Keeping your organisation secure

The Cyber Centre of Excellence (CCOE) is an initiative aimed at all local authorities and UK public bodies to help them stay abreast of cyber threats and give them access to easy-to-procure military-grade protection at high street prices through collective purchasing power. It will be able to assist with the full remit of what an organisation needs to do and know to stay as cyber secure as possible.

We know that navigating an ever-changing cyber security landscape is difficult for local authority leaders with many competing priorities and limited budgets. That is why the cyber security industry is coming together to create the CCOE – an initiative underpinned by an Advisory Forum of world class experts to help you navigate cyber security for your organisation.

The CCOE is a place for organisations to collaborate and share knowledge of threats. It will also act as a one-stop-shop to help those involved in cyber protection understand what their unique risks are and how to best tackle them.

Kurtis Toy CISSP, Managing Director of Onca Technologies, is a Virtual Chief Information Security Officer (vCISO) who has been appointed as the Convenor of the CCOE. He has been working alongside iESE to develop the Cyber Centre of Excellence (CCOE) and ensure the Advisory Forum represents the range of skills needed for a cyber and data secure organisation. Here, he outlines some of the current threats facing local authorities and terms commonly used in the cyber security landscape:

Phishing

‘Phishing’ describes an unwanted email that might contain dangerous content or have a hidden agenda. This could be in the form of a hyperlink or URL that redirects to a malicious site or downloads an attachment with hidden malicious content.

Multi Factor Authentication (MFA)

When logging in, we use at least one factor to identify ourselves, such as a password or PIN, through a smartphone or a secure USB key, or via a fingerprint or facial recognition. Multi-factor Authentication uses at least two of these methods to log in, helping prevent password compromise.

Zero Trust

‘Zero Trust’ is a term a used for both security models and network architectures. In both cases, the main concept is “never trust, always verify”. This means all devices, access or identities should not be trusted by default, even if they were previously trusted or are connecting through a known network or location. Zero Trust is often implemented to promote strong verification processes that are continually reexamined and re-established and provide minimum access privileges.

Zero Day

Although this sounds the same as Zero Trust, it is not directly related to Zero Trust security or architecture models. A ‘Zero Day’ vulnerability is a security flaw that has been discovered but there is no security patch for it yet. Once discovered, Zero Day flaws are often exploited very quickly so it becomes a race against time for the software provider to develop and distribute a security patch.

Layered Approach

A ‘Layered Approach’ is a term often used within information security. Whilst it sounds like this means one tier of security being layered on top of another, it really means multiple solutions should be put into effect to defend against the same or similar issues. The idea is to build a suite of defences to act as contingency plans for one another and should include security tactics for people, processes, and technology. The best approach is to have a failover for every avenue possible and review your security controls on an ongoing and regular basis.

Ransomware

Ransomware is a type of malware, malicious software, that blocks access to the victim’s data and threatens to keep it unavailable or even delete it unless the victim pays a ransom to the attacker. This is a very common type of attack so it’s highly important to take every possible precaution against them. Defences against ransomware include: adequate training for all staff, including scenario training; technological defences such as antimalware,email protections and even AI; ensuring backups are maintained and immutable (see below); updating software regularly to ensure patches for Zero Day vulnerabilities are in place and implementing robust access control policies.

Breach

A cyber security breach is an incident resulting in the unauthorised access of computer data, applications, networks, or devices which results in information being accessed without authorisation. A breach can cost a company a large amount of money, not just in shoring up defences to prevent further breaches but also for potentially stolen intellectual property or critical company data. If the breach also includes personal data, the ICO (Information Commissioner’s Office) must be informed within 72 hours of the organisation becoming aware of the breach. Fines may be issued under the GDPR if adequate protections for personal data were not in place.

Nation State Threats

Cyberattacks of this nature are initiated and sponsored by countries or geopolitical groups and are referred to as Nation State Threats, which aim to disrupt infrastructure, business, government and military. These types of attack can be particularly difficult to identify as the attackers often shift blame to cyber gangs, other foreign entities or hacktivist groups.

IoT and OT

IoT denotes the Internet of Things and includes technologies such as machine learning, machine-tomachine communications, big data, sensor data and other data collected on automated devices. OT denotes Operational Technology and defines a specific category of hardware or software that functions to monitor and manage the performance and operation of physical devices. OT systems often support critical infrastructure and industrial operations.

Immutable Backups

An immutable backup is a copy of data that cannot be altered, deleted or changed in any way once the back-up has completed, not even by system administrators. This type of back up can be critical when a company needs to recover or restore data after it has been lost or damaged, whether through a cyberattack or a natural disaster.

To download this factsheet visit: https://www.ccoe.org.uk/wp-content/ uploads/2023/02/CCOE-Cyber-Mindmap.pdf