Tag Archives: Cybersecurity

News

Active CCTV Celebrates 25 Years with Record Growth and Nationwide Expansion Plans

A UK-WIDE CCTV firm is celebrating 25 years in business with a host of new clients, soaring turnover, and ambitious plans to grow its presence across the UK.

Mochdre-based Active CCTV was launched in 2000 by Adrian Standerwick, who admits he started out with limited technical know-how, saying at the time he “couldn’t even wire a plug”.

Now, a quarter of a century later, the company is thriving. Active CCTV installs advanced security systems for major national brands including McDonald’s, Montgomery Water, Brother, PetPlace, Henllan Bakery, Bourne Leisure, and Culina Group.

The past year has brought personal challenges for Adrian, who is currently undergoing chemotherapy for bowel cancer. His health battle follows the heartbreaking loss of his 25-year-old son Sam in 2016.

Despite these hardships, Adrian remains a pillar of strength in the business, driven by his commitment to customers and supported by a close-knit team of expert engineers.

“It has been a tough time, but I have an amazing family and my son Matt, who leads on the installation side of the business, has been incredible in stepping up to help me,” said Adrian.

“As has Andy, who has been with the company for nearly two years and taken over a lot of the day to day running of the company, which has been a huge help in taking the pressure off and allowing me to focus on fighting this disease and the time to rest and recover.

“I am a positive person and focused on getting better, I can no longer live to work 24/7, but at the same time we are busier than ever which is fantastic.”

The company has seen rapid expansion in recent years, with turnover increasing fourfold since 2020.

“We have grown 400% over the last four years and that trend looks set to continue given some of the major contracts we’ve signed with big players, notably in retail and self-storage, which is our biggest market,” said Adrian.

“This has been recognised by the local Chamber of Commerce, where we were a finalist in the 2024 Business Growth Award, another incredible achievement considering the amount and quality of other businesses in our area.”

Key to this growth has been diversification – something Adrian admits came about somewhat organically.

“Self-storage is now about 60% of our workload, with clients from the top of Scotland to the bottom of England and all over, so we have become a big player in that sector,” he said.

“Complex installations have always been our forte, that has raised our profile and as we have a tight-knit team with talent and experience we can do major projects while keeping costs low and quality high, a major USP for us.”

Looking back on the last 25 years, Adrian recalls how Active CCTV was the first firm in North Wales to introduce PC-based surveillance systems—despite early skepticism.

“Consistency and building strong business relationships has been key, in the way we deal with customers and in always wanting to learn, to implement the newest and most up-to-date technology, and in supporting other firms locally, which is reflected in the amount of five-star reviews we have received,” he said.

“CCTV has moved on – it is literally night and day from when we started as the cameras are full colour and can produce clear, light images around the clock – and we have had to move with the times, but I am proud to say we have done so successfully and will continue to for many years to come.”

For more information, visit www.active-cctv.co.uk or email info@active-cctv.co.uk. Alternatively, call 01492 547997.

Business News, Cybersecurity, Midlands, Midlands News, News, Technology

Premier Cybersecurity Event Heading to Stoke-on-Trent

Cybercon Staffordshire – a cutting-edge cybersecurity and technology conference – is set to arrive in the heart of Staffordshire.

The premier one-day event, organised by local IT leaders Abzorbed IT Solutions, will bring together top-tier industry experts to deliver in-depth talks, cutting-edge insights and valuable networking opportunities.

Cybercon Staffordshire will take place on Wednesday 2 April, in the Catalyst Building at the University of Staffordshire, Leek Road, Stoke-on-Trent.

The free event is designed for key decision-makers, including CEOs, IT Managers, CTOs, CISOs and other tech professionals – who are all seeking to stay ahead in today’s rapidly evolving cybersecurity landscape.

Usman Shah, Director of Abzorbed IT Solutions, emphasised the significance of the event: As cyber threats continue to evolve, the need for robust, proactive security strategies is more critical than ever.

“Therefore we are thrilled to bring together some of the brightest minds in the cybersecurity industry for this event where they will be able to offer real-world insights and practical solutions for businesses across the region.”

Usman added: Staffordshire boasts an incredible array of businesses and talent. We also have our HQ in Stoke-on-Trent so we are very proud to host this first-of-its-kind event in the area.

“Our expert speakers will provide actionable knowledge on the latest cyber risks while offering strategies to safeguard business assets in today’s threat-rich environment.”

Cybercon Staffordshire promises a day of high-value content, kicking off at 9AM with a welcome breakfast.

The first session – “Continuity and Disaster Recovery in the Cloud Era” – will set the tone for a series of expert-led discussions, including:

  • “Insider Threats: The Hidden Danger”
  • “24/7 Security and Monitoring: Constant Vigilance in a Digital World”
  • “Myth or Reality? The AI Cyber Threat Story”

The day will conclude with a dynamic ‘Ask the Experts’ panel session, followed by open networking and will be a rare opportunity to engage directly with cybersecurity professionals and peers, whilst also sharing knowledge and experiences.

In addition to expert insights, Cybercon Staffordshire will offer a fun twist with a Racing Sim competition.

Attendees will have the opportunity to test their skills on the simulator, with the top scorer taking home a special prize.

While cybersecurity is a serious business, we’re also committed to making the day engaging and enjoyable and the Racing Sim is a fun way to unwind while connecting with other professionals,” says Usman.

Cybercon Staffordshire is free to attend, but places are limited and early registration is encouraged. For more details and to reserve a place visit the Cybercon Staffordshire Eventbrite page: https://cyberconstaffordshire25.eventbrite.co.uk

 

Technology

2025 is set to bring changes in technology adoption and the evolving attack surface

As 2024 comes to an end, we expect to see a new year of innovation, greater adoption of new technologies and an increase in cybersecurity vulnerabilities for businesses. As such the sophistication of cyber security threats will likely rise in 2025 and the proliferation of technologies such as AI will make organisations more prone to falling victim to threat actors.  This is set to be impacted by the cyber skill shortage of 2024 which has been a challenging year with budget cutbacks and layoffs. Other trends that we expect to see are highlighted below.   

Adoption of zero-trust architecture 

In an era where cyber threats are not a matter of “if” but “when” and where organisations are operating under the “assume breach” mindset will continue to drive the adoption of zero trust. Zero trust eliminates the implicit trust that was granted to users and devices in the legacy “castle-and-moat” model and instead is based on the principle of “never trust, always verify”. Under this model devices and users are continuously authenticated and authorised. 

Quantum computing and post-quantum cryptography 

Forbes predicts that quantum computing will begin gaining traction in the mainstream business in 2025. This brings the risk of reaching what is referred to as Q-Day. This is the day that advanced quantum computing reaches the point of being able to crack encryption methods that are used to protect data and safeguard traffic on the Internet. To mitigate this risk, organisations need to adopt post-quantum cryptography strategies using post-quantum encryption standards released in 2024 by NIST. 

Increase in vulnerable Windows endpoints 

Windows 10 will reach the end of support from Microsoft on October 14, 2025. The ability to upgrade to Windows 11 on systems that are 2018 or older may not be an option due to Windows 11’s hardware requirements. This will result in a significant increase in unsupported systems vulnerable to cyber threats. 

More frequent and sophisticated ransomware attacks 

Ransomware attacks will increase in frequency through the continued rise of ransomware-as-a-service (RaaS). This coupled with the use of AI provides cybercriminals with limited technical abilities to easily and affordably conduct powerful and sophisticated ransomware campaigns with increased precision and speed.   

Increased focus on critical infrastructure 

Critical infrastructure will become a greater focus for nation-state actors seeking to carry out cyberattacks against enemies across the globe. These environments often lack adequate funding for cybersecurity programs, have less mature cybersecurity practices and contain ageing operational technology (OT) that lacks robust security measures. This makes these environments prime targets with the potential to cause significant damage. 

As we look ahead to 2025, organisations must be proactive in addressing the evolving threats and technology adoption. The rise of sophisticated attacks, particularly ransomware, paired with the increasing vulnerabilities in critical systems and endpoints, highlights the urgent need for robust security measures. It is also to consider the ongoing cybersecurity skills gap which will be crucial for building resilient teams capable of navigating these challenges. By adopting a forward-thinking and comprehensive security approach, businesses can better protect themselves against the imminent risks that lie ahead. 

Tech, Technology

Navigating the Evolving Threat Intelligence Landscape and Organisational Responsibility

Written by Gigi Schumm, Chief Revenue Officer, ThreatQuotient & Shimon Modi, Vice President Product Management, Dataminr

 

Cyber Rhino Threat Week (which took place from 9th to 13th December 2024) aims to inform, sharing threat intelligence insights and best practices with our customers, partners and industry ecosystem. This keynote session certainly set the stage for the week, exploring the complexities that organisations must consider when establishing and operating an effective Cyber Threat Intelligence (CTI) program. The panel discussion examined how diverse organisational structures, responsibilities, priorities, and desired outcomes influence the role and integration of CTI.

Shimon Modi, Vice President of Cyber Product at Dataminr, a Platinum sponsor of ThreatQuotient’s online event, was one of the panelists in this session along with Sebastien Bombal, Technical Director, National Directorate of Customs Intelligence and Rick McElroy, Founder and CEO of NeXasure. The panel was hosted by Gigi Schumm, Chief Revenue Officer at ThreatQuotient. Here Gigi and Shimon capture some of the highlights from this discussion.

Why are no two CTI programs alike?

The panel explored that – while we might think we all have a common understanding of the purpose of a cyber threat intelligence (CTI) program and the role the CTI team plays within an organisation – the reality is that this can differ enormously from one organisation to another. This is because no two companies have the same priorities, organisational structure, processes and desired outcomes when it comes to CTI. However, everyone agreed that CTI has become more of a priority and is now viewed as a ‘must have’ rather than a ‘nice to have’.

A CTI program provides all the information required to guide the entire cybersecurity process from strategic to tactical implementation and is a crucial component of the overall security program. It is therefore critically important to take time upfront to consider the desired outcomes and what the organisation is expecting to achieve from such a program.  The panel urged companies to establish up front whether they are looking for a very technical/tactical capability or something more strategic and what types of cyber threats they are looking to combat. This will of course depend on the maturity of the business and the type of industry it is in.

CTI programs and teams must continuously evolve

As we all know, cybersecurity threats have evolved and are much broader today than they were five years ago, encompassing anything from ransomware to disinformation to deepfakes to geopolitical threats.  Consequently, the role and responsibility of the CTI team must evolve all the time, especially as responsibilities of the CTI program and team can differ from one CISO to the next.

While larger enterprises tend to have budgets and headcount to resource and staff a CTI program, it is harder for smaller to mid-sized companies to resource with an in-house team and many of these organisations outsource, whether that’s through an MSP or MSSP. As such it is important that any program reflects the threats and vulnerabilities of the environment it is being applied to.

What has also changed is the organisational structure of programs, which now have different kinds of stakeholders who care about threat intelligence. The traditional view of these programs was very technically – and cybersecurity infrastructure-driven; today there are executive board stakeholders involved in most CTI programs. They care about business issues such as third-party risk, geopolitical tensions, supply chain risk, and that means the organisational structure of the program must evolve to reflect this.

But ultimately any initiative must be mission-oriented and those involved must define their priority intelligence requirements (PIRs). Additionally, they need to ensure they can operationalise in real time before looking to expand the program.

CTI is cross-functional 

CTI sits in a unique position in that it is cross-functional, so it must interact with a lot of constituents around the organisation. The question of who the CTI program should report to often comes up. This can cause tension between groups such as the SOC incident responders, SOC analysts and CTI teams. These issues are generally around who owns what responsibilities and who decides what tools to procure and implement and so on, which can create siloed thinking.

Ultimately, intelligence should be part of every process in the security operation – from alerting to triage to investigation to threat hunting. Leaders who look and think about it from that perspective will make a lot of progress in their CTI program. This is where collaborative goal setting is important across all these teams, continuously communicating what these key goals are. This minimises the siloes, which ultimately become more reporting structures as opposed to operational hindrances.

Sharing and collaboration 

The group discussed the primary functions of the CTI team and most agreed that this was about situational awareness, data-sharing within the organisation and the extended partner ecosystem and creating operational efficiencies so that teams can detect threats faster and prioritise patching accordingly.  All agreed that the dissemination of information and sharing is essential in CTI.  The conversation also touched on standards, reflecting that – in order to be able to disseminate and share – standards in CTI must be in place.

One big change we’ve seen in the last few years, which is now driving operational efficiencies and how teams operationalise threat intelligence across the organisation, is how the threat intelligence lifecycle has gone from being applied to reactive situations to a more proactive ‘shift left’ approach. Teams are keen to move ahead of the threat and understand the important role that threat intelligence plays in enabling this thinking and delivering that situational awareness. In fact, teams are now thinking about efficiency and enriching their situation awareness outcomes which will ultimately benefit the organisation’s risk posture and enable it to better combat threats. There were many other areas that the group examined like emerging technologies to take us to new levels of efficiency; to watch the full debate and hear the recommendations from our panelists, please go to: https://www.threatq.com/cyber-rhino-threat-week/

Business Tech, Technology

Securely managing identities, devices, and employee access in an increasingly complex environment

Cybercriminal tactics have evolved, but many attacks remain the same. Ransomware, phishing attacks, and even social engineering targeting emails are not new. But, these tactics continue to be highly successful in penetrating organisational defences. New technologies, such as Generative AI tools, are enhancing cybercriminal strategies. This forces companies to implement a more unified and strategic approach to tackle these issues, particularly around identity, access and device management. The popularity of hybrid working practices, where employees can work from anywhere, has made this approach increasingly critical.

However, humans are still a weak link. Mistakes such as using weak passwords, reusing credentials across multiple platforms, or falling victim to phishing attacks can provide malicious actors with an easy gateway into secure systems. Social engineering exploits, and the natural human inclination to trust, deceive employees into divulging sensitive information or unwittingly granting access.

Despite widespread awareness campaigns, these tactics continue to succeed. This highlights the gap between knowledge and practice, which continues to present a risk to organisations.

To overcome these challenges, companies must implement stringent security measures, such as multi-factor authentication (MFA) or frequent mandatory password changes to lock down access. Yet users often view these as cumbersome or inconvenient. Consequently, employees seek shortcuts that undermine the intended security benefits.

Therefore, balancing security with usability is a continual challenge and organisations must strive to implement measures that are robust, yet user-friendly, ensuring compliance without compromising security.

Growing demand for robust IAM strategies and solutions

Identity and access management (IAM) is essential for business security. This framework of technologies and strategies allows organisations to control access to user systems and data. By regulating access, organisations can increase the security of company systems and documents. Robust IAM strategies and solutions can also prevent unauthorised people from misusing data.

However, rising demand for remote and hybrid work increases device sprawl, as the number and variety of laptops, phones, tablets, and other devices that users need to work effectively only continues to grow. This makes it harder to implement IAM solutions, causing teams to hunt for the holy grail – how to flexibly and securely manage a growing fleet of devices that users rely on.

Simplifying the IT stack, as well as consolidating everything from onboarding, reporting, and device management – not to mention ease of data access for end users – is immensely important to SMEs.

Our Q3 2024 SME IT Trends Report shows that despite their rising interest in centralised IT management, IT professionals continue to juggle several point solutions. Nearly half of respondents (45%) require five to 10 tools to manage employee worker lifecycle; over a quarter (28%) require 11 applications or more; and 10% require more than 15.

Unfortunately, patchwork IT leaves too many holes in the infrastructure that hackers can take advantage of. Plus, multiple point solutions frustrate IT professionals tasked with managing this environment. They want a better, more unified way to manage identity, devices, and access.

But, as the research found, the perfect balance between security and user experience continues to elude IT professionals. Over eight in 10 (84%) would prefer a single platform to manage user identity, access, and security over a mix of best-in-class point solutions.

Increased use of centralised management and biometrics authentication

One of the best ways to manage identity and access and fortify security posture is through centralised IT management. Our research found that when it comes to employees accessing IT resources, 49% say that all employee accounts are managed centrally with permissions and security measures controlled by IT. Only 11% leave accounts entirely unmanaged and encourage – but don’t necessarily mandate – the implementation of measures such as MFA.

Increased use of biometric authentication is also a notable trend in 2024. This advanced cybersecurity process verifies user identity with distinctive biological traits, like fingerprints or facial features, and is already used in smartphones, tablets, and laptops.

Biometric authentication is often more secure than other authentication measures because it’s challenging to replicate these unique features. With the proliferation of devices, it’s not surprising that the number of organisations adopting biometrics is on the rise. IT professionals look to introduce additional security without affecting productivity.

Our Q3 2024 research found that biometrics adoption has remained steady, with 66% of SMEs requiring it, a similar figure to our Q1 2024 report. Two thirds of IT professionals agree that their organisation’s security posture would be stronger if biometrics were required. Indeed, as biometric authentication use increases, developers are discovering new ways to optimise the technology and increase its security.

That said, our research found that 95% of respondents use passwords to secure at least some IT resources, despite SMEs adopting tools like MFA, biometrics, and single sign-on (SSO). Whether it’s legacy systems, complicated implementations, or other reasons, only 26% of employees can access all their IT resources with just one to two passwords, whilst 17% have to manage 10 passwords or more.

The need for a unified platform

In today’s modern environment, IT teams are having to skilfully navigate a complex environment often creating their own map as they go. This means ripping up old playbooks and adapting to the changes around them to tackle the most pressing technology challenges, regardless of the uncertainties they face.

Getting the balance right between security and flexibility that users need is a persistent challenge. For SME IT professionals, a unified platform is preferred to easily and securely manage identities, devices, and access across the organisation. Such platforms enable IT professionals to grant users secure and frictionless access, through a single pane of glass, to the resources that their employees need to do their job.

As cyberthreats continue to evolve and artificial intelligence reshapes the digital landscape, keeping identities, access and devices secure will be top of mind for SMEs – but harder to achieve in the complex environment we now operate in.

Business Advice, Investment, News, Tech, Technology, Wellbeing

ThreatQuotient Publishes 2024 Evolution of Cybersecurity Automation Adoption Research Report

Survey results highlight that cybersecurity automation is now an important part of cybersecurity professionals’ defensive strategy – but organisations want highly targeted, customised automation and threat intelligence that enables them to collaborate.

 

LONDON, UK – 19th of November, 2024 – ThreatQuotient™, a leading threat intelligence platform innovator, today released the Evolution of Cybersecurity Automation Adoption 2024. Based on survey results from 750 senior cybersecurity professionals at companies in the U.K., U.S. and Australia from a range of industries, this in-depth research report examines the progress senior cybersecurity professionals are making towards adopting automation, its key use cases and the challenges they face. The fourth edition of this annual survey highlights how automation is maturing and how, in a world of continuous change, organisations are adopting cybersecurity automation for resilience, scale and collaboration. The report examines approaches to integration, whether respondents are taking a single-vendor platform approach or best-of-breed, the adoption of AI and the importance of cyber threat intelligence sharing.

 

Eight-in-ten respondents (80%) now say cybersecurity automation is important, up from 75% last year and 68% the previous year. Additionally, budget for cybersecurity automation has increased every year, and this year’s survey is no different with 99% of respondents increasing spend on automation. Interestingly, 39% of respondents now have net new budget specifically for automation, a significant rise on the 18.5% who said this last year. Previously, decision-makers were diverting budget from other cybersecurity tools or reallocating unused headcount funds. In 2024 respondents have a better understanding of key uses cases and the benefits automation delivers is helping them make a stronger business case for dedicated budget, which is another indication that cybersecurity automation is maturing.

 

Key research findings also include:

 

  • Key use cases: Incident response was the top use case for automation (32%), rising consistently through the course of the study. This was followed by phishing analysis (30%) and threat hunting (30%) which has also continued to rise.

 

  • Challenges are evolving: Nearly every survey participant reported problems with cybersecurity automation: the top three challenges were technological issues, lack of budget and lack of time.  As automation deployments mature, trust in the outcomes of automated processes has increased. Just 20% of respondents reported a lack of trust in outcomes, compared to 31% last year. In 2023 there was also significant concern around bad decisions, slow user adoption and lack of skills, but these concerns have abated in 2024.

 

  • Top measurement metrics: Employee satisfaction and retention remains the main metric for assessing cybersecurity automation ROI for 43% of leaders, but this has dropped from 61.5% citing it as the key metric in 2023. Resource management, in terms of staff efficiency, effectiveness and budget (42%), and how well the job is being done in terms of MTTR and MTTD (38%) have both become more prevalent as measurement tools as organisations home in on metrics more closely linked to productivity and efficiency.

 

  • Growth in threat intelligence sharing: Ninety-nine percent of cybersecurity professionals say they share cyber threat intelligence through at least one channel; 54% share cyber threat intelligence with their direct partners and suppliers and 48% share with others in their industry through official threat sharing communities.

 

  • Integration is key: Two thirds (67%) of respondents integrate best of breed solutions into their architecture to effectively deliver their cybersecurity strategy. Regardless of whether they focus solely on best of breed tools or they start with a single vendor platform and then supplement with best of breed tools, integrating tools is an important activity.

 

  • AI gathers momentum: Fifty eight percent of respondents say they are using AI in cybersecurity. Half are using it everywhere, and half in specific use cases.  A further 20% are planning deployments in the year ahead.

 

  • Expected attack vectors in the year ahead: Cyber-physical attacks are considered most likely in the year ahead, followed by phishing and ransomware. Although not a top three attack vector, 20% of respondents expect to see attacks via the supply chain and one in five see state-sponsored attacks affecting their business.

 

“It is tough for cybersecurity professionals who now face fast-changing cyber and cyber-physical threats of unprecedented sophistication, volume, velocity and variety,” said Leon Ward, Vice President, Product Management, ThreatQuotient. “Defending their business is an enormous task, and cybersecurity professionals must become more resilient.

 

“What we are seeing in this ‘new normal’ landscape is the need for more automation, scale and better threat intelligence sharing.  A collaborative approach to cybersecurity helps organisations better defend as industries scale their knowledge to respond to attacks.”

 

As organisations double down on cybersecurity automation use cases that deliver value and embrace more intelligence sharing, this will result in more effective and proactive cyber defence. This year the survey highlights the focus has shifted toward ROI metrics that are more closely linked to productivity and efficiency and – while employee retention and satisfaction remains important – it is no longer heavily outweighing performance and efficiency KPIs.

 

Ward concludes, “We believe that scaling security operations and collaboration across teams, ecosystems and industries is the most urgent challenge facing cybersecurity professionals. Successfully uniting human expertise, automation and AI and enabling seamless integration across tools and intelligence feeds will drive cyber resilience and agility at organisational, industry, and international levels.”

 

To download the full Evolution of Cybersecurity Automation Adoption in 2024 report, including more detail on the survey questions, regional and industry snapshots, and recommendations for senior security professionals to follow if they are looking to automate their security processes, click here. To access the report, click here.

 

Report Methodology

Leading threat intelligence platform innovator, ThreatQuotient, commissioned a survey undertaken by independent research organisation, Opinion Matters, in June 2024. 750 senior cybersecurity professionals in the UK., US. and Australia from companies employing 2,000+ people from a range of industries including Central Government, Defence, Critical National Infrastructure, Retail, and Financial Services sectors, with 150 respondents from each.

 

About ThreatQuotient 

ThreatQuotient improves security operations by fusing together disparate data sources, tools and teams to accelerate threat detection and response. ThreatQ is the first purpose-built, data-driven threat intelligence platform that helps teams prioritise, automate and collaborate on security incidents; enables more focused decision making; and maximises limited resources by integrating existing processes and technologies into a unified workspace. The result is reduced noise, clear priority threats, and the ability to automate processes with high fidelity data. ThreatQuotient’s industry leading integration marketplace, data management, orchestration and automation capabilities support multiple use cases including threat intelligence management and sharing, incident response, threat hunting, spear phishing, alert triage and vulnerability management. ThreatQuotient is headquartered in Northern Virginia with international operations based out of Europe, MENA and APAC. For more information, visit www.threatquotient.com.

 

Media Contact 

Paula Elliott
C8 Consulting for ThreatQuotient
+44 7894 339645
paula@c8consulting.co.uk

 

Cybersecurity, Data, Data & Analytics, Digital Transformation, Tech, Technology, Thought Leadership

Data Resilience and Protection in the Ransomware Age

By Sam Woodcock, Director of Cloud Strategy and Enablement at 11:11 Systems

Data is the currency of every business today, but it is under significant threat. As companies rapidly collect and store data, it is driving a need to adopt multi-cloud solutions to store and protect it. At the same time, ransomware attacks are increasing in frequency and sophistication. This is supported by Rapid7’s Ransomware Radar Report 2024 which states, “The first half of 2024 has witnessed a substantial evolution in the ransomware ecosystem, underscoring significant shifts in attack methodologies, victimology, and cybercriminal tactics.”

Against this backdrop, companies must have a data resilience plan in place which incorporates four key facets: data backup, data recovery, data freedom and data security.

Ransomware is Just Business

With ransomware being a low-risk, high-reward opportunity for criminals, as it requires little effort to access sensitive information and demand ransom, it is becoming an attractive career choice for some. It is on this basis that ransomware has evolved into a fully-fledged business with more operations starting up every week.  This is also fuelled by the increasing popularity of Ransomware-as-a-Service, a model where sophisticated threat actors develop and sell ransomware platforms to other threat actors.

With this rise in threat actors targeting businesses today, IT security can no longer be a problem for IT teams alone. Every decision is a commercial decision and will carry risk. And every person within an organisation has an important role in being the first line of defence and protecting a company from a breach.

From Passwords to Exploits

People make mistakes, and this makes them an attractive target for most threat actors. According to Mimecast over 70% of cyber breaches in 2023 were caused by human error. Advanced phishing attacks are more convincing than ever, making it harder for employees to distinguish between real and fake emails. It only requires a quick click of the button by a stressed, tired or disgruntled employee for threat access to gain a password that gives full access to the organisation’s data.

As such, while employees must be adequately trained to avoid falling victim to these phishing or ransomware attacks, this is merely the first step to improving a company’s security. However, it requires further security measures to be put in place to protect the organisation and its data.

Testing, Testing

Backups are considered the primary way to recover from a breach, but is this enough to ensure that the organisation will be up and running with minimal impact? Testing is a critical component to ensuring that a company can recover after a breach and provides valuable insight into the steps that the company will need to take to recover from a variety of scenarios. Unfortunately, many organisations implement measures to recover but fail on the last step of their resilience approach, namely testing. Without this step, they cannot know if their recovery strategy is effective.

Testing is a critical component as it provides valuable insight into the steps it needs to take to recover, what works, and what areas it needs to focus on for the recovery process, the amount of time it will take to recover the files and more. Without this, companies will not know what processes to follow to restore data following a breach, as well as timelines to recovery. Equally, they will not know if they have backed up their data correctly before an attack if they have not performed adequate testing.

Although many IT teams are stretched and struggle to find the time to do regular testing, it is possible to automate the testing process to ensure that it occurs frequently.  These tools will also provide a realistic view of how resilient the environment is to threats and provide a host of scenarios that could impact the business, helping to prepare for almost any incident.

From testing to reality

While some organisations are surprised that they have been breached, according to Sophos, 83% of organisations that experienced a breach had observable warning signs beforehand and ignored the canary in the coal mine. Further, 70% of breaches were successful and threat actors encrypted the data of the organisation to prevent access to it.

However, as threat actors aren’t using enterprise-grade tools to gain access to data, enterprises are effectively at an advantage if they test and retest regularly, and back up their data effectively. A good guideline for this is the 3-2-1 rule, which states that there should be at least three copies of the data, stored on two different types of storage media, and one copy should be kept offsite in a remote location. Businesses also stand to benefit from partnering with an organisation that can protect the network to defend against threats and has the expertise to help them to recover from an attack.

Business Mergers, Acquisitions & Partnerships, Tech, Technology

Silobreaker expands US reseller programme with ThreatQuotient

Strengthened collaboration to deliver unique threat insight, leveraging contextualisation and analysis of unstructured threat data at scale.

London, UK – Security and threat intelligence technology company, Silobreaker, has announced the expansion of its US reseller programme through a strengthened partnership with threat intelligence platform innovator, ThreatQuotient. This collaboration leverages Silobreaker’s vast datasets from open, deep and dark web sources to enrich the ThreatQ Platform, providing organisations with advanced capabilities to contextualise technical threat indicators and analyse unstructured threat information at scale. 

Silobreaker reseller programme expansion 

Building on the success of its existing reseller programme, Silobreaker’s expanded partnership with ThreatQuotient aims to extend its reach and enhance service offerings in the US market. This strategic move underscores Silobreaker’s commitment to working closely with resellers to deliver cutting-edge threat intelligence solutions. 

By integrating Silobreaker’s rich data sources, ThreatQuotient is strengthening the partnership between the two companies, ensuring that users benefit from a seamless and powerful threat intelligence experience. 

Utilising enrichment for enhanced threat intelligence 

The integration brings in several new features that significantly boost threat intelligence capabilities. On-demand querying allows users to easily access and query Silobreaker’s unequalled dataset of sources using intuitive search terms from the ThreatQ ​Platform. 

Silobreaker provides powerful insights on threat indicators, drawn from a customisable pool of relevant data, as well as advanced correlation of high-relevance entities from Silobreaker documents, such as malware, threat actors, attack types and more. 

Integration use cases 

The integration supports a variety of key use cases, including threat monitoring across open sources and the deep and dark web, including novel attack methods and campaigns targeting various industries. It also facilitates vulnerability tracking and offers enhanced credential monitoring and indicator enrichment for IPs, domains and subdomains.  

“Our expanded reseller programme with ThreatQuotient underscores our commitment to providing top-tier threat intelligence solutions,” said Kristofer Mansson, CEO of Silobreaker. “The integration of Silobreaker’s capabilities with the ThreatQ Platform not only enhances our collective offerings but also provides organisations with a sharper, more holistic view of potential threats. Together, we enable our partners and customers to detect, analyse, and mitigate risks before they escalate into critical incidents, ensuring they have the crucial insights needed to make proactive, informed decisions to protect their organisations.” 

John Czupak, CEO, ThreatQuotient comments: “Today’s threats are constantly evolving and if we are to remain one step ahead of adversaries we need to share, involve, collaborate, respond, learn and take swift action. Our partnership with Silobreaker enables us to deliver even deeper insights into real world threats in open and dark web sources, so customers can accelerate understanding and harden their defences. These critical insights enable customers to ensure that incident handlers, malware researchers, SOC analysts and investigation leads gain more control, and are able to take the right steps at the right time to better manage risks.” 

For more information, please visit Silobreaker and ThreatQuotient. 

About Silobreaker
Silobreaker is a leading security and threat intelligence technology company, that provides powerful insights on emerging risks and opportunities in near-real time. It automates the collection, aggregation and analysis of data from open and dark web sources in a single platform, allowing intelligence teams to produce and disseminate high-quality, actionable reports in line with priority intelligence requirements (PIRs). This enables global enterprises to make intelligence-led decisions to safeguard their business from cyber, physical and geopolitical threats, mitigate risks and maximise business value.  

Learn more at www.silobreaker.com 

About ThreatQuotientTM  

ThreatQuotient improves security operations by fusing together disparate data sources, tools and teams to accelerate threat detection, investigation and response (TDIR). ThreatQ is the first purpose-built, data-driven threat intelligence platform that helps teams prioritise, automate and collaborate on security incidents; enables more focused decision making; and maximizes limited resources by integrating existing processes and technologies into a unified workspace. The result is reduced noise, clear priority threats, and the ability to automate processes with high fidelity data. ThreatQuotient’s industry leading integration marketplace, data management, orchestration and automation capabilities support multiple use cases including threat intelligence management and sharing, incident response, threat hunting, spear phishing, alert triage and vulnerability management.  

For more information, visit www.threatquotient.com 

 

Media Contact 

Michelle Edge, Eleven Hundred Agency 

T: +44 (0) 20 7688 5202 

E: silobreaker@elevenhundredagency.com 

 

 

Accountancy & Accounts, AI, Business, Technology

ACCA UK calls for AI cybersecurity approach to emphasise global applicability

  • Leading accountancy body ACCA says the UK government’s proposed AI cyber code is a useful starting point for a global regulatory approach
  • Industry experts are best placed to manage the emerging and evolving range of cyber risks

 

Responding to a UK government consultation led by the Department for Science, Innovation & Technology outlining an AI cybersecurity code of practice, ACCA says the government is best placed to set up overarching regulatory structure and principles, while those on the frontline of AI developments should be given the space to work to combat emerging cyber risks.

 

However, the pro-innovation approach of the proposed code – as set out in the government’s white paper – needs to have safeguards and its requirements may need to be revisited. The cyber challenge in AI is dynamic, and a ‘point in time’ view can become quickly outdated.

 

ACCA also highlighted the risks and impacts to end users in small and medium enterprises (SMEs), with a significant number of its members operating in this segment. The greater challenges faced by this group of stakeholders on cyber readiness – across both skills and budgets – are well-documented. ACCA wants end-user SMEs to be safe and protected from cyber risk, yet empower them to choose AI given its potential to augment business productivity.

 

Glenn Collins, head of technical and strategic engagement, ACCA UK, said: “ACCA is pleased to see the consultation taking a principle-based approach as our current view of AI offers too many unseen scenarios. ACCA, its members and partners, will be profoundly impacted by its planned use of AI including delivering finance professionals with an optimal experience and skill set for the modern workplace.”

 

ACCA warned that adherence to any code carries a cost, including indirect costs of adhering to the code and the impact through the supply chain. Effort and cost will be needed to raise awareness of the code, as well as monitoring and enforcement.

 

Narayanan Vaidyanathan, head of policy development, ACCA, noted: “We anticipate utility from such a code for those providing assurance or third-party verification of AI systems. This is an important category of stakeholders who will have a key role to play in creating a trusted AI eco-system to supplement the regulatory and legal direction from policy makers.

 

“We do not anticipate this group to be subject to the requirements of the code itself, but assurance requires checks against a well-defined, and ideally, publicly available standard – which this code could provide. Cyber risks are a part of what the assurance of an AI system may need to check for. Therefore, those providing assurance would find such a cyber code and associated standards helpful.”

 

In its response, ACCA also called on the government to tackle the skills gap, which needs to be filled in order to combat cybersecurity risks. The Apprenticeship Levy could be expanded to a ‘Growth and Skills Levy’ that is more flexible and can be used to fund shorter-term accredited training programmes that upskill and reskill workers on the cybersecurity of AI.

 

Companies should also be able to increase the proportion of their unspent levy funds to their supply chains – ACCA suggests an increase of 25% to 40%. This could unlock millions of pounds to develop AI skills.

 

Ultimately, cybersecurity issues linked to AI need staff to be trained on current and emerging risks. If insufficient training is given, standards and frameworks will fail to achieve any impact.

 

Read ACCA’s response here.

 

Visit ACCA’s website for more information.

Technology

BlueVoyant Research Illuminates Latest Cyber Attack Techniques and Best Defence Practices

The most recent cyber criminal tactics include using generative AI for phishing, online advertisements as an attack vector, and continued quicker exploitation of new vulnerabilities 

BlueVoyant, a cybersecurity company that illuminates, validates, and remediates internal and external risks today released the findings of its second external cyber defence trends report, which highlights the new risks organisations face from outside the traditional IT perimeters. 

“Organisations’ attack surfaces are ever expanding, and cyber threat actors are adapting their strategies to exploit new avenues of vulnerabilities,” said Joel Molinoff, BlueVoyant’s global head of supply chain defence. “BlueVoyant undertook this research to shine a light on the attack vectors organisations need to be aware of and recommended actions to help prevent the latest threats.” 

 Artificial Intelligence (AI) is transforming how enterprises do business with the ability to generate content efficiently. Cyber criminals are also capitalising on AI to create more effective phishing campaigns. 

 “The biggest cybersecurity risk from the increasing use of AI tools is an escalated volume of attacks,” said Ron Feler, BlueVoyant’s global head of threat intelligence. “While the essentials of the attacks don’t change, the increased number and diversity of attacks make defenders’ jobs more challenging.” 

 The report’s key findings focus on: 

  • Online Ads as an Attack Vector: BlueVoyant’s threat intelligence has observed threat actors using search engine ads as phishing distribution vectors to lure unsuspecting victims to malicious websites impersonating large financial institutions in the United States, United Kingdom, and Eastern Europe.  
  • Cyber Criminals’ Use of AI: While AI does not fundamentally change the way threat actors levy attacks, security teams should be aware of how their adversaries are using it to streamline their workflow and make brand abuse easier. 
  • The Need for Better Email Security: Many organisations are not enabling all key components that secure the authenticity and integrity of the messages, which could leave them susceptible to email-based threats. 
  • The Continued Need to Patch Quicker: In the first report, BlueVoyant found that organisations were often slow to patch systems even as attackers were exploiting new vulnerabilities faster. Now, the exploitation of vulnerabilities is happening even faster, prompting a high-stakes race between threat actors and defenders after a disclosure. 

 The research was completed using trend data queries from BlueVoyant’s Supply Chain Defence and Digital Risk Protection solutions. 

 Supply Chain Defence  is a fully-managed solution that continuously monitors clients’ vendors, suppliers, and other third parties for any vulnerabilities, and then works with those third parties to quickly resolve issues. The platform identifies enterprises’ internet-facing software vulnerabilities and other exploitable opportunities with techniques similar to those used by external cyber attackers while profiling prospective targets. 

 Digital Risk Protection goes outside the wire to find threats against clients, employees and business partners on the clear, deep, and dark web, plus instant messaging applications. The platform has unique access to DNS data sets and cyber crime channels to find the latest cyber attacker techniques, tactics, and procedures, and to provide unlimited external remediation to help prevent financial loss and reputation damage.  

 Learn more about external threats and how to reduce risk in the BlueVoyant research report: “External Cyber Defence Trends.