‘The best way to learn about cyber security is to engage in realistic scenarios, such as the competition that we ve just hosted . Saturday s event created a scenario that really tested a candidate s ability to perform under pressure, think strategically, work as a team and display leadership skills’ This weekend, Barclays and Cabinet Office-backed security initiative Cyber Security Challenge UK1, hosted an immersive competition to test the skills of thirty cyber enthusiasts.
The competition required contestants to adopt the role of interns at a fictitious cyber security firm, who had to defend their company from a cyber-attack, triggered by an insider, all while their superiors were on a team-building canoeing adventure. >See also: The cyber security challenge for retail branch IT2 The competition is the last of 2017 s Cyber Security Challenge UK face-to-face competitions to unearth the UK s hidden cyber talent and place these individuals in public and private sector cyber security roles to fill the critical cyber security skills gap . Not only does cyber security offer an exciting and varied career, but a lucrative one too with roles averaging over 60,000 per year after training. The competition took place in national heritage site and grand country house, Radbroke Hall, which is also the current site of Barclays Technology Centre . In the scenario, the interns , who were staffing a fictitious security firm called Research4U , had to spring into action after a hacking group launched a large-scale cyber attack on the company, stealing confidential technology, source code and client data . The story saw hackers demand a ransom of 10m to prevent releasing the data to the press. Competitors had to infiltrate and stop the fictional hacker group in order to destroy the leaked information before it could be released to the press . Leading cyber specialists from Barclays and other leading industry organisations assessed the contestants on their vulnerability assessment, reconnaissance, attack strategies and espionage skills in order to rank their performance and suitability for careers in the industry.
>See also: The security challenges with the Internet of Things3 The winning team was team Wormhole: Carolyn Yates, Isabel Whistlecroft, Kajusz Dykiel, Peter Campbell and Waldo Woch. The eight contestants that have qualified for next month s Masterclass grand finale were: Cameron Howes, Asher Caswell, Tom Brook, Vlad Ellis, Mohammed Rahman, David Young, Rajiv Shah and Isabel Whistlecroft .
They will join the previous F2F winners from earlier in the year at Masterclass where they will compete against each other and have the opportunity to network with industry experts, in addition to winning career-enhancing prizes including degree scholarships, training courses, technology and gadgets and industry memberships. Nigel Harrison, acting Chief Executive of Cyber Security Challenge UK said: This year s scenarios have been varied in nature in order to demonstrate the range of cyber threats that this nation faces as well as the sheer breadth of sectors that need cyber security professionals from banking and finance, to automotive and even retail . Sponsors, like Barclays make this possible and, in turn, help to open the door to dozens more careers . I would like to encourage any budding cyber security specialist, or white hat hackers , to consider applying for our competitions . The nation faces a growing cyber security threat, so we are in real need of talent that can keep organisations, and the public, secure . Why not Challenge Yourself today?
>See also: Cyber security the unrelenting challenge for leadership4 The competition mirrors recent high profile attacks, such as WannaCry, where hackers held organisations to ransom across the globe . With the Public Accounts Committee revealing earlier this year that the Government s ability to protect Britain from high-level cyber attacks is undermined by a skills shortage, the need to find individuals with cyber skills has never been greater. Troels Oerting, Barclays Group Chief Security Officer (CSO) and Group Chief Information Security Officer (CISO) said: The best way to learn about cyber security is to engage in realistic scenarios, such as the competition that we ve just hosted . Saturday s event created a scenario that really tested a candidate s ability to perform under pressure, think strategically, work as a team and display leadership skills . A career in cyber security requires various skills, including the ability to second-guess hackers and make critical decisions quickly .
It was very encouraging to see students so immersed in solving the challenge we set them, and I wish all the candidates the very best in their careers.
- ^ Cyber Security Challenge UK (www.cybersecuritychallenge.org.uk)
- ^ The cyber security challenge for retail branch IT (www.information-age.com)
- ^ The security challenges with the Internet of Things (www.information-age.com)
- ^ Cyber security the unrelenting challenge for leadership (www.information-age.com)
A market maker works on the trading floor at IG Index in London, Britain January 14, 2016.REUTERS/Stefan WermuthEarlier this month, credit reporting company Equifax disclosed that hackers had accessed1 the names and social security numbers of approximately 143 million of its US customers.
The breach tarnished Equifax’s reputation, destroyed its stock2 and decimated3 its executive ranks4. No one wants to be the next Equifax and it’s a safe bet that at this very moment big and small businesses across the country are scrambling to bolster their cyber fortifications. It’s not an easy feat . But Steve Martino, chief information security officer at Cisco, has developed some clever techniques through years of fighting the bad guys.
Cisco employees are constantly kept on their toes as Martino probes them for weak spots and drills a defensive mindset into them.
Martino sat down with Business Insider to share some of his key tactics for creating an organization that won’t become the victim of the next big cyber attack . Here’s what he recommends:
Kill your click-throughs
In online business, big click-through rates are great: it means customers are clicking on links and web pages to buy stuff.
Inside a company though, high click-through rates can be deadly as a daily barrage of phishing emails and other nefarious tricks try to entice susceptible employees into clicking a dangerous link.
Martino sends out fake phishing emails to Cisco’s entire staff every quarter .
Anyone who clicks on the phishing link is brought to an employee training video to teach them how to avoid engaging with suspicious emails in the future . The method works because it helps every employee understand their role in protecting their company against attacks.
“We’ve been able to reduce our click through rates by over 60% by giving them that training,” Martino says.
Protect your treasure
It’s extremely difficult to protect against every possible method of intrusion, so it’s best to focus on protecting the most important data. Figure out which customer and company data is most sensitive, as well as which portals of entry are most vulnerable, Martino advises.
“If you don’t know what your key things are, you’re trying to protect everything and you probably protect nothing,” he says.
Seek and destroy
Expect that attackers will get through some of the time and actively seek out the intruders.
“You have to recognize that in today’s interconnected world, no matter how much you deploy, mistakes will happen,” Martino says . From employees that click on phishing emails, to programmers that build buggy software, human mistake is often at the heart of security.
“Hackers are dedicated, and well funded adversaries, and they’re going to find errors in software,” says Martino.
Because of this, it’s vital that security teams actively look for existing breaches. One way to do this is to look for cybersecurity software which can work together, so that when something goes wrong at one point in the security process, protections are in place to prevent it from going any further.
Practice “fire drills”
Every student and office worker knows how to get out of the building fast if there’s an emergency . The same should be true for responding to cyber threats.
Martino recommends that management teams set up a cybersecurity playbook with defined steps that the team needs to take should their worst nightmares come to fruition.
Once the playbook is established, and roles are doled out to the staff, companies should run drills for security breaches the way that schools run drills for fires: The more a company practices, the better prepared staffers are when something does go wrong.
Spread the word
While a playbook is vital for the cybersecurity team, it should also include a prepared responses from other departments especially the communications team.
Most states have security breach notification laws that require companies to disclose when consumers have been impacted by a hack .
Companies also need plans for how to notify their board of directors, and other major stakeholders at the company .
And don’t forget to prep an apology statement to send to the press.
“If you don’t have a disaster response playbook, you’re going to try to make it up on the fly and make a lot of mistakes,” Martino says.
Nest is a type of home for a bird
GOOGLE OFFSHOOT Nest has announced a new range of products to help it limp back into the smart home market. The smart home pioneer, has lost its mojo of late with so many competitors in the space and a string of security issues1 and is now playing catch up, with a smart door lock, made with Yale, who already have a range of them, an intruder alarm, of which there are myriad, and a video doorbell, which is essentially another camera with a button on it, and unlikely to be better than the Ring range which has a huge head start. The company which made waves as the first popular smart’ thermostat to reach the masses, went on to buy security firm Dropcam and has moved its focus towards home security, particularly focusing on cameras.
Also on the list was an outdoor version of its IQ facial recognition camera, with HDR recordings as you would find in a top-of-the-range telly (why?) however, unlike offerings from the likes of Netatmo, a subscription is required for facial recognition, and that’s on top of the over-the-odds pricing. A Nest Secure starter kit will be $499 ( 368) and on there are further charges if you want a mobile (SIM) backup system . It consists of “Detect” sensors, “Tag” keyfobs to arm and disarm and “Guard” which is a box that makes a noise.
It seems that Nest believes that it can trade on its name and its “Works with Nest” system, based on Google’s IoT infrastructure, but although the build quality of Nest products is excellent, the premium pricing will not be a lure to those being offered similar specs from other companies. The big selling point is the ability to control everything from a single app, but there are plenty of ways to do that now for far less money, without being locked into a system. The rest of the range has yet to be priced but will go on sale in November in the US .
UK release dates are as yet unknown.