Cyber security news round-up
- 26 July 2019
Our latest cyber security news round-up looks at the recent hijacking of the Metropolitan Police Force’s Twitter feed, and fresh investment in UK cyber security from major companies including Google and Microsoft.
Report claims healthcare sector is fastest when it comes to addressing common vulnerabilities
A new report has claimed the healthcare sector is the fastest industry when it comes to addressing common vulnerabilities found in software.
A global report by Veracode found healthcare organisations took only six days to address a quarter of their vulnerabilities in code and just seven months to remedy the majority (75%) of them.
Meanwhile, the average organisation is taking 15 months to fix 75% of its vulnerabilities, Veracode claimed.
This is at odds with the perception that healthcare organisations are behind the times with technology and have larger installations of legacy software, the software company said.
“Healthcare organisations are remediating at the most rapid rate at every interval compared to their peers. It takes just a little over seven months for healthcare organisations to reach the final quartile of open vulnerabilities, about eight months sooner than it takes the average organisation to reach the same landmark,” said Paul Farrington, EMEA CTO at Veracode.
“It shows remarkable resilience for an industry which was heavily targeted and badly damaged during the WannaCry ransomware attack two years ago. However, millions of cyber-attacks are aimed at the healthcare sector each day, seeking any weak spot.
“Using code that is secure from the start can help healthcare reduce security risk further.”
Met Police suffer Twitter hack
London’s Metropolitan Police suffered an embarrassing PR day after its Twitter and email accounts were temporarily hijacked by pranksters.
A stream of unusual and expletive-ridden tweets were sent from the force’s Twitter account – which has more than a million followers – on 19 July.
A number of emails were also sent from the Metropolitan Police’s press office.
Scotland Yard confirmed its website had “been subject to unauthorised access”, thought to have been made via an exploit in MyNewsDesk, which the Metropolitan Police uses to issue press releases.
A police spokesperson told the BBC the force had “begun making changes to our access arrangements to MyNewsDesk.”
Bradford police arrest Uni hack suspect
A 25-year old man from Bradford has been arrested on suspicion of committing Computer Misuse Act and fraud offences following a cyber-attack on Lancaster University.
Officers from the NCA’s National Cyber Crime Unit arrested a suspect on 22 July, after records and identification documents belonging to a number of students were compromised.
Data concerning undergraduate applicants was accessed, including prospective students’ names, addresses, telephone numbers and email addresses.
Fake invoices were also sent to some individuals. Lancaster University labelled the incident “a sophisticated and malicious phishing attack”.
The University added: “The matter has been reported to law enforcement agencies and we are now working closely with them.”
Tech giants invest in UK cyber capabilities
Major businesses including Google and Microsoft have co-committed £190 million to tackling major cyber security threats facing the UK.
Up to £117 million expected from private industry investment will be combined with £70 million government investment through its modern Industrial Strategy to develop new technologies.
These will range from new hardware prototypes and software for tackling online vulnerabilities.
The initiative aims to make the UK a leader in the global cyber security market, predicted to be worth £39 billion in the next decade.
(Fomer) business secretary Greg Clark said: “Digital devices and online services are powering more of our daily lives than ever before, from booking a doctors’ appointment to buying online shopping. While these devices and services bring great benefits to businesses and consumers, they come with the associated risks of cyber-attacks and threats that are becoming increasingly complex to tackle.
“As we move to a more data-driven economy, nearly all UK businesses and organisations are reliant on these digital technologies and online services – but the threat of cyber-attacks is ever-present, with more than 30% of businesses having experienced a cyber-security breach or attack in the last 12 months.
“With government and industry investing together as part of our modern Industrial Strategy, we will ensure that the UK is well placed to capitalise on our status as one of the world leaders in cyber security by ‘designing in’ innovative measures into our technology that protect us from cyber threats.”