Category: Infosec

Categories
Cyber Security Infosec UK News

UK “Hardest Target For Cyber Crime”

There were 188 high-level cyber attacks in the UK between October 2017 and January2018, as dangerous and sophisticated attacks against both the government and businesses become more common. This figure comes from the National Cyber Security Centre (NCSC), the recently opened arm of intelligence agency GCHQ.

Part of a £1.9 billion five-year strategy by the UK government, the NCSC started work in October and is headed by Ciaran Martin, the former director-general cyber of GCHQ.

“We have had significant losses of personal data, significant intrusions by hostile state actors, significant reconnaissance against critical national infrastructure – and our job is to make sure we deal with it,” Martin told the BBC.

With attacks against political parties occurring across Europe, there is plenty of pressure on governments to react. Italy and the Czech Republic have both recently confirmed breaches of their foreign ministries, and there are concerns that political parties in France, Germany, the Netherlands and Bulgaria have also been targeted. This all comes after the continued and much-publicised accusation by US intelligence agencies that Russia interfered in the 2016 presidential election – a breach that was spotted by GCHQ.

“We want to make the UK the hardest target,” Martin said.

Ties to government and business

The government and the private sector will have a lot invested in the NCSC, as the UK’s digital sector is estimated to be worth over £118 billion a year. As such, the NCSC will have links to both its parent body, GCHQ, and to private businesses.

Martin announced that informal contact had been made with the GCHQ, with the two organisations set to share the intelligence agency’s skills and capabilities.

The NCSC is also expected to work informally with private businesses. Speaking at the centre’s opening, Chancellor Philip Hammond said that businesses will be invited to “second up to 100 employees to come and work in the NCSC – allowing us to draw on the best and brightest in industry – to test and challenge the government’s thinking”.

Hammond said that he hopes those people return to the private sector and draw on their experience, warning that government alone cannot protect businesses and the general public. “It has to be a team effort. It is only in this way that we can stay one step ahead of the scale and pace of the threat that we face.”

Cyber Incident Respose with Cyber Security Helpdesk

To protect against cyber attacks, all businesses should have an effective information security system management (ISMS) in place. ISO 27001 is the international standard that describes best practice for an ISMS. It covers people, processes and technology, recognising that information security is not about technology alone.

Categories
Cyber Security Cyber Security Training Infosec

Hackers ‘can bypass cyber security defences within 12 hours’

Nearly nine in ten hackers say they can break through any cyber security defences they target within 12 hours of launching an attack, according to a new report by Nuix.

The Nuix report found that 88 per cent of attackers were confident they could bypass protections on systems they turn their attention to in half a day.  81 per cent of the professional hackers and penetration testers surveyed at DEFCON said they could identify and take valuable data from their target system within another 12 hours.

But the damage could be even greater for companies targeted by attackers, as most breaches stay undiscovered for hundreds of days, giving cyber criminals plenty of opportunity.

“Data breaches take an average of 250 to 300 days to detect – if they’re detected at all,” said Chris Pogue, chief information security officer at Nuix. “But most attackers tell us they can break in and steal the target data within 24 hours. Organisations need to get much better at detecting and remediating breaches using a combination of people and technology.”

According to the report, hackers are almost never slowed down by measures like firewalls and anti-virus solutions, but endpoint security technologies presented more of an obstacle.  This is because more than half of those questioned change their methods with every target, meaning defences based on known files and attacks are less effective.

A third of the hackers surveyed said organisations never detected their activities.

These findings come just a few months after another report found that half of IT professionals are more concerned about.  73 per cent said they were most concerned about malware installed by careless employees, while 66 per cent were worried about stolen or compromised credentials and 65 per cent were concerned about stolen data.

For more from the report, see the Nuix website.

This Nuix report further underscores the importance of not only having an incident response or business continuity plan following a Cyber Attack, but to ensure that any such plan is implemented properly, quickly and efficiently.

CONTACT CYBER SECURITY HELPDESK TO TALK TO ONE OF OUR CYBER INCIDENT RESPONSE TEAM ABOUT HOW WE CAN HELP YOUR BUSINESS.

Categories
Business Advice Cyber Security Cyber Security Recruitment Cyber Security Training Information Security Infosec

Cyber Security Guidance For Businesses: Home and mobile working

Assess the risks to all types of mobile working (including remote working where the device connects to the corporate network infrastructure) and develop appropriate security policies. Train mobile users on the secure use of their mobile devices for locations they will be working from. Apply the secure baseline build to all types of mobile device used. Protect data-at-rest using encryption (if the device supports it) and protect data-in-transit using an appropriately configured Virtual Private Network (VPN).