Skip to main content

Cyber security jobs news roundup: November 2024

Published on: 29 Nov 2024
Category:

Keep up-to-date with some of the biggest stories in the world of cyber security in our monthly roundup.

We’re rounding up some of the biggest cyber security stories of the past few weeks. In November, the NCSC revealed the top 15 vulnerabilities of last year, GCHQ announced its annual Christmas challenge, the Center for Cyber Safety and Education awarded 101 cyber security scholarships and an updated Cyber Security Toolkit for Boards was released.

NCSC reveals top 15 vulnerabilities last year

The National Cyber Security Centre (NCSC) – a part of GCHQ – alongside partners in Australia, Canada, New Zealand and the United States, has released a list of the top 15 vulnerabilities utilised by cyber attackers in 2023. The majority of these cases were first exploited as zero-days, allowing malicious actors to compromise higher-priority targets.

It’s a trend that the NCSC has continued to observe into 2024, demonstrating a shift from 2022 when less than half of the top vulnerabilities were initially exploited as zero-days. In response to this, an advisory has been issued recommending enterprise network defenders maintain vigilance with their vulnerability management processes.

Ollie Whitehouse, NCSC chief technology officer, said: “We urge network defenders to be vigilant with vulnerability management, have situational awareness in operations and call on product developers to make security a core component of product design and life-cycle to help stamp out this insidious game of whack-a-mole at source”. 

GCHQ announces Christmas Challenge 2024

GCHQ has announced that its annual Christmas Challenge will go live to the general public on Wednesday December 11th, but schools can register for early access. Aimed at children between the ages of 11 and 18, with the purpose of encouraging them to think laterally and work as a team, the puzzles help to refine the skills they might need to become a spy. 

Puzzle enthusiastics are also invited to take on the series of fiendish challenges set by the brilliant minds of the GCHQ puzzlers. By working together, each individual can bring something different to the challenge and help find the solution.

A spokesperson for GCHQ said: “We love creating puzzles and breaking codes. That’s why every year we create the GCHQ Christmas Challenge, a series of fiendish brainteasers and puzzles, designed by our very own team of codebreakers.”

Center for Cyber Safety and Education awards 101 cyber security scholarships

The Center for Cyber Safety and Education, the charitable arm of ISC2, has announced 101 scholarships for its 2024 scheme. The record-breaking number of recipients is made up of cyber security students and professionals who’ve been chosen for their academic excellence, financial need and passion for the industry.

At its heart, the programme is designed to improve access to the cyber security profession by removing financial barriers to education and foster greater diversity within the industry. Since it was established in 2011, the body has awarded more than 900 scholarships to individuals.

Holly Schneider Brown, senior director at the organisation, said: "It is encouraging to see that corporations and people from all over the world believe in the mission of the Center for Cyber Safety and Education and support these students and emerging professionals as they begin and advance in their cyber security career path. These scholarships help provide financial assistance to people from all backgrounds as we aim to diversify the future talent pipeline.”

Updated Cyber Security Toolkit for Boards briefing pack released

The latest version of the NCSC’s cyber security briefing packs, which are part of the organisation’s Cyber Security Toolkit for Boards, has been released. Aimed at introducing cyber security to non experts, they demonstrate how board members are crucial in tackling these challenges.

Users will find the updated resource includes a case study featuring Sir Roly Keating, CEO of the British Library, who shares his perspective on the high-profile ransomware attack that targeted his organisation. Some of the British Library’s critical systems were still vulnerable to attack despite a range of cyber security measures being implemented.

Sir Roly said of the attack: "It felt like it was an act of vandalism as well as theft.” The case study highlights the importance of being proactive in the face of vulnerabilities, the implementation of multi-factor authentication and the need to manage third parties across the wider supply chain.