Month: September 2018

CompTIA, has announced the launch of a fully funded cyber security training programme for Scottish businesses. Funded by the Digital Scotland Business Excellence Partnership, and aligned to Skills Development Scotland’s Digital Skills investment plan, ‘Cyber Ready Scotland: A professional Upskilling Pilot Programme’ will upskill IT workers to give them and their companies the cybersecurity skills necessary to protect them online.

Cybersecurity is a tier 1 national threat. However, the cybersecurity skills gap is an issue that is leaving organisations’ defences vulnerable to hackers as there are not enough qualified cybersecurity professionals to help protect them. Cybersecurity skills are the third most in demand digital skill in Scotland according to the Scottish Technology Industry survey. It also conservatively estimates that there will be up to 2,120 unfilled cybersecurity related job roles in Scotland by 2020.

To help plug this gap, the Cyber Ready Scotland pilot will offer an initial 15 people in IT departments in Scottish businesses world class cybersecurity training through a six-month distance learning programme. During the course, must dedicate eight hours a week to study independently, involving adaptive learning through CompTIA’s CertMaster Practice tool, which responds in real-time to students’ feedback. Students will have access to ITProTV, a video training provider for everything IT related. The programme is now open to applications.

Businesses are encouraged to put forward employees to apply for Cyber Ready Scotland. The employers of the individuals enrolled in the programme will be eligible to receive up to 50 CompTIA CyberSecure licenses. CyberSecure is an online training programme that gives all employees – from CEO, to receptionist – a basic level of cybersecurity knowledge.

ITJobswatch.co.uk shows that the median salary in cybersecurity in Scotland is £57,500 – one of the most lucrative and fast-growing sectors.

The 15 candidates will be selected by a panel of assessors to receive expert guidance and learning material with the aim to become skilled cyber security analysts. They will gain the industry recognised CompTIA certifications  Security+ and Cybersecurity Analyst (CySA+).

Graham Hunter, VP EMEA at CompTIA said: “The cybersecurity skills gap is an issue that’s compromising national security. Cyber Ready Scotland will help plug the skills gaps by upskilling the existing workforce to move into in-demand roles in the high growth cybersecurity sector. If successful, we aim to push the programme wider so more people can have the chance to join this important sector.”

Claire Gillespie, Digital Sector Manager at Skills Development Scotland said: “We have chosen to support this programme because of the immediate business need it addresses, with cyber security skills being in such high demand, and the innovative and thorough way in which the course is structured. CompTIA has a long and proven record of delivering high quality training and certifications, and we look forward to congratulating the first round of graduates.”

CompTIA has awarded over 500,000 CompTIA Security+ certifications globally, validating cybersecurity skills. To learn more about Cyber Ready or to apply for the programme, visit https://certification.comptia.org/why-certify/cyber-ready-scotland or contact CyberReady@comptia.org.

(135)

It is no surprise that hackers will always target high value, critical data, so amongst some of the most targeted industries is healthcare; the highly sensitive patient data stored in this industry creates a playground ready for waiting hackers to exploit. In the past five years alone, healthcare breaches have grown in both frequency and size, with the largest impacting as many as 80 million people.

Last year, the NHS suffered significant disruption from WannaCry, which bought the vulnerability of the healthcare sector into sharp focus. This attack contributed to 1,300 hours’ of downtime over the last three years, but the problems are reflected globally; in the US, 45% of ransomware attacks in 2017 targeted healthcare organisations with over 175 million records being exposed or stolen since 2009.

With many organisations preparing to go fully digital over the next few years, healthcare services must learn from recent data breaches if they are to secure their infrastructure against cyberattacks. But what can the healthcare industry do to ensure that they are securing patient data and protecting their networks?

It’s a case of when, not if

For every organisation that deals with data – be it customer, financial or patient data – the reality is that they will experience a data breach at some point. It’s not only the increasing sophistication of the methods used by hackers, but equally as important, it’s the fact that healthcare data is no longer in one place, and no longer accessed within the confines of a facility.

Whilst patient data used to reside in hospitals and doctors’ offices, today’s distributed healthcare system spans the nation and sometimes even across the globe, across facilities, public clouds and private clouds. This critical data is not just distributed to healthcare staff, but to third parties whose devices and policies cannot be easily controlled. The attack surface is expanding considerably and connected mobile devices and Internet of Things (IoT) devices have become commonplace in healthcare settings: just the sheer number of medical, clinical, IT and admin staff needing access to patient data, at all times and in various settings, makes the legacy security measures that were once put in place now unable to cope with today’s complex and diverse network.

And it only takes one compromised device to enable a hacker to penetrate and then move laterally across a network, infecting potentially thousands of devices and bringing the network to a standstill. Some NHS Trusts were forced to turn off their network to prevent infection during the WannaCry attack. No organisation can afford to simply ‘turn off’ in order to prevent a compromise.

A new mindset: start with security

Hospitals and healthcare organisations must look beyond the network infrastructure and instead start with a security overlay that will cover the networks, independent of its infrastructure, rather than taking a narrow approach of building the strategy around the infrastructure. From a data security perspective, the network must become irrelevant, and with this flows a natural simplicity in approach.

Healthcare organisations need to consider innovative approaches such as Layer 4 encryption which renders the data itself undecipherable while in transit, and therefore worthless to hackers, without impacting the operational visibility of the enterprise network and data flows.

With cyber threats evolving all the time and cyber attacks ongoing, healthcare organisations can substantially reduce the likelihood of a data breach occurring by adopting robust security strategies designed for today’s more complex, distributed and hybrid networks. With such critical and sensitive patient data at risk, healthcare organisations really can’t afford to take the risk.

– Paul German, CEO, Certes Networks

(289)

A new study, by a government-funded agency, found after examining 850 attacks, that most of them are perpetrated by students on their own institutions.

This is not news to EfficientIP, a network protection company, whose Global DNS Threat Research (in its third year running), surveying 1,000 large businesses across nine countries, found that the threats facing the Education sector are even more damaging than suggested in this Government study.

Key findings of the Global DNS Threat Report include:

• The average cost of DNS-based attacks in the Education sector is $690,000 per attack in the past 12 months.
• The Education sector faced an average of seven attacks in the past twelve months. Cyber attacks cost the Education sector an average of $4 830 000.
• 73% of institutions took more than three days to apply a patch to a critical vulnerability.
• 41% of respondents in the Education sector were vulnerable to DNS-based malware. More than any of the other nine sectors surveyed. In comparison DDoS attacks in the Education sector scored a quite low 18%.

(122)

It has been reported that British Airways has suffered a large scale data breach, compromising nearly 380,000 card transactions and it was reported that it took 16 days for the breach to be detected, which is shockingly slow in this post-GDPR world.

British Airways has been blighted with IT issues over the last 18 months, with big application failures causing flights to be cancelled in July and also over Bank Holiday weekend in May 2017. The impact of poor application performance has disappointed thousands of customers who have not been shy in voicing their dismay. It seems the global airline industry should regularly monitor the security and performance of their applications, and not only focus on keeping the planes in the sky.

Paul Farrington, Head of EMEA at app security company CA Veracode, calls for more consistency in security and app performance in the airline industry: “The British Airways breach is just another example of how, as the amount of personal data held by organisations continues to grow, hackers are finding more sophisticated ways to gain access to this data and use it to make a profit. Furthermore with GDPR now in full force the board at BA will have to consider their exposure to regulatory fines, especially when it took 16 days for the breach to be detected, and if the financial losses will outstrip what it would have cost to prevent the breach in the first place. 

IT issues are not only affecting BA, but also in the wider airline industry. Airlines have a duty to keep the planes in the air, and the majority of investment goes into that. However, recent outages show investment should also be directed at technology. As airlines become ever more dependent on software, this creates a greater surface for hackers to attack and so it is no surprise that breaches of this scale are becoming commonplace. 

Customers are right to be angry. If UK businesses want to avoid becoming the next victim of a breach it is crucial that they take significant steps to secure their software, web applications and networks to ensure that they aren’t their weakest points of attack.” 

(104)