Tag Archives: cyber

News, Tech

NormCyber becomes first European Fortinet partner to attain SOC accreditation

NormCyber, the award-winning managed security service provider for mid-sized organisations, today announced that it has achieved Security Operations, Operational Technology (OT), and Cloud Security specialisations as part of the Fortinet Engage Partner Programme.

NormCyber is the first MSSP in Europe and only one in six firms across the wider EMEA region to achieve all three specialisations, demonstrating its commitment to helping midmarket organisations bolster their cyber resilience with state-of-the-art tools and practices.

A Fortinet partner since 2019, NormCyber has undergone rigorous sales training and multiple technical exams to achieve Advanced status in all three specialisations, proving its ability to deliver the full spectrum of Fortinet’s security solutions with certified staff to handle various implementation requirements.

With the Security Operations Specialisation, NormCyber is able to demonstrate its deep technical understanding and expertise when it comes to the delivery and operation of Fortinet’s security information and event management (SIEM), security orchestration, automation and response (SOAR) and endpoint detection response (EDR) in the SOC, along with deeper understanding of advanced analytics. Through this, NormCyber can manage security operations in a more efficient way on behalf of customers, allowing for response in near-real time.

To achieve the Operational Technology Specialisation, NormCyber’s sales and technical teams have demonstrated both a deep understanding of OT best practices and requirements as well as experience of deploying IT and OT security solutions. NormCyber can now help Fortinet customers secure their converged IT-OT networks to close OT security gaps, as well as provide the visibility, control and behavioural analytics they require.

For the Cloud Security Specialisation, NormCyber has demonstrated its proficiency in managing Fortinet’s portfolio of solutions, helping organisations to securely deploy on any cloud or virtual data centre with consistent policies, centralised management and visibility, security automation and orchestration. NormCyber can help customers better secure their cloud environments, with advanced application and API protection, hybrid security and cloud-native protection.
In a fast-moving industry, specialisations focused on market opportunities enabled by the Fortinet Engage Partner Programme help partners to be recognised and valued by current and potential customers as trusted partners which have the expertise, services and technologies they need to fulfil their business needs.

“Today, with mid-sized organisations facing a complex web of cyber security risks and an overwhelming choice for tools, NormCyber prides itself in standing out in the midmarket with its clear and straightforward approach, and with its commitment to partnering with best-of-breed solution providers,” said Paul Cragg, CTO at NormCyber. “Fortinet’s solutions fit perfectly into our strategy and so we take great pride in being the first cyber security services provider in Europe to achieve this hat-trick of specialisations, particularly as it speaks to our SOC team’s strengths.”

“Fortinet has developed a very strong relationship with NormCyber since the moment we started working together back in 2019”, said Guillaume Schlienger, EMEA MSSP Security Operations Leader at Fortinet. “Their flexible and customer centric approach to solving the complex cyber security challenges that mid-sized organisations face has enabled them to grow exponentially as a Fortinet partner, and we were delighted to recognise them as our first partner in Europe to achieve these specialisations.”

News

Silobreaker unveils new Brand Threat Protection and Managed Takedown Service

Silobreaker, a leading security and threat intelligence firm, today announced a new Brand Threat Protection managed service, capable of safeguarding companies from digital threats and brand reputation risk.

From online brand abuse and phishing attacks to fake social media profiles and mobile app clones, brands have never been under more pressure to protect themselves and their customers from constant attack. Unfortunately, the process of manually identifying and stopping brand abuse events is extremely time-consuming, even for larger organisations, and requires tools and relationships with service providers that are in short supply.

Silobreaker’s Brand Threat Protection managed service enables enterprises to act faster against brand abuse. Monitoring 24/7 for spoof websites, typosquatting attacks and phishing campaigns, the service automates detection and incident tracking while streamlining takedowns through an intuitive cloud-based threat platform.

On top of active brand abuse monitoring, 24 hours a day, seven days a week, Silobreaker’s new capabilities include a highly efficient, managed takedown service for abusive sites, apps, profiles and malware hosting, supported by a team of human experts. Faster takedowns not only reduce the risk of customers or employees falling victim to phishing, but shortens the exposure created by actors abusing a brand’s reputation. With the UK National Cyber Security Centre (NCSC) reporting that manual takedown requests can take days or even weeks to process, fast and effective brand abuse takedowns are critical.

“Brands are being exploited by bad actors in online marketplaces through phishing attacks, spoof websites and even fake surveys. And when consumers fall victim to these scams, they hold brands responsible,” said Kristofer Mansson, CEO of Silobreaker. “Brand reputation and trust are critical to a business’s success, and with Silobreaker’s new capabilities for fully managed 24/7 threat hunting, detection and takedown of brand-based threats, enterprises can ensure their customers – and their brands – are protected.”

Silobreaker’s Brand Threat Protection is further enhanced by its powerful intelligence platform that goes beyond traditional brand protection to collect and aggregate intelligence data across open-source and commercial feeds, internal and dark web sources, and leading independent providers. Silobreaker users can create queries and dashboards to identify phishing campaigns targeting their company and their industry – including competitors – with round-the-clock information on who is being targeted and what compromises have occurred.

Silobreaker’s analytic tools also provide the full context of each phishing vulnerability and how it relates to current threats, enabling organisations to prioritise risks and take strategic action. Silobreaker’s platform also enables businesses to monitor for stolen credentials on popular paste sites and deep and dark web marketplaces, with alerts set to notify whenever an organisation is mentioned.

Whether it’s phishing campaigns, data or credential leaks, or other cyber vulnerabilities, the combination of Brand Threat Protection and the comprehensive intelligence features delivered by Silobreaker’s platform ensures that brands stay one step ahead of malicious actors and threats.

To learn more, join our webinar “Could your brand become the face of a crime?”
Date: Wednesday, 02 November
Time: 15.00 GMT / 10.00 EST / 08.00 MST
Register today

Cybersecurity, News

UK Employees Still Believe Their Employer’s Cyber Security Is Not Their Responsibility, New Research Reveals

  • New research shows that when it comes to company’s cyber security, the majority of employees (81%) believe it’s the IT department’s responsibility to ensure it
  • 18% of employees believe they cannot be targeted by cybercriminals
  • Businesses need to do more to support employees nearly a third (31%) say there is no cyber training at all in their workplace, and nearly half (44%) haven’t had any cyber training
  • Educating employees and building a cyber-aware culture is the first line of protection

 

Terranova Security by HelpSystems, a global leader in security awareness training, has announced the results of a study that showcases the level of cyber security awareness among workers in the UK, France, U.S., Australia and Canada.

The study, conducted in partnership with research company Ipsos, surveyed 500 UK employees. It concluded there is confusion among employees over who is responsible for protecting company data. Despite the fact that human error causes 95% of cyber issues, 81% of UK employees believe it’s the IT department’s responsibility.

In addition, 1 in 4 employees do not think cyber security is necessary for them, and 18% believe they can’t be targeted at all by cybercriminals. The findings come at a time when the danger from a data breach is at an all-time high – businesses suffered 50% more ransomware attacks in 2021 compared to 2020. As of 2022, the average cost of a data breach to a large organisation increased to $4.35 million.

The research also highlighted that UK businesses aren’t doing enough to support their employees when it comes to providing education on common cyber threats and security best practices. Only 42% of employees say they work in a company where cyber security awareness training is mandatory. Of the 44% who haven’t participated in any cyber security training, nearly a third (31%) indicated that their company doesn’t offer any relevant training.

These low training rates aren’t due to a lack of interest from employees, as 76% believe cyber security training is interesting, and 56% have started or completed the training when it’s offered to them.

“It’s concerning to see such a high percentage of employees who believe a company’s cyber security is not their responsibility especially in larger organisations,” said Theo Zafirakos, Chief Information Security Officer, Terranova Security. “It’s clear that many British businesses have room to grow security awareness training strategies, especially in the face of rising cybercrime. Our research also shows there’s still quite some work to do on educating people about the important role they play in protecting data at work. These people are the first line of defence against any cyber-attack, and on a positive note, our research demonstrates a strong appetite for learning more about it. By taking responsibility to invest more in education and build a security-aware culture around data protection within the business, companies will set up a powerful barrier against any cyber threats.”

 To read the full report and learn more about Terranova Security, visit: www.terranovasecurity.com

 

 About Terranova Security

Terranova Security by HelpSystems has been transforming the world’s end users into cyber heroes for more than 20 years. Using a proven pedagogical framework, Terranova Security training solutions empower organisations worldwide to implement programs that change user behaviours, reduce the human risk factor, and build a security-aware organisational culture. As a result, any employee can better understand phishing, social engineering, data privacy, compliance, and other critical best practices. With the addition of new features like its Security Awareness Index and upcoming Content Hub, Terranova Security consistently innovates to support all organisations’ cyber security objectives. These industry-leading solution additions also strengthen long-term information security for all professionals, regardless of region or sector, in an era where remote work and borderless productivity are standard. Learn more at terranovasecurity.com.

 

About HelpSystems  
HelpSystems is a software company focused on helping exceptional organisations secure and automate their operations. Our cybersecurity and automation software protects information and simplifies IT processes to give our customers peace of mind. We know security and IT transformation is a journey, not a destination. Let’s move forward. Learn more at www.helpsystems.com.

 

About IPSOS

Ipsos is the third largest market research company in the world, present in 90 markets and employing more than 18,000 people.

Our research professionals, analysts and scientists have built unique multi-specialist capabilities that provide powerful insights into the actions, opinions and motivations of citizens, consumers, patients, customers or employees. Our 75 business solutions are based on primary data coming from our surveys, social media monitoring, and qualitative or observational techniques.

“Game Changers” – our tagline – summarises our ambition to help our 5,000 clients to navigate more easily our deeply changing world.

Founded in France in 1975, Ipsos is listed on the Euronext Paris since July 1st, 1999. The company is part of the SBF 120 and the Mid-60 index and is eligible for the Deferred Settlement Service (SRD).

ISIN code FR0000073298, Reuters ISOS.PA, Bloomberg IPS:FP

www.ipsos.com

 

News

New cyber security courses offer protection for businesses

Hereford’s Cyber Quarter, Midlands Centre for Cyber Security has launched a new range of courses to help businesses protect themselves from attacks which are costing SMEs millions of pounds every year.

The centre, based on Skylon Park, Hereford Enterprise Zone, is offering a range of courses for all levels of technical know-how with cyber attacks on businesses on the rise.

The Cyber Quarter’s Abimbola Sangodoyin said 82 per cent of breaches involved a human element, making it even more vital for employers and employees to spot when attacks are imminent.

“Whether it is use of stolen credentials, phishing, misuse or simply human error, people continue to play a large role in incidents and breaches alike. People are an organisation’s first line of defence against online attacks, so it’s vital that they are properly trained to spot and deal with anything suspicious.

“Cyber threats are forever evolving and becoming more sophisticated. Small and medium sized businesses are a prime target for cyber criminals, with almost one in three businesses suffering breaches or attacks at least once a week.

“Properly trained employees are your cyber-shield – whatever skill level people are at, the Cyber Quarter has a course that will strengthen your security against attack,” added Abimbola, the centre’s CPD manager.

The courses revolve around four themed areas: Information Security Awareness, targeted towards SMEs; Cyber Security Fundamentals, beginner level training for people from an IT background wanting to upskill or reskill into cyber security; Technical Training, an advanced course for existing cyber aware practitioners and Cyber Security Leadership and Management.

There are more than 30 online courses available, catering for the general public and those without specific knowledge through to those in leadership and management.

Managing director of Skylon Park, Hereford Enterprise Zone, Mark Pearce said the courses were an extension of the wider support for cyber, defence and security businesses on offer through the Cyber Quarte“From cyber security testing to research and development, we have a world-class facility on Skylon Park which can help play an important role in helping businesses across the region and the UK protect themselves from costly attacks. Led by the expert cyber team from the University of Wolverhampton, the courses allow businesses to tap into knowledge which can ensure their online security.”

Ross Cook, Director of Economy and Environment at Herefordshire Council, said: “With the development of our Cyber Quarter, Herefordshire is a key player in the Cyber Valley which spans this county, Worcestershire and Gloucestershire and is home to 15 per cent of the UK’s top 600 cyber companies. The specialist centre established through a Joint Venture between the council and the University of Wolverhampton, backed by the academic team from the University’s Cyber Research Institute, allows us to support businesses, develop their skill sets and take the lead in cyber security testing, research and development, building on our local strengths in this area.”

For more information about the courses available, visit www.cyberquarter.co.uk/cpd-training-and-short-courses/

News, Technology

SASE – the risk of over-rationalising

Chief Information Security Officers (CISOs) are being encouraged to build a Secure Access Service Edge (SASE) migration plan to create a robust Zero Trust architecture, while also consolidating the security vendor suite. Yet, while the concept of single vendor SASE solutions may appear to meet goals for rationalising security costs and complexity, it creates untenable risks for any organisation operating in a high assurance industry. Paul German, CEO, Certes Networks, explains why a best of breed SASE framework from a single Managed Service Provider is key to de-risking SASE for high assurance companies.

Trusted Framework

Secure Access Service Edge (SASE) is the future, according to market research analysts including Gartner, which predicts that by 2025 at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020.  Encompassing multiple security capabilities into a single deliverable, SASE deployments include Software Defined Wide Area Network (SD–WAN) connectivity, Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), Firewall-as-a-Service and Secure Web Gateway.

But while vendors are beginning to flood to the market with branded ‘SASE solutions’, there is a degree of confusion about SASE that is adding significant operational risk, especially to organisations in highly regulated industries, where data sensitivity combined with the threat landscape demands a far more robust approach.

One of the touted benefits of the SASE framework is the opportunity to address the challenges created by a patchwork of vendors and policies deployed incrementally, often over many years, in response to evolving security threats. The result has often led to complexity for both users and administrators, with different product lifecycles creating both confusion and potential weakness within the security posture. SASE is viewed as a pragmatic security model that provides an opportunity to rationalise and consolidate vendors to reduce complexity and potentially cut costs.

High Assurance Risk

For smaller organisations and those in un- or lightly regulated industries, single vendor SASE is a viable option. It provides a clear security framework and, with a single contract and single console, an organisation has a complete view of its security posture in one place, most likely for the very first time.  For those organisations operating in regulated industries, including government, finance, critical national infrastructure and healthcare, however, single vendor SASE creates an unacceptable risk – and one that no CISO should countenance.

A key point is that no vendor can offer best of breed technology across the entire SASE solution, which means organisations will by default compromise the quality of technology in one or more areas. Far more concerning, though, is the risk created by the single source of all security components: one of the many benefits of SASE is its delivery as a cloud orchestrated service, but if there is any vulnerability within the single SASE product set, it will affect every part of the framework, every part of the infrastructure.  

In contrast, a SASE framework built upon individual, best of breed suppliers for each part of the solution increases the end to end quality of the SASE deployment. Furthermore, the inevitable overlap between supplier solutions also further reduces risk by adding redundancy – if one firewall is compromised, for example, another part of the SASE solution will likely include functions that provide some degree of protection to safeguard the enterprise. Critically, by implementing a solution based on multiple vendors, an organisation avoids the risk associated with a single code, minimising the chance of a vulnerability affecting the entire security stack. 

SASE without Compromise

SASE is becoming an increasingly important security model for businesses of all sizes, in all industries. But there never has been a security silver bullet. While a single vendor approach creates too much risk for high assurance businesses, the concept of SASE as a framework with all of the key components built in is absolutely the right approach. The goal is to find a solution that integrates best of breed security components from multiple vendors to de-risk the security posture, while also delivering the benefits of a single managed solution, including consolidated security dashboard, from one organisation.

News, Training

CREST and Immersive Labs announce partnership for developing technical cyber security skills

Partnership helps equip CREST members with cyber knowledge, skills and judgement ahead of certification

10 May 2022: CREST, the international not-for-profit cyber security accreditation and certification body is partnering with Immersive Labs, the Cyber Workforce Optimization Platform, to support CREST member professionals in developing their defensive and offensive security skills.

The Immersive Labs platform will provide access to hands-on simulations of threats and mitigation techniques, allowing those preparing for CREST examinations to exercise and improve capabilities in line with the certification framework.

“We are delighted to be working with Immersive Labs to offer members a powerful, real-time alternative for ongoing skills development,” said Rowland Johnson, president of CREST. “Immersive Labs will be providing labs that are aligned to our examination framework and CREST Accredited organisations will have free access to entry level labs. They will then have the option to gain access to a wider set of labs, at a reduced cost which will be aligned to our Registered and Certified level exams. This new partnership is not only providing our members with better access to training for CREST exams but we also hope it will build a greater sense of community.”

CREST will work with Immersive Labs to put a particular focus on incident response, mapping its online, on-demand content to the exam syllabus and delivering a number of bespoke learning pathways.

“Achieving a CREST certification is a high bar, with members benefitting from an in-depth understanding of complex technical skills. Our platform will enable this, letting the community get first-hand experience of offensive and defensive capabilities in an engaging way,” said James Hadley, CEO at Immersive Labs. “This shows CREST to be a forward-thinking certification provider dedicated to furthering the development of human cyber capabilities using innovative approaches.”

News, Security

IT Leaders Say Employees Not Fully Prepared for Cyberattacks

Research by Egress Shows Human Activated Risks Comprise the Top Three Threats for Organisations

London, UK – 6th April 2022 – Egress, the leading provider of intelligent email security, today announced the results of its Human Activated Risk report, which revealed that over half (56%) of IT leaders say that their non-technical staff are only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack. Six hundred IT security leaders across a broad range of industries were anonymously surveyed regarding their organisations’ security posture in this heightened threat environment. Add to this, 77% of respondents have seen an increase in security compromises since going remote 2 years ago, and there’s a continued significant risk to organisations.

Human activated risk is introduced by human behaviours or actions, through coercion by bad actors, human error or malicious intent. Technology can malfunction or not work as it’s supposed to, but in many cases, the fault is with the person operating it. Whether through carelessness, malicious intent, or being tricked by a third party, humans can knowingly and unknowingly create massive amounts of risk that security teams need to manage. The top attacks associated with Human Activated Risk seen by IT Leaders include, in order of rank:

  1. Accidental data loss via human error
  2. Employee spear phishing
  3. Business email compromise

The research results show that the top attacks or risks employees fall victim to are the result of human-activated risks, such as accidental data loss, malicious data exfiltration or falling victim to a phishing attack. The research found that 39% of IT leaders rely on the native protections offered by Microsoft 365 and Google to defend from inbound phishing attacks. What was also revealed is that more than 39% of organisations have 6 or more security solutions in place today, an approach that appears to be bringing more software in to address the problem and hoping it gets better rather than looking at the root cause.

Other significant research findings include:

  • 30% of IT leaders polled either don’t have or don’t know if their organisation has a solution to detect accidental data loss from misdirected emails.
  • 60% of respondents feel the active security solutions they have in place still presents them with a challenge.
  • Almost 30% of those polled (+/- 180 IT leaders) don’t understand what human activated risk is.

“Organisations are facing a formidable threat landscape, and the threat of cyber-attacks looms large”, explains Jack Chapman, VP of Threat Intelligence at Egress, “Against this backdrop, it’s alarming that most IT leaders, those responsible for protecting an organization against these threats, feel that employees aren’t fully prepared to deal with cyber-attacks. Coupled with the finding that human activated risk is the leading driver of security incidents, it’s clear that many organizations are in a vulnerable position, exposed to a wide range of serious cybersecurity threats. Organisations must build up their defences against attackers, provide proper training programs and also take meaningful action to tackle risks that originate from within – beginning with their people. Now is the time for organizations to re-evaluate their security posture and ensure that they are in a strong position to protect themselves and their people.”

Cybersecurity, News

Only a third of CIOs cite cyber-risk mitigation as a performance measure

London, United Kingdom, 23rd March 2022: While 94% of CIOs acknowledge some form of serious threat over the next 12 months, only 27% list business continuity and resilience as a top-three priority during the next 12 months and barely a third cite risk mitigation as a measure of performance. These findings come from the fourth and concluding section of the 2021 Global CIO Survey from Logicalis, a global provider of IT solutions.

The study which surveyed 1,000 CIOs from around the world, finds that nearly half of respondents (47%) see data breaches as the biggest risk to their organisation (an increase of 6% from last year). Following data breaches, CIOs state malware and ransomware (39%) as other key areas of concern.

The perceived risk of a data breach is likely to have risen due to the increase in borderless workforces as employees continue to work from home or adopt hybrid working practices. When they occur, data breaches can lead to a range of issues from loss of business-critical data and stalled business growth, and in the most serious cases – the complete shutdown of a business.

Less than a third of CIOs (30%) cite lack of staff awareness as a security issue, down from 50% last year. This perceived improvement in staff awareness is due in part to an emphasised investment in additional training and technology measures to mitigate security risks. In fact, over 50% of CIOs state their organisations invested in employee security training this year, likely to help prevent data breaches originating from employee activity.

Other areas of investment include:

  • Security technology – 66%
  • Business continuity planning – 40%
  • Third-party support through expert MSPs– 35%

However, CIOs still feel their organisations have a long way to go in investing in comprehensive security measures. Despite the rapidly increasing cybersecurity risks, more than half of businesses (55%) have yet to adopt a cyber-attack recovery plan.

Toby Alcock, CTO of Logicalis says: “Over the last 18 months, many businesses set up interim solutions to cope with remote working with security and disaster recovery very much experiencing a trial by fire. Some measures worked, but more action is needed to secure hybrid workers and enhance business resilience.”

“Businesses should adopt a holistic security approach with the capabilities to detect and respond to threats before they even take place. Predictive outlooks will fully protect the hybrid workforce and empower them to deliver optimal results for customers. Adopting technology to mitigate risk will also help businesses adapt to future obstacles, whether cyberattack-related or further market disruption. With a comprehensive plan, created with advice from a trusted partner, companies can rest assured knowing they’re protected.”

For more information, and to explore additional key findings from the 2021 Logicalis Global CIO Survey, visit here: https://resources.logicalis.com/cio-priorities-business-continuity-resilience-and-mitigating-risk.

News, Security

Government authorities are likely to see an increase in cyber warfare attacks, says Holm Security

Stockholm, Sweden, 17 March 2022 – Holm Security is backing the calls of the European Commission and Swedish Civil Contingencies Agency (MSB), who in recent weeks have urged government authorities to check their cyber security defenses for possible vulnerabilities in response to predictions of increased levels of cyberattacks. At the Munich Cyber Security Conference last month, the European Commission Vice-President Margaritis Schinas said that cybercriminals were targeting ‘ever more sectors and entities that are critical to the functioning of our economies and of our societies’.

“Cyberattacks can pose a threat to our way of life by targeting government authorities that provide us with essential services that we take for granted. In the last few years, we have seen firsthand the impact of cyberattacks on companies like SolarWinds and the Colonial Pipeline. It is often one weak link that opens the door to entire infrastructure,” says Holm Security CEO Stefan Thelberg. “Fortunately, there are intelligent, but simple, solutions available that are able to identify gaps in your cyber security defenses before it is too late.”

In response to rising predictions of cyberattacks, Holm Security is now offering free vulnerability scans for all government authorities across Europe. This initiative aims to assist government authorities in detecting possible unknown vulnerabilities in their current cyber security defenses so that these can be addressed, and, in turn, help to increase the level of cyber security defense readiness.

“I am happy to announce that Holm Security will offer a free vulnerability assessment scan that assists authorities in identifying unknown gaps in their cyber security defenses. By utilizing our vulnerability management platform, these vital government authorities can take concrete steps towards increasing their level of readiness and protect themselves against future cyberattacks.”

If you are a governmental authority within Europe and would like to know how to avail of this free vulnerability scan, please click here to find out more: https://www.holmsecurity.com/free-vm-eu?utm_campaign=Press%20Release%20-%20EU%20Cyber%20Security%20Defense&utm_source=ppr

Cybersecurity, News

We’re in a cyber cold war but data science brings new hope

Cyber threats are constantly evolving, meaning attackers are always one step ahead. However new research from Nyenrode Business University brings hope to the fight against online crime.

The research, conducted by PhD candidate Scott Mongeau, reveals that cybersecurity data science can fight cyber threats, but that we can only utilize the benefits of these methods with investment.

“My research observes that hostile countries and criminal networks are already utilizing machine learning to stage attacks. We will need to apply these same methods to defend. Detecting and counteracting threats through analytics and machine learning requires focused research.”

“To realize effective data-driven defence, organizations must invest in the orchestration of people, processes, and technology. This trinity cannot be treated in isolation. If we wish to arm ourselves against the risks of increasingly sophisticated cyberthreats, we must accept and commit the costs involved.” Says Mongeau

Mongeau’s advice is to start by examining where data-driven cyber defence already works well. He explains that a simple example is filtering for phishing emails. Popular email platforms already use machine learning to detect and filter-out dangerous emails from your inbox. The same methods can be used to identify suspicious network traffic and device behaviour.

The research emphasizes the urgency of embracing data-driven security. While data science is a popular topic, best practices for realizing the benefits are lagging. The field of cybersecurity data science has emerged in the last three years. However, the methods are already being adopted by adversaries. We are already seeing the effects, for instance, in the automation of fake news and misinformation campaigns. The researcher believes that we can expect to see increasingly sophisticated attacks utilizing machine learning and AI in the coming years.

According to Mongeau “cyber risks will evolve and expand. The risks relate not only to digital infrastructure, but physical infrastructure, health, and safety. Consider, for example, water management, healthcare, and traffic control. As the digital world increasingly manages the physical world, we must be increasingly cautious concerning digital defence. By investing in research and development for cybersecurity data science we can defend national interests and improve preventative measures.”

The research is particularly important for policy makers as it reveals that structured planning is required in order to provide the best data-driven defence.

The research is published in: “Cybersecurity Data Science: Best Practices in an Emerging Profession”.