cybersec

Cybersecurity Threats are in Plain Sight, Yet are Largely Unnoticed

The physical devices that block vulnerable USB ports and data connectors – such as the ones offered by The Connectivity Center – represent and easy and obvious preventative element of network security solutions, but ate often unused.




cybersec

The Connectivity Center Offers Added Protection Against Cybersecurity Threats

The Connectivity Center provides cyber defense, protection, and security information through its Smart Keeper series of products that block physical access to your computers and networks.




cybersec

Fighting Cyber Crime and Ransomware in the Maritime Sector: Neptune Rising Maritime Cybersecurity Services Brings Cyber Risk Identification and Next-Level Cybersecurity to Ports and Shipping

"Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten..." essential services. https://www.dhs.gov/topic/cybersecurity




cybersec

How a Simple $4 USB Port Blocker Can Be Your Best Cybersecurity Investment

The USB port blocker from The Connectivity Center guards your open "front door" against malware, viruses, and data breaches.




cybersec

Terralogic Solutions Inc. Acquires AforeCybersec Technology Private Limited, a Bangalore, India Based Start-up Steadfast in Cybersecurity Solutions

The acquisition of AforeCybersec, fits into the roadmap of Terralogic for building a world-class Security Operations Center and be a true security partner for our customers.




cybersec

You're Spending Thousands on Cybersecurity? But What About Physical Security?

Whenever one of your employees plugs in her mobile device, or syncs his contacts with his computer at work, they open the workplace digital network to anything their mobile device has picked up from the Web.




cybersec

Information Systems Architects Inc. Rebrands as ISA Cybersecurity Inc. with a new Website and Domain

Follow ISA Cybersecurity Inc. on Social Media for a Chance to Win a Pair of 2019 Toronto Maple Leafs Tickets




cybersec

SimplifIT Announced as National Cybersecurity Awareness Month Champion

Frankfort-based IT Firm Aims to Protect Organizations from the Hidden Dangers of Cybercrime




cybersec

AuthenTrend Fingerprint enabled Blockchain Cold Wallet Proudly Wins CES 2020 Innovation Award Honoree for Cybersecurity and Personal Privacy

AT.Wallet, a fingerprint enabled card type wallet is AuthenTrend's answer to the ever-increasing hackers to blockchain related transactions which includes Cryptocurrency.




cybersec

How the USB Port Blocker Became the Mainstay of Cybersecurity

Considering the number of USB ports that surround us in the workplace, not protecting each one with a USB blocker is like leaving your front door wide open.




cybersec

A Cybersecurity Issue That's Hiding in Plain Sight

The threat from inside an organization is so great and so widespread that Carnegie Mellon University's Common Sense Guide to Mitigating Insider Threats is in its sixth edition.




cybersec

Protecting a Prime Point of Entry in Your Cybersecurity Perimeter

Considering the number of USB ports that are open invitations for intrusion, not protecting each one with a USB with lock is like leaving your front door open.




cybersec

Cybersecurity, Homeland Security, and Risk Management, Executive Announces Formation Of New Consulting Firm

Chuck Brooks, a recognized global cybersecurity expert, Faculty at Georgetown University, and named by LinkedIn as one of the "Top 5 People to Follow on Tech" announces firm focused on strategy, branding, and government relations




cybersec

BBB Presents a CyberSecurity Workshop and Invites ALL Businesses in Central Virginia

Better Business Bureau Gathers 5 Leading Cyber Security Experts to Help Area Businesses




cybersec

The Cybersecurity Tool Kit They Call Smart Keeper

The network security protection devices offered by The Connectivity Center take a systems approach, working together to provide enhanced defense against purposeful intrusions and unintentional network contamination.




cybersec

Boring Now Offers Expanded Solutions for Cybersecurity

Boring Business Systems is helping businesses make up-to-date decisions about their IT infrastructure and improve their data protection and cybersecurity.




cybersec

Cybersecurity Expert: "Cyber Crimes Will Increase With Shift to Teleworking"

Companies Can Take Steps to Protect Their Operations from Cyber Criminals in the New Business Landscape




cybersec

Bill Clinton and James Patterson on Collaboration and Cybersecurity

Former U.S. President Bill Clinton and author James Patterson discuss their new novel, The President is Missing, in which a fictional president fights a cybersecurity attack amid intense political dysfunction. The coauthors share their lessons for collaborating across disparate skillsets — “clarity on the objective” and “don’t be afraid to admit what you don’t know.” They also talk about their research into cybersecurity threats and how realistic their thriller scenario could be.




cybersec

Why Cybersecurity Isn’t Only a Tech Problem

Thomas Parenty and Jack Domet, cofounders of the cybersecurity firm Archefact Group, say that most organizations are approaching cybersecurity all wrong. Whether they're running small companies or working in multinational corporations, leaders have to think beyond their IT department and technology systems to instead focus on protecting their businesses' most important assets from attack. They need to work across functions and geographies to identify key risks, imagine potential threats and adversaries, and develop a plan for combating them. Parenty and Domet are the authors of the HBR article “Sizing up your Cyber Risks,” as well as the HBR Press book "A Leader’s Guide to Cybersecurity."




cybersec

David Hartley Speaking on Cybersecurity Panel at CIO Executive Leadership Summit

David E. Hartley, CPA, CISA, partner and Director + Advisory Services, is speaking on a cybersecurity panel at the 2019 St. Louis CIO Executive Leadership Summit on Thursday, October 3. The summit, Future State 2025 – Driving the Digital Roadmap… Read More

The post David Hartley Speaking on Cybersecurity Panel at CIO Executive Leadership Summit appeared first on Anders CPAs.




cybersec

Trick or Treat: Cybersecurity Awareness Month Brings Light to Cyberattacks

October typically brings Halloween ghost stories, pranks and trick or treating, but scary stories about cyberattacks and trickery around data breaches run rampant all year long. Aside from Halloween, October is also National Cybersecurity Awareness Month (NCSAM), bringing awareness to… Read More

The post Trick or Treat: Cybersecurity Awareness Month Brings Light to Cyberattacks appeared first on Anders CPAs.




cybersec

Cybersecurity for Startups: A 5 Step Plan for Preventing Costly Data Breaches

All startups have one thing in common when it comes to cybersecurity: they all are at some level of risk of a costly data breach. Startup business owners may not even be aware of certain vulnerabilities including ransomware, phishing, data… Read More

The post Cybersecurity for Startups: A 5 Step Plan for Preventing Costly Data Breaches appeared first on Anders CPAs.




cybersec

Active Navigation helps strengthen Equifax?s cybersecurity footprint

Investments in new technologies help Equifax protect sensitive data?




cybersec

Data Breaches in Hospitals are on the Rise – How Health Care Organizations Can Prevent Cybersecurity Attacks

The health care industry is one of the biggest targets for cybersecurity attacks. In 2018 alone, nearly 300 data breaches affected 11.5 million patients, according to a Bitglass report. Cybercriminals see health care organizations as the perfect victim due to… Read More

The post Data Breaches in Hospitals are on the Rise – How Health Care Organizations Can Prevent Cybersecurity Attacks appeared first on Anders CPAs.




cybersec

Take Note: Peter Forster On Cybersecurity And Practicing "Cyber Hygiene"

Peter Forster is an associate professor who teaches security and risk analysis at Penn State’s College of Information Sciences and Technology. His research focuses on cybersecurity, counter-terrorism and social networks. Forster has worked on improving law enforcement’s situational awareness of issues such as drug and human trafficking. He also oversees a research project on better understanding of how extremist organizations recruit Americans in cyberspace. He talks with WPSU about why cybersecurity shouldn’t be an afterthought in today’s world and how the cyber world and the physical world are inseparable. Plus, how to practice “cyber hygiene.” Transcript: Min Xian: Welcome to Take Note on WPSU. I’m Min Xian. Peter Forster is an associate teaching professor who teaches security and risk analysis at Penn State's College of Information Sciences and Technology. His research focuses on cybersecurity, counterterrorism and social networks. Forster has worked on improving law enforcement’s




cybersec

Network Detective helps organisations secure work-at-home devices to mitigate cybersecurity threats and vulnerabilities caused by remote workforces

What was once considered a luxury – the ability to work from home – is now a necessity in today’s unprecedented time.




cybersec

Identifying Unintended Harms of Cybersecurity Countermeasures

In this paper (winner of the eCrime 2019 Best Paper award), we consider the types of things that can go wrong when you intend to make things better and more secure. Consider this scenario. You are browsing through Internet and see a news headline on one of the presidential candidates. You are unsure if the … Continue reading Identifying Unintended Harms of Cybersecurity Countermeasures




cybersec

IBM Study: Responding to Cybersecurity Incidents Still a Major Challenge for Businesses

IBM Security today announced the results of a global study exploring the factors and challenges of being a Cyber Resilient organization. The study was conducted by Ponemon Institute and sponsored by IBM Resilient and found that 77 percent of respondents admit they do not have a formal cyber security incident response plan (CSIRP) applied consistently across their organization. Nearly half of the 2800 respondents reported that their incident response plan is either informal/ad hoc or completely non-existent.




cybersec

Open Request for Proposals for “Cybersecurity of Fire Protection Systems”

  Fire protection systems are increasingly networked to Building Control Systems (BCS), Internet of Things (IoT), and other platforms that are, by design or oversight, exposed to the public-facing Internet. This emerging environment could lead to




cybersec

German Cybersecurity Chief: Threats Posed by Huawei Are Manageable

In an interview, Arne Schönbohm, 49, the head of Germany's Federal Office for Information Security, discusses the potential danger posed by Huawei, why he thinks it is "manageable" and the general state of IT threats in Germany.




cybersec

Try your hand at becoming a cybersecurity superhero for just $40

TL;DR: Get trained in cybersecurity with The Ultimate 2020 White Hat Hacker Certification Bundle for $39.90, a 97% as of May 9.


When you think of superheroes, you probably picture capes and some sort of otherworldly powers. But in the digital world, superheroes are actually normal people like you and me. They just happen to know a thing or two about stopping cybercriminals in their tracks.

These superheroes are in short supply across the world. In fact, there are over half a million cybersecurity job openings in the U.S. alone. That just means this could be your chance to swoop in, superhero style, and save the day. But first things first, you need to learn the ropes and the Ultimate 2020 White Hat Hacker Certification Bundle is a great place to start. Read more...

More about Cybersecurity, Online Learning, Mashable Shopping, Tech, and Consumer Tech




cybersec

Webinar: Coronavirus Crisis – Implications for an Evolving Cybersecurity Landscape

Corporate Members Event Webinar

7 May 2020 - 1:00pm to 2:00pm

Event participants

Neil Walsh, Chief, Cybercrime and Anti-Money Laundering Department, UN Office of Drugs and Crime

Lisa Quest, Head, Public Sector, UK & Ireland, Oliver Wyman

Chair: Joyce Hakmeh, Senior Research Fellow, International Security Programme; Co-Editor, Journal of Cyber Policy, Chatham House

Further speakers to be announced.

The COVID-19 pandemic is having a profound impact on the cybersecurity landscape - both amplifying already-existing cyber threats and creating new vulnerabilities for state and non-state actors. The crisis has highlighted the importance of protecting key national and international infrastructures, with the World Health Organization, US Department of Health and Human Services and hospitals across Europe suffering cyber-attacks, undermining their ability to tackle the coronavirus outbreak. Changing patterns of work resulting from widespread lockdowns are also creating new vulnerabilities for organizations with many employees now working from home and using personal devices to work remotely.

In light of these developments, the panellists will discuss the evolving cyber threats resulting from the pandemic. How are they impacting ongoing conversations around cybersecurity? How can governments, private sector and civil society organizations work together to effectively mitigate and respond to them? And what could the implications of such cooperation be beyond the crisis? 

This event is part of a fortnightly series of 'Business in Focus' webinars reflecting on the impact of COVID-19 on areas of particular professional interest for our corporate members and giving circles.

Not a corporate member? Find out more.




cybersec

Supporting NHS Cybersecurity During COVID-19 is Vital

2 April 2020

Joyce Hakmeh

Senior Research Fellow, International Security Programme; Co-Editor, Journal of Cyber Policy
The current crisis is an opportunity for the UK government to show agility in how it deals with cyber threats and how it cooperates with the private sector in creating cyber resilience.

2020-04-02-NHS-nurse-tech-cyber

Nurse uses a wireless electronic tablet to order medicines from the pharmacy at The Queen Elizabeth Hospital, Birmingham, England. Photo by Christopher Furlong/Getty Images.

The World Health Organization, US Department of Health and Human Services, and hospitals in Spain, France and the Czech Republic have all suffered cyberattacks during the ongoing COVID-19 crisis.

In the Czech Republic, a successful attack targeted a hospital with one of the country’s biggest COVID-19 testing laboratories, forcing its entire IT network to shut down, urgent surgical operations to be rescheduled, and patients to be moved to nearby hospitals. The attack also delayed dozens of COVID-19 test results and affected the hospital’s data transfer and storage, affecting the healthcare the hospital could provide.

In the UK, the National Health Service (NHS) is already in crisis mode, focused on providing beds and ventilators to respond to one of the largest peacetime threats ever faced. But supporting the health sector goes beyond increasing human resources and equipment capacity.

Health services ill-prepared

Cybersecurity support, both at organizational and individual level, is critical so health professionals can carry on saving lives, safely and securely. Yet this support is currently missing and the health services may be ill-prepared to deal with the aftermath of potential cyberattacks.

When the NHS was hit by the Wannacry ransomware attack in 2017 - one of the largest cyberattacks the UK has witnessed to date – it caused massive disruption, with at least 80 of the 236 trusts across England affected and thousands of appointments and operations cancelled. Fortunately, a ‘kill-switch’ activated by a cybersecurity researcher quickly brought it to a halt.

But the UK’s National Cyber Security Centre (NCSC), has been warning for some time against a cyber attack targeting national critical infrastructure sectors, including the health sector. A similar attack, known as category one (C1) attack, could cripple the UK with devastating consequences. It could happen and we should be prepared.

Although the NHS has taken measures since Wannacry to improve cybersecurity, its enormous IT networks, legacy equipment and the overlap between the operational and information technology (OT/IT) does mean mitigating current potential threats are beyond its ability.

And the threats have radically increased. More NHS staff with access to critical systems and patient health records are increasingly working remotely. The NHS has also extended its physical presence with new premises, such as the Nightingale hospital, potentially the largest temporary hospital in the world.

Radical change frequently means proper cybersecurity protocols are not put in place. Even existing cybersecurity processes had to be side-stepped because of the outbreak, such as the decision by NHS Digital to delay its annual cybersecurity audit until September. During this audit, health and care organizations submit data security and protection toolkits to regulators setting out their cybersecurity and cyber resilience levels.

The decision to delay was made to allow the NHS organizations to focus capacity on responding to COVID-19, but cybersecurity was highlighted as a high risk, and the importance of NHS and Social Care remaining resilient to cyberattacks was stressed.

The NHS is stretched to breaking point. Expecting it to be on top of its cybersecurity during these exceptionally challenging times is unrealistic, and could actually add to the existing risk.

Now is the time where new partnerships and support models should be emerging to support the NHS and help build its resilience. Now is the time where innovative public-private partnerships on cybersecurity should be formed.

Similar to the economic package from the UK chancellor and innovative thinking on ventilator production, the government should oversee a scheme calling on the large cybersecurity capacity within the private sector to step in and assist the NHS. This support can be delivered in many different ways, but it must be mobilized swiftly.

The NCSC for instance has led the formation of the Cyber Security Information Sharing Partnership (CiSP)— a joint industry and UK government initiative to exchange cyber threat information confidentially in real time with the aim of reducing the impact of cyberattacks on UK businesses.

CiSP comprises organizations vetted by NCSC which go through a membership process before being able to join. These members could conduct cybersecurity assessment and penetration testing for NHS organizations, retrospectively assisting in implementing key security controls which may have been overlooked.

They can also help by making sure NHS remote access systems are fully patched and advising on sensible security systems and approved solutions. They can identify critical OT and legacy systems and advise on their security.

The NCSC should continue working with the NHS to enhance provision of public comprehensive guidance on cyber defence and response to potential attack. This would show they are on top of the situation, projecting confidence and reassurance.

It is often said in every crisis lies an opportunity. This is an opportunity for the UK government to show agility in how it deals with cyber threats and how it cooperates with the private sector in creating cyber resilience.

It is an opportunity to lead a much-needed cultural change showing cybersecurity should never be an afterthought.




cybersec

Webinar: Coronavirus Crisis – Implications for an Evolving Cybersecurity Landscape

Corporate Members Event Webinar

7 May 2020 - 1:00pm to 2:00pm

Event participants

Neil Walsh, Chief, Cybercrime and Anti-Money Laundering Department, UN Office of Drugs and Crime

Lisa Quest, Head, Public Sector, UK & Ireland, Oliver Wyman

Chair: Joyce Hakmeh, Senior Research Fellow, International Security Programme; Co-Editor, Journal of Cyber Policy, Chatham House

Further speakers to be announced.

The COVID-19 pandemic is having a profound impact on the cybersecurity landscape - both amplifying already-existing cyber threats and creating new vulnerabilities for state and non-state actors. The crisis has highlighted the importance of protecting key national and international infrastructures, with the World Health Organization, US Department of Health and Human Services and hospitals across Europe suffering cyber-attacks, undermining their ability to tackle the coronavirus outbreak. Changing patterns of work resulting from widespread lockdowns are also creating new vulnerabilities for organizations with many employees now working from home and using personal devices to work remotely.

In light of these developments, the panellists will discuss the evolving cyber threats resulting from the pandemic. How are they impacting ongoing conversations around cybersecurity? How can governments, private sector and civil society organizations work together to effectively mitigate and respond to them? And what could the implications of such cooperation be beyond the crisis? 

This event is part of a fortnightly series of 'Business in Focus' webinars reflecting on the impact of COVID-19 on areas of particular professional interest for our corporate members and giving circles.

Not a corporate member? Find out more.




cybersec

Webinar: Coronavirus Crisis – Implications for an Evolving Cybersecurity Landscape

Corporate Members Event Webinar

7 May 2020 - 1:00pm to 2:00pm

Event participants

Neil Walsh, Chief, Cybercrime and Anti-Money Laundering Department, UN Office of Drugs and Crime

Lisa Quest, Head, Public Sector, UK & Ireland, Oliver Wyman

Chair: Joyce Hakmeh, Senior Research Fellow, International Security Programme; Co-Editor, Journal of Cyber Policy, Chatham House

Further speakers to be announced.

The COVID-19 pandemic is having a profound impact on the cybersecurity landscape - both amplifying already-existing cyber threats and creating new vulnerabilities for state and non-state actors. The crisis has highlighted the importance of protecting key national and international infrastructures, with the World Health Organization, US Department of Health and Human Services and hospitals across Europe suffering cyber-attacks, undermining their ability to tackle the coronavirus outbreak. Changing patterns of work resulting from widespread lockdowns are also creating new vulnerabilities for organizations with many employees now working from home and using personal devices to work remotely.

In light of these developments, the panellists will discuss the evolving cyber threats resulting from the pandemic. How are they impacting ongoing conversations around cybersecurity? How can governments, private sector and civil society organizations work together to effectively mitigate and respond to them? And what could the implications of such cooperation be beyond the crisis? 

This event is part of a fortnightly series of 'Business in Focus' webinars reflecting on the impact of COVID-19 on areas of particular professional interest for our corporate members and giving circles.

Not a corporate member? Find out more.




cybersec

Cybersecurity Series: Inside the Cyber Mafia




cybersec

Cybersecurity Series: Exploring Methods of Internet Censorship and Control




cybersec

Cybersecurity in the Commonwealth: Building the Foundations of Effective National Responses in the Caribbean

Invitation Only Research Event

8 March 2019 - 9:00am to 5:30pm

Bridgetown, Barbados

Event participants

Joyce Hakmeh, Cyber Research Fellow, International Security Department, Chatham House

This workshop is the second in a series in the 'Implementing the Commonwealth Cybersecurity Agenda' project. The workshop aims to provide a multi-stakeholder pan-Commonwealth platform to discuss how to take the implementation of the 'Commonwealth Cyber Declaration' forward with a focus on the second pillar of the declaration – building the foundations of an effective national cybersecurity response with eight action points. 

As such, the workshop gathers different project implementers under the UK Foreign and Commonwealth Office’s Cyber Programme, in addition to other key relevant stakeholders from the global level, to explore ongoing initiatives which aim to deliver one or more of pillar two’s action points.

The workshop addresses issues from a global perspective and a Commonwealth perspective and will include presentations from selected partners from different Commonwealth countries.

Calum Inverarity

Research Analyst and Coordinator, International Security Department
+44 (0) 207 957 5751




cybersec

Cybersecurity of NATO’s Space-based Strategic Assets

1 July 2019

Almost all modern military engagements rely on space-based assets, but cyber vulnerabilities can undermine confidence in the performance of strategic systems. This paper will evaluate the threats, vulnerabilities and consequences of cyber risks to strategic systems.

Dr Beyza Unal

Senior Research Fellow, International Security Programme

2019-06-25-Space-Cybersecurity.jpg

The radar domes of RAF Menwith Hill, reported to be the biggest spy base in the world, dominate the skyline on 30 October 2007 in Harrogate, UK. Photo: Getty Images

Summary

  • All satellites depend on cyber technology including software, hardware and other digital components. Any threat to a satellite’s control system or available bandwidth poses a direct challenge to national critical assets.
  • NATO’s missions and operations are conducted in the air, land, cyber and maritime domains. Space-based architecture is fundamental to the provision of data and services in each of these contexts. The critical dependency on space has resulted in new cyber risks that disproportionately affect mission assurance. Investing in mitigation measures and in the resilience of space systems for the military is key to achieving protection in all domains.
  • Almost all modern military engagements rely on space-based assets. During the US-led invasion of Iraq in 2003, 68 per cent of US munitions were guided utilizing space-based means (including laser-, infrared- and satellite-guided munitions); up sharply from 10 per cent in 1990–91, during the first Gulf war. In 2001, 60 per cent of the weapons used by the US in Afghanistan were precision-guided munitions, many of which had the capability to use information provided by space-based assets to correct their own positioning to hit a target.
  • NATO does not own satellites. It owns and operates a few terrestrial elements, such as satellite communications anchor stations and terminals. It requests access to products and services – such as space weather reports and satellite overflight reports provided via satellite reconnaissance advance notice systems – but does not have direct access to satellites: it is up to individual NATO member states to determine whether they allow access.
  • Cyber vulnerabilities undermine confidence in the performance of strategic systems. As a result, rising uncertainty in information and analysis continues to impact the credibility of deterrence and strategic stability. Loss of trust in technology also has implications for determining the source of a malicious attack (attribution), strategic calculus in crisis decision-making and may increase the risk of misperception.




cybersec

Cybersecurity by Design in Civil Nuclear Power Plants

24 July 2019

Cyberattacks are increasingly challenging critical national infrastructure. This paper considers the security by design approach for civil nuclear power plants and analyses areas of risk and opportunities for the nuclear industry.

Dr Beyza Unal

Senior Research Fellow, International Security Programme

Roger Brunt

Managing Director, Grosmont Howe Ltd

2019-07-24-NuclearPlant.jpg

An employee climbs into the cooling tower of the third and fourth unit at Mochovce nuclear power plant in Slovakia on 2 July 2019. Photo: Getty Images

Summary

  • The application of ‘security by design’ in nuclear new builds could provide operators with the opportunity to establish a robust and resilient security architecture at the beginning of a nuclear power plant’s life cycle. This will enhance the protection of the plant and reduce the need for costly security improvements during its operating life.
  • Security by design cannot fully protect a nuclear power plant from rapidly evolving cyberattacks, which expose previously unsuspected or unknown vulnerabilities.
  • Careful design of security systems and architecture can – and should – achieve levels of protection that exceed current norms and expectations. However, the sourcing of components from a global supply chain means that the integrity of even the most skilfully designed security regime cannot be guaranteed without exhaustive checks of its components.
  • Security by design may well include a requirement for a technical support organization to conduct quality assurance of cyber defences and practices, and this regime should be endorsed by a facility’s executive board and continued at regular intervals after the new build facility has been commissioned.
  • Given the years it takes to design, plan and build a new nuclear power plant, it is important to recognize that from the point of ‘design freeze’ onwards, the operator will be building in vulnerabilities, as technology continues to evolve rapidly while construction fails to keep pace with it. Security by design cannot be a panacea, but it is an important factor in the establishment of a robust nuclear security – and cybersecurity – culture.




cybersec

Supporting NHS Cybersecurity During COVID-19 is Vital

2 April 2020

Joyce Hakmeh

Senior Research Fellow, International Security Programme; Co-Editor, Journal of Cyber Policy
The current crisis is an opportunity for the UK government to show agility in how it deals with cyber threats and how it cooperates with the private sector in creating cyber resilience.

2020-04-02-NHS-nurse-tech-cyber

Nurse uses a wireless electronic tablet to order medicines from the pharmacy at The Queen Elizabeth Hospital, Birmingham, England. Photo by Christopher Furlong/Getty Images.

The World Health Organization, US Department of Health and Human Services, and hospitals in Spain, France and the Czech Republic have all suffered cyberattacks during the ongoing COVID-19 crisis.

In the Czech Republic, a successful attack targeted a hospital with one of the country’s biggest COVID-19 testing laboratories, forcing its entire IT network to shut down, urgent surgical operations to be rescheduled, and patients to be moved to nearby hospitals. The attack also delayed dozens of COVID-19 test results and affected the hospital’s data transfer and storage, affecting the healthcare the hospital could provide.

In the UK, the National Health Service (NHS) is already in crisis mode, focused on providing beds and ventilators to respond to one of the largest peacetime threats ever faced. But supporting the health sector goes beyond increasing human resources and equipment capacity.

Health services ill-prepared

Cybersecurity support, both at organizational and individual level, is critical so health professionals can carry on saving lives, safely and securely. Yet this support is currently missing and the health services may be ill-prepared to deal with the aftermath of potential cyberattacks.

When the NHS was hit by the Wannacry ransomware attack in 2017 - one of the largest cyberattacks the UK has witnessed to date – it caused massive disruption, with at least 80 of the 236 trusts across England affected and thousands of appointments and operations cancelled. Fortunately, a ‘kill-switch’ activated by a cybersecurity researcher quickly brought it to a halt.

But the UK’s National Cyber Security Centre (NCSC), has been warning for some time against a cyber attack targeting national critical infrastructure sectors, including the health sector. A similar attack, known as category one (C1) attack, could cripple the UK with devastating consequences. It could happen and we should be prepared.

Although the NHS has taken measures since Wannacry to improve cybersecurity, its enormous IT networks, legacy equipment and the overlap between the operational and information technology (OT/IT) does mean mitigating current potential threats are beyond its ability.

And the threats have radically increased. More NHS staff with access to critical systems and patient health records are increasingly working remotely. The NHS has also extended its physical presence with new premises, such as the Nightingale hospital, potentially the largest temporary hospital in the world.

Radical change frequently means proper cybersecurity protocols are not put in place. Even existing cybersecurity processes had to be side-stepped because of the outbreak, such as the decision by NHS Digital to delay its annual cybersecurity audit until September. During this audit, health and care organizations submit data security and protection toolkits to regulators setting out their cybersecurity and cyber resilience levels.

The decision to delay was made to allow the NHS organizations to focus capacity on responding to COVID-19, but cybersecurity was highlighted as a high risk, and the importance of NHS and Social Care remaining resilient to cyberattacks was stressed.

The NHS is stretched to breaking point. Expecting it to be on top of its cybersecurity during these exceptionally challenging times is unrealistic, and could actually add to the existing risk.

Now is the time where new partnerships and support models should be emerging to support the NHS and help build its resilience. Now is the time where innovative public-private partnerships on cybersecurity should be formed.

Similar to the economic package from the UK chancellor and innovative thinking on ventilator production, the government should oversee a scheme calling on the large cybersecurity capacity within the private sector to step in and assist the NHS. This support can be delivered in many different ways, but it must be mobilized swiftly.

The NCSC for instance has led the formation of the Cyber Security Information Sharing Partnership (CiSP)— a joint industry and UK government initiative to exchange cyber threat information confidentially in real time with the aim of reducing the impact of cyberattacks on UK businesses.

CiSP comprises organizations vetted by NCSC which go through a membership process before being able to join. These members could conduct cybersecurity assessment and penetration testing for NHS organizations, retrospectively assisting in implementing key security controls which may have been overlooked.

They can also help by making sure NHS remote access systems are fully patched and advising on sensible security systems and approved solutions. They can identify critical OT and legacy systems and advise on their security.

The NCSC should continue working with the NHS to enhance provision of public comprehensive guidance on cyber defence and response to potential attack. This would show they are on top of the situation, projecting confidence and reassurance.

It is often said in every crisis lies an opportunity. This is an opportunity for the UK government to show agility in how it deals with cyber threats and how it cooperates with the private sector in creating cyber resilience.

It is an opportunity to lead a much-needed cultural change showing cybersecurity should never be an afterthought.




cybersec

Supporting NHS Cybersecurity During COVID-19 is Vital

2 April 2020

Joyce Hakmeh

Senior Research Fellow, International Security Programme; Co-Editor, Journal of Cyber Policy
The current crisis is an opportunity for the UK government to show agility in how it deals with cyber threats and how it cooperates with the private sector in creating cyber resilience.

2020-04-02-NHS-nurse-tech-cyber

Nurse uses a wireless electronic tablet to order medicines from the pharmacy at The Queen Elizabeth Hospital, Birmingham, England. Photo by Christopher Furlong/Getty Images.

The World Health Organization, US Department of Health and Human Services, and hospitals in Spain, France and the Czech Republic have all suffered cyberattacks during the ongoing COVID-19 crisis.

In the Czech Republic, a successful attack targeted a hospital with one of the country’s biggest COVID-19 testing laboratories, forcing its entire IT network to shut down, urgent surgical operations to be rescheduled, and patients to be moved to nearby hospitals. The attack also delayed dozens of COVID-19 test results and affected the hospital’s data transfer and storage, affecting the healthcare the hospital could provide.

In the UK, the National Health Service (NHS) is already in crisis mode, focused on providing beds and ventilators to respond to one of the largest peacetime threats ever faced. But supporting the health sector goes beyond increasing human resources and equipment capacity.

Health services ill-prepared

Cybersecurity support, both at organizational and individual level, is critical so health professionals can carry on saving lives, safely and securely. Yet this support is currently missing and the health services may be ill-prepared to deal with the aftermath of potential cyberattacks.

When the NHS was hit by the Wannacry ransomware attack in 2017 - one of the largest cyberattacks the UK has witnessed to date – it caused massive disruption, with at least 80 of the 236 trusts across England affected and thousands of appointments and operations cancelled. Fortunately, a ‘kill-switch’ activated by a cybersecurity researcher quickly brought it to a halt.

But the UK’s National Cyber Security Centre (NCSC), has been warning for some time against a cyber attack targeting national critical infrastructure sectors, including the health sector. A similar attack, known as category one (C1) attack, could cripple the UK with devastating consequences. It could happen and we should be prepared.

Although the NHS has taken measures since Wannacry to improve cybersecurity, its enormous IT networks, legacy equipment and the overlap between the operational and information technology (OT/IT) does mean mitigating current potential threats are beyond its ability.

And the threats have radically increased. More NHS staff with access to critical systems and patient health records are increasingly working remotely. The NHS has also extended its physical presence with new premises, such as the Nightingale hospital, potentially the largest temporary hospital in the world.

Radical change frequently means proper cybersecurity protocols are not put in place. Even existing cybersecurity processes had to be side-stepped because of the outbreak, such as the decision by NHS Digital to delay its annual cybersecurity audit until September. During this audit, health and care organizations submit data security and protection toolkits to regulators setting out their cybersecurity and cyber resilience levels.

The decision to delay was made to allow the NHS organizations to focus capacity on responding to COVID-19, but cybersecurity was highlighted as a high risk, and the importance of NHS and Social Care remaining resilient to cyberattacks was stressed.

The NHS is stretched to breaking point. Expecting it to be on top of its cybersecurity during these exceptionally challenging times is unrealistic, and could actually add to the existing risk.

Now is the time where new partnerships and support models should be emerging to support the NHS and help build its resilience. Now is the time where innovative public-private partnerships on cybersecurity should be formed.

Similar to the economic package from the UK chancellor and innovative thinking on ventilator production, the government should oversee a scheme calling on the large cybersecurity capacity within the private sector to step in and assist the NHS. This support can be delivered in many different ways, but it must be mobilized swiftly.

The NCSC for instance has led the formation of the Cyber Security Information Sharing Partnership (CiSP)— a joint industry and UK government initiative to exchange cyber threat information confidentially in real time with the aim of reducing the impact of cyberattacks on UK businesses.

CiSP comprises organizations vetted by NCSC which go through a membership process before being able to join. These members could conduct cybersecurity assessment and penetration testing for NHS organizations, retrospectively assisting in implementing key security controls which may have been overlooked.

They can also help by making sure NHS remote access systems are fully patched and advising on sensible security systems and approved solutions. They can identify critical OT and legacy systems and advise on their security.

The NCSC should continue working with the NHS to enhance provision of public comprehensive guidance on cyber defence and response to potential attack. This would show they are on top of the situation, projecting confidence and reassurance.

It is often said in every crisis lies an opportunity. This is an opportunity for the UK government to show agility in how it deals with cyber threats and how it cooperates with the private sector in creating cyber resilience.

It is an opportunity to lead a much-needed cultural change showing cybersecurity should never be an afterthought.




cybersec

Staff Email Addresses Removed From District Websites to Improve Cybersecurity

Some district technology leaders say having staff email addresses publicly available opens the door for phishing scams and potential hacks.




cybersec

Q&A: How to Bolster Cybersecurity in Your Schools

Melissa Tebbenkamp, the director of instructional technology for the Raytown Quality Schools near Kansas City, says her district's biggest cybersecurity risk is "ourselves." She outlines what it takes to teach educators how to help protect schools and districts against cyberattacks.




cybersec

Binary code fingerprinting for cybersecurity : application to malicious code fingerprinting

Alrabaee, Saed, authior
9783030342388 (electronic bk.)




cybersec

K-12 Tech Leaders Prioritize Cybersecurity, But Many Underestimate Risks, Survey Says

Less than 20 percent of respondents to a new CoSN survey marked any items on a list of cybersecurity threats as "high-risk" from their perspective.




cybersec

Cybersecurity professional speaks to students via Zoom

Penn State Greater Allegheny’s current students recently joined a virtual conversation about Cybersecurity Analytics and Operations, Greater Allegheny’s newest 4-year program starting this fall.




cybersec

New job roles: The Future of cybersecurity jobs in India

The rate at which developments are happening means a cybersecurity experts need to constantly update with not only the latest tools and gadgets to hit the market, but also with the latest trends and happenings in the domain.



  • Jobs and Education