2015 – The year of constant and relentless attack









What a turbulent year 2015 has been for cyber security – starting with the fallout fromthe Sony data hack and ending with the recent breach at TalkTalk. With the coverage that each breach has received, you might be mistaken in thinking that the big name PLCs were the preferred target of the cyber criminal. Far from it.

In November, Ascentor attended IA15 where we were told of the “constant and relentless attacks” on the Government’s secure internet that receives over 33,000 malicious emails each month. “This is what we don’t hear about”, said minister Matthew Hancock, but it just confirms that if you are online – whether a business or government body – you are a target.

We hope the following highlights from our 2015 blog content will help you reflect on the past year -and secure your information and strengthen your business next year,and beyond.

The Defence Sector

One of our most popular articles of 2015 covered the Cyber Security Model for the Defence Industries (CSM) . We discussed how the CSM will help the supply chain to think more deeply about how to protect sensitive information and improve its defences against cyber security threats – and build confidence in the eyes of the MOD.

The CSM is expected to be introduced in April 2016 and from the 1st January the Defence Cyber Protection Partnership requests that companies have at least Cyber Essentials in place.

We also looked at Defence as a Platform , or DaaP, and how it plans to deliver information services to defence. But, we posed the question, how would Information Assurance (IA) fit into the new process?

Government Information Assurance

Our ‘ Cutting through the confusion ‘ series covered some of the recent UK Government IA changes – and what they mean for you. In 2015, we published two articles which summarised the essential ‘need to know’ facts and implications with links to read further should you wish. A third edition will follow early next year.

We’ve already mentioned IA15 – hosted by CESG, it was HM Government’s principal event for briefing the UK’s information security leaders and focused on the implementation of effective cyber security in our public services. As we discovered, public trust in networks and data security was a central theme.

Sony and TalkTalk

Our first post of the year looked at the Sony breach and asked ‘Which cyber security breach could cause you the most pain this year?’ Like many victims of cyber crime, big or small, Sony had little idea what breach was coming next. And nor did TalkTalk.

If back luck comes in threes, TalkTalk is a good example. Their November breach was actually the third one to target the business over the past 12 months – perhaps this was why the coverage was so negative, with an estimated eventual cost to the business of c. £35 million.

The Insider Threat

If there is one constant across all organisations it’s people – or more specifically employees and contractors. The potential for malicious damage and the additional risk ofunintentional data loss through negligence and error has become known as ‘The Insider Threat’ – and it poses a huge issue for information risk. We re-visited our research on the topic and explored some of the surveys from 2015.

Future articles

If you have any questions or would like to suggest a topic for future coverage, please feel free to get in touch.

We’ll be back in 2016 with what we hope will be another year of stimulating articles – but in the meantime, may wewish you all a very happy and peaceful Christmas and New Year.

For further information

If you have found this article of interest, the Ascentor blog regularly carries articles about cyber security and information assurance issues. You might also like to keep in touch with Ascentor by receiving our quarterly newsletter and following us on LinkedIn and Twitter.

If you’d like to discuss how ourconsultants could advise on any aspect of Cyber Security and Information Assurance, please contact Dave Jamesat Ascentor.

Email: [email protected]

Office: 01452 881712

Web: ascentor.co.uk

Other posts you might like

Ten Top Tips for writing Information Risk Appetite Statements

What’s the Difference Between Cyber Security and Information Assurance (and does it matter?)

Generation Y and information security – a cyber criminal’s dream?


You may also be interested in:

Building business resilience

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How strong is your business resilience to threats to IT, information and physical security? And how can security standards like ISO 27001 and ISO 22301 help?

Ascentor's cyber security review 2020

Ascentor’s cyber security review of 2020

It was the year a different kind of virus dominated. But that didn’t stop cyber criminals exploiting it. We look back at 2020.

Cyber security myths of SMEs

Cyber security myths putting SMEs at risk

SMEs have long been a favourite hunting ground for cyber criminals and, in the worst case scenario, may not survive. We look at some of the myths that put SMEs at risk of cyber crime.