Category Archives: Cybersecurity

Cybersecurity, Industry News

Aqua Security Research Report Shows Increase in Organised Attacks on Cloud Native Infrastructure and Software Supply Chain

Aqua Security, the pure-play cloud native security leader, have released a new threat report by Team Nautilus, Aqua’s cybersecurity research team, that reveals a growing, organised and increasingly sophisticated pattern of attacks on cloud native infrastructure. While most attacks were aimed at abusing public cloud compute resources for cryptocurrency mining, the methods used open the door for higher-value targets that leverage security gaps in container software supply chains and runtime environments.

The full 70-page report provides a detailed account of attacks observed in the wild during a full year of detailed observation and tracing. This is the first such report to outline the precise, systematic methods used to attack container infrastructure, and to highlight supply chain attacks as an emerging threat.

The report provides trends and observed categories of attacks, but also explains in great detail the specific progression of several attack vectors, from the originating malicious images to the specific evasion techniques, malicious payloads, and propagation attempts. The detailed analysis of the attacks was made possible using Aqua’s Dynamic Threat Analysis (DTA) tool, which was announced by Aqua earlier this year. Aqua DTA runs suspicious images as sandboxed containers to safely observe and trace their behaviour, and is integrated into Aqua’s full-lifecycle solution to prevent such images from ever making it into production environments.

Highlights of the observed attacks include:

  • Container images in public registries being poisoned with Potentially Unwanted Applications (PUAs) that cannot be detected using static scanning. They spring into action only when the container is running.
  • Sophisticated evasion techniques are being used to hide attacks and make them more persistent. This includes the use of “vanilla” images that seem innocuous, disabling other malware, delaying before downloading payloads into the running container, using 64-bit encoding to obfuscate malware, and more.
  • Since the beginning of 2020, the volume of attacks has dramatically increased, suggesting that there is organised infrastructure and systematic targeting behind these attacks. More than 16,000 individual attacks were tracked back to multiple locations across the globe.
  • The main motivation of the malicious actors has been to hijack cloud compute resources to mine for cryptocurrency, but Team Nautilus has seen evidence that other objectives, such as establishing DDoS infrastructure, were also attempted.

“The attacks we observed are a significant step up in attacks targeting cloud native infrastructure. We expect a further increase in sophistication, the use of evasion techniques and diversity of the attack vectors and objectives, since the widespread the use of cloud native technologies makes them a more lucrative target for bad actors,” notes Idan Revivo, Head of Team Nautilus at Aqua. “Security teams are advised to take the appropriate measures both in their pipelines as well as runtime environments, to detect and intercept such attempts.”

In addition to the full report, a concise CISO executive brief document is available that provides an overview of the attacks and methods used, as well as actionable advice to security executives on how to protect against this new and growing breed of attacks.

To get the full report and CISO brief:

Cybersecurity, News

Cybersecurity Is The Main Driving Force For Digital Transformation Projects

Cybersecurity is the number one technology priority for planned digital transformation projects as businesses adapt to a surge in remote working as a result of Covid-19. IT leaders also revealed that adapting culture quickly to new ways of working is the number one challenge they need to overcome in the next 12 months. The findings are unveiled following a survey of 600+ attendees for the upcoming DTX: NOW event.

More than one-quarter of respondents (26 percent) cited cybersecurity as the main focus for planned projects, followed by cloud (21 percent), data analytics (15 percent) and network infrastructure (14 percent). According to separate research there were more hands-on-keyboard intrusions in the first half of 2020 that in the entirety of 2019.

IT leaders revealed that adapting digital culture for a new world of work was the main challenge they need to overcome in the next year (18 percent), followed by automation of business tasks and processes (14 percent), and choosing the right cloud strategy (12 percent).

The biggest barriers to delivering digital transformation projects on time and on budget reflect changing organisational dynamics that are being intensified by Covid-19. The most significant barrier to projects was revealed to be changing scope (29 percent of respondents), reduced budgets (24 percent) and changing team structure (17 percent).

The data also indicates that digital transformation has become a priority for businesses of every size. The majority of projects (58 percent) are anticipated to come in at less than £250,000, and just 22 percent have a budget of over £500,000 and 10 percent over £1 million. More than one-third (34 percent) of IT leaders attending DTX: Now represent companies with 1-49 employees, compared to 23 percent of attendees from companies with over 5,000 employees.

“Covid-19 is a catalyst for digital transformation, but it’s a leveller too. We’re hearing from IT leaders that there is a shift in which technologies businesses are investing in. Ensuring the vast majority of employees could work from home practically overnight has exposed issues with IT strategy, and modernising the core tech stack has become an immediate priority for just about every organisation”, said James McGough, managing director of Imago Techmedia, the company behind DTX:NOW.

“Many businesses have found that areas like cybersecurity measures, network infrastructure and cloud strategy need urgent adaptation for a distributed workforce. Some companies might be in a position to consider the likes of AI, blockchain and quantum computing, but the reality for most is that the future-looking, big ticket tech projects are on the back burner for now. Companies of every size are finding themselves restarting their digital transformation journeys,” continued McGough.

DTX: Now convenes prominent speakers from the likes of Nike, Facebook, Microsoft and Cisco to address the challenges and opportunities of tackling digital transformation and building digital culture. It takes place on 29 September to 1 October 2020. Register to attend the event here.

Methodology: an anonymised online survey of 602 DTX: Now attendee registrations, 24 August to 18 September 2020.

Cybersecurity, News, Remote Working

Ryan Trost: Spike in Cloud Attacks Shows Businesses were not Prepared to Work from Home

Written by Ryan Trost, CTO and Co-Founder of ThreatQuotient

Businesses continue to place more and more data in the cloud, from personal details to intellectual property. The growing adoption of cloud-based solutions by businesses, whether for greater agility, data analytics or to support employees in accessing the data, for example when they work remotely or from home, also increases the risk of cloud attacks.

Back in December 2019, I released a series of predictions for 2020, one being the likelihood for a significant rise in cloud attacks in 2020. Little did we know back then, 9 months ago, that the outbreak of COVID-19 would occur, creating the perfect storm for cyber attackers to take advantage of an incredibly disruptive period, with businesses being forced to adopt solutions at a rapid pace, potentially skipping usual protocols, and likely employee use of ‘shadow IT’ solutions.

The spike in cloud cyber attacks this year, with the term “cloud” appearing 29 times in Verizon’s 2020 Data Breach Investigation Report, shows that businesses did not implement best-practice cybersecurity measures before we all set up our home offices and started working completely from home.

As more and more remote employees place vital data into the cloud, this creates more entry points that are vulnerable and open for cyber attackers to exploit. Recent research from Palo Alto Networks found over 1,700 malicious coronavirus-themed domains are created every day and, despite a minority residing in public clouds, they are more likely to be missed by less-complex firewalls. Between the anonymity cloud technology provides for cybercriminals and how easy it is for cloud administrators to misconfigure cloud settings; it is no surprise adversaries seek it out.

One of the greatest threats to cloud providers is nation-state actors. When they discover a particular enclave where confidential data is hosted, such as an enterprise’s intellectual property, they could use a zero-day attack to escape containment and deploy a persistent threat to continue their lateral movements throughout the cloud provider. Or perhaps more simply, a determined engineer of your organisation could dump sensitive data into an external drive – either way, there are too many variables and unknowns for security engineers to respond to effectively and expediently.

If your business is considering moving its data into the cloud, it isn’t a decision that should be made too quickly. Due diligence must be performed by IT professionals, CIOs and CISOs of enterprises and governments, and even general cloud users before selecting a cloud provider.

 

Risk Evaluation

Placing your data into the hands of a cloud provider means you trust that vendor with your business’ data and reputation. Before you make a decision, evaluate all the risks associated with handing over your data to a third-party for hosting. Do they have the required security protocols? Are they willing to answer questions about their security practices? If the provider has been breached previously, this could be a red flag, but don’t be quick to discredit them. Look into how they responded to the breach, not only internally but how they supported their customers.

 

Preparedness

Find out about the cloud provider’s stacks, specifically if they can service your needs and what level of control and visibility you may retain. Does the cloud provider maintain all hosting responsibilities or is it a joint effort? Is their technology immediately updated or does it ‘slow roll updates’ in order to let the community find unintended vulnerabilities?  Does the provider perform annual due diligence checks to ensure their existing technology stack has not become stale with lagging technology?

The biggest players in the cloud space like Google, Amazon and Microsoft have the best security teams and tools available, but this doesn’t mean your organisation doesn’t still play a major role in the security of your data. Learn about the provider’s shared responsibility model to understand what responsibilities are shared between vendors and users to avoid basic security malpractices that can leave your business exposed.

 

Governance Policies

It is important to be aware of the governance protocols or policies the cloud provider has put in place. Look for vendors that are transparent about their data centre locations, especially if you have specific data requirements and regulatory obligations. Your data will be subject to the subsequent laws of the location it is stored in. That being said, the host provider must also be knowledgeable about other governing regulations especially as it pertains to your data. For example, if you have data that must conform to GDPR policies, but the data centre is located across the globe, the cloud provider must be able to abide by GDPR laws. Review the provisions in the company’s Service Level Agreement (SLA) that address the protocols for handling potential data losses, compensation, or data migration.

 

Data Migration and Education

Migrating data is a slow process that requires time and bandwidth, affecting your business’ ability to operate at its optimal level. Find out how long this process will take to minimise downtime and reduce this time by only migrating data sources that are required.

Invest time and money to get employees up to speed on how to transition to the new cloud environment. This will not only ensure they are clear on security protocols, but it can minimise the chance of breaches as a result of human error.

According to the  Office of the Australian Information Commissioner (OAIC), 32% of breaches between July and December 2019 were a result of human error – don’t let your business become one of these statistics.

Cybersecurity, News

National Express joins the West Midlands Cyber Resilience Centre Board

The West Midlands Cyber Resilience Centre (WMCRC) is delighted to announce their second board member as Debbie O’Shea, Group Chief Information Officer for National Express Group.

Debbie has been with National Express for nearly six years, having first joined as UK IT Director before being promoted to her current role in 2017; she has accountability for technology strategy and delivery across the Group.

Debbie has extensive experience in the retail sector where she spent most of her career in various senior technology roles prior to joining National Express. As Group IT Director for HMV she was responsible for technology across HMV brands in the UK, Canada and Japan as well as Waterstones Booksellers. Before that, Debbie spent ten years with the Kingfisher Group heading up Strategic Programme Management, IT Solutions and Development Teams.

WMCRC Director Alison Hurst responded to the appointment saying: “We are so pleased that Debbie has chosen to join our Board. To have someone with such vast international experience in technology and senior leadership can only benefit the WMCRC and our members. We are delighted that the smaller businesses we support in the region will be able to benefit from the depth of international knowledge and experience of the team at National Express. Transport is such a significant sector for us all, including of course its wider supply chain and so the appointment of National Express with its very relevant and current experience is doubly important to us”.

National Express Group is a leading transport provider delivering services in the UK, Continental Europe, North Africa, North America and the Middle East. It operates services in eight countries around the world and employs 51,000 worldwide. The Group operates regional and long-haul coach services, student transportation, urban bus services, charter services and rail services in Germany.

Debbie O’Shea commented: “The threat from cyber attack continues to grow and is a real challenge for business. The WMCRC has a key role to play in raising awareness of threats and in providing solutions to protect business. I am delighted to support this important work as a Board member and to share the best practice we have developed across National Express.

The WMCRC Board plays a key role in providing governance, direction and oversight of the progress the WMCRC is making.

Businesses can join the WMCRC through a range of membership packages to access guidance, tools and affordable services to help better protect themselves against the threat of cyber crime.

Cybersecurity, Tech Thought Leadership

UK Cybercrime on the rise amid global disruption

By Rick McElroy, Cybersecurity Strategist, VMware Carbon Black

The global health crisis has accelerated the digital transformation initiatives of many organisations. Unfortunately, the urgency associated with rolling out these plans has meant an increase in the risk of cyberattacks. With a mass shift to establish remote workforces, organisations have inadvertently relaxed security or misconfigured devices. The distributed workforce has introduced changes for security professionals as well, who are now on the frontlines of enabling and securing newly distributed workforces.

These gaps in traditional cyber defences, combined with changing working patterns and employee behaviour, have created a larger surface area for cyberattacks which make it more difficult to spot such attacks.  And amid the disruption, COVID-19 has exposed the UK to an unprecedented level of cyberattacks.

As part of the VMware Carbon Black Global Threat Report Series, we discovered that COVID-19 has opened the door for a surge in cyber incidents. Almost every UK business (99 percent) surveyed suffered at least one security breach in the last 12 months. Ninety-eight percent of the CIOs, CTOs and CISOs also confirmed that attack volumes increased in the last 12 months. More than nine out of 10 noted the increase in attacks were related to employees working from home during COVID-19 stay at home orders.

 

Fending sophisticated cyberattacks

It’s not just the frequency of attacks that is concerning – it’s the growing sophistication of attacks. For example, cybercriminals are exploiting the crisis to launch a wave of ‘fearware’ attacks. These often take the form of phishing attacks or email fraud that seek to exploit users’ concerns surrounding COVID-19. In fact, 93 percent of UK respondents reported being targeted by COVID-19-related malware.

It is also worth pointing out other major threats: For example, OS vulnerabilities are the leading cause of breaches in 2020 our research found. However, it also highlighted that island-hopping and third-party application attacks still cause a disproportionate percentage of breaches.

As both a cause and a consequence, the dark web is thriving during COVID-19, with the commoditisation of malware making more sophisticated attack techniques available to a growing number of cybercriminals. Common commodity malware like ransomware is starting to exhibit sophisticated behaviours, executing more destructive attacks, performing credential harvesting and making lateral movements once it breaches a system.

We are also seeing more secondary extortion plots, with attackers causing more damage once they gain access to an organisation or individual’s data. As seen with the increase in island-hopping and third-party application attacks, adversaries have moved from burglary, to home invasion, to digital squatting.

 

Greater collaboration

So, what can organisations do to protect their infrastructure, data and employees in this heightened threat landscape? Most are responding by directing their budgets towards security solutions with more than 99 percent of respondents planning to increase cyber defence spending in the coming year. The good news is that organisations are now starting to recognise the value of threat hunting to help identify malicious actors.

As organisations increase spending, they must also consider their security strategies. Today, many UK organisations are using a variety of different security technologies resulting in siloed, hard-to-manage environments that play into attackers’ hands.  Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking, and clarity over security deployment.

The report also found that an inability to institute multifactor authentication is one of the biggest threats that businesses face with security right now. Multifactor authentication is an integral part of a security posture to stop traditional credential harvesting methods and should be extended as far as possible.

The unexpected disruption of COVID-19 has seen the rise of global threats. In unprecedented times, organisations must focus on proactive threat hunting to detect attacks before they have a chance to cause catastrophic damage, not just here in the UK but on a global scale.

Cybersecurity, News, Tech Thought Leadership

New World, New Threats: Benchmarking the Cyberattack Landscape in 2020

By Rick McElroy, Cybersecurity Strategist, VMware Carbon Blac

The global disruption created by COVID-19 has created a ripple effect across world. As a result, enterprises are facing more cybersecurity pressure than ever before. With a surge in attack volumes, breaches and increased sophistication of techniques, the security landscape is in unprecedented times. As security teams transform to meet these new challenges, the 2020 VMware Carbon Black Global Threat Report highlights the new threats of our new world. 

Amid the global upheaval, security professionals faced new threats and an escalation in attack frequency. With insights from 3,021 CTOs, CIOs and CISOs the VMware Carbon Black Global Threat Reports highlights the impact of COVID-19 and the vulnerabilities it has exposed. The results reinforced much of what we are hearing anecdotally – the threat landscape is getting tougher; third-party vendors are proving a major liability and COVID-19 has considerably intensified security threats.

 

Threat landscape escalates and UK bears the full force

We often talk about what keeps security professionals awake at night but if you’re a security professional in the UK, you are not likely to be getting much sleep at all. The UK is bearing the brunt of escalating threats, with almost all survey respondents saying attacks had grown in volume and a similar percentage saying they were more sophisticated.

Of course, the acid test of the intensity of the threat environment is the number of times attacks succeed. The report found all but two of the 251 UK cybersecurity professionals had suffered at least one breach in the last 12 months. To put this in context, we’ve run this research four times in the UK, and these are the highest figures we’ve ever seen for volumes, sophistication and breach frequency. Proof, if it were still needed, that reliance on network security and perimeter-based defences is not enough; in the case of breaches it’s no longer a matter of if but when.

 

Extended enterprise under threat

Once we accept the inevitability of breaches, we can pivot more effectively to hardening defences against the vectors most likely to cause them. Here the research raised two key areas for focus, each requiring a different plan of action.

First is OS vulnerabilities, an area where poor patching hygiene is unacceptable in today’s environment, yet OS vulnerabilities still led to breaches for 15.5 percent of UK respondents. Firms need to focus on getting on top of patching as a strategic pillar of cyber defence. The key is improving communication between IT operations and SecOps professionals to build an integrated, cross-disciplinary approach.

The second key area of concern is the large partner ecosystems, supply chains and third-party applications that are central to business operations. The UK research showed that island-hopping, in particular, is having a disproportionately large impact, featuring in only six percent of attacks but causing 15 percent of breaches. Add to this the number of breaches caused by third-party applications and supply chain vulnerabilities and you’re looking at more than one-third of all breaches originating in third parties.

What this confirms is that visibility into the corners of the extended ecosystem is essential; if you can’t see it, you can’t fix it. The threats are there, so hunting them out before they lead to breaches is the only way forward. Behavioural analysis of all those interconnected and exposed endpoints will pick up anomalies and show defenders where to look for incidents where attackers are using third parties to gain access to networks and data.

 

COVID-19 surge exposes vulnerabilities

Into this intensive, complex threat environment came COVID-19. The UK lockdown went into effect on 26 March, prompting an overnight transition to home-working for UK office-based businesses and leading to unprecedented pressure for IT operations and security teams tackling productivity, security and business continuity. Confirming the hypothesis that disruption and malicious activity go hand-in-hand, 98 percent of our survey respondents in the UK reported an increase in cyberattacks as a result of more employees working from home, with malware at the top of the list. Increased IoT exposure and phishing attacks were also added to the list of woes.

All this exposed weakness in disaster recovery planning in areas ranging from problems communicating with external parties to managing IT operations. However, the single biggest threat that has emerged in the security arena following the spread of COVID-19 has been the inability to institute multifactor authentication with well over one-quarter of UK respondents saying this has proved a major problem when trying to deliver secure remote access for employees.

 

Building Back Better

Today, perimeter-based defences are ineffective, threats are rising, especially those originating in third parties, and COVID-19 has added to the challenges of overburdened IT operations and security teams. The rapid adaptations that security teams need to make to protect a much more distributed, cloud-based workforce require an approach that makes security intrinsic and enables IT operations and security teams to integrate both strategically and tactically.

As the immediate impact of COVID-19 wanes and the next normal begins to emerge, this is a critical point at which companies must revise their approach the respond to the new threat landscape and the flaws exposed by the stresses of responding to the shift to remote-working.

It’s time to break down the siloes that exist in cybersecurity technologies and approaches and implement an approach that builds security intrinsically across applications, clouds, and devices. This will bring together IT operations and security teams to tackle new threats eliminate blind spots to deliver better visibility and proactively address vulnerabilities before they become breaches or attacks.

COVID-19 has proved a watershed moment in many ways, prompting reflection and a determination to “build back better”. Collaboration will be fundamental to addressing threats, both old and new, in the new world in which we find ourselves.

Cybersecurity, Insurance, News

Five ways you and your business can keep personal data safe from hackers

New research reveals that nearly half (49%) of UK adults have not installed or didn’t know whether their mobile phone has security software1. So keeping personal data safe from hackers has never been more important.

In the wrong hands, stolen data can be used by hackers for illegal activity such as applying for loans or credit cards under a victim’s name, or bank accounts being accessed and money withdrawn4.

To help keep data safe, leading insurance provider, Insurance2go , shares five ways mobile phone users can help to protect personal data stored on their device.

Be cautious of public Wi-Fi

Using public Wi-Fi is great for those who have a low data allowance, or are running out of mobile data. However, public networks often don’t provide a secure connection, making it easy for hackers to use them to access personal data.

Hackers targeting public Wi-Fi hotspots are able to use what is known as a ‘man-in-the-middle’ attack6, which is when a hacker intercepts financial information, passwords and log-in information through a public network.

Always avoid using mobile banking apps or making online purchases whilst logged onto a public Wi-Fi network. For those who do need to use public Wi-Fi, use a Virtual Private Network (VPN) app. A VPN can protect data from getting into the wrong hands by encrypting online data and keeping personal information secure when using a public Wi-Fi connection6.

Turn off ‘sharing’ settings when not in use

Smartphone features that share a location should be used with caution and always turned off when not in use. Features such as Bluetooth, Wi-Fi, location services, mobile data and Near Field Communication (NFC) are susceptible to hacking, especially Bluetooth location services as they transmit a device’s location and presence.

Hackers can easily get hold of personal information and data through features that mark a phone as ‘visible’5, so always make sure to disable such features when they are not needed.

Only download legitimate apps

Downloading illegitimate apps is another way to open your personal data up to hackers. Often, apps hosted on some websites or third-party app stores can contain malware and can access data once downloaded6. It’s recommended that users only download apps from the official app stores, so App Store for iOS users, Google Play for Android users or the AppGallery for Huawei owners.

Be wary of app permissions

When an app is first downloaded, it often asks for ‘permission’ to access certain features or information held on a mobile phone. From the camera roll, to your speaker, location or phone contact list, apps can ask for a range of permissions in order for certain functions to work.

Be cautious of what information an app is requesting access to and question whether the app actually needs that information. For example, a photo editing app doesn’t need contact list information in order to function correctly, so take the time to properly think about whether or not that information is needed7.

Viral video app, TikTok, recently came under fire for security issues in the US, with reports claiming that the Pentagon warned U.S. military personnel in January to delete TikTok from their phones and India, last month, banned Tik-Tok amongst other apps, over security and privacy concerns10. so it’s always important to review what permissions are being asked for by an app.

Avoid using auto-login

Whilst it’s recommended to have a variety of passwords for online accounts rather than the same password, auto-login gives hackers easy access to personal data by simply opening up an app or webpage. For those likely to forget multiple passwords, note them down in a secure, password protected note on a phone, or in a notebook that is kept secure and stored away.

And it’s not just using your mobile phone that can open your personal data up to hackers. What happens if your mobile phone is lost or stolen? Insurance2go shares some useful tips for people who might find themselves in this scenario and want to keep their personal data safe:

Firstly, report the phone as missing to the network provider, who can suspend or disconnect the service to the phone. This can help stop any authorised use of the phone if it falls into the wrong hands.

If the mobile phone is known to be stolen, inform the police who will be able to provide a crime number, which can be used if the user needs to inform an insurance provider.

Most smartphones now have a built in ‘kill switch’, which can allow a user to remotely deactivate a device if it’s lost or stolen. In order to work, the feature needs to be enabled. For iPhone users, the ‘Activation Lock’ can be enabled within the ‘Find My’ app to help keep data safe. Firstly, go to the ‘Find My’ app > Tap the devices tab and choose which device is lost or stolen, then tap Activate under ‘Mark as Lost’ and follow the prompts on screen. Android users can enable the kill switch with ‘Find My Device’. Go to Settings > Google > Security, then turn on ‘Remotely locate this device’ and ‘Allow remote lock and erase’.

Finally, immediately change passwords for any accounts or apps that can be accessed on the mobile phone. Prioritise any important accounts first, such as online banking and other associated accounts.

Richard Gray, Head of Marketing and Digital, at Insurance2go said: “Our mobile phones are home to lots of stored data and without correctly protecting your personal information, it could easily land in the wrong hands.

“‘SIM-jacking’ is a common method where hackers are able to use stolen data to obtain a Porting Authorisation Code (PAC). This can then be used to switch the victim’s phone number to another phone on another network, helping them gain access to a range of personal data and information, often including banking details.

“Protecting data stored on a mobile phone is extremely important. Hackers are often creating new ways to get a hold of our data, so we hope that by sharing our tips, we can help people avoid getting caught out by fraudsters.”

To find out more about VPNs and how to protect data whilst on a public Wi-Fi, please visit: https://www.Insurance2go .co.uk/about/news-blog/blog/everything-you-ve-ever-wanted-to-know-about-vpns

Cybersecurity, News, Start Ups

Cybersecurity becomes the fastest growing start-up sector in UK during Covid-19

  • Funding increased by 940% since beginning of lockdown – compared to same period last year
  • £496m raised by UK cybersec firms in first half of 2020
  • 44% increase in no. of cybersec start-ups in past 2 years
  • New cybersec business registered every week
  • 90% of infosec sector is made up of fast-growing SME’s
  • 55% of the UK’s cyber start-ups based outside of London
  • No. of cybersec start-ups in North doubled in last 2 years
  • 138% increase in cybersec hiring in the North – whilst London stalls

Funding has increased by a staggering 940% for UK cybersecurity start-ups since the beginning of lockdown – with £496m being raised in the first half of 2020, almost outstripping the 2019 total of £521m.

Investors have been quick to put their money towards start-ups specialising in cyber risk management, as the pandemic forced CEO’s to look beyond just financial or regulatory risk.

The findings come from a new report by global recruiter Robert Walters and data provider VacancySoft – Cybersecurity: Building Business Resilience – which claims that business spending on cybersecurity will double to £136bn this year.

Darius Goodarzi, Principal – Information Security and IT Risk at Robert Walters, comments:

“For years the UK has been building its reputation as a beacon of innovation and investment in cybersecurity. This year in particular cybersecurity start-ups have risen to become business heroes – from tools that alert users to security vulnerabilities, to those that spot fraudulent activity — these news firms and tools have taken an important role in protecting our ‘new world.”

According to the governments Cyber Security Sectoral Analysis 2020 there are 1,221 firms active within the UK providing cyber security products and services – a 44% increase in the last two years – indicating that a new cyber security business is registered every week within the UK. Of this, 90% of the sector consists of SMEs – with an associated estimated turnover of £2bn (24% of the sector’s revenues).

Ajay Hayre – Senior Consultant Technology at Robert Walters – comments:

“Historically IT security has represented only 5% of a company’s IT budget but due to remote working and transition to online or cloud-based solutions, cybersecurity has been thrust to the centre of business continuity plans – having proved its worth in enabling business objectives during lockdown.

“Not only will every company see the benefit of having this expertise in-house, but they will be looking externally for tools, services and advisors to help guarantee the future-proofing of their business by way of solid and robust cybersecurity provisions.”

Demand for Consultancies

With 48% of UK companies stating they do not have adequate cyber security to enable long term remote working, and a further 70% of companies across Europe admitting that they do not have a sufficient cyber security team in general, it seems the race is on to hire talent in this area – with job vacancies growing by 6% in the UK for the first half of this year.

However with a talent shortage across the continent of 140,000, companies are being left with no choice but to turn to cybersecurity consultancies. In fact, such is the demand that cybersecurity consultancies are one of the fastest growing start-ups in the UK – now at 1,000 companies with the average number of employees being just 10.

Adam Casey – Managing Director at i3Secure – a UK-based Cyber Security and Data Protection consultancy – comments:

“The pace at which companies are having to undergo digital transformation means security projects will be rife, add to that a period of ‘rationalisation’ – where firms will need to check whether what they fitted ‘overnight’ is totally secure and fit for purpose. As a result, one of the main drives for cyber security over the next 12 months will be to amend and create sustainable and secure systems.

“With this, a trend we expect to manifest is an increase in ‘Cyber Audits’ performed by specialist external providers, as a way of helping companies test their resilience and identify vulnerabilities.

“Companies are increasingly out-sourcing projects to these new & exciting firms promising efficient project delivery, in place of hiring a CISO and in-house team at a significant cost to the company.”

The North is Rising

Unlike the tech sector as a whole, where 80% of VC funding goes to London and just 20% to the rest of the UK – within cybersecurity the success is nationwide, with 55% of the UK’s cyber start-ups based outside of London.

In the North West of England, the number of cybersecurity start-ups has more than doubled in the past two years from 39 registered firms to 80.

This is also prevalent in hiring patterns, where traditionally London has been the centre for IT security hiring – representing 41% of total jobs in the UK – roles are emerging more evenly across the country.

In fact, year-on-year cybersec roles in Yorkshire and the North East have exploded by +138% – with the region now making up 18% of overall cyber security hires.

Ahsan Iqbal, Director of Technology at Robert Walters, comments:

“With part-remote working here to stay for the foreseeable, removal of geographical barriers is allowing companies to make tactical hires outside of London. Not only is cost saving an advantage here, but the North has built up a reputation for its highly skilled and experienced pool of tech talent.”

Appointments, Cybersecurity, News

Three big hitters join West Midlands Cyber Resilience Centre Advisory board.

The West Midlands Cyber Resilience Centre have announced the appointment of their first three Advisory Group Members.

The group will provide the WMCRC with guidance, advice and influence the direction of the Centre which is headed up by Director Alison Hurst.  The first three members are: Lisa Ventura from the UK Cyber Security Association, Paul Street from Colmore BID and Stuart Hadley from CyberQ Group.

LISA VENTURA – UK Cyber Security Association 

Lisa Ventura is an award-winning Cyber Security consultant and is the CEO and Founder of the UK Cyber Security Association (UKCSA), a membership association that is dedicated to individuals and companies who actively work in cyber security in the UK.

On joining the Advisory Group Lisa said; “I am very honoured to join the Advisory Group of the WMCRC, the West Midlands has a huge concentration of cyber security organisations and individuals who are doing great work in the industry to bring cyber security to the forefront of people’s minds. The WMCRC is going to be instrumental in providing collaboration with the government, the police, organisations, education and the National Cyber Security Centre which is something that is very much needed in the region to help combat the growing problem of cyber-crime.

“Getting everyone to work from home quickly earlier this year has left many organisations wide open to cyber-crime, and much more needs to be done to raise awareness of this and to stop organisations falling victim to cyber-crime. It is important that businesses recognise where they might need to bring in additional measures and to ensure that their employees are cyber aware to mitigate the risk of attacks.

“I look forward to seeing the WMCRC becoming a strong resource in the West Midlands for businesses to call on to help them against the growing threat of cyber-crime, and I’m proud to be a part of it from the get-go.”

PAUL STREET – Colmore BID 

Paul Street joined Colmore BID in January 2019 as a Special Projects Officer for the BID’s Safe and Sound working group.  Safe and Sound focuses on delivering a safe and secure Colmore Business District for everyone who works, visits or passes through.

Paul is looking forward to his new role, he said: “I’m honoured to be asked to join the Advisory Group of The West Midlands Cyber Resilience Centre, on behalf of Colmore Business Improvement District.

“Colmore BID has a strong and proud history of collaborative partnership working within the community safety arena. I’m relishing the opportunity to offer my advice and feedback to the WMCRC’s public, private and academic cyber specialists to achieve our shared objectives of helping our businesses be more cyber aware and resilient to the very latest online threats and risks.”

STUART HADLEY – CyberQ Group

Stuart Hadley is the Global Commercial Director of Birmingham based CyberQ Group, an award winning cyber security services provider. Stuart has 23 years’ experience in the IT and security sector working in technical and project management roles.

Stuart explains why CyberQ Group wanted to work with the WMCRC: “Due to the recent global pandemic, the way the world conducts business has changed. The epidemic has had an immense impact on the ways businesses operate; increased adoption of remote working, increased use of Cloud platforms, SaaS, flexible working patterns, and an agile workforce. And as a result of these changes, there has been a significant increase in the number of cyber-attacks, affecting all businesses, large or small, with the consequences of financial losses, intellectual property theft, reputational damage and ultimately, business failure.

“Being cyber resilient is now not just a nice to have, but fundamental for a business to continue to exist and operate. By partnering with West Midlands Cyber Resilience Centre, we see this as a great opportunity to give SME’s in the West Midlands advice and support based on what we have learned and experienced working with global organisations.”

Director Alison Hurst welcomed the new appointments saying: “We are delighted to welcome our first three Advisory Group Members to the WMCRC. It’s really important that we form a group of industry professions from all backgrounds to help support the growth of the centre. Lisa, Paul and Stuart all have different experience and their wealth of knowledge will be invaluable to me and my team.

“I have been overwhelmed with the amount of interest we have had in our Board and Advisory Group from businesses across the region and we expect many more announcements in the next few weeks via our website and social media.”

Find out more about the Advisory Group Members on the WMCRC website: https://www.wmcrc.co.uk/

Cybersecurity, News, Technology

Preparing to Use New Information: Rapid Response in a Crisis

Written by Leon Ward, VP Product Management, ThreatQuotient

Society has experienced a phase of extreme change, with individuals and companies still being introduced to new ways of working, communicating, and conducting business. These changes also bring with them exposure to new cybersecurity risks that threat actors choose to exploit, along with novel lures that pull on our fears and inquisitive nature. And if we have learned anything over the past few months, I argue it is this: effective rapid response is required for any crisis.

 

To me, effective rapid response means being able to quickly understand and act on newly available information that will protect your business.

 

Most organisations today connect to a wide variety of security tools and commercial threat intelligence sources to achieve this level of security daily. However, one common thread during challenging – or as we have heard countless times, “unprecedented” – times is that from a data perspective, there is a strong uptick in new, disparate sources of threat information organisations are consuming.

 

In the face of COVID-19, many commercial threat intelligence providers are kindly providing freely available packages of threat data to help the wider community outside of their existing customer base. Governments at all levels share threat and outbreak-specific data. Data sharing via open source feeds expands greatly. This is a great thing to see to happen, because when we all work together and collaborate, we can all better defend ourselves.

 

This has happened before as well, when other specific threats gained global attention (e.g. Mirai, Wannacry, and NotPetya) but obviously not to such a scale as we experienced early on with COVID-19. I assume that this trend will continue in the future, we just don’t know yet what the next trigger will be.

 

As a result of upticks in available data to address a crisis, security teams are forced to think about three things, all at the same time: “There is new data available that may help my organisation in our mission; we need access to it now; and we need to assess how and if it can help to defend us.”

 

Becoming aware of new sources of information is one thing but understanding the data and enabling it as part of an organisation’s infrastructure and operations is a more interesting challenge. Especially since these sources look very different: Government provided advice and data; Lists of new ‘potential’ domains that could be used for malicious activity (but are yet to be observed to be malicious); Known good and clean sources of COVID-19 data, nobody wants to block access to something clean; Observed malicious content and infrastructure used in actual campaigns; Aggregated and interpolated datasets; etc.

 

There are three key capabilities a security operations team must consider to achieving successful rapid response:

 

  • Agility: Are the tools the organisation is using able to reliably consume and use new sources of threat data as quickly as possible?
  • Sustainability: Can their integrations be made in such a way that they are robust and stand up to long term wide scale use?
  • Accessibility: Are non-expert developers being empowered to create robust integrations, with integrated services for handling common external API error conditions, safe authentication, health alerts, detailed data logging, etc.?

 

COVID-19 has been one of the most unique security challenges in years, and it will not be the last. Successful rapid response is critical for defending against cyber-attacks during a crisis, and when preparing to respond to any future crisis, an organisation must be able to do so quickly. This will require having the right people, processes, and technologies in place to make fast use of new information that becomes available.