‘The best way to learn about cyber security is to engage in realistic scenarios, such as the competition that we ve just hosted . Saturday s event created a scenario that really tested a candidate s ability to perform under pressure, think strategically, work as a team and display leadership skills’ This weekend, Barclays and Cabinet Office-backed security initiative Cyber Security Challenge UK1, hosted an immersive competition to test the skills of thirty cyber enthusiasts.
The competition required contestants to adopt the role of interns at a fictitious cyber security firm, who had to defend their company from a cyber-attack, triggered by an insider, all while their superiors were on a team-building canoeing adventure. >See also: The cyber security challenge for retail branch IT2 The competition is the last of 2017 s Cyber Security Challenge UK face-to-face competitions to unearth the UK s hidden cyber talent and place these individuals in public and private sector cyber security roles to fill the critical cyber security skills gap . Not only does cyber security offer an exciting and varied career, but a lucrative one too with roles averaging over 60,000 per year after training. The competition took place in national heritage site and grand country house, Radbroke Hall, which is also the current site of Barclays Technology Centre . In the scenario, the interns , who were staffing a fictitious security firm called Research4U , had to spring into action after a hacking group launched a large-scale cyber attack on the company, stealing confidential technology, source code and client data . The story saw hackers demand a ransom of 10m to prevent releasing the data to the press. Competitors had to infiltrate and stop the fictional hacker group in order to destroy the leaked information before it could be released to the press . Leading cyber specialists from Barclays and other leading industry organisations assessed the contestants on their vulnerability assessment, reconnaissance, attack strategies and espionage skills in order to rank their performance and suitability for careers in the industry.
>See also: The security challenges with the Internet of Things3 The winning team was team Wormhole: Carolyn Yates, Isabel Whistlecroft, Kajusz Dykiel, Peter Campbell and Waldo Woch. The eight contestants that have qualified for next month s Masterclass grand finale were: Cameron Howes, Asher Caswell, Tom Brook, Vlad Ellis, Mohammed Rahman, David Young, Rajiv Shah and Isabel Whistlecroft .
They will join the previous F2F winners from earlier in the year at Masterclass where they will compete against each other and have the opportunity to network with industry experts, in addition to winning career-enhancing prizes including degree scholarships, training courses, technology and gadgets and industry memberships. Nigel Harrison, acting Chief Executive of Cyber Security Challenge UK said: This year s scenarios have been varied in nature in order to demonstrate the range of cyber threats that this nation faces as well as the sheer breadth of sectors that need cyber security professionals from banking and finance, to automotive and even retail . Sponsors, like Barclays make this possible and, in turn, help to open the door to dozens more careers . I would like to encourage any budding cyber security specialist, or white hat hackers , to consider applying for our competitions . The nation faces a growing cyber security threat, so we are in real need of talent that can keep organisations, and the public, secure . Why not Challenge Yourself today?
>See also: Cyber security the unrelenting challenge for leadership4 The competition mirrors recent high profile attacks, such as WannaCry, where hackers held organisations to ransom across the globe . With the Public Accounts Committee revealing earlier this year that the Government s ability to protect Britain from high-level cyber attacks is undermined by a skills shortage, the need to find individuals with cyber skills has never been greater. Troels Oerting, Barclays Group Chief Security Officer (CSO) and Group Chief Information Security Officer (CISO) said: The best way to learn about cyber security is to engage in realistic scenarios, such as the competition that we ve just hosted . Saturday s event created a scenario that really tested a candidate s ability to perform under pressure, think strategically, work as a team and display leadership skills . A career in cyber security requires various skills, including the ability to second-guess hackers and make critical decisions quickly .
It was very encouraging to see students so immersed in solving the challenge we set them, and I wish all the candidates the very best in their careers.
- ^ Cyber Security Challenge UK (www.cybersecuritychallenge.org.uk)
- ^ The cyber security challenge for retail branch IT (www.information-age.com)
- ^ The security challenges with the Internet of Things (www.information-age.com)
- ^ Cyber security the unrelenting challenge for leadership (www.information-age.com)
North East technology firm Kromek is cementing its strength in security markets after winning a second long-term contract in the sector this year.
The Sedgefield firm1 , which is based at NETPark, has announced a five-year deal with a new customer which is a leader in X-ray imaging systems. The radiation detection technology company, which also works in the medical and nuclear markets, said the five-year deal is worth $2m ( 1.54m) over the period. The work will see the manufacturer incorporate Kromek s technology into its baggage security screening systems, which will boost detection of an extensive range of threat materials.
This marks the second long-term contract Kromek has signed in the security screening market this year, following the announcement in February of a five-year $3.1m ( 2.39m) agreement with an existing US customer that is an emerging leader and global company in the homeland security marketplace. Dr Arnab Basu, chief executive officer of Kromek, said: We are delighted to secure another long-term contract with a new OEM customer in the security screening market.
This agreement further demonstrates the demand for our products and technology as all OEMs in this arena begin upgrading their legacy systems to bring them in line to detect modern day threats . We look forward to working with this new customer and developing a long-term relationship with them.
The announcement comes just over two weeks after the firm was awarded a new contract by a health sector customer worth at least 4.1m.
The radiation detection specialist already has contracts with the firm, which works in the bone mineral densitometry sector, which involves making detectors which are used to determine a patient s bone quality, helping doctors in the diagnosis and management of diseases such as osteoporosis. In June the firm posted full year results showing growth in turnover of 7.5% from 8.3m to 9m. Mr Basu pledged a step change at the firm that will see it pull off larger contracts and boost revenue by 40% this year.
Over the last 24 months the firm has won more than $40m ( 30.9m) in contracts across its market sectors as commercialisation has stepped up.
‘By not detecting and investigating these short, surgical, DDoS attacks on their networks, infrastructure organisations could also be leaving their doors wide-open for malware or ransomware attacks, data theft or more serious cyber attacks’ Over a third of national critical infrastructure organisations in the UK (39%) have not completed basic cyber security standards issued by the UK government, according to data revealed under the Freedom of Information Act by Corero Network Security, a provider of real-time DDoS defence solutions. The fact that so many infrastructure organisations have not completed the 10 Steps to Cyber Security programme indicates a lack of cyber resilience within organisations which are critical to the functioning of UK society.
>See also: Ukraine s national postal service suffers 2 day long DDoS attack1 It also suggested that some of these organisations could be liable for fines of up to 17 million, or 4% of global turnover, under the UK government s proposals to implement the EU s Network and Information Systems (NIS) directive, from May 2018. The Freedom of Information requests were sent by Corero, in March 2017, to 338 critical infrastructure organisations in the UK, including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers and transport organisations.
In total, 163 responses were received, with 63 organisations (39%) admitting to not having completed the 10 Steps programme . Among responses from NHS Trusts, 42% admitted not having completed the programme. >See also: The cyber security industry is losing the cyber war2
Sean Newman, Director of Product Management at Corero, comments: Cyber attacks against national infrastructure have the potential to inflict significant, real-life disruption and prevent access to critical services that are vital to the functioning of our economy and society . These findings suggest that many such organisations are not as cyber resilient as they should be, in the face of growing and sophisticated cyber threats.
Critical infrastructure operators ignoring DDoS threats
Modern Distributed Denial of Service (DDoS) attacks represent a serious security and availability challenge for operators of essential services . This is why DDoS protection is highlighted within the government consultation on NIS as a mechanism that critical infrastructure should consider when protecting their services and availability from disruption caused by cyber attacks. But while most people equate DDoS with high-volume attacks, like that against DNS provider Dyn in 2016 that took down large parts of America s internet, the vast majority of today s attacks are actually short and low volume in nature. >See also: The security challenges with the Internet of Things3 In fact, 90% of DDoS attack attempts stopped by Corero during Q1 2017 were less than 30 minutes in duration, and 98% were less than 10Gbps in volume. Due to their small size, these stealth DDoS attacks often go unnoticed by security staff, but they are frequently used by attackers in their efforts to target, map and infiltrate a network. Worryingly, the Freedom of Information data revealed that most UK critical infrastructure organisations (51%) are potentially vulnerable to these attacks, because they do not detect or mitigate short-duration surgical DDoS attacks on their networks. As a result, just 5% of these infrastructure operators admitted to experiencing DDoS attacks on their networks in the past year (to March 2017).
However, if 90% of the DDoS attacks on their networks are also shorter than 30 minutes, as experienced by Corero customers, the real figure could be considerably higher. >See also: Luxembourg state internet infrastructure hacked4 Newman, continues: In the face of a DDoS attack, time is of the essence .
Delays of minutes, tens-of-minutes, or more, before a DDoS attack is mitigated is not sufficient to ensure service availability, and could significantly impact the essential services provided by critical infrastructure organisations. By not detecting and investigating these short, surgical, DDoS attacks on their networks, infrastructure organisations could also be leaving their doors wide-open for malware or ransomware attacks, data theft or more serious cyber attacks . To keep up with the growing sophistication and organisation of well-equipped and well-funded threat actors, it s essential that organisations maintain comprehensive visibility across their networks, to instantly and automatically detect and block any potential DDoS incursions, as they arise.
The UK s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here56
- ^ Ukraine s national postal service suffers 2 day long DDoS attack (www.information-age.com)
- ^ The cyber security industry is losing the cyber war (www.information-age.com)
- ^ The security challenges with the Internet of Things (www.information-age.com)
- ^ Luxembourg state internet infrastructure hacked (www.information-age.com)
- ^ TechLeaders Summit (www.techleaderssummit.co.uk)
- ^ Secure your place at this prestigious summit by registering here (www.techleaderssummit.co.uk)