2015 – The year of constant and relentless attack









What a turbulent year 2015 has been for cyber security – starting with the fallout fromthe Sony data hack and ending with the recent breach at TalkTalk. With the coverage that each breach has received, you might be mistaken in thinking that the big name PLCs were the preferred target of the cyber criminal. Far from it.

In November, Ascentor attended IA15 where we were told of the “constant and relentless attacks” on the Government’s secure internet that receives over 33,000 malicious emails each month. “This is what we don’t hear about”, said minister Matthew Hancock, but it just confirms that if you are online – whether a business or government body – you are a target.

We hope the following highlights from our 2015 blog content will help you reflect on the past year -and secure your information and strengthen your business next year,and beyond.

The Defence Sector

One of our most popular articles of 2015 covered the Cyber Security Model for the Defence Industries (CSM) . We discussed how the CSM will help the supply chain to think more deeply about how to protect sensitive information and improve its defences against cyber security threats – and build confidence in the eyes of the MOD.

The CSM is expected to be introduced in April 2016 and from the 1st January the Defence Cyber Protection Partnership requests that companies have at least Cyber Essentials in place.

We also looked at Defence as a Platform , or DaaP, and how it plans to deliver information services to defence. But, we posed the question, how would Information Assurance (IA) fit into the new process?

Government Information Assurance

Our ‘ Cutting through the confusion ‘ series covered some of the recent UK Government IA changes – and what they mean for you. In 2015, we published two articles which summarised the essential ‘need to know’ facts and implications with links to read further should you wish. A third edition will follow early next year.

We’ve already mentioned IA15 – hosted by CESG, it was HM Government’s principal event for briefing the UK’s information security leaders and focused on the implementation of effective cyber security in our public services. As we discovered, public trust in networks and data security was a central theme.

Sony and TalkTalk

Our first post of the year looked at the Sony breach and asked ‘Which cyber security breach could cause you the most pain this year?’ Like many victims of cyber crime, big or small, Sony had little idea what breach was coming next. And nor did TalkTalk.

If back luck comes in threes, TalkTalk is a good example. Their November breach was actually the third one to target the business over the past 12 months – perhaps this was why the coverage was so negative, with an estimated eventual cost to the business of c. £35 million.

The Insider Threat

If there is one constant across all organisations it’s people – or more specifically employees and contractors. The potential for malicious damage and the additional risk ofunintentional data loss through negligence and error has become known as ‘The Insider Threat’ – and it poses a huge issue for information risk. We re-visited our research on the topic and explored some of the surveys from 2015.

Future articles

If you have any questions or would like to suggest a topic for future coverage, please feel free to get in touch.

We’ll be back in 2016 with what we hope will be another year of stimulating articles – but in the meantime, may wewish you all a very happy and peaceful Christmas and New Year.

For further information

If you have found this article of interest, the Ascentor blog regularly carries articles about cyber security and information assurance issues. You might also like to keep in touch with Ascentor by receiving our quarterly newsletter and following us on LinkedIn and Twitter.

If you’d like to discuss how ourconsultants could advise on any aspect of Cyber Security and Information Assurance, please contact Dave Jamesat Ascentor.

Email: [email protected]

Office: 01452 881712

Web: ascentor.co.uk

Other posts you might like

Ten Top Tips for writing Information Risk Appetite Statements

What’s the Difference Between Cyber Security and Information Assurance (and does it matter?)

Generation Y and information security – a cyber criminal’s dream?


You may also be interested in:

Work from home cyber security myths

Cyber security myths home workers fall for

Home workers are a growing gateway to your data and systems. If they believe any of these popular cyber security myths, your security is at serious risk.

Cyber security working from home

Managing good cyber security when working from home - what employers need to know

Home working carries increased security risks, but it doesn’t have to be open season for cyber criminals. These tips will help you put together a robust level of cyber security for your home based employees.

Cyber Essentials is changing - our overview

As the IASME Consortium takes over the management of the certification of Cyber Essentials (CE) Scheme, we look at what the changes will involve and why the scheme is still very much needed.