Education Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

Education

AI: The only defence against rising cyberattacks in the education sector?

 960 640 Stuart O'Brien
By:
0
0

Scott Brooks, Technical Strategist at IT Support company Cheeky Munkey, provides expert insight on how the rise of AI is impacting cyberattacks on schools, and why AI might be the only way for schools and universities to defend themselves against more advanced attacks…

The UK’s education sector is significantly more vulnerable to cyberattacks than education sectors in other countries. In 2022, the UK’s education sector accounted for 16% of total victims on data leak sites, compared to 7% in the US and 4% in France1.

With 1,500 pupils returning to school today after an additional unplanned week off following the attack on Highgate Wood School, the need to consider how AI can be used to help protect schools against cyberattacks is more potent than ever.

Big businesses such as Google, Tesla and PayPal2 are using AI systems to improve their cybersecurity solutions.  At the same time, cybercriminals are able to use AI technology to create new cyberattack methods which are harder to defend against.

With this in mind, educational institutions must invest in learning about the new kinds of cyber threats they may face and AI cybersecurity systems. This article provides an overview of the new threats AI poses to schools and universities, as well as the reasons that educational institutions should invest in AI as a defensive system.

New AI threats to cybersecurity

Hackers using AI

It’s been found that AI is making cybercrime more accessible, with less skilled hackers using it to write scripts – enabling them to steal files3. It’s easy to see how AI can increase the number of hackers by eliminating the need for sophisticated cyber skills.

Hackers can also use machine learning to test the success of the malware they develop. Once a hacker has developed malware, they can model their attack methods to see what is detected by defences. Malware is then adapted to make it more effective, making it much harder for IT staff to catch and respond to threats.

False data can also be used to confuse AI systems. When companies use AI systems for cybersecurity, they learn from historical data to stop attacks. Cybercriminals create false positives, teaching cybersecurity AI models that these patterns and files are ‘safe’. Hackers can then exploit this to infiltrate school systems.

Imitation game

Cyber threats that would once have been categorised as ‘easy’ to repel are getting harder to defend against as AI is improving its ability to imitate humans. A key example of this is phishing emails. Bad grammar and spelling are usually telltale signs warning recipients not to click a link in an email. Attackers are now using chatbots to ensure their spelling and grammar are spot on, making it trickier for school staff to spot the red flags.

Cybersecurity skills gap

Currently, there’s a skills gap within the cybersecurity industry. It’s argued that not enough people have the skill level and knowledge required to develop and implement cybersecurity AI systems. This is because AI is developing at such a rapid pace that it’s hard for professionals to keep up4.

Hiring people with the specialised skills needed, as well as procuring the software and hardware required for AI security systems, can also be costly – especially for schools with already stretched budgets. This means that educational institutions are likely playing catch-up with hackers.

How can AI help improve cybersecurity?

Although AI can be used for ever-more sophisticated attacks, it can also be a powerful tool for improving cybersecurity.

Analysis

AI offers an improved level of cybersecurity, which can help reduce the likelihood of an attack on schools. By analysing existing security systems and identifying weak points, AI allows IT staff to make necessary changes.

Artificial intelligence systems learn to identify which patterns are normal for a network by using algorithms to assess network traffic. These systems can quickly spot when traffic is unusual and immediately alert security teams to any threats, allowing for rapid action.

In addition to preventing network attacks, AI can also be used to improve endpoint security. Devices such as laptops and smartphones are commonly targeted by hackers. To combat this threat, AI security solutions scan for malware within files – quarantining anything suspicious.

Advanced data processing

AI-based security solutions are continuously learning and can process huge volumes of data. This means that they can detect new threats and defend against them in real-time. By picking up on subtle patterns, these systems are able to detect threats that humans would likely miss. It also enables AI to keep up with ever-changing attacks better than traditional antivirus software, which relies on a database of known malware behaviours and cannot identify threats outside of that database.

The ability of AI systems to handle so much data also makes their implementation incredibly scalable. These systems can handle increasing volumes of data in cloud environments and Internet of Things devices and networks.

Working with humans

Since AI systems can automatically identify threats and communicate the severity and impact of an attack, they help cybersecurity teams to prioritise their work. This saves workers time and energy, allowing them to respond to more urgent security threats.

Task automation is another key benefit of AI for educational institutions. AI systems can automate tasks such as routine assessments of system vulnerabilities and patch management. This reduces the workload of external cybersecurity teams and allows for more efficient working, reducing costs for schools and universities. By automating these tasks, AI can alleviate the shortage of skilled workers, addressing the cyber skills gap5.

The rise of AI is understandably a cause of concern for educational institutions and teaching staff alike. Improved cyber threat capabilities mean that schools and universities need to be prepared for changing attacks. However, it’s clear that adopting AI systems is the best way for educational institutions to improve their own cybersecurity. By combining adept cybersecurity staff with artificial intelligence cybersecurity systems, educational institutions can stay ahead of new threats and improve the efficiency of their operations.

Schoolgirls encouraged to consider careers in cybersecurity by Aston University

 960 640 Stuart O'Brien
By:
0
0

One hundred female Year 8 student from Birmingham schools took part in an ‘explorer day’ organised by the Cyber Security Innovation (CSI) Centre at Aston Business School.

The Cyber girls event is part of the Cyber Kali project, for which a team of academics at Aston and Warwick Universities have been awarded funding by the UK National Cyber Security Centre (NCSC).

The CSI Centre at Aston University has a sustained record of engaging with schools in Birmingham through educational events in cybersecurity since the pandemic.

The event brought together role models from the industry and local government, including Vickie C (senior cyber consultant, CGI), Daljinder Mattu (senior policy advisor, Department for Science Information and Technology) and CyberWomen@Warwick representatives. UK Cyber Security Council CEO, Simon Hepburn, also shared his career journey into cyber security and the opportunities the sector offers.

Dr Anitha Chinnaswamy and Professor Vladlena Benson led the project from the CSI, which was funded by the NCSC’s Academic Centres of Excellence programme.

There were interactive workshops emphasising the importance of online safety, cyber-hacking, and how to protect oneself from online threats. The Gadget Guru Competition provided an avenue for the students to showcase their creativity and inventiveness. The day concluded with an award ceremony that recognised the competition winners for their exceptional efforts.

Dr Chinnaswamy said: “We would like to thank all who contributed to making ‘Cyber Kali Explorer Day’ a triumph, and we are confident that our efforts will bear fruit in the future.

“It is our responsibility to continue nurturing these bright young minds, providing them with the tools they need to succeed, and supporting them as they embark on their unique journeys.

“Our goal goes beyond this project, we work towards every opportunity inspire and empower the next generation of cybersecurity professionals, especially young women, to pursue their dreams and explore a field that has traditionally been male-dominated.

Professor Helen Higson also supported the event and said: “I am proud of the ongoing work of the CSI Centre, which continues to support the objectives of the National Cyber Strategy 2022.

“At Aston University, we recognise the importance of promoting diversity and inclusion, and equality, diversity and inclusion (EDI) is an integral part of our agenda.

Professor Zoe Radnor, Pro-Vice-Chancellor and Executive Dean of the College of Business and Social Sciences at Aston University, said: “Through our Cyber Security Innovation Centre and other initiatives, we aim to create opportunities for all individuals, regardless of their background or identity, to excel in the field of cybersecurity and contribute to building a safer and more secure digital world.”

50% of UK universities have reported data breaches in last 12 months

 960 640 Stuart O'Brien
By:
0
0

More than half of UK universities reported a data breach to the ICO in the last year, while 46% of all university staff received no security training and almost a quarter of institutions (24%) did not commission a penetration test from a third party. 

That’s according to research conducted by Redscan on the state of cyber security in the higher education sector, based on an analysis of Freedom of Information requests.

The National Cyber Security Centre (NCSC) itself says universities are targeted by criminals seeking financial gain, as well as by nation state attackers looking to steal intellectual property. The Redscan report underscores the degree to which universities are an attractive target. It also raises concerns that many may not be doing enough to defend against the latest threats, particularly at a time when institutions are embracing remote teaching en masse and conducting world-changing research in relation to COVID-19. 

Defending against an incessant stream of phishing attacks remains a challenge of all universities, says Redscan. Several institutions reported receiving millions of spam/phishing emails each year, with one reporting a high of 130 million. Phishing attempts were described as being “endless” and one university disclosed that attacks had increased by 50% since 2019. 

Other key findings from the report include:

  • 54% of universities reported a data breach to the ICO in the last 12 months
  • A quarter of universities haven’t commissioned a pen test from an external provider in the last year
  • 46% of all university staff in the UK received no security training in the last year. One top Russell Group university has trained only 12% of its staff
  • Universities spend an average of £7,529 per year on security training, with expenditure ranging from £0 to £49,000
  • Universities employ, on average, three qualified cyber security professionals
  • 51% of universities are proactive in providing security training and information to students
  • 12% of universities do not offer any kind of security guidance, support or training at all to students
  • 66 out of 134 universities have Cyber Essentials or Cyber Essential Plus certification

Redscan CTO, Mark Nicholls, said: “UK universities are among the most well-respected learning and research centres globally, yet our analysis highlights inconsistencies in the approach institutions are taking to protect their staff, students and intellectual property against the latest cyber threats. 

“The fact that such a large number of universities don’t deliver cyber security training to staff and students, nor commission independent penetration testing, is concerning. These are foundational elements of every security program and key to helping prevent data breaches. 

“Even at this time of intense budgetary pressure, institutions need to ensure that their cyber security teams receive the support they need to defend against sophisticated adversaries. Breaches have the potential to seriously impact organisations’ reputation and funding.” 

“The threat posed to universities by nation state attackers makes the need for improvements even more critical. The cost of failing to protect scientific research is immeasurable.” 

Research highlights cyber threat to schools

 960 640 Stuart O'Brien
By:
0
0

There have been 301 attacks against UK and US schools so far in 2019, compared to 124 in 2018 and 218 in 2017. 

That’s according to Barracuda analysis of data compiled by the K-12 Cybersecurity Resource Center (K-12 CRC), which has been tracking reported attacks against U.S. schools since 2016.

This only accounts for the reported cases, however, and Barracuda says it’s highly likely that additional cases exist that went either unreported or even undetected, especially as stealthier malware that seeks to steal information, participate in botnets, or mine cryptocurrency is on the rise.

The National Cyber Security Centre (NCSC) recently published a report compiling cybersecurity-related findings from 430 schools across the UK. It found that 83% had experienced at least one cybersecurity incident, even though 98% of the schools had antivirus solutions and 99% had some sort of firewall protection.

Using a single source of open threat intelligence data and a list of all known websites belonging to U.S. and UK schools, Barracuda researchers found 234 unique malware samples that attempted to connect to school domain names.

It also found 123 IPs associated with the same set of schools that had negative reputation, which could point to additional malicious activity, in addition to disrupting activity at the school due to emails and web pages being blocked.

Among the highlighted threats are:-

Cyberattacks Against Schools — The most common threats targeting schools are data breaches (31%), malware (23%), phishing (13%), network or school infrastructure hacks(10%), and denial-of-service attacks (4%), based analysis of the 708 incidents reported to the K-12 Cybersecurity Resource Center since 2016. The remainder of the incidents were made up of accidental disclosure of data (16%) and other incidents (3%). 

Barracuda says many school districts only have one or two IT personnel to service the district, let alone any dedicated cybersecurity staff. Plus, the steady increase in school-issued devices in recent years drastically expands the attack surface along with the number of systems that need to be secured. 

This, it says, makes schools largely a target of opportunity as well as subject to the massive campaigns spreading scams and malware indiscriminately. Lowered security postures due to budget constraints, combined with a large user base of minors who don’t have the critical-thinking skills to properly assess potential attacks, makes both types of attacks more effective, unfortunately.

How schools can protect against the threat

Barracuda says the only way for schools to truly protect against cyberattacks is a complete security portfolio including perimeter security, internal network security, incident response capabilities, and a knowledgeable security staff to configure these solutions and handle incidents:-

1. Perimeter security

Perimeter security generally consists of network firewalls, web filters, email protection, and application firewalls. While affordable and easy-to-configure solutions are available, obtaining the budget for a full security portfolio can prove difficult for many school districts, and without all areas covered, attack vectors will undoubtedly still exist. 

2. Internal network security

While internal security such as intrusion detection, data backup, and anti-malware solutions are important for catching any breaches in perimeter security, the additional risk of insider threats that schools face make these measures even more critical. While Windows Defender offers decent anti-malware protection these days, upgrading existing machines to Windows 10 to take advantage of this feature can be costly and is often overlooked by many organisations. Regardless of the software being used, though, keeping up with security patches is critical because it helps patch exploits that can potentially be leveraged by attackers. 

3. Incident response capabilities

In the event of an incident, intrusion detection and incident response solutions both assist in discovering incidents and helping security staff isolate and remediate them. Data backup as part of internal network security can also assist during an incident if data is corrupted, encrypted, or deleted.

4. Knowledgeable staff

Maintaining a capable IT security staff is challenging for many school districts because IT staffing needs often compete with other much needed positions, such as additional teachers to keep up with enrollment rates. Without this staff, though, it can be difficult to patch systems and respond to potential incidents or even properly configure security solutions to maximise their benefit. 

NCSC publishes university threat assessment

 960 640 Stuart O'Brien
By:
0
0

The threats facing the UK’ universities and the steps they can take to protect themselves have been outlined in a report from the National Cyber Security Centre (NCSC), a part of GCHQ.

The NCSC’s threat assessment aims to raise awareness of state-sponsored espionage targeting high-value research, as well as the risk of financial losses at the hands of cyber criminals.

While the NCSC has been working with the academic sector on an ongoing basis to improve security practices, this is the first threat assessment it has produced specifically for universities.

The assessment notes that while cyber criminals using methods such as phishing attacks and malware pose the most immediate, disruptive threat, the longer-term threat comes from nation states intent on stealing research for strategic gain.

To mitigate the risks, universities are encouraged to adopt security-conscious policies and access controls, as well as to ensure potentially sensitive or high-value research is separated rather than stored in one area.

Measures to support universities have been outlined in Trusted Research, from the Centre for the Protection of National Infrastructure (CPNI) and the NCSC, which offers accessible and actionable cyber security advice for university leaders, staff and researchers.

Sarah Lyons, Deputy Director for Economy and Society at the National Cyber Security Centre, said: “The UK’s universities are rightly celebrated for their thriving role in international research and innovation collaborations.

“The NCSC’s assessment helps universities better understand the cyber threats they may face as part of the global and open nature of research and what they can do about it using a Trusted Research approach.

“NCSC is working closely with the academic sector to ensure that, wherever the threat comes from, they are able to protect their research and their universities in cyberspace.”

The assessment found that the open and outward-looking nature of the universities sector, while allowing collaboration across international borders, also eases the task of a cyber attacker.

Among the examples highlighted in the assessment was an attack from last year attributed to Iranian actors in which they were able to steal the credentials of their victims after directing them to fake university websites.

The attack took place across 14 countries, including the UK, and many of the fake pages were linked to university library systems, indicating the actors’ appetite for this type of material.

The assessment also highlights the financial damage which can be caused by cyber attacks on UK universities, citing previous figures from UK Finance which estimated that UK university losses from cyber crime for the first half of 2018 were £145m. 

The threat assessment for universities can be read here.

Universities invited to apply for NCSC certification

 960 640 Stuart O'Brien
By:
0
0

Universities across the UK now have a further opportunity for their cyber-security related degrees to gain certification as part of the National Cyber Security Strategy.

After a rigorous process, the National Cyber Security Centre (NCSC) – a part of GCHQ – has already certified 23 Master’s degrees, three Integrated Master’s and three Bachelor’s degrees from 19 universities over the last four years.

With applications now open the NCSC is looking for fresh candidates to increase these figures, with degree apprenticeships now also eligible.

NCSC-certified degrees are designed to help universities attract high quality students from around the world, employers to recruit skilled staff and prospective students to make better informed choices when looking for a highly valued qualification.

The degree certification programme is part of a range of programmes which the NCSC and its government partners have initiated across UK academia designed to address the knowledge, skills and capability requirements for cyber security research and education.

The other programmes include Academic Centres of Excellence in Cyber Security Research (ACEs-CSR), Academic Research Institutes, and Centres for Doctoral Training in Cyber Security.

Chris Ensor, NCSC Deputy Director for Cyber Skills and Growth, said: “I’m really pleased that we’ve now launched a programme for certifying degree apprenticeships.  This will be a valuable addition to our certified undergraduate and postgraduate degree programmes.

“Degree Apprenticeships offer a flexible option for both students and employers, as we have seen from our own Degree Apprenticeship programme.

“I’m really looking forward to seeing some more successful applications, and strongly encourage any interested universities to get in touch and find out more.”

Universities Minister Chris Skidmore said: “The fast-paced world of technology is constantly evolving and it is vital that young people have the option to study high quality courses in cutting edge industries, such as cyber security.

“We want to maximise choice and flexibility for people wanting to study in higher education, whether that’s as part of a traditional course or a degree apprenticeship.

“Not only will these certified degrees provide a benchmark for future cyber security professionals, but also help to ensure they are ready for the world of work and prepare them for an exciting career.”

Institutions who are interested in applying for certification can find out further detail via https://www.ncsc.gov.uk/information/ncsc-degree-certification-call-new-applicants-0

40% of Americans would retrain with cybersecurity jobs in mind

 960 640 Stuart O'Brien
By:
0
0

A new survey shows that not only are the majority of Americans concerned about cybersecurity threats, but many are willing to consider returning to college to pursue a cybersecurity education – especially if their employer pays for it.

The State of the Cybersecurity Workforce and Higher Education survey, conducted through Engine Insight’s Online CARAVAN omnibus, asked US adults ages 18 and up for their opinions on and awareness of the cybersecurity field, as well as the role that higher education plays in it.

Of the 1,004 adults surveyed, 41 percent said they would probably or definitely consider returning to college to earn a certificate or degree to prepare for a cybersecurity job.

However, willingness rose to 72 percent if current employers were willing to pay for respondents’ education in preparation for an in-house cybersecurity job. Those respondents most willing to consider pursuing an employer-funded cyber education were between the ages of 35 and 44.

“These findings are great news for employers seeking to address the cyber skills gap within their organizations yet facing recruitment challenges,” said Melissa Marcello, associate vice president at Champlain College Online. “Our survey shows that employers have a ready and willing pool of future cyber experts within their current workforce, if they’re willing to provide the resources and support to upskill and train them.”

Other key findings from Champlain’s survey:

  • Overall, 88 percent of surveyed adults said they were very or somewhat concerned about cybersecurity threats impacting them personally, with older respondents showing greater concern than younger ones.  A full 50 percent of respondents ages 54 to 72 said they were “very concerned” about such threats.
  • 68 percent of respondents were confident in colleges and universities’ abilities to create solutions that address cyber threats-nearly as confident as they were in the private sector and significantly more confident than they were in the government.
  • When presented with various roles that colleges and universities could play in reducing cyber threats and improving information security, 90 percent of respondents felt that higher education institutions should ensure all college students-regardless of major-have a basic cybersecurity education.
  • Feeling that it was too late to consider a career change was the primary reason identified by respondents for not considering returning to college to prepare for a cybersecurity job. About one-fifth (22 percent) of respondents felt that way, including many younger respondents in prime career-changing years.
  • Women (13 percent) were significantly more likely than men (6 percent) to say they didn’t think they had what it takes to be successful in a technical field.
  • An overwhelming majority of respondents – 85 percent – believed that more should be done to encourage women to enter the cybersecurity field. Perhaps surprisingly, respondents age 65 or over were significantly more likely (94 percent) to feel this way than any other age group.

“Cybersecurity is crucial to so many industries that it’s vital for everyone, regardless of gender, age or career field, to have at least a baseline understanding of cyber principles,” said Kathleen Hyde, chair of cybersecurity programs at Champlain College Online. “For those seeking more, like career changers, nearly everyone is an ideal candidate for a cybersecurity degree or certificate program because of the vast landscape.”

Champlain College Online fielded its online cybersecurity survey from June 21-24, 2018, with a randomized, nationally representative sample of 1,004 U.S. adults ages 18 and above.

UK universities recognised for excellence in cyber security research

 960 640 Stuart O'Brien
By:
0
0

Three UK universities have been recognised as Academic Centres of Excellence in Cyber Security Research (ACE-CSR).

The National Cyber Security Centre (NCSC) and the Engineering and Physical Sciences Research Council (ESPRC) have identified the University of Kent, King’s College London, and Cardiff University as having first-rate research with scale and impact.

The universities will now join 14 other institutions in a scheme forming part of the Government’s National Cyber Security Strategy, which is making the UK the safest place to be online and helping to support the country’s thriving digital economy.

The universities will now have the opportunity to bid for funding to develop cutting-edge research in cyber security, including at Doctoral level, as well as attend annual conferences and workshops.

The scheme aims to create a better understanding of the strength of the UK’s academic capability in cyber security and identify areas where there are research opportunities or technical gaps. It makes collaboration between academia, business and government easier, and helps make sure cutting-edge research is turned into practical products and services. This includes developing tools to tackle mass marketing fraud online and better understand cyber criminals.

Minister for Digital Margot James said: “These universities are doing fantastic research in cyber security and they are rightly being recognised for their pioneering work. We have some of the best minds in the world working in the field and thanks to this scheme they can now help shape our National Cyber Security Strategy and develop the talent and services of tomorrow.”

Chris Ensor, Deputy Director for Cyber Security Skills and Growth at the NCSC, said: “The UK has world-class universities carrying out cutting edge research into all areas of cyber security. It’s fantastic to see three more universities recognised as Academic Centres of Excellence and I’m especially pleased that we now have centres in all home nations. The NCSC looks forward to collaborating with these institutions to make the UK the safest place to live and work online.”

Professor Pete Burnap, Professor of Data Science & Cybersecurity, and Director of the Airbus Centre of Excellence in Cybersecurity Analytics at Cardiff University said: “We are delighted to receive this recognition as it evidences our long track-record of research excellence in cyber security. Our core identity is the interdisciplinary fusion of artificial intelligence and cybersecurity, a concept we call Cyber Security Analytics. AI is at the heart of the UK government’s industrial strategy and our aim is to innovate with AI to improve automated cyber threat intelligence and support decision making and policy responses to make the UK more secure for individuals, business and the government. We are proud to be the first Welsh university to be recognised by NCSC for our cyber research capability, and we hope to build on the impressive expertise that already exists across the region between academia, government and business.”

Dr Jose M. Such, Director of the Centre, and Senior Lecturer in the Department of Informatics at King’s College London said: “We are thrilled to be recognised for the high-quality socio-technical cyber security research we conduct at King’s College London. This recognition acknowledges the critical and diverse mass of researchers working on this area at King’s from different but complementary angles and points of view. Our research focuses on three main research themes and their interrelationship: the use of AI for cyber security together with the cyber security of AI itself, the theoretical aspects of cyber security like verification and testing, and the socio-political and strategic aspects of cyber security.”

Shujun Li, Professor of Cyber Security and Director of the Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) at the University of Kent, said: “We are excited to be given the ACE-CSR status as an acknowledgement of the excellent research in cyber security at the University of Kent. Our research is truly interdisciplinary drawing on the expertise of colleagues from computer science and engineering as well as wider disciplines such as psychology, law, business and sociology. Our ambition is to have one of the largest and most productive cyber security research centres in the UK by 2022 as well as helping to grow the next-generation cyber security researchers.”

The ACE-CSR programme is supported by Government’s £1.9 billion National Cyber Security Strategy (NCSS) 2016-2021.

List of institutions that are recognised as Academic Centres of Excellence in Cyber Security Research are:

  • University of Birmingham
  • University of Bristol
  • University of Cambridge
  • Cardiff University
  • University of Edinburgh
  • University of Kent
  • Imperial College London
  • King’s College London
  • Lancaster University
  • Newcastle University
  • University of Oxford
  • Queen’s University Belfast
  • Royal Holloway, University of London
  • University of Southampton
  • University of Surrey
  • University of Warwick
    University College London
Security

GUEST BLOG: The WannaCry fallout – It’s not just hospitals looking for extra protection

 960 640 Stuart O'Brien
By:
0
0

By Claire Stead, Online Safety Expert at Smoothwall

It is without doubt that the international uproar and magnitude of the WannaCry cyber-attack on the NHS has left many organisations on edge. Unfortunately, this is the digital world organisations now live in, with cyber-crime now accounting for 50% of all UK crime. Not only that, but ransomware attacks have risen by 600% from 2015 to 2016, highlighting how much more serious ransomware and other cyber-attacks are becoming.

It seems that the NHS’s cyber-attack has been a wake-up call for organisations, as we at Smoothwall have seen a notable increase in the number of inbound requests from organisations not in healthcare, but in business and education looking to shore up their security offerings. What’s clear, is that this has been a wake-up call for each and every industry sector, whose fingers have just got that little bit closer to the panic button.

All organisations, no matter how large or small, public or private sector, need to realise that they have a target on their backs and make cyber security a top priority. They need to have both the cyber security tools and processes in place, as well as an on board workforce to ensure their cyber security is as tight as possible.

All members of an organisation need to be educated to understand the importance and risks around cyber security, and the appropriate processes to follow to keep hackers out, and data safe and secure. This goes throughout the organisation from the c-suite to the rest of the workforce. It is common knowledge that human error accounts for the majority of cyber security incidents with many businesses not investing in the training of their staff to ensure they can detect against malicious email, web pages or links. Organisations need to instil a cyber security mantra within its employees, so that they do not become the weak link in the cyber security chain.

Our approach is simple and is summed up using our 4Ps:

Perception – the security mindset must now be shifted to a ‘security first’ policy. Businesses, schools and hospitals now have to put security at the forefront of all their policies as the risk of an attack grows year by year.

Policy – whether in a school or a business, pupils/staff need educating about the risks of their actions and know the security measures in place to mitigate those risks. This could be anything as simple as regularly updating complicated passwords to recognising ‘phishing’ emails.

Protection – a layered security programme, creating a brick wall of security that can verify the organisation is constantly protected.

Proactivity – it’s no good to have a security programme installed and to never think on it again. The landscape is developing at an incredible rate, and as a result, schools need to ensure that they are keeping up to date with the latest updates and improvements to ensure that they are protected as best they can be.

No cyber security programme is ever going to be 100% secure, but with the right measures and tools in place, with a fully compliant team on board, it will give organisations that much more of a fighting chance against the threats of cyber criminals.