Category Archives: Cybersecurity

Cybersecurity, Finance and Banking, News, Tech

Fraudulese: online shoppers encouraged to learn about the language of fraud, as average UK consumer targeted twice a week

  • Younger people are more trusting of unsolicited messages, with Visa’s study finding one in four (25%) 18- to 34-year-olds would unknowingly trust a fraudulent message
  • Visa launches ‘Fraudulese’, to help consumers learn about the language of fraudsters and understand how to protect themselves from payment fraud online

Visa is empowering shoppers to learn about the language of fraud, helping them spot the communicative strategies commonly used by fraudsters and feel confident when shopping online.

Research by Visa shows that four in five (80%) UK consumers now make purchases online at least once a month[1]. However, with the majority (55%) of those who have received fraudulent messages seeing an increase in the last year, and the average UK consumer targeted twice a week, it’s more important than ever that shoppers are aware of the potential signs. Persuasive language and unusual spelling and grammar are widely recognised as common signs of fraud, but new analysis by researchers from the Aston Institute for Forensic Linguistics (AIFL), commissioned by Visa, has for the first time identified the communicative strategies used by fraudsters in short, one-off messages.

Amongst the examples of fraud analysed, which included text messages, emails and social media messages, it was discovered that inviting the recipient to click a link was the most common technique (87%). This was followed by asking the reader to resolve a ‘problem’ (72%), such as rearranging package delivery times or paying a late fee and highlighting unique offers (32%). Supporting these findings, the researchers found ‘click here’, ‘account information’ and ‘gift card’ to be the most commonly used phrases in fraudulent communications.

Dr Marton Petyko, Aston Institute for Forensic Linguistics, commented: “Our analysis is the first study of its kind that provides insight into how language is used by fraudsters in short, one-off messages, and is an important contribution to better understanding the things people should look out for when receiving unsolicited messages. By highlighting the communicative strategies, words and phrases used by fraudsters, we hope people can more easily spot the language of fraud as it stands today, which ultimately helps to protect them.”

THE IMITATION GAME

Fraud has become increasingly sophisticated, with senders able to imitate everything from the language commonly used by businesses or organisations to logos and names. Visa’s study also found that younger generations are particularly trusting of communications relating to products or services online:

  • Almost a quarter (23%) of respondents aged 18 to 34 say they’re unlikely to check messages about a service or product for spelling and grammar mistakes, while nearly three in ten (29%) are unlikely to consider how persuasive the language is.
  • When shown a fraudulent message, one in four (25%) of those surveyed aged between 18 and 34 said they would trust the message as legitimate, more than double the proportion of those aged 55 and over (11%).
  • Common reasons for trusting a fraudulent message were familiar wording (39%) such as the use of the reader’s name, and references to established companies. This was followed by respondents feeling the action required, such as clicking through to a webpage, was clear (36%) or that they recognised the brand name or product mentioned (34%).

 LEARNING ABOUT THE LANGUAGE

With fraudsters using various techniques to make themselves appear credible, Visa is encouraging consumers to learn about ‘Fraudulese’, to help them feel confident online.

 Mandy Lamb, Managing Director, UK & Ireland at Visa comments: “As we’re all spending more time online, it’s good to be aware of what we can do to keep ourselves safe. Our new study demonstrates how it can be hard to spot the signs of fraud in emails, texts and messages. That’s why we’re raising awareness of ‘Fraudulese’ and sharing our top tips for spotting the signs, so everyone has the tools to avoid falling victim. When it comes to paying with Visa, you can feel confident you are paying safely and securely, as Visa’s Zero Liability Policy* means you won’t be held responsible for unauthorised or fraudulent charges made with your account. “

 Visa’s top tips for spotting the signs of fraud:

  1. Spell-check messages – inconsistencies in the language used in a message, such as errors in grammar and spelling, or differences between the sender’s name and the URL link provided, could indicate it’s fraud. If you receive a message from a company or individual out of the blue, be vigilant in checking for these errors.
  2. Be cautious of urgent actions – language encouraging you to take urgent action is a common tactic used in bogus communications. Look out for phrases like ‘send (…) here’ or ‘click (…) below’, or undated timeframes such as ‘in 48 hours’ or ‘by tomorrow morning’. Always take the time to consider whether the message is genuine. If you think it’s fake, it’s important not to click on any links to avoid compromising your personal information.
  3. Watch out for suspicious asks – fraudsters often entice you by either highlighting a problem (e.g., asking you to rearrange a delivery) or making a tempting offer (e.g., suggesting you have won a prize). Think about your recent dealings with that organisation or individual. If you don’t recognise the problem you’re being asked to resolve or the offer they’re trying to get you to react to, it might be fraud. If you’re unsure, don’t click on any links or contact the sender in any way.
  4. Validate they are who they say they are – fraudsters often work hard to convince you of their credibility, sometimes using words and phrases that you might find in genuine communications. It can be hard to tell the difference, so if you are unsure, you can check by using a different form of communication to the one they have used to reach you. For example, if you get a text asking for bank information, try emailing or web chatting the company directly to check if it’s a true request.
  5. Check the message with someone you trust – people can be great at understanding language and communication in social contexts. It may sound obvious, but if you’re unsure about the legitimacy of a message, it can help to discuss it with someone you trust. They may have also received a similar message and might be able to help advise on the best course of action to take. Sharing your experience might save someone else from falling victim too.

 As a network working to protect payments, Visa is committed to tackling fraud to help everyone pay with confidence. In the unfortunate event that something does go wrong, Visa’s Zero Liability Policy* means you won’t be held responsible for unauthorised or fraudulent charges made with your account, so you can shop confidently in the knowledge that Visa helps protect you from payment fraud online.

If you are targeted by a fraudster, to help others avoid falling victim you can report it to Action Fraud or the National Cyber Security Centre. And if you think you have been defrauded, call your bank and explain the situation – they can often help you claim your money back.

To find out more about the protections you have when paying with Visa, click here.

[1] Research commissioned by Visa and conducted by Opinium with 2,000 nationally representative UK adults between 18 March 2022 and 23 March 2022.

Cybersecurity, Industry News, News

Rackspace Technology and Cohesity Partner to Offer Comprehensive Data Protection to Boost Business Resiliency Against Ransomware

Rackspace Technology has announced a strategic partnership with Cohesity to deliver multicloud managed backup and recovery solutions for Rackspace Technology customers globally. Under the partnership, Rackspace Technology will offer customers Rackspace Data Protection, a high-performance, software-defined Cohesity-Powered backup and recovery service that delivers cyber resilient managed backup and recovery across VMware-based clouds.

Cohesity DataProtect is the foundation of the Rackspace Data Protection solution which includes backup and recovery for VMware workloads and options such as advisory services and ransomware anomaly detection and remediation services. Rackspace Technology customers leveraging Rackspace Data Protection can gain access to several critical next-gen data management and protection advantages and efficiencies including:

  •  A Single, Simple Solution – Rackspace Data Protection simplifies global backup and recovery by replacing multiple point products with a single solution for on-premises or multicloud high-performance backup and recovery. It also allows organisations to protect and manage traditional and modern data sources from a single, global UI.
  •  Ransomware Remediation – Immutable snapshots help prevent ransomware from encrypting backup data, while machine learning-based anomaly detection can help uncover hidden threats and can play a key role in alerting customers to potential cyber attacks.
  •  Rapid Recovery at Scale – In the event of a cyber attack, natural disaster, or human error, fully hydrated snapshots can allow user admins with the right privilege to rapidly restore data at a granular level and applications to any point in time.
  •  Scaling While Shrinking Data and Storage Footprint – By eliminating complex and expensive on-premises forklift upgrades, organisations can easily scale without disruption. In addition, Rackspace Data Protection can optimise storage capacity and data mobility with global variable-length deduplication and compression to reduce customers’ data footprints and attack surface.

“The partnership with Cohesity gives our customers access to a proven, robust data protection solution that eliminates legacy backup silos and provides comprehensive protection against the array of rising data threats they are facing, including ransomware,” said Josh Prewitt, chief product officer at Rackspace Technology. “Customers can now manage and control data recovery from a single source, more efficiently store data, and eliminate potentially costly disruptions.”

Rackspace Technology is an industry recognised leader in providing VMware-based cloud services. Adding Cohesity’s data protection layer with integrated VMware Cloud Director (vCD) will help unify the efforts of SecOps and ITOps to better combat cyber threats and empower customers with self-service management. The managed service helps assure Rackspace Technology customers that their data and workloads running on VMware infrastructure are more resilient than ever.

“We are excited to engage in this partnership as it really addresses customers’ number one concern today, developing cyber resilience so they can quickly defend and if needed, rapidly recover data in the event of a cyber attack,” said John Theberge, vice president, global alliances, service providers and GSIs, Cohesity. “Our next-gen data management capabilities, including DataProtect, give Rackspace Technology customers a simple and powerful solution that can enhance their security posture, advance protection, and improve their business resiliency.”

Cybersecurity, News, Tech, Transport

New QR code mechanism launched to access real-time rail information if passenger information systems hit by cyber attacks

  • QR codes created for every UK station to enable rail passengers to access real-time rail journey information if station screens and operator websites go down

  • Information easily accessed by QR codes and delivered via Messenger without the need for new apps

Rail passengers will be able to access live departure times and journey updates across the UK via QR codes if rail network information systems are targeted by cyber attacks and station screens go dark.

The mechanism has been created by Zipabout, the UK’s leading personalised journey information provider, who have made QR code packs available to all their rail operator clients, including EMR and LNER,  for every UK station.

Scanning the QR codes connects passengers to National Rail Enquiries or a local train operator and provides them with personalised travel information via Messenger without the need to use another app or website. It is a quick and easy way of accessing real-time rail journey information, including the next three trains leaving the station to a chosen destination, disruption alerts and multi-leg planning. The service will also soon be available through WhatsApp.

The full list of QR codes can also be found on Zipabout’s website and passengers can search by individual station name  – https://www.zipabout.com/tools/live-departure-boards

Critical rail network infrastructure, including passenger information systems, has been identified as a potential UK target of Russian cyber attacks in response to sanctions, although there is currently no specific threat.

Alex Froom, CEO of Zipabout, said:

“QR codes have become well recognised over the course of the last two years, and are a simple but effective tool to keep rail passengers in the loop if their usual sources of information, such as station screens or operator websites, go down. We’ve made them available both via train operators and our website so in the unlikely event of a cyber attack, we can keep everything moving.”

Zipabout information personalisation technology powers the Alert Me service provided through National Rail Enquiries as well as information services for other train operators such as East Midlands Rail, c2c and LNER.

Cybersecurity, News

FTI Consulting selects SentinelOne to accelerate incident response and enhance cyber readiness services across global customer portfolio

Leading provider of cyber risk management and complex investigations for global organisations selects SentinelOne XDR

SentinelOne, an autonomous cybersecurity platform company, has announced a strategic alliance with FTI Consulting, a global business advisory firm. FTI Consulting strengthens its cybersecurity offering with SentinelOne’s Singularity XDR platform to proactively manage cyber risks and threats, accelerate incident response, and efficiently conduct investigations for its global customer portfolio.

“Speed is a critical element of effective cyber incident response,” said Anthony J. Ferrante, Global Head of Cybersecurity, FTI Consulting. “This is especially true for critical infrastructure, such as financial services, energy, and healthcare, where minimising downtime and ensuring service delivery to the public is essential. SentinelOne’s autonomous XDR technology eliminates tedious manual work typically required in incident response and allows us to rapidly and effectively mitigate risk for our customers.”

FTI Consulting’s global team of cybersecurity experts have extensive backgrounds in conducting complex cyber incident investigations. With decades of experience at the highest levels of law enforcement, intelligence agencies, and global private-sector institutions, FTI Consulting is trusted for industry-leading, end-to-end cybersecurity services. FTI Consulting deploys SentinelOne’s Singularity XDR platform and Storyline Active Response (STAR) technology in incident response cases to expedite response times and mitigate cyber risk.

SentinelOne’s AI-powered technology provides threat mitigation, remediation, and ransomware rollback capabilities – each delivered without human effort. This significantly speeds response times for FTI Consulting’s front-line experts.

“We’re honoured that FTI Consulting has selected SentinelOne as a key part of its cybersecurity services technology stack,” said Nicholas Warner, COO, SentinelOne.

“SentinelOne XDR is fast becoming the solution of choice for premier global consulting firms and incident response providers who understand the criticality of machine-speed detection and response in high-stakes cases. We look forward to working alongside FTI Consulting to allow the world’s leading enterprises to effectively prepare for and respond to advanced threats.”

 

Cybersecurity, Marketing, PR and SEO, News

Cyber experts help digital agency Autosermo gear up for expansion

A digital agency is primed for expansion following a successful collaboration with north west cyber security experts.

Autosermo, which develops automated chat and voice messaging technology for a range of public and private sector clients, worked with the Greater Manchester Cyber Foundry to develop enhancements to its offering in a cyber-secure way.

Steven Booth, founder and chief executive of Manchester-based Autosermo, said the company has been able to improve internal processes, refine the customer experience and win new clients after teaming up with the GM Cyber Foundry.

The GM Cyber Foundry is a £6m scheme which helps innovative companies to develop digital products and services in a cyber-secure way.

More than 130 business have benefited from the initiative since its launch in 2018.

It brings together experts from Manchester Metropolitan University, the University of Manchester, the University of Salford and Lancaster University to share their expertise with SMEs and help them to innovate and grow while defending data, systems and software from cyber-attacks.

In partnership with the GM Cyber Foundry, companies undertake research and development projects which are fully funded by the European Regional Development Fund.

Autosermo builds bespoke messaging technology for organisations and companies worldwide, including government departments and Citizens Advice as well as manufacturers and retail giants such as Greggs.

Much of its work has historically involved creating dashboards that enable its clients to manage machine-learning driven responses to customer queries and searches via Facebook.

However, Steven said companies and organisations are increasingly looking to develop their own non-social media messenger software as well as expand their focus on platforms such as WhatsApp and TikTok.

He said: “We may be looking at a post-Facebook world, whereby firms place greater reliance on their own in-house development of messenger software – through which they are the sole controller of the customers’ data – as well as expanding to other social media platforms, such as TikTok.

“The advice and assistance we have received from the Greater Manchester Cyber Foundry has played a vital part in enabling us to further develop our technology and gear up for significant expansion.

“A series of workshops provided a valuable insight into current thinking on security excellence and techniques.

“What followed was a technical review, recommendations and user experience testing, which provided tangible outcomes that we could deploy in the business.

“Being able to demonstrate the organisational and application security of our technology has allowed us to on-board more customers and develop our offering in a way which gives clients and stakeholders great confidence that our technology is secure and more resistant to cyber-attacks.”

Dr Allen Fairchild, of Salford University, who is one of the GM Cyber Foundry team of experts, said: “Working with Steven at Autosermo was a pleasure. He was fully engaged with the process and had a very positive attitude towards cyber security and our programme.

“His willingness to work with us meant he was open and transparent, sharing all the requested information which allowed us to review his processes and carry out a security audit, enabled us to provide the best possible bespoke assistance to enhance his business strategy.”

Steven said: “The GM Cyber Foundry provided crucial and invaluable help for us, enabling us to grow and take Autosermo to the next level.

“Its input has demonstrated that a security audit before planning any other works will result in better security practices and downstream cost savings.”

Careers, Cybersecurity, News

Why a career in cyber is more exhilarating than you might think

Written by Anthony Webb, VP International, A10 Networks 

Back in 2019, I wrote an article about the talent shortfall in technology and cybersecurity and unfortunately since the pandemic and because of Brexit that gap, particularly here in the UK, has only widened. As of 2021, the global talent shortage already amounts to40 million skilled workers worldwide. By 2030, the global talent shortage is predicted to reach 85.2 million workers.

This means that companies worldwide risk losing $8.4 trillion in revenue because of the lack of skilled talent. This gap is keenly felt in security and again there is currently a shortage of 350,000+ cybersecurity specialists in Europe alone.

I firmly believe that today’s culture of security will only be as strong as tomorrow’s talent. And as the talent gap continues, companies need to get creative about how and where they find the next cyber expert.

 

No recognised career path

While the cybersecurity industry is a fantastic and dynamic place to work, unfortunately there is no recognised career path. Therefore, vendors need to do more to attract young talent into the sector. This industry has very low unemployment, and as mentioned above, many countries have a deficit of employees. It is a very fast-moving and exciting industry, but sometimes I feel like a lone crusader when I talk about the benefits of this industry to younger people. It’s true that many are not aware the industry exists as a career option.

I think this is because there are no specific university degrees in cybersecurity, so it is not viewed as a natural career choice to pursue. However, I did see that the NCSC has just started to offer degree apprenticeships in cyber, but it is the only certified degree apprenticeship in England and Wales Bursary and Degree Apprenticeship – NCSC.GOV.UK.

The NCSC CyberFirst programme is designed to help young people explore their passion for tech by introducing them to cybersecurity. CyberFirst covers a broad range of activities and offers a bursary to financially support undergraduates through university in a subject of their choice, in addition to a cybersecurity degree apprenticeship scheme.

This is fantastic, but the industry needs to do more, such as partnering with local schools and funding more science, technology, engineering, and mathematics (STEM) programmes. We need to create more internship and apprenticeship opportunities for early talent – like the NCSC programme – and in addition vendors should look at launching robust upskilling or retraining initiatives internally.

 

Passionate problem solvers

In terms of the key attributes this profession requires, anyone looking towards a career in cybersecurity needs to be able to thrive in an environment that is dynamic and fast moving. This is a sector that is critical to the UK economy and to the daily lives of people up and down the country.

Therefore, you need to be calm under pressure, lateral thinkers, versatile and a bit of a problem solver. It’s the same as any industry; police officers have chosen that career path through a desire to protect the public. Cybersecurity professionals are passionate about protecting the infrastructure of nations and enterprises. You will have an important job to do, but an exhilarating one too. Because without even thinking about it, people, businesses and institutions all over the UK are relying on the team that defends our digital world.

In terms of other skills, cybersecurity professionals need to be able to simplify complex issues and communicate in layman’s terms. This means that anyone in the organisation – from the board to the receptionist – can understand how to protect the business.

 

High stakes, high rewards

Today, we live in a world where our phones are rarely out of our hands and our laptops make every task easy. Since the pandemic we’ve gone online for just about everything and this means we are exposing more data than ever. This reliance on technology makes it so important to protect it and this is an industry where the stakes are high, especially if a customer is breached, we’ve all read the unfortunate headlines that this creates. Having said that, anyone working in the industry will know the rewards are also high. Cybersecurity professionals have the opportunity to not only solve problems but use technology for good.

The pandemic has shone a light on the escalating threat landscape in all professions, and the implications if a credit card is compromised, or if someone clicks on a phishing link. Hackers can earn more money than ever, so the cybersecurity industry needs to respond with innovative people interested in growing their career and who can think like a cybercriminal. It’s a game of cat and mouse; the more hackers we face, the smarter security professionals we need.

 

Start early

There are many routes to explore so where should someone interested in a career in cyber start?

I would recommend that any young person gets as much varied experience as possible. In today’s work environment, the days of working for one company for your entire career are over. Likewise, the cybersecurity industry needs to do a better job at educating and informing those about to enter the workforce about careers in cybersecurity.

Resources like the NCSC provide more information about cyber apprenticeships, and hopefully in the near term we will start to see other similar initiatives. Additionally, I’m a real advocate for experiencing as much as you can; if you get offered an assignment abroad, grasp it with both hands. You’ll become more rounded in learning how different cultures deal with data protection and cybersecurity trends.

My advice is to learn as much as you can. It may sound clichéd, but it is a profession that requires you to be constantly studying and improving yourself. Begin with trying to spark an interest in the industry through online learning, reading books, and even reading the security-related news. From here, you will start to see if the whole idea behind cybersecurity is something you are interested in and want to pursue as a career.

And remember, always be humble and above all be passionate about what you do. Technology will always find a way to solve a cybersecurity problem.

Cybersecurity, News

Only a third of CIOs cite cyber-risk mitigation as a performance measure

London, United Kingdom, 23rd March 2022: While 94% of CIOs acknowledge some form of serious threat over the next 12 months, only 27% list business continuity and resilience as a top-three priority during the next 12 months and barely a third cite risk mitigation as a measure of performance. These findings come from the fourth and concluding section of the 2021 Global CIO Survey from Logicalis, a global provider of IT solutions.

The study which surveyed 1,000 CIOs from around the world, finds that nearly half of respondents (47%) see data breaches as the biggest risk to their organisation (an increase of 6% from last year). Following data breaches, CIOs state malware and ransomware (39%) as other key areas of concern.

The perceived risk of a data breach is likely to have risen due to the increase in borderless workforces as employees continue to work from home or adopt hybrid working practices. When they occur, data breaches can lead to a range of issues from loss of business-critical data and stalled business growth, and in the most serious cases – the complete shutdown of a business.

Less than a third of CIOs (30%) cite lack of staff awareness as a security issue, down from 50% last year. This perceived improvement in staff awareness is due in part to an emphasised investment in additional training and technology measures to mitigate security risks. In fact, over 50% of CIOs state their organisations invested in employee security training this year, likely to help prevent data breaches originating from employee activity.

Other areas of investment include:

  • Security technology – 66%
  • Business continuity planning – 40%
  • Third-party support through expert MSPs– 35%

However, CIOs still feel their organisations have a long way to go in investing in comprehensive security measures. Despite the rapidly increasing cybersecurity risks, more than half of businesses (55%) have yet to adopt a cyber-attack recovery plan.

Toby Alcock, CTO of Logicalis says: “Over the last 18 months, many businesses set up interim solutions to cope with remote working with security and disaster recovery very much experiencing a trial by fire. Some measures worked, but more action is needed to secure hybrid workers and enhance business resilience.”

“Businesses should adopt a holistic security approach with the capabilities to detect and respond to threats before they even take place. Predictive outlooks will fully protect the hybrid workforce and empower them to deliver optimal results for customers. Adopting technology to mitigate risk will also help businesses adapt to future obstacles, whether cyberattack-related or further market disruption. With a comprehensive plan, created with advice from a trusted partner, companies can rest assured knowing they’re protected.”

For more information, and to explore additional key findings from the 2021 Logicalis Global CIO Survey, visit here: https://resources.logicalis.com/cio-priorities-business-continuity-resilience-and-mitigating-risk.

Cybersecurity, News, North of England

Open source intelligence experts launch DarkInvader -continuous dark web monitoring provides early warning of data breaches-

The team behind award-winning cyber security consultancy, Pentest People, have launched a new business that provides organisations with early warning of data breaches. DarkInvader continuously trawls the dark web and hacker forums for caches of stolen data associated with a user’s organisation, so that they can respond to incidents more quickly and prevent further damage. DarkInvader was co-founded by serial entrepreneurs, Andrew Mason and Robin Hill, along with technical director, Gavin Watson and sales director, Anthony Harvey, who has already won a number of public sector contracts for the new company.

Under GDPR, organisations are legally bound to inform the Information Commissioner’s Office (ICO) within 72 hours of a data breach and alert affected customers. However, stealthy hackers often lurk on networks for long periods, increasing their access privileges, while organisations are unaware that their systems have been penetrated.

DarkInvader’s software automatically scans hundreds of thousands of illicit online marketplaces and millions of dark web pages to identify key pieces of information that indicate that an organisation’s stores of payment card data, passport numbers, healthcare records and other sensitive personally identifiable data have been compromised.

To bolster the automated searches, the company’s cyber security researchers also manually monitor hacker forums for conversations indicating new exploits. This blended approach, combining the best dark web scanning automation with human research and open source intelligence gathering, helps organisations to act more quickly to prevent leaked credentials being used to log into critical systems and cause further damage, or steal customers’ data.

When a breach is confirmed, DarkInvader provides the affected organisation with a risk report on the severity, along with remediation advice to help the company to identify and block the source of the leak to prevent escalation.

DarkInvader co-founder, Andrew Mason, said, “Organisations often don’t realise they’ve been hacked until we tell them that their data is being offered for sale on forums and secret websites that are not easily accessible to the general public. Our combination of technology and human research allows us to identify threats earlier than standard dark web automation tools.”

DarkInvader provides a full monitoring and consultancy service to organisations that do not have their own in-house security experts. Larger organisations with their own cyber security teams can also sign up to receive DarkInvader alerts allowing them to assess the veracity and severity of suspected data leaks to prevent leaked data being used to attack critical systems.

“Even with robust cyber defences in place, a brand new web vulnerability, an unpatched server, or a misconfigured device can create a small chink in an organisation’s armour that gets exploited by determined hackers. Like a river pollution alarm alerting a factory that it’s leaking chemicals, if company records are found on the dark web this cannot be ignored,” says technical director, Gavin Watson, “DarkInvader provides the last line of defence.”

DarkInvader is the third company co-founded by Anthony Harvey and Gavin Watson and the sixth business launched by Andrew Mason and Robin Hill who employ more than a hundred and fifty people in Leeds and Cheltenham. Their fast-growth companies have well-established apprentice schemes and graduate recruitment programmes, with strong links to local schools and universities.

 

About DarkInvader:

DarkInvader provides automated dark web scans, backed by world-class research. The company was founded by the cybersecurity experts who founded Pentest People, Data Protection People, ShadowAPI, Rapidspike and cybersecurity consultancy, RandomStorm, which was acquired by Accumuli Security PLC in 2014.

DarkInvader’s Dark Web Monitoring Tool indexes hundreds of thousands of dark web sites using its recursive, depthless web crawler. Millions of dark web pages are indexed, while our experts use OSINT to perform manual searches and analyse hacker forums to spot new data breaches. Our combination of cutting-edge automation and expert cyber security researchers helps organisations to find leaked data faster.

Dark Invader provides RAG severity ratings to breaches, along with customised pro-active preventative measures, helping organisations to respond to emerging threats quickly and efficiently to prevent breaches leading to critical incidents.

For more information, please visit https://www.darkinvader.io/

 

 

Cybersecurity, News, Tech Thought Leadership

The role of Threat Intelligence Platforms in Implementing Extended Detection and Response

Written by Gigi Schumm, SVP of sales at ThreatQuotient

As the new year continues to unfold, cybersecurity budget holders will be deep into the process of identifying where to allocate funds to best enhance protection against cyberthreats. The good news is that budgets are rising, with industry commentators frequently reporting that companies are committing more money to strengthening their posture against persistent and sophisticated threats.

Firmly on the list of favoured approaches is extended detection and response (XDR), which has been rapidly gathering momentum in the past two years. Analysts are predicting triple digit growth in the market as businesses aim to implement a complete, end-to-end security approach.  However, before businesses dive headlong into XDR investments, it is worth exploring what we mean by XDR, how it fits with existing tools, and where threat intelligence platforms can be leveraged to help companies bridge the delta between what they have now and an ideal future state of effective XDR.

XDR – what is it?

Right now, there are several definitions aiming to capture what constitutes XDR, but we think analyst Jon Oltsik of ESG offers a strong summary, describing XDR as:  “an integrated suite of security products spanning hybrid IT architectures, designed to interoperate and coordinate on threat prevention, detection and response.  In other words, XDR unifies control points, security telemetry, analytics, and operations into one enterprise system.”

In effect, XDR is not just a combination of one or two security tools, such as EDR and SIEM. It must be capable of normalising and correlating data from all security tools – across multiple vendors and form factors – and automatically and acting on the insights delivered.

The challenge for organisations, as they explore how to implement XDR for their business, is that they are all unique. Over time they have organically built a heterogeneous suite of protection technologies and tactics based on needs that have emerged and the threat they pose to the business. Tools have been procured to deal with specific aspects of cybersecurity threats and management: firewalls, anti-virus, and endpoint detection and response, to name just a few. As a result, the security estate is often sprawling, and big companies can have up to 80 vendors on the books. Some are household names, and some have been chosen as best-of-breed in their particular use case for the organisation. Many – originating before the shift in philosophy towards open APIs and integration – have locked-in their customers in a bid to retain their position in intensely competitive markets.

Unsurprisingly, the result of this is that there is very little appetite to rip and replace this legacy investment with an entirely new solution. Plus, in the fast-moving environment, new tools and vendors will continue to emerge to deal with new use cases, and businesses want to retain the flexibility to on-board new solutions as they need to. Therefore, tearing out existing systems and putting all their security eggs into one basket is not appealing.

Where threat intelligence platforms can power XDR

Instead of writing off all previous security investment, the better approach is to find a way to unlock the siloes to better integrate and operationalise the wealth of data that organisations already collect. A threat intelligence platform functions as a repository for data and intelligence from internal and external resources and should be a conduit between existing security technology and cloud-based security offerings. The power of the platform is providing seamless integrations with existing tools, allowing security teams to benefit from all the information that already exists within their security set up, without suffering data overload.

Once collected, a key function of the platform is to contextualise data. By acting as a single source of truth for teams and bringing in third party feeds, the internal data is enriched with context. When this is overlaid with policy decisions and risk analysis, alerts can be automatically prioritised. This helps security teams recognise which threats are highly relevant for them and the priority in which they need to be managed.

A well-implemented threat intelligence platform also lowers the number of false positives. For example, intelligence feeds that are known to be particularly chatty or more likely to deliver false positives can be assigned lower priority scores than an internal Splunk feed, for example. This helps teams reduce the noise and gain confidence in the validity of the alerts they receive. This results in accelerated security operations and a better work environment for security teams.

Building corporate cybersecurity memory

Something many organisations struggle with – especially right now – is employee turnover. The human capital lost when analysts move on is significant; it can leave businesses exposed until new employees get up to speed. A threat intelligence platform builds a record of threats identified, how they were triaged and managed. This creates a corporate memory of the threats and responses the business has experienced allowing new team members to benefit from the work of their predecessors.

Ultimately, as organisations pursue the transition to comprehensive XDR, they should consider how a Threat Intelligence Platform can power effective XDR and support their security teams to accelerate operations, without writing off historical investment.

Cybersecurity, News, Tech Thought Leadership

4 Strategies to Avoid Cybersecurity Burnout

Written by Adrian Taylor, VP of EMEA at A10 Networks 

CSOs, CIOs and CISOs have never had it so tough. Alongside their traditional responsibilities, they must now face a cybersecurity threat environment that is growing exponentially, and a growing cyberskills gap. As a result, many of them are reporting burnout.

Today, ransomware has become one of the greatest network security threats organisations have to deal with. Increasingly sophisticated and distributed at a high speed via the internet and private networks using military-grade encryption, today’s ransomware attacks demand multimillion-pound ransoms. Ransomware is expected to cost businesses around £15 billion this year and nearly £200 billion by 2031, and this  is only one of the many threats organisations have to deal with.

There are also distributed denial of service (DDoS) attacks, Man in the Middle (MitM) attacks, social engineering, insider threats, malware, and advanced persistent threats (APTs) to contend with – and those are just the most common network security threats. As organisations prepare for 2022, and cybersecurity professionals return from a hard-earned break, here are four strategies to make cybersecurity professionals’ organisations safer from the countless network security threats they’ll be facing in the near future:

1. Create a “Security-first” Culture

The problem for CSOs is that, while most employees have some basic knowledge of cybersecurity best practices, that is pretty much all they have. Without ongoing training, knowledge testing and awareness, staff behaviour is one of the biggest cybersecurity risks that organisations face.

A study by Accenture revealed that less than half of new employees receive cybersecurity training and regular updates throughout their career. Just four in ten respondents said insider threat programs were a high priority.

Organisations must look to create a robust and distributed digital immune system with a radical re-engineering of staff behaviour. Business leaders need to have accountability for cybersecurity; security teams need to collaborate with business leaders to create and implement policies that will actually work, and those policies need to be routinely re-evaluated and tested.

 

2. Create a Continuous Security Education Program

A “security-first” culture requires that all members of the culture appreciate the concept of network security threats. For this to actually have an impact on culture, however, staff must be trained routinely to ensure that their knowledge is current.

 

3. Implement a Zero-Trust Model Throughout the Business

Well-trained staff and a monitored environment are crucial to the successful protection of any organisation but without a foundational Zero Trust environment, defences will be intrinsically weak.

The Zero Trust model is a strategy for preventing network security threats that all enterprises and governments should be using to defend their networks. It consists of four components:

 

  • Network traffic control: Engineering networks to have micro-segments and micro-perimeters ensures that network traffic flow is restricted and limits the impact of overly broad user privileges and access. The goal is to allow only as much network access to services as is needed to get the job done. Anything beyond the minimum is a potential threat.
  • Instrumentation: The ability to monitor network traffic in-depth along with comprehensive analytics and response automation provides fast and effective incident detection.
  • Multi-vendor network integration: Real networks aren’t limited to a single vendor. Even if they could be, additional tools are still needed to provide the features that a single vendor won’t provide. The goal is to get all of the multi-vendor network components working together as seamlessly as possible to enable compliance and unified cybersecurity. This is a very difficult and complex project but keeping this strategic goal in mind as the network evolves will create a far more effective cybersecurity posture.
  • Monitoring: Ensure comprehensive and centralised visibility into users, devices, data, the network, and workflows. This also includes visibility into all encrypted channels.

At its core, the Zero Trust model is based on not trusting anyone or anything on the company. This means that network access is never granted without the network knowing exactly who or what is gaining access.

 

4. Establish and Test Disaster Recovery Plans 

A key part of a disaster recovery plan involves backups. However, it is surprising how often restoring from backup systems in real-world situations doesn’t perform as expected. It’s important to know which digital assets are and are not included in backups and how long it will take to restore content.

CSOs should plan the order in which backed-up resources will be recovered, know what the start-up window will be, and test backups as a routine task with specific validation checks to ensure that a recovery is possible.

 

Staying Secure

The CSO’s job isn’t getting any easier, but solid planning using the four strategies will help ensure an organisation’s digital safety. In addition, partnering with top-level enterprise cybersecurity vendors will ensure that critical security technology and best practices are central to the organisation’s cybersecurity strategy.