Cyber Security

‘Secure by default’ in the age of converged security

Sign up to free email newsletters



What is cyber security?

Cyber-attacks are one of the defining security threats of our age and cyber security a growing priority for business and governments alike.

The internet’s transformation of both our personal lives and the world of commerce has created boundless opportunities for hackers with a wide range of motives and an even broader array of tools. From phishing and clickjacking to ransomware, direct-access attacks and denial of service attacks (DoS) the threats keep on evolving and emerging. It’s a game of cat and mouse as the criminals become more sophisticated and cyber security professionals try to keep up.

The stakes are high. Lloyd’s of London has warned that a major cyber-attack could wreak havoc that costs as much as £92bn to remedy – more than the repair bill for Hurricane Katrina. And ‘destruction of service’ attacks could “disrupt the internet itself” and destroy businesses in one fell swoop, according to research from Cisco.

GDPR, which came into force across Europe in May 2018, raises the stakes further still. The fines for data protection breaches – including deficient cyber security protections – are 79 times higher than under the previous regime,

In the most recent Cyber Security Breaches Survey carried out by the UK Government, it was reported that 46% of businesses have had a cyber attack or breaches in the last 12 months. These statistics will raise concerns amongst businesses that the growing risk is not necessarily being matched by the security procedures being put in place.

If the ubiquity of smartphones have created even more opportunities for criminals, then the internet of things has ramped up the threat further still, with everyday household objects now connected to the internet. In 2016, some 1.5m IoT devices – mostly security cameras – were hijacked during a DDoS attack. Even our cars are becoming vulnerable.

Building systems are also increasingly network-connected too, so even buildings can be hacked. As Sarb Sembhi, an expert in cyber security and advocate of the convergence of security, details in his recent article, physical security professionals need to understand cyber security too – which they can do at IFSEC International 2020.

Looking for more in-depth cyber security news and views?

Part of the Informa Network, Dark Reading is a trusted online community for cyber security professionals, including CISOs, cyber security researchers and technology specialists. Covering the latest threats, vulnerabilities and cyber attacks, Dark Reading supports community members in keeping up with the latest in the sector.

Cyber security investment

The number of cyber attacks in the UK continues to grow each year. The National Cyber Security Centre (NCSC) has defended against more than 600 cyber attacks in the past year alone.

It seems there is a rising number of attacks on small businesses, due to the preconception that they will likely place less importance on protective measures. According to research from SecureTeam, 43% of UK cyber attacks target small businesses, so there is a growing importance to put measures in place to stop these attacks from being successful.  Take a look at the infographic here to find out more about the rising costs of cyber attacks on small businesses.

Overall, however, it does appear cyber security investment figures have increased. Research from Specops Software, a password management and authentication solution vendor, indicates that businesses in construction have increased their spending by around 188%, while finance and insurance firms invested the most – averages coming to £22,050.

In addition, as the Cyber Security Breaches 2020 Survey details, organisations are now beginning to see the value of investing in their cyber security plans, and have increased their actions to identify and manage risks. For instance, eight in 10 businesses now believe cyber security to be a high priority, while 38% of businesses have written policies in the event of an attack, up from 29% in 2016.

Latest cyber security articles

4 cyber security threats retailers should be aware of on Black Friday and Cyber Monday

With e-commerce sales set to increase by between 25-35% compared to last year this Black Friday and Cyber Monday, retailers need to be on alert for potential cyber security threats.

Global pandemic fuels cyber threat workload for National Cyber Security Centre, shows Annual Review

From securing the Nightingale hospitals to tackling threats to vaccine research and production, Ron Alalouff takes a look at how the NCSC has protected the UK this year.

Why physical security should learn from the cyber security sector

Peter George writes for Dark Reading on what the physical security sector can learn from the cyber world, and why it is so important to catch up.

What to do if your business suffers a data breach

Richard Forrest, Senior Associate at data breach law firm, Hayes Connor, explains what actions businesses should take if they fall victim to a data breach with a handy step-by-step guide.

 

Protecting from cyber attacks

While cyber attackers are constantly developing new methods of strategies, some common examples of cyber attack protection can include:

  • Reviewing your IT estate: Carry out a regular assessment of IT systems to identify any vulnerabilities that may be targeted and exposed by opportunistic cyber criminals.
  • Education and governance: Create a formal document which establishes the firm’s best practices and policies on cyber security. Within this, give employees clear guidance on what they can and cannot do on the company’s IT devices/systems/networks to create an all-encompassing culture of security.
  • Safeguard and protect: Keep anti-virus software up-to-date, apply the latest security patches and periodically change passwords across IT estate.

‘Ethical hacking’ is also a method businesses can employ. Understandably, many are nervous about the prospect of giving a third-party access to its systems, but this engagement can provide some real value. It offers opportunities to learn where the weaknesses are in your systems, the effectiveness of your security systems and the readiness of your IT team to respond, in order to better understand where your security budget should be spent and how compliant you are with industry regulations. You can find out more about ethical hacking here.

For SMEs, or those businesses with smaller budgets, the Police Digital Security Centre (UK) advises five key cyber security tips to follow to keep data and information secure:

  1. Strong password policy: Change default passwords on all devices connected to a network and consider using password managers to store and protect passwords
  2. 2FA: Two on two-factor authentication on all accounts and devices
  3. Software update: Set all company devices and apps to automatically download software updates, which often include crucial security fixes and patches
  4. Back up: Use an external hard drive or cloud-based storage system to back up important information
  5. Install anti-virus software: Ensure it is set to update automatically and run regular system scans to check for potential malware infections

4 cyber security threats retailers should be aware of on Black Friday and Cyber Monday

With e-commerce sales set to increase by between 25-35% compared to last year this Black Friday and Cyber Monday, retailers need to be on alert for potential cyber security threats. Read More

Global pandemic fuels cyber threat workload for National Cyber Security Centre, shows Annual Review

From securing the Nightingale hospitals to tackling threats to vaccine research and production, Ron Alalouff takes a look at how the NCSC has protected the UK this year. Read More

Why physical security should learn from the cyber security sector

Peter George writes for Dark Reading on what the physical security sector can learn from the cyber world, and why it is so important to catch up. Read More

What to do if your business suffers a data breach

Richard Forrest, Senior Associate at data breach law firm, Hayes Connor, explains what actions businesses should take if they fall victim to a data breach with a handy step-by-step guide. Read More

Mounting cyber threat to critical infrastructure ramps up UK countermeasures

Hunter Seymour explores the growing cyber threat, assessing the trends in attack methods and provides 10 steps on how to reduce the impact of security breaches. Read More

IASME Consortium to kick-start new IoT Assessment Scheme

The IASME Consortium has been awarded a DCMS grant, enabling the organisation to kick-start an Internet of Things (IoT) assessment scheme. Read More

What’s on your enterprise network? You might be surprised

The strangest connected devices are showing up, and the threats they pose to security should not be overlooked, says Jai Vijayan, Reporter for Dark Reading. Read More

Why Cyber Essentials should be the first key step on your cyber security journey

IFSEC Global sits down with Dr Emma Philpott, MBE, CEO of IASME, to understand how Cyber Essentials is helping to improve business cyber secure practices. Read More

A guide to the NIST Cyber Security Framework

An introduction to the NIST Cybersecurity Framework, its five core elements, the latest updates and UK equivalents. Read More

Cyber threats disrupt return of education

As if the return of the academic year wasn’t already disrupted enough from the COVID-19 pandemic, reports indicate that a number of UK institutions have also been subject to cyber-attacks during the summer. Read More