The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Saturday, 19 October

Cyber - Decisions & Disruptions, Awareness & A Lack Of It

Cyber Crime

There's a new exercise to help businesses fight cyber attacks; while firms are more worried about paying cyber security breach costs than losing customers.

The Metropolitan Police Service has unveiled a new exercise that teaches business leaders how to protect their companies from cyber attacks.

'Decisions and Disruptions' was first developed by a group of academics, currently based at the University of Bristol, in partnership with the National Cyber Security Centre. Officers in the Met's Fraud and Linked Crime Online (Falcon) unit have adapted it to be included in their regular cyber awareness presentations given to businesses and organisations.

Since it was first demonstrated in June 2017, nearly 100 exercises have been run - a number of the events being run in partnership with the City of London Police’s Cyber Crime Unit who have adopted the initiative and delivering it as part of their cyber-crime awareness offering.

 

Game board tactics

The exercise, which consists of two game boards with Lego pieces that represent a company with separate premises, is designed to explore the decisions that people make, in order to protect their businesses and organisations from modern day threats, such as hacking and malware attacks. All the scenarios in the game are based upon real-life situations and current threats.

Current National Cyber Security Centre (NCSC) and Met Police cyber security guidance is provided in the post-exercise debrief.

Detective Chief Superintendent Mick Gallagher, head of the Organised Crime Command, said: "We've had excellent feedback from everyone who has been shown this exercise and it is a great tool to promote awareness of the growing range of cyber security threats. Due to the physical representation of the game board, it makes cyber security easier to understand and the scoring system introduces a competitive and fun element, which is proven to aid learning.

"The scale and complexity of cybercrime and fraud online is constantly evolving and our officers are proactively targeting the criminals responsible. However, it is also an important part of our work to educate members of the public how to protect themselves online and reduce their chances of being a victim of crime."

 

Sixty-three per cent of C-suite more concerned about paying for the costs of a cybersecurity breach than losing customers, says study.

For UK senior executives who admit their organisations have suffered at least one significant cybersecurity breach within the past two years, the associated costs of a breach are considered the most important consequence. This is according to a new study by Centrify commissioned through Dow Jones Customer Intelligence.

Nearly two-thirds (63 per cent) of respondents in the UK believe investigation, remediation and legal costs are the most important consequence of a breach, followed by disruption to operations (47 per cent) and loss of intellectual property (32 per cent). They showed less concern for impact on brand, including loss of customers (16 per cent) and damage to the company’s reputation (11 per cent).

 

Confusion

The study of 800 senior level executives, including CEOs, Technical Officers and CFOs in the UK and US, also indicates that there is confusion among the C-suite about what constitutes a cybersecurity risk and what needs to be done to prevent it. In the UK, malware is seen as the biggest threat to an organisation’s success among 44 per cent of respondents, compared to just 24 per cent who point to default/weak or stolen passwords and 29 per cent who blame privileged user identity attacks. However, of those organisations that experienced at least one significant security breach in the past two years, just 11 per cent admit it was due to malware, while almost twice as many put it down to either a privileged user identity attack or the result of stolen or weak passwords (both 21 per cent).

In fact, 63 per cent of UK organisations that experienced a major breach admit that privileged identity and access management would have most likely prevented the breach.

 

Verizon

The Verizon 2017 Data Breach Investigation Report supports this, indicating that 81 per cent of breaches involve weak, default or stolen passwords. More than half (53 per cent) of respondents at breached organisations say audit trails for system accesses and a quarter say training or awareness would most likely have stopped a breach.

According to the survey, the largest areas of cybersecurity investment over the next 12 months will be for malware (44 per cent) and phishing (38 per cent), while protection against stolen or weak passwords (33 per cent) and privileged user identity attacks (26 per cent) are investment priorities for fewer respondents.

Barry Scott, CTO EMEA at Centrify, explains: “It’s no surprise that the C-suite often points to malware as the biggest threat. Sensational headlines about major attacks could be to blame, which companies see and react to, often mistakenly, when in fact identity-related attacks, such as stolen or weak passwords and attacks on privileged users within organisations, are the primary threat to cybersecurity today.

“What’s worrying is that they then look to invest money in protecting against malware, when in fact they should be focusing on the increase in identity-related attacks. Business leaders need to rethink their strategy with a Zero Trust Security approach that verifies every user and every device, and provides just enough access and privilege.”

 

Disconnect

A Centrify white paper accompanying the research points to a disconnect between CEOs and their technical peers in both the UK and US when it comes to the most important cyber risks threatening an organisation, which could leave them vulnerable to breaches.

To view the study - Click Here

 

Picture: The cyber awareness exercise in action.

 

 

 

Article written by Brian Shillibeer

Share



Related Articles

Robinson Released - Riot Averted For Now

Businesses in London have heaved a sigh of relief as the potential for 'free Tommy Robinson' protesters going on the rampage has been averted as Robinson (real...

 Read Full Article
London City Airport Bomb Update

The latest update as of 10:15pm on Monday February 12 is that a WW2 bomb found in the River Thames near London City Airport was due to be removed from a secondary...

 Read Full Article
Body Found In Canary Wharf Trench

The Metropolitan Police, the London Ambulance Service (LAS), the London Fire Brigade and the Canary Wharf Group have all confirmed that construction workers have...

 Read Full Article
XR Closes Tube On Thursday - Arrest Rate Still Rising

The arrest rate of Extinction Rebellion protestors continues to rise despite a London-wide ban on their activities. The Rebels and associated groups plan to close down...

 Read Full Article
Parliament Panic - Parking Ticket Fans Protest Flames

Tuesday October 1 saw a man douse himself in petrol outside Parliament and try to set himself alight in protest at a parking ticket. The Met has said the biggest terror...

 Read Full Article
Fire Does The Strand - 250 Office Evacuation

Just as people were arriving for work on Tuesday October 1 morning, a fire broke out at an office block on one of London's most famous streets, The Strand. The fire...

 Read Full Article
Friday Youth Climate Protest Could Turn Ugly

The Metropolitan Police Force is so concerned that a protest in London on Friday September 20 could descend into riots and property invasion/damage, they have issued a...

 Read Full Article
Property Flood Resilience eBook Launches

A new Property Flood Resilience eBook has launched to provide businesses and home owners with over 40 real-life case studies from business and communities that have...

 Read Full Article
Don't Let Driving Cause The Summertime Blues

The RAC is urging drivers to check their vehicles before setting out in the heat - and to be aware that heat can cause tiredness and tiredness can increase the likelihood...

 Read Full Article
123456 - 23.2 Million Cyber Victims Used This Password

The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as...

 Read Full Article