility and control of employee access.

*The National Cyber Security Centre’s Annual Review can be accessed online at https://www.ncsc.gov.uk/news/annual-review-2018

Advertisements

Leave a comment

Filed under Risk Xtra

Magenta Security Services achieves Cyber Essentials accreditation

Magenta Security Services has been recognised by the National Cyber Security Centre (NCSC) after taking significant steps towards protecting its online systems. The effort expended has seen the Hounslow-based Security Industry Authority Approved Contractor added to a list of endorsed organisations on the NCSC’s website and accredited with a Cyber Essentials certificate.

Cyber Essentials is a Government-backed, industry-approved scheme aimed at helping organisations protect themselves against common types of cyber attack. At its basic level, the scheme advocates businesses implementing certain technical controls in order to bolster overall system security.

To earn its Cyber Essentials certificate, Magenta Security was required to have all of the business’ digital defences assessed by an independent accreditation body.

AbbeyPetkarMagentaSecurityWeb

Abbey Petkar

Having self-implemented the technical controls already, its systems and software also met a detailed set of requirements with various forms of evidence provided to back this up.

Finally, a self-assessment questionnaire was completed as proof of understanding the new implementations and configuration of its systems.

Abbey Petkar, managing director of Magenta Security, explained to Risk Xtra: “Following many recent high-profile data breaches as well as the General Data Protection Regulation deadline, there has been a substantial increase in business awareness of the need to boost online defences. Magenta Security is protecting its clients in every possible way.”

Magenta Security also runs operations in Swindon, Birmingham, Manchester and Kent, providing security guarding solutions, mobile patrols and electronic surveillance.

Leave a comment

Filed under Risk Xtra, Uncategorized

Hikvision awarded Cyber Essentials Plus accreditation by National Cyber Security Centre

Hikvision has been awarded Cyber Essentials Plus status – the highest accreditation in the programme. Operated by the National Cyber Security Centre (NCSC), the Cyber Essentials scheme is an independently assessed accreditation supported by the Government. The scheme is designed to carry out rigorous testing of Internet-enabled products connected to a given company’s infrastructure – in this case that of Hikvision – in order to ensure that, when connected to a network, those products are safe, secure and don’t provide a risk to devices on the rest of the network.

In partnership with five independent test houses, the Cyber Essentials Plus accreditation process covers a number of different areas to ensure users of Internet-enabled devices are assured of the highest level of protection against potential cyber threats and attacks. These independent test houses assess products through internal testing and vulnerability scanning. Cyber Essentials Plus accreditation is only awarded when testers are fully satisfied that the tested products don’t pose a risk to the wider network.

CyberEssentialsPLUSLogo

“Cyber security is really hot topic in the security industry so naturally we’re delighted to have been awarded Cyber Essentials Plus status,” explained Gary Harmer, sales director for Hikvision UK and Ireland. “As the only manufacturer in our industry to have received this level of accreditation, it’s confirmation of the confidence we at Hikvision have in our own operations.”

Hikvision will continue to work with the NCSC and other authorised bodies to maintain, develop and enhance the security of its products, operating environments and processes.

*An earlier version of the Press Release suggested that the Cyber Essentials Plus status relates to products and has caused some confusion. To clarify, Hikvision has been awarded Cyber Essentials Plus accreditation, which relates directly to the security and robustness of its own infrastructure within the company’s UK operation. It was never Hikvision’s intention to mislead the reader with any inference that the accreditation related in any way to the company’s own products. Hikvision sincerely apologises for the unclear statement about the award

*To find out more about Hikvision’s plans for enhanced cyber security, visit Stand D300 at IFSEC International between 19-21 June. IFSEC International runs at London’s ExCeL

Leave a comment

Filed under Risk Xtra

CREST bestows first lifetime Fellowships in recognition of outstanding achievements

CREST – the not-for-profit accreditation body representing the technical information security industry – has awarded its first lifetime CREST Fellowships in recognition of outstanding achievement or contribution to CREST and the technical information security industry in general.

“With support from those who hold CREST qualifications, CREST member companies and industry influencers, CREST has grown rapidly into an internationally recognised body with the highest levels of technical standards and governance, a strong Code of Ethics and a reputation for action and the ability to deliver,” explained Ian Glover, president of the organisation.  “That’s why the introduction of the annual Fellowships is so important as they are a way of recognising and thanking individuals who’ve made a significant contribution to build CREST and professionalise the cyber security industry.”

CRESTAwards2017

In addition to the Fellowships awarded to CREST members, further awards have been presented to recognise contributions from industry, Government and academia. These included awards for Buck Rogers (CISO of the Bank of England), Chris Ensor and Harry W from the National Cyber Security Centre and a posthumous accolade for Stephanie Damon of the Cyber Security Challenge UK whose award was accepted on the night by Nigel Harrison. Special contribution awards were also given to Adriana Costa McFadden from CREST and Allie Andrews of PRPR.

This year’s ceremony and dinner took place at the Tanner Warehouse in Bermondsey, with Ian Glover presenting the awards alongside CREST’s chairman Mark Tuner and ex-chairman Paul Midian.

Other CREST fellows for 2017 include Abhijeet Udas, Alex Church, Andrew Davies, Arjun Pednekar, Daniele Costa, Dave Hartley, Dom Beecher, Dominic Chell, Ed Williams, Edward Torkington, Gabriel Caudrelier, Gary O’Leary-Steele, Gavin Jones, Gemma Moore, Geoff Jones, Greg Rudd (CREST Australia), Ian Lovering, John O’Meara, Jonathan Roach, Joseph Hart, Marcus Pinto, Mark Harrison, Mark Raeburn, Martin Law, Michael Woodhead, Paul Beechey, Paul Docherty, Paul Midian, Paul Vlissidis, Richard Dean, Rory McCune, Simon Clow, Stuart Criddle and Tobias Clarke.

Leave a comment

Filed under Risk UK News

Unwitting cyber scammers cold call industry expert at C3IA Solutions

Would-be cyber scammers made a megabyte blunder when they cold-called Matt Horan of C3IA Solutions: Horan is one of the country’s top cyber security experts. Realising the crooks were trying to take control of his computer, Horan put the call on speaker phone and asked a colleague to record it, with hilarious consequences.

After stringing out the conversation for 35 minutes – during which time he was passed to more senior ‘helpers’ as he posed as an ignorant computer user – Horan then informed the caller that he had no Internet connection.

This prompted the fraudster to use an expletive before hanging up in anger. An edited video of the call has been amusing people across social media.

Horan is keen that the video is used to help people avoid falling for cyber scams. He told Risk UK: “One of the weakest parts of any business’ cyber security is the staff. They do nothing malicious, but can easily assist fraudsters. Along with ‘phishing’ e-mails, this type of phone scam is common and can cause huge amounts of damage.”

Matt Horan, director of C3IA Solutions

Matt Horan of C3IA Solutions

Horan continued: “The caller purports to be from Microsoft or a similar outfit and informs the person who answered the call that there’s a problem with their computer. They then instruct that person to look at the computer’s ‘systems and events logs’, which is simply a log of every action taken. They tell them that this is evidence of ongoing malicious attacks. After that, they try and entice them to log into TeamViewer or something similar which means they then can gain remote access and control of the target computer.”

In addition, Horan stated: “They then have all the information on a computer or network and can infect the system, read e-mails, steal passwords or encrypt the stored data. They can basically do anything they want. Obviously, this can cause massive harm to a business and may well lead to data loss, the theft of funds and the stealing of intelligence as well as cause acute embarrassment.”

C3IA Solutions trains staff at businesses to be ‘cyber-savvy’ and always to hang up on calls like this. If staff are in doubt they should contact their IT support.

“Firms such as Microsoft don’t make calls like the one I took, but they seem authentic,” explained Horan. “Often, the scammers work in pairs so the initial caller can pass over the call to a ‘senior supervisor’, as they tried with me. This gives an added authenticity. Caution should be the watchword when taking calls like this one.”

*The video can be viewed on YouTube: https://youtu.be/ncIehp0fBT8

Based in Poole, Dorset, C3IA Solutions is one of fewer than 20 companies certified by the Government’s National Cyber Security Centre. In addition to its work with Government agencies including GCHQ, the company operates a commercial section that works with businesses, assisting them with their cyber security.

C3IA (a military term) Solutions was set up in 2006 by Horan and Keith Parsons. It has 84 personnel on contract of whom 33 are employees and 51 are associates. The business operates in the defence and security sectors serving both SMEs and multi-national firms.

C3IA is a leading provider of secure ICT, technical programme management and information security services and solutions.

The company takes its Corporate Social Responsibility seriously, supporting serving and past members of the Armed Services. Indeed, the business sponsors those engaged in personal and team development through arduous sporting and other challenges.

Leave a comment

Filed under Risk UK News, Uncategorized