Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS
CTS, a managed service provider (MSP) for law firms in the United Kingdom, is urgently investigating a cyberattack that has disrupted its services potentially leaving hundreds of British law firms unable to access their case management systems. The company announced on Friday that it was experiencing a service outage which has impacted a portion of the services we deliver to some of our clients, and confirmed the outage was caused by a cyber incident. The UK government is closely monitoring the company’s situation, according to a government spokesperson. It is not known how many of the company’s clients are affected, although a report byToday’s Conveyancer estimated between 200 and 80 would be unable to access phone, emails, or case management systems.CTS said it was working closely with a leading global cyber forensics firm to help us with an urgent investigation into the incident and to assist us in service restoration. The company said it was confident it would be able to restore services but cautioned it could not give a timeline for full restoration, and pledged to communicate directly with the clients who were affected. The hack comes just weeks after the British government failed to introuduce promised legislation that would have required MSPs to increase their cybersecurity protections. MSPs are an attractive and high value target for malicious threat actors, and can be used as staging points through which threat actors can compromise the clients of those managed services, the government warned when it announced the new laws.
UK and US develop new global guidelines for AI Security
New guidelines for secure AI system development will help developers of any systems that use AI make informed cyber security decisions at every stage of the development process. Agencies from 18 countries, including the US, endorse new UK developed guidelines on AI cyber security. Guidelines for Secure AI System Development, led by GCHQ’s National Cyber Security Centre and developed with US’s Cybersecurity and Infrastructure Security Agency, build on AI Safety Summit to establish global collaboration on AI. In testament to the UK’s leadership in AI safety, agencies from 17 other countries have confirmed they will endorse and co-seal the new guidelines. The guidelines aim to raise the cyber security levels of artificial intelligence and help ensure that it is designed, developed, and deployed securely. The new UK led guidelines are the first of their kind to be agreed globally. They will help developers of any systems that use AI make informed cyber security decisions at every stage of the development process, whether those systems have been created from scratch or built on top of tools and service provided by others. The guidelines help developers ensure that cyber security is both an essential pre-condition of AI system safety and integral to the development process from the outset and throughout, known as a ‘secure by design’ approach. The guidelines are broken down into four key areas – secure design, secure development, secure deployment, and secure operation and maintenance, complete with suggested behaviours to help improve security. The product will be officially launched this afternoon at an event hosted by the NCSC, at which 100 key industry, government and international partners will gather for a panel discussion on the shared challenge of securing AI. Panellists include Microsoft, the Alan Turing Institute and UK, American, Canadian, and German cyber security agencies. These guidelines are intended as a global, multi-stakeholder effort to address that issue, building on the UK Government’s AI Safety Summit’s legacy of sustained international cooperation on AI risks.
EU Cybersecurity exercise for EU elections
To evaluate and strengthen current working methods ahead of the 2024 elections, EU institutions have organised a cybersecurity exercise today. National and EU partners tested their crisis plans and possible responses to potential cybersecurity incidents affecting the European elections. The exercise is part of the measures being implemented by the European Union to ensure free and fair elections in June 2024. It took place in the European Parliament and was organised by the European Parliament’s services, the European Commission and the EU Agency for Cybersecurity (ENISA). The drill allowed participants to exchange experiences and best practices, and will help them enhance their capacity to respond to cybersecurity incidents as well as to contribute to the update of existing guidelines and good practices on the cybersecurity of technology used in the election process. All is in place to ensure that European citizens can trust the EU electoral process. Risks to elections can take various forms from information manipulation and disinformation to cyber-attacks that compromise infrastructures. Based on various scenarios featuring potential cyber-enabled threats and incidents, the exercise allowed participants to: Deepen their knowledge of the level of critical aspects of European elections, including an assessment of the level of awareness among other stakeholders (e.g. political parties, electoral campaign organisations and suppliers of relevant IT equipment); Enhance cooperation between relevant authorities at national level (including elections authorities and other relevant bodies and agencies, such as cybersecurity authorities, Computer Security Incident Response Teams (CSIRTs), Data Protection Authorities (DPAs), authorities dealing with disinformation issues, as well as at EU level, such as the Commission services in charge of enforcement of the Digital Services Act (DSA); Verify existing EU Member States’ capacity to adequately assess the risks related to the cybersecurity of European elections, promptly develop situational awareness and co-ordinate communication to the public; Test existing crisis management plans as well as relevant procedures to prevent, detect, manage and respond to cybersecurity attacks and hybrid threats, including disinformation campaigns; Identify all other potential gaps as well as adequate risk mitigation measures which should be implemented ahead of the European Parliament elections.
Why Defenders Should Embrace a Hacker Mindset
Today’s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. Many organizations take a conventional approach to vulnerability management, documenting their assets and identifying associated vulnerabilities, often on a rigid schedule. One of the problems with the current strategy is that it compels defenders to think in lists, while hackers think in graphs. Malicious actors start with identifying their targets and what matters to them is to find even a single pathway to gain access to the crown jewels. 1) Understand Attackers Tactics Adopting a hacker’s mindset helps security leaders anticipate potential breach points and build their defense. This starts with a realistic understanding of the techniques malicious actors use to get from A to Z. This means that defenders must prepare for brute force attacks, loaders, keyloggers, exploit kits, and other rapidly deployable tactics. Security teams must also evaluate their responses to these tactics in real-world scenarios. Testing in a lab environment is a good start, but peace of mind only comes when directly evaluating production systems. Similarly, simulations are informative, but teams must go a step further and see how their defenses stand up to penetration tests and robust emulated attacks. 2) Reveal Complete Attack Paths, Step by Step No vulnerability exists in isolation. Hackers almost always combine multiple vulnerabilities to form a complete attack path. As a result, security leaders must be able to visualize the “big picture” and test their entire environment. By identifying the critical paths attackers could take from reconnaissance through exploitation and impact, defenders can prioritize and remediate effectively. 3) Prioritize Remediation Based on Impact Hackers typically look for the path of least resistance. This means that you should address your exploitable paths with the most impact first. From there, you can work your way through incrementally less-likely scenarios as resources allow. Leaders should also consider the potential business impact of the vulnerabilities they need to remediate. For example, a single network misconfiguration or a single user with excessive permissions can lead to many possible attack paths. Prioritizing high-value assets and critical security gaps helps you avoid the trap of spreading your resources too thin across your entire attack surface. 4) Validate the Effectiveness of Your Security Investments Testing the real-world efficacy of security products and procedures is critical. For instance – is your EDR properly detecting suspicious activity? Is the SIEM sending alerts as expected? How fast does your SOC respond? And most importantly, how effectively do all of the tools in your security stack interact together? These tests are essential as you measure your efforts.
Australia declares nationally significant cyber incident after port attack!
Australia’s biggest ports operator, which has been the target of a cyber-attack, has begun gradually restarting its operations, but key exports could be subject to prolonged delays. DP World Australia closed its Sydney, Melbourne, Brisbane and Fremantle port operations after detecting the breach on Friday, leaving cargo and containers stuck on the docks. The company disconnected its internet, which stopped ongoing unauthorised access to its network. This also resulted in key systems linked to its port operations not functioning normally. The nature of the outage has not been divulged and the National Cyber Security Coordinator has promised restoring services is the priority, with attribution a task for another day. On Sunday DP World advised that interruptions will stretch for a number of days, rather than weeks. The government has not yet identified the perpetrators of the cyber attack, which caused the firm to disconnect its ports from the internet. DP World said it halted internet connectivity at its ports on Friday to prevent any ongoing unauthorised access to its network. Going offline meant trucks had been unable to transport containers in and out of the affected sites. The resumption of service on Monday is the first step towards tackling the attack on its network. DP World said it was still in the process of investigating the disruption and guarding its systems against cyber attacks. Australia has seen a rise in cyber attacks since late 2022. Earlier this year, the Albanese government announced plans to overhaul its cybersecurity laws, and set up an agency to coordinate responses to intrusions. The government is expected to release details on its proposed rules next week which will likely tighten reporting requirements for companies.
Cyber attack hits council computer systems!
A suspected ransomware attack has caused significant disruption to IT systems at Western Isles local authority, Comhairle nan Eilean Siar. The council said access to its systems had been affected. The Scottish government and computer company Dell have been helping Comhairle nan Eilean Siar deal with the situation. In a ransomware attack, hackers use malicious software to scramble and steal an organisation’s computer data. The attack comes after the Scottish Environment Protection Agency (Sepa) had thousands of digital files stolen in cyber attack in 2020. In February this year, Audit Scotland said that some public money had been written off as a result, but the full financial impact was still unknown. A ransomware attack uses a type of software designed to disrupt or gain access to a computer system. The information is then encrypted making it difficult for a user to access their files or the information may be deleted or leaked. A group behind the attack may then demand money – a ransom – for return of the data or to prevent it being leaked. These types of attacks are not uncommon. In 2021, the Scottish Environment Protection Agency had more than 4,000 digital files stolen. And even tech firms are at risk. Last year Edinburgh-based Rockstar Games, creator of Grand Theft Auto, had footage and details of an unreleased game leaked online, with hackers threatening to release more unless a deal was reached. The advice to companies is not to pay a ransom as this might make them a target in the future and is no guarantee that data will be returned.
UK and US host international dialogue to advance cyber support for groups that strengthen democracy
Agency heads from nine countries share insights and approaches to help improve collective cyber resilience of global democracy. UK and US cyber chiefs convene international partners to discuss the heightened threat that groups central to our democratic societies face online. The head of the National Cyber Security Centre has co-chaired a meeting with international partners to discuss how democracies can help defend communities at higher risk of being targeted online. Communities identified as being at higher risk include individuals working in politics, including elected officials such as MPs, journalists, academics, lawyers, dissidents, and those sanctioned by foreign states. The dialogue, which has been set up by CISA as part of its High-Risk Community Protection initiative, saw participants brief about their existing efforts to protect civil society groups online, exchange insights into the threat landscape and agree to continue collaborating. The UK is committed to working with partners to ensure cyberspace remains a safe and prosperous place for everyone. A range of cyber security guidance, including practical advice for high-risk individuals, such as those working in politics can be found on the NCSC website. NCSC highlighted how commercial cyber intrusion tools – or spyware – have almost certainly been used by some states in the targeting of individuals such as journalists, human rights activists, political dissidents and opponents and foreign government officials. The participants in this first Strategic Dialogue on the Cyber Security of Civil Society Under Threat of Transnational Repression have agreed to meet in future to continue addressing the shared challenges of transnational repression.
CISO Best Practices for Managing Cyber Risk
Leading CISOs have offered best practices for security leaders on how to manage cyber risks effectively during 2023 – 2024 Use Appropriate Frameworks – Cybersecurity frameworks are the best place to start in cyber risk management. Urge CISOs to look at factors like the size of the company, their current risk management program and their sector when deciding which frameworks to use. For example, ISO27001 is often useful for organizations who are at the mid-point of their risk management journey. Understand Regulatory and Contractual Obligations – learn which cybersecurity regulations and contractual requirements their organization must adhere to. It’s surprising but not all organizations are adhering to what’s mandatory. CISOs should engage with the company’s legal officer if they are receiving pushback on taking measures to be compliant with a particular obligation. Understanding these obligations in full also helps security leaders develop the best ways to implement them, finding the middle ground between the letter of the law and impact on the business. Create a Sustainable Vulnerability Management Program – A critical vulnerability does not necessarily pose a high risk to your organization. Therefore, security teams should develop an internal definition of what is a critical vulnerability to their organization, analyzing factors like exploitability rates and what systems are affected. This enables CISOs to develop a realistic vulnerability management program that prioritizes the most dangerous threats to their organizations. Focus on the Basics – The reality is the vast majority of attacks are not sophisticated, such as social engineering and cracking passwords. Therefore, they urged CISOs to avoid the noise and focus on the basics of cybersecurity, such as implementing MFA, patching and access management policies. Consolidate Security Toolkits – Many organizations have purchased an excessive amount of security tools, citing one case in which a company had 19 separate tools. This makes it impossible for security teams to manage. Instead, CISOs should prioritize consolidating and concentrating their toolkit.
World first Cyber Security story book aimed at young children is unveiled
All primary one pupils in Scotland to receive free copy to build cyber security skills and protect their information online. A world-first illustrated children’s book designed to teach children aged 4-7 about cyber security and how to protect their information online is being launched. Education Scotland and the Scottish Government have unveiled Bongles and The Crafty Crows, which teaches young learners how to create passwords and passcodes using ‘three random words’ helping them to explore, play and communicate while using digital technologies, keeping their online information safer and more secure. The book which follows the adventures of Big Bubba, the Twins, Brainy and Pet Robot has been designed to equip teachers, parents and carers with an attractive resource to deliver important cyber resilience skills and is supported by a range of learning activities and materials. The book was showcased to children and teachers at a special event held at the Abertay CyberQuarter, Scotland’s multimillion pound cyber security research and development centre at Abertay University. Every Primary 1-aged child in Scotland will now receive a copy of The Bongles and The Crafty Crows in their Book Bug Bag due to be distributed in November 2023 ahead of Scottish Book Week, with Gaelic language versions sent to schools delivering in that medium. According to a recent report by Ofcom1, 97% of children in the UK have access to the internet with 86% of 5-7-year-olds using tablet devices to go online. It is hoped the new book will provide parents and carers with a host of hints and tips on how to talk to their children about protecting their precious information online. The book and associated learning materials will also be launched on the Scottish Government’s Parent Club website. We hope that teachers, parents and carers will use this engaging story and the learning activities that come with it to help their children learn about the importance of online safety. Digital technology is going to be at the heart of these children’s lives and it’s so important to help them learn how to stay safe online.
5 Reasons Why a Cyber Security Degree is Worth It
There are countless reasons why a Cyber Security degree is worth the investment. In fact, by one crucially important metric you could say there are 3.4 million reasons that’s the estimated number of cybersecurity positions that need to be filled. And the salaries are matching the demand with the average pay for a cybersecurity professional topping £128,000 with some salaries much higher. Why are there so many unfilled cyber security jobs? And why is this fast-growing industry paying top dollar for top talent? According to a Forbes article, cyber crime is projected to cost £10.5 trillion per year by 2025. Bottom line, the threat is urgent, the stakes are incredibly high and there aren’t nearly enough highly educated and qualified workers to meet the demand. That’s why companies are paying high salaries for well trained cybersecurity professionals and that’s also why earning a cybersecurity master’s degree could be the best investment you ever make. A Degree in Cybersecurity Equals Job Security If there was ever a time to enter the cybersecurity field, it is now. With cyber threats and attacks increasing in both frequency and sophistication, the demand for cybersecurity professionals is far outpacing the supply. This means that for qualified cybersecurity specialists, job security is practically guaranteed. Cyber Security Professionals Earn High Salaries Due to the severe shortage of skilled workers, cybersecurity professionals are among the most highly compensated in the technology sector. Cybersecurity Offers Unique and Interesting Ways to Make a Difference For example, some cybersecurity specialists are focused on using creative methods to attack the very systems they are aiming to protect, in order to discover vulnerabilities that could be exploited by hackers.Today, there are more and more so-called bug bounty programs in which skilled white-hat hackers work to disrupt the illegal and destructive efforts of their black-hat counterparts by finding and fixing weak spots in cybersecurity defense systems. Cybersecurity Work is Meaningful and Vitally Important A career in cybersecurity can bring personal and professional fulfillment while helping to defend one’s country. Corporations in all industries need robust cybersecurity defenses to guard against inevitable intrusions from hackers that can cost companies millions, even billions. But the stakes are even higher when it comes to the nations future safety and security, which will increasingly depend on our ability to combat high-tech warfare waged using advanced computer technology. Cybersecurity Skills, You’ll Learn the Basics – Plus Leadership, Management and More One of the most important benefits of earning a master’s degree in cybersecurity is the additional managerial and leadership training you will receive. In most technology programs these types of business skills are not taught as a part of the curriculum. However, in order to advance in the field and land high-ranking leadership positions, you’ll need to possess the right qualities, including keen business acumen.
