25 Jan 17. GCHQ Wants Teenage Girls To Join The Cybersecurity Fight. GCHQ is launching a competition with the aim of encouraging more girls to think about a career in cyber security. Girls aged 13 to 15 will compete in tests that will also cover logic and coding, networking and cryptography.
Women currently only make up 10% of the global cyber workforce, the agency says.
The competition is part of a five-year National Cyber Security Strategy announced in November 2016, and will be overseen by the new National Cyber Security Centre (NCSC).
Working in teams of four, the girls will complete online tasks remotely on their school computers, with each stage being harder than the previous one. The 10 groups with the highest scores will then be invited to the CyberFirst competition final in London to investigate a complex cyber threat.
CyberFirst’s winning team will be awarded £1,000 worth of computer equipment for their school, as well as individual prizes.
The NCSC was set up to be the main body for cyber security at a national level. It manages national cyber security incidents, carries out real-time threat analysis and provides advice.
An NCSC spokeswoman said: “Women can, and do, make a huge difference in cyber security, this competition could inspire many more to take their first steps into this dynamic and rewarding career.”
Government Communications Headquarters director Robert Hannigan said: “I work alongside some truly brilliant women who help protect the UK from all manner of online threats.
“The CyberFirst Girls competition allows teams of young women a glimpse of this exciting world and provides a great opportunity to use new skills.” (Source: Cyber Security Intelligence/BBC)
23 Jan 17. Are You Ready For State-Sponsored Cyber Attack? Geopolitical tensions ensure that 2017 will be another big year for state-sponsored cyber attacks. The lethality of state-sponsored attacks derives from their ability to bypass security point products by combining device, network and data center vulnerabilities into an integrated assault. Another aspect of state-sponsored cyber-attacks is their willingness to patiently creep from organisation to organisation to get to their target.
Irrespective of the lethality of state-sponsored cyber-attacks, it is a mistake to think that there is no way to stop them. If your organisation has something of value to a foreign government here are five cyber-attack counter-measures you should be implementing.
Verify User Identity
Phishing to steal credentials is the #1 technique used by foreign governments to gain access to sensitive data. Why? It works. The bigger an organisation, the greater the number of supply chain partners, the easier it becomes for cyber attackers to steal credentials.
The foundational security control to stop credential theft is 2 factor authentication. To make it less painful, you can extend the session timeout to a full workday.
To protect more sensitive business critical apps, consider a certificate-based VPN that binds the user identity to their device. While it is possible to steal a certificate, as soon as you have 2 connections from the same cert you instantly know there’s a breach.
Check Device and Server Software
Right after identity theft, malware is the next favorite cyber-attack technique. Installing malware on user devices and Internet accessible servers has become commonplace today. There’s now a robust international marketplace for zero-day attacks and server exploits.
Malware detection software has greatly improved in recent years so there’s no reason not to implement it. Code signing has been around for a while but IT organisations don’t like setting up PKI services to generate and verify digital certificates. However, this is a critical control for any large organisation.
Match Authorisation to Role
The OPM cyber attackers utilised non-active contractor account to gain access to the data center. Unfortunately, mos