CS Jan Feb 2022

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

Cover Jan Feb 2022.qxd 10-Feb-22 10:39 AM Page 1



Secure systems, secure data, secure people, secure business








Celebrating 'Security Company of the Year' and 4 additional award

wins across the Group

Computing Security January/February 2022

Comment - PAGE 3 - PROOFED BW.qxd 10-Feb-22 10:16 AM Page 1




The first ever Government Cyber

Security Strategy was launched on

25 January, in a move to further

protect the public services people rely on.

As part of the initiative, a new Cyber

Coordination Centre is being established,

which will transform how data and cyber

intelligence is shared, it is stated. The

public will be able to contribute to this

effort by reporting cyber incidents or

weaknesses with digital services.

Why is this happening? Because,

according to government sources, the UK

is the third most targeted country in the

world in cyberspace from hostile states.

Indeed, Chancellor of the Duchy of

Lancaster Steve Barclay, unveiling the

strategy, warned that the cyber threat is

clear and growing. "But government is

acting - investing over £2billion in cyber,

retiring legacy IT systems and stepping up

our skills and coordination."

The message is that the new strategy defines how central government and the public sector will

continue to ensure that public services can function in the face of growing cyber threats. "It will

step up the country's cyber resilience by better sharing data, expertise and capabilities to allow

government to 'Defend As One', meaning that government cyber defence is far greater than the

sum of its parts," says government. It's a mighty challenge. Of the 777 incidents managed by the

National Cyber Security Centre between September 2020 and August 2021, around 40% were

aimed at the public sector.

This new action is very much a sign of the times - dealing with wave after wave of assaults from

a seemingly infinite number of sources. As for how successful the Cyber Security Strategy will be,

that is the unknown quantity. Is it even the best approach? Time will tell.

Brian Wall


Computing Security


EDITOR: Brian Wall





Edward O’Connor


+ 44 (0)1689 616 000

Lyndsey Camplin


+ 44 (0)7946 679 853

Stuart Leigh


+ 44 (0)1689 616 000

PUBLISHER: John Jageurs


Published by Barrow & Thompkins

Connexions Ltd (BTC)

35 Station Square,

Petts Wood, Kent, BR5 1LZ

Tel: +44 (0)1689 616 000

Fax: +44 (0)1689 82 66 22


UK: £35/year, £60/two years,

£80/three years;

Europe: £48/year, £85/two years,

£127/three years

R.O.W:£62/year, £115/two years,

£168/three years

Single copies can be bought for

£8.50 (includes postage & packaging).

Published 6 times a year.

© 2022 Barrow & Thompkins

Connexions Ltd. All rights reserved.

No part of the magazine may be

reproduced without prior consent,

in writing, from the publisher.

www.computingsecurity.co.uk Jan/Feb 2022 computing security



CONTENTS - FINAL APPROVED - PAGE 4 - 09-02-2022.qxd 10-Feb-22 10:18 AM Page 2

Secure systems, secure data, secure people, secure business

Computing Security January/February 2022


The Cover sponsor for this latest issue,

Shearwater Group - see right - enjoyed

a highly successful evening at the 2021

Computing Security Awards, winning

five awards in total, which included

‘Security Company of the Year’.

Our warmest congratulations to them!

For full details, click here.











Celebrating 'Security Company of the Year' and 4 additional award

wins across the Group


Stepping up Britain's defence and



NEWS 6 & 8

A round-up of recent News stories that

have caught our attention, including:

• 'Vulnerabilities of online security

systems' pinpointed in Which? Report’

• 'Ministry of Justice reveals loss of

184 devices'

• 'Google and Facebook punished over

online tracking failures'.


The use of deep fake tech, 'Killerware',

ransomware and insider threats are all

forecast to rise in 2022. And cyber-criminals

will be focusing on using existing attack


methods in new ways to hit organisations


even harder in 2022, warns Nicole Mills,

Paul Harris, Pentest, discusses the

exhibition director at Infosecurity Group

importance of security within tech projects

and how a ‘security by design’ approach can

bring numerous dividends


In the battle to stay ahead of the threats


that are now exploiting a whole gamut


of vulnerabilities, organisations must

implement security strategies on

Facial recognition technology, behavioural

numerous fronts as a matter of urgency

biometrics, biometric authentication,

homomorphic encryption and more - all


are vying to emerge on top as our digital

"If you can't get the basics right, it doesn't

lives come under ever greater scrutiny and

matter how brilliant your strategy is," says

deepening threat

Steven Usher, Brookcourt Solutions



In-built ransomware protection enables


rapid recovery of individual files and


emails for Furness College

As cyber transforms our approach to

security, the UK government has launched


the National Cyber Strategy, with the aim

Ransomware hackers have the power not

of strengthening the UK cyber ecosystem,

just to take files, but also to impact the very

and "investing in our people and skills"

running of an entire organisation.

computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk




More than a third of security technologies

that are curently used by organisations

globally are considered to be outdated -

and this at a time when attacks are being

unleashed like never before

24241541 SE Computing Security Ad_010222c_Outlined.pdf 1 01/02/2022 12:22









News 6 and 8 - VERSION 2.qxd 10-Feb-22 10:19 AM Page 2


Amir Nooriala,





A recent report from Which? magazine

has again highlighted the vulnerabilities

of online security systems. The findings

have prompted Amir Nooriala, chief

commercial officer at authentication and

verification company Callsign, to address

the issue of flaws in password


"These flaws are well known by both

tech organisations and the general

public," he points out, "especially as we

are constantly reminded to change our

passwords every six months, use special

characters and make sure we're not

using our birthday as a pin code."

It's time to stop focusing on using

passwords and SMS one-time passwords

(OTPs) to authenticate identity, he adds.

"Tech organisations need to stop putting

customers in a position where they're

forced to use channels that aren't secure

to identify themselves online."

Organisations need to shift their

strategies away from these analogue

methods for customer security and

introduce digital solutions for a digital

world, Nooriala advises.

"Businesses should look at building

other verification methods into their

customer security strategies, such as

biometrics and behavioural markers,

which are analysed against thousands

of data points." This enables consumers

to access services such as online banking

rapidly, while giving them peace of mind

that they'll be safe online, he concludes.


Global cyber security and risk mitigation company NCC

Simon Fieldhouse,

Group has launched a new cloud service, Replicate & NCC Group

Recover, with the aim of giving customers maximum

resilience against disruption of third-party cloud-based

software and applications.

Built upon NCC Group's software escrow technology,

Replicate & Recover brings both escrow and data back-up

(Back up as a Service (BaaS) together into a single solution.

Simon Fieldhouse, global managing director, Software

Resilience at NCC Group, comments: "In today's environment,

operational resilience is closely tied to how much an

organisation can minimise vulnerabilities in their cloud

solutions. Businesses that are unprepared for data loss could

be faced with huge downtime, which brings significant

financial implications."


The Ministry of Justice (MoJ) has revealed a total loss of 184

mobile phones, PCs, laptops and tablet devices between

September 2020 and September 2021, compared with 161

in 2019/20. NHS Digital recorded a total of 71 lost or stolen

devices, covering mobiles, laptops and tablets during the

same period. A further 319 laptops were disposed of.

The findings follow Freedom of Information requests from

Apricorn submitted to 16 government departments into the

security of devices held by public sector employees.

"Lost and stolen devices are, in most part, unavoidable," says

Jon Fielding, managing director, EMEA, Apricorn. "Fortunately,

in the case of NHS Digital, despite the mishap in recording

the disposal of a large quantity of laptops, their security

processes ensured all these devices were encrypted and, as

a result, the data they housed was protected."

Jon Fielding, Apricorn


When the pandemic struck, remote working

arrived practically overnight. This, says Oliver

Oliver Cronk,

Cronk, chief IT architect - EMEA, Tanium, saw


many organisations turn to collaboration tools,

such as Zoom and Microsoft Teams, to carry out

daily operations. "Yet this increase in use and the

flow of data across these platforms has prompted

more cases of hackers trying to exploit

vulnerabilities to steal sensitive information."

Important decisions need to be made about how

to manage the platforms, such as whether to allow access to people from outside the

organisation or permanent staff members only. "Also, security training programs should be

updated to specifically cover threats that users could encounter on collaboration platforms."


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk










Defend on all fronts.

At last, it’s back. After two years away, Europe’s largest

cloud and cyber security event is here to deliver total peace

of mind for security professionals everywhere. Meet with

all the key industry suppliers, learn from and share with

all your peers, and evaluate the very latest thinking in

how to secure your digital business well into the future.

With over 100 hours of inspirational content across

two free-to-attend days, as well as an exciting new

multi-functional zone featuring roundtables,

hackathons, workshops, leadership discussions

and drop-in clinics, it’s the only place to be.

Make sure it’s on your radar.

Register for your FREE ticket today:




2 - 3 March 2022 ExCel, London





2 - 3 March 2022 ExCeL, London



















CCSE - London Tech Show 2022_BTC.indd 1

6/1/22 10:12 pm

News 6 and 8 - VERSION 2.qxd 10-Feb-22 10:23 AM Page 3


Jake Moore,




France's data privacy watchdog has

fined Google and Facebook a combined

€210m (£176m) for hampering users'

ability to stop the companies tracking

their online activity.

The Commission Nationale de

l'Informatique et des Libertés (CNIL)

revealed, as reported in The Guardian,

that it had fined Google a record €150m

for making it difficult for internet users

to refuse cookies - small text files that

build up a profile of a person's web

activity for commercial purposes. It fined

Facebook 60m euros for the same


The watchdog said the facebook.com,

google.fr and youtube.com websites did

not allow the easy refusal of cookies.

Citing the example of Facebook, it

commented: "Several clicks are required

to refuse all cookies, as opposed to a

single one to accept them."

Says Jake Moore, global cyber security

advisor at ESET: "Accepting cookies has

become a normal part of visiting a

website, but many people still have no

real grasp of what they are agreeing to,

much like the complicated Ts and Cs

we often see in small print.

"This acceptance can lead to the

handing over of very personal and

unique data, such as what is in your

shopping cart or even your location, and

most people simply just agree with them

to speed up the entry to the website."


The UK Cyber Security Council and the Security

Simon Hepburn and Martin Smith

Awareness Special Interest Group (SASIG) have

announced a strategic partnership. They will work

together on key webinars and events designed to

improve trust in the online environment and when

it comes to education and knowledge-sharing.

One of the forthcoming events where they will

partner with SASIG is on its third Cybersecurity

Skills Festival.

Simon Hepburn, CEO of the UK Cyber Security Council, says: "Getting more people to

consider entering the cyber security industry is crucial and we look forward to working with

SASIG on this." Martin Smith MBE, chairman and founder of SASIG, comments: "Our Skills

Festivals have already established themselves as a successful way of bringing together those

looking for new talent and those wanting to enter our dynamic and exciting profession, but

there is much more to be done."


Cloudflare is expanding its Zero Trust firewall capabilities

to help companies secure their entire corporate

network across all of their branch offices, data centres

and clouds. The company also announced Oahu, a new

program to help customers migrate from legacy hardware

to the Cloudflare.

According to Matthew Prince, co-founder and CEO of

Cloudflare: "CIOs know that the corporate network is

changing fast, and we want to help make that transition

easy, flexible and scalable. When working from everywhere

became possible, workers migrated from legacy locations

like Palo Alto to work wherever they wanted.

"With our Oahu Program, we are making it easy for

companies to leave legacy tech behind, in favour of an

everywhere firewall delivered from the cloud."

Matthew Prince,



New research reveals that organisations are

Louella Fernandes,

struggling to keep up with the print security


demands of the hybrid workplace. The findings

appear in Quocirca's 'Global Print Security

Landscape Report 2022'.

Commenting on the findings, Quocirca research

director Louella Fernandes says: "Despite rapid

digitisation over the past eighteen months,

organisations continue to rely on printing.

Now, however, printer estates have expanded to

include home offices and employee-purchased devices, increasing the risk of accidental data

loss and cyber-attacks. "Organisations are finding it harder to keep up with print security

challenges and they are suffering costly breaches as a result," she adds.


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Strengthen your data resilience with

Immutable Backup from Arcserve

Buy an Arcserve Appliance secured by Sophos,

and get OneXafe immutable storage!

Arm your business with a multi-layer protection approach to strengthen your overall data resilience. Arcserve

brings you data backup, recovery, and immutable storage solutions with integrated cybersecurity to defeat

ransomware and provide the best-in-class data management and data protection solution in the market.

Arcserve UDP Data

Protection Software

Unified data and ransomware

protection to neutralize

ransomware attacks,

restore data, and perform

orchestrated recovery.

Arcserve Appliances

All-in-one enterprise backup,

cybersecurity, and disaster

recovery, with multipetabyte


StorageCraft OneXafe

Immutable Storage

Scale-out object-based NAS

storage with immutable

snapshots to safeguard data.

Get multi-layer protection!


Pentest 10_11 - BW PROOFED - V2.qxd 10-Feb-22 10:25 AM Page 2

tech projects





Whether you're looking to build

a new tech business, develop a

new piece of software for a client,

implement new technology within your

existing company or build a new website

for your organisation, creating and

implementing new tech projects is always

an exciting prospect. But, in the excitement

of it all, it can be all too easy to focus on the

'interesting' functional aspects of the project

and avoid some of the more 'mundane',

or less attractive, jobs until later down the

line. The jobs you know you need to do,

but which aren't considered as exciting,

interesting or transformative as the others.

Security is often one of these jobs and can

be perceived by many as detrimental to the

creative process. In fact, according to the EY

Global Information Security Survey 2020,

just 7% of organisations would describe

cybersecurity as enabling innovation.

With such negative perceptions, it's no

wonder security can be left until the very

last minute.


Take software development as an example,

an industry we work closely with.

Functionality and user


take priority within the development cycle -

after all, you always want to deliver what

your clients want. But security requirements

don't often feature within the essential

functionality or even within the 'nice to

haves'. In most cases, security considerations

only feature at the end of the development

process, when clients are looking for final

assurances before sign-off and go live.

In some cases, it doesn't feature in the

development process at all and security

requirements only surface once the

application has gone live and issues start to


No matter what the tech project, leaving

security testing and security assurances until

the last minute is a risky approach, especially

when there are tight timelines to adhere to.

What happens if testing can't be completed

in time due to the last-minute nature of the

request? Do you go live without security

assurances or delay release? Neither is ideal.

What happens if last minute security

investigations find major issues within

the project, issues that will take time to


Again, you can go live knowing you

have issues present and take the risk,

or delay and fix the issues. It's not

a great position to be in and it's

certainly not something you want

to be telling the client or internal

management at the very last minute

of the project. Yet, it's a situation we've

seen happen time and time again

when security has been left until the

very end of a project.

So, next time you've got an exciting new

tech-based project underway, how do you

ensure you don't come across security

issues like those above?


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Pentest 10_11 - BW PROOFED - V2.qxd 10-Feb-22 10:25 AM Page 3

tech projects



Security by design isn't a new concept and,

whilst it has been adopted by many, it

seems that security by afterthought is still

the default setting for many organisations

when it comes to tech projects.

Incorporating a security by design

approach into projects may sound like a

hassle for organisations, taking up valuable

time, resources, and effort, but those who

neglect to consider security from the outset

can often make easy prey for hackers. The

effort is worth it, and you can make the

process as complicated or simple as you

like. The key is that you're considering the

security of the project at the earliest possible

stage and therefore creating a more secure

product as a result. Think of it like baking

a cake: it's far easier to add raisins into your

cake mix before baking than trying to do it

after you have finished.




When developing a piece of software or

an application, it's important to test its

functionality as thoroughly as possible. To

do this, development teams, as well as other

in-house teams, will often 'eat their own

dog food', using the software in the same

way the customer would, helping uncover

potential bugs before it makes its way into

the hands of paying clients.

Conducting your own functionality testing

in-house is one thing, but conducting your

own security testing could be a completely

different proposition.

First, testing can often sit with the

development team, the very people tasked

with creating the software. But do they have

the correct skills to test it fully? They may

have knowledge of security testing, the

tools and approaches used, but can they

interpret the results effectively or delve as

deeply as a

dedicated tester?

It's the same for

ethical hackers;

yes, they

may well have

knowledge of


practices, but

many don't

have the skills

to be a


They are entirely

different mindsets, one is

creative, one is destructive, and you

therefore need to adopt the right

approach, if you are to be successful.

In that case, using developers, or any

in-house team, without the right skillset

or mindset, may mean that issues are

missed and may supply false assurances

that things are fine, when in fact there


The second issue is whether in-house

teams are too close to the project and

therefore may not be fully impartial in

their testing. Having your work judged

by an external expert is always a

daunting prospect, but it's far better to

have an independent assessment of the

situation, rather than run the risks of

marking your own homework. As we

always say, external security testing isn't

here to call your baby ugly.



With project resources tight, it can be all

too easy to cut corners in areas which,

while necessary, have less perceived

benefits. Testing is one of these areas

and, although any security testing is

beneficial, not all testing, and not all

assurances, are created equal. Companies

have a variety of choices when it comes to

testing, whether it's conducting it in-house,

which we've discussed above, vulnerability

scanning or penetration testing. They can

choose to conduct a test at the end of the

process, during development or ideally a

combination of both.

They also have choices when it comes to

the scope and approach of those tests. Is

testing to be focused on specific areas of

the project, the ones that are critical or do

you take a wider view? Should you only

consider the threat from external sources or

consider the potential damage that could be

achieved, if a malicious threat was to obtain

internal access?

Compromises often must be made and

there have been many occasions where

limitations mean full, in-depth testing just

isn't possible. But testing should always be

as thorough as possible within your set

limitations, giving you the upmost

confidence in your defences.

Yes, you can always get cheaper testing

services or limit the scope of testing to save

time, and still get the sign-off you need,

but, if there is then a security issue and it's

found that you scrimped on testing, then

the fallout will probably cost more than

the testing ever would have.

www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2022 computing security


Threat Landscape - PROOFED BW.qxd 10-Feb-22 10:27 AM Page 2

threat landscape




Aseries of recently released reports

have pinpointed the constant

bombardment of attacks organisations

and individuals are under. It does not make

for easy reading, as these assaults are ramped

up to a level where the big question that

comes to mind is: can best practice and

technology combine to avoid a meltdown?

Cisco's latest cybersecurity report, 'Security

Outcomes Study Volume 2' i , surveyed

more than 5,100 security and privacy

professionals across 27 countries, including

the UK, to determine the most impactful

measures that teams can take, in order

to defend their organisations against the

evolving threat landscape.

Investing in a proactive technology refresh

strategy is more critical than ever, states

the report, as on average 39% of security

technologies used by organisations globally

are considered outdated. In the UK,

respondents reveal themselves to be above

the global average, reporting that 56% of

their IT infrastructure is out of date.

Organisations with cloud-based

architectures are said to be more than twice

as likely to refresh than those with more

outdated on-premises technologies. In the

UK, 74% of security and privacy professionals

stated that they are planning to expand their

cloud-based security technology.

52% of respondents from the UK report

they have a strong proactive tech refresh

strategy to stay up to date with the

best available IT and security technologies,

while organisations with integrated

technologies are seven times more likely to

achieve high levels of process automation.

Additionally, these organisations boast more

than 40% stronger threat detection


In the UK only 25.6% excel at retaining

security talent. "More than 75% of security

operations programs globally that do not

have strong staffing resources are still able to

achieve robust capabilities through high levels

of automation," says the report. "Automation

more than doubles the performance of less

experienced staff, supporting organisations

through skills and labour shortages."


The value of cloud-based security

architectures cannot be understated, it

continues. "Organisations that claim to have

mature implementations of Zero Trust

or Secure Access Service Edge (SASE)

architectures are 35% more likely to report

strong security operations than those with

nascent implementations. Organisations that

leverage threat intelligence achieve faster

mean time to repair (MTTR), with rates 50%

lower than those of non-intel users."

In the UK, according to the findings:

30.7% of security and privacy

professionals stated they are able to

manage top risks, while 33.5% of security

and privacy professionals say they can

avoid major incidents


As the threat landscape continues to evolve,

testing business continuity and disaster

recovery capabilities regularly and in multiple

ways is more critical than ever, with proactive

organisations estimated to be 2.5 times more

likely to maintain business resiliency.

"We recognise that today's compliance

requirements, skills shortages, a hybrid

workforce and a threat-filled landscape are all

making security complex," says Lothar Renner,

managing director security, Cisco EMEAR.

"The global data behind Cisco's Security

Outcome Study means that identifying the

most effective security practices is no longer

guesswork. Cisco continues to work with

companies to uphold the best practices

identified and, as such, will continue to

support security professionals in the adoption

of cloud-based security solutions and threat

intelligence, based on our open and

integrated platform SecureX, in order that

they be best positioned to empower their

enterprises securely," he adds.

What is the role of the CISO in delivering the

most positive outcomes? "CISOs have to be

both influencers and educators," says Helen

Patton, Advisory CISO, Cisco.


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Threat Landscape - PROOFED BW.qxd 10-Feb-22 10:28 AM Page 3

threat landscape

"If we're going to be as effective as possible,

we need to be on the leading edge of the

strategy decisions being made in our

organisations. But while we're trying to

convince people that security is important -

that we need the right investments to do

it well and that we should be involved in

every aspect of the business - we must also

educate. Most executives do not have a

background in security, so we need to inform

them every step of the way about the types

of risks we're introducing with each decision

we make."


IT and technology companies in the UK have

experienced an average of 44 cyberattacks in

the last 12 months - roughly one every eight

days - according to new research by Keeper

Security. The company's 2021 Cybersecurity

Census Report ii has revealed that the large

majority of IT decision makers (79%) within

IT and tech companies in the UK expect the

number of attacks to increase next year

amidst concerns that they are missing the

right skills and solutions to adequately

protect themselves against these attacks.

Overall, almost all (95%) IT and tech

companies are aware of where the gaps in

their current cybersecurity defences are, but,

worryingly, only 40% are addressing them,

leaving organisations vulnerable to future

attacks. The acute cybersecurity skills shortage

in the UK is one of the contributing factors to

this, with 59% of IT decision makers stating

that it is impacting the cybersecurity efforts

in their organisation.

"Leaders in the IT and tech space believe

the skills gap doesn't just apply to their direct

teams, but runs deep within organisations,"

reports Keeper Security. "Over half (60%)

state that employees don't understand the

cybersecurity implications of poor password

hygiene. Many IT decision makers (69%)

therefore urge their companies to do more

to educate employees on cybersecurity best

practices, while three in four (73%) are in

favour of mandating basic cybersecurity

training before new starters join a business."

Adds Darren Guccione, CEO & co-founder

of Keeper Security: "The UK's IT and tech

industry is a stalwart for innovation but,

when it comes to cybersecurity, the sector still

has some catching up to do. Our research

has found that cybercriminals are really

turning up the heat, and will continue to

target IT and tech companies in the years

to come. To counter this, it is essential that

organisations address both the current skills

gap and implement stringent IT policies that

include a zero-trust and zero-knowledge

approach to cybersecurity. With the best

cyber defence solutions in place, IT and

tech companies will be able to weather the

cybersecurity storm they continue to face."


Meanwhile, McAfee Enterprise has released

its latest Advanced Threat Research Report iii

that sets out to highlight the most impactful

cybercriminal activity from the second quarter

of 2021, with a focus on ransomware and

cloud security threats.

Despite the most influential underground

forums XSS and Exploit announcing a ban on

ransomware advertisements and the DarkSide

ransomware group abruptly halting its

operations, McAfee Enterprise's global threat

network identified a surge in ransomware

attacks by popular malware families, in

addition to expanded targeted sectors. In

fact, McAfee Enterprise's threats team

identified that 73% of ransomware

detections in Q2 2021 were related to the

REvil/Sodinokibi family and that DarkSide

ransomware attacks extended beyond the oil,

gas and chemical sector to legal services,

wholesale and manufacturing.

Other key findings in the research include:

The most targeted sector by ransomware

in Q2 of 2021 was the government,

followed by telecom, energy and media &


Adam Philpott, McAfee Enterprise: the

public sector must shore up its defences

to mitigate further threats.

A 64% increase in publicly reported cyber

incidents targeted the public sector

during the second quarter of 2021,

followed by the entertainment sector

with a 60% increase. Notably, information

/communication had a 50% decrease in

Q2 2021, with manufacturing down 26%

Financial services were targeted in 50% of

the top 10 cloud incidents


Comments Adam Philpott, EMEA president at

McAfee Enterprise: "The fact that the

government saw a 64% increase in publicly

reported cyber incidents specifically targeting

the public sector should be a warning that no

one is safe from a cyber-attack. As cyber

criminals adapt their methods to target the

most sensitive data and services, the public

sector must shore up its defences to mitigate

further threats.

"By deploying a security strategy that blends

both Zero Trust and SASE approaches,

the public sector can be more confident,

knowing that they have the necessary barriers

in place to protect against sophisticated

attacks. This has become particularly

important as workers split their time

www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2022 computing security


Threat Landscape - PROOFED BW.qxd 10-Feb-22 10:28 AM Page 4

threat landscape

Lothar Renner, Cisco EMEAR: today's

compliance requirements, skills shortages,

a hybrid workforce and a threat-filled

landscape are all making security complex.

Ekaterina Kilyusheva, Positive Technologies:

some operators are rethinking their

preference for Ransomware as a Service,

which carries certain risks from unreliable


between home and the office, with

organisations needing to protect entry and

data at every control point."

The good news is that data shows that

attacks across several other sectors,

including information and the

manufacturing sectors, were down,

he adds. "Organisations shouldn't get

complacent, however, and should use this

as an opportunity to figure out what has

worked well and how they could tighten up

their defences against future attacks. This

could include the use of threat intelligence,

which helps organisations to predict and

prioritise potential threats before preemptively

adapting their defensive

countermeasures, ensuring optimised

security and future business resilience."


Finally, Positive Technologies experts

have analysed the Q3 2021 cybersecurity

threatscape and found a decrease in the

number of unique cyberattacks iv . If that

can be seen as the good news, it also

reports an increase in the share of attacks

against individuals and a rise in attacks

involving remote access malware.

ransomware gangs stopped their operation

and law enforcement agencies started

paying more attention to the problem of

ransomware attacks [due to recent highprofile



Positive Technologies also noted a trend

toward the 'rebranding' of existing

ransomware gangs: Some operators

are rethinking their preference for the

Ransomware as a Service (RaaS) scheme,

which carries certain risks from unreliable


"In Q2, we predicted that one of the

possible scenarios of ransomware

transformation would be that groups

abandon the RaaS model in its current

form," she adds. "It is much safer for

ransomware operators to hire people

who will deliver malware and search for

vulnerabilities as permanent 'employees.'

It will be safer for both parties, as more

organised and efficient all-in-one forms of

cooperation can be created. In Q3, we saw

the first steps in this direction. An additional

boost for this transformation is the development

of the market of initial access."

The number of attacks in Q3 decreased by

4.8% compared to the previous quarter-the

first time since the end of 2018 that Positive

Technologies has recorded a negative trend.

The researchers believe one key reason for

the change is the decrease in ransomware

attacks and the fact that some major

players have quit the stage. This is also why

the share of attacks aimed at compromising

corporate computers, servers and network

equipment has fallen - from 87% to 75%.

Positive Technologies research also shows

that, although the share of malware attacks

decreased by 22%, the attackers' appetite

for data led to an increase in the use of

remote access trojans. In attacks on

organisations, this share grew from 17% to

36%, while in attacks against individuals

remote control trojans made up more than

half of all malware. In Q3, the share of

attacks involving remote access trojans

increased 2.5 times over Q1.

"This year, we saw the peak of ransomware

attacks in April when 120 attacks were

recorded," says Ekaterina Kilyusheva,

head of research and analytics, Positive

Technologies. "There were 45 attacks in

September, down 63% from the peak

in April. The reason is that several large

i https://bit.ly/3IFVr7J

ii https://www.keepersecurity.com/uk-cybersecuritycensus-report-2021.html

iii https://www.mcafee.com/enterprise/enus/lp/threats-reports/oct-2021.html

iv https://www.ptsecurity.com/wwen/analytics/cybersecurity-threatscape-2021-q3


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Security Strategies - PROOFED BW.qxd 10-Feb-22 10:29 AM Page 1

security strategies




When the pandemic first struck,

many businesses were forced

to become remote practically

overnight. This, says Oliver Cronk, chief IT

architect - EMEA, Tanium, saw many

organisations turn to collaboration tools,

such as Zoom and Microsoft Teams, to

carry out daily operations. "Yet this increase

in use and the flow of data across these

platforms has prompted more cases of

hackers trying to exploit vulnerabilities to

steal sensitive information," he states.

Hackers will continue to look for

vulnerabilities related to the new hybrid

workplace model - and Tanium predicts

that during 2022 employees using

collaboration tools at home could come

under siege. "Hackers are aware these tools

are being used for new working processes

and carrying lots of valuable data," points

out Cronk. "Instead of trying to find technical

weaknesses in the tools specifically,

hackers will look to exploit users through

impersonation instead. This could happen

on the platforms, but off of them, too.

For example, we're already seeing Zoomthemed

phishing attacks circulating

through email, text and social media

messages, aiming to steal credentials.

Organisations should make the security

of collaboration tools a key part of their

security strategies, he cautions. "As part

of this, they will need to make important

decisions about how to manage the

platforms, such as whether to allow people

from outside the organisation to use them

or whether only permanent staff members

are given access. Additionally, security

training programs should be updated to

specifically cover threats that users could

encounter on collaboration platforms."


In the battle to stay ahead of the threats

now proliferating across the computing

security industry, endpoint management

and security company Tanium has launched

a new solution that, it states, offers a

"comprehensive, near real-time view of risk

posture" across an organisation, with the

ability to quickly remediate vulnerabilities

and compliance gaps from a single


Tanium ranks Tanium Risk as a key part

of the company's risk and compliance

solution. "By leveraging existing features of

the Tanium platform that establish a holistic

view into all endpoints, the new product

generates an accurate, relevant risk score,"

claims the company. "This allows customers

to quickly prioritise what needs to be fixed

across their environment, without

switching tools."

As the volume and intensity of advanced

threats hits ever higher peaks and puts

organisations at the levels of risk rarely seen

before, solutions are certainly needed from

the industry at large to help stave off the

worst effects and offer the protections that

are needed.

"Managing endpoint risk and compliance

is more challenging today than it has ever

before," points out Pete Constantine, chief

product officer for Tanium. "Today's CISOs

have to manage risk from millions of

globally distributed, heterogeneous assets,

while also responding to ever increasing

audit scrutiny and regulatory compliance

requirements. Whether organisations need

to patch, update applications or set new

configuration policies, Tanium Risk allows

them to leverage the same dataset, agent

and architecture to fix gaps as quickly as

they are found."


According to Phil Harris, research director,

Cybersecurity Risk Management Services, at

analyst firm IDC, a near real-time risk score

with comprehensive visibility into the state

of endpoints enables executives to better

understand the impact of cyber-attacks on

business outcomes. "Decision makers can

prioritise severe vulnerabilities and respond

to breaches much more quickly to reduce

the attack surface radically."

Meanwhile, IPC provider Advantech has

been busily engaged in launching its own

solutions in line with warding off the many

advanced threats that are threatening

organisation. In its case, this is very much

focused on edge AI inference systems that

meet rising demands for AI image


"As AI devices are widely deployed at

the edge, remote management and

information security at the cloud/edge

remain key concerns," states Advantech.

The company collaborated with Allxon

on remote Edge-AI device management

solutions back in 2020. Now, Allxon is

collaborating with cybersecurity software

giant Trend Micro's IoT security (TMIS)

division in an effort to create stronger

premier security features.

"The exploding popularity of edge AI

solutions creates new AIoT [Artificial

Intelligence of Things] threats that target

mission-critical operation technology,"

adds Advantech. "Consequently, providing

maximum protection through a range of

system hardening and risk detection

www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2022 computing security


Security Strategies - PROOFED BW.qxd 10-Feb-22 10:29 AM Page 2

security strategies

Oliver Cronk, Tanium: Zoom-themed

phishing attacks are circulating through

email, text and social media messages,

aiming to steal credentials.

Matthew Prince, Cloudflare: CIOs know that

the corporate network is changing fast, and

we want to help make that transition easy,

flexible and scalable.

features - both in the cloud and at the

industrial edge - is vitally important.

Indeed, adding IoT protection with disaster

recovery functions delivers the safety and

convenience needed for industrial

operation technology."

Ultimately, the collaboration between

Advantech, Allxon and Trend Micro aims

to deliver the level of security and remote

device monitoring/management solutions

that address diverse management and

security challenges.



Remote Management: Allxon Device

Management Solutions (DMS) are said

to provide a wide range of centralised

cloud-device systems that help businesses

avoid multi-platform interface management

difficulties associated with mass

deployment. Using Advantech MIC-AI's

flexible iDoor Mini PCIe enables these

systems to directly connect to the internet

via LAN and control an integrated reset pin.

This, in turn, enables Allxon DMS to reset

MIC-AI remotely during a system crash.

As a preferred NVIDIA partner (the

multinational technology company that

designs graphics processing units for the

gaming and professional markets), Allxon

delivers diverse functionality to NVIDIA

Jetson. These functions include secure and

remote recovery mode triggering, system

log automatic upload/download, over-theair

(OTA) deployment and out-of-band

(OOB) power cycling.

Information Security: Trend Micro's

industry-leading threat intelligence

leverages a combination of vulnerability

checks and proprietary Web Reputation

Services to engender enhanced security

and blacklisting respectively. Likewise,

Trend Micro's Approved Application Listing

restricts on-device operations to authorised

script files and applications. "Allxon's overthe-air

(OTA) updates enable users to install

and update Trend Micro IoT Security on

edge devices remotely, while blocking

suspicious activities and potential attacks.

Similarly, Allxon Portal optimises and

secures Advantech MIC-AI devices by

further enabling remote monitoring."


But how will AI, IoT and AIoT [Artificial

Intelligence of Things] influence the way

we deal with data and implement cloud

computing in the future? Global information

analytics company Elsevier is very

much at the front edge in recognising the

opportunities this 'brave new world' can


"From smart home, smart city to smart

globe, Internet of Things (IoT) is playing a

great role that will dramatically change not

only our daily lives, but human civilisation,"

states Elsevier. "However, with numerous

flows of data streamed from connected

sensors and devices that are increasing by

billion per year, the ability to handle data in

a timely, effective manner will determine

whether we can fully enjoy the benefits of


And he adds: "The recent advances in

artificial intelli-gence (AI) have brought

opportunities in overcoming the challenges

of IoT development. Consequently, the

integration of AI and IoT technologies

becomes a promising trend to promote the

benign evolution of the IoT ecosystem."

Recently, the new IoT structure known as

the Artificial Intelligence of Things (AIoT)

has come into play and Elsevier has been

noting its growing influence. "Broadly

speaking, AIoT is a fusion of AI and IoT in

practical applications.

However, AIoT is not a simple AI + IoT,

states Elsevier, but adopts technologies

such as AI and the IoT, supported by big

data and cloud computing, using semi-


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Security Strategies - PROOFED BW.qxd 10-Feb-22 10:29 AM Page 3

security strategies

conductors as algorithm carriers, network

security technologies as implementation

guarantees, and 5G as a catalyst to

integrate data, knowledge and intelligence.

"With the power of AI, comments

Elsevier, IoT devices are not just messengers

feeding inform-ation to the control centre,

but have evolved into intelligent machines

capable of performing self-driven analytics

and acting independently. AIoT disruptive

changes and unique opportunities to

modern society through personalised

services, tailored content, improved

availability, and accessibility, and costeffective



Although the advent of AIoT has spawned

a large number of new technologies and

applications, the convergence of IoT and

AI also poses several emerging challenges,

Elsevier concedes. "To fulfil AIoT, one

essential step is to connect various things

in a collaborative manner, because IoT

devices appear in a wide variety of

products. Because AIoT is so huge, it would

have to be self-organised and groups of

things in the AIoT should collaborate for a

common goal. However, simply connecting

them without further collaboration among

different things leads to unnecessary energy

consumption, uncertain security, unstable

performance etc for AIoT."

Another essential step, it points out, is to

link AIoT with other advanced technologies

causing convergence and breaking down

the barriers, which concedes that the link

among cloud, edge, blockchain and AIoT

etc "poses many challenges that call for

advanced approaches and rethinking of the

entire architecture, communication and

processing to meet requirements in latency,

reliability and so on".


In another development, Cloudflare is

expanding its Zero Trust firewall capabilities

to help companies secure their entire

corporate network across all of their

branch offices, data centres and clouds.

The company also announced Oahu, a

new program to help customers migrate

from legacy hardware to the Cloudflare

One suite of Zero Trust solutions. "Now,

CIOs can better connect and secure their

corporate networks with Zero Trust

security-without the traditionally hard,

costly or complex migration," it states.

"Traditional firewalls consisted of

hardware boxes installed on company

premises and were not designed for hybrid

workforces or cloud applications. While

some companies turned to 'virtualised'

firewalls to meet this challenge, these

faced many of the same challenges as with

hardware appliances, such as capacity

planning and managing primary/backup


With Cloudflare's new cloud firewall

functionality, CIOs can better secure their

entire corporate network, apply Zero

Trust policies to all traffic and gain deeper

network visibility, the company claims.

"And since Cloudflare's firewall runs

everywhere, CIOs no longer need to rely

on centralising traffic on one box in one

location, physical or virtual."

Observes Matthew Prince, co-founder

and CEO of Cloudflare: "CIOs know that

the corporate network is changing fast,

and we want to help make that transition

easy, flexible and scalable. When working

from everywhere became possible, workers

migrated from legacy locations like Palo

Alto to work wherever they wanted. With

our Oahu Program, we are making it easy

for companies to leave legacy tech behind,

in favour of an everywhere firewall

delivered from the cloud."

According to Cloudflare's DDoS attack

trends and highlights from 2021, ransom

DDoS attacks increased by 29% year over

year and 175% quarter over quarter in Q4

of 2021. With this in mind, Cloudflare

investigated which industries and regions

were most commonly targeted by

attackers, as well as the patterns for

various types of assaults.


The first half of 2021 witnessed massive

ransomware and ransom DDoS attack

campaigns that interrupted aspects of

critical infrastructure around the world

(including one of the largest petroleum

pipeline system operators in the US) and a

vulnerability in IT management software

that targeted schools, public sector, travel

organisations and credit unions, amongst

many others.

The second half of the year recorded a

growing swarm of one of the most

powerful botnets deployed (Meris), as well

as record-breaking HTTP DDoS attacks and

network-layer attacks observed over the

Cloudflare network. This besides the

Log4j2 vulnerability (CVE-2021-44228)

discovered in December that allows an

attacker to execute code on a remote

server - arguably one of the most severe

vulnerabilities on the Internet since both

Heartbleed and Shellshock.


Prominent attacks, such as the ones listed

above, are but a few examples from the

report that, adds Cloudflare, "demonstrate

a trend of intensifying cyber insecurity that

affected everyone, from tech firms and

government organisations to wineries and

meat processing plants".

Adds John Graham-Cummings, CCO,

Cloudflare: "Q4 was very busy for DDoS

attacks on the Internet. We saw a big

increase in random DDoS attacks, as well

as standard network-level DDoS aimed at

knocking a service offline.

" This all points to DDoS attacks being

relatively easy to perform and, via

ransoms, a way to make money."

www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2022 computing security


Ticking Clock - PROOFED BW.qxd 10-Feb-22 10:32 AM Page 2

attacker tactics




As a follow-up to our 2022 Predictions

feature in the last issue, we've been

canvassing opinions from across the

industry on how they see security shaping up

as we move through the year.

"Yes, the clock is ticking, but the fuse

has also become shorter," notes Peter

Stelzhammer, co-founder AV-Comparatives:

"The times of patting each other on the back

are over - cybercrime is now an organised

activity that has become an extremely

professional operation.

"In the media, you read again and again

about the all too bad ransomware attacks.

However, these are increasingly becoming

'killerware' attacks when they hit systems

in the health sector and put human lives in

danger. Almost forgotten are the other

malware attacks that are just as bad, but not

as visible. Many more Zombie systems exist

with 'normal' malware than systems infected

with ransomware, which are equally as


The most important measures against

cybercrime, he says. are still a multi-level

security system consisting of firewall, server

security and endpoint security, supplemented

with a secure backup strategy. "It is equally

important to keep the software up to date

and patched. Cybersecurity is still an

overlooked issue in many companies. This

must change: IT security absolutely belongs

to the business area of management. The

survival of your company could depend on it."


Meanwhile, the organisers of Infosecurity

Europe asked their network of CISOs and

analysts to comment on the major trends

and shifts they foresee

shaping the next several

months. Their response

was that, while 2022's

dominant cyber threats

will largely mirror those

faced last year, criminals

will evolve their modus

operandi to boost disruption

and monetisation.

"Cyber-criminals are sharpening

their skills and techniques, with a focus

on using existing attack methods in new

ways to hit organisations harder in 2022,"

says Nicole Mills, exhibition director at

Infosecurity Group. "Enterprises must be

aware of the tactics attackers are likely to use

to access their networks, systems and data,

and prepare to respond effectively."

The conference programme at Infosecurity

Europe 2022 - 21-23 June at ExCeL London -

will cover the topics raised by the CISOs and

analysts who contributed their thoughts, with

presentations, talks and workshops exploring

the themes across the different theatres.


Egress CEO Tony Pepper sees ransomware

attacks continuing to be a big problem

in 2022. "The most important step that

organisations can take this year is to tackle

the problem of phishing. Over 90% of

malware is delivered via email. The worst

thing about ransomware is that, once it's in

your organisation's systems, it's incredibly

difficult to stop. By making it harder for

cybercriminals to gain access in the first

place, organisations can protect themselves."

They can take back control by stopping entry

in the first place and the best way to do that,


says, is

to invest in

"intelligent antiphishing

technology that

can detect the most sophisticated phishing


Pepper anticipates that the supply chain will

become the least trusted channel in 2022,

following the high-profile attacks against

Kaseya and SolarWinds over the last few

years. "Protecting against supply-chain attacks

will be at the top of every CISO's priorities this

year and loss of trust in the supply chain will

drive adoption of the zero-trust approach.

However, as zero trust concepts become

more popular throughout 2022, organisations

should be wary of vendors that claim

to singlehandedly be a silver bullet. Instead,

organisations should layer combinations of

technologies to achieve a truly zero trust


He also expects accidental data breaches

to continue to be a problem, while also

foreseeing many organisations beginning to

realise the scale of their data loss problems

and that they will look to a "combination of

encryption, intelligent data loss prevention

and security awareness training measures

to help secure their data on email".


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Ticking Clock - PROOFED BW.qxd 10-Feb-22 10:32 AM Page 3

attacker tactics


"It is likely 2022 will be a more eventful year

in cybersecurity," says Todd Carroll, CISO at

CybelAngel. "When there is uncertainty, it's

best to gain as much knowledge as possible,

so you can plan effectively. Something we are

seeing is organisations heavily investing in

cloud-based security solutions and cloudbased

monitoring services, in addition to

skilled staff [internal or external] and security

awareness training." His top three suggested

priorities for the rest of 2022 would be to:

Be proactive - look for external threats,

search for data leaks, locate shadow IT

and monitor for Dark Web mentions.

The faster you find the danger, the sooner

you can fix it

Help your third parties - if sophisticated

companies have data lakes, smaller

vendors will, too. You must monitor your

data, so that, when a vendor's data leaks,

you know earlier and can help them

secure your company and your data.

"Be aware of your surroundings," Carroll

advises. "Ransomware gangs and other

cybercriminals love striking on holidays or just

before peak business times when companies

are distracted. Make sure you have enough

staff to stay on top of threats and can also

build in time to let the team rest. InfoSec is

a never-ending fight and you must rotate

your cyber troops to minimise burnout."


According to Justin Lie, founder and CEO

of SHIELD, as the world opens up and travel

restarts, fraud prevention solutions must

be able to scale to keep up with resurging

growth. "However, the effects of the

pandemic will have a lasting impact on the

way fraud is conducted.," he says. "For

example, the shift to online banking has

been a goldmine for fraudsters. As more

users migrate to online channels, companies

with weak cybersecurity measures will be

more at risk. The race to win new customers

has companies fighting for dominance

where the key differentiator will be the

balance between user experience and

security. We can't let bad actors through

the gate, as it's a sure way to lose existing

customers while also making it hard to

obtain new customers."

As companies scale their growth, they

should also make sure they scale their

systems and infrastructure - specifically their

fraud prevention solution. "This means

increasing the volume their platform can

take, as well as making sure the coverage

of the fraud prevention solution can cover

more ground and be effective in fighting

new fraud use cases. It also means detecting

behaviour that has never been seen before

and is more complex," Lie advises.

Next, it will be essential for companies to

invest in AI and machine learning if they

haven't done so already. "Harnessing machine

learning and AI is not just to keep up with

the level of fraud attacks, but to stay ahead

of them."


Ransomware attacks are expected to

continue rising in 2022, but are likely to look

different, as hackers become aware that the

return on investment they can achieve by

encrypting data is diminishing. "Criminals

are busy exploring alternative means of

monetisation," comments Rik Ferguson, vice

president of Security Research, Trend Micro.

"The act of encrypting data and denying the

owner access to it is actually a minor way of

making money.

"Criminals will focus on their secondary and

tertiary means of extorting money - for

example, threatening to release data for

Peter Stelzhammer, AVComparatives: yes,

the clock is ticking, but the fuse has also

become shorter.

Roland Carandang, Protiviti: if 2021 and

2020 have taught us anything, it's that

change is the only constant.

www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2022 computing security


Ticking Clock - PROOFED BW.qxd 10-Feb-22 10:32 AM Page 4

attacker tactics

Rik Ferguson, Trend Micro: criminals are

busy exploring alternative means of


Tony Pepper, Egress: organisations can take

back control by stopping entry in the first

place and the best way is to invest in

intelligent anti-phishing technology.

public exposure, contacting people who are

a part of the data set and trying to exploit

them, or piling denial of service attacks on

top of encryption."


This view is echoed by Barry Coatesworth,

director - Risk, Compliance and Security,

Guidehouse. "Ransomware will continue

to evolve and the sophistication of the

techniques criminals use will improve," he

states. "They will become more astute in

what situations their victims want to avoid,

to maximise payment. Attacks affecting the

supply chain will probably also increase -

including managed service providers (MSPs)

that manage parts of infrastructure or

software for other organisations, because,

if adversaries can get to them, they can also

get to many of their clients."

Coatesworth anticipates an increase in

social engineering, which tricks users into

making security mistakes or giving away

information. "Threat actors have been

recruiting insiders with the promise of

millions of dollars if they help them gain

access to an organisation's system to install

malware," he says.

"This, combined with growing attacks

against operational technology (OT) systems

and critical infrastructure services, could

result in serious disruption, potentially even

endangering human life. Improvements in

deep fake technology for instance have

allowed threat actors to bypass multi-factor

authentication [MFA] and also elicit fraud by

using faked audio." Countering these threats

will require organisations to improve their

preparedness for incidents and build their

ability to respond effectively.


For Munawar Valiji, CISO, Trainline, the

recalibration of tooling and capability for

the post-pandemic world will be a priority.

"Organisations need to validate their use of

basic security tooling - such as vulnerability

management, and virus and malware

protection - to make sure that they haven't

degraded against the performance expected

of them. There will be more centralisation of

those functions, and increased focus on

automation and orchestration."

Independent researcher David Edwards

believes that cybersecurity will attract more

senior leadership attention in the coming

year. "I think we'll see an increase in boards

taking more interest in cyber risk, as spend

increases. Meanwhile, vendors will align

their product strategy to empower Zero

Trust; however, we'll see slow adoption

throughout 2022, as a result of businesses

starting to compete more aggressively in the

digital landscape."

Meanwhile, Rick Jones, CEO, DigitalXRAID,

recalls how everyone spent 2021 wondering

what a post-Covid world might look like

"and, if recent history has taught us

anything, it's that we should expect the

unexpected". Every week, we are seeing new

cybersecurity threats that can seriously harm

businesses and we will see many more by

the end of 2022, he predicts.

"Developing an holistic cybersecurity

strategy is essential to protecting against

more frequent attacks and businesses can

do this by prioritising three key areas:

people, processes and technology."


States Cloudflare chief security officer Joe

Sullivan: "With any luck, 2022 will see the

waning of the pandemic that drove us to

isolation - but one thing will not return to

pre-covid times: our dependence on the

Internet. We rely so much more on online

connectivity for commercial transactions and

interpersonal connections.

"That's why we felt the pain of cyber

security issues so deeply in 2021 - whether it

was ransomware or currency theft or nationstate

actions. And that is why we need to do


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Ticking Clock - PROOFED BW.qxd 10-Feb-22 10:32 AM Page 5

attacker tactics

more for security in 2022." Businesses need

to accept that investing in security is good

for business, he advises. "It starts with

employing dedicated security professionals

who can help build the right security

controls. They can help the business own

its online presence more by securing their

websites, so consumers can trust them. And

especially in the more distributed workforce

world we live in now, every business needs

to invest in zero-trust approaches to reduce

the risk of their employees' online accounts

being stolen.

"Account compromises are often the easiest

way for an attacker to get into a company

environment," cautions Sullivan. "And, last

but not least, a third area of investment

should be in security awareness for

employees, ideally with that message

reflected in the right tone from the top

of the organisation."


If 2021 and 2020 have taught us anything,

it's that change is the only constant, states

Roland Carandang, managing director at

Protiviti. "This is partly because of the ‘Big C’

[Covid] and also because of unrelated

innovations, including advancements

in quantum computing, neuroscience,

materials science, even space travel. And

really, who could have predicted the rise

of NFTs? As a leader in information security,

how best to plan for such a dynamic future?

By embracing uncertainty and embracing

our people."

Here are some other Cs that Carandang

recommends, in order to achieve that:

Connection and Control: "Our people

have spent nearly two years adjusting to

disruption in their personal and professional

lives. Many of us just want to feel connected

again... to other people. Even before

the pandemic, scientists like Daniel Pink

presented solid evidence that people want

control - over what they do, who they do

it with and when they do it."

Light Coupling of Capabilities: "2021

delivered continued improvements in

technological capability, driven in large part

by underlying advancements in artificial

intelligence and ecosystem integration.

While some vendors are taking this

opportunity to take over their customers'

architecture, others have embraced

openness and integration. In a world where

uncertainty is high and, practically, where

availability of 'hot product' skillsets are low,

the latter path feels most sensible."

Creativity: "2021 also brought improvements

in low/no code platforms and increased use

of innovation systems, like LUMA, and tools,

like Mural," adds Carandang. "The start of

the year is often a time to enable our people

for success. While this certainly includes

technical training, complementing this with

innovation training will help with the other

Cs presented here by helping our people

better engage with each other to envision

possibilities and deliver meaningful change

in their organisations."


Infosec professionals need to expect the

surge to continue - especially as attack tools

and their 'as-a-service' variants adapt to

increased awareness and strengthened

defences, warns Sean Newman, vice

president, Product Management, Corero

Network Security.

"An area that experienced major growth

was Ransom DDoS [Distributed Denial of

Service] attacks that saw an 29% year-onyear

increase, according to data from

Cloudflare," he points out. "These types of

attacks have the benefit of being open-loop

- or asymmetrical - as an organisation can be

attacked without the perpetrator needing to

gain access to internal systems, establishing

command and control or receiving any

exfiltrated data.

"Worse still, traditional business continuity

plans, such as multiple data centres for

resiliency or data backups, are rendered

useless, as these attacks aim to overwhelm

a victim's ability to benefit from the Internet

or access online services. Organisations must

evaluate their preparedness to counter these

types of attacks and put in place suitable

countermeasures to ensure they don't

become the next victim."


Although supply chains have been exploited

by cybercriminals for many years now as an

easier route to penetrating even the best

guarded organisations, the last 12 months

have seen a spate of high-profile incidents

that have had a massive knock-on effect.

"These have not gone unnoticed by the

criminal gangs," continues Newman. "The

recent Log4J vulnerability disclosure

highlights the broadness of that 'supply

chain' definition and organisations would be

wise to start examining all their suppliers, as

they could be introducing this and other

weaknesses, into your environment, for

attackers to exploit."

An associated, and often-overlooked, area

is service suppliers such as ISPs, UC and

hosting providers. The DDoS attack last year

against Voipfone, a highly regarded UC

provider, impacted connected businesses

across multiple weeks and highlights that

the customers of such providers need

to verify they can demonstrate not just

protection against DDoS, but also

contingency plans to ensure service

continuity. This year, organisations need

to start having these types of blunt

conversations with suppliers - not putting

it off until it's too late.

"Organisations should also think about

doing some testing of their protective

measures," adds Newman. "Will our defences

work, if we are the target of a DDoS attack?

What happens if our ISP or hosting provider

goes down? If the last few years of global

pandemic has taught us anything, we all

need to have a 'Plan B'."

www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2022 computing security


Brookcourt Solutions - PROOFED BW.qxd 10-Feb-22 10:34 AM Page 2

strategic thinking








Every business should be considering the

potential opportunities and cyber

threats that the future could bring, but,

with the future more uncertain than ever,

how do you start to plan? Steven Usher,

Senior Security Analyst, Brookcourt Solutions,

offers his insights into the three areas he

believes you should be looking at to stay

ahead in the coming year.

When it comes to cybersecurity, the

likelihood is that the majority of 2022's cyber

threats won't be new or unheard of; they will

Steven Usher, Brookcourt Solutions:

organisations should be open to searching

for cyber security candidates with a passion

for the industry.

be well-known issues that have been seen

repeatedly. Yet these 'well-known' issues

continue to catch out organisations yearafter-year.


Always be aware of what is on your network.

Take the time to ensure the asset register is

fully populated, as it can be all too easy for

an organisation to lose track of what is on

their network. Having unknowns on your

network is risky, as it opens up gaps in your

network and ultimately puts the organisation

at risk.

Taking this time to ensure your asset register

is updated, fully populated and that there

are as few items missing as possible should

be a key priority for all organisations. After

all, you can't effectively protect or secure an

asset, if you didn't know it existed in the first


Once you have a clear picture of what exists

on your network, you can then start to

understand where the highest risks are,

patch any outdated software and look to

implement security measures that will

dramatically improve your overall security



Whether this testing includes penetration

testing, red teaming etc that are in place,

testing should be done continuously on a

regular basis, by external groups, as well as

tested internally, utilising breach and attack

simulation products. If possible, red team

engagements should be run in a purple team

situation to ensure that the defence of the

organisation is also analysed and

reviewed.Often, recommendations made in

reports from penetration tests and red team

engagements are considered and mostly

implemented. However, those changes need

to be tested regularly, as well as maintained

through the various changes that naturally

occur in the environments in question. If

software is displaced, the recommendations

made and the policies implemented need to

be maintained to ensure that the security

posture of the organisation does not


Tabletop exercises should also be carried out

internally on a regular basis, ensuring all the

departments and employees who should be

involved in responding to, as well as dealing

with, incidents, have the correct knowledge

and experience to do so. They should also be

provided with the opportunity to look for

and report on any weaknesses that are

currently in the processes. Finally, tests should

be run on restoring backups.


Organisations should change their viewpoint

on the hiring of Cyber Security staff. There is

a well-documented and well-known

shortage of qualified Cyber Security staff in

the industry, resulting in organisations

becoming even fussier about who they hire,

in an already lightly resourced industry.

This problem leaves the responsibilities of

that unfilled role, within an organisation,

open and unaffected a lot of the time, which

ultimately reduces the efficacy of the

company's security overall and opens up

gaps to allow vulnerabilities. Instead of

looking for the most experienced candidate

in the field, organisations should be open to

searching for candidates with a passion for

the industry and who have the potential to

become the ideal candidate.


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Document1 14-Dec-21 12:38 PM Page 1

Biometric Technology - PROOFED BW.qxd 10-Feb-22 10:35 AM Page 1








Accelerated by the move to hybrid life

brought by the pandemic, almost all

services and products have shifted

online, points out Amir Nooriala, chief

commercial officer, Callsign. "This also

includes the way we are authenticated,

but the problem is that the ways we are

authenticated online are based on analogue

methods and are not fit for purpose. They

are digitised processes that have not been

built for the digital world, as highlighted

by the amount of fraud and scams that

we continue to see in the news agenda.

Because of this, it's clear that digital identity

is broken and verifying genuine users online

isn't working.

"There are solutions the tech industry can

put in place to resolve this issue. The NEC's

secure biometric authentication technology

is a step in the right direction. However,

it's important to highlight that static

biometrics, such as facial recognition, are

only appropriate in some circumstances and

will not fix the digital identity problem."

For example, facial recognition shouldn't

really be used for day-to-day logins, but

rather for step-up checks when nothing else

can be verified, no matter how secure the

underlying tech might seem, he argues.

"Once our facial features are compromised,

there is no going back. We cannot get a

new face and the fraudsters will own that

information. As a standalone method of

verification, it is not good enough, because

it is not privacy preserving and adds friction

to the user journey," adds Nooriala.


Because of this, organisations must never

rely on static biometrics in the user journey,

he points out. "Instead, businesses should

consider layering contextual data over

authentication, such as behavioural

biometrics, to ensure consumers can access

services quickly, easily, and securely."

Behavioural biometrics considers the

behavioural factors of an individual to

authenticate them. This includes the device

used by the user, how quickly they type,

how they hold and swipe their phone or

the way their mouse moves on a computer,

Nooriala comments. "These contextual

attributes learn and adapt with the

consumer, as the business relationship

progresses. It provides privacy preserving,

frictionless, accessible, and inclusive

methods to authenticate users in robust

and failsafe ways. With all this in mind, it's

easy to see why behavioural biometrics is a

better authentication method than its

physical counterparts to fix digital identity.

It's easy for consumers, businesses and

governments to use, but, importantly, once

consumers understand that behavioural

biometrics doesn't use or store personal data,

we can expect to see more adoption in these



Although society has seen drastic

improvements in security, thanks to the

rise of digital technology, new risks, such

as has emerged with impersonation, have

also been introduced. This is why biometric

authentication technology has become a

critical factor in determining authenticity and

protecting privacy, says NEC.

"Border controls, airlines, airports, transport

hubs, stadiums, mega events, concerts,

conferences: biometrics are playing a

growing role not only in the real-time

policing and securing of increasingly crowded

and varied venues worldwide, but also in

ensuring a smooth, enjoyable experience

for those who visit them." Since the 1970s,

NEC has been researching and developing

www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2022 computing security


Biometric Technology - PROOFED BW.qxd 10-Feb-22 10:35 AM Page 2


Amir Nooriala, Callsign: businesses should

consider layering contextual data over

authentication, such as behavioural


Jim Close, Kofax: digital identity's strength

lies in the way cognitive capture and artificial

intelligence technologies are leveraged.

biometrics authentication technologies,

such as fingerprint recognition, palmprint

recognition and face recognition. NEC has

also established technologies in the fields

of iris recognition, voice recognition, as well

as its original ear acoustic authentication

technologies, and supplemented them with

AI and data analytics to enhance situational

awareness and facilitate effective real-time or

post-event action in both law-enforcement

and consumer-oriented spheres. NEC uses

these biometric technologies under the

'Bio-Idiom' brand in various applications and

in effective combinations to realise a world

where, it states, "anyone can utilise digital

contents safely and securely".

Explains the company: "Face recognition

can often prove one of the best biometrics,

because images can be taken without

touching or interacting with the individual."

With the ability to process and analyse

multiple camera feeds and thousands of

faces per minute, the company adds that its

face recognition is able to "police the largest

and most difficult security challenges with

efficiency, sensitivity and perception".


Meanwhile, NEC has developed a biometric

authentication technology that allows users

to authenticate themselves with encrypted

face information. This technology reduces the

risk of misuse, it states, if face information is

leaked and contributes to the expansion of

safe and secure biometric authentication

use cases. "With the application of this

technology, all face information handled by

service providers is encrypted. Therefore, even

if encrypted face information is leaked, the

risk of being misused for spoofing is low.

Moreover, since users have a secret key for

decryption, service providers cannot decrypt

face information, enabling users to take

advantage of the face recognition service

with peace of mind."

Face recognition is increasingly being

introduced as a means of identity verification,

but, in the unlikely event that registered face

information is leaked, it may lead to misuse,

such as spoofing. "As a result, greater

attention is being paid to technologies that

perform biometric authentication while

encrypting information, such as face

information," states NEC. One such technology

it singles out, is 'homomorphic

encryption'. This cryptographic technology,

which can perform operations such as

addition and multiplication while encrypting

data, is known to perform authentication

processing while biometric features are

encrypted - and without deteriorating the

accuracy of certification.

However, homomorphic encryption can

only perform simple operations and processing

speed is greatly reduced when performing

the complex processing required by

biometric authentication. As a result, it has

been limited to '1:1 Identification', which is

used for logging into online services with

relatively light processing. Conversely, the

method has been difficult to apply for '1:N

Identification', such as facility entry control

and transaction settlements, which require

greater processing speed.

In order to overcome this challenge, NEC

developed a secure biometric authentication

technology that can be applied to 1:N

Identification by streamlining the processing

of face recognition using homomorphic

encryption. Conventionally, 1:N Identification

has required authentication processing that

includes complex arithmetic operations that

are difficult for homomorphic encryption.

However, this technology is said to reduce

processing by focusing on promising

candidates through simple operations,

rather than processing all registered users.

"This narrowing down greatly reduces

the number of authentication operations,

including complex operations, so that 1:N

Identification can be performed at high

speed, even with homomorphic encryption,"

reports NEC. "With 1:N Identification for


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Biometric Technology - PROOFED BW.qxd 10-Feb-22 10:35 AM Page 3


10,000 registered users, for example, NEC's

new technology can narrow down the

number of user candidates in about 0.01

seconds. If the system narrows down the

number of candidates to about 1% of the

total number, it can perform face authentication

processing in a speed of about 1

second. In addition, the use of this technology

does not impact the accuracy of

certification. "

Going forward, NEC will further develop

this technology, it confirms, combined with

Bio-IDiom (the company's portfolio of

biometric authentication technologies), "in

order to enhance the safety and security

of personal information, entrance control,

transaction settlements and more".


For Rob Watts, CEO, Corsight AI, passwords

are now very much a thing of the past. "Why

do we need them when we all have a face?

We are already seeing the preference for

biometric authentication on our mobiles and

it's predicted that facial recognition hardware

will be present in 90% of smartphones by

2024. The general public does not see a

difference between cyber and physical

security, they simply want to go about their

daily lives in a safe and secure way. So,

why does the technology industry insist on

creating siloes, when biometric is far safer for

the citizen?"

It is predicted that the total addressable

market for facial recognition technology

(FRT) is set to experience 12.4% CAGR from

2021 to 2025, growing by $3.78 billion.

The explosion here is based upon personal

biometrics used on mobile and FRT use at

the edge. "The traditional use of facial

recognition for security and surveillance will

be overwhelmed by personal consumer use,"

he says. "However, as cybercriminals become

increasingly sophisticated with their targets

and tactics, end-users will need to ensure

that the security of the biometric data in their

systems is a top priority, in order to avoid

situations where data is compromised."

For the financial sector, multi-factor

authentication that pairs facial recognition

with passwords and codes is a popular

solution. "Yet the more sophisticated version

of this, gaining traction over the next

few years, is dual analytics - pairing

behavioural biometrics (like gait or mouse

use characteristics) with voice and face

recognition, for instance - to mitigate risks

of spoofing or fraud."

Ultimately, adds Watts, the speed and

accuracy of FRT has come on in leaps and

bounds over recent years "and the future of

biometric authentication lies in its capability

to accurately recognise faces in challenging

environments: with masks on, from high

angles and in low lighting. Getting it right

and having the highest accuracy is where

customers will gain confidence. While

developers are now also ensuring software

is secure by design and secure by default,

transparency from organisations leveraging

biometric data - in how it is captured, stored

and protected - will be key to greater

adoption moving forward. Security and

personal biometrics using FRT is the future

for us all".

States Jim Close, regional vice president of

enterprise at Kofax, the need for a digital

solution to safe, secure authentication of

identity has gained urgency over the last

couple of years. "Cyber security in general is

a major worry for companies and employees

alike, but the pandemic and adoption of

remote work has put the risk of identity theft

in stark relief. As corporations accelerate their

digital transformation initiatives to support

hybrid work, they'll have to rely on emerging

technologies to ensure privacy and security of

employee information."

One option he also endorses is digital

identity. "In fact, widespread adoption of

this chip-based approach is already well

underway. Seventy countries have set up

a national ID scheme and most are using

electronic national ID cards. In addition,

there are more than one billion users of

digital identity apps today, and that number

is expected to jump to more than 6.2 billion

by 2025, according to a recent study.

"While some may be wary about digital

identity, modern technology has made this

option very secure," he insists. "A key reason

is the digital identity trust framework

requires all providers to use encryption and

set up a security governance framework. As

a result, digital identity presents a significant

obstacle to fraud. Its strength lies in the way

cognitive capture and artificial intelligence

technologies are leveraged. A combination

of multiple data sources, various digital

and biometric attributes, behavioural user

data and more work together with these

advanced technologies to validate and

authenticate a user's identity in seconds,

while also identifying anomalies that may

indicate the possibility of fraud."

"Another advantage he singles out is that

digital identity allows users more control

over their data. "For instance, if a consumer

is using the digital wallet to purchase

tobacco or alcohol, they can choose to

only share that portion of information in

their identity wallet. When the amount of

personal data that needs to be exchanged

is minimised during transactions, it reduces

the reliance on third parties and enhances

security by removing a player from the

equation. Perhaps even more crucially, when

individuals are the arbiters of the attributes

used to create their identity, they gain

a higher level of trust and confidence in the


"There are numerous use cases for digital

identities, from account creation and website

logins to age verification and know-yourcustomer

certification. Most importantly, this

many-layered approach offers organisations

an effective and robust way of keeping

company, and individual data and

information, safe and secure," he concludes.

www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2022 computing security


Arcserve - PROOFED BW.qxd 10-Feb-22 10:36 AM Page 1





Darren Stevens, IT manager, Furness

College: Arcserve dashboards show at

a glance that we're consistently meeting

our recovery time objectives.

More than 4,000 students are

progressing their education at

Furness College to improve their

future job prospects, via a range of fulltime,

part-time and distance learning

courses. The college needs to protect

student and staff work against

ransomware attacks, hardware failure

and accidental deletion to safeguard

student grades and the college's

reputation. Arcserve appliances enabled

the college to make a 50% cost saving

on backup. With in-built ransomware

protection, the solution enables rapid

recovery of individual files and emails.


A team of around 350 faculty and staff

support the college's students.

Safeguarding staff and student files

against ransomware attacks, hardware

issues and accidental deletion or

corruption is essential to protecting

student grades.

"We can't expect all our students and

staff to be IT-savvy, so it's our

responsibility to make sure that their

work is safeguarded against the risk

of data loss," says Darren Stevens, IT

manager at Furness College. "If work

is lost, it could impact the college's

reputation, as well as students' grades

and potentially their choice of career

going forwards. We weren't completely

happy with the functionality and

performance of our existing solution.

The backup window was stretching into

the morning, it was time-consuming

to find and restore individual files and

emails, and, with all backups held in the

cloud, it took too long to recover data."


Furness College rolled out two Arcserve

appliances in May 2021. The team

selected Arcserve appliances, due

to their inbuilt protection against

ransomware with Sophos Intercept X,

and a cost reduction of 50% compared

to the college's previous backup solution,

it states.

"There was a spike in ransomware

attacks on colleges and universities

during lockdown," states Daniel Walker,

network infrastructure lead at Furness

College. "We had briefings about

the increased risk from JISC (Joint

Information Systems Committee) -

which provides our academic network -

so we were keen to add an extra layer of

protection with the Arcserve solution."

Furness College has an Arcserve

appliance at its two campuses, each

backing up a different subset of servers,

with a total of 32 servers and nearly

600TB of recoverable data protected.

Using the Arcserve appliance's

snapshots, the college can recover files

or even a complete server in minutes.

"We use the solution on a regular basis

for recovering individual student and

staff files, and emails that have been

accidentally deleted or overwritten,

without having to roll back the entire

server," he adds.

The appliance's automated testing

feature, Arcserve Assured Recovery,

provides complete confidence that,

in the event of an incident, data can

be restored completely and without

impacting its integrity.


With the Arcserve appliances, Furness

College's IT team can restore services,

lost or deleted files and emails four times

faster, which safeguards staff work and

student grades. "Arcserve dashboards

show at a glance that we're consistently

meeting our recovery time objectives

(RTO)," says Stevens. "The solution is very

easy to manage and run on a day-to-day

basis, which means the IT team is free

to focus on supporting users. With the

Arcserve appliances, we've reduced costs

and mitigated the risk of a ransomware

attack. We can protect business

continuity and the college's reputation."

www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2022 computing security


Ransomware - PROOFED BW.qxd 10-Feb-22 10:36 AM Page 2





Like many of the misfortunes that

plague businesses, ransomware is

something that always seems to be

happening to others - until it happens to

you. It is then that its impact is properly

understood and felt, as the nightmare you

don't seem to be able to wake up from.

According to the head of the National

Cyber Security Centre (NCSC), ransomware

attacks present "the most immediate

danger" to the UK, with cyber-attacks

linked to the Covid-19 pandemic also likely

to be prevalent for many years to come.

Lindy Cameron warned that cybercriminals

and other malicious actors continue to see

ransomware as an "attractive route", as

long as firms do not adequately protect

themselves or agree to pay the ransom

when attacked - something the NCSC has

consistently exhorted companies not to do.


Chris Harris, Europe, the Middle East and

Africa (EMEA) technical director at Thales

UK, says Cameron's comments should serve

as a stern warning to all companies around

the world. "As we have seen by the

increase in attacks this year and diversity

of victims - from SolarWinds to Ireland's

Health Service, Hackney Council and the

Colonial pipeline - no one is immune to

a hacking attack and the impacts can be


"One of the biggest misconceptions around

ransomware is that hackers are only after a

quick pay day and the only real damage done

is to a company's reputation. The reality is

hackers have the ability not just to take files,

but also impact the running of an entire

organisation - from taking down payroll to

compromising critical national infrastructure,

which can have a detrimental effect on the

public. In the worst cases, ransomware can

present a real physical threat to individual's

lives - for example, when hospitals are

attacked and patients put at risk," he adds.

All businesses must wake up to the wideranging

risk of ransomware attacks, he adds,

and enact the right security and backup

controls to ensure their entire company and

its customers don't become victims of a

potential attack. "This means understanding

where data is held and protecting it at its

core with encryption measures that only

those authorised can access."


Research from managed security services

provider Orange Cyberdefense reveals there

has been a 13% increase in cyberattacks on

enterprises over the past 12 months, with a

rise in ransomware incidents and, for the first

time, a noticeable wave of attacks against

mobile devices. The 'Security Navigator 2022'

provides a detailed analysis of more than 50

billion security events analysed daily over 12

months by the company's 18 Security

Operation Centers (SOCs) and 14 CyberSOCs

across the globe.

Monitoring showed that, of the 94,806

incidents flagged during monitoring as being

potential threats, analyst investigation

confirmed 34,156 (36%) to be legitimate

security incidents - a 13% increase on the

year before. More than a third (38%) of all

confirmed security incidents were classified as

malware, including ransomware - an increase

of 18% on 2020.

The report found that almost two thirds

(64%) of the security alerts dealt with by

Orange Cyberdefense analysts turned out to

be 'noise' and did not represent a genuine

threat - an increase of 5% on the previous

year. The findings suggest that many

organisations, particularly small and medium

sized businesses, will require more resources

to filter this massive amount of data for

potential threats. The risk is that these

businesses will become increasingly

vulnerable to attack as the level and volume

of activity continues to rise.


The Security Navigator also reports that

mobile operating systems like iOS and

Android in a business context are an

increasingly popular target for exploits.

Many of the activities appear to be related to


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Ransomware - PROOFED BW.qxd 10-Feb-22 10:37 AM Page 3


commercial companies contracted by law

enforcement and intelligence agencies.

However, the vulnerabilities and exploits

developed will likely not stay in that realm,

but have in the past and will likely in the

future find their way into the criminal

ecosystem as well (such as the WannaCry

attack of 2017).

Orange Cyberdefense predicts attacks

targeting mobile devices are likely to

continue on this upward trajectory. "This is a

development that security professionals will

need to pay closer attention to. Mobile

platforms are key in modern access

protection concepts, namely multi-factor

authentication (MFA), which is commonly

used in corporate environments to protect

cloud access, for instance," it states

Another key finding of the new Security

Navigator is that malware, including

ransomware, was the most common type

of threat reported across the analysis period,

with 38% of all confirmed security incidents

classified as malware - an increase of 18%

on 2020. Among the key malware trends


A decrease in confirmed downloader

activity (malware that downloads and

runs other malware on affected systems)

in November and December 2020 after

the Trickbot botnet was taken down by

law enforcement, and in January and

February 2021, directly after Emotet was

taken down

An inverse correlation between the

stringency of Covid-19 lockdowns

and the volumes of downloader and

ransomware activity: the more stringent

the lockdowns, the less of this activity,

running contrary to the prevailing

narrative that attacks increase when

users work from home

Large organisations see more

than double (43%) the amount of

confirmed malware incidents than

medium-sized businesses.

"Attacks like Solorigate show that even

trusted software from reliable vendors can

turn into a trojan horse for cunning

attackers," says Hugues Foulon, CEO of

Orange Cyberdefense. "Technology alone

cannot be the solution to this problem and,

as our data shows, we have seen a 13%

increase in the number of incidents in just

one year and these incidents keep increasing

year on year. A large proportion of the

tech-driven security alerts that our analysts

deal with are just noise, but this puts a

tremendous strain on already stretched IT

and security teams.

"Indeed, not all businesses have the means

or resources to employ managed security

services providers to help them sift through

the 'noise' and find the actionable security

'signals'. We thus believe that security

technologies can, and must, do better."


The EY Global Information Security Survey

2021 (GISS) illustrates the devastating and

disproportionate impact that the COVID-19

crisis has had on a function that is striving to

position itself as an enabler of growth and

a strategic partner to the business.

Through a global survey of more than

1,000 senior cybersecurity leaders, it finds

CISOs and security leaders grappling with

inadequate budgets, struggling with

regulatory fragmentation and failing to find

common ground with the functions that

need them the most. "Indeed, the upheaval

of the global pandemic has created a perfect

storm of conditions in which threat agents

can act," says EY. "Since the 2020 GISS

report, there has been a significant rise in

the number of disruptive and sophisticated

attacks, many of which could have been

avoided had companies embedded security

by design throughout the business."

Chris Harris, Thales: no one is immune to

a hacking attack and the impacts can be


Amongst the challenges that besiege

them is, not surprisingly, ransomware. As

organisations rolled out new customerfacing

technology and cloud-based tools

that supported remote working and kept

the channel to market open, the speed of

change came with a heavy price. "Many

businesses did not involve cybersecurity

in the decision-making process, whether

through oversight or an urgency to move

as quickly as possible. As a result, new

vulnerabilities entered an already fast-moving

environment and continue to threaten the

business today."


At the time of writing, CISOs and their teams

may not yet have completed a full

assessment of the long-term impact that

their company's new technology will have on

its defences, states EY. But, in the meantime,

it's likely that their colleagues are continuing

to use the technology regardless.

"The urgency of the crisis meant that

security was overlooked, even while

organisations were opening up systems

that had never been open before," reflects

Richard Watson, EY Asia-Pacific cybersecurity

risk consulting leader. "Not all organisations

acknowledge they now need to go back and

address those issues."

www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2022 computing security


Ransomware - PROOFED BW.qxd 10-Feb-22 10:37 AM Page 4


Errol Gardner, EY: it falls on CISOs to ensure

that CEOs have the right understanding of

the value that investing in cybersecurity


Hugues Foulon, Orange Cyberdefense:

Attacks like Solorigate show that even

trusted software from reliable vendors

can turn into a trojan horse for cunning



The risks of moving on without addressing

the issues are, however, very real and

increasingly urgent. More than three in

four (77%) respondents to this year's GISS

warn that they have seen an increase in

the number of disruptive attacks, such as

ransomware, over the last 12 months. By

contrast, just 59% saw an increase in the

prior 12 months.

"Yet CISOs are struggling to make

themselves heard," points out EY. "Most

respondents (56%) admit that cybersecurity

teams are not consulted, or are consulted

too late, when leadership makes urgent

strategic decisions. While some maintain

that this happens 'not very often', it only

needs to happen once for a flaw in the

defences to be exploited by threat actors."

An additional concern, at least in the US,

says the report, is that the Department of

Justice has raised ransomware attacks to

the same priority level as terrorism and is

coordinating investigations through a task

force in Washington. Might the UK follow

that lead?


"CISOs are central to an organisation's efforts

to transform and deliver long-term value,"

says Errol Gardner, EY global vice chairconsulting.

Discussing how CISOs should

position themselves as enablers of

transformation, Gardner adds: "While CEOs

are on a path to realise their vision and

successfully transform their businesses

through technology, they can't afford to

turn a blind eye to the cyber risks this poses.

"At the same time, it falls on CISOs to

ensure that CEOs have the right understanding

of the value that investing in

cybersecurity brings and that they recognise

that as an integral part of the transformation

journey. Investing in building a strategic

relationship between CISOs, CEOs and the

rest of the C-suite will help ensure that

transformation programs are not only

successful, but also implemented in a cybersecure

way for the organisation and its




Meanwhile, as reported by Channel Eye,

cybersecurity and GDPR compliance platform

Naq Cyber has warned that ransomware

attacks are increasing by 70% every month.

Millions of businesses have moved their

proposition online and shifted to remote

working since the pandemic started, but

many still have little or no online protection

in place and are therefore still vulnerable to

these attacks, the report finds.

The data also showed that one in six small

business in the UK that had been impacted

by a cyber-attack almost had to shut their

doors, due to the severity and impact on

their business.

"Ransomware continues to work

tremendously well and shows no sign of

slowing down, due to the ease and speed

with which companies choose to pay," states

Jake Moore, cybersecurity specialist at ESET.

"The figures attributed to ransoms are often

chosen by the attackers, in relation to the

wealth of the business. The problem isn't

always how much a company pays; it is if

they pay anything at all.

"When an organisation chooses to pay a

ransom, they are admitting defeat and

funding the ransomware business cycle,

which continues the problem."

So, where does the solution to the problem

lie? In better protection and quicker

restoration, along with regular tests, he

argues. "It is often not that a business

cannot restore at all, but that it cannot

restore 'back to business as usual' quick

enough. This just adds fuel to the fire and

continues ransomware on its staggeringly

problematic journey ahead."


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Cyber Runway - PROOFED BW.qxd 10-Feb-22 10:38 AM Page 1

skills crisis



Cyber is revolutionising the way that we

live our lives and indeed our whole

approach to national security. It is for

this reason that the UK government recently

launched the National Cyber Strategy, with

the stated goal of "strengthening the UK

cyber ecosystem, investing in our people

and skills, and deepening the partnership

between government, academia and


An essential part in achieving this overall

objective is the pledge to invest in people

and skills. It's something that resonates

deeply with David Ferbrache, chief

technology officer in KPMG's cyber security

practice, who welcomes, as part of this

process, the Government's 'Cyber Runway'

scheme - in particular, its focus on boosting

the number of skilled workers from diverse

backgrounds in the cyber security sector.

"The lack of cyber talent has become a

critical issue as threat actors have ramped

up their efforts to hack British businesses -

a situation that is only going to worsen. A

more diverse and inclusive team equates to

a more innovative team - one that is better

equipped to stand up against threat actors

attacking organisations across the country."

Recent research from KPMG and the NCSC

found that just one in 20 workers in the

cyber security industry is aged 18-24, he

adds. "Increasing this should be a priority

for the future, not least in recognition of the

cyber industry's persistent skills shortage.

While the announcement will help this

endeavour, as cyber criminals have taken

hold during the pandemic the question is

whether this is too little too late?" The

research also showed that just 3% of the

cyber workforce entered via a school leaver

or apprenticeship scheme and 12% via a

graduate scheme. Raising these levels - in

particular of school leavers and apprentices -

could have a positive impact on the diversity

of the sector and, in turn, boost the cyber

resilience of the entire country," he states.

Ferbrache also points to how the National

Cyber Strategy recognises the importance of

securing the broader tech ecosystem - and

the vital role which the private sector must

play in ensuring the UK's future cyber

security. "The establishment of the National

Cyber Advisory Board is a necessary step

forward in bringing senior leaders together

across all sectors as we move towards

professionalising cyber security through the

UK Cyber Security Council, as well as driving

improvements in the standards of security

across the service and product providers at

the heart of our digital economy."


The research that he refers to - 'Decrypting

Diversity: Diversity and Inclusion in Cyber

Security' - also raises many points of concern

around failures to embrace diversity root

and branch, something that Lindy Cameron,

CEO of the NCSC, addresses in that report

itself. "At the National Cyber Security Centre,

we say that cyber security is a 'team sport'.

We all have a part to play in making the

profession a thriving eco-system of diverse

minds, that fully reflects our country and

society, and a workforce in which everyone

feels valued, included and equal. That's why

www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2022 computing security


Cyber Runway - PROOFED BW.qxd 10-Feb-22 10:38 AM Page 2

skills crisis

Lindy Cameron, NCSC: we all have a part to

play in making the profession a thriving

eco-system of diverse minds.

Simon Hepburn, UK Cyber Security Council:

"Getting more people to consider entering

the cyber security industry is crucial.

the research that the NCSC has conducted

with KPMG is so important, giving us an

insight into who makes up the cyber

security profession and their experiences

being part of it."

The survey shows a mixed picture, she

confirms in her introductory remarks. "There

are some areas to be proud of: in terms

of who we are, more than a quarter of

respondents identify as having a disability.

But we are still evidently a very male

profession, with disproportionately male

senior leadership. At the NCSC, we are

committed to bringing more women into

the profession, for example with our

CyberFirst Girls Competition.


"But there's clearly more to do. We are a

growing profession - so this isn't a structural

problem we have to live with. If we face this

head on, we can ensure we are a profession

that fully reflects our nation's rich diversity

and full range of talent. We will need to,

both to get the skills we need today and

make the most of them, and to avoid a skills

gap tomorrow."

More worryingly. though, Cameron adds,

one in five cyber security professionals still

feel as if they cannot be themselves at

work, with the figure rising for disabled

and neurodivergent colleagues. "None of us

should be comfortable with that and each

of us has a leadership role to play. The

creation of the UK Cyber Security Council is

a really positive step to achieving this goal.

"It will take a leading role in pushing

diversity and inclusion to the top of the

industry's agenda. Driving change within

the profession is a collective effort. As cyber

security leaders, we must also play our role

in delivering positive change. We must work

together continue to challenge the status

quo, and, she points out, "reflect on our

behaviours, practices and assumptions in

the workplace."

According to Alexandra Willsher, senior

sales engineer at Forcepoint: "Differences in

gender, health, location, age, race, sexuality

and social economic factors directly impact

how people engage with technology - and

therefore directly influence critical risk

factors. A company's products can't truly

work for all, unless that same audience has

been involved in its creation.

"If product development is always done

by the same small pool of individuals, with

similar experiences and ways of living in the

world, they will reflect their biases. Products

created by those working in information

technology are used the world over, and we

need full representation of people from all

characteristics and backgrounds during the

development process to make sure that

what's being created is appropriate for all."

Initiatives like the Cyber Runway are

exactly what are needed to start to redress

the balance and reliance on a handful of

areas of the country and groups within

society when it comes to investment and

innovation, she adds. "We already have as

many as 10% of all current UK job vacancies

being within the technology industry,

according to Tech Nation. Filling those

vacancies will mean looking beyond the

usual places. The combination of our digital

economy, and the changes brought on by

the pandemic, has highlighted how physical

location might not be as critical to accessing

opportunities as it once was.

"Cyber hubs like Cheltenham, where there

are close links to large cyber organisations

like GCHQ, will remain important - but

bringing down the barriers for other

innovation and entrepreneurs to get started

means making sure that physical location

isn't a barrier to getting funding and

support." Willsher is pleased to see that the

Cyber Runway aims to provide this. "The

'levelling up' agenda is all about bringing

the economic and business opportunities to

the country as a whole, not just London, the


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Cyber Runway - PROOFED BW.qxd 10-Feb-22 10:38 AM Page 3

skills crisis

Southeast or major cities. Often for those

new to the sector, the first barrier is seeking

funding and knowing where to start with

getting an idea off the ground, so the Cyber

Runway's role as an incubator is much


"What comes next is putting processes in

place to make sure this talent is nurtured

and stays within the sector, as opposed to

moving elsewhere. Existing cybersecurity

companies would do well to take note of

these innovators and the new ways of

thinking and looking at issues that greater

diversity can bring."


Meanwhile, as a further step towards

greater focus on skills, cyber security and

enhancing and developing careers, the UK

Cyber Security Council and the Security

Awareness Special Interest Group (SASIG)

have formed a new partnership.

The council and SASIG will work together

on key webinars and events designed to

improve trust in the online environment

and to harbour that trust to which they

are committed when it comes to education

and knowledge-sharing?throughout the

community. One of the forthcoming events

on which the council will partner with

SASIG is its third Cybersecurity Skills Festival,

which takes place virtually on Tuesday, 22


SASIG's Cybersecurity Skills Festival is a

biannual series where skills in cyber are

discussed and those looking for work are

connected directly with those looking to

hire. The conference agenda is packed

with helpful content and the jobs fair will

be "on a scale never seen in our industry,

with backing from public and private sector

alike", it is stated.

The key benefits that are highlighted by

the organisers are as follows:

Showcase your organisation and job

openings to hundreds of potential new

team members

Have your job openings recommended

to the right candidates

Candidates apply directly to you, so no

agency fees

Customise your stall with key

information, documents, job openings

and videos

Review applications within our platform

and set up video interviews the same


Your stall will stay open for 30 days after

the event

Stalls are saved and can be imported for

future events.

For those looking to re-skill into a new

career sector, cyber security is an attractive

option. With a new reliance on technology

in all aspects of life, this means that a huge

number of new technology-focused jobs are

constantly emerging. Cyber security is a

growing market and it is estimated that the

cyber industry will need an additional 3.5

million qualified professionals by next year.

With skills, education and training in cyber

security being firmly on the agenda for the

work that the UK Cyber Security Council is

doing, partnering with SASIG in this key

area to help individuals transition into a

career in cyber security was a natural choice,

it states.

Speaking of the partnership, Simon

Hepburn, CEO of the UK Cyber Security

Council, comments: "Getting more people

to consider entering the cyber security

industry is crucial and we look forward to

working with SASIG on this.

"We will be launching a programme of

joint activities in the coming months, such

as webinars and events, and with skills,

training and education in cyber security

very high on the agenda for the UK Cyber

Security Council, this was a very natural

partnership that aligns with the core values

of the UK Cyber Security Council perfectly."

Martin Smith, SASIG: the vital task of

bridging the cybersecurity skills gap is, in

SASIG's view, the single most important

strategic challenge the profession faces.

Alexandra Willsher, Forcepoint: a company's

products can't truly work for all, unless that

same audience has been involved in its


www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2022 computing security


Cyber Runway - PROOFED BW.qxd 10-Feb-22 10:38 AM Page 4

skills crisis

According to Martin Smith MBE, chairman

and founder of SASIG, the vital task of

bridging the cybersecurity skills gap is, in

SASIG's view, the single most important

strategic challenge the profession faces.

"Our Skills Festivals have already established

themselves as a successful way of bringing

together those looking for new talent and

those wanting to enter our dynamic and

exciting profession, but there is much more

to be done. This new partnership between

SASIG and the UK Cyber Security Council

will be central to these efforts."


David Howorth, VP of EMEA Sales at

Rapid7, says it is both a huge challenge and

a necessity for the UK to create a large and

diverse skill base to support the burgeoning

cybersecurity sector. "In common with

most developed economies, the shortage of

cybersecurity expertise remains a pressing

issue for governments and enterprises

alike. Whilst the last ten years has seen

a large expansion of UK academia offering

cybersecurity courses, there remains a skills

imbalance across the country as many

graduates of these programs end up

working in the south-east attracted by

the breadth of opportunities available and

the higher salaries.

"Through the creation of the Cyber Runway

scheme, the UK government is right to

target the regional level to support the

levelling up of this key industry, in order

to accelerate the development of higher

skilled jobs across diverse regions and

communities," he states.

"Also, with less access to venture capital as

compared to other countries, such as the

US, it is important that the government is

able to target support to small innovative

companies looking to develop and take to

market innovative cyber security solutions,

that may one day enable them to become

the next UK tech unicorn." What benefits

might it deliver? What other, similar,

schemes should the government be looking

at to improve the skills levels needed to

fight against an ever more sophisticated

cybercrime future?" "There are many

potential benefits to the UK economy of

growing and diversifying the cyber security

talent pool," responds Howorth. "By creating

high paid skilled jobs across all regions, the

UK will be better positioned to develop

vibrant hubs of innovative cyber security

companies that are able to closely

collaborate with regional academia.

"This, in turn, will also attract inward

investment from global organisations

looking for opportunities to scale out their

Cyber security expertise. Northern Ireland

offers many examples of successful cyber

security companies, such as Rapid7, which

has established large development hubs to

develop and foster talent."

While these initiatives do make a

difference, there is still a long way to go,

he concedes. "We must also create the

foundations where many more children

from diverse backgrounds have the

opportunities to focus their senior years'

studies in the area of STEM."


Sarah-Jane McQueen, general manager of

CoursesOnline, sees training courses as a

valuable way for organisations to mitigate

risks around skill shortages and keep their

workforce up to date when it comes to

their IT knowledge. "The report reveals a

dangerous situation for companies from all

sectors. Everyone, from small companies to

huge corporations, relies on IT professionals

to work behind the scenes to maintain

essential parts of their day-to-day business

operations," she says.

The key to preventing skills gaps affecting

business may be more obvious than most

companies realise. Instead of putting in

time and resources searching for suitable

employees in a shrinking job pool, looking

at upskilling opportunities with current

staff could be a better long-term solution.

"By upskilling your workforce through

both short courses and in-depth IT training

programmes, you can stay in control and

avoid the chance of coming to a standstill,

if the current skill shortage persists or gets

worse," she notes.

"Searching for new employees with years

of experience and training could become

more difficult, so growing your IT workforce

with eager and talented employees and

then setting them up with advanced

digital skills training could be the best way

forward. Promoting staff from within can

be an excellent way to build strong

relationships with your current employees

while also offering you protection from the

unpredictable changes to the wider digital

labour market," adds McQueen.


Today's Government Cyber Security Strategy

sets out a truly world-leading approach

to strengthening cyber and operational

resilience across critical government

functions is the view of Ollie Whitehouse,

Global CTO at NCC Group.

"This type of comprehensive, measurable

approach sets a strong example for the

private sector and other governments

globally. It will no doubt act as a catalyst for

change - organisations that want to partner

with the government will have to up their

game to meet increasing standards.

"A whole-of-society approach will be

essential to delivering the government's

aims, which I'm pleased to see strongly

reflected in the Strategy. NCC Group is

incredibly proud to have played our part

over the years, providing technical input

into the development of new policies such

as this one and as a delivery partner to

government. We stand ready to support

the public sector as it embarks on delivering

this new framework, " he concludes.


computing security Jan/Feb 2022 @CSMagAndAwards www.computingsecurity.co.uk

Product Review cs.qxd 24-Feb-21 1:16 PM Page 1



Secure systems, secure data, secure people, secure business

Product Review Service



The Computing Security review service has been praised by vendors and

readers alike. Each solution is tested by an independent expert whose findings

are published in the magazine along with a photo or screenshot.

Hardware, software and services can all be reviewed.

Many vendors organise a review to coincide with a new launch. However,

please don’t feel that the service is reserved exclusively for new solutions.

A review can also be a good way of introducing an established solution to

a new audience. Are the readers of Computing Security as familiar with

your solution(s) as you would like them to be?

Contact Edward O’Connor on 01689 616000 or email

edward.oconnor@btc.co.uk to make it happen.





2021-11-29_A4_Full_Page_Colour_Ad.indd 1 29/11/2021 17:21:33

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!