Cyber security news roundup: May 2022

Published on: 1 Jun 2022

We're rounding up some of the biggest cyber security stories of the past few weeks. In May, new warnings were issued about the risk of supply chain attacks, a major survey highlighted the threats posed by ransomware, and a leading training provider pledged to offer free training to prospective UK cyber security professionals.

Ransomware tops list of biggest cyber security threats

Ransomware attacks have continued to be a leading cyber security threat over the past year, while human error remains a major root cause of data breaches, a new report has found.

Verizon's annual Data Breach Investigations Report for 2022 revealed ransomware incidents rose by 13 per cent over the last 12 months - a bigger increase than the previous five years combined. It also noted that human elements such as social engineering and misuse of privileged access were a factor in more than four out of five breaches (82 per cent).

Other key trends highlighted by the research that cyber security professionals need to be aware of include the growing influence of organised crime and heightened geopolitical tensions. Meanwhile, 62 per cent of system intrusions came via partner organisations, illustrating the importance of securing supply chains. 

NCSC issues new guidance on supply chain security

The risks posed by insecure supply chains were also highlighted this month by the National Cyber Security Centre (NCSC), which issued a new joint advisory about the issue, along with its partner agencies in the US, Canada, Australia and New Zealand.

This warned of a rise in attacks targeting managed service providers, a trend which is expected to continue for the foreseeable future. The bodies highlighted a range of high-profile attacks that have used this method to infiltrate businesses, including the 2020 SolarWinds hack.

It also set out several steps these firms should take to mitigate their risks. These include adopting multi-factor authentication across all customer services and products, ensuring operating systems, applications, and firmware are regularly updated, and storing their most important logs for at least six months to aid in detection of any incidents.

Training provider unveils plans to boost UK cyber security workforce

Cyber security training provider (ISC)2 has announced plans to offer free entry-level education and certification for up to 100,000 people in the UK who are interested in pursuing a career in this field. Open to any UK resident who does not already hold an (ISC)2 qualification, the scheme will introduce a new online, self-paced entry-level certification. 

Applicants to the initiative will receive a voucher to cover the full cost of the course's final exam, which will test students on five key subject areas: security principles; business continuity, disaster recovery and incident response; access control concepts; network security; and security operations. 

Clar Rosso, chief executive of (ISC)2, said: "Individuals looking for their first cybersecurity job often do not know where to start, what to expect, or how to convince employers to give them a chance. We are committed to giving 100,000 cybersecurity career pursuers the opportunity to achieve this certification for free ... to be a trusted endorsement of an individual and their foundational knowledge."
Business executives 'lacking confidence' in cyber preparedness efforts

A new survey has revealed that business leaders generally have little faith that their cyber readiness plans will protect them from the new generation of security threats, while many firms still have difficulty identifying the full range of risks they face.

The research, conducted by insurance broker Marsh and Microsoft, found just 19.7 per cent of respondents stated they were highly confident in their core cyber risk management capabilities, such as how they understand and assess threats and their indecent response plans. This was barely unchanged compared with three years ago, when the figure stood at 19 per cent.

Sarah Stephens, head of cyber, international at Marsh, commented: "Given the continued rise of ransomware and the current tumultuous threat landscape, it is not surprising that many organisations do not feel any more confident in their ability to respond to cyber risks now than they were in 2019."

The survey also found just 43 per cent of respondents have conducted a risk assessment of their vendors or supply chains, while only 41 per cent engage their legal, corporate planning, finance, operations or supply chain management functions when making cyber risk plans.