Info Security

Subscribe to Info Security  feed
Updated: 2 hours 3 min ago

HiddenMiner Stealthily Drains Androids for Monero Mining

Wed, 03/28/2018 - 18:39
HiddenMiner Stealthily Drains Androids for Monero Mining

New Android malware that stealthily mines the Monero cryptocurrency is posing as a legitimate Google Play update app (complete with Google Play’s icon), so far affecting users in India and China where third-party app stores are more popular.

According to Trend Micro researchers, the malware is being used in a notably successful and active campaign; in one case, operators withdrew over $5,000 worth of Monero from one wallet.

Dubbed HiddenMiner, it lives up to its name by using various obfuscation techniques, including anti-emulator capabilities, to evade detection and automated analysis. It also hides from the victim by emptying the app label, using a transparent icon and hiding the app from the app launcher.

The malware requires users to activate it as a device administrator; once downloaded it will persistently pop up until victims click the "Activate" button. Once granted permission, HiddenMiner will start mining Monero in the background and will automatically run with device administrator permission until the next device boot. There’s no switch, controller or optimizer in HiddenMiner’s code, which means it will continuously mine Monero until the device’s resources are exhausted, which will drain the battery and potentially cause a device to overheat.

The bad code is just the latest malware to hop on the Monero-mining bandwagon; Monero takes fewer resources to effectively mine than other forms of virtual currency.

“Indeed, HiddenMiner is yet another example of how cybercriminals are riding the cryptocurrency mining wave,” said the researchers in a blog. “For users and businesses, this reinforces the importance of practicing mobile security hygiene: download only from official app marketplaces, regularly update the device’s OS (or ask the original equipment manufacturer for their availability), and be more prudent with the permissions you grant to applications.”

Categories: Cyber Risk News

Facebook Expands Bug Bounty Amid Spiraling Privacy Scandal

Wed, 03/28/2018 - 18:36
Facebook Expands Bug Bounty Amid Spiraling Privacy Scandal

Amid a data privacy scandal that has blown up worldwide, Facebook has decided to make a few changes to “review developers' actions for evidence of misuse, implement additional measures to protect data, and give people more control of their information.”

For one, the social network is expanding its bug bounty program to reward people for reporting misuses of data by app developers. Details are as yet scant, but the change seems apropos given the revelations that Cambridge Analytica was able to scrape private user data on 50 million Americans using an internecine path around convoluted terms of service, Facebook login loopholes and an obsolete API that the platform made available up until 2014.

Facebook has also paused app review while it reviews its current situation and policies – again, likely a wise move given that the US's Federal Trade Commission has opened up a closed-door inquiry into the company’s privacy practices.

Other efforts to reduce the potential of future scandals include an in-depth investigation of all apps that had access to large amounts of information before Facebook changed its platform in 2014 to reduce data access and full audits of any apps with suspicious activity. The company will also inform users if an app is removed for data misuse of personally identifiable information and will ban the developer.

Additionally, Facebook said that developers that build applications for other businesses, that is, the Cambridge Analyticas of the world, “will need to comply with rigorous policies and terms,” which it promised to publish in the coming weeks.

“We know these changes are not easy, but we believe these updates will help mitigate any breach of trust with the broader developer ecosystem,” said Ime Archibong, vice president of platform partnerships at Facebook, in a blog.

Categories: Cyber Risk News

Legal Departments Struggle with GDPR Role

Wed, 03/28/2018 - 17:34
Legal Departments Struggle with GDPR Role

The General Data Protection Regulation (GDPR) is set to take effect on May 25, and research suggests that while businesses are busy scrambling to fill data protection officer (DPO) vacancies, other areas of the organization, especially the legal department, could be taken by surprise.

According to logistics firm BDO, about half (48%) of legal team respondents in a recent survey claim GDPR is not applicable to their organization. Given that any US or foreign company that deals with EU citizens’ personal data – the definitions of which are not entirely clear – will be subject to the GDPR’s stringent requirements, that perception is likely not in line with reality.

“It behooves every organization – whether they touch EU personal data or not – to regularly review how information is used and managed to maximize its value and minimize risk,” said Karen Schuler, BDO National Information Governance practice leader. “GDPR is just the catalyst for a higher standard of data privacy and protection to which every company should aspire.”

This confusion comes as digital assets increasingly become corporate counsels’ purview: Among respondents whose organizations have a defined information governance program, 42% of those programs are led by legal, surpassed only by the CIO (47%).

At the same time, legal officers’ cyber-responsibilities continue to expand: 73% of respondents believe their boards are more involved in cybersecurity than they were 12 months ago. About a third (34%) of the counsel surveyed say their organizations will increase cyber-investment by 10% or more in the next 12 months.

The survey also uncovered that, to keep pace with mounting digital risks, almost half (46%) of senior counsel plan to increase their investment in information governance in the next 12 months.  

“Ultimately, today’s corporate counsel must take a holistic view of their organization’s digital risk profile – assessing risk based on data flows, cross-functional interdependencies and global operations – and play a proactive, rather than reactive, role in risk-based strategic planning,” said Stephanie Giammarco, partner and BDO Technology & Business Transformation Services practice leader.

Categories: Cyber Risk News

Cybersecurity Awareness Doesn't Fuel Better Preparation: Report

Wed, 03/28/2018 - 13:05
Cybersecurity Awareness Doesn't Fuel Better Preparation: Report

New research from SolarWinds MSP has revealed that whilst awareness surrounding cyber-attacks is increasing it is not equating to better preparedness, with confusion about the risks posed and a lack of means to defend against them evident.

The 2017 Cyberattack Storm Aftermath study, commissioned with the Ponemon Institute, surveyed 200 senior-level execs in the US and US about emerging threats, specifically those propagated by the Vault 7 leaks and the WannaCry/NotPetya attacks fueled by the EternalBlue Shadow Brokers leak.

The results found that whilst the majority (69%) of respondents had a high awareness of both WannaCry and NotPetya threats, only 28% (WannaCry) and 29% (NotPetya) felt they would be able to prevent those attacks. What’s more, 44% of the respondents who were aware of the WannaCry patch failed to implement it, with that figure 55% for the NotPetya patch.

Speaking to Infosecurity Tim Brown, VP of security, said that the key to prevention is applying the appropriate patches, but too many businesses are failing to make that connection.

“That shows a lack of knowledge on what the action plan associated with a vulnerability should be,” he added. “People often don’t think of basic security hygiene as one of the most important things they need to do, but it really is – although it’s really not easy. Doing the basics well is not ‘sexy’ or ‘cool’, it’s a lot of hard work that needs to get done, but no technology is going to really save you from that hard work.”

Another significant finding from the report was that more than half of execs felt they did not have sufficient budget to prevent, detect and contain significant cybersecurity threats.

“Budget is always an issue, and basically your security budget always first goes towards meeting your regulatory requirements. How you move the needle towards more security is always a challenge. You have to be able to explain in more business terms the ‘what if’ scenarios.

To conclude Larry Ponemon, founder of the Ponemon Institute, said the lack of knowledge among senior-level security execs highlighted in the report is worrying.

“They know that attacks are on the increase, but many don’t know what they are and seem unable to effectively prevent them,” he added. “Better use needs to be made of the resources available, such as US CERT alerts, and the service providers that most businesses are using to outsource protection. Those providers also need to step up and provide education on where most attacks are coming from and how they can be prevented.”

Categories: Cyber Risk News

Twitter Bans Crypto-Currency Ads in Fraud Crack Down

Wed, 03/28/2018 - 10:50
Twitter Bans Crypto-Currency Ads in Fraud Crack Down

Twitter yesterday started banning all crypto-currency advertising in a bid to head off rising levels of fraud permeating the burgeoning industry.

A statement from the micro-blogging giant had the following:

"We have added a new policy for Twitter Ads relating to a cryptocurrency. Under this new policy, the advertisement of Initial Coin Offerings (ICOs) and token sales will be prohibited globally."

According to reports, the ban will also stretch to ads from crypto-currency exchanges and wallet services, unless they come from publicly listed companies.

The decision by Twitter follows similar moves by Facebook and Google and follows rising levels of fraud and cyber-risk as investors rush to cash in on the crypto-currency digital gold rush.

One industry expert welcomed the news. Alexey Burdyko, CEO of blockchain company Play2Live, claimed the long-term impact should benefit the nascent crypto-currency industry by protecting its user base.

“One of the goals of dropping the ads is to protect investors from fraudulent, scam projects looking to take advantage of investors. These scammers are damaging trust in new token sales – so should this goal be achieved, trust will be rebuilt over time, and future crypto-launches will reap the rewards,” he told Infosecurity

“The presence of scams in this space is beyond any doubt – they are out there, and they are finding ways of parting people from their money.”

An Ernst & Young report from January claimed that 10% of all ICO funds are stolen by hackers or fraudsters, amounting to almost $400m in losses thus far.

Phishing is particularly popular, with attackers scooping up to $1.5m per month by either tricking the recipient into making a fund transfer or handing over the private keys to their digital wallets.

Burdyko added that investors and ambitious start-ups will find a way around the social ads ban.

“The impact of the ban on crypto ads across social media may affect the level of engagement that new token-sale campaigns are receiving, as large-scale awareness will be harder to achieve,” he said.

“However, there are alternative means of promoting such projects, and those potential investors that are serious about backing new crypto-currencies will research and seek out the best new campaigns regardless of social media advertising.”

Categories: Cyber Risk News

UK Mobile Workers Exposed to Public Wi-Fi Risks

Wed, 03/28/2018 - 09:12
UK Mobile Workers Exposed to Public Wi-Fi Risks

More than half (57%) of global IT leaders believe their mobile workers have been hacked over the past 12 months, with public Wi-Fi hotspots the prime location, according to iPass.

The connectivity solutions provider polled CIO and IT decision makers from the UK, US, Germany and France to compile its iPass Mobile Security Report 2018.

Almost all respondents (94%) believe BYOD has introduced greater security risk to the organization, with 81% noting Wi-Fi security incidents over the past year – in locations like cafes (64%), airports (60%) and hotels (52%).

These unsecured hotspots represent a goldmine for hackers to launch covert man-in-the-middle and other attacks designed to spread malware and harvest user log-ins.

Many of these security holes will be plugged by the forthcoming WPA3 standard, which will support individual data encryption tunnels, but there are caveats, according to Raghu Konka, iPass VP of engineering.

“As with any new standard, it will take some time before WPA3 becomes mainstream,” he told Infosecurity.

“For starters, the onus will be on every hotspot owner to make sure access points are WPA3 compatible. Even now there is no guarantee that every hotspot is using the latest level of encryption and that is unlikely to change even with WPA3.”

VPNs are the only sure-fire way to stay secure whilst on public Wi-Fi, he claimed.

However, UK IT leaders were least confident (38%) that their mobile workers are using a VPN every time they go online.

Despite this, almost half (42%) of them claimed to have no plans to ban the use of free Wi-Fi hotspots by employees – much higher than their counterparts in the US (9%), Germany (10%) and France (12%).

“UK organizations seemingly have no problem embracing mobile working, but when it comes to implementing a corporate policy around it they seem to be more laissez-faire. With heightened mobile security risks, they need to do a better job of enforcing secure mobile working policies,” continued Konka. 

“Employees remain one of the biggest mobile security threats, so it is imperative organizations continually educate their mobile workforce about the dangers of free Wi-Fi, and encourage them to use measures such as corporate VPNs as second nature.”

Categories: Cyber Risk News

UK Police Secretly Hoover Up Users’ Smartphone Data

Wed, 03/28/2018 - 08:39
UK Police Secretly Hoover Up Users’ Smartphone Data

There have been calls for an immediate independent review after a new Privacy International investigation revealed that police are secretly extracting large volumes of highly sensitive data from UK users’ phones – even those not suspected of any crime.

The Digital Stop and Search report builds on previous research from the Bristol Cable in January last year detailing how law enforcers were investing hundreds of thousands intrusive UFEDs (Universal Forensic Extraction Devices) from the likes of notorious Israeli vendor Cellebrite.

Privacy International received FOI responses from 47 police forces and 26 of them (55%) admitted using the technology, with a further 17% trialing or planning to trial it. The data extraction has been going on in some form for over six years.

Such tools can find data even the user may not know they have on their device, including: emails, messages, GPS locations, call data, photos, contacts, calendar info, web browsing, social media accounts, online banking, health and fitness data, cloud storage and much more.

It is extracted from self-service kiosks at the police station, from frontline support service ‘hubs’ serving several forces, or via portable mobile phone extraction kits when out and about, the report revealed.

Privacy International’s concern is that data is often extracted without the user’s knowledge, stored insecurely and for an indefinite time, and taken not just from suspects but also victims and witnesses – even for investigations of low-level crimes.

There’s confusion among the police over the legal basis for this activity, stemming from a lack of national and local guidance, PI claimed.

This can lead to serious procedural failings. A 2015 report from the Police and Crime Commissioner (PCC) for North Yorkshire Police claimed that poor training led to practices which undermined prosecution of murder and sexual assault cases. It also found serious breaches of data security practices, including failure to encrypt citizens’ data and the loss of files.

Tottenham MP, David Lammy, claimed the lack of transparency around police use of these tools is a serious cause for concern.

“My review of our criminal justice system found that individuals from ethnic minority backgrounds still face bias in parts of our justice system, and it is only because we have transparency and data collection for everything from stop and search incidents to crown court sentencing decisions that these disparities are revealed and we are able to hold those in power to account,” he argued.

“Given the sensitive nature and wealth of information stored on our mobile phones there is significant risk of abuse and for conscious or unconscious bias to become a factor without independent scrutiny and in the absence of effective legal safeguards.”

PI solicitor, Millie Graham Wood, added that it’s highly disturbing the police have the power take such sensitive information in secret from a user without even needing a warrant.

“The police are continually failing to be transparent with the thousands of people whose phones they are secretly downloading data from,” she argued.

“An immediate independent review into this practice should be initiated by the Home Office and College of Policing, with widespread consultation with the public, to find the right balance of powers for the police and protections for the public. Let’s be clear: at the moment, the police have all the power and the public have no protections.”

Categories: Cyber Risk News

Cloud Security Concerns Surge

Tue, 03/27/2018 - 16:27
Cloud Security Concerns Surge

While adoption of cloud computing continues to surge, security concerns are showing no signs of abating. After several years of a downward trend, 90% of cybersecurity professionals confirm they are concerned about cloud security, up 11 percentage points from last year’s cloud security survey. The top cloud security challenges are protecting against data loss and leakage (67%), threats to data privacy (61%) and breaches of confidentiality (53%).

The 2018 Cloud Security Report from Crowd Research Partners, based on an online survey of cybersecurity professionals in the 400,000-member Information Security Community on LinkedIn, shows that a lack of qualified security staff and outdated security tools are significant obstacles to enabling a secure cloud posture at many enterprises. Only 16% of organizations report that the capabilities of traditional security tools are sufficient to manage security across the cloud, which is a 6% drop from 2017. A full 84% say traditional security solutions either don’t work at all in cloud environments or have only limited functionality.

Cybersecurity professionals are also struggling with visibility into cloud infrastructure security (43%), compliance (38%) and consistent security policies across cloud and on-premises environments (35%).

“While workloads continue to move into the cloud, the study reveals that cloud security concerns are on the rise again, reversing a multi-year trend,” said Holger Schulze, CEO of Cybersecurity Insiders and founder of the Information Security Community. “With half of organizations predicting a rise in cloud security budgets, protecting today’s cloud environments require more and better trained security professionals and innovative, cloud-native security solutions to address the concerns of unauthorized access, data and privacy loss, and compliance in the cloud.”

When it comes to the biggest perceived threats to cloud security, misconfiguration of cloud platforms jumped to the No. 1 spot in this year’s survey as the single biggest threat. This is followed by unauthorized access through misuse of employee credentials and improper access controls (55%), and insecure interfaces or APIs (50%).

On the defense side, for the second year in a row, training and certification of current IT staff (56%) ranks as the most popular path to meet evolving security needs. Fifty percent of respondents use their cloud provider’s security tools, and 35% deploy third-party security software to ensure the proper cloud security controls are implemented.

Meanwhile, encryption of data at rest (64%) and data in motion (54%) top the list of the most effective cloud security technologies, followed by security information and event management (SIEM) platforms (52%).

And finally, 49% of organizations expect cloud security budgets to increase, with a median increase of 22%.

Categories: Cyber Risk News

Bad Bots Make Up a Fifth of All Web Traffic

Tue, 03/27/2018 - 14:58
Bad Bots Make Up a Fifth of All Web Traffic

Bad bots are used by competitors, hackers and fraudsters and are the key culprits behind web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, spam, digital ad fraud and downtime. In 2017, bad bots accounted for 21.8% of all website traffic, a 9.5% increase over the previous year. Good bots increased by 8.7% to make up 20.4% of all website traffic.

According to Distil Networks’ fifth annual Bad Bot Report, which details the analysis of hundreds of billions of bad bot requests at the application layer, gambling companies and airlines suffer from higher proportions of bad bot traffic than other industries, with 53.1% and 43.9% of traffic coming from bad bots, respectively. E-commerce, healthcare and ticketing websites meanwhile suffer from highly sophisticated bots, which are difficult to detect.

A full 83.2% of bad bots report their user agent as web browsers Chrome, Firefox, Safari or Internet Explorer; 10.4% claim to come from mobile browsers such as Safari Mobile, Android or Opera.

Additionally, 82.7% of bad bot traffic emanated from data centers in 2017, compared to 60.1% in 2016. The availability and low cost of cloud computing explains the dominance of data center use.

“This year bots took over public conversation, as the FBI continues its investigation into Russia’s involvement in the 2016 US presidential election and new legislation made way for stricter regulations,” said Tiffany Olson Jones, CEO of Distil Networks. “Yet as awareness grows, bot traffic and sophistication continue to escalate at an alarming rate. Despite bad bot awareness being at an all-time high, this year’s Bad Bot Report illustrates that no industry is immune to automated threats and constant vigilance is required in order to thwart attacks of this kind.”

For the first time, Russia became the most blocked country, with one in five companies (20.7%) implementing country-specific IP block requests. Last year's leader, China, dropped down to sixth place with 8.3%.

In terms of tactics, the analysis found that account takeover attacks occur two to three times per month on the average website, but immediately following a breach, they are three times more frequent, as bot operators know that people reuse the same credentials across multiple websites.

About 74% of bad bot traffic is made up of moderate or sophisticated bots, which evade detection by distributing their attacks over multiple IP addresses or simulating human behavior such as mouse movements and mobile swipes.

Also, bots can be distributed on multiple hosts to perform automated distributed denial of service (DDoS) but can also be "low and slow," use browser automation or other evasion techniques to bypass existing web application security controls, such as IP blacklisting and rate limiting.

Categories: Cyber Risk News

Energy Sector ICS is the Most-Attacked Infrastructure

Tue, 03/27/2018 - 14:53
Energy Sector ICS is the Most-Attacked Infrastructure

In the second half of 2017, nearly 40% of all analyzed industrial control systems (ICS) in energy organizations were attacked by malware at least once – closely followed by 35% of engineering and ICS integration networks.

The cybersecurity of industrial facilities remains an issue that can lead to very serious consequences affecting industrial processes, as well as businesses losses. While analyzing the threat landscape in different industries, Kaspersky Lab ICS CERT recorded that nearly all industries regularly experience cyber-attacks on their ICS computers. However, energy and engineering were attacked more than others.

The report found that for all other industries (manufacturing, transportation, utilities, food and healthcare) the proportion of ICS computers attacked ranged from 26% to 30% on average. The vast majority of detected attacks were accidental hits.

The sector that demonstrated the most noticeable growth of ICS computers attacked during the second half of 2017 (compared to the first half of 2017) was construction, with 31% attacked. The relatively high percentage of attacked ICS computers in the construction industry compared to the first half of 2017 could indicate that these organizations are not necessarily mature enough to pay the required attention to the protection of industrial computers. Their computerized automation systems might be relatively new, and an industrial cybersecurity culture is still being developed in these organizations, Kaspersky noted.

“The results of our research into attacked ICS computers in various industries have surprised us, said Evgeny Goncharov, head of Kaspersky Lab ICS CERT. “For example, the high percentage of ICS computers attacked in power and energy companies demonstrated that the enterprises’ effort to ensure cybersecurity of their automation systems after some serious incidents in the industry is not enough, and there are multiple loopholes still there that cybercriminals can use.”

Meanwhile, the lowest percentage of ICS attacks – 15% – has been found in enterprises specializing in developing ICS software, meaning that their ICS research/development laboratories, testing platforms, demo stands and training environments are also being attacked by malicious software, although not as often as the ICS computers of industrial enterprises. Kaspersky Lab ICS CERT experts point to the significance of ICS vendors’ security, because the consequences of an attack spreading over the vendor’s partner ecosystem and customer base could be very dramatic.

Among the new trends of 2017, Kaspersky Lab ICS CERT researchers discovered a rise in mining attacks on ICS. This growth trend began in September 2017, along with an increase in the cryptocurrency market and miners in general.

“But in the case of industrial enterprises, this type of attack can pose a greater threat by creating a significant load on computers, and as a result, negatively affecting the operation of the enterprise’s ICS components and threatening their stability," the firm noted.

Overall, from February 2017 to January 2018, cryptocurrency mining programs attacked 3% of industrial automation system computers, in most cases accidentally.

Categories: Cyber Risk News

GDPR Spurs 700% Increase in Data Protection Vacancies

Tue, 03/27/2018 - 11:03
GDPR Spurs 700% Increase in Data Protection Vacancies

The number of vacancies for Data Protection Officers (DPOs) has surged by 709% since the rules of the General Data Protection Regulation (GDPR) were ratified nearly two years ago, according to Indeed.

The jobs site claimed in new figures that the nationwide recruitment drive has attracted the attention of job-seekers, with the number of candidates looking for such roles soaring 297% in the same period.

Appointing a Data Protection Officer is a key requirement of the new EU privacy laws and could result in a fine of up to 2% of global annual turnover or €10m, whichever is higher.

You will be required to appoint a DPO if you are a public authority, your core activities require “large scale, regular and systematic monitoring of individuals” or your core activities include “large scale processing of special categories of data or data relating to criminal convictions and offences.”

DPOs are essential to such organizations, responsible for monitoring internal compliance, advising on impact assessments and data protection obligations, and acting act as a contact point for data subjects and the supervisory authority.

As highly skilled independent experts in data protection, they command a significant salary, currently standing at an average of £47,483 – nearly double the average UK wage of £27,600, according to Indeed.

With the GDPR compliance deadline of May 25 fast-approaching, one company has launched a virtual DPO service designed to help organizations get in line before the cut-off date.

An outsourced team of cybersecurity and risk mitigation lawyers work alongside ThinkMarble’s in-house security analysts and incident responders to offer bespoke GDPR compliance services to firms.

Research from 2017 found that a fifth (22%) of organizations still hadn’t hired a DPO, and that more than half (52%) of these firms weren’t planning to until the second half of 2018 or beyond.

Information commissioner, Elizabeth Denham, claimed last year: “it’s scaremongering to suggest that we’ll be making early examples of organizations for minor infringements or that maximum fines will become the norm.”

However, the regulator is likely to take a dim view of organizations which haven’t taken the basic step of appointing a DPO before the May deadline.

Categories: Cyber Risk News

Iran Slams US Sanctions Following Cyber-Theft

Tue, 03/27/2018 - 09:27
Iran Slams US Sanctions Following Cyber-Theft

Iran has hit back at US sanctions levied in response to alleged attacks on hundreds of global universities and a media company for financial gain.

The Mabna Institute is said to have stolen 31TB of IP and other valuable data from over 300 educational institutions in the US, UK, Germany, Japan, Israel and elsewhere.

The US government claimed on Friday that the Iranian military effectively outsourced the hacking work to the Institute in order to help domestic universities and research organizations gain access to non-Iranian scientific resources.

“Iran is engaged in an ongoing campaign of malicious cyber activity against the United States and our allies. The IRGC outsourced cyber intrusions to The Mabna Institute, a hacker network that infiltrated hundreds of universities to steal sensitive data,” said US Treasury under secretary Sigal Mandelker.

The two founders of the Institute were among the 10 people indicted, meaning they could face extradition to the US if they travel outside of Iran and their assets are subject to seizure by the US authorities. The Institute itself was also placed under sanctions.

Tehran’s foreign ministry spokesperson, Bahram Quassemi, condemned the sanctions as provocative and illegal, according to the BBC.

“The US will definitely not benefit from the sanctions gimmick, aimed at stopping or preventing the scientific growth of the Iranian people” he said in a statement.

Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, claimed the naming and shaming of the individuals continues a trend of state-sponsored attack attribution.

“By applying sanctions quickly against the Iranian hacker network involved in this incident, the United States is signalling that any cyber-attack against the country will have consequences,” he added.

“It is another recent example of the US both calling out malicious state-sponsored cyber behavior and taking action against it. However, the sanctions applied by the US Treasury Department will have very limited effect on people without US-based assets or bank accounts.”

Categories: Cyber Risk News

UK Govt Aims to Export Country’s Cyber-Expertise Globally

Tue, 03/27/2018 - 08:44
UK Govt Aims to Export Country’s Cyber-Expertise Globally

The UK government is aiming to capitalize on the rise in online threats to sell the nation’s cybersecurity expertise worldwide, despite heavy criticism in the past for its own security failings.

Published on Monday, the Cyber Security Export Strategy aims to support the ongoing work of the 2016-21 National Cyber Security Strategy, which saw £1.9bn pounds of public spending committed to the sector.

The Department of International Trade (DIT) document sets out a plan to support UK companies bidding for contracts with overseas governments and CNI providers.

It also claims the DIT will “curate bespoke offers for the top buyers” in six sectors highlighted as those set to receive biggest investment in security over the coming years. It claims it will run trade missions and pitch UK companies to address identified capability gaps.

The third pillar of the DIT’s approach is to help improve global branding and marketing for UK cybersecurity companies, alongside new content on a site.

The new strategy seems to be aimed primarily at supporting SMEs which could otherwise struggle to make an impact on the global stage. It claims UK Export Finance is available for those in need of monetary support to export goods and services.

The new strategy could be seen as a response to Brexit, which experts have argued will have a hugely negative impact on the UK’s cybersecurity industry.

It’s already claimed that hiring of European practitioners is getting harder for UK firms, and there are question marks over information sharing and other region-wide agreements currently benefiting UK businesses, not to mention the tariff-free trade of the single market.

However, the sight of the government attempting to tout its expertise in cyber around the globe is somewhat ironic considering the parlous state of NHS cybersecurity. The health service was decimated by WannaCry ransomware last year, and in February, a committee reported that all 200 Trusts had failed basic security tests.

In February 2017, parliament slammed the government’s cybersecurity efforts as uncoordinated, inconsistent and failing the wider public sector outside Whitehall.

However, most experts cautiously welcomed the new DIT strategy.

“It’s great to see the government acknowledge the strength of the UK cybersecurity sector. Against a backdrop of ever-evolving threats, growing digital transformation and regulatory pressures, there has never been such global demand for effective cybersecurity products and services,” said RedScan CTO, Andy Kays.

Thales eSecurity EMEA VP, Peter Carlisle, added that the strategy demonstrates a clear government commitment to collaboration with the private sector.

“By not only honing our skills here in the UK, but by exporting our expertise overseas too, this will ensure that we ward off attacks from foreign actors whilst simultaneously strengthening our own capabilities,” he claimed.

Others were more sceptical.

“The Cyber Security Export Strategy sends out a message in no uncertain terms that security is and will remain top of the agenda. With heightening tensions between foreign nations and an increasing risk of threat actors sabotaging businesses, governments, hospitals and schools, the UK has an opportunity to lead by example and grow an already burgeoning sector,” said Smoothwall corporate security specialist, Rob Wilkinson.

“But it smacks, too, of a country trying to rebuild its reputation following major breaches including WannaCry in the NHS, Petya and businesses like Wonga. A lot of work has to be done to keep organizations safe in this country as well as countries abroad.”

Categories: Cyber Risk News