techUK Cyber Security Newsletter (October 2021)

Introduction

Welcome to the October edition of the techUK Cyber Security Newsletter.

 

Fresh off the press, we saw positive news in Government’s Autumn Budget and Spending Review with a £114 million increase in the National Cyber Security Programme for across the SR21 period to keep adapting, innovating and investing to maintain and extend the UK’s competitive edge as a responsible, democratic cyber power. techUK looks forward to engaging further with Government on all aspects of its cyber strategy.

 

In other news, a new US survey from cyber security company ThycoticCentrify has this month revealed that 64% of the companies it surveyed had been victims of ransomware attacks in the past 12 months … and a whopping 83% paid the ransom. Indeed, ransomware remains the most immediate threat to businesses. Sir Jeremy Fleming has just this week warned that the number of these attacks has doubled across the UK in 2021 compared with last year; and that GCHQ plans to use the new cyber force to hunt ransomware gangs

 

Another October report to be aware of is CyberASAP’s new Impact & Insights Report, which outlines some of the key successes of the programme, including the formation of 21 companies to date and that alumni of the programme have raised over £16 million in further funding to develop their prototypes. And November won’t be short of reading material either, as we look forward to the publication of the NCSC’s Annual Review and its next Diversity and Inclusion in Cyber Security report – keep an eye on the techUK website for more on these!  

 

News and Views

techUK member survey 2021 

We are inviting our members to take part in our 2021 member survey. The survey will take approximately ten minutes and the results will have a real impact on techUK’s ongoing work on behalf of our members.


Misogyny is alive and well in the cyber realm

In this article, this year’s joint winner of techUK’s Cyber Innovation Den, CAPSLOCK, provides evidence to raise awareness about the fact that women are still being ignored and undervalued in meetings.

 

Scam calls affecting millions

Telecoms regulator Ofcom has released the results of a survey conducted in the summer, which states that nearly 45 million people in the UK have been the target of a scam message or phone call in the past 3 months – with 16-34 year olds more likely to be targeted by text message; and the over 75s via their landline number.

 

How cloud services help boost cyber resilience

Cloud-based software solutions are often more powerful, convenient, and affordable than locally hosted alternatives, but people still wonder: are they really secure? More than 96% of organisations have adopted some form of cloud technology, yet many haven’t yet put in place all the policies and procedures they need to protect sensitive data from cyber threats.  In this article, Genetec’s Steve Green takes a look at how organisations can secure their cloud-based software.

 

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

The Microsoft Threat Intelligence Center (MSTIC) detected nation-state activity associated with a threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple CSPs, MSPs and other IT services organisations. The NSCS is encouraging organisations to protect themselves by following Microsoft technical guidance.

 

techUK Events

Briefing on Cyber Exports to India

11 January | 10.00-11.30

 Sign up here

This techUK/CGP cyber briefing will explore the opportunities and challenges for cyber exporters interested in the Indian market. The COVID-19 pandemic has altered the cyber security landscape for all regions around the globe and hit at a time when India has rapidly scaled its technology enabled economy. In recent times India has recorded around a 37% increase in cyber-attacks. There are various opportunities for UK cyber companies to export and engage across the Indian market. These include Artificial Intelligence (AI) which is a rapidly growing sector, automation, Zero-Trust and broader corporate cyber products and services. The type of cyber-attacks is also evolving, creating a more complex and advance set of threats. These include cloud vulnerability, social engineering and phishing attacks, attacks using emerging technology, data breaches, malware and ransomware.