Cyber security news roundup: April

Published on: 4 May 2021

We're rounding up some of the biggest cyber security stories of the past few weeks. In April, the UK government called out Russia for a series of cyber attacks, it was revealed that hundreds of millions of Facebook users have had personal data exposed, and new research highlighted the importance of cloud skills for anyone looking to enter the cyber security sector.

NCSC blames Russia for SolarWinds hack

The National Cyber Security Centre (NCSC) has officially identified Russian government-backed hackers as being behind the SolarWinds hack earlier this year that infected a large number of US government departments with malware.

Its conclusion, made along with US intelligence agencies, found it is "highly likely" Russia's Foreign Intelligence Service (SVR) is responsible for the attacks, which highlights the threats posed by nation states in today's environment. It noted the incident is part of a wider pattern of cyber intrusions by the SVR, which has previously attempted to gain access to governments across Europe and NATO members. 

Foreign secretary Dominic Raab also condemned the actions, adding: "We see what Russia is doing to undermine our democracies. The UK and US are calling out Russia’s malicious behaviour, to enable our international partners and businesses at home to better defend and prepare themselves against this kind of action."

Cloud skills 'vital' to cyber security careers

Having skills in cloud computing will be essential for any professionals looking to enter the world of cyber security, according to new research by ISC(2).

The non-profit's latest Cybersecurity Career Pursuers Study revealed a quarter of current cyber security pros (25 per cent) and 19 per cent of jobseekers looking for their first position rated cloud skills as one of the two most important technical skills or concepts to learn.

This placed it ahead of data analysis and coding/programming in second and third position respectively, while the top five was rounded out by encryption and assessment/management.

Facebook faces legal action following latest data breach

Social media giant Facebook could face significant legal action that may see millions of people claim compensation following a data breach that exposed the details of up to 533 million users.

It was revealed in early April that personal data including phone numbers, full names, locations, email addresses, and biographical information had been published in a hacking forum, which could leave those affected exposed to fraud or identity theft.

In response, a privacy group in Ireland - where Facebook has its European headquarters - has urged those affected to join legal action, while the Irish data protection regulator is also investigating. The social media firm has also faced criticism for opting not to notify those affected, leaving consumers to find out for themselves whether their details were compromised.

UK prepares new laws as IoT devices grow in popularity

Efforts to better protect Internet of Things (IoT) devices from attack by cyber criminals have gathered pace after new figures showed how increasingly widespread these items are in our everyday lives.

Statistics from the Department for Digital, Culture, Media and Sport (DCMS) revealed almost half of UK consumers (49 per cent) have bought at least one smart device since the outbreak of the Covid-19 pandemic. Such items are also increasingly being found in businesses. However, many off-the-shelf devices currently fail basic security principles.

Therefore, new laws are being drafted that would ban suppliers from using default passwords on IoT gadgets, make clear to buyers how long security updates will be offered for these products, and improve vulnerability reporting.

Midsize firms 'facing record number of breaches'

Cyber criminals are increasingly focusing their attention on medium-sized businesses, as these firms often possess valuable data, but do not have the skills or experience to adequately defend their networks.

This is according to a report from RSM US and the US Chamber of Commerce, which found 28 per cent of middle market companies experienced a data breach in 2020, up from just 18 per cent the previous year. Meanwhile, one in three firms reported being targeted by a ransomware attack, while over half (51 per cent) said outside parties attempted to manipulate employees by pretending to be trusted third parties or company executives.

Tauseef Ghazi, RSM national leader of security and privacy services, said: "The middle market is still under immense pressure from hackers and that is not likely to change any time soon, but the tide may be slightly turning, as executives make adjustments to staffing, controls and security policies."