Views
8 months ago

CSLATEST

cyber security David

cyber security David Navin, Smoothwall: sees the launch as a positive stepping stone in instilling a vital cyber secure mindset. Stuart Clarke, Nuix: need to harness the myriad skills we have at our disposal, cybersecurity rookies and veterans alike. that offer a range of approved apps that are required by the business, that employees can be allowed to use safely. This enables the employer to offer autonomy and flexibility to suit their communication needs, but also ensures the network remains protected by being administrated through a secure system," he stresses. STEPPING STONE David Navin, head of corporate at Smoothwall, sees the launch as a "positive stepping stone in instilling the vital cyber secure mindset that UK businesses require to keep their own data, and that of their customers, secure and help the UK defend against the ongoing battle that is cybercrime. "The fact that the UK is facing about 60 serious cyber attacks per month is hugely concerning and reiterates how crucial it is that the UK tackles the problem and gives its businesses the support and guidance they need. But the NCSC can only do so much. Businesses must also take responsibility and ensure that they are complying with regulation and build a layered security defence that spans encryption, firewalls, web filtering and ongoing threat monitoring, as well as a proactive stance. Cyber security is an educational issue within businesses and needs to be given its high level of importance across the board, from the C-Suite through to all its employees." Stuart Davis, director at Mandiant, FireEye, points to how NCSC's chief executive Ciaran Martin had revealed recently that the centre had already blocked 34,550 "potential attacks" on government departments and members of the public in the past six months. "This won't be unexpected by those in the security industry," says David. "In fact, I'm surprised the number isn't higher. Online crime now constitutes half of all crime in the UK and the attacks are increasingly sophisticated. "There are several reasons why this activity is on the rise. One is the cross-jurisdictional issues that make cybercrime difficult to investigate and prosecute, meaning that criminals view these activities as lower risk opportunities. It is also increasingly challenging, without the wealth of intelligence available to FireEye or a government organisation, to properly attribute the attacks. We see many that appear to be targeting sensitive material and nation state actors who are seemingly conducting destructive attacks or financially motivated crime. "We have seen increasingly 'noisy' attacks becoming commonplace, such as SHAMOON in the Middle East, and the widespread ransom attacksn which are now prevalent in many sectors. Attackers are able to quickly repackage and bypass traditional A/V control to launch a new wave without detection. Interestingly, we have also noted in a number of our investigations that Nation State actors are becoming more bold. Historically, some countries that previously remained like shadows in networks have become more brazen and are perhaps using these attacks to send political messages." STRONG COMMITMENT Finally, Stuart Clarke, chief technology officer, Cyber Security, Nuix, believes that the NCSC represents a strong commitment to the UK's national cybersecurity strategy. "The government plans to invest £1.9 billion in cybersecurity over the next five years and, inevitably, part of that will be spent on talent and training," he states. "The broader question that needs to be answered is around how we can engage younger generations and generate interest among them to get involved in all things cybersecurity. Apprenticeships would be the first step the industry could take to attract fresh talent to the world of cyber. But we also need to harness the myriad skills we have at our disposal, cybersecurity rookies and veterans alike, to facilitate the development of rich intelligence repositories, make data more accessible and support collaboration to empower practitioners of all skill levels." 24 computing security March/April 2017 @CSMagAndAwards www.computingsecurity.co.uk