Think Digital Partners’ Cyber Security update

TDP’s Cyber Security advisor and CEO of the UK Cyber Security Association, Lisa Ventura gives her regular quarterly Cyber update.

Posted 15 March 2021 by Matt Stanley

Welcome to my quarterly post for Think Digital Partners (TDP) on all things cyber security. As a cyber security professional, I have my finger on the pulse of what is happening when it comes to data breaches and the latest cyber security related news. As part of my role as a cyber security advisor to TDP, I will be reporting on any interesting cyber security projects, news, and initiatives every quarter.

COVID-19 and Cyber Security Update

The COVID-19 pandemic is still ongoing, but with the vaccination programme well under way attention is turning to the return to the office. I, along with Chris Windley of Cyber Security Valley UK, predict that there will be a move towards a hybrid way of working, with many employees working a couple of days or so a week at home with the rest in the office. 

As we slowly start to return to the office over the coming months, organisations should consider the cyber security ramifications of introducing devices back onto a corporate/office network after being on a home internet or Wi-Fi connection for so long. Devices should be scanned and checked to ensure that they are safe to re-introduce onto corporate networks.

Chris Windley also predicts that there will be a “secondary office” where employees will work from such as a hot desking environment or meeting space, and has recently launched a “COVID Safe and Cyber Safe” campaign to highlight this as restrictions are lifted and we slowly start to return to the office.

The SolarWinds Data Breach

There can’t be many of us who haven’t heard about the SolarWinds data breach which was discovered at the end of last year. SolarWinds is an IT software and infrastructure company, and by using a Trojan Horse system, cybercriminals were able to infect more than 18,000 companies. 

What was even more interesting about this particular data breach is that it shows that no-one is 100% protected against cyber criminals who are constantly adjusting and adapting their criminal tactics, not even IT management, software and remote monitoring platforms like SolarWinds. They won awards for their services as recently as last year’s TrustRadius top product awards. 

From the Spring of 2020 onwards, SolarWinds enterprise platform Orion was quietly compromised by attackers, which affected over 18,000 private and government organisations mainly in the US including the Departments of State, the Department of Homeland Security, the Pentagon and the National Institutes of Health, although organisations all over the world were affected. The breach was caused by what is known as a supply chain attack, which means that cyber criminals chose to target a popular IT platform instead of individual companies. This paid off for the cyber criminals as they were able to steal information for most of 2020 silently until the breach was discovered. Cyber criminals were able to access the SolarWinds system through just one line of malicious code in a Spring 2020 update for Orion. They then established their own at-will entrance into the systems, where they could look around the SolarWinds platform undetected, gaining more and more access to sensitive information. 

So big is this data breach that experts say it could go down as one of the largest and most damaging data breaches in history. The fallout from the SolarWinds data breach is still ongoing, and I will provide a further update on it in my Q2 blog update.

Other Data Breaches in the News

Aside from the SolarWinds data breach, there have been many others over the last quarter including:

Data Breaches

Oxford University COVID-19 laboratory hacked by cyber gang 

Npower shuts down mobile app following data breach 

Hacker blackmails pirate IPTV services, threatens to send user data to police

Market Harborough school finds wiped hard drives on devices connected to network

Two-year data breach hits employees’ email at WTTW, WFMT

Personal data of ANWB customers may have been stolen after a cyber attack

The Launch of the UK Cyber Security Association

It has been a long time in the making, but I can finally confirm that the UK Cyber Security Association will launch fully for membership in April 2021.

The UK Cyber Security Association (UKCSA) will be a membership organisation for individuals, small businesses, SME’s and corporate companies who are involved in or who work in the cyber security industry in the UK.  Members receive a wide range of benefits including access to the latest cyber security industry news, discounts on courses, seminars, networking events, conferences, and items such as insurance and penetration testing, access to a directory of members and much more.  

We are already undertaking lots of exciting project work and we will work to a set of objectives to ensure best practice and information assimilation from the cyber security industry in the UK. We will also lobby for cyber security awareness, skills and training, education, and best practice. We will also raise awareness of neurodiversity in cyber security, the cyber skills gap and education as to the importance of cyber security and why businesses should take it seriously. 

Some of the UKCSA’s core objectives are: 

  • To create and grow the United Kingdom Cyber Security Association by developing a national infrastructure in all regions of the United Kingdom. 
  • To form key partnerships and stakeholder contact/agreements with cyber security organisations, government departments, cyber security professionals, and companies across the UK. 
  • The enablement of region-wide networks to support efforts on cyber security and e-business. 
  • To promote skills in cyber security nationwide. 
  • To increase business opportunities in cyber security to all our members, directly or via collaborations. 

We are actively looking for partners, sponsors and for organisations who would like to work with us on a collaborative basis as we launch and grow the association. For more information please contact me via info@cybersecurityassociation.co.uk

The Release of “The Rise of the Cyber Women: Volume 2”

I’m proud to announce that “The Rise of the Cyber Women: Volume 2” was released on International Women’s Day – 8th March 2021. 

“The Rise of the Cyber Women: Volume Two” is a compilation of inspiring stories with women in the cyber security industry from all over the world who are pioneers and leading the way in helping to protect the world from the growing cyber threat. Those who are included and featured in this book shared not only their stories but also their hints, tips and advice to women who are looking to pursue a career in cyber security or change their career path into cyber security. Their tenacity and commitment to their careers in the cyber security industry is very impressive indeed.

I entered the cyber security industry in 2009 having spent the first part of my career working in the entertainment industry and in marketing and PR. I knew that I wanted to stay in the cyber security industry, so I founded the UK Cyber Security Association, and it soon became clear that I was a minority as a woman in the industry which was dominated predominantly by men. In 2019 I was at a talk at Infosec in London given by Professor Sue Black, and it was during this inspiring talk that I had the idea for an annual book that celebrates the achievements of women in cyber security, and “The Rise of the Cyber Women” book series was born.

I wanted to give a voice to women in cyber security globally and showcase their inspiring journeys into the industry in the hope that it helps and inspires other women to consider a career in cyber security, but who may be put off because they think it is very male dominated and because they think they need a technical background to enter it. I was honoured that so many amazing women shared their stories with me for the book and hope it will be a valuable resource to women in cyber security.

The contributors included in the book in order of appearance are: Lianne Potter, Andrea Manning, Pooja Agrawalla, Caroline Ndege, Sai Honig, Yatia Hopkins, Vina Ta, Federica Vitale, Cyle dela Cruz, Alexandria Horne, Shipra Aggarwal, Jothi Dugar, Aarti Gadhia, Jacinda Erkelens, Kim Crawley, Deborah Leary and Michala Liavaag.

“The Rise of the Cyber Women: Volume Two” is available now via the links below:

The Rise of the Cyber Women: Volume Two – Paperback

The Rise of the Cyber Women: Volume Two – Kindle/eBook

Final Thoughts

I hope you all have a very Happy Easter and that restrictions allow you to be able to see your loved ones soon. Please do feel free to contact me for any help or advice on your cyber security posture via info@cybersecurityassociation.co.uk, and I will be delighted to help or to point you in the right direction of other organisations who can help you stay safe online.