Not a day goes by without some company or other, small or large, suffering a serious cyber attack. But it's all happening in a world where 80% of online fraud is thought to be avoidable. Whatever your company's size, shape or flavour, you are at risk from cyber criminals. It affects us all, and nobody - no sector, no industry - is safe. Read on for more reasons why you need to make sure your systems are properly cyber secure and your people cyber aware.
UK calls for investment at United Nations Open-Ended Working Group
As reported by Computer Weekly, Britain is leading the way with demands for more investment into cyber security capacity building. At the same time the UK has highlighted the importance of international law as applied to the digital arena. All this took place at a meeting of the United Nations Open-Ended Working Group, which is tasked with looking into international security matters in the IT sector.
Speaking at the opening session, the UK’s Alexander Evans, cyber director at the Foreign and Commonwealth Office, stated that choices made by individual nation states about ways to develop, apply and regulate digital tech had consequences for every other country. It makes sense because the digital world is different. Digital threats take no notice of actual, physical, real-world borders we've made between countries.
In Evans' words, “This is a high-priority problem and needs addressing.” Right now the 193-member strong United Nations is enjoying a unique chance to shape the development of cyber security and bring its key missions into play to deliver peace, security, and human rights.
Suffolk takes matters into its own hands
Sometimes you can't wait for others to get their act together. Suffolk is set to become more resistant to the damage caused by cyber-attacks, thanks to a new local initiative launching on 16th September. The county's new cyber security cluster has been set up to share knowledge, skills and capabilities in the battle against cybercrime, vital since 2018 alone saw 3,294 Suffolk-based cyber offences referred to the National Fraud Intelligence Bureau by Action Fraud.
July 2019 saw the Ipswich office of the financial advisers Grant Thornton reveal that 50% of businesses polled in the East of England didn't have a strategy in place to reduce the risks of cybercrime, never mind stay in business after an attack.
The cluster, housed at Innovation Martlesham in Adastral Park, offers free membership to NSCSC, created by David Higgins and Darren Chapman as part of the UK Cyber Security Forum. The Suffolk launch of the NSCSC includes talks from science, technology and engineering expert Professor Peter Cochrane OBE, plus insight from the respected heads of innovation and security research at Adastral Park.
Ex-GCHQ employees' cyber security firm suffers huge financial losses
A UK cyber security business, Ripjar, run by former employees of GCHQ, saw its losses almost double to £3.7m through 2018. At the same time 'administrative expenses' rocketed from £3.2m in 2017 to £5.6m in 2018. The business was set up in 2012 by a group of former GCHQ employees and uses machine learning and artificial intelligence to analyse real-time information, protecting companies and governments from cyber-threats. The firm is based in Cheltenham, and is supported by the hedge fund billionaire David Harding.
Secret iPhone hacks revealed
According to Tech Crunch, security staff at Google have discovered several malicious websites that, when you visit them, secretly hack into your iPhone thanks to software flaws.
Google’s Project Zero claims the sites are visited thousands of times every week by victims, who then suffer indiscriminate attacks where the exploit server attacks a person's device and, if it gets in, installs monitoring software.
This has been going on for at least 2 years and researchers have discovered a suite of five different exploit chains involving 12 separate security flaws, seven of which harness Safari, the iPhone's built-in web browser. These exploit chains let attackers get root access to devices, and so access the full range of features that aren't usually available to users, which is why an attacker can install malicious apps to spy on the gadget's owner. Google also says it's possible the hackers can also access passwords saved on iPhones. If your iPhone features iOS 10 to iOS 12 software, you could have been vulnerable.
Google told Apple about the problem in February this year, giving them a week to fix things and send updates to all iPhone owners. And that shows us exactly how serious the vulnerability was, since the usual timescale is 90 days. Apple issued their fix six days later.
This is relatively unusual problem, since the iPhone and iPad are generally pretty secure. Apple is planning to increase its reward for serious bug-finding to a maximum of $1 million, which will encourage security researchers to pin down the kind of bugs and flaws that secretly target Apple products. But because the new reward doesn't come into play until later this year, Google has missed out on a whopper!
Internal auditors fear cyber attack more than anything
Economica reports on the fact that cyber attacks are the biggest risk facing businesses. The other two biggest risks to businesses, says a survey by the Chartered Institute of Internal Auditors, are regulatory change at 59% - which includes the threats inherent in Brexit - and 'digitalisation' at 58%. We think digitisation and cyber attacks actually belong in the same pot, which means the timely, efficient, effective handling of cyber-risks is even more important than the report's authors think it is.
A collaborative report between eight European Institutes of internal auditors in Belgium, France, Germany, Italy, the Netherlands, Spain, Sweden, the UK and Ireland delivered the insight, which fell out of 528 survey responses plus 46 interviews heads of internal audit departments. This marks the second year in a row that cyber security has topped the list. In 2018 it came second, and 2019 has seen an 18% hike in auditors putting it at the top of the pile.
The report suggests several ways for businesses to become more resilient to digital threats, including recruiting an internal or external expert, making sure customer services chatbots are not vulnerable, and ensuring cloud services are properly secure.
All this is going on against a landscape where Deloitte alone is spending an extra £428m on improved cyber security, hiring 500 new staff, and one in every seventeen new employees at KPMG are hired for a cyber security role.
Great cyber security starts at home
Countless reports and studies prove it: people are your biggest vulnerability. When your employees are all trained in up to date ways to stay safe from cyber threats and hacks, the risk falls right back down. When you keep up that training so your people are always up to date with the latest potential threats, you'll do an even better job of helping to prevent an attack on your business. We offer the government's Cyber Essentials and Cyber Essentials Plus schemes. Let's get cracking!