Oxford Professor warns government over smart speaker vulnerability

Oxford University Professor of Cybersecurity Sadie Creese has warned against the potential security threat from smart speakers while giving evidence to the Science, Technology and Innovation Select Committee.

She made particular reference, according to a piece in The Times to ‘senior leaders’ and the potential for threat actors to profile them and the way they live using vulnerabilities in the technology.

She told The Times: “… any devices that give away how you live — will make you more targetable. So I would advise people in those kinds of [senior leadership] positions, where they may well be targeted, against having these things in their environment. Just like I would advise against putting a camera in their living room. It just potentially gives an attacker more information about them that can be used to craft targeted attacks.”

The piece also highlights research that found 57% of connected devices were vulnerable to medium or high severity attacks.

SafeShark testing can allay these concerns by not only guaranteeing the cyber security compliance of connected devices with the new PSTI requirements, but because we test against the whole ETSI EN 303 645 specification (the harmonised international standard for cyber security of IoT devices), meaning manufacturers, retailers and their customers can have confidence in the security of their devices.

Get in touch to start your compliance journey with us today.

ENISA Threat Landscape 2022

The latest ENISA threat landscape publication highlights weak IoT cyber security as a major factor in an increase in denial of service attacks. Attacks are often launched from consumer devices and broadband routers - sometimes using vulnerabilities as much as 8 years old - showing how many users are slow to update products. As for the Geographical spread of attacks - the report found the following: Germany, the United Kingdom, France and Canada have been in the top places for the whole period (2021-2022).

SafeShark's Intercept test platform ensures that manufacturers have oversight of their product cyber security, can view their results in a dashboard, can download reports and can monitor that on a continuous basis - as software is updated and as threats changes.

Home working drives IoT device vulnerability

The shift to home working has seen a  ‘major rise’ in cyber attacks via mobiles and IoT devices as 79% of companies report an increase in vulnerability due to decentralised working. ‘Devices and Things’ is one of the four major threat sectors, which is why SafeShark is here to ensure manufacturers prepare, protect and enhance… Read about the research here.

New Scottish co-ordination centre to tackle cyber threats

Scotland’s ability to prevent and respond to a growing cyber threat will soon be increased with the creation of a new Scottish Cyber Co-ordinations Centre (SC3).

This £1.5 million centre will pool expertise to: share intelligence; provide early warning of cyber threat and attacks; manage incidents and lead recovery. It is a part of the Scottish Government’s Covid Recovery Strategy as they are committed to establishing a recognised, authoritative and collaborative function to combat the accelerating threat of cyber attacks.

“At times of heightened international tension, it is more important than ever to ensure that Scotland is ready to defend itself against cyber attacks […] Establishing a new dedicated cyber co-ordination centre is a bold and ambitious development for Scotland. By providing a central coordination function that pools expertise from across a number of existing or developing Centres of Excellence, we can maximise our ability to work together to address cyber threats and attacks – whether that is sharing intelligence, providing early warnings, managing incidents or leading recovery.”

John Swinney, Deputy First Minister

Read the full report here.

Study: UK firms most likely to pay ransomware hackers

A new report by security firm Proofpoint suggests that around 82% of British firms, which have been victims of ransomware attacks, paid the hackers in order to gain back their data. The global average was 58%, making the UK the most likely country to pay cyber-criminals.

Proofpoint’s data also found that more than three-quarters of UK businesses were affected by ransomware in 2021 alone, with phishing being the key way that criminals accessed company networks.

Furthermore, only half of the companies affected by ransomware regained access to data and systems after the first payment, the research found, as criminals got greedy and demanded more money.

The fact that phishing remains the favoured method of attack for cyber-criminals means that firms need to build "a culture of security", said Proofpoint researchers.

Read the full study here.

New laws proposed by DCMS to strengthen UK resilience to cyber attacks

DCMS has launched two consultations seeking the public’s views on new proposals stated to improve the UK’s resilience to cyber attacks.

The following statement was released by the Minister for Media, Data and Digital Infrastructure:

"It is vital that cyber security is a fundamental part of our country’s digital transformation journey."

Julia Lopez
Minister for Media, Data and Digital Infrastructure

DCMS have presented three pillars, each one representing a challenge the country faces with cyber security. These are:

These pillars with be addressed through two separate consultations. The first looks at the first two challenges and aims to create a comprehensive framework for managed services and upgrading security legislation so the country can more easily manage future risks. The second focuses on embedding the standards and pathways across the cyber profession by 2025. These consultations close at 11:45pm on Sunday 10 April 2022, and 11:45pm on Sunday 20 March 2022, respectively.

The full press release can be read here.