Even advanced security systems are vulnerable to an insider – through malice or incompetence – opening the door or sharing information with outside actors. While many organisations’ IT departments focus their efforts primarily on hardening the organisation against external attacks, failing to understand “insider threats” can render these efforts meaningless.
Cyber risk must be articulated as a fundamental business risk and regularly reviewed at board level. Yet in many organisations cyber is still considered a risk the IT department will address, despite the existential threat for the entire business that a cyber-attack poses.
Cyber security specialist, Reliance acsn, has recorded a 36 per cent increase in revenues in 2021.
Ransomware has dominated the cybersecurity news agenda in recent months, following a spate of high-profile attacks against critical infrastructure.
You may recall in June we speculated that ransomware would be on President Biden’s agenda when he met President Putin in Geneva. We suggested that ‘the Biden administration is likely to use the opportunity to put further pressure on the Russian government to assist in closing down the criminal networks benefitting from ransomware attacks’
In the summer of 2015, a hacker group called Impact Team decided to take down Ashley Madison (owned at the time by Toronto based company, Avid Life Media) and expose their lax security. Ashley Madison’s high-profile CIO had been proclaiming that the site had amazing security because, as he put it, “It’s not lipstick on our collars anymore getting us caught, it’s digital lipstick; voicemails, text messages [etc.]”.
For decades we have used heuristic methods for analysing data, looking for pre-programed patterns through Boolean based logic: AND, OR and IF. This logic has been critical in automating simple and repetitive tasks usually prone to human error. However, this programmatic approach cannot meet the defence requirements for the current cyber threat.
GCHQ Director Jeremy Fleming emphasises the importance of the Integrated Review and its recommendations in the Vincent Briscoe Annual Security Lecture.
RUSI has published its report on the UK and cyber fraud this month. It makes stark reading. Too often referred to as a ‘victimless crime’, cyber fraud is nothing of the kind. It does untold psychological harm to its victims, many of whom are also left destitute or robbed of their life savings.
It has been an important week for Cyber Security in the United States with several key announcements from President Biden and his administration on funding and appointments as well as a response to the Solar Winds attack.
The news of US sanctions on Russia has made headlines around the world with President Biden’s remarks on Russia firmly attributing the extensive “SolarWinds” hack on the US Government to Russia.
You don’t need to celebrate, just take stock, and look to the future. With all that’s changed in the world, the arrival of the third anniversary of the General Data Protection regulation may seem trivial, even irrelevant.