Cyber Crime: Attack and Defence

I know what you’re thinking – it’s another fear-mongering cyber-crime blog. Well, sort of – I think there’s a lot out there to be concerned about, but if you and your organisation take all the proper steps then you’ve no reason to be afraid.

The most recent statistics suggest that more than five million cyber crimes are being committed every year, with nearly 1 in 10 Britons being victims of cyber crime, which now makes up more than half of all crime committed in the UK. 80% of all incidents of fraud last year involved the use of the internet, and the last year has also seen another spate of large-scale co-ordinated cyber attacks on big businesses and major public organisations. Those headline grabbing hacks are inspiring a lot of people to get more serious about their cyber defences.

Recently we’ve seen a number of regional police forces in the UK launching programmes to try to raise awareness of cyber crime and educate people on how to avoid it. Statistics suggest the most targeted group is people in their thirties who use a lot of technology on a daily basis but aren’t necessarily as cyber savvy as younger people who’ve grown up with near constant use of the internet.

For individuals, protecting themselves from cyber crime is largely a question of knowing what to avoid and look out for and how to manage their own use. But what about for companies? In the last year, there’s been a big increase in demand for cyber insurance, with some insurers reporting a 50% rise in clients taking out cyber policies since 2016. The global cyber insurance market is currently worth around £3 billion in premiums annually but this is projected to exceed £15 billion by 2025. But what about stopping the attack happening in the first place?

So many developments in technology that make our daily work easier unfortunately also add an extra point of exposure where a hacker could potentially gain access to a company’s internal network and all kinds of highly sensitive customer and client data. With traditional reactive defence systems struggling to keep up with the development of new and ever more advanced hacking tactics, I think it’s going to be crucial over the next few years for organisations to invest in security systems that use machine learning and anomaly detection approaches. Where traditional security systems can only tackle a virus after it’s already attacked and been logged and understood, these new approaches are much better equipped to deal with emerging threats as and when they strike.

Right now, these systems are more complex than the anti-virus software many businesses have relied on in the past and it’s becoming more important for organisations of all sizes to have dedicated cyber security staff as well as general IT support staff. For a confidential discussion about your organisation’s recruitment needs, or if you’re a cyber security professional seeking career advancement, contact me on 0121 643 2100 or

Cyber Security: Is This 2017’s Most Important Priority?

What’s next in Cyber Security? Traditional security for most businesses hasn’t changed much since CCTV and video intercoms and the principles of protecting physical property are well understood. But in the world of cyber security, both the potential threats and the best way to tackle them are changing constantly, and it’s vitally important for businesses of all sizes to stay up to date.

One of the big problems that the industry has been facing since day one, is an overreliance on purely reactive legacy tools. It’s good to have antivirus software and firewalls in place, but systems like these have to experience an attack from a virus before they can recognise it and protect against it. Last year the AV-TEST Institute identified roughly 500,000 new malicious programs every single day -and they could only do so once those programs had already attacked a computer.

So how do you stay ahead? Leading IT research and advisory firm Gartner estimate that worldwide spending on information security will hit $90 billion in 2017, and exceed $113 billion by 2020. And what do they expect the single biggest priority to be for that spending to be? Endpoint Detection and Response.

Endpoint Detection and Response is a term used in cyber security to describe a set of tools and capabilities built for truly modern networks with many devices and systems connected and interconnected, monitoring activity across every part of the network, feeding back to a central database for investigation, analysis, alerting and reporting. EDR systems use analytics tools that continually identify potential ways to improve overall security, deflecting common threats and enabling early identification and rapid response to larger scale, ongoing attacks. EDR describes a variety of different tools and while they don’t all work in the exact same way, they share this guiding idea of continuous analysis across all of the network’s endpoints together.

Implementing EDR is perhaps the next big challenge for the information security industry. Unlike some legacy systems, it requires a lot of technical know-how and proficiency to run an EDR system – and both the type and amount of work needed falls outside the scope of many in-house IT departments. An estimate by the non-profit IT certification organisation ISC 2 suggests that by 2020 the global information security sector could have a staff shortage of 1.5 million, and I think experienced, knowledgeable Endpoint Detection & Response specialists are going to be a key group who companies will be fighting over.

Kind Consultancy specialises in providing interim information security specialists to organisations across Europe, whether you’re looking to transform your organisation’s entire infosec strategy or rectify an already-identified vulnerability – If you’re seeking top-tier cyber security professionals to join your team on a contract or permanent basis, get in touch on or 01216432100.

Jamie Dunning.

See all our pieces on Cyber Security here

Get in touch