Cyber Security Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts Tagged :

Cyber Security

How can businesses maintain IT security in a hybrid working model?

960 640 Guest Post

By Claire Price of QMS International, one of the UK’s leading ISO certification bodies

Businesses now have the green light to go back to work, but your organisation may not be returning to its old working practices. So, if a hybrid model is being adopted, what can you do to ensure that information stays secure?

The introduction of more widespread homeworking has certainly piled on the pressure for businesses’ IT security.

At the beginning of 2021, QMS International carried out a survey of businesses about their cyber security and 75.7% of the respondents reported that they now felt more open to attack. Another 10% reported that they had no confidence in fending one off.

And businesses have a right to be worried. According to analysis of reports made to the UK’s Information Commissioners Office (ICO) by CybSafe, the number of ransomware incidents in the first half of 2021 doubled compared to the number reported in the first half of 2020.

Malicious emails have also been redirected to attack those working from home. Data supplied by Darktrace to The Guardian revealed that the proportion of attacks targeting home workers rose from 12% of malicious email traffic before the first lockdown in March 2020 to more than 60% six weeks later. With homeworking becoming more of a permanent fixture in business models, this trend is likely to continue.

While hybrid working offers your team the best of both worlds when it comes to office and home working, it also leaves your business open to the unique risks associated with both, with the added bonus of those linked to transport and travel.

But this doesn’t mean you have to abandon this new way of working. With the right processes in place, you can ensure your information stays secure, no matter where your staff are based.

Carry out a risk assessment

First things first – you must carry out a risk assessment.

Knowing the precise risks your business faces is key to developing methods of removing or mitigating them, but assessments like this are often overlooked. In fact, QMS’ cyber report found that 30% of respondents admitted that no new information security risk assessments had been carried out, despite changes to working practices.

Discover the risks, analyse their likelihood, and then decide if and how they can be controlled. This will give you the grounding you need to build your wider hybrid IT strategy.

Train and test your team

With cyber-attacks on the rise and remote workers being more vulnerable, it’s crucial that your hybrid team know what to look for and, just as crucially, how to report anything suspicious. The best way to do this is through training, which can now be carried out very effectively via e-learning.

This training should cover common cyber-attacks – such as phishing emails – how to spot them, the fundamentals of social engineering, and how to report suspicious activity. Ideally, this training should be refreshed regularly as new cyber threats emerge. You may also like to include training on the safe use of video calls and how to ensure video cameras are switched off when not in use.

To ensure your team have absorbed what they’ve learnt, carry out penetration testing. This involves crafting fake phishing emails and sending them out to your employees. What they do will give you an idea of whether your training has been effective.

Address access

When your hybrid team aren’t in the workplace, they will need to access servers and files remotely. This will often be via a VPN (Virtual Private Network), so you need to ensure that this is as secure as possible.

Remote workers will also be relying on their home Wi-Fi, but this may not be as secure as the Wi-Fi in your office. Your team should therefore be encouraged to create strong passwords – not the default ones on the base of the router.

Workers need to be cautioned against the use of free Wi-Fi hotspots too. It’s possible that your workers may want to use it to work on the train, for example, or in a coffee shop. However, public Wi-Fi is notoriously unsecure, and your workers should be cautioned against using it.

Think about physical protection

If your workers are going to be travelling between locations, then they are going to have to carry equipment such as laptops, phones and removable media with them. If something is lost or stolen, your business information could be compromised. Indeed, IBM’s Cost of a Data Breach report revealed that around 10% of malicious breaches are due to a physical security compromise.

A solid back-up protocol is key to ensuring that any lost information can be recovered. A robust password and access process are also musts – you may want to think about two-factor authentication to make logging in more secure. Make sure you also have a protocol in place so that if your team do report something as lost or stolen, you can act quickly.

When working remotely, you need to ensure that your staff keep their physical devices safe too. Equipment should be kept out of sight when not in use and papers stored away. If your workers are printing content, you may also need a safe disposal or destruction policy in place.

To prevent prying eyes seeing something they shouldn’t, workers should lock their screens when away from their workspace, whether they’re in the office or at home. And if any of your team do want to work while in public, they should be cautioned about the kind of work they perform – who knows who’s sitting next to you?

Create a culture of security

If you really want to take information security to the next level, you may want to consider a more wide-reaching measure such as ISO 27001.

ISO 27001 is the international Standard for information security management, and it is designed to help organisations integrate information security into every aspect of business.

Its 114 controls tackle every angle of security, including physical, legal, digital and human, bringing them together to enable you to maintain compliance and showcase to employees, customers and stakeholders that you have the processes in place to protect information from theft and corruption.

Going forward, it could give you the framework you need to adapt your practices to suit your new hybrid working model and any changes in the future.

Best city for cyber security jobs? Washington DC

960 640 Stuart O'Brien

Washington D.C, US has been named the best city for cybersecurity jobs thanks to its many job opportunities and high average salary, while London only ranks in 8th.

That’s according to research conducted by Techshielde, which analysed several metrics including average salary, job availability and cost of living to find the best place to live for cybersecurity experts as well as the most in-demand skills to learn in 2021

Other key findings include:-

  • Singapore has the highest job availability for cybersecurity professional

  • Cybersecurity experts in Luxembourg earn the highest salaries

  • Networking, threats intelligence and compliance have all been named as the most in-demand skills

You can view the full graphic here.

The ten best cities for a cybersecurity job

Rank

City

Job availability score

Average salary (£)

Cost of living

Overall Score

1

United States, Washington D.C.

7.17

£84,628.38

£2,810.69

17.58

2

Singapore, Singapore

10.00

£55,576.66

£3,267.02

16.44

3

Germany, Berlin

3.18

£70,141.64

£1,923.93

15.41

4

Luxembourg, Luxembourg

1.58

£110,768.11

£2,562.39

14.99

5

Belgium, Brussels

1.96

£75,563.59

£1,886.05

14.77

6

Canada, Ottawa

2.21

£70,060.75

£1,969.87

14.29

7

Austria, Vienna

1.59

£72,339.79

£1,857.68

14.23

8

England, London

5.30

£74,416.00

£3,004.36

14.20

9

Saudi Arabia, Riyadh

1.18

£43,280.91

£1,211.49

13.63

10

Japan, Tokyo

1.14

£84,915.14

£2,219.01

13.59

It may not come as a surprise that Washington D.C sits at the top of the ranking — the capital is the headquarters of government agencies that employ many cybersecurity professionals.

Scoring a total score of 17.58, the city ranks second for job availability for those looking to work in the cybersecurity sector, balanced with the high average salary of £84,628 this city is a great contender for those looking to work in the industry.

Singapore comes in second place. The southeastern Asia city has the highest job availability out of all the cities examined. However, the average salary of £55,577 and the high cost of living of £3,267 brings it down.

London only ranks 8th, losing points because of its lower salary compared to other cities and the high cost of living, the city fails to make the top 5.

Singapore has the most cybersecurity jobs available

Recent graduates and any job seekers looking for a new role can increase their chances of getting hired by looking for cities with the largest number of job openings.

Techshielder analysed the amount of cybersecurity-related jobs available on Indeed and Glassdoor to reveal the cities with the most cybersecurity jobs.

Singapore comes in first place with a job availability of 10, this is followed by Washington D.C and London rounds of the top three (7.17 and 5.30 job availability scores respectively).

At the other end of the scale, we have Islamabad in Pakistan, where the research found there is very limited opportunity for those in the field. Scoring a job availability score of just 1.01 this city has the fewest number of jobs available for cybersecurity professionals.

Cybersecurity experts in Luxembourg earn the highest salaries

Cybersecurity is a booming field with the potential to grow immensely. Although there are many positions to choose from within the industry, most if not all are well paid due to their importance in our society.

If you are interested in joining the field, you may want to narrow your choices by top-paying jobs.

To get the most bang for your buck, it is also important to consider the cost of living. Any salary increase can be swiftly consumed by the differences in the cost of living.

Knowing the true value of a salary in different locations is just as crucial as knowing the pay.

Rank

City

Average Salary

Cost of Living

1

Luxembourg, Luxembourg

£110,768.11

£2,562.39

2

Copenhagen, Denmark

£86,337.17

£2,665.18

3

Tokyo, Japan

£84,915.14

£2,219.01

4

Bern, Switzerland

£84,653.91

£2,761.52

5

Washington D.C, USA

£84,628.38

£2,810.69

As the table shows, the city of Luxembourg has the highest average salary. While you can make a six-figure wage when working in this city, the high cost of living means that your money may not go as far as other cities.

At the end of the scale, sits Abuja in Nigeria. With a salary of just £1,758.30, this city has the lowest income for cybersecurity specialists.

The most in-demand skills to learn in 2021

Whilst there is a high demand for jobs, you can’t start a career within the cybersecurity sector without the right expertise. There are certain skills you’ll need to thrive in the field.

Finding a proficient applicant to fill one of the many available jobs during a skill shortage is one of the hardest challenges for HR personnel.

  1. Network: One of the most in-demand skills and maybe one of the most important one for anyone in cybersecurity is networking. Understanding how networks work allows you to get a better comprehension of how many things work behind the scene.

  1. Threats: Threat intelligence ranks as the second most in-demand skill in 2021. Being able to evaluate threats and prevent or mitigate cyberattacks is a highly sorted after skill.

  1. Compliance: From the European Union’s GDPR to the California Consumer Privacy Act, companies need employees who can assess the risk and understand the paperwork and the security protocols are needed to keep personal data safe.

  1. Cloud: More companies are moving to cloud infrastructure and therefore the need for cloud-savvy professional are on the rise. These experts need to be able to arrange, organise and monitor a virtualised environment such as SaaS, PaaS or IaaS so that they can protect data from being deleted, leaked or even stolen.

The economy runs on trust – The Synack 2021 Trust Report

960 640 Stuart O'Brien

By Jennifer Bennett, Synack

The Synack 2021 Trust Report 

The pandemic has accelerated initiatives to digitally transform operations, and drove efforts to implement Zero Trust security for remote workforces. Reinforcing cyber resilience continues to be top of mind in organizations, firms, and societies, and goes hand in hand with trust.

The 2021 Trust Report is Synack’s essential guide for CISOs, CIOs, security practitioners, C-suite and board executives to understand how to measure security, determine risks and build trust with data and insights on the state of different industries and sectors of the economy.

In its fourth volume, the authoritative global report shares data from the most trusted brands based on thousands of security tests conducted by the world’s most skilled ethical hackers, The Synack Red Team (SRT). The report spotlights the different industries and sectors of the economy and reveals new insights into how critical organizations are prepared to fight ransomware and other digital threats and stay resilient.

Average Industry ARS rating by years
(As published in previous Trust Reports)

Industry 2019 2020 2021
Government 47 61 64
Healthcare 60 56 61
Financial Services 57 59 58
Technology 46 55 57
Ecommerce 48 47 57
Retail 45 46 55
SLED 46 50 49
Consulting/Business & IT Services 53 48 52
Manufacturing/Critical Infrastructure 70 45 50

ARS rating based on data from the Trust Report: 2019. Data through January 2019
ARS rating based on data from the Trust Report: 2020. Data through July 2020
ARS rating based on data from the Trust Report: 2021. Data through April 2021.

The report data is based on Synack’s patented Attacker Resistance Score (ARS)™ Rating and includes a macro industry comparison that demonstrates how the most trusted organizations use the ARS rating and how to use the rating to benchmark attacker resistance against other industries.

All too often, vulnerabilities leave organizations dangerously exposed. Last year, the US-CERT Vulnerability Database recorded nearly 17,500 vulnerabilities—a record number for the fourth year in a row. More than a third— 16%—of vulnerabilities found in 2020-April 2021 by the Synack Red Team (SRT), our global network of highly skilled and vetted security researchers were considered critical. Beyond that, the SRT saw a 14% increase over the past two years in authorization and permission vulnerabilities, which can give attackers access to the most sensitive networks and systems.

According to Synack’s CEO, Jay Kaplan: “We’re facing a global cybersecurity crisis. Some organizations are doing the right thing, creating effective defense strategies and being proactive. Others are simply checking boxes. But the nature of today’s threat requires an aggressive and assertive approach,” said Jay Kaplan, CEO and Co-Founder of Synack. “The Trust Report and the ARS are vital tools for understanding the gaps in any organization’s security plan, and can be used as a tool for CISOs and other security leaders to prioritize security efforts and focus on the most pressing threats and vulnerabilities first.”

The increased sophistication of today’s threats makes the CISO even more vital. On top of digital transformations, organizations faced punishing nation-state hacks with cyber attacks continuing to rise in 2021. Going forward, the role of the CISO and security teams will continue to evolve and expand. In fact, 55% of enterprise executives plan to increase their cybersecurity budgets in 2021 and 51% are adding full-time cyber staff in 2021.

“Testing—when it comes to security, safety, and resilience—makes all the difference in the world,” wrote Ritesh Patel, Security Principal at bp, in the foreword to the 2021 Synack Trust Report. “Measurements such as the Attacker Resistance Score (ARS) keep us honest and informed. The ARS lets us constantly assess our performance and compare how we’re doing across sectors. It’s a strong indicator that bp is performing above industry average, which sends a clear and powerful message within the organization that security—and trust—are essential in everything we do at bp.”

Read on to learn how the most trusted brands in the world measure security and build trust while diving into the different industries and sectors of the economy.

Synack leads the industry in finding the most critical and dangerous vulnerabilities in customers’ digital assets and apps, giving them the insight necessary to prevent attacks as found in our report’s key findings.

Respect in Security seeks to stamp out industry harassment

960 640 Stuart O'Brien

Around a third of cybersecurity professionals have had personal experience of harassment online (32%) and in-person (35%), according to a study from Respect in Security – a new initiative set up to support victims and encourage coordinated industry action to tackle the problem.

Respect in Security engaged Sapio Research to poll 302 industry professionals (male, female and non-binary) across multiple age groups, organisation sizes and levels of seniority.

Of those that reported experiencing in-person harassment, most said it came at industry events (36%), in the office (47%) or work socials (48%).

Online harassment is most likely to have occurred on Twitter (44%) or email (37%).

Respondents who had suffered from harassment online and in-person were fairly evenly split between male, female and non-binary respondents.

Although 82% of those polled said their organisation has an anti-harassment policy and complaints procedure, nearly half (45%) argued that their employer should do more to ensure all employees understand what constitutes harassment and what acceptable behaviour looks like.

A further 40% said organisations need to improve the transparency of processes to show that any cases of harassment are acknowledged and investigated promptly.

As it stands, 16% of respondents said they would not tell anyone if they witnessed or were a victim of harassment, either by choosing not to (9%) or because they’re too scared to (7%).

“Harassment comes in many forms. It might be online or in-person, physical, verbal or non-verbal, and involve direct communication or deliberate action to exclude individuals. It violates personal dignity and can create an intimidating, hostile, degrading, humiliating or offensive environment for the victims,” said Rik Ferguson, co-founder of Respect in Security.

“As much as we’re tempted to retaliate against what we see happening, it’s not always the best way to deal with this kind of behaviour”, said Lisa Forte, co-founder of Respect in Security.  “We would instead like the industry to come together to eradicate harassment and make the perpetrators accountable for their actions through official channels. We urge all organisations to sign our pledge today.”

Over two-fifths (44%) of cybersecurity professionals believe that reports of harassment in the industry are fairly accurate, and a quarter (25%) think they are highly under representative.

Respect in Security urges all employers to sign its pledge and help to build a more tolerant and respectful industry. The pledge is not only a commitment to a respectful environment within your own company, but a promise to publish your grievance policy externally, there is no place for harassment anywhere within the industry.

Cyberattacks surge by 33% in a year

960 640 Stuart O'Brien

According to the data presented by Atlas VPN, cyberattacks have increased by 33% since last year – The total amount of malicious attacks in Q1 rose from 538 in 2020 to 713 in 2021.

In January 2020, there were a total of 160 cyberattacks. Meanwhile, January 2021 saw 183 malicious attacks — 14% more than the same month last year.

Looking at February’s numbers, we can see a tremendous increase in cyberattacks in 2021 compared to 2020. Malicious attacks jumped by 33% from 191 in 2020 to 254 in 2021.

In March 2021, cyberattacks grew more than 50% compared to March 2020. The total number of attacks went up from 187 to 276.

Cybersecurity writer and researcher at Atlas VPN, William Sword, said: “A significant increase in cyberattacks has shown that many companies or government administrations are not prepared to handle cybersecurity threats. With more and more people becoming victims of hackers, responsible institutions should step up their efforts in the cybersecurity field.”

Cybercriminals employ various techniques to penetrate vulnerable systems. Malware continues to be one of the most used techniques for cyberattacks. In Q1 2021 it was employed in 32% of all cyberattack cases. Hackers use malware to trick a victim into providing personal data for identity theft.

Unknown attacks were the second most-used in the first quarter of this year at 22%. The unknown threat is classified as such when a security product cannot recognize its code, which is why it is tough to stop such attacks.

Next up is account takeover (ATO). This type of cyberattack technique was used in 14% of all cyberattacks in Q1 2021.

Click here to read the full report.

Cybersecurity in Financial Services: Remaining compliant and reducing risk with automation

960 640 Guest Post

By LogRhythm

Businesses in the financial services sector have to manage enormous risk, wealth and personally identifiable information (PII), all while meeting strict regulatory requirements.  

As the proliferation of financial data continues to grow, organizations face the task of continuously protecting that information and keeping it secure, while maintaining a reputation in the financial sector. Despite this, many security teams lack the resources and funding to keep up with the evolving threat landscape and ecosystem of regulatory compliance rules.

The Complexity of Complying

For financial services organizations, cybersecurity is about minimising risk for both the customers and the business. This includes compliance, it is vital organizations reduce the possibility of further fines or other penalties by implementing security measures. 

On top of this, security teams are often attempting to mitigate threats manually, increasing effort and stress. Analysts need to eliminate the time spent writing scripts, building rules and creating reports to allow focus on evolving attacks.

Automating Processes for Financial Security

Implementing prebuilt content which is specifically mapped to the individual controls of each regulation enables instant results that do the heavy lifting for you. Combining compliance automation software with Security Information and Event Management (SIEM) gives analysts the resources to comply with necessary mandates more efficiently and effectively than previous manual processes. A SIEM platform can facilitate security teams to improve detection, mitigation and response capabilities.

Furthermore, automation systems allow workflows to be more streamlined to help analysts combat evolving threats by removing manual tasks and enriching data with contextual details consistently.

An Expanding Compliance Environment

Looking forward, the financial sector is expected to face continued vulnerabilities in its technological offerings, both online and traditional brick and mortar. With compliance automation systems at the forefront, patterns of fraudulent activity will be detected at a greater rate, increasing the likelihood of mitigation before impact. 

The compliance environment can only extend further, with more regulatory requirements coming into play. Financial organizations should be prepared for stricter security rules becoming a necessity to protecting both customer and business data.

LogRhythm’s offerings provide financial services organizations with industry-leading automation, compliance and auditing support, comprehensive reporting and protection against advanced cyberthreatsLearn more >

Progress your career with a funded Cyber Security Apprenticeship

960 640 Guest Post

This funded Degree Apprenticeship programme from De Montfort University (DMU) is a great opportunity to work towards becoming a fully-competent cyber security professional.

Businesses often find their workforce has gaps in the specific digital skills needed to protect them from cyber security threats. The Cyber Security Technical Professional Integrated Degree Apprenticeship provides the essential skills and knowledge to ensure individuals can become independent cyber security professionals who can operate within business, technology or engineering functions across a range of industry sectors. Apprentices will develop skills which enable them to lead teams that research, analyse, model and assess cyber risks, design, develop, justify, manage and operate secure solutions, and detect and respond to incidents.

The great news is that if your organisation is a Levy payer, this apprenticeship allows you to utilise the funds within that Apprenticeship Levy. If your organisation does not pay the levy, up to 95% of the apprenticeship can be funded by the Government Apprenticeship Service. With this service you have the opportunity to reserve funds up to three months in advance of the start date for the programme. From now until autumn, up to 15,000 apprenticeships are available via this route.  

The teaching on this programme is underpinned by the work of academics from DMU’s Cyber Technology Institute (CTI). The CTI is a recognised NCSC Academic Centre of Excellence in Cyber Security Research as well as an Airbus Centre of Excellence in SCADA Forensics. This research and industry expertise provides the perfect environment for apprentices to develop the skills they need to respond to real-world cyber security challenges.

Key elements of the apprenticeship include; Risk modelling, analysis and assessment strategies, Cyber Incident Response tools and techniques, Secure software development, Malware Analysis, and understanding of the applicable laws, regulations, standards and ethics.

During this 42 month programme apprentices can expect to attend DMU for week-long blocks of teaching for each module, learning alongside peers from industry to encourage broad scope thinking. Integrating workplace training with academic learning provides apprentices with an increased understanding of their organisation’s unique business needs.

This apprenticeship is suitable for professionals employed by an organisation who will support their participation in the entire programme. This includes regular meetings with a work place mentor to support development of the professional skills they need to complete the programme successfully.

DMU works with organisations such as IBM, Siemens and BT delivering apprenticeships, where learning and skills are embedded back into the business from day one, adding real value and transferring fresh and innovative ideas.

The programme is based on the Level 6 Cyber Security Technical Professional (Integrated Degree) apprenticeship standard and is allocated Funding Band 27 (£24,000) by the Institute for Apprenticeships (IfA).

To find out more, click here.

Unwanted apps high on 2020 cyber threat list

960 640 Stuart O'Brien

So-called ‘fleeceware’ apps and aggressive adware software are among the key cyber threats posed to businesses and the public in 2020.

That’s according to the 2020 Threat Report, produced by SophosLabs to explore changes in the threat landscape over the past 12 months.

The Report focuses on six areas where researchers noted particular developments during this past year – here are the key findings:-

  • Ransomware attackers continue to raise the stakes with automated active attacks that turn organizations’ trusted management tools against them, evade security controls and disable back ups in order to cause maximum impact in the shortest possible time. 
  • Unwanted apps are edging closer to malware. In a year that brought the subscription-abusing Android Fleeceware apps, and ever more stealthy and aggressive adware, the Threat Report highlights how these and other potentially unwanted apps (PUA), like browser plug-ins, are becoming brokers for delivering and executing malware and fileless attacks.  
  • The greatest vulnerability for cloud computing is misconfiguration by operators. As cloud systems become more complex and more flexible, operator error is a growing risk. Combined with a general lack of visibility, this makes cloud computing environments a ready made target for cyberattackers.
  • Machine learning designed to defeat malware finds itself under attack. 2019 was the year when the potential of attacks against machine learning security systems were highlighted. Research showed how machine learning detection models could possibly be tricked, and how machine learning could be applied to offensive activity to generate highly convincing fake content for social engineering. At the same time, defenders are applying machine learning to language as a way to detect malicious emails and URLs. This advanced game of cat and mouse is expected to become more prevalent in the future. 

Other areas covered in the 2020 Threat Report include the danger of failing to spot cybercriminal reconnaissance hidden in the wider noise of internet scanning, the continuing attack surface of the Remote Desktop Protocol (RDP) and the further advancement of automated active attacks (AAA).

“The threat landscape continues to evolve – and the speed and extent of that evolution is both accelerating and unpredictable. The only certainty we have is what is happening right now, so in our 2020 Threat Report we look at how current trends might impact the world over the coming year.  We highlight how adversaries are becoming ever stealthier, better at exploiting mistakes, hiding their activities and evading detection technologies, and more, in the cloud, through mobile apps and inside networks. The 2020 Threat Report is not so much a map as a series of signposts to help defenders better understand what they could face in the months ahead, and how to prepare,” said John Shier, senior security advisor, Sophos.

For additional and detailed information on threat landscape trends and changing cybercriminal behaviours, check out the full SophosLabs 2020 Threat Report at https://www.sophos.com/threatreport

Fines of up to £17m if UK infrastructure firms neglect cyber security

960 640 Stuart O'Brien

The Government has announced plans to fine Infrastructure firms up to £17m if they don’t have adequate cyber security measures in place.

Under a new directive, UK regulators will be able to inspect cyber security at premises operated by transport, energy water and health companies, checking for any threat to public safety and possibility of significant adverse or economic impact resulting from a disruptive incident.

The announcement follows plans last year from the Department for Digital, Culture, Media and Sport to bring the UK in line with the EU Network and Information Systems (NIS) Directive, which comes into effect in May.

The directive will also cover threats affecting IT services, hardware failures and environmental attacks.

Margot James, Minister for Digital and the Creative Industries, said: “Today we are setting out new and robust cybersecurity measures to help ensure the UK is the safest place in the world to live and be online.

“We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services.”

Discussing the directive, Jens Monrad, analyst at cyber security company FireEye, said: “With so many nations, including the UK, now relying on digitalisation, hackers may look to cause mass disruption by targeting critical national infrastructure,” said Jens Monrad, at cyber-security company FireEye.

“This could be systems, which the UK government and citizens rely on, like healthcare systems, water supply and electricity.”

Uber conceal massive data hack

960 640 Stuart O'Brien

Global transportation tech company Uber concealed a massive breach of personal information of over 57 million customers and drivers in October 2016, with the company acknowledging that it failed to notify individuals and regulators it has been revealed.

The company covered up the breach, and instead paid the hackers responsible $100,000 to delete data and keep the breach quiet.

Addressing the situation, new CEO Dara Khosrowshahi admitted that, while there was no excuse for the incident, he had “obtained assurances that the downloaded data had been destroyed”.

“None of this should have happened, and I will not make excuses for it,” Uber’s chief executive, Dara Khosrowshahi, said in a statement to The Guardian: “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.

“We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

It is thought the hackers managed to download data including names, email addresses and phone numbers, including driver license numbers of over 600,000 Uber drivers around the US.

Uber claims that other information, including credit card numbers, bank account details and birth dates were not compromised.

Khosrowshahi admitted that the breach had prompted him to take several measures, with the departure of two senior members of staff responsible fro the company’s 2016 response.

 

 

 

  • 1
  • 2