The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Wednesday, 8 April

Cyber - Decisions & Disruptions, Awareness & A Lack Of It

Cyber Crime

There's a new exercise to help businesses fight cyber attacks; while firms are more worried about paying cyber security breach costs than losing customers.

The Metropolitan Police Service has unveiled a new exercise that teaches business leaders how to protect their companies from cyber attacks.

'Decisions and Disruptions' was first developed by a group of academics, currently based at the University of Bristol, in partnership with the National Cyber Security Centre. Officers in the Met's Fraud and Linked Crime Online (Falcon) unit have adapted it to be included in their regular cyber awareness presentations given to businesses and organisations.

Since it was first demonstrated in June 2017, nearly 100 exercises have been run - a number of the events being run in partnership with the City of London Police’s Cyber Crime Unit who have adopted the initiative and delivering it as part of their cyber-crime awareness offering.

 

Game board tactics

The exercise, which consists of two game boards with Lego pieces that represent a company with separate premises, is designed to explore the decisions that people make, in order to protect their businesses and organisations from modern day threats, such as hacking and malware attacks. All the scenarios in the game are based upon real-life situations and current threats.

Current National Cyber Security Centre (NCSC) and Met Police cyber security guidance is provided in the post-exercise debrief.

Detective Chief Superintendent Mick Gallagher, head of the Organised Crime Command, said: "We've had excellent feedback from everyone who has been shown this exercise and it is a great tool to promote awareness of the growing range of cyber security threats. Due to the physical representation of the game board, it makes cyber security easier to understand and the scoring system introduces a competitive and fun element, which is proven to aid learning.

"The scale and complexity of cybercrime and fraud online is constantly evolving and our officers are proactively targeting the criminals responsible. However, it is also an important part of our work to educate members of the public how to protect themselves online and reduce their chances of being a victim of crime."

 

Sixty-three per cent of C-suite more concerned about paying for the costs of a cybersecurity breach than losing customers, says study.

For UK senior executives who admit their organisations have suffered at least one significant cybersecurity breach within the past two years, the associated costs of a breach are considered the most important consequence. This is according to a new study by Centrify commissioned through Dow Jones Customer Intelligence.

Nearly two-thirds (63 per cent) of respondents in the UK believe investigation, remediation and legal costs are the most important consequence of a breach, followed by disruption to operations (47 per cent) and loss of intellectual property (32 per cent). They showed less concern for impact on brand, including loss of customers (16 per cent) and damage to the company’s reputation (11 per cent).

 

Confusion

The study of 800 senior level executives, including CEOs, Technical Officers and CFOs in the UK and US, also indicates that there is confusion among the C-suite about what constitutes a cybersecurity risk and what needs to be done to prevent it. In the UK, malware is seen as the biggest threat to an organisation’s success among 44 per cent of respondents, compared to just 24 per cent who point to default/weak or stolen passwords and 29 per cent who blame privileged user identity attacks. However, of those organisations that experienced at least one significant security breach in the past two years, just 11 per cent admit it was due to malware, while almost twice as many put it down to either a privileged user identity attack or the result of stolen or weak passwords (both 21 per cent).

In fact, 63 per cent of UK organisations that experienced a major breach admit that privileged identity and access management would have most likely prevented the breach.

 

Verizon

The Verizon 2017 Data Breach Investigation Report supports this, indicating that 81 per cent of breaches involve weak, default or stolen passwords. More than half (53 per cent) of respondents at breached organisations say audit trails for system accesses and a quarter say training or awareness would most likely have stopped a breach.

According to the survey, the largest areas of cybersecurity investment over the next 12 months will be for malware (44 per cent) and phishing (38 per cent), while protection against stolen or weak passwords (33 per cent) and privileged user identity attacks (26 per cent) are investment priorities for fewer respondents.

Barry Scott, CTO EMEA at Centrify, explains: “It’s no surprise that the C-suite often points to malware as the biggest threat. Sensational headlines about major attacks could be to blame, which companies see and react to, often mistakenly, when in fact identity-related attacks, such as stolen or weak passwords and attacks on privileged users within organisations, are the primary threat to cybersecurity today.

“What’s worrying is that they then look to invest money in protecting against malware, when in fact they should be focusing on the increase in identity-related attacks. Business leaders need to rethink their strategy with a Zero Trust Security approach that verifies every user and every device, and provides just enough access and privilege.”

 

Disconnect

A Centrify white paper accompanying the research points to a disconnect between CEOs and their technical peers in both the UK and US when it comes to the most important cyber risks threatening an organisation, which could leave them vulnerable to breaches.

To view the study - Click Here

 

Picture: The cyber awareness exercise in action.

 

 

 

Article written by Brian Shillibeer

Share



Related Articles

Robinson Released - Riot Averted For Now

Businesses in London have heaved a sigh of relief as the potential for 'free Tommy Robinson' protesters going on the rampage has been averted as Robinson (real...

 Read Full Article
London City Airport Bomb Update

The latest update as of 10:15pm on Monday February 12 is that a WW2 bomb found in the River Thames near London City Airport was due to be removed from a secondary...

 Read Full Article
Body Found In Canary Wharf Trench

The Metropolitan Police, the London Ambulance Service (LAS), the London Fire Brigade and the Canary Wharf Group have all confirmed that construction workers have...

 Read Full Article
ISS Update On The Impact Of Malware Crisis 

In an official company announcement, ISS World has today confirmed that they have regained control of “the vast majority” of their IT infrastructure. This...

 Read Full Article
COVID-19 – Casting A Spotlight On Facilities Management Outsourcing 

Tim Wright, partner at international law firm Fladgate, shares his thoughts on the ongoing challenges around facilities management outsourcing amid the COVID-19 pandemic....

 Read Full Article
COVID-19 Contingency Planning Guide For Facilities Managers

After the government unveiled its Coronavirus action plan, following a growing number of cases in the UK, it’s more important than ever that the FM sector continues...

 Read Full Article
Union Demands Immediate Sick Pay For Outsourced Workers With Suspected COVID-19

If people feel forced to work in hospitals – or any other workplace – while ill, coronavirus will become a national health crisis, claims a union representing...

 Read Full Article
No Space For Complacency – Storm Contingency Plans

Vicky Lopez, co-founder and director of De-ice, provides her advice on storm contingency planning for UK Businesses Given the relatively uneventful winter we have seen...

 Read Full Article
Businesses Step Up Coronavirus Contingency Planning 

UK businesses are preparing for immediate action and contingency planning in the event of a widespread UK outbreak of the COVID-19 Virus. On 30 January, the World...

 Read Full Article
Murder In the Cathedral - Bomber Caught Planning Attack

Last week (ending Nov 8) saw the official terrorism threat level in the UK lowered to 'Substantial' - meaning an attack is likely. Within days, a woman who...

 Read Full Article