Cyber security news roundup: February
We're rounding up some of the biggest cyber security stories of the past few weeks. In February, we've learned more about some of the increases in cyber attacks seen over the last year and their impact on the UK's cyber security sector, while new data breaches have highlighted the risks faced by firms that continue to use old technology.
UK cyber security sector enjoys record year
A new government report has revealed 2020 was a record year for investment in cyber security in the UK, with the number of active firms in the sector increasing by 21 per cent on the previous year and more than £4 billion being contributed to the economy by the industry.
Overall, it revealed there are now nearly 50,000 cyber security professionals working in the sector, with the majority of these (65 per cent) employed by firms with more than 250 employees.
Digital minister Matt Warman said: "The need for cutting-edge cyber security has never been greater and this resilient sector is growing, diversifying and solidifying its status as a jewel in the UK's tech crown."
Rise in home working boosts fears for cyber security
Cyber security professionals are set to be in particularly high demand as the continuing impact of the Covid-19 pandemic has forced more business activities on to online channels, with the threats posed by home working a particularly large concern for many firms.
The BBC reported one in three workers are now exclusively based from home, which is presenting new opportunities for hackers to exploit. For instance, many individuals may be using personal devices for work that have not been protected by IT departments, while one in five home workers have received no training on cyber security.
As a result, there will be greater pressure on cyber security professionals to defend their companies from a wide range of threats, with email-based attacks especially prevalent. Improving training and ensuring users can connect securely to company resources are therefore a must.
Cyber security firms record big rise in attacks in 2020
New research from security firm Trend Micro has revealed a large rise in cyber attacks in 2020, with the company recording 62.6 million threats in the last year - a 20 per cent rise on the previous year.
Among the key trends, the study found attackers are increasingly targeting VPN software, taking advantage of vulnerabilities in tools such as Fortinet's VPN and the Pulse Connect Secure VPN.
Elsewhere, Trend Micro identified 127 new ransomware variants in 2020, a 34 per cent increase over 2019. Governments were the sector hardest hit by ransomware attacks, with 31,906 cases, while banking was second, with 22,082 cases.
Kroger data breach highlights risks of using legacy technologies
Among the companies to report data breaches in February was US retailer Kroger, which revealed it had been compromised as a result of an attack on a legacy file transfer software in use within the business.
While the firm said no financial details or customer passwords were exposed in the attack, the incident highlighted the risks firms face if they continue to use outdated technology that has passed its end-of-life.
In this case, the attackers gained access via third-party software from Accellion. This is a 20-year-old application that relies on CentOS to function - a product that has been out of support since November 2020. Other victims of the same attack included the Reserve Bank of New Zealand and the University of Colorado.
CMA reports over 150 data breaches in last two years
The UK's Competition and Markets Authority (CMA) has also been giving information on its cyber security performance in February, with the regulator revealing it experienced 150 personal data breaches over the last two years.
A Freedom of Information request revealed these included 81 incidents of unauthorised disclosure of data and 40 lost or stolen devices - two of which were unencrypted. Other breaches were the result of malware, hacking and phishing attacks.
The CMA is likely to be especially sensitive to data breaches due to the large amount of personal and financial information it deals with. The regulator oversees activities such as mergers and acquisitions and, as such, handles internal business reports, emails and other confidential data, making it a tempting target for hackers.