Cyber security news roundup: September

Published on: 1 Oct 2021

We're rounding up some of the biggest cyber security stories of the past few weeks. In September, concerns were raised about the risks posed by hybrid working, a major contracting payroll firm reported a cyber attack and plans for a new innovation hub in Scotland were revealed.

Hybrid working 'raises data breach risks'

The majority of businesses in the UK have stated that the trend towards hybrid working is set to increase the pressure on their cyber security teams, new research has revealed.

A study by TransUnion found that more than eight out of ten firms (83 per cent) say this is a concern for them. However, even though 43 per cent of companies expect their workforce to adopt this model in the next year, more than a fifth (22 per cent) would be unprepared for a security incident.

Overall, 23 per cent of business leaders rated hybrid working as their top security threat, due to the fact employees will be regularly switching between secure office environments and more vulnerable home networks, as well as handling sensitive information on public or unsecured private networks.

Dangers of multi-party data breaches highlighted

Cyber security incidents that affect more than one party are on the rise, and could be much more financially damaging than traditional attacks, a new study has found, with these having the potential to cost as much as 26 times more than a single-party breach.

Figures from Cyentia Institute and RiskRecon showed there have been 897 multi-party breaches recorded since 2008. These are defined as having a 'ripple effect' that spreads from the initial breach to multiple other firms. On average, it takes 379 days for a ripple event to impact three-quarters of downstream victims, while the median number of organisations affected by such incidents across the data set was four.

One of the most famous recent cases of this was the SolarWinds hack from earlier this year that saw thousands of organisations, including US government agencies, compromised by an attack within their IT supply chain.

Payroll firm confirms 'sophisticated' cyber attack

An umbrella company managing the payroll for thousands of UK contractors has confirmed it has fallen victim to a "sophisticated" data breach that forced it to shut down its entire network, including phone and email systems and IT infrastructure.

Giant Pay said "suspicious activity" on its platform resulted in a "technical issue" that prevented it from operating its umbrella and accounts portals, which left thousands of its users - many of whom work in IT - unable to access their accounts.

The company said: "Although we had no portals to operate from, we managed to pay over 8,000 workers last week. We appreciate that not everyone would have received their expected payment and for that we are sincerely sorry." The National Crime Agency also confirmed to The Register that it is aware of the incident and working to fully understand its impact. 

Industry groups back plans for Scottish cyber security hub

Proposals to develop Scotland's first Cyber Security Innovation Hub have received the backing of industry leaders, who have said the plans will help boost growth and innovation in the country's fast-expanding cyber security sector.

Large enterprises including Cisco, Accenture, Iomart, NCC Group and Leonardo have already come on board to back the scheme, which will help support cyber start-ups to grow their businesses and connect them to potential new partners, collaborators and investors. 

Saj Huq, director of innovation at Plexal, the firm behind the plan, said: "Cyber innovation is thriving across the UK and Plexal is excited to unlock the entrepreneurial, engineering and academic excellence that already exists in Scotland to accelerate the growth of its cybersecurity innovation ecosystem." 

Skills shortage a barrier to security automation adoption

A lack of skilled personnel has been cited as one of the key barriers to the more widespread adoption of automated tools to help support cyber security defences.

Research by software provider ThreatQuotient found that although 98 per cent of firms are planning to automate more of their security estate in the next 12 months, only eight per cent of firms that have already done so encountered no problems during the process.

A lack of skills was highlighted as a key blocker by 45 per cent of respondents, ahead of technology issues (41 per cent) and budgetary limitations (40 per cent). One in three companies (34 per cent) added the top reason for IT security automation is the need to improve or maintain security standards, followed by efforts to improve efficiency and productivity (31 per cent).