We’re rounding up some of the biggest cyber security stories of the past few weeks. In October, research stressed the workforce gap in the sector, a UK seaside town has been designated as a new cyber security hub, new guidance has been issued in response to a stark increase in threats, and a former chief security executive was convicted of concealing a breach.
(ISC)² highlights a growing need for professionals in cyber security
The International Information System Security Certification Consortium, or (ISC)², underlined a significant shortage of professionals within the cyber security industry in the findings of its 2022 Cybersecurity Workforce Study.
For those looking to start a career in the industry, the news should come as a blessing. 70 per cent of organisations involved in the study claimed to be understaffed and over half felt such staff shortages left them vulnerable to cyber attacks. The job market will become saturated soon, with 72 per cent of businesses expecting their cyber security provision to increase over the next 12 months - a higher predicted growth rate than the previous two years.
The study examines demographic and cultural factors as well as an ever-changing workforce. For organisations, the challenge of retaining top talent is more important than ever before, while professionals in the field are making it extremely clear that aspects such as culture, training and experience are desired.
Seaside town to become a brand new centre of excellence
Scarborough is set to be a cyber security hub for small and medium-sized businesses to defend their firms against increasingly frequent attacks, as a pilot project worth £237,000 has been given the green light.
Scarborough Borough Council has pledged £140,000 towards the plan, while additional funding comes from Anglo American. Other parties involved in the development include the Government Communications Headquarters (GCHQ) and Coventry University Scarborough.
The Local Democracy Reporting Service, produced by the council, highlights the worrying amount of cyber attacks taking place and suggests that further development of UK cyber operations will create “new opportunities, products, services and solutions to new and existing business”.
With an estimated deadline of March 2023, the facility represents a part of Scarborough’s levelling up and redevelopment plans. The centre will also offer awareness initiatives and training to provide a greater understanding of career opportunities within cyber security.
The increasing frequency of cyber attacks prompts NCSC to issue new guidance
Businesses should be doing more than ever to ensure they have the proper cyber security measures, as data breaches and attacks are becoming especially frequent. However, recent studies have shown only one in ten companies conduct a risk assessment of their immediate suppliers.
Following a sharp increase in cyber attacks taking advantage of supply chain vulnerabilities, the National Cyber Security Centre (NCSC) has published fresh guidance for organisations to help them fully understand whether or not their supply chains are protected.
The advice aims to support procurement specialists, risk managers and other cyber security professionals to implement strong principles, addressing the government’s stance from last year that more information was needed for organisations.
Former chief security officer of Uber found guilty of concealing data breach
Businesses might be tempted to negotiate with cyber criminals, but companies are urged to report any data breach to the appropriate authorities. This month, a jury in the US found Joe Sullivan, former chief security officer for Uber, guilty of concealing a felony and obstruction of justice.
Mr Sullivan, a former prosecutor for the San Francisco US attorney’s office, was accused of hiding a data breach from the Federal Trade Commission (FTC) and actively preventing the criminals from being caught.
The hackers approached Mr Sullivan to confirm they’d stolen data, including 57 million users’ records and 600,000 driving licence numbers, which they’d be willing to delete for a ransom. According to the US Department of Justice (DOJ), the former Uber exec arranged for £89,000 ($100,000) in Bitcoin to be transferred to the assailants, with a non-disclosure agreement to be signed in return.
The DOJ noted that Mr Sullivan took these actions despite knowing these criminals were “hacking and extorting other companies as well as Uber”. In 2018, the ride-sharing giant paid approximately £76 million ($148 million) to settle claims it was too slow to publicise the hack.