Category Archives: Cybersecurity

Cybersecurity

Shrinking the cyberattack threat window – with InfiniSafe® Automated Cyber Protection (ACP)

Written By: Eric Herzog, CMO, Infinidat

The threat of a cyberattack has become so pronounced that in the 2023 survey of Fortune 500 CEOs, cybersecurity was cited as the #2 threat to their companies. These incidents are on the rise. As Prof Stuart Madnick from MIT wrote in a recent research paper, the number of data breaches between 2022 and 2023 rose by 20% and this frequency continues to increase. It’s not surprising because hackers want to wreak havoc and, in our data-driven society, breaches cause extensive damage and long-lasting suffering to enterprises and individuals alike.

So, if enterprises are investing millions of pounds into their cyber protection armour and disaster recovery strategy, why are hackers still managing to profit from data disasters? One of the big contributors to organisational vulnerability is the lack of integration between primary and secondary storage infrastructure and the data centre-wide cyber security software applications employed to spot suspicious activity.

If we assume that a cyberattack will take place at some point – this is a somewhat inevitable situation for enterprises to acknowledge – the question now for security administrators becomes less about attack prevention and one of attack recovery.  How can storage experts shrink the window of threat to their organisations once security systems have been compromised? And how do they minimise the impact of a cyberattack both internally and externally? It’s impossible to keep cyberattacks quiet. New laws and regulations for reporting cyber incidents for public companies in the USA and specific regulations pertaining to and written by the European Union, have made knowledge of these attacks highly visible to the public.

Part of the problem is that traditional storage backup methods using immutable snapshots are only effective to a point, because snapshot schedules are not automated. This means they are not running constantly and may even require manual intervention, which leaves dangerous gaps in data protection. Even replication means that data is available but not really protected, because once it is corrupted or encrypted, the compromised data can also be replicated, potentially causing even more havoc. Overcoming these problems is not a new challenge and has been part of the disaster recovery challenge for many years.

Enterprises have been trying to protect themselves from these threats, typically by employing teams of people to monitor and manage their cybersecurity. In spite of this, it can still take hours to determine if someone should call a storage admin and say, “we detected something in server x, why don’t you snapshot the data as soon as possible?” The reality is that this call often never happens, leaving the vulnerability window wide open for attackers to proliferate data corruption, encryption, or other attack vectors against enterprise data. For instance, if immutable snaps are taken four times a day, that means up to a 6-hour RPO (recovery point objective). Today, the amount of data that could be compromised in that timeframe can ruin a business.

To help ameliorate these issues Infinidat has developed a unique new solution to solve this longstanding problem and reduce the threat window. InfiniSafe® Automated Cyber Protection (ACP) is unique in allowing enterprises to regain control of the chaos that cyber attackers bring on, saving time, money and risks to reputation. It is available free for users of the new InfiniBox G4 family of InfiniBox® and InfiniBox SSA enterprise storage solutions and has been given rave reviews by storage and security industry analysts across the world.

According to Krista Macomber, Research Director at the Futurum Group, “Infinidat’s complete solutions have taken the lead by leveraging the syslog of security technologies, such as SIEM and SOAR to detect and respond to anomalies that belie potential threats.”

Storage analyst firm founder Chris Evans of Architecting IT, said, “Infinidat has carved out a unique leadership position as the only storage vendor to offer an automated enterprise storage cyber protection solution that seamlessly integrates with cyber security software applications.”

Andrew Buss, Senior Research Director, EMEA Future of Digital Infrastructure at IDC commented that “Infinidat has built on its proven and scalable storage platform to deliver a storage architecture that can deliver not only on today’s demanding requirements, but also on future storage needs as application demands continue to inexorably increase.”

How does InfiniSafe ACP work?

InfiniSafe ACP works to reduce the cyberattack threat window to enterprise data at the speed of compute, by automatically triggering a protection scheme to create immutable snapshots of any data within the InfiniBox SSA and InfiniBox platforms. These requests come directly from the enterprises’ cyber security software environments, the SOC, SIEM or SOAR, as soon as any concerning changes or events are detected. Application environments like these have extensible interfaces and so tying them together with the well-defined InfiniSafe reference architecture provides a fully automated set of seamless capabilities. These capabilities can be orchestrated to proactively and quickly create immutable snapshots to protect the most critical primary data assets.

InfiniSafe Cyber Detection can be integrated with ACP to take the process to the next step.  InfiniSafe Cyber Detection performs deep scanning of block, file, and database stores by presenting immutable snapshots to a powerful AI-based scanning engine. This validates the data integrity and through AI-based machine learning, can identify any malicious changes as a result of the cyberattack. More importantly, the scanning process uses more than 200 data points to determine which data may have been compromised, with 99.99% accuracy.

This ensures that any additional forensics are highly defined and easy to act on, by minimising any possible false positives. You need to be fast and accurate when dealing with a cyber event. Such a rapid, automated response means that full recovery from an attack can be guaranteed for entire snapshots of data, regardless of volumes.

Being prepared for cyberattacks is everything today. It’s not a matter of if cyber attackers will strike, it’s a matter of when and how often. Bad actors will attempt to create chaos and gain leverage over your most critical data assets if you are not prepared. Knowing the state of your data by proactively keeping it protected beyond scheduled events, is a key component to reducing the threat window, gaining back leverage, and thwarting those looking to extort you by compromising your data. Now InfiniSafe ACP is making these goals easier for every enterprise to achieve.

Author: Eric Herzog, CMO, Infinidat

Read more about how InfiniSafe ACP is reducing the threat window: https://www.infinidat.com/en/resource-pdfs/infinisafe-automated-cyber-protection.pdf

www.infinidat.com

Cybersecurity, Data & Analytics, GDPR

UK Data Privacy Likely to Need Urgent Protection after Election, say Experts

As the Election fast approaches, many working with the technology and data protection sector are calling for the new Government to consider urgently improving the UK’s data privacy protections, with many high profile breaches over the last few years.

Only yesterday, Simon Bain, CEO and founder at OmniIndex told UK Tech News that the UK Electoral Commission suffered a data breach in 2023, and raised concerns that the extra data to be collected from voter ID tomorrow may not be adequately protected.  He told us:

“While much has been said of the legislation’s impact on the public’s ability to exercise its democratic right, there are larger issues at play concerning the protection of what is highly sensitive and private data. The government holds an immense volume of data on the general public, and frankly, it is doing very little to protect it from being stolen.”

Erin Nicholson, Global Head of Data Protection and Privacy at Thoughtworks explains why tackling data protection in the UK must be an urgent priority for the new administration:

 “Our data-driven world thrives on personal data, creating a need for a comprehensive legal framework for privacy. A strong data privacy regime isn’t just about technicalities; it’s about building trust, security, and a society where everyone benefits.

“The UK’s current system is failing. Frequent regulatory changes burden businesses without offering clear advantages for the public. The newly elected government needed to enforce a reboot: a stable, internationally aligned system that empowers individuals.

“The focus should be twofold: compliance and empowerment. 

“Clear, consistent guidance alongside well-defined international standards will propel us in responsible AI development. Existing data protection laws need stronger enforcement across the board. We also need to empower more data sharing, with Singapore’s model that offers valuable lessons for optimising data flows to safeguard vulnerable populations.

“Equipping businesses, particularly smaller ones, is crucial. Robust technical guidance on data minimisation, anonymisation, and mitigating bias in AI systems will empower them and foster responsible AI practices.

“The public needs to be equipped as well. Integrating data privacy and security education into school curriculums will foster a more informed public. A data-literate public embraces responsible AI development. By prioritising clear communication and education, we can alleviate anxieties and ensure data privacy is understood, not feared.

“This approach strikes the balance: fostering innovation while keeping individuals’ data secure. It’s all about clear communication, strong enforcement, and empowering everyone involved.”

Cybersecurity, News

SYTECH Urges Businesses to Bolster Cyber Security

SYTECH Consultants, the leading cyber security and digital forensics expert, calls on businesses working with high volumes of customer data to prioritise cyber security, following a large-scale cyberattack affecting a spate of well-known companies.

In light of the occurrence, which saw hackers target Snowflake, a third-party cloud storage data company working with large firms such as Ticketmaster and Santander, SYTECH has issued guidance for businesses to support them in remaining vigilant.

Mark Wilshaw, Cyber Security Services Manager at SYTECH explained: “In the current digital age, cybersecurity and awareness are critical for businesses. While attackers continue to use the same methods to gain access to data and the level of breaches remains consistent, we are seeing a heightened focus on the value of the targeted data, largely focusing on where it is stored. There will likely be an uplift in the number of cloud services which are compromised as ultimately, that’s where the value is in terms of the data held. In this instance, the cloud storage provider Snowflake was the initial target of the breach, however, the attack has had a much wider impact affecting several companies and millions of customers.

“To mitigate the risk of these attacks, considering the supply chain in security is key and supplier evaluations can prove invaluable. When working with third-party cloud-based suppliers, question the data protection process in place –  for example, do they adhere to the ‘14 cloud security principles’ issued by the National Cyber Security Centre to ensure that data stored and processed in the cloud is done so as securely as possible?

“General staff awareness training can also bolster the security of customer data. Key areas to cover should include password management guidance to advise how to select strong passwords and keep them safe, social engineering awareness to determine how to spot if someone is attempting to obtain sensitive information via social engineering (e.g. calling the office pretending to be IT and asking for passwords), and phishing awareness training to recognise the telltale signs that an email is phishing. In addition, phishing assessments could also be carried out to test team members on their ability to spot phishing emails.

“Another aspect to consider when holding data is the access to that data; often, single-factor authentication does not offer the required level of protection and all sensitive accounts should be protected with multi-factor authentication to give a heightened level of protection.

“Significantly, further opportunities to enhance cyber security come from undergoing and achieving relevant certifications. For example, the government-backed Cyber Essentials scheme not only helps to protect organisations against some of the most common cyberattacks, but also provides reassurance to customers that the business is taking a proactive stance and that all precautions to protect and minimise digital risk have been taken.”

 

From its offices in Stoke-on-Trent and South Wales, and established in 1978, SYTECH provides all aspects of digital forensics and cyber services (Cyber Essentials, penetration testing etc), consultancy and training, for national public sector organisations and major blue chip organisations. Predominantly working on behalf of the Criminal Justice System, and associated stakeholders, the company maintains a highly experienced, multi-discipline team of Professional Expert Witnesses and Analysts, who each specialise in complementary areas, working to understand the unique requirements of each business.

SYTECH is accredited under ISO 17025 and Forensic Science Code of Practice and Conduct (FSR-C-100), and certified for ISO 27001, ISO 9001 and ISO 14001.  SYTECH delivers consultancy and on-the-ground training support services for businesses striving to achieve ISO/IEC 17025 Quality Standards. With nine years of testing and calibration laboratory experience, and having secured the rigorous accreditation themselves, the experienced consultancy team can assist laboratories and businesses to achieve the accreditation – and maintain their status thereafter.

For more information on SYTECH visit: https://sytech-consultants.com/

AI, Cybersecurity, News

New privacy research pegs AI as a rival threat to cybercrime

  • More than half of developers believe AI will almost equal Cybercrime in terms of risk to data privacy
  • Developers concerned about current regulatory frameworks, with 98% advocating for proactive measures to address future data privacy concerns

 

21st May 2024: New research* released today reveals the extent of concern regarding the future threat posed by AI and Machine learning to our privacy.

Cybercrime is still seen as the main threat with 55%, but AI comes in close second at 53%.  Despite AI being a relatively new menace, the research shows that developers believe the technology is a threat that is rapidly catching up with cybercrime, as it becomes more mainstream. The cost of cybercrime is projected to reach $13.82 trillion by 2028: the reality is that with increasingly sophisticated AI potentially in the hands of a new generation of cybercriminals, this cost could grow exponentially.

The study, commissioned by Zama – a Paris-based deep tech cryptography firm specialising in the world of Fully Homomorphic Encryption (FHE)* – surveyed developers across both the UK and US.

During the research, more than 1000 UK and US Developers were asked their opinions on the subject of privacy, to uncover insight from the people that build privacy protection into everyday applications.  The research revealed developers’ own perceptions and relationship with privacy, delving into subjects such as , what privacy considerations should be at the centre of evolving innovation frameworks, who holds the ultimate ownership of privacy and what their opinion is on the approach to regulation.

 

In addition to the findings revealing significant concerns about AI’s threat, the research also reveals that 98% of developers believe that steps need to be taken now to address future privacy and regulation framework concerns.  72% also said that regulations made to protect privacy are not built for the future with 56% believing that dynamic regulatory structures – which are meant to be adaptable to tech advancements – could pose an actual threat.

“Despite cybercrime expected to surge in the next few years to the cost of trillions, 55% of developers we surveyed in our research stated that they feel cybercrime is only ‘marginally more of an issue’ than the threat to privacy that AI will pose. We have seen from our work that many developers are the real champions of privacy in organisations and the fact that they have some legitimate concerns about the privacy of our data, in relation to the surge in AI adoption, is a real worry,” says Pascal Palier, CTO and Co-founder of of Zama.

“Zama shares the concerns expressed by developers about the privacy risks posed by AI and its potential irresponsible use. Regulators and policymakers should take this insight into consideration as they try to navigate this new world. It’s important not to underestimate the very real threat highlighted by the experts who are thinking about protecting privacy every day, and make sure upcoming regulations address the increased risks to users’ privacy,” he added.

 

The survey went on to reveal that 30% of developers believe that those behind making the regulations are not as knowledgeable as they could be about all the technologies that should be taken into consideration, also presents a real danger, while 17% believe this would pose a possible threat to future tech advancements.

 

“It’s undoubtedly an exciting time for innovation, especially with AI advancements developing as fast as they have. But with every new development, privacy must be at the centre; it’s the only way to ensure the data that powers new innovative use cases is protected. Developers know this,  embracing the vision championed by Zama in which they have the ability and responsibility of safeguarding the privacy of their users. It’s clear, in analysing their insights, that they would like to see regulators taking more responsibility for understanding how Privacy Enhancing Technologies can be used to ensure privacy of use for even the newest of innovations, including Gen AI. Advanced encryption technology such as FHE can play a positive role in ensuring innovation can still flourish, while protecting privacy at the same time,” he adds.

References

*FHE, Fully Homomorphic Encryption

FHE is an encryption technique that enables processing data without decrypting it. With data encrypted both in transit and during processing, everything you do online could be encrypted end-to-end, allowing companies and organisations to offer their services without ever seeing their users’ data — and users will never notice a difference in functionality.

The research was carried out by Research Without Barriers (RWB) between 9th January 2024 and 8th February 2024 with a sample comprising 1,098 Developers from the UK (571) & USA (527).

About Zama

Zama is a cryptography company building open-source homomorphic encryption solutions for blockchain and AI. Their technology enables a broad range of privacy-preserving use cases, from confidential smart contracts to encrypted machine learning and privacy-preserving cloud applications. Zama was founded by Pascal Paillier and Rand Hindi, and currently has the largest research team in homomorphic encryption.

Since it was founded in 2020, Zama has established itself as the main actor shaping the FHE market, having already made significant contributions to the field of data privacy and encryption, including 17+ filed patent families, $100 million in secured deals and the successful delivery of four innovative products/solutions to the market.

 

 

Cybersecurity

Learning at work week: cybersecurity specialist shares his top tips to help stay one step ahead of the hackers.

A leading cybersecurity specialist has shared his tips on how to avoid falling victim to hackers following reports of a big upswing in the number of attacks on financial services firms.

Research by law firm Reynolds Porter Chamberlain showed the number of data breaches reported by financial firms increased threefold from 187 in 2022 to 640 last year.

According to an analysis of data gathered by the Information Commissioner’s Office, the pensions sector saw the biggest increase with a 4,000% increase in reported data breaches.

It is thought criminals are targeting the pensions sector because of the vast amount of valuable and sensitive information that are held by schemes.

The need for firms to pay pensioners without disruption also makes them attractive targets for ransomware gangs.

Greg Buchanan, Technical Director of the Connectus Group, has now issued three tips that can help firms stay a step ahead of the hackers:

Speaking during Learning At Work Week, and outlining his tips, Greg said: “There is no such thing as a totally bulletproof solution to cyberhackers. But by following these three tips you will hugely boost your chances of not falling victim.”

Here are Greg’s three tips:

Password Management: In today’s UK cyber security threat landscape, organisations face various challenges such as phishing, ransomware, data breaches, and identity theft. These threats can compromise the security and privacy of organisations and their customers, as well as cause financial and reputational damage. One of the most common and effective ways to prevent these threats is to use a password manager, such as Keeper for Enterprise, that can help organisations create and manage strong and unique passwords for all their accounts and applications. Central Password Management is a secure and easy-to-use solution that helps organisations protect their data and improve their productivity by allowing numerous assigned people multi factor authentication for shared services. An example being remote connections to customer/supplier environments. It enables organisations to create, store, and share strong passwords, encryption keys, and other sensitive information across devices and platforms.

Media Intelligence: Forewarned is forearmed – I recommend keeping abreast of what threats are live in the world which would form a great method of keeping your staff aware of the landscape in front of them. There  are several areas that can provide you with current and ongoing threat information, here are just a few that I personally use:

>Wired is a magazine and website that covers technology, culture, business, and politics with a focus on innovation and impact. It  features in-depth reporting, analysis, and commentary on the most important stories and developments in cyber security, as well as interviews, reviews, and podcasts.

>The Hacker News: This is a website and newsletter that provides the latest news and insights on hacking, cyber attacks, malware, vulnerabilities, and cyber security. The Hacker News covers both technical and non-technical aspects of cyber security, and features expert opinions, tips, and resources.

>Krebs on Security: This is a blog and podcast that is run by Brian Krebs, a former >Washington Post reporter and one of the most respected and influential journalists in the cyber security field. It is known for its investigative reporting, scoops, and exposés, and often collaborates with law enforcement and security researchers to track down and expose cyber criminals.

Sleight of Hand: One of the ways to improve your productivity and efficiency on Windows is to use keyboard shortcuts. These are combinations of keys that perform certain actions without using the mouse. Keyboard shortcuts can save you time, reduce hand strain, and make your work more accurate and consistent, it will also make you look like a tech wiz to your friends and colleagues. Some of the most useful keyboard shortcuts to use in Windows 11:

Windows key + L: Lock your PC or switch accounts, important when in a shared space to prevent people accessing your data when absent from your screen.

Windows key + M: Minimise all open windows and show the desktop.

Windows key + S: Open Search, where you can find apps, files, settings, web results, and more.

Windows key + Tab: Open Task View, where you can see and switch between your open windows and virtual desktops, especially useful when working on single monitors/laptops and having to reference multiple programmes.

Cybersecurity, News

EfficientEther Ltd Secures Cyber Essentials Certification, Enhancing Its Cybersecurity Framework

London, 29th April 2024 – EfficientEther Ltd, an AI and cloud cost optimisation start-up, is delighted to announce its recent achievement in obtaining the Cyber Essentials certification. This accomplishment follows the successful certification of ISO 9001 and ISO 27001 standards in October 2023, underscoring the company’s unwavering commitment to governance and security in its innovative solutions.

Established in June 2023, EfficientEther Ltd. is headquartered in London, UK, and specialises in artificial intelligence and deliver cost-effective cloud solutions. This certification marks a significant milestone in the company’s journey towards enhancing IT security frameworks and operational excellence. This accreditation not only bolsters our security credentials but also broadens our market opportunities in sectors that mandate compliance with Cyber Essentials standards.

Ryan Mangan, CEO of EfficientEther Ltd, highlighted the importance of this certification, stating, “Securing the Cyber Essentials certification further validates our dedication to robust cybersecurity measures. This achievement reassures our customers of our growing capabilities in protecting our infrastructure against cyber threats, and it aligns with our commitment to governance and security in the rapidly evolving cloud market.”

 

The Cyber Essentials scheme is designed to help organisations of all sizes fortify their IT systems against common cyber-attacks, offering a clear view of their cybersecurity level. It is also a critical requirement for businesses seeking to engage in certain government contracts, further enhancing their trustworthiness and competitive edge in the industry.

About EfficientEther Ltd

EfficientEther Ltd is an innovative start-up specialising in AI and cloud cost optimisation solutions. Founded in 2023 and headquartered in London, the company is committed to transforming the cloud industry through a focus on sustainability, information security, and cost-effectiveness. Following the attainment of the Cyber Essentials certification, alongside ISO 9001 and ISO 27001, EfficientEther Ltd is committed to providing secure and sustainable cloud solutions.

Cybersecurity, News

Cybercrime drives demand for IT security professionals.

Increased concerns from businesses around cybercrime are driving a widening skills gap, according to technology specialists at SPG Resourcing.

The UK government estimates the economic cost of cybercrime to UK businesses is £21 billion per year, including losses from intellectual property theft, industrial espionage, extortion, and data breaches. For individuals in the UK, the estimated economic cost of cybercrime is £3.1 billion per year, primarily from identity theft and online scams.

SPG Resourcing has published a study outlining the challenges companies face when recruiting IT security professionals and offering advice on securing talent in a competitive job market.

Commenting on the report, Richard Howarth, associate director at SPG Resourcing, said: “The demand for IT security professionals in the UK is on the rise, evidenced by the thousands of job opportunities currently available across multiple platforms. With the IT security market experiencing a surge in vacancies, many businesses are either actively hiring or have hiring plans for the second quarter.

“This surge in demand underscores the critical need for a proactive and flexible approach to addressing the growing IT security talent gap. As businesses navigate an increasingly complex digital landscape, the importance of skilled professionals in safeguarding sensitive data and mitigating cyber threats cannot be overstated. We hope our new whitepaper will give companies a useful roadmap to address their cybersecurity recruitment needs.”

SPG Resourcing advises companies wishing to recruit IT security professionals to enhance the candidate experience by prioritising clear communication, providing prompt feedback, and offering personalised interactions.

Given the competitiveness of the cybersecurity sector, companies should provide remote work options. Additionally, offering career advancement opportunities, certifications, and upskilling options is vital for attracting and retaining cybersecurity talent, particularly in an industry facing a notable talent shortage.

The UK National Cyber Security Centre predicts AI will increase the volume and impact of cyberattacks over the next two years. AI may contribute to developing malware that evades detection by current security protocols.

SPG Resourcing helps companies and organisations across the digital sector find the talent they need. It operates internationally from offices in Leeds and Newcastle.

The SPG Resourcing whitepaper can be downloaded here https://spg-resourcing-144291094.hubspotpagebuilder.eu/spg-resourcing-itsecurity-whitepaper

 

Cybersecurity, News, Smartphone News and Views, Telecoms, Telecoms News

New research shows that poor PIN hygiene leads to 62% of phone theft victims in the UK facing further financial loss and data breaches

  • 45 per cent of Britons use their main phone PIN for multiple apps
  • Businesses, including banks and fintechs, are not doing enough to support customers in protecting their personal data when they lose their phones

 

22 April 2024—London, UK: Nuke From Orbit, a fintech startup headquartered in the UK, has unveiled findings from its latest research report, shedding light on a concerning trend in smartphone thefts. The report indicates that in 62% of cases of smartphone thefts in the UK, the repercussions extend far beyond the initial loss of the device.

According to the research, not only were respondents’ social media and email accounts accessed, but one in four individuals also fell victim to digital wallet theft, resulting in monetary losses. Alarmingly, the study reveals that one in five respondents experienced compromised personal bank accounts through unauthorised access via mobile banking apps.

The alarming findings come amid the evolving boom in smartphone usage and the growing identity threat that users face. Although smartphones were created to simplify life with their many functions, users do not realise that this convenience has also made them more vulnerable to risk and therefore aren’t taking the appropriate precautions.

Other key findings from the research include:

  • The further losses the respondents reported can partly be attributed to poor PIN hygiene despite repeated warnings and guidance on password and PIN best practices.
  • 78% of the respondents use their smartphones for mobile banking, 85% for accessing email, 71% for managing social media and 51% for a digital wallet, indicating that cybercriminals can easily access their personal data from a single mobile device.
  • However, nearly half (45%) are in the habit of using the same PIN to gain access to the phone and multiple apps, services, and bank cards.

James O’Sullivan, CEO and founder of Nuke From Orbit commented, “Biometrics were introduced to make smartphones more secure because the frequency with which you need to input a PIN is greatly reduced, but our research shows this has led to some complacency. Criminals are returning to old-school shoulder surfing tactics – that made ATMs a nightmare – to access the phones they then steal to commit secondary crimes.”

A legislation that will contribute to the fight against such threats is The UK Product Security and Telecommunications Infrastructure (Product Security) Act, which will come into effect on the 29th of April. The Act will ensure that consumer technology products meet mandatory security requirements to protect against cyberattacks. Businesses will be accountable for protecting customer data as the regulation mandates them to set safety measures such as minimum default password requirements and providing information on reporting security issues.

With so much interconnectivity, and even authenticator apps and one-time passcodes utilising the same device, smartphones are at the heart of the challenge this legislation is designed to tackle.

“The Act is relevant for consumers and businesses, including banks, fintechs and online service providers. Service providers are responsible for ensuring they do everything possible to protect consumers when the worst happens. Our research suggests that currently, they are not doing enough. Nuke From Orbit is on a mission to support such service providers in protecting the digital identities of individuals and putting them back in control of their data swiftly when their smartphones are stolen.”

Nuke From Orbit offers a unique digital panic button, allowing individuals to block access to various services and accounts all at once if their smartphone is stolen. This world’s first solution adds a higher level of data protection and privacy in the mobile security market by fixing a significant vulnerability. Consumers can join the waiting list to be alerted when the service goes live in their region.

About Nuke From Orbit: 

Founded in 2023, Nuke From Orbit is a UK-based company developing a service that allows subscribers to block access to multiple services and accounts simultaneously, avoiding account compromise issues and monetary loss when their smartphone gets stolen. For more information and to see how the service works, visit https://nuke.app.

Cybersecurity

Cyber attack surge is “tip of iceberg”, expert warns

New figures showing a surge in cyber-attacks on businesses are just the “tip of the iceberg”, a leading expert has revealed.

Government data shows 50% of companies have experienced a breach or attack in the past year.

But Roy Shelton, CEO of the Connectus Group, said that the true scale of the problem may be much higher, due to the unwillingness of businesses to disclose such incidents.

He said: “Attacks are rising and getting more and more sophisticated. Those reported are just the tip of the iceberg. A lot more happen and exist under the radar and are never reported. All businesses need to be vigilant to the growing risk.”

He was commenting in the wake of the 2024 Cyber Security Breaches Survey, which found that 74% of large businesses had been attacked, 70% of medium-sized businesses had been targeted, along with 66% of charities with an annual income of £500,000 or more.

The most common type of breach or attack is phishing (84% of businesses and 83% of charities), followed by others impersonating organisations in emails or online (35% of businesses and 37% of charities), and then viruses or other malware (17% of businesses and 14% of charities).

In all, it is estimated that UK businesses have experienced around 7.78 million cyber crimes of all types and approximately 116,000 non-phishing cyber crimes in the last 12 months. For UK charities, the estimate is some 924,000 cyber crimes in the past year.

Mr Shelton added: “This report is a good and welcome update which highlights the growing need to be ever vigilant.

“These figures are based on only reported breaches: I would suspect many are never reported due to fear of brand and reputational damage.

“The common breaches remain as phishing, malware, and impersonation. All of this can be avoided with training of staff and or deploying low cost, high value counter measures.”

The figures show that, in terms of counter-measures, 51% of businesses have tried multiple approaches to try and minimise the risks of cyber attacks, while 40% of charities have done so.

The report also found how, among businesses, 33% have deployed security monitoring tools and 31% have carried out risk assessments.

Just 18% have tested staff with exercises, such as mock phishing attacks, 17% have carried out vulnerability audits, 11% have tried penetration testing, and 10% have invested in threat intelligence.

The growing cyber threat has prompted the Connectus Group to develop a new tool which helps provide businesses with advanced 24/7 protection from cyber attacks.

The Connectus Managed Extended Detection and Response (MXDR) service is powered by the acclaimed Heimdal XDR Unified Security Platform, which is specifically designed to help modern enterprises to stay safeguarded by integrating detect-and-respond services with the industry’s broadest coverage for total protection against cyber threats.

The Heimdal MXDR is unmatched: a proactive team of experts and an accredited Security Operations Centre (SOC) works in real-time and closely with IT and Security counterparts to create an integrated approach to threat-hunting and response.

For legal and property firms, the risks associated with a data breach are greater than most due to the additional risk of financial information being captured and further exploited by criminal gangs via banking fraud, for example.

Mr Shelton concluded: I’d advise looking for a more holistic managed service from professionals to ensure they have the right solution set and skill set working proactively on their behalf?

“Only a small number of companies actually understand how to respond to a cyber breach so, again, working with a trusted partner to deliver a managed, detect and resolve service would make more sense.”

AI, Cybersecurity, News, Technology

Crossword Cybersecurity launches new CyberAI Practice, helping CISOs embrace AI with confidence across the enterprise

Crossword Cybersecurity Plc, the cybersecurity solutions company focused on cyber strategy and risk, has launched a new CyberAI Practice.  The practice, which sits within Crossword Cybersecurity’s Consulting business, consolidates Crossword’s artificial intelligence (AI) expertise into a centre of excellence that will deliver AI-focused cybersecurity consulting services and products to help clients harness the power of AI in the organisation.

The ever-evolving threat landscape and proliferation of data-generating apps and devices has had organisations grasping at Generative AI and Large Language Models (LLM) as the solution to the problems they face. While AI has a huge role to play in improving security posture, customer experience, identifying insights and streamlining business processes, the pace of change, regulation, deployment by employees of ‘Shadow AI’, and ‘AI washing’ by marketers, can leave cybersecurity teams struggling to remain current.

 

The LLM dilemma

LLMs have led to the emergence of many new tools, which must be assessed and assured so that adoption is controlled and does not pose legal, reputational, or commercial threats. Simultaneously, LLMs have empowered would-be attackers by lowering the barriers to launching successful attacks.

Crossword has already led a significant initiative in investigating the application of Generative AI to cyber security. This has been conducted with major industry partners and leading universities, including academics from Oxford University and MIT in the USA and AI researchers from the world famous Alan Turing Institute.

 

Helping enterprises keep pace with AI innovation

The CyberAI Practice will provide organisations with advisory, security testing and engineering services, which will allow organisations to manage AI threats and grasp the opportunities to improve efficiency, cybersecurity, and create new experiences for end users.  Following its launch, the CyberAI Practice is offering the following services:

 

  • Engineering – Modular services designed to support the assessment and development of LLM architectures, LLM security testing, design and security architecture reviews, and wider LLM-related engineering services
  • CyberAI onsite workshops – Education and maturity workshops to help organisations understand the market, assess their needs and existing AI use, and consult on whether to ‘build or buy’

 

James Henry, Consulting Innovation Director at Crossword Cybersecurity said: “The latest wave of AI technologies hit the security industry with such pace that many businesses have been struggling to keep up.  At Crossword it is our mission to provide businesses with the knowledge and tools needed to securely embrace the benefits of Generative AI technologies, whilst also managing the associated risks.”