Tag: cyber security

EU starts €1.8 billion cyber security plan

european-commissionThe EU has signed an agreement with industry on cybersecurity and stepped up efforts to tackle cyber-threats which it hopes will trigger €1.8 billion of investment by 2020. It would be a big help to security suppliers, if the UK remained in the EU.

The new public-private partnership is part of a series of new initiatives to better equip Europe against cyber-attacks and to strengthen the competitiveness of its cybersecurity sector.

According to a recent survey, at least 80 percent of European companies have experienced at least one cybersecurity incident over the last year and the number of security incidents across all industries worldwide rose by 38 percent in 2015.

As part of its Digital Single Market strategy the Commission wants to reinforce cooperation across borders, and between all actors and sectors active in cybersecurity, and to help develop innovative and secure technologies, products and services throughout the EU.

Andrus Ansip, Vice-President for the Digital Single Market, said: “Without trust and security, there can be no Digital Single Market. Europe has to be ready to tackle cyber-threats that are increasingly sophisticated and do not recognise borders. Today, we are proposing concrete measures to strengthen Europe’s resilience against such attacks and secure the capacity needed for building and expanding our digital economy.”

Under the plan the EU will invest €450 million, under its research and innovation programme Horizon 2020. Cybersecurity market players, represented by the European Cyber Security Organisation (ECSO), are expected to invest three times more. This partnership will also include members from national, regional and local public administrations, research centres and academia. The aim of the partnership is to foster cooperation at early stages of the research and innovation process and to build cybersecurity solutions for various sectors, such as energy, health, transport and finance.

The Commission also sets out different measures to tackle the fragmentation of the EU cybersecurity market. Currently an ICT company might need to undergo different certification processes to sell its products and services in several Member States. The Commission will therefore look into a possible European certification framework for ICT security products.

A myriad of European SMEs have emerged in niche markets  and in well-established markets with new business models (like antivirus software), but they are often unable to scale up their operations. The Commission wants to ease access to finance for smaller businesses working in the field of cybersecurity and will explore different options under the EU investment plan.

Of course this does not apply to the UK. By the time the scheme is ready to go, the UK will have Brexited and will have to find its own source of funds, or not have any cyber security schemes of its own. But at least it can make up its own mind and it still has royality.

British firms have no cyber security insurance

insuranceIf a hacker takes out a large UK company, it appears that most of the time the company will have to pay out to fix it. Less than two percent of large British firms have separate insurance against cyber-attacks. Hardly any smaller firms have it..

The UK government has issued a report responding to concern that companies are not protected against the risks of cyber-attacks, which cost billions of pounds annually to the UK economy.

The report, published jointly with insurance broker Marsh, recommends that the government and the insurance industry pool data and information to encourage take-up of cyber insurance.

Half of the business leaders interviewed for the report did not even know cyber insurance existed, it said, even though many firms place cyber attacks among their leading risks.

“Cyber attacks against UK companies present a daily threat to normal UK business operations and are increasing in severity,” the report said.

Of course the government did not think that direct government financial support was needed in the cyber insurance market.

“While some market participants have suggested that a possible government backstop may be necessary, there is no conclusive evidence of the need for such a solution at present,” the report said.

The government supports terrorism insurance scheme Pool Re, through a commitment to make up the shortfall if the scheme runs out of money to pay a claim.

IBM assesses top cyber threats

ibm-officeBig Blue has assessed that 80 percent of executives in charge of security think that challenges by external threats to their enterprises are on the rise.

And IBM said 60 percent of enterprises believe they are being outgunned in the cyber war.

Chief Information Security Officers (CISOs) think that sophisticated external threats is their biggest challenge – with 40 percent believing that they top other challenges they face.

Data leakage prevention, cloud security and mobile security are the top three areas that CISOs believe are the areas that need addressing urgently.

Of the respondents surveyed by IBM, 90 percent have either adopted or will adopt cloud initiatives and they expect their cloud security budgets to increase over the next five years.

Only 45 percent of the CISOs think that mobile and device security is being adequately addressed.

Iran owns the internet – report

cleaverA US security company claims that Iran has virtual control over a large number of vital defence and infrastructure sites on the web.

Cylance said in a report that its “Operation Cleaver” investigation reveals that an Iranian team called Tarh Andishan has built an infrastructure to spy, steal and destroy control systems and networks.

It said that Iranian hackers have directly attacked government agencies and infrastructure companies in Canada, China, the US, the UK, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey and the UAE.

It claims the HQ of the operation in Tehran also has other members in countries including the UK, the Netherlands and Canada.

The report claims that Iran has reacted to malware campaigns directed upon it since 2009, targeted at its nuclear programme and its oil and gas operations.

Iran is also claimed to have attacked banks, Israeli national systems, US Navy computers and other systems.

Infrastructure under theft includes US military targets, oil, gas and chemical companies, airports, healthcare, aerospace and defence companies.

You can find the full report here.