Tag: cyber security

Nearly every company experienced a cyber attack last year

Most companies experienced a cyber attack last year with more than two thirds hitting vital operational technology, according to a new Forrester report

The research, commissioned by Tenable, found that 63 percent of the 103 UK respondents had witnessed a dramatic rise in business-impacting cyber-attacks in the last two years.

In many cases, these attacks had severely damaging effects, from loss of employee data (44 percent) and financial loss or theft (36 percent), to customer attrition (34 percent ).

Two thirds of the surveyed UK security leaders claimed that these attacks also involved operational technology (OT).

Cities best placed to attract cyber talent named

Cyber security training outfit Crucial Academy has released its 2018 Cyber Security City Ranking, revealing the best cities for cyber security professionals, with Reading, Leeds and Cardiff topping the table.

Analysing four factors, including salary, affordability, job availability and tech sector growth potential, the ranking sought to uncover which cities may be most attractive to those already working in or considering cyber security as a career path.

Reading in Berkshire, home to a wide variety of major international tech companies, topped the ranking, performing particularly well for job availability and salary. Leeds closely followed, gaining big points for the potential growth of its tech sector, whilst Cardiff ranked in third place, scoring top points for affordability.

With the predicted future shortfall of cyber security professionals, Crucial was keen to research the factors which may render some cities more attractive to this much needed specialist talent. An October 2018 report revealed that the worldwide cyber security skills gap currently stands at almost three million.

Johnny Mercer, MP for Plymouth Moor View and non-executive director of Crucial Academy said: “There is a huge cyber skills gap in the UK and we need to fill it in order to protect against attacks. Businesses have more of a duty than ever before to protect themselves and their customers’ information, meaning cyber skills are becoming ever more valuable.”

Neil Williams, CEO of Crucial Academy, added: “Every city in the ranking is a tech hub within its own right, however, it is fascinating to see which cities, based on these factors, may be more attractive to the much-needed talent pool of cyber security professionals.”

Other findings from the study included:

  • Best cities for salaries: London followed closely by Cardiff and Edinburgh.
  • Best cities for affordability: Cardiff closely followed by Newcastle and Glasgow.
  • Best cities for job availability: Reading followed by Leeds and Manchester.
  • Best cities for tech sector growth potential: Leeds, Edinburgh and Brighton all placed highest with the same score.

The top 10 cities:

Rank City Salary Score Affordability Score Job Availability Score Tech Growth Potential Score TOTAL SCORE
1 Reading 8.3 7.3 10 8.1 33.7
2 Leeds 7.7 7.9 7.5 9.7 32.8
3 Cardiff 9.3 10 4.2 8 31.5
4 Edinburgh 8.5 8.2 4.7 9.7 31.1
5 Manchester 7.8 7.5 6.6 8.9 30.8
6 London 10 5.9 5.2 8.2 29.3
7 Glasgow 8.1 8.4 4.2 8.5 29.2
8 Newcastle 8.4 9.2 3.2 8 28.8
9 Brighton 7.8 6.5 4.7 9.7 28.7
10 Bristol 7.5 6.7 4.6 9.3 28.1

EU starts €1.8 billion cyber security plan

european-commissionThe EU has signed an agreement with industry on cybersecurity and stepped up efforts to tackle cyber-threats which it hopes will trigger €1.8 billion of investment by 2020. It would be a big help to security suppliers, if the UK remained in the EU.

The new public-private partnership is part of a series of new initiatives to better equip Europe against cyber-attacks and to strengthen the competitiveness of its cybersecurity sector.

According to a recent survey, at least 80 percent of European companies have experienced at least one cybersecurity incident over the last year and the number of security incidents across all industries worldwide rose by 38 percent in 2015.

As part of its Digital Single Market strategy the Commission wants to reinforce cooperation across borders, and between all actors and sectors active in cybersecurity, and to help develop innovative and secure technologies, products and services throughout the EU.

Andrus Ansip, Vice-President for the Digital Single Market, said: “Without trust and security, there can be no Digital Single Market. Europe has to be ready to tackle cyber-threats that are increasingly sophisticated and do not recognise borders. Today, we are proposing concrete measures to strengthen Europe’s resilience against such attacks and secure the capacity needed for building and expanding our digital economy.”

Under the plan the EU will invest €450 million, under its research and innovation programme Horizon 2020. Cybersecurity market players, represented by the European Cyber Security Organisation (ECSO), are expected to invest three times more. This partnership will also include members from national, regional and local public administrations, research centres and academia. The aim of the partnership is to foster cooperation at early stages of the research and innovation process and to build cybersecurity solutions for various sectors, such as energy, health, transport and finance.

The Commission also sets out different measures to tackle the fragmentation of the EU cybersecurity market. Currently an ICT company might need to undergo different certification processes to sell its products and services in several Member States. The Commission will therefore look into a possible European certification framework for ICT security products.

A myriad of European SMEs have emerged in niche markets  and in well-established markets with new business models (like antivirus software), but they are often unable to scale up their operations. The Commission wants to ease access to finance for smaller businesses working in the field of cybersecurity and will explore different options under the EU investment plan.

Of course this does not apply to the UK. By the time the scheme is ready to go, the UK will have Brexited and will have to find its own source of funds, or not have any cyber security schemes of its own. But at least it can make up its own mind and it still has royality.

British firms have no cyber security insurance

insuranceIf a hacker takes out a large UK company, it appears that most of the time the company will have to pay out to fix it. Less than two percent of large British firms have separate insurance against cyber-attacks. Hardly any smaller firms have it..

The UK government has issued a report responding to concern that companies are not protected against the risks of cyber-attacks, which cost billions of pounds annually to the UK economy.

The report, published jointly with insurance broker Marsh, recommends that the government and the insurance industry pool data and information to encourage take-up of cyber insurance.

Half of the business leaders interviewed for the report did not even know cyber insurance existed, it said, even though many firms place cyber attacks among their leading risks.

“Cyber attacks against UK companies present a daily threat to normal UK business operations and are increasing in severity,” the report said.

Of course the government did not think that direct government financial support was needed in the cyber insurance market.

“While some market participants have suggested that a possible government backstop may be necessary, there is no conclusive evidence of the need for such a solution at present,” the report said.

The government supports terrorism insurance scheme Pool Re, through a commitment to make up the shortfall if the scheme runs out of money to pay a claim.

IBM assesses top cyber threats

ibm-officeBig Blue has assessed that 80 percent of executives in charge of security think that challenges by external threats to their enterprises are on the rise.

And IBM said 60 percent of enterprises believe they are being outgunned in the cyber war.

Chief Information Security Officers (CISOs) think that sophisticated external threats is their biggest challenge – with 40 percent believing that they top other challenges they face.

Data leakage prevention, cloud security and mobile security are the top three areas that CISOs believe are the areas that need addressing urgently.

Of the respondents surveyed by IBM, 90 percent have either adopted or will adopt cloud initiatives and they expect their cloud security budgets to increase over the next five years.

Only 45 percent of the CISOs think that mobile and device security is being adequately addressed.

Iran owns the internet – report

cleaverA US security company claims that Iran has virtual control over a large number of vital defence and infrastructure sites on the web.

Cylance said in a report that its “Operation Cleaver” investigation reveals that an Iranian team called Tarh Andishan has built an infrastructure to spy, steal and destroy control systems and networks.

It said that Iranian hackers have directly attacked government agencies and infrastructure companies in Canada, China, the US, the UK, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey and the UAE.

It claims the HQ of the operation in Tehran also has other members in countries including the UK, the Netherlands and Canada.

The report claims that Iran has reacted to malware campaigns directed upon it since 2009, targeted at its nuclear programme and its oil and gas operations.

Iran is also claimed to have attacked banks, Israeli national systems, US Navy computers and other systems.

Infrastructure under theft includes US military targets, oil, gas and chemical companies, airports, healthcare, aerospace and defence companies.

You can find the full report here.