The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Cyber - Decisions & Disruptions, Awareness & A Lack Of It

Cyber Crime
27 April 2018
 

There's a new exercise to help businesses fight cyber attacks; while firms are more worried about paying cyber security breach costs than losing customers.

The Metropolitan Police Service has unveiled a new exercise that teaches business leaders how to protect their companies from cyber attacks.

'Decisions and Disruptions' was first developed by a group of academics, currently based at the University of Bristol, in partnership with the National Cyber Security Centre. Officers in the Met's Fraud and Linked Crime Online (Falcon) unit have adapted it to be included in their regular cyber awareness presentations given to businesses and organisations.

Since it was first demonstrated in June 2017, nearly 100 exercises have been run - a number of the events being run in partnership with the City of London Police’s Cyber Crime Unit who have adopted the initiative and delivering it as part of their cyber-crime awareness offering.

 

Game board tactics

The exercise, which consists of two game boards with Lego pieces that represent a company with separate premises, is designed to explore the decisions that people make, in order to protect their businesses and organisations from modern day threats, such as hacking and malware attacks. All the scenarios in the game are based upon real-life situations and current threats.

Current National Cyber Security Centre (NCSC) and Met Police cyber security guidance is provided in the post-exercise debrief.

Detective Chief Superintendent Mick Gallagher, head of the Organised Crime Command, said: "We've had excellent feedback from everyone who has been shown this exercise and it is a great tool to promote awareness of the growing range of cyber security threats. Due to the physical representation of the game board, it makes cyber security easier to understand and the scoring system introduces a competitive and fun element, which is proven to aid learning.

"The scale and complexity of cybercrime and fraud online is constantly evolving and our officers are proactively targeting the criminals responsible. However, it is also an important part of our work to educate members of the public how to protect themselves online and reduce their chances of being a victim of crime."

 

Sixty-three per cent of C-suite more concerned about paying for the costs of a cybersecurity breach than losing customers, says study.

For UK senior executives who admit their organisations have suffered at least one significant cybersecurity breach within the past two years, the associated costs of a breach are considered the most important consequence. This is according to a new study by Centrify commissioned through Dow Jones Customer Intelligence.

Nearly two-thirds (63 per cent) of respondents in the UK believe investigation, remediation and legal costs are the most important consequence of a breach, followed by disruption to operations (47 per cent) and loss of intellectual property (32 per cent). They showed less concern for impact on brand, including loss of customers (16 per cent) and damage to the company’s reputation (11 per cent).

 

Confusion

The study of 800 senior level executives, including CEOs, Technical Officers and CFOs in the UK and US, also indicates that there is confusion among the C-suite about what constitutes a cybersecurity risk and what needs to be done to prevent it. In the UK, malware is seen as the biggest threat to an organisation’s success among 44 per cent of respondents, compared to just 24 per cent who point to default/weak or stolen passwords and 29 per cent who blame privileged user identity attacks. However, of those organisations that experienced at least one significant security breach in the past two years, just 11 per cent admit it was due to malware, while almost twice as many put it down to either a privileged user identity attack or the result of stolen or weak passwords (both 21 per cent).

In fact, 63 per cent of UK organisations that experienced a major breach admit that privileged identity and access management would have most likely prevented the breach.

 

Verizon

The Verizon 2017 Data Breach Investigation Report supports this, indicating that 81 per cent of breaches involve weak, default or stolen passwords. More than half (53 per cent) of respondents at breached organisations say audit trails for system accesses and a quarter say training or awareness would most likely have stopped a breach.

According to the survey, the largest areas of cybersecurity investment over the next 12 months will be for malware (44 per cent) and phishing (38 per cent), while protection against stolen or weak passwords (33 per cent) and privileged user identity attacks (26 per cent) are investment priorities for fewer respondents.

Barry Scott, CTO EMEA at Centrify, explains: “It’s no surprise that the C-suite often points to malware as the biggest threat. Sensational headlines about major attacks could be to blame, which companies see and react to, often mistakenly, when in fact identity-related attacks, such as stolen or weak passwords and attacks on privileged users within organisations, are the primary threat to cybersecurity today.

“What’s worrying is that they then look to invest money in protecting against malware, when in fact they should be focusing on the increase in identity-related attacks. Business leaders need to rethink their strategy with a Zero Trust Security approach that verifies every user and every device, and provides just enough access and privilege.”

 

Disconnect

A Centrify white paper accompanying the research points to a disconnect between CEOs and their technical peers in both the UK and US when it comes to the most important cyber risks threatening an organisation, which could leave them vulnerable to breaches.

To view the study - Click Here

 

Picture: The cyber awareness exercise in action.

 

 

 

Article written by Brian Shillibeer | Published 27 April 2018

Share



Related Articles

Robinson Released - Riot Averted For Now

Businesses in London have heaved a sigh of relief as the potential for 'free Tommy Robinson' protesters going on the rampage has been averted as Robinson (real...

 Read Full Article
London City Airport Bomb Update

The latest update as of 10:15pm on Monday February 12 is that a WW2 bomb found in the River Thames near London City Airport was due to be removed from a secondary...

 Read Full Article
Body Found In Canary Wharf Trench

The Metropolitan Police, the London Ambulance Service (LAS), the London Fire Brigade and the Canary Wharf Group have all confirmed that construction workers have...

 Read Full Article
UK Government Publishes Facilities Management Strategy

The government has released a guide to establishing a coordinated and aspirational FM strategy. In the document, Alex Chisholm, Chief Operating Officer for the Civil...

 Read Full Article
Travel Guidance Issued for Queen’s Memorial Events

As thousands of people make their way to London to mourn the passing of the Queen and attend official ceremonies, Transport for London, Westminster City Council and the...

 Read Full Article
Winter Flu – 'Perfect Storm’ Could Cause Business Closures

Experts are predicting widespread staff absence rates this autumn due to a “perfect storm” of COVID-19 and early flu season. This so-called “perfect...

 Read Full Article
Saharan Dust Moves Across UK

A storm carrying Saharan dust is causing hazy skies and layers of orange-coloured dust across southern England.   What is Saharan Dust?   Saharan...

 Read Full Article
Storm Eunice – Met Office Announces Red Weather Warning

A rare red weather warning for parts of the southwest has been issued by the Met Office, as significant gusts in excess of 90mph are expected. Latest warnings are...

 Read Full Article
London Tool Theft – How Can You Protect Your Tools?

Metropolitan Police figures show the number of tool thefts in each London borough and the total cost of tool theft in the capital for 2019 and 2020. With...

 Read Full Article
Omicron Variant – What are the Facts?

It remains unclear how much of a threat the new Omicron COVID-19 variant poses, so what are the definitive facts? On 26 November 2021, the World Health Organisation...

 Read Full Article