Posts

Showing posts from October, 2019

10 Security Blunders that should stay in 2019

Cyber attacks are inevitable, regardless of the size of a business or the sector it operates in. Cyber criminals will try their luck with any business connected to the internet. But as Andy Pearch, Head of IA Services, CORVID explains, there are steps that businesses can take to keep them as safe as possible from danger. As we stand in the last quarter of 2019, it's time for businesses to address 10 common security mistakes. 1. Assuming a Cyberattack won’t happen Any business could be attacked. It’s important for businesses to prepare their IT estate for compromise, so in the event of an attack, they’re able to limit the damage that can be done to their operations, finances and reputation. There’s an assumption that cybersecurity is a problem to be dealt with by the IT department but in reality, every user is responsible. The more aware users are of the risks, the more resilient a business can become. 2. Poor Password Management Passwords aren’t going away any time soon, but ther...

Think before you Click

From regulatory compliance to safeguarding Intellectual Property (IP), companies are increasingly concerned about the risk of inadvertent data loss as a result of employee mistakes. And for good reason: with so much communication reliant upon email, human error is now the primary cause of data breaches. Indeed, growing numbers of organisations have introduced a ‘one strike’ policy; accidentally sending an email to the wrong person, or adding an incorrect attachment, has become a sackable offence. While understandable, to a degree, this is hardly a supportive strategy. Humans make mistakes – and stressed, tired employees will make even more mistakes. Adding the pressure of losing your job, is potentially counterproductive. Employees already spend almost two days of each working week reading, deleting, responding to and creating emails – what they need is a way to avoid mistakes, a chance to check before they send. Andrea Babbs, Head of Sales, VIPRE SafeSend, explains how a simple secon...

The Increasing UK Cyber Skills Gap

Image
As organisations throughout the UK embrace Cyber Security Awareness Month, Intelligencia Training looks at why businesses are continuing to battle an increasing cyber skills gap. Following an audit in 2018, the UK government recently announced plans to conduct its second audit into the state of the country’s cyber security workforce. The initial audit published last year found that more than half of UK businesses had a “basic technical cyber security skills gap”. These findings didn’t come as a surprise, as Intelligencia, whose qualifications consist of the UK’s highest levels of vocational training available in intelligence and the only cyber security awareness programme with an official UK Government regulated qualification attached, explain that many organisations are overlooking the key weakness in their security infrastructure; their staff. With IT infrastructure becoming more robust and cyber threats from social engineering and spear phishing increasing, cyber security...

Network Security Observability & Visibility: Why they are not the same

Image
Guest article by Sean Everson, Chief Technology Officer at Certes Networks In today’s increasingly complex cyber landscape, it is now more important than ever for organisations to be able to analyse contextual data in order to make informed decisions regarding their network security policy. This is not possible without network observability. Organisations can now see inside the whole network architecture to explore problems as they happen. Observability is a property of the network system and should not be confused with visibility which provides limited metrics for troubleshooting. With observability, organisations can make the whole state of the network observable and those limitations no longer exist. Observability provides the contextual data operators need to analyse and gain new and deeper insights into the network. This enables teams to proactively make more informed decisions to improve network performance and to strengthen their overall security posture because context is now...

NCSC Cyber Essentials Scheme to be Streamlined

Image
The UK  National Cyber Security Centre (NCSC )  CyberEssentials Scheme is to be streamlined from 1 st April 2020, with IASME  named as sole partner. It will become easier for UK businesses to protect themselves from the most common cyber-attacks as the UK government-backed cybersecurity scheme is streamlined. The Cyber Essentials Scheme is supported by the UK government to help businesses guard against the most common cyber threats. Over 30,000 UK businesses have gained Cyber Essentials certification since its launch in 2014 and this number is growing year on year. Naming IASME as the sole Cyber Essentials partner will streamline and grow the Scheme and ensure it keeps pace with the changing nature of the cybersecurity threat. Cyber Essentials Scheme launched in 2014 Since its launch in 2014 the Cyber Essentials Scheme has helped to protect over 30,000 UK businesses from the most common cyber-threats. NCSC and IASME are co...

UK Youngsters seeking to Win the European Cyber Security Challenge

Image
This October, ten of the UK’s sharpest young cybersecurity minds will head to Bucharest in Romania to compete against teams from 20 countries across Europe in this year’s European Cyber Security Challenge (ECSC) . Managed by Cyber Security Challenge UK and led by Team Captain Sophia McCall, the team has spent the summer training with NCC Group and honing their skills using Immersive Labs. Now, they’re ready to bring home gold. Sophia Mcall, UK Team Captain Established in 2009, 'Cyber Security Challenge UK' is a non-profit organisation backed by some of the UK’s leading public, private and academic bodies with a longstanding mission to encourage more cybersecurity talent into the pipeline.  Cyber Security Challenge UK selects, nurtures and mentors young talent to build the UK team, and strives to include individuals with diverse backgrounds and experiences. The team, from across the UK, has a strong mix of different cyber skills and brings a broad range of experiences...

Cyber Security Roundup for September 2019

Image
Anyone over the age of 40 in the UK will remember patiently browsing for holidays bargains on their TV via Teletext. While the TV version of Teletext Holidays died out years ago due to the creation of the world-wide-web, Teletext Holidays, a  trading name of Truly Travel,  continued as an online and telephone travel agent business.  Verdict Media discovered an unsecured Amazon Web Services Service (Cloud Server) used by Teletext Holidays and was able to access 212,000   call centre audio recordings with their UK customers. The audio recordings were taken between 10th April and 10th August 2016 and were found in a data repository called 'speechanalytics'. Businesses neglecting to properly secure their cloud services is an evermore common culprit behind mass data breaches of late. Utilising cloud-based IT systems does not absolve businesses of their IT security responsibilities at their cloud service provider.  Booking Holidays on Ceefax in the 1980s W...