The latest news from the cybersecurity industry
18 September 2017
Central banks need to wake up to bitcoin and cryptocurrencies, says the BIS
The Bank for International Settlements (BIS), often known as the central banks’ central bank, has warned that financial institutions can’t ignore cryptocurrencies such as Bitcoin.
In its latest quarterly report, the bank has said that the world’s central banks need to realise the risk cryptocurrencies could pose to the stability of the financial system.
This comes the week after China’s central bank began its crackdown on digital currencies, ordering the country’s Bitcoin exchanges to stop trading. The country’s government reportedly sees Bitcoin as a threat to its domestic currency, the Yuan.
This caused the price of Bitcoin to fall from highs of nearly $5,000 to $3,395 on Friday.
Instead of ordering central banks to simply shut down cryptocurrencies a la China, the BIS has said that institutions need to assess how digital currencies will work within their jurisdiction.
It said there could be benefits to using digital currencies, such as to increase efficiency and reduce costs in the settlement of securities. This was something Germany’s Deutsche Bundesbank and Deutsche Borse explored with a dedicated digital payments platform.
29 August 2017
Over a third of UK’s critical infrastructure organisations left open to cyber attacks
39% of the organisations that make up the UK’s national critical infrastructure – including police forces, fire services, healthcare organisations and energy suppliers – have not completed the government’s basic cybersecurity standards, leaving them potentially open to attacks.
The revelation was the result of a series of Freedom of Information (FOI) requests by cybersecurity provider Corero Network Security to 338 critical infrastructure organisations.
Of the 163 that complied with the request, 63 admitted to failing to complete the UK government’s 10 Steps to Cyber Security programme.
Given the potential for damage – and in some cases loss of life – that comes with an cyber attack on a police force, hospital or fire service, this raises serious concerns about how prepared the UK’s critical infrastructure is for an attack.
“Cyber attacks against national infrastructure have the potential to inflict significant, real-life disruption and prevent access to critical services that are vital to the functioning of our economy and society,” said Sean Newman, director of product management, Corero.
“These findings suggest that many such organisations are not as cyber resilient as they should be, in the face of growing and sophisticated cyber threats.”
24 August 2017
HD quantum encryption gets a step closer to everyday use with world’s first urban trial
Researchers have sent a message secured with high-dimension quantum encryption through the air above a city for the first time in history, bringing practical use of the technology a step closer.
Using photons to encode information, quantum encryption is increasingly being explored as an ultra-secure method of sending information. However, previous real-world tests have only been focused around 2D encryption, where a single photon only encodes one bit: a single one or zero. As a single letter needs eight bits, this severely limits the amount of information that can be sent.
High-dimension quantum encryption, however, allows numerous bits to be stored in each photon, allowing greater quantities of data to be sent, and making it a far more practical option for real-world use.
“Our work is the first to send messages in a secure manner using high-dimensional quantum encryption in realistic city conditions, including turbulence,” said research team lead, Ebrahim Karimi, from the University of Ottawa, Canada.
“The secure, free-space communication scheme we demonstrated could potentially link Earth with satellites, securely connect places where it is too expensive to install fiber, or be used for encrypted communication with a moving object, such as an airplane.”
22 August 2017
You might want to think twice before getting your phone screen repaired
If you crack your phone screen and take it to a high-street phone repair shop, there’s a chance that hackers may be able to access your information.
Researchers from Ben-Gurion University of the Negev found cyber criminals are able to connect malicious chips to new screens on a Huawei Nexus 6P smartphone and an LG G Pad tablet, allowing them to steal passcodes, install snooping apps, perform unauthorised downloads, and take photos of the user.
The malicious chips cost as little as £8 ($10).
Most worrying of all is that the screens used by hackers look identical to the real thing, so there’s no way of telling whether it is compromising your data or not.
The researchers added that other devices, including iPhones, are also vulnerable — anyone with temporary access to your handset can install spyware.
Omer Shwartz, the lead researcher in the paper entitled Shattered Trust: When Replacement Smartphone Components Attack, wrote: “The threat should not be taken lightly. Attacks by malicious peripherals are feasible, scalable, and invisible to most detection techniques. A well-motivated adversary may be fully capable of mounting such attacks in a large scale or against specific targets.”
8 August 2017
UK firms with poor security could be fined up to £17m for cyber attacks
Cyber attacks are one of the biggest threats facing governments and companies across the world and new UK legislation wants organisations to pay for bad security.
The Network and Information Systems (NIS) Directive will be implemented from May 2018 and a new government consultation has been launched to discuss how best to enforce the legislations.
One policy that has been suggested by the Department for Digital, Culture, Media and Sport, is that firms that fail to employ effective cyber security measures could be fined as much as £17m or 4% of global turnover if hit by an attack.
The organisations that would be hit with such fines are those that make up Britain’s essential networks and infrastructure, so those that if hit by a cyber attack would lead to a “loss of service” rather than a loss of data.
This includes UK operators in electricity, transport, water, energy, health and digital sectors.
7 August 2017
Smart cars need to be protected from hackers, says UK government
The majority of cars in the UK are smart cars now, with features such as GPS tracking and wifi, and it is hoped the next generation of vehicles will be autonomous and have the ability to chauffeur their passengers from place to place unassisted.
However, there are concerns that these smart vehicles are actually rather dumb; in that it will be easier for hackers to access these vehicles in order to steal personal data, the cars themselves, or even take control of the tech for “malicious reasons”.
As a result, the UK government has released new guidance to ensure that smart cars, and the future self-driving counterparts, are protected from hacking.
The guidance instructs car manufacturers to “toughen up” cyber protections and design out security threats as part of the vehicle development stages.
Alongside the guidance, the government has released a quick guide to vehicle cyber security, listing eight principles that companies need to abide by.
These include the idea that organisational security is owned, governed and promoted at board level, and that car manufacturers must provide product aftercare and incident response to ensure its vehicles are secure over their lifetime.
7 August 2017
Changes to UK data laws increases protection of citizens’ information
Britons could gain greater control over what happens to their personal information under a new data protection bill outlined by the government.
Citizens will be able to request the “right to be forgotten” — the removal of their online personal data, or information they posted when they were children.
More than 80% of people feel that they do not have complete control over their data online, according to the Department for Digital, Culture, Media and Sport.
The proposals are part of an overhaul of UK data protection laws drafted by Matt Hancock, the Conservative MP for West Suffolk and the UK’s digital minister.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world,” Hancock said in a statement.
“It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit,” he added.