Your monthly cyber security roundup. Featuring this month: The UK's preparedness to face cyber attack, the ICO's report on data analytics is political campaigns, the National Cyber Security Centre's updated Cyber Assessment Framework, and Gartners report on enterprise risk management.
UK ‘wholly’ unprepared to stop devastating cyber-attack, MPs warn
Source: The Guardian
According to this article from The Guardian, Ministers are failing to act with “a meaningful sense of purpose or urgency” in the face of a growing cyber threat to the UK’s critical national infrastructure.
The joint committee on national security strategy is reported to have said at a time when states such as Russia were expanding their capability to mount disruptive cyber-attacks, the UK’s level of ministerial oversight was “wholly inadequate”.
Find out more…
ICO Report on Data Analytics in Political Campaigns Published and Action Taken
Source: The ICO
In May 2017 the ICO launched an investigation to deal with their concerns about invisible processing – the ‘behind the scenes’ algorithms, analysis, data matching and profiling that involves people’s personal information. They were particularly concerned about the use of the technology in relation to the democratic process.
The results have been damning, throughout their enquiries they found a disturbing disregard for voters’ personal privacy by players across the political campaigning eco-system — from data companies and data brokers to social media platforms, campaign groups and political
They’ve instigated criminal proceedings against SCL Elections Ltd and referred issues to other regulators and law enforcement agencies. And where they have found no evidence of illegalities, they have shared those findings openly too.
Elizabeth Denham, UK Information Commissioner has called for views for a code of practice covering the use of data in campaigns and elections. It will simplify the rules and give certainty and assurance about using personal data as a legitimate tool in campaigns and elections.
Find out more…
National Cyber Security Centre Publish Updated Cyber Assessment Framework
Source: National Cyber Security Centre
The NCSC is publishing an updated version of the Cyber Assessment Framework (CAF) and Kevin, the NCSC lead for CNI Cyber Regulation has taken a ‘behind the scenes’ look at how the new version has come about.
The purpose of the NIS Directive is to improve cyber security in organisations that deliver essential services to the public, reducing the risk of a cyber-attack causing disruption to energy supplies, transport etc.
Over the summer they worked closely with a number of different organisations in the transport, energy and water sectors to test the initial version of the CAF and investigate how well it met the requirements of NIS.
Find out more…
Enterprise Risk Management Increasingly Important as Breaches Increase
Data breaches are happening more often, and with bigger than ever financial impact. The major factors leading to attacks include:
- insecure employee behaviours
- an increase in the sophistication of threats
- wider third-party vulnerabilities
- an increase in the number of attack surfaces
Senior leaders and boards are under pressure to understand and manage cybersecurity risk. Four out of five enterprise risk management leaders expect to play a more active role in helping protect their organization from a cyberattack.
Download the report…