Cyber Security Archives - Security IT Summit | Forum Events Ltd
Posts Tagged :

Cyber Security

Cybersecurity priorities: Why AI-powered threat detection should be in your plans

960 640 Guest Post

By Atech Cloud

The changed world we’ve found ourselves living in since the global pandemic struck in 2020 has been particularly helpful to cybercriminals. Nothing illustrates this so well as the SolarWinds hack, described by Microsoft president Brad Smith as the most sophisticated cyberattack of all time, the reverberations of which have been felt throughout 2021.

Homeworking, the ongoing digitalisation of society, and the increasingly online nature of our lives mean opportunities are about for phishers, hackers, scammers, and extortionists. As we head into 2022, there is, unfortunately, no sign of this letting up. This is why it’s essential for individuals and organisations to be aware of the ever-growing avenues of attack as well as what can be done to mitigate the risks.

So let’s take a look at the most important and significant trends affecting our online security in the next year and beyond while throwing in some practical steps we recommend taking to avoid becoming victims:

AI-powered cybersecurity

Similar to the way in which it is used in financial services for fraud detection, artificial intelligence (AI) can counteract cybercrime by identifying patterns of behaviour that signify something out-of-the-ordinary may be taking place. Crucially, AI means this can be done in systems that need to cope with thousands of events taking place every second, which is typically where cybercriminals will try to strike.

A product we recommend and work with is the Azure Sentinel Solution for all cloud security needs.

To find out why cloud-native security operations is the hot button topic for this year and how to deliver it, read the rest of this article on our blog.

WEBINAR REWIND: The next generation of secure digital communications – Why now and why it matters

960 640 Stuart O'Brien

Don’t worry if you missed December’s fantastic Zivver webinarThe next generation of secure digital communications – Why now and why it matters – You can now watch the entire session again online!

Regulatory reforms, digital transformation, hybrid working… The business landscape continues to evolve and the need for secure and compliant digital communications solutions is higher than ever. The current state of communications security cannot keep pace.

By watching the webinar you’ll get practical insights from Zivver’s panel of industry leaders, security experts and end-users as they discuss the impact and value of a new generation of digital communications security. There’s discussion around how new solutions can empower secure work with maximum effectiveness and minimal disruption, as well as:

  • The evolution of 3rd generation secure digital communications: Why now and why it matters
  • Creating an empowering ‘secure-first’ lifestyle: How to enable employees to succeed through smart technology, while alleviating pressure and reducing the need for training

The panel also investigates Zivver’s perspective on this and how it is shaping our innovation today and in the future.

Panel participants include:

  • Stephen Khan: Global Head of Tech & Cyber Security Risk (former security exec HSBC)
  • Vinood Mangroelal: Executive Vice President, KPN Health
  • Brenno de Winter: Chief Security and Privacy Operations, Ministry of Health, Welfare and Sport Netherlands
  • Sarah Judge: Digital operational lead & CCIO, West Suffolk NHS Foundation Trust
  • Wouter Klinkhamer: CEO and Co-founder, Zivver
  • Robert Fleming: CMO, Zivver
  • Kelly Hall: VP, Corporate Communications & Campaigns, Zivver

What you’ll take away

Find out how your organization can embed security into everyday workflows to empower effective working, and gain actionable insights on how to enable people to secure their digital communications with minimal disruption.

Watch Again Now

Cybersecurity in 2022: A view from the experts

1024 682 Stuart O'Brien

There is no doubt that this year has been a year of disruption, change and opportunity within the cybersecurity industry. With 2022 on the horizon, find out what the experts have to say about the top trends impacting the industry now and what to look out for in the future…

Carlos Morales, VP Solutions, Neustar Security Solutions:

“Cybercrime has become a lucrative and mature market. We have witnessed the proliferation of extortion tactics and the huge disruption they can cause to both public and private interests. Meanwhile, criminal groups have openly collaborated with peers – aligning their strategies, picking targets, and agreeing on safe-havens. This sophistication, combined with a booming market, means that what were once individual criminal ‘groups’ and malicious actors are now fully-fledged criminal enterprises, providing as-a-service offerings and malware licenses to established customer bases and target markets.

“As a result, we will see stronger strains of existing well-known malware and refined attack strategies emerge, while targets become ever more ambitious. What’s (or rather, who’s) next? Public infrastructure and large, private businesses that provide vital services (like cloud providers or data centres) will likely remain at the top of the target list – with the risk of the potential knock-on effects making paying-up an enticing offer. Organisations really need to implement an ‘always on’ approach to network security to ensure fast and automated responses to attacks and they need to partner with security providers that continually evolve their defence capabilities.  These new best practices offer far, far more cost-effective in the long run and provide peace of mind for organisations.”

Jim Hietala, Vice President of Business Development and Security, The Open Group

“2021 saw the emergence of Zero Trust security architecture as the forward-looking security architecture, and as a consequence, we also saw vendors using and abusing Zero Trust in their messaging. In 2022, we expect to see Zero Trust move from concept to practical implementation, with the availability of more vendor-neutral industry standards and best practices, including reference models and architectures that will help end users to build viable, multi-vendor security architectures based on Zero Trust principles. Open standards will be key to this development.”

Stephan Jou, CTO Security Analytics, Interset at CyberRes, a Micro Focus Line of Business

“All indications are that AI technologies will be increasingly prevalent in cybersecurity. This includes everything from the increasing adoption of technologies like UEBA by enterprises, surveys that show investment in AI by SOC teams, and the adoption of ML and other AI methods by SIEM, IAM and other systems.

“However, the types of AI that will be adopted in 2022 will be focused on specific, battle-tested techniques such as statistical learning, anomaly detection, and (in a more limited capacity) NLP. Certain areas of AI research, such as large language models (like GPT-3), will not be heavily adopted in 2022 for cybersecurity. This is because there is not yet a good use case match within cybersecurity for those technologies, and also because the computationally expensive and non-transparent nature of these approaches do not lend themselves well to the SOC needs at present.”

Kai Waehner, Field CTO and Global Technology Advisor, Confluent

“Cyber threats are not new. However, our more and more connected world increases the risks. Successful ransomware attacks across the globe enforce enterprises to take action by implementing situational awareness and threat intelligence in real-time at scale to act proactively against cyberattacks.”

Fabien Rech, EMEA Vice President, McAfee Enterprise

“Our reliance on API-based services is rising, as they quickly become the foundations of most modern applications. This is only set to rise further in 2022, as global use of the internet, 5G, and connected devices continues to boom – this year alone, we saw a 57% increase in online activity.

“Often business-critical data and capabilities lie behind these APIs, and cybercriminals have been quick to take note of this and exploit the increase in API usage. However, attacks targeting APIs go undetected in many cases, as they are generally considered trusted paths and lack the same level of governance and security controls.

“It’s therefore critical that enterprises make API security a priority next year. Organisations must ensure they have visibility of all application usage across their systems, with the ability to look at consumed APIs. Adopting a Zero Trust mindset will support this. It allows enterprises to maintain control over access to the network and all its instances, including applications and APIs, and restrict them if necessary.

“Shoring up on API security is particularly crucial amidst the current supply chain crisis, as APIs are often used as an entry vector for wider supply chain attacks due to their interconnected nature. Next year, supply chains will continue to be a prime target for hackers, and so enterprises should look one step ahead and use threat intelligence solutions to predict and prevent API attacks before they take place.”

Rory Duncan, Security Go To Market Leader UK at NTT

“This year, as we’ve started to recover from the pandemic, demonstrating effective cyber-resilience has become more crucial than ever. This will continue to be a priority for organisations as we move into 2022, as the shift towards permanent hybrid working models for many enterprises will put continued pressure on their ability to detect threats. It’s essential that businesses leaders prioritise security, especially as the trusted perimeter expands to encompass remote users.

“As businesses consider their 2022 hybrid workplace strategies, they need to revisit and re-evaluate security from the ground up and assess where they may have unwittingly created gaps in their security armour. 80.7% of IT leaders have said it’s more difficult to spot IT security or business risk when employees are working remotely, so ensuring visibility by developing a multi-pronged approach to re-imagining enterprise security will be fundamental in 2022.

“The ability to respond quickly and effectively across the distributed IT environment will be paramount next year. The number of cyber-attacks in the headlines is only rising and it’s no longer a case of “if” but “when” an attack will occur. Ultimately, your business will be more exposed if it doesn’t have the right security measures and response capability in place.”

Pritesh Parekh, VP of Engineering and Chief Trust & Security Officer at Delphix

“With intense scrutiny on how businesses prepare for and respond to breaches next year, it’s clear that security and compliance concerns will be the key determinant for any interactions with third parties – whether customers, partners, or vendors. Following the pandemic, digital guides every third party interaction – potentially exposing data as soon it moves outside of the business’s digital walls. Endpoints have become beyond critical when it comes to securing data, but you can’t always control your endpoints if they exist within another organization, right? The answer is, you must, meaning that technology vendors who don’t rise to the occasion and implement the same standards as their enterprise customers will lose business, big time.”

Keith Glancey, Director of Technology Western Europe, Infoblox

“Cybercrime is getting organised. Gone are the days of lone hackers operating from back bedrooms. Cybercriminals are banding together to form businesses, using the dark web to recruit new “talent” and advertise “jobs” they’re looking to fulfil. With bigger businesses behind attacks, the stakes are significantly higher for organisations under fire. It’s not just businesses, either – we’re seeing an increasing number of nation state-led attacks from major players like Russia, China and the US. Their target? Personal data.”

“This systematic approach to cybercrime is a continuation of a broader trend towards “as-a-service” business models. Cybercrime-as-a-Service (CaaS) brings together malware developers, hackers, and other threat actors selling out or loaning their hacking tools and services to people on the dark web. Ultimately, CaaS makes these tools and services accessible to anyone who wants to launch a cyberattack, even those without the technical knowledge to do so.”

Forrester Consulting research shows Human Layer Security is the solution security leaders have been looking for

960 640 Stuart O'Brien

A commissioned study conducted by Forrester Consulting on behalf of Tessian  shows that Security and Risk leaders feel little control over risks posed by employees.

On the other hand, organisations that deploy Human Layer Security technology feel more prepared to face email security threats and data breaches, demonstrating a higher level of security maturity.

Key insights from the study include:

  • Nearly 40% of organisations report 10+ employee-related email security incidents per month
  • 61% of our survey respondents think an employee will cause their next data breach
  • Over 75% of  firms report that 20% or more email security incidents get past their existing security controls
  • One-third say they lack visibility into threats and risky behaviours
  • Organisations spend up to 600 hours per month resolving employee-related email security incidents
  • 42% of security and risk leaders are looking to improve their email security postures

Read the complimentary Forrester Consulting study to understand why Human Layer Security solutions are necessary to achieve the full value of your existing security tech stacks in a way that empowers employees while achieving maximum protection.

WHAT IS HUMAN LAYER SECURITY? 

Human Layer Security (HLS) automatically detects and prevents threats by understanding human communication patterns and behaviour, building a unique security identity for each and every employee, and continuously improving their security reflexes over time.

Security and risk leaders who take a Human Layer believe their email security posture is extremely effective at alerting the organisation to potential attacks/threats from users’ risky behaviours or poor security decisions. Meanwhile, those who don’t take a Human Layer approach feel less control over business disruptions.

Want to learn more about the impact of Human Layer Security? Download the full study.

You can also book a demo to see Tessian’s Human Layer Security platform in action.

Encouraging more females to forge careers in cybersecurity

960 640 Stuart O'Brien

As a result of the ongoing pandemic, the cybersecurity industry has continued to accelerate, and has no indication of slowing down anytime soon. With new and innovative methods of hacking affecting businesses of all kinds, the number of cyber attacks is also increasing. A report by DCMS showed that the UK’s cyber security industry is now worth an estimated £8.3 billion – but why do we still see a lack of female representatives for an industry so high in demand?

The industry predominantly remains male-dominated, and this lack of diversity, in turn, means less available talent to help keep up with the rise in mounting cyber threats. Women currently represent about 20% of people working in the field of cybersecurity, says Gartner. Andrea Babbs, Head of Sales UK & Ireland at VIPRE Security, outlines how attracting and embracing more females, and providing equal opportunities within the workplace, is significant for the future of the cybersecurity industry…

Male Dominated Subjects

Even at the very beginning of a ‘tech’ based career pathway, a woman’s success is already limited. Females make up only 28% of the workforce in science, technology, engineering and math subjects (STEM), and are systematically tracked away from these subjects throughout their learning, and pushed towards written and creative arts, narrowing their training and potential positions to go into these fields later in life.

STEM subjects are traditionally considered as masculine by many. All too often, teachers and parents may steer girls away from pursuing such areas – with females making up just 26% of STEM graduates in 2019. Additionally, there is a need for more female STEM teachers, as young girls may feel that they cannot be what they can’t see. Because less women study and work in STEM, these fields tend to create exclusionary male-dominated cultures that are not inclusive of, or appealing to women.

Barriers into the cybersecurity industry already exist, such as often requiring a minimum of two years of experience for entry level positions. This proposes the question, how do you get those two years without being offered an opportunity to gain the necessary skills or lessons? This requirement leads to talented, tech-savvy young women entering non-tech sectors, further enhancing the pattern of fewer women in cyber security, as well as technology as a whole, even if they have trained in that subject.

Additionally, females who have been successful in entering the industry often receive different treatment compared to males who work in technology, and can occasionally be mistaken for having a less ‘dominant’ role. Another VIPRE colleague, Angela, who has been a Support Engineer at VIPRE for over ten years is still asked to put people through to an engineer on the phone – as it is perceived that as a woman, she can’t be one herself, despite having over a decade of experience. These stereotypes can therefore discourage young women from entering the field and diminish the accomplishments and self esteem of those already in it.

Obstacles and Challenges

From engineers to analysts, consultants and technologists, the roles are unlimited in cybersecurity. It is clear for women entering the industry that the profession is not limited to just one type of job, and requires a range of skill sets, most of which can now be done remotely – which has been heightened due to COVID-19.

However, research demonstrates that 66% of women reported that there is no path of progression for them in their career at their current tech companies, suggesting the very reason why women tend to end up in the more ‘customer facing’ roles, such as marketing, sales or customer support. How can females continue to advance once they have a foot in the door into more technical or product focused roles?

Despite girls outperforming boys across a range of STEM subjects, including maths and science, the presumption remains that women are not equipped to take on ‘complex’ tasks and roles. To support this, research reveals those who attend an ‘all-girls’ school and see their female peers also participating in technology subjects, therefore do not have lower-esteem when pursuing that industry, and are in a learning environment free from gender stereotyping, unconscious bias and social pressure. And even if a female is successful within these areas, we continue to see a lack of women represented in senior leadership roles on boards, as CEOs and in STEM careers. We need to dispel the myths that women cannot take on ‘tech-heavy’ jobs.

Maternity leave or taking a break to raise a family is another challenge women face later on in their career. Employers might question the gap in their CV when they eventually want to return to work after taking a break from such a demanding industry to start and raise a family. A recent study shows that three in five professional women return to lower paid or lower-skilled jobs following their career breaks. Additionally, the challenges faced by women returning to the workplace costs the UK an estimated £1.7 billion a year in lost economic output.

“It’s almost considered career suicide to leave,” explains the former senior director of the Anita Borg Institute for Women and Technology, Claudia Galvan. These women find it “almost impossible to go back to work, or if they do go back to work, they have to take totally different jobs from what their career was, a demotion, of course pay cuts — and that’s if they get the opportunity to get back into the workforce.”

Based on my personal experience at a previous employer, whilst it was agreed that I could work fewer days a week after returning from maternity leave, this arguably caused more problems. The ‘compromise’ that was reached was that I could work four days but I still needed to have the same target as people in the same position who worked five days a week. They also reduced my pay by 20% inline with the four day week, and actually created a more stressful environment as I found myself working longer hours over the four days.

Everyone is the target. So why not get everyone involved?

To ensure that women gain equal footing in stereotypically male-dominated industries, there is an often-overlooked factor – men need equality too. Businesses need to offer the same level of paternity leave and support to men as they do women when it comes to looking after a family. This then leads to the need for flexibility within working hours for school runs, for example, as it needs to be understood that men have children too, and women are not always the number one caregiver. For example, my husband received more questions about taking time off if our child was unwell than I ever did. He was constantly asked of my whereabouts as if it was my sole responsibility to look after our child, not both of us. Ultimately, the debate here is not just that there needs to be more women in cybersecurity and technology, but that workforces must have diversity within them.

Having a diverse workforce allows there to be a balance of input, more creativity, new perspectives and fresh ideas. From different learning paths, to ways of approaching problems, and bringing in wider viewpoints, women bring an array of different skills, attributes and experience to cybersecurity roles. Working in an industry like cybersecurity where everyone is impacted and everyone is a target – we need everyone to be involved in developing solutions which work to solve the problem. This is not just limited to gender, but also includes age, culture, race and religion. To truly mitigate the risk of cybercrime, we need a solution relevant to all the people impacted by the problem.

Taking Action

To begin with, whether this is from a younger age during school studies or university courses, offering varied entry pathways into the industry, or making it easier to return after a break, women must be encouraged into the field of cybersecurity. These hurdles into the sector have to be addressed.

Each business has a part to play when it comes to ensuring that their organisation meets the requirements of all of their employees. From remote or hybrid working, reduced hours or adequate maternity and paternity support, working hours should be more flexible to suit the needs of the employee.

A “return to work scheme” would greatly benefit women if companies were to implement them. This can help those who have had a break from the industry get back into work – and this doesn’t necessarily mean limiting them to roles such as customer support, sales and marketing. HR teams must also do better when it comes to job descriptions, ensuring they appeal to a wider audience, offer flexibility and that the recruitment pool is as diverse as can be.

Setting up the Cyber Security Skill strategy, the government has started taking action. Businesses themselves have also started to enforce programmes to support those with gaps in their CV’s and are eager to return to their careers, such as Ziff Davis’s Restart Programme. This programme is committed to those who have a gap in their experience and are keen to return to their careers, providing them with an employment opportunity which emphasises growth and training, helping professionals return to the workforce. When businesses step up and take matters into their own hands, it provides more available paths into the industry for everyone.

Creating a Gender-Balanced Cyber Workforce

The cybersecurity industry remains an attractive and lucrative career path, but more should be done to direct female students in the right way to pursue a job role within STEM and to support those who are returning to work.

There is more of a need than ever before for more diverse teams, as cybersecurity threats become more varied. Becoming part of a gender-balanced cyber workforce is an efficient way to avoid unconscious bias and build a range of solutions to complex problems.

Whilst the latest government initiatives and courses to attract diverse talent, and better the UK’s security and technology sectors is a great start, the only way to progress is more investment and emphasis on STEM as a career path. This will encourage both males and females, who are treated equally and can see themselves reflected in their senior management teams.

WEBINAR: The next generation of secure digital communications – Why now and why it matters

960 640 Guest Post

By Zivver

Regulatory reforms, digital transformation, hybrid working… The business landscape continues to evolve and the need for secure and compliant digital communications solutions is higher than ever. The current state of communications security cannot keep pace.

Join our webinar to get practical insights from our panel of industry leaders, security experts and end-users as they discuss the impact and value of a new generation of digital communications security. We’ll discuss how new solutions can empower secure work with maximum effectiveness and minimal disruption, as well as:

  • The evolution of 3rd generation secure digital communications: Why now and why it matters
  • Creating an empowering ‘secure-first’ lifestyle: How to enable employees to succeed through smart technology, while alleviating pressure and reducing the need for training

We will also investigate Zivver’s perspective on this and how it is shaping our innovation today and in the future.

What you’ll take away

Find out how your organization can embed security into everyday workflows to empower effective working, and gain actionable insights on how to enable people to secure their digital communications with minimal disruption.

When? Thursday 9th December, 10am GMT / 11am CET

Register here: https://bit.ly/3o3U7nM

INDUSTRY SPOTLIGHT: HANDD Business Solutions

960 640 Stuart O'Brien

HANDD Business Solutions (HANDD) are a data-centric cyber security service partner providing software sales, delivery, and support to organisations across the globe. Operating in the IT security channel market for 15 years, HANDD concentrate solely on data security rather than the wider security challenges organisations face.

Every platform inside the HANDD product portfolio is designed to keep your organisations information secure regardless of which stage of the data lifecycle it may be.

HANDD have chosen a suite of solutions which help secure data from its initial creation, whilst at rest, during transit and whilst it’s being used by your organisation. To accomplish this in conjunction with the HANDD ethos of Discover, Classify, Protect, we offer services to cover a lot of the challenges experienced by privacy and IT personnel.

Platforms such as data discovery to understand where sensitive information or data subject to regulatory compliance might exist, both on premise and in cloud environments, as well as structured and unstructured formats. This also extends to remediating the inevitable issues exposed once this data is identified.

Applying persistent classification markings to identify data rapidly, benefiting downstream and upstream systems in quicker decision making.

A raft of protection platforms to ensure data is used safely and not lost through insider threat, accidental data loss or malicious actors on the outside. Understanding where employees meet data, what levels of access are required to do their jobs and to notify when people or processes start to use that data differently to the norm.

There’s always plenty of choice when it comes to who to turn to in data security. Hundreds of vendors and resellers all vying for your business. What sets HANDD apart is their dedication to data security. We’re not interested in selling endpoint security or firewalls, we hand pick the best of breed vendors we work with and ensure the highest standards of cutting-edge technology is delivered.

HANDD are truly customer focused, compared to a vendor whose sole objective is to secure you business for their offering, HANDD offer independent advice and above and beyond services both pre and post-sale. HANDD pride themselves on delivering the right software fit into your organisation, including integration with existing security stack.

By offering a vendor agnostic outlook, HANDD have vast experience when it comes to delivering data security projects to organisations in over 27 countries. Be that initial implementation, upgrades, bespoke configuration or migration from one tool to another.

If you’ve a data security or data privacy project, then consider reaching out to a HANDD data security specialist for advice www.handd.co.uk

How can businesses maintain IT security in a hybrid working model?

960 640 Guest Post

By Claire Price of QMS International, one of the UK’s leading ISO certification bodies

Businesses now have the green light to go back to work, but your organisation may not be returning to its old working practices. So, if a hybrid model is being adopted, what can you do to ensure that information stays secure?

The introduction of more widespread homeworking has certainly piled on the pressure for businesses’ IT security.

At the beginning of 2021, QMS International carried out a survey of businesses about their cyber security and 75.7% of the respondents reported that they now felt more open to attack. Another 10% reported that they had no confidence in fending one off.

And businesses have a right to be worried. According to analysis of reports made to the UK’s Information Commissioners Office (ICO) by CybSafe, the number of ransomware incidents in the first half of 2021 doubled compared to the number reported in the first half of 2020.

Malicious emails have also been redirected to attack those working from home. Data supplied by Darktrace to The Guardian revealed that the proportion of attacks targeting home workers rose from 12% of malicious email traffic before the first lockdown in March 2020 to more than 60% six weeks later. With homeworking becoming more of a permanent fixture in business models, this trend is likely to continue.

While hybrid working offers your team the best of both worlds when it comes to office and home working, it also leaves your business open to the unique risks associated with both, with the added bonus of those linked to transport and travel.

But this doesn’t mean you have to abandon this new way of working. With the right processes in place, you can ensure your information stays secure, no matter where your staff are based.

Carry out a risk assessment

First things first – you must carry out a risk assessment.

Knowing the precise risks your business faces is key to developing methods of removing or mitigating them, but assessments like this are often overlooked. In fact, QMS’ cyber report found that 30% of respondents admitted that no new information security risk assessments had been carried out, despite changes to working practices.

Discover the risks, analyse their likelihood, and then decide if and how they can be controlled. This will give you the grounding you need to build your wider hybrid IT strategy.

Train and test your team

With cyber-attacks on the rise and remote workers being more vulnerable, it’s crucial that your hybrid team know what to look for and, just as crucially, how to report anything suspicious. The best way to do this is through training, which can now be carried out very effectively via e-learning.

This training should cover common cyber-attacks – such as phishing emails – how to spot them, the fundamentals of social engineering, and how to report suspicious activity. Ideally, this training should be refreshed regularly as new cyber threats emerge. You may also like to include training on the safe use of video calls and how to ensure video cameras are switched off when not in use.

To ensure your team have absorbed what they’ve learnt, carry out penetration testing. This involves crafting fake phishing emails and sending them out to your employees. What they do will give you an idea of whether your training has been effective.

Address access

When your hybrid team aren’t in the workplace, they will need to access servers and files remotely. This will often be via a VPN (Virtual Private Network), so you need to ensure that this is as secure as possible.

Remote workers will also be relying on their home Wi-Fi, but this may not be as secure as the Wi-Fi in your office. Your team should therefore be encouraged to create strong passwords – not the default ones on the base of the router.

Workers need to be cautioned against the use of free Wi-Fi hotspots too. It’s possible that your workers may want to use it to work on the train, for example, or in a coffee shop. However, public Wi-Fi is notoriously unsecure, and your workers should be cautioned against using it.

Think about physical protection

If your workers are going to be travelling between locations, then they are going to have to carry equipment such as laptops, phones and removable media with them. If something is lost or stolen, your business information could be compromised. Indeed, IBM’s Cost of a Data Breach report revealed that around 10% of malicious breaches are due to a physical security compromise.

A solid back-up protocol is key to ensuring that any lost information can be recovered. A robust password and access process are also musts – you may want to think about two-factor authentication to make logging in more secure. Make sure you also have a protocol in place so that if your team do report something as lost or stolen, you can act quickly.

When working remotely, you need to ensure that your staff keep their physical devices safe too. Equipment should be kept out of sight when not in use and papers stored away. If your workers are printing content, you may also need a safe disposal or destruction policy in place.

To prevent prying eyes seeing something they shouldn’t, workers should lock their screens when away from their workspace, whether they’re in the office or at home. And if any of your team do want to work while in public, they should be cautioned about the kind of work they perform – who knows who’s sitting next to you?

Create a culture of security

If you really want to take information security to the next level, you may want to consider a more wide-reaching measure such as ISO 27001.

ISO 27001 is the international Standard for information security management, and it is designed to help organisations integrate information security into every aspect of business.

Its 114 controls tackle every angle of security, including physical, legal, digital and human, bringing them together to enable you to maintain compliance and showcase to employees, customers and stakeholders that you have the processes in place to protect information from theft and corruption.

Going forward, it could give you the framework you need to adapt your practices to suit your new hybrid working model and any changes in the future.

Best city for cyber security jobs? Washington DC

960 640 Stuart O'Brien

Washington D.C, US has been named the best city for cybersecurity jobs thanks to its many job opportunities and high average salary, while London only ranks in 8th.

That’s according to research conducted by Techshielde, which analysed several metrics including average salary, job availability and cost of living to find the best place to live for cybersecurity experts as well as the most in-demand skills to learn in 2021

Other key findings include:-

  • Singapore has the highest job availability for cybersecurity professional

  • Cybersecurity experts in Luxembourg earn the highest salaries

  • Networking, threats intelligence and compliance have all been named as the most in-demand skills

You can view the full graphic here.

The ten best cities for a cybersecurity job

Rank

City

Job availability score

Average salary (£)

Cost of living

Overall Score

1

United States, Washington D.C.

7.17

£84,628.38

£2,810.69

17.58

2

Singapore, Singapore

10.00

£55,576.66

£3,267.02

16.44

3

Germany, Berlin

3.18

£70,141.64

£1,923.93

15.41

4

Luxembourg, Luxembourg

1.58

£110,768.11

£2,562.39

14.99

5

Belgium, Brussels

1.96

£75,563.59

£1,886.05

14.77

6

Canada, Ottawa

2.21

£70,060.75

£1,969.87

14.29

7

Austria, Vienna

1.59

£72,339.79

£1,857.68

14.23

8

England, London

5.30

£74,416.00

£3,004.36

14.20

9

Saudi Arabia, Riyadh

1.18

£43,280.91

£1,211.49

13.63

10

Japan, Tokyo

1.14

£84,915.14

£2,219.01

13.59

It may not come as a surprise that Washington D.C sits at the top of the ranking — the capital is the headquarters of government agencies that employ many cybersecurity professionals.

Scoring a total score of 17.58, the city ranks second for job availability for those looking to work in the cybersecurity sector, balanced with the high average salary of £84,628 this city is a great contender for those looking to work in the industry.

Singapore comes in second place. The southeastern Asia city has the highest job availability out of all the cities examined. However, the average salary of £55,577 and the high cost of living of £3,267 brings it down.

London only ranks 8th, losing points because of its lower salary compared to other cities and the high cost of living, the city fails to make the top 5.

Singapore has the most cybersecurity jobs available

Recent graduates and any job seekers looking for a new role can increase their chances of getting hired by looking for cities with the largest number of job openings.

Techshielder analysed the amount of cybersecurity-related jobs available on Indeed and Glassdoor to reveal the cities with the most cybersecurity jobs.

Singapore comes in first place with a job availability of 10, this is followed by Washington D.C and London rounds of the top three (7.17 and 5.30 job availability scores respectively).

At the other end of the scale, we have Islamabad in Pakistan, where the research found there is very limited opportunity for those in the field. Scoring a job availability score of just 1.01 this city has the fewest number of jobs available for cybersecurity professionals.

Cybersecurity experts in Luxembourg earn the highest salaries

Cybersecurity is a booming field with the potential to grow immensely. Although there are many positions to choose from within the industry, most if not all are well paid due to their importance in our society.

If you are interested in joining the field, you may want to narrow your choices by top-paying jobs.

To get the most bang for your buck, it is also important to consider the cost of living. Any salary increase can be swiftly consumed by the differences in the cost of living.

Knowing the true value of a salary in different locations is just as crucial as knowing the pay.

Rank

City

Average Salary

Cost of Living

1

Luxembourg, Luxembourg

£110,768.11

£2,562.39

2

Copenhagen, Denmark

£86,337.17

£2,665.18

3

Tokyo, Japan

£84,915.14

£2,219.01

4

Bern, Switzerland

£84,653.91

£2,761.52

5

Washington D.C, USA

£84,628.38

£2,810.69

As the table shows, the city of Luxembourg has the highest average salary. While you can make a six-figure wage when working in this city, the high cost of living means that your money may not go as far as other cities.

At the end of the scale, sits Abuja in Nigeria. With a salary of just £1,758.30, this city has the lowest income for cybersecurity specialists.

The most in-demand skills to learn in 2021

Whilst there is a high demand for jobs, you can’t start a career within the cybersecurity sector without the right expertise. There are certain skills you’ll need to thrive in the field.

Finding a proficient applicant to fill one of the many available jobs during a skill shortage is one of the hardest challenges for HR personnel.

  1. Network: One of the most in-demand skills and maybe one of the most important one for anyone in cybersecurity is networking. Understanding how networks work allows you to get a better comprehension of how many things work behind the scene.

  1. Threats: Threat intelligence ranks as the second most in-demand skill in 2021. Being able to evaluate threats and prevent or mitigate cyberattacks is a highly sorted after skill.

  1. Compliance: From the European Union’s GDPR to the California Consumer Privacy Act, companies need employees who can assess the risk and understand the paperwork and the security protocols are needed to keep personal data safe.

  1. Cloud: More companies are moving to cloud infrastructure and therefore the need for cloud-savvy professional are on the rise. These experts need to be able to arrange, organise and monitor a virtualised environment such as SaaS, PaaS or IaaS so that they can protect data from being deleted, leaked or even stolen.

The economy runs on trust – The Synack 2021 Trust Report

960 640 Stuart O'Brien

By Jennifer Bennett, Synack

The Synack 2021 Trust Report 

The pandemic has accelerated initiatives to digitally transform operations, and drove efforts to implement Zero Trust security for remote workforces. Reinforcing cyber resilience continues to be top of mind in organizations, firms, and societies, and goes hand in hand with trust.

The 2021 Trust Report is Synack’s essential guide for CISOs, CIOs, security practitioners, C-suite and board executives to understand how to measure security, determine risks and build trust with data and insights on the state of different industries and sectors of the economy.

In its fourth volume, the authoritative global report shares data from the most trusted brands based on thousands of security tests conducted by the world’s most skilled ethical hackers, The Synack Red Team (SRT). The report spotlights the different industries and sectors of the economy and reveals new insights into how critical organizations are prepared to fight ransomware and other digital threats and stay resilient.

Average Industry ARS rating by years
(As published in previous Trust Reports)

Industry 2019 2020 2021
Government 47 61 64
Healthcare 60 56 61
Financial Services 57 59 58
Technology 46 55 57
Ecommerce 48 47 57
Retail 45 46 55
SLED 46 50 49
Consulting/Business & IT Services 53 48 52
Manufacturing/Critical Infrastructure 70 45 50

ARS rating based on data from the Trust Report: 2019. Data through January 2019
ARS rating based on data from the Trust Report: 2020. Data through July 2020
ARS rating based on data from the Trust Report: 2021. Data through April 2021.

The report data is based on Synack’s patented Attacker Resistance Score (ARS)™ Rating and includes a macro industry comparison that demonstrates how the most trusted organizations use the ARS rating and how to use the rating to benchmark attacker resistance against other industries.

All too often, vulnerabilities leave organizations dangerously exposed. Last year, the US-CERT Vulnerability Database recorded nearly 17,500 vulnerabilities—a record number for the fourth year in a row. More than a third— 16%—of vulnerabilities found in 2020-April 2021 by the Synack Red Team (SRT), our global network of highly skilled and vetted security researchers were considered critical. Beyond that, the SRT saw a 14% increase over the past two years in authorization and permission vulnerabilities, which can give attackers access to the most sensitive networks and systems.

According to Synack’s CEO, Jay Kaplan: “We’re facing a global cybersecurity crisis. Some organizations are doing the right thing, creating effective defense strategies and being proactive. Others are simply checking boxes. But the nature of today’s threat requires an aggressive and assertive approach,” said Jay Kaplan, CEO and Co-Founder of Synack. “The Trust Report and the ARS are vital tools for understanding the gaps in any organization’s security plan, and can be used as a tool for CISOs and other security leaders to prioritize security efforts and focus on the most pressing threats and vulnerabilities first.”

The increased sophistication of today’s threats makes the CISO even more vital. On top of digital transformations, organizations faced punishing nation-state hacks with cyber attacks continuing to rise in 2021. Going forward, the role of the CISO and security teams will continue to evolve and expand. In fact, 55% of enterprise executives plan to increase their cybersecurity budgets in 2021 and 51% are adding full-time cyber staff in 2021.

“Testing—when it comes to security, safety, and resilience—makes all the difference in the world,” wrote Ritesh Patel, Security Principal at bp, in the foreword to the 2021 Synack Trust Report. “Measurements such as the Attacker Resistance Score (ARS) keep us honest and informed. The ARS lets us constantly assess our performance and compare how we’re doing across sectors. It’s a strong indicator that bp is performing above industry average, which sends a clear and powerful message within the organization that security—and trust—are essential in everything we do at bp.”

Read on to learn how the most trusted brands in the world measure security and build trust while diving into the different industries and sectors of the economy.

Synack leads the industry in finding the most critical and dangerous vulnerabilities in customers’ digital assets and apps, giving them the insight necessary to prevent attacks as found in our report’s key findings.