The EU has woken up, acknowledged its cyber failures, and is finally preparing to act against future cyber breaches. British women are still at a disadvantage in the cyber security world. Stressed employees are more likely to fall for cyber attacks, as are Millennials. And there's growing concern about cyber vulnerabilities in many of the medical implants designed to keep us alive. Here's the news.
Concern over Moscow hack drives better EU cyber security
As reported by the Financial Times, the EU has been shocked into tackling its cyber security failures thanks to massive breaches, including a huge leak of diplomatic cables and a potential hack of its mission in Moscow this month.
The suspected breach caused alarm among Brussels officials when it emerged the EU’s diplomatic service had discovered the issue back in April. But the Diplomatic Service insists it shared the information with cyber security officials across other EU institutions and member states in a timely fashion.
In December 2018 a large scale hack into EU diplomatic cables was discovered, possibly carried out by a group from China linked to the People’s Liberation Army. The hackers had found their way into the Cypriot foreign ministry and carried out cyber espionage for several years before being detected. An American digital security company ultimately discovered the breach.
EU leaders will begin talks at a Brussels summit this week to deal with a collection of common issues including eavesdropping and communication breakdowns. The news showcases growing fears that institutions in the EU have completely failed to keep pace with growing threats to information security, and it's especially worrying since the EU is made up of a network of 28 separate sovereign states.
The EU is under constant attack in cyber space, and those tasked with protecting the data and the networks it needs to survive and thrive need to be a lot more savvy. We need a much tougher stance on protecting the EU's information and communication networks.
UK and EU women are missing out on cyber security career opportunities
The Minister for the Cabinet has confirmed, at the recent Women in Security Network conference, that more must be done to open up opportunities for women in cyber security and redress a serious imbalance.
Apparently almost 24,000 12 – 13 year old girls from across Britain have so far entered a competition launched by the NCSC in 2016 as part of the CyberFirst initiative. The competition is designed to topple the usual unhelpful gender barriers by inspiring girls to engage with cyber security before choosing which GCSEs to do.
Since then some of the most promising youngsters have secured bursaries and apprenticeships via the CyberFirst programme. But at the same time females account for only 7% of the EU's total cyber security workforce across Europe, and we need to do more to encourage women into the sector, which suffers an unusually noticeable lack of diversity. There's no reason why women shouldn't succeed in security and technology, and we need to see much better levels of diversity in the cyber world.
A survey of 1000 Brits reveals stress is a cyber-nightmare
As reported by New Statesman, the Millennial generation in particular tend to feel 'overwhelmed by their workload, fall victim to phishing attacks and send emails to the wrong people'.
The security vendor Tellian arranged the research, which quizzed people working in 9-5 roles in companies employing more than 100 staff. The results reveal how stressed employees in general, and Millennials in particular, are more likely than average to make mistakes around cyber security.
Apparently 17% of people aged 25 -34 described their workloads as 'overwhelming', compared to just six per cent of people aged 18-24 and 45-54. At the same time only 9% of those aged 55 or more claimed overwhelming stress at work, along with 10% of people aged 35-44.
20% of people aged 25-34 also admitted they'd accidentally clicked on a phishing email at work, almost twice the number of any other age band. And 66% of people aged 25-34 had accidentally sent a work email to the wrong person, compared to 60% of people aged 18-24 and less than 50% of people aged 25 plus.
Dr Helen Jones, a cyber psychologist at the University of Central Lancashire, worked on Tessian’s report. According to her, existing research also suggests overworked people are less alert to threats, simply because the psychological overload they're experiencing means they can’t give cyber security as much attention as they’d normally give it. While many phishing emails are reasonably easy to spot when you've got the time to dedicate to spotting them, being too busy leaves you unable to see those clues, because when we're under pressure we just don't process information in the same way.
The solution? It's very simple. Businesses that want to improve their internal cyber security need to make sure employees have a decent work-life balance and are not constantly overwhelmed by stress.
Vulnerable medical implants – We deserve better security
It looks like a growing number of medical implants, the devices that save our lives, are vulnerable to cyber attack. The problem is, they haven't been designed with data security in mind. But these connected 'smart' devices actually live inside our bodies and communicate with external devices, which means they can be hacked or breached... and that could prove lethal.
The Nuffield Council on Bioethics is concerned that current regulations don't require manufacturers to make medical implants secure. Gadgets like pacemakers, insulin pumps and implanted defibrillators monitor your body and automatically provide treatment in response to changes in it. They store data, process it and transmit it, and they also get sent software updates.
While there haven't been any hacks yet, it is perfectly possible to target these devices. And some feel it's only a matter of time before it happens. It would make sense for every designer, programmer and maker of these essential devices to be forced to make them secure from the offset. But there's no sign of any such regulation... yet.
Can you say, hand on heart, that your business is cyber-safe?
If the answer's no, it'd be wise to get secure and get your people trained in cyber security as soon as possible, before someone dodgy decides to hack your system. We'll help you get Cyber Essentials qualified. We can also give you a thorough cyber security audit.