LORCA identifies top priorities for cyber security innovation

The top priorities for cyber security innovation are identity management, patch management and configuration management.

The top priorities for cyber security innovation are identity management, patch management and configuration management.

“These are basic components of cyber security, but failure to do them well is still responsible for the bulk of cyber attacks that we are seeing.”said the new LORCA CEO  Hannigan

Identity is one area where the UK is particularly strong, with some great companies focused on it, he said, particularly in the academic “pre-company” sector, where universities are doing some “really innovative things” around identity management and authentication.

“Identity is key to cyber security, and if we can get a product out there that beats others, the sky is the limit, especially for the export market, and it will be about who gets there first with a viable solution,” he said.

Hannigan believes the internet of things (IoT) and cloud computing are two more areas where cyber security entrepreneurs should be focusing their efforts.

He said cloud computing is “problematic” because it makes it harder for companies to understand what the perimeters of their networks are.

“Even for those companies that have worked out what their cyber security policy is and managed the risks, suddenly to do all their processing and storage in the cloud complicates that,” said Hannigan. “It is not terminal, but it means they need to rethink their risks and mitigations.”

He advised organisations to look at the guidance on security in the cloud from the National Cyber Security Centre (NCSC).

IoT is ripe for innovation

The IoT is “ripe for innovation”, said Hannigan, because it is unlikely that regulation or government guidelines will address the immediate risks.

“It is going to be a long time before security by default is achieved, so in the meantime we need to find ways to mitigate potential disasters, with billions of devices connecting to the internet,” he said.

In terms of going to market, Hannigan advises cyber security entrepreneurs to spend some time considering things from the customer’s perspective.

“In the UK, companies are more likely to be conservative in their cyber security investments and stick with well-established suppliers than countries like the US and Israel, so startups need to take that into consideration,” he said.

Hannigan believes Lorca has a role to play here in helping startups to think through how their technology will integrate with existing IT environments, making it as easy as possible with minimal disruption.

Time and skills required by businesses

Although businesses do not necessarily need to spend a fortune on cyber security, it does require some time and sometimes skills that may be lacking in-house, said Hannigan.

“I do have sympathy for small businesses, but many are doing more than they used to in the past and are using things like Cyber Essentials and the small business guide because they are seeing how cyber attacks are affecting companies or because their insurance companies have told them to,” he said.

Hannigan believes there is a need for effective managed security services for small and medium-sized businesses. “A regular complaint I get is that managed security services suppliers are not really appropriate for small businesses and aren’t necessarily that effective, so there is a challenge there to the industry to come up with managed security services that really work and that don’t just dump the problem back onto the client, but actually do something about it,” he said.

LORCA to help drive UK cyber exports

LORCA – the new London cyber security innovation centre will help to boost exports of UK cyber security expertise.

LORCA - the new London cyber security innovation centre will help to boost exports of UK cyber security expertise.

A key part of the ambition for London’s £13.5m government-funded cyber innovation centre is that it will help drive UK exports, according to Robert Hannigan, former head of GCHQ.

“We hope that companies founded and given a boost and support in going to market will also go to market overseas,” he said at the official opening of the centre – to be known as the London Office for Rapid Cybersecurity Advancement (Lorca).

“The government’s ambition is very clearly to make the UK a leader in cyber security exports, and I see massive potential out there in countries around the world that need a variety of different solutions,” said Hannigan, who will lead Lorca’s industry advisory board.

“We know we have great talent, potential and possibilities, and bringing it all together was the challenge for government and what has led to this [cyber security innovation] centre,” he said.

The centre will play an important role in bringing together the many good innovators and incubators across the UK and provide a focal point for interacting with government, said Hannigan.

Lorca will also bring together cyber security innovators with academics in the field, with various industry sectors – starting with the cyber security-leading finance sector, with other technical and non-technical disciplines, and with international partners.

“This centre has links to the US, Israel and Singapore, and convening the three most prominent cyber security industry centres in the world is going to be very powerful in magnifying the value of this centre,” said Hannigan.

Commenting further on the potential for cyber security exports, Hannigan said there is a “massive market” out there because there are many economies that are some way behind the cyber security technology front-runners that are looking for solutions.

“There is massive potential, we have got some great companies, the UK has a good reputation and we should capitalise on that because if we put all that together and get it right, we will have a booming cyber security export industry,” he said.

“There is a lot of private sector capital looking to invest in cyber. So there is no shortage of capital, it is all about finding the right vehicle, and Lorca will help with that. But there is no reason why, in the future, there shouldn’t be more initiatives along the same lines.”

For this reason, Hannigan believes there is room for many more initiatives aimed at supporting cyber security entrepreneurs.

“There is no competition between incubators and accelerators within the UK – the more the merrier,” he said, explaining that each has something different to offer, with Lorca being more industry-focused with international links, for example, and the GCHQ accelerator and innovation centre in Cheltenham being more focused on national cyber security.

The government funding for Lorca will also promote its role as a convening body for other accelerators and incubators as a “useful way of amplifying the UK’s overall cyber security offering, particularly overseas, said Hannigan.

Data protection is critical for all small businesses

Small businesses that misuse data or fall victim to breaches not only risk financial loss, but also reputational damage.

Small businesses that misuse data or fall victim to breaches not only risk financial loss, but also reputational damage.

A study from Gigya showed that 69% of consumers have reservations about brands handling their personal information, while nearly half of UK firms were affected by a data breach in 2017.

By failing to implement sufficient mechanisms to protect customer data, companies not only risk incurring financial loss by having to pay hefty fines and mitigate damage caused by breaches, but they also risk reputational damage.
Facebook, for instance, has been criticised for taking a lacklustre approach to data privacy after it was discovered that that the social media site somehow let marketing firm Cambridge Analytica gain unauthorised access to an estimated 87 million user accounts.

With the compliance deadline for the EU’s General Data Protection Regulation (GDPR) on 25 May 2018, most firms should be considering what they can do to boost and improve their data protection procedures and prevent breaches.

Customer trust is paramount for small businesses

As the compliance deadline for the GDPR looms, firms have increasingly been exploring ways they can improve their security mechanisms. Businesses that fail to adhere to the law face having to pay up to €20m in fines.

Such a sum of money would be damaging for most firms, but reputational damage would be more catastrophic to companies. Consumers put their faith in firms that conduct good data practice.

Businesses must be more transparent at disclosing not only policies and terms and conditions, but exactly how the data will be used. They need to be more specific in terms of what data is being collected and detail the intended use. Many companies are asking customers for their permission to harvest data, but opt-in mechanisms are vague.

Consumers are becoming more aware about data privacy concerns, mainly because of news headlines. A key example is the Facebook and Cambridge Analytica debacle.

Data protection is a constant operation

Many businesses are failing to implement appropriate mechanisms to protect this information.

Personal data is considered to be one of the most sensitive categories of data an organisation has access to, and perhaps it is the most valuable. As the value of personal data increases, so should the controls needed to protect it.

Personal data should be processed only with clear consent given by the data owner, with a transparent agreement and an organisation-wide focus on preventing data theft or misuse.

To identify misuse, firms should constantly analyse their businesses procedures and operations to ensure they are compliant with the latest data protection safeguards. Firms should not assume that once they have installed or developed a system to protect customer data, they have nothing else to do.

With the GDPR compliance deadline looming, UK organisations should be in the final stages of educating their workforce and deploying the appropriate technology to manage the large swathes of information they hold.

As masses of devices continue to connect to the internet, it is clear companies will have access to an ever-growing amount of data. If they put the right data protection and management mechanisms in place, they can gain a lot of potential from customer information. But without sufficient safeguards, the risks will keep on growing and firms could find themselves in all sorts of trouble.

So if you want to save yourself stress, money and a damaged reputation from a phising data cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Top cyber security criminals earn up to £1.5m a year study shows

Academic study reveals just how lucrative cyber security crime can be, with top level cyber criminals out earning government leaders.
Academic study reveals just how lucrative cyber security crime can be, with top level cyber criminals out earning government leaders.

Cyber security criminals are acquiring, laundering, spending and reinvesting about £1.1 trillion in profits a year, research has revealed.

The highest earning cyber criminals are making up to £1.5m a year, almost as much as a FTSE250 CEO, according to a study commissioned by Bromium.

Mid level cyber criminals make up to £639,000, which is more than double the US president’s salary, while entry level cyber criminals make about £30,000, which is significantly more than the average UK graduate, the research noted.

The findings on how much cyber criminals earn from their illegal activities and what they spend their profits on are part of an 11-month study into the macro economics of cyber crime and how the various elements link together. It has been led by Michael McGuire, senior lecturer in criminology at Surrey University.

The report highlights how cyber crime has become a booming economy, and reveals cyber criminal links to drug production, human trafficking and even terrorism.

The use of ransomware, crime-as-a-service, data theft, illicit online marketplaces and trade secret/IP theft are helping cyber criminals generate huge revenues with relative ease, the report said.

According to the research the cyber security industry, business and law enforcement agencies need to come together to disrupt cyber criminals and cut off their revenue streams. By focusing on new methods of cyber security that protect rather than detect, we believe we can make cyber crime a lot harder.

Data gathered by the research team through first-hand interviews with 100 convicted or currently engaged cyber criminals, law enforcement agencies and financial institutions, combined with dark web investigations, reveals that 15% of cyber criminals spend most of their money on immediate needs, such as paying bills.

One fifth of cyber criminals focus their spending on drugs and prostitution, 15% spend to attain status or impress, but 30% convert some of their revenue into investments. Some 20% spend at least some of their revenue on reinvestments in further criminal activities, such as buying IT equipment.

The proceeds of cyber crime fuel other crimes, such as terrorism and human trafficking, the report said, much like a legitimate business reinvests profits to expand while also contributing towards core philanthropic values.

The research showed that cyber criminals are reinvesting their money to grow their own business, but also to promote other types of crime. Terrorism, human trafficking, drugs manufacturing and firearms trading have all been beneficiaries of cyber crime.

A lot of cyber criminals spend their money on increasing their status, whether that be with peers or romantic interests.

One individual in the UK, who made around £1.2 million per year, spent huge amounts of money on a trip to Las Vegas, where he claimed to have gambled $40,000 and spent $6,000 hiring sports cars so that they could ‘arrive in style’ at casinos and hotels.

Another UK cyber criminal funnelled his proceeds into gold, drugs, expensive watches and spent £2,000 a week on prostitutes. It’s alarming how easily cyber criminals are able to spend their illicit gains. There is an ever-growing market that is almost tailor-made for cyber criminals to make these ostentatious purchases with little to no regulation or oversight.

So if you want to avoid funding these criminals and save yourself stress, money and a damaged reputation from a phising data cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist[email protected] or complete the form on our contact page NOWContact Cyber 139