ENISA Threat Landscape 2022
The latest ENISA threat landscape publication highlights weak IoT cyber security as a major factor in an increase in denial of service attacks. Attacks are often launched from consumer devices and broadband routers - sometimes using vulnerabilities as much as 8 years old - showing how many users are slow to update products. As for the Geographical spread of attacks - the report found the following: Germany, the United Kingdom, France and Canada have been in the top places for the whole period (2021-2022).
SafeShark's Intercept test platform ensures that manufacturers have oversight of their product cyber security, can view their results in a dashboard, can download reports and can monitor that on a continuous basis - as software is updated and as threats changes.
Home working drives IoT device vulnerability
The shift to home working has seen a ‘major rise’ in cyber attacks via mobiles and IoT devices as 79% of companies report an increase in vulnerability due to decentralised working. ‘Devices and Things’ is one of the four major threat sectors, which is why SafeShark is here to ensure manufacturers prepare, protect and enhance… Read about the research here.
New Scottish co-ordination centre to tackle cyber threats
Scotland’s ability to prevent and respond to a growing cyber threat will soon be increased with the creation of a new Scottish Cyber Co-ordinations Centre (SC3).
This £1.5 million centre will pool expertise to: share intelligence; provide early warning of cyber threat and attacks; manage incidents and lead recovery. It is a part of the Scottish Government’s Covid Recovery Strategy as they are committed to establishing a recognised, authoritative and collaborative function to combat the accelerating threat of cyber attacks.
“At times of heightened international tension, it is more important than ever to ensure that Scotland is ready to defend itself against cyber attacks […] Establishing a new dedicated cyber co-ordination centre is a bold and ambitious development for Scotland. By providing a central coordination function that pools expertise from across a number of existing or developing Centres of Excellence, we can maximise our ability to work together to address cyber threats and attacks – whether that is sharing intelligence, providing early warnings, managing incidents or leading recovery.”John Swinney, Deputy First Minister
Read the full report here.
Study: UK firms most likely to pay ransomware hackers
A new report by security firm Proofpoint suggests that around 82% of British firms, which have been victims of ransomware attacks, paid the hackers in order to gain back their data. The global average was 58%, making the UK the most likely country to pay cyber-criminals.
Proofpoint’s data also found that more than three-quarters of UK businesses were affected by ransomware in 2021 alone, with phishing being the key way that criminals accessed company networks.
Furthermore, only half of the companies affected by ransomware regained access to data and systems after the first payment, the research found, as criminals got greedy and demanded more money.
The fact that phishing remains the favoured method of attack for cyber-criminals means that firms need to build "a culture of security", said Proofpoint researchers.
Read the full study here.
New laws proposed by DCMS to strengthen UK resilience to cyber attacks
DCMS has launched two consultations seeking the public’s views on new proposals stated to improve the UK’s resilience to cyber attacks.
The following statement was released by the Minister for Media, Data and Digital Infrastructure:
"It is vital that cyber security is a fundamental part of our country’s digital transformation journey."Julia Lopez
Minister for Media, Data and Digital Infrastructure
DCMS have presented three pillars, each one representing a challenge the country faces with cyber security. These are:
- Proposals to amend provisions relating to digital service providers
- Proposals to future-proof the UK NIS regulations
- Empowering the cyber security profession
These pillars with be addressed through two separate consultations. The first looks at the first two challenges and aims to create a comprehensive framework for managed services and upgrading security legislation so the country can more easily manage future risks. The second focuses on embedding the standards and pathways across the cyber profession by 2025. These consultations close at 11:45pm on Sunday 10 April 2022, and 11:45pm on Sunday 20 March 2022, respectively.
The full press release can be read here.