Tech News : Wales Has Put A SOC In It

The UK’s first national security operations centre (SOC) known as CymruSOC, has launched in Wales to protect the country’s local authorities and fire and rescue services from cyber-attacks.

SOC 

The Welsh government has announced that the new SOC service will be managed by Cardiff-based firm Socura, with the intention of ensuring key organisations can continue offering critical services without disruption due to cyber-attacks. Also, the SOC service is intended to safeguard the data of the majority of the Welsh population, as well as 60,000 employees across the public sector.

The Issue 

The Wales First Minister, Vaughan Gething, recently outlined the reasons behind the introduction of CymruSOC, saying that the pandemic showed how important the digital side of peoples’ lives has become. Also, the fact that it is now “central” to the way people in Wales learn, work, access public services, and conduct business i.e., there’s now a reliance on digital), has also led to a “stark increase in the risk of cyber-attacks which are becoming ever more common and sophisticated.”  

24/7 Monitoring 

The Socura SOC team will monitor for potential threats such as phishing and ransomware from its 24/7 remote SOC. Also, the Welsh government says that in conjunction with the National Cyber Security Centre, CymruSOC will share threat intelligence information to ensure they are aware of emerging risks.

‘Defend As One’ Approach 

First Minister Vaughan Gething has also highlighted how CymruSOC (this new national security operations centre), a first-of-its-kind solution with social partnership at its heart, will “take a ‘defend as one’ approach”. Mr Gething views CymruSOC as being “a vital part” of the Cyber Action Plan for Wales, which was launched only one year ago, and which Mr Gething describes as “making good progress to protect public services and strengthen cyber resilience and preparedness.” 

Incidents 

Recent incidents which may have helped speed along the setting up of SOC include a reported hack on the Welsh government’s iShare Connect portal earlier this year, and Harlech Community Council (North Wales) being scammed last November by online fraudsters to the tune of £9,000 (the equivalent of 10 per cent of its annual budget.

A Boost In Defences 

Andy Kays, the CEO of Cardiff-based firm Socura, which is managing CymruSOC, has noted that by sharing a SOC and threat intel across all Welsh local authorities, “even the smallest Welsh town will now have the expertise and defences of a large modern enterprise organisation.”

Also, Mr Kays highlighted the importance of boosting the cyber-defences of and protecting the data held by local councils by making the point that a local council is where people “register a birth, apply for schools, housing, and marriage licences” and it is this that makes them “a prized target for financially motivated cybercriminal groups as well as nation state actors seeking to cause disruption to critical infrastructure.” 

What Does This Mean For Your Business? 

Considering the importance of public sector services such as fire and rescue, plus the fact that the wealth of data and sometimes outdated and underfunded systems of councils and other public sector institutions often make them a softer target for cyber criminals, this is a timely development for Wales. Also, for businesses operating within Wales, this development offers substantial benefits that extend well beyond the immediate protection of public services.

Firstly, the centralised security operations centre, managed by (private) Cardiff-based firm Socura, should help ensure that even the smallest of local councils can enjoy the cyber-defences typically reserved for large enterprises. This is not just a boost for the public sector but also fortifies the security landscape in which Welsh businesses operate. By boosting the cyber-defences of local authorities, businesses that interact with or rely on them for services can expect a more secure and reliable digital environment. This integration of robust cybersecurity measures means that businesses can operate with a greater assurance of continuity, (hopefully) free from the disruptions of potential cyber-attacks on critical public infrastructure.

The ‘defend as one’ approach advocated by CymruSOC emphasises collaborative security, which may be a crucial advantage for businesses. For example, the shared threat intelligence and resources may ensure that emerging cyber threats are identified and mitigated swiftly, not just within the public sector but potentially within the private sector as well.

Also, the focus on safeguarding data across public sector entities could indirectly benefit businesses. With public services handling sensitive information more securely, businesses interacting with these services or handling similar data can align their practices with these enhanced standards, thus improving their overall data protection strategies. This alignment not only helps in compliance with regulatory requirements but also builds trust with customers and partners who are increasingly concerned about data security.

The establishment of CymruSOC, therefore, appears to be a forward-thinking initiative that promises not just to fortify the digital framework of Wales’s public sector, but also for businesses and other entities that interact with them, all of which could help foster growth and innovation in Wales in an increasingly digital business landscape.

Security Stop Press : 2023’s Most Notable Cyber Attacks

Cyber Security News has compiled a top 10 most notable cyber-attacks of 2023 list, serving as a reminder to businesses that advancements in technology, increased connectivity, and the more sophisticated tactics used by threat actors mean that cyber-attacks are evolving at a rapid pace.

Top of its list is the MOVEit Mass Attack launched by a Russian hacking group which used the MOVEit file transfer software to extort an estimated $75-100 million from 2,667 organisations. The others in the list include Cisco IOS XE attacks, the US government hacked via Microsoft 365, the Citrix Bleed attack, Okta’s customer support data breach, the Western Digital cyber-attack, and the MGM Resorts breach. The list also includes the Royal Ransomware attack over the city of Dallas, the GoAnywhere attacks, and the 3CX software supply chain attack.

Businesses should, therefore, make sure that they are well protected for 2024 from a wide range of common cyber-attack methods, including malware, phishing, distributed denial of Service (DDoS), man-in-the-Middle (MitM), and many more.

Security Stop Press : Unsecured Printers A Cause Of Cyber Attacks For SMBs

Research from Sharp shows that unsecured printers have been the cause of cyber-attacks for one-fifth of European SMBs, and for one half of public sector organisations.

Despite the office printer being an under the radar weak spot for cyber-attacks like phishing, malware, and computer viruses, fewer than a quarter of UK SMBs report educating their employees about either scanner or printer security.
Sharp reports that the most common printer vulnerabilities which lead to the attacks are the use of default passwords, unsecured network connections, and outdated firmware.

The advice to SMBs is to keep software for scanners and printers updated, regularly back up data, and to encourage a consistent security policy across teams working from multiple locations.

Tech News : Cyber Attacks Burn Out Security Experts

A new survey from CyberArk has revealed that increased workloads caused by a surge in cyber threats and attacks has led to 59 per cent of UK senior cyber security professionals facing burnout.

Cyber Crime Levels High 

The results of the survey highlight the growing workload pressure on cyber security professionals because in just the past 12 months alone, a staggering 80 per cent of UK organisations have experienced a ransomware attack, a 10 per cent increase on last year. Also, almost half of those affected (47 per cent) have opted to pay the ransom (at least twice) to enable recovery.

Workload And Other Challenges 

In order to protect businesses from growing threat levels, cyber security teams have, therefore, been required to work long hours whilst facing the challenges caused by the limited budgets and resources that are the result of economic pressures, as well as the challenges of a skills gap and global shortage of cybersecurity professionals. For example, a recent ISC2 report shows that there was a 3.4 million global shortage of cyber security professionals last year, compared with a total cyber workforce of 4.7 million.

Other Supporting Research 

Other research that supports the plight of under-pressure cyber security workers includes a Chartered Institute of Information Security (CIISec) survey that found almost a quarter of security practitioners work more than 48 hours per week, and Gartner research (2023) highlighting how high levels of stress could see nearly half of security leaders switching careers by 2025.

Taking A Break Or Leaving The Profession 

Consequently, even though cyber security professionals need to be performing at their absolute best, instead they are experiencing burnout (according to the CyberArk survey), and are choosing to either take a break from work to concentrate on their wellbeing or leaving the professions, thereby adding to the lack of security professionals in businesses, increasing the vulnerability of those businesses to cyber-attacks.

More Than Two-Thirds Of Senior Decision Makers Affected

CyberArk’s survey shows, for example, that 66 per cent of C-level executives (senior cyber defence decision makers in businesses) feel that they are experiencing burnout, which raises concerns about their ability to deal with the increasing and evolving threats effectively.

For example, as David Higgins, senior director, of the field technology office at CyberArk puts it: “Burnout is alarming in that context, because it impairs the ability to defend their organisation. One wrong decision or missed signal can open the door to reputational and monetary damage for an organisation.” 

What Does This Mean For Your Business? 

The findings from CyberArk paint a stark picture for UK businesses, showing the front-line against cybercrime is wearing thin. The apparent burnout epidemic among cybersecurity professionals is not only a health crisis but a strategic business vulnerability. When these specialists are overworked and stressed, their capacity to guard against cyber threats is compromised, and as a result, the risk to business operations, sensitive data, and company finances escalates.

UK companies should, therefore, take immediate steps to prioritise the well-being of their security teams. This means cultivating an environment where work-life balance is possible and supported by management. It also includes re-evaluating workloads to ensure they are sustainable and providing access to mental health resources. These measures may help in maintaining a vigilant and capable cybersecurity workforce.

Equally critical is addressing the shortage of cybersecurity professionals through targeted talent development and diversified recruitment strategies. Training programs and professional development opportunities can be powerful incentives for both recruitment and retention, and recruits that can grow with the company.

C-level executives (cyber security decision-makers) experiencing burnout themselves need to set the right tone for the organisation’s work culture, for example by openly acknowledging the issue and advocating for sufficient resources. This could (in some measure) help bring the change that reinforces the company’s defence against cyber threats.

Preventing cybersecurity burnout, therefore, is more than a human resources issue and is an essential investment in a business’s operational security. As cyber threats increase, it is clear that protecting the protectors through a compassionate and comprehensive approach to workforce management is not just beneficial but necessary for sustaining business integrity in the digital age.

Security Stop Press : Mass WS_FTP Exploitation Warning

Researchers at Rapid7 have reported a “possible mass exploitation” of vulnerabilities in Progress Software’s WS_FTP Server (a program that enables the upload and download files to and from a server).

Rapid7 reported that from September 30, it has observed “multiple instances of WS_FTP exploitation in the wild”.

With secure file transfer technologies continuing to be popular targets for attackers, the advice is to update/upgrade to a patched version of WS_FTP Server such as 8.8.2.

Also, those using the Ad Hoc Transfer module in WS_FTP Server who can’t update to a fixed version are advised to consider disabling or removing the module.

Security Stop Press : FraudGPT

Researchers from Netenrich have reported finding “FraudGPT” being sold on the dark web. It’s been described as a subscription-based generative AI tool for creating malicious cyberattacks. It’s been reported that the tool can do anything from writing malicious code and malware to creating phishing campaigns, thereby making putting advanced attack methods available to even inexperienced attackers, potentially democratising weaponised generative AI at scale.

This highlights the importance, not just of businesses prioritising their cyber defences, but also the need for AI-based defences at the start of what some have described as an ‘AI arms race.’

Security Stop Press : Cyber Attack On Ambulance Patient Records System

A cyber-attack aimed at Sweden-based health software company Ortivus has left several of its UK NHS ambulance service trust users struggling to record patient data.

The affected trusts, including South Western Ambulance Service Trust and South Central Ambulance Service Trust serve 12 million people.

With electronic patient records unavailable, staff have reportedly been told that efforts to patch servers are ongoing. Ortivius has said in a statement that “No patients have been directly affected”.