Cyber security has been in the spotlight once again in 2016 so as the year draws to a close we take a look back at our past stories and wonder, have lessons been learned and will security be a priority in 2017?
The 2012 LinkedIn hack has been back in the news again recently after it was identified that the exposure of credentials leaked has increased from the previously reported 6.5million records to a substantial 117 million records. With a network of 433 million accounts this equates to 27% having been compromised. Needless to say if you haven’t yet changed your details it’s important to do so. […]
The UK Government have announced a new scheme to protect small businesses from cyber attacks. Yesterday, Digital Economy Minister Ed Vaizey outlined a new voucher scheme designed specifically to help small and medium-sized businesses (SMEs) as part of a package of measures to improve the UK’s cyber security resilience. The package also includes a new online learning and careers hub to help ensure the UK has the cyber skills talent pool to protect both the public and private sectors as we face the reality of increasing cyber threats. […]
SC Magazine yesterday reported that the Welsh Government have now made it mandatory for third-party suppliers with a ‘moderate’ or ‘high’ level of risk when dealing with sensitive information to be Cyber Essentials certified from 1 April this year. […]
CS Risk Management have recently obtained the accreditation to provide the full suite of Cyber Essentials certification body services. Over and above Cyber Essentials Plus certification, this also now includes verification of Basic Cyber Essentials self-assessment submissions and issuing of Basic Cyber Essentials certificates to those customers who meet the requirements set out in the scheme. […]
The Defence Cyber Protection Partnership for companies in the Defence supply chain published new Cyber Risk Profiles a couple of days ago. They have generated a fairly detailed list of requirements for companies working at each risk profile in the Defence supply chain. Even the lowest risk profile (e.g. stationary suppliers) specifies Cyber Essentials as a requirement, all other profiles now require Cyber Essentials Plus. […]
(This is a copy of an article we wrote that was published in the Cyber Security supplement of the New Statesman 12-16 Feb 2015)
Cyber security starts with addressing what you can predict, and anticipating what you cannot
Cyber security risks are perceived to be unpredictable, a perception fed by media coverage of the latest major cyber attacks affecting large companies. However, if these attacks are examined more closely, more often than not the root cause of a successful attack was that cyber defences did not cover all vulnerabilities in the affected company’s IT systems. Many cyber attackers opportunistically exploit commonly known vulnerabilities in weak IT systems. That means some incidents could have been predicted and avoided, had the organisations in question taken steps to identify and address them. […]
Most homes and businesses have physical security controls including strong locks on doors and windows, a security alarm and CCTV that will deter a thief from attempting to break-in, make a robbery attempt fail or subsequent arrest inevitable. In the UK if a criminal is caught committing a robbery the sentence is from 12 months to life depending on the circumstances.
Theft of customer information, personal details and trade secrets are just three of the key areas in which cyber-crime is increasing, and in many cases, the crime will go unnoticed until the information is used to commit a real-world crime. […]
Whilst many companies, and in particular SMEs, have historically not recognised the requirement for investment in maintaining robust IT security measures, the following statistics make worrying reading:
- Earlier this year, the PwC Information Security Breaches Survey 2014 highlighted the fact that the cost of a breach to an organisation has almost doubled since the previous year. The average cost to a large organisation for the worst level of security breach is between £600k and £1.15m (up from £450 to £850k a year ago). The average cost to a small business for its worst security breach is between £65k and £115k (up from £35 to £65k a year ago)
- During the last year significant global brands have been impacted by Information security attacks. These include Ebay, Target, Sony, Evernote and WordPress; and
- According to the RSA monthly fraud reports the UK is the 4th most attacked country by volume after the United States, China and the Netherlands.
In response to this growing threat, the UK Government, in consultation with industry, launched the Cyber Essentials IT security standard in June 2014. […]