Tag: cyber security

Government Cyber Security Centre

The National Cyber Security Centre (NCSC) is part of the United Kingdom Government and provides advice and support for the public and private sector in how to avoid computer security threats. It became operational in October 2016, and its parent organisation is GCHQ.

“Helping to make the UK the safest place to live and work online”.

“NCSC support the most critical organisations in the UK, the wider public sector, industry, SMEs as well as the general public. When incidents do occur, we provide effective incident response to minimise harm to the UK, help with recovery, and learn lessons for the future”.

More specifically, the NCSC:

  • understands cyber security, and distils this knowledge into practical guidance made available to all
  • responds to cyber security incidents to reduce the harm caused to organisations and the wider UK
  • uses industry and academic expertise to nurture the UK’s cyber security capability
  • reduces risks to the UK by securing public and private sector networks

 

Year Three Highlight Statistics

  • Handled 658 incidents
  • Provided support to almost 900 victim organisations
  • Produced 154 threat assessments
  • Took down 177,335 phishing URLs, 62.4% of which were removed within 24 hours
  • 8 million visitors to the NCSC’s website
  • Added more than 5,000 new members onto the Cyber Security Information Sharing Partnership
  • Produced 108,411 physical items for 170 customers through the UK Key Production Authority
  • Produced 34 pieces of guidance and 69 blogs
  • Awarded 14,234 Cyber
    Essentials certificates
  • Enabled 2,886 small businesses across the UK to do simulated cyber exercising for themselves
  • Challenged 11,802 girls in the 2019 CyberFirst Girls Competition
  • Engaged with 2,614 students on the NCSC’s CyberFirst courses
  • Supported 250 extra teaching hours of computer science across 4 schools through Cyber Schools Hub activities
  • Delivered, along with sector and law enforcement partners, cyber security awareness and training sessions to more than 2,700 charities 20 countries visited by the NCSC Welcomed visiting delegations from 56 countries Hosted 197 events, with more than 9,000 attendees

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

 

Fraud Investigation

There are many private investigators, fraud protection businesses, cyber-crime specialists etc. who may be able to help if you are the victim of a fraud.  This is usually only for business fraud as few individuals have the resources to employ professionals in this field.

One such specialist business is Requite Solutions. Their website is at www.requitesolutions.com/

Requite say they are cybercrime, fraud prevention and investigation specialists – a London based consultancy service operating globally.

They employ senior fraud detectives, cybercrime investigators, and former armed surveillance operatives who have years of experience tackling cybercrime, money laundering, organised, and business crime.

They provide high quality penetration testing by CREST certified penetration testers. Our teams of experts work manually to find more of the issues that matter.

Asset Tracing & Recovery, Investigation, Hackers,Financial Investigation, Suspect profiling, Evidential packages, Recovery, Dispute resolution.

 Requite Say businesses should choose them because of the following:-

  • Criminals are exploiting the advances in technology. Every day both large and small organisations are falling victim to fraud and cyber attacks. If you have experienced fraud or a cyber attack, then you will understand the frustration, stress, and panic that often ensues.
  • We will gather crucial evidence, trace assets, absorb your stress, and assist with achieving a positive outcome through recovery of assets and/or prosecution.
  • Staff at your company are often the first line of defence and the importance of training, and continuing education is essential. We can deliver this training in a clear and concise manner.
  • Ensuring that you are adequately protected against fraud and cyber-attacks is paramount. Failures to address any impending threats could damage your brand and reputation and may result in significant financial losses that are not always recoverable.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

UK Government Cyber Essentials Scheme

https://www.cyberessentials.ncsc.gov.uk/

The government says Cyber Essentials helps your business to guard against the most common cyber threats and demonstrate your commitment to cyber security

Self-Help for Cyber Essentials

The guide explains how to:

  • Secure your Internet connection
  • Secure your devices and software
  • Control access to your data and services
  • Protect from viruses and other malware
  • Keep your devices and software up to date

The Three levels of Engagement

Not everyone has the time or resources needed to develop a full-on cyber security system. So Cyber Essentials has been designed to fit with whatever level of commitment you are able to sustain. There are three levels of engagement:

  1. The simplest is to familiarise yourself with cyber security terminology, gaining enough knowledge to begin securing your IT.
  2. Basic Cyber Essentials certification.
  3. Cyber Essentials Plus certification.

1.     Self Help

The self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to simple attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

2.     Certified Cyber Security

Cyber Essentials Certificate £300 approx. (+VAT)

Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

In the process of obtaining Cyber Essentials Certification is simple, you can opt to buy as much or as little help as you need from the company you choose to certify you.

Cyber Essentials shows you how to address those basics and prevent the most common attacks.

  • Reassure customers that you are working to secure your IT against cyber attack
  • Attract new business with the promise you have cyber security measures in place
  • You have a clear picture of your organisation’s cyber security level
  • Some Government contracts require Cyber Essentials certification

3.     Cyber Essentials Plus Certificate

The cost for this is only available on application.

It has all the benefits of Cyber Essentials PLUS your cyber security is verified by independent experts.

Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. The advice is designed to prevent these attacks.

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but this time the verification of your cyber security is carried out independently by your Certification Body.

The more rigorous nature of the certification may mean you need to buy additional support from your Certification Body.

Cyber Essentials and Government Contracts

If you would like to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials Certification.

Fightback Ninja Signature

 

UK Government Cyber Essentials 10 Step Plan

 

This is a summary of the UK Government 10 step plan for Cyber Essentials, which is designed for organisations looking to protect themselves in cyberspace.

1.     Risk Management

Embed an appropriate risk management regime across the organisation. This should be supported by an empowered governance structure, which is actively supported by the board and senior managers. These should aim to ensure that all employees, contractors and suppliers are aware of the approach, how decisions are made, and any applicable risk boundaries.

2.     Secure Configuration

Identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. Develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities.

3.     Network Security

The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding. Your organisation’s networks may use of mobile or remote working, and cloud services, makes defining a fixed network boundary difficult.

4.     Managing User Privileges

All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed.

5.     User Education and Awareness

It’s important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of awareness programmes and training that deliver security expertise as well as helping to establish a security-conscious culture.

6.     Incident Management

Invest in establishing effective incident management policies and processes to help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.

7.     Malware Prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. The risk may be reduced by developing and implementing appropriate anti-malware policies as part of an overall ‘defence in depth’ approach.

8.     Monitoring

System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies.

9.     Removable Media Controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.

10.Home and Mobile Working

Mobile working and remote system access offers great benefits, but exposes new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers.

https://www.ncsc.gov.uk/guidance/10-steps-cyber-security has further information.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

How Common Are Data Breaches

The Proportion of Businesses That Have Had Breaches in 2017

  Overall Micro Firms Small Firms Medium Firms Large Firms Admin/ Real Estate
% experiencing a cyber security breach or attack in 2017 24 17 33 51 65 39

 

Businesses that invest more in cyber security have more breaches than businesses that invest less. This may seem counter intuitive but it’s partly due to businesses that realise they are more at risk such as finance operations then investing more whereas businesses where the online presence is minimal feel less at risk and invest less. There is also the assumption that businesses that invest more in cyber security will be better at identifying such breaches.

Types of Breaches/Attacks

Viruses, spyware or malware 68%
Other impersonating organisation in emails or online 32%
Denial of service attacks 15%
Hacking 13%
Money stolen electronically 13%
Breaches from personally owned devices 8
Personal information stolen 8
Breaches from externally hosted web services 8
Unlicensed or stolen software downloaded 8
Money stolen via fraud emails or websites 6
Software damaged or stolen 5
Breaches on social media 3
Intellectual property theft 1

 

You can see that attacks of various kinds are very common. All businesses must take steps to protect against data breaches and all common forms of cyber-attack

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature