SC Media – Struggle is real: UK businesses unprepared for cyber-attack response

scmediaBusinesses in the UK are struggling to face the looming threat of cyber-attacks, with nearly a third of C-level executives admitting they don’t have a response plan – or don’t even know whether or not they have one.

“Security training within businesses today is essentially not working. There needs to be different types of training for different types of individuals within the organisation. More importantly, the training needs to highlight the potential impact of security breaches to specific individuals,” Hart said.

“Security ultimately needs to be transparent to the individual user. We are a long way from that point today. But there are hopeful signs. The onward march of AI and behavioural analytics is helping drive the process and the move to cloud and microservices will help to accelerate it. Looking to the future, however, if this is to be sustained, we need to see more collaboration between technology vendors and cloud providers and vendors need to make security simpler and easier for users,” Hart said.

To read the full article click here.

TEISS – FTSE 100 failing the cyber test

teiss2They are large organisations and all of them face considerable challenges in keeping their data and IT systems secure. Yet only a tiny minority of FTSE 100 companies have a Board member with specialist cyber security experience.

…As Jason Hart, CTO for Data Protection at Gemalto says:

“It shouldn’t just be anyone that takes up this role though, they need to have the right set of skills and qualifications. Like accountants must have certain criteria to be able to work, so must security professionals.” Mr Hart proposes that, for this to be taken seriously, an industry standard should be created so that companies be sure they are appointing the right people. Security is, or should be, a Board level issue and the person responsible needs to be appropriately qualified and experienced. “The person responsible for this really does hold the key to the business in their hands, so we need to be sure they are capable of doing so.”

To read the full article click here.

Auto World News – Cuber Experts Predicted that a Major Bank Failure Will Happen at Some Point This Year, Cyber Hackers are Getting Powerful?

 

logo_autoworldnewsAccording to some cyber experts, a major bank failure will happen at some point this year. And if the attack could happen, it will leave thousands of accounts penniless.

Jason Hart, Technology officer of Gemalto said that hackers are also altering data with dire consequences. He also stated that data integrity attacks are very scary since it has the power to take down an entire company and beyond.

To read the full article click here.

Help Net Security: Industry reactions: UK government cyber security strategy

Yesterday, the UK government announced a new £1.9bn cyber security strategy, which includes an increase in automated defences to combat malware and spam emails, investment to recruit 50 specialists to work on cybercrime at the NCA, the creation of a Cyber Security Research Institute, and an “innovation fund” for cyber security start-ups.

Jason is quoted by Help Net Security:

It’s encouraging to see that the government is making cybersecurity a priority in its latest round of investment, especially with less than two years until GDPR comes into effect. The focus needs to be on securing our most valuable asset: data, instead of just on the perimeter, which hackers can and will breach if they want to. In order for the government’s strategy to be successful, they need to encourage businesses to understand where their most valuable data is, and bring security controls closer to the data in order to ensure user and device access controls are in place.

The threats we face are not just about data being stolen anymore either, businesses have increasingly become victims of data manipulation, the next frontier of cybercrime. Through data being changed, businesses can make vital decisions based on incorrect or exaggerated information, which hackers can exploit for financial gain, or purely for reputational damage – implementing protocols where the data resides helps protect against that.

Read the full article here.

What does the future of cybersecurity look like?

Earlier in the year, we asked young people from all over the world what they thought the future connected society might look like – and in particular, how they envision the future of cybersecurity. As expected, fingerprints and iris scanning were popular, as were voice biometrics and facial recognition. But it was the 30% who thought our DNA could be used to unlock our phones that got us really thinking about what the future of digital security could hold.

DNA cryptography is a fascinating and fledgling field where ideas are only just being put into practice. The hope is that you can store vast amounts of data within DNA. A gram of DNA is the equivalent to 108 terabytes of data. So if you could hide data within the DNA, and then encrypt it, you could open up the possibility of a near impregnable security process.

But moving closer to reality, if there is one thing that consumers hate right now it’s trying to come up with, and remember, a secure password. We’ve covered this on the blog a number of times, and even have developed a guide for you to use. But frankly, we’re getting to the point that with so many websites and services needing a password, you’re likely better off with a password manager. But what if that was hacked?!

For some, the death of the password can’t come soon enough, but there are other ways to authenticate your identity which are vying to gain traction and acceptance.

These include:
The Future of Cybersecurity- Biometrics

  • Fingerprints – the classic identifier that you probably use to unlock your phone. Likely to become more widespread.
  • Behavioral analytics – this would create trusted profiles based on a number of known patterns of each user or customer, including their location, devices, online habits (such as click speed, etc.)
  • Heartbeat – like fingerprints, no two beats are the same, and startup Nymialready has a product that’s shipped.
  • VoiceMasterCard has successfully trialed customers’ voice prints to access services. As speaking to devices becomes more natural, expect to hear a lot more about this
  • Selfiesread more here, but know they are coming
  • Your walk, your nose, and even your ear slightly more intimate!

Of course, the future of cybersecurity will continue to include multi-factor authentication, so companies are looking at ways to fundamentally alter how you log into their services. Google has just announced its Trust API. This platform is in early testing, but it hopes to put various indicators together to confidently predict whether the person logging into a service is the legitimate user.

These indicators could include your location, biometric information such as your face or voice, and even behavioral traits such as how you move, type and swipe the screen. The results would then be tallied up to give you a trust score which, if high enough, would let you automatically log into the service you want to use.

For companies, they are always thinking about the future of enterprise cybersecurity too. We recently covered how Google has done away with perimeter security and BYOD, accepting that perimeter breaches are inevitable. Their focus instead is protecting applications and the data they access. The erosion in the faith of the perimeter to safely protect corporations will shift thinking to how you can secure data at a deeper level. This approach could certainly figure in the future plans of corporations that can’t afford another hack.

It appears that the future of cybersecurity for consumers lies in a combination of biometric data and behavioral analytics (but be cognizant of the risks!), and a concentrated focus on encryption by enterprises to secure sensitive data. What’s certain is that in the future, we’re going to have to very careful with how we store, move, and access data.

10 years of cyber security; what the past decade has taught us

Cyber security

The difference ten years can make can be profound. 1966 looked nothing like 1976, and in each decade since, almost everything has changed. The Internet and globalization has meant that cultural shifts are less stark these days, but in terms of cyber security, 2006 feels like a long time ago.

This was a one year before the iPhone was launched, where 3G was just rolling out, and there was no such thing as apps. Streaming music, photo sharing, social networks were all in their infancy. In 2006, cyber security threats were very different to those today, as what was accessible to attackers was pretty limited.

Now, every aspect of our lives is stored in the cloud – from our banking and health records to our more personal identities – and we are generating significantly more data than ever before.

Evolution of threats

The type of threat has evolved to keep pace with this explosion in valuable data. Back in the early 2000s, most threats and malware were a nuisance, designed to simply disrupt or frustrate users.

Then in 2008, the Zeus Trojan was unleashed, that grabbed banking details via key-logging and form grabbing. Years later, 100 people were arrested for having stolen over $70 million thanks to the software.

This was the start of a much more professional approach to cyber-crime. Viruses, Trojans and worms started to be created to steal money or sensitive corporate information. Variants of the Zeus Trojan still plague computers to this day, and played a part in one of the biggest consumer hacks to date, that of Target in 2013.

It is key to remember, that as soon as something connects to the Internet, it becomes vulnerable. As we add connectivity to new things, everyone involved should be aware of the risks. Take connected cars for example. In car Wi-Fi and streaming video entertainment systems are becoming big selling points, but as demonstrated last year, weak security can let intruders in.

Shifting consumer perception

With such high profile breaches regularly hitting the news over the news, it has been interesting to witness how consumer attitudes have changed. Since 2013, there have been almost four billion records lost, and people are no longer shocked. At this scale, everyone from companies, to employees and everyday consumers now accepts that it’s a case of ‘when, not if’ they’ll be hacked.

Yet all is not doom and gloom. We surveyed millennials’ opinions to data security recently, in our Connected Living 2025 report. Two thirds said they would feel vigilant in the face of threats, well ahead of complacent and paranoid. This suggests people now understand the importance of protecting their data.

Breach prevention is dead (and so is the perimeter)

If the past ten years have taught anything, it is that perimeter defenses will be breached. No matter how tall or big the wall is, the enemy will find a way around it or under it.

Despite the increasing number of data breaches, companies continue to rely on firewalls, threat monitoring and other breach prevention tools as the foundation of their security strategies. Yet most IT professionals readily admit that their corporate and customer data would not be safe if theirperimeter security defenses were compromised.

This is not to say that perimeter security is not important. It just means that it should not be the only thing companies do to keep the bad guys out. Instead, IT professional should accept the fact that breaches are inevitable and work to secure the breach by placing security measures closer to the data and the users with encryption and multi-factor authentication.

Encryption and Multi-Factor Authentication Are King

Two additional developments have also made the dents in the capabilities of cyber criminals. Multi-factor authentication has shown its power in keeping records safe, and encryption is also becoming the norm so if data is lost or stolen, it’s useless.

Cyber security threats will continue to pose a significant problem. But as those born after the Internet hit the mainstream in 1995 approach adulthood, we’re well placed to face these threats head on. It’s a far cry from 2006, when 26.5 million U.S. military records were stolen, and the agency responsible waited three weeks to say anything to those affected.