China responsible for one in seven attacks on UK business – report

Cybersecurity attacks directed towards businesses in the UK are on the up and it appears the source of these nefarious activities can be quite often traced back to China.

After years of being ignored or swept aside for another day, security professionals are finally being taken seriously in the world of IT. It might be considerably overdue, but it is at a very apt time; according to research from enterprise ISP Beaming, the number of cybersecurity attacks directed towards UK businesses increased by 179% year-on-year for the second quarter of 2019.

“The rate at which UK businesses are attacked online has soared over the last year and companies large and small are under sustained attack from hackers around the world,” said Sonia Blizzard, MD of Beaming.

“The majority of cyber-attacks on businesses are indiscriminate, malicious code that trawls the web seeking to exploit any weak point in cyber security systems. A single breach can be catastrophic to those involved.”

Unfortunately for those who would like international tensions to simmer-down, Beaming is also pointing the finger towards China as the source of many threats. China is seemingly the source of one in seven of these attacks, though Taiwan, Brazil, Egypt and the US are some of most persistent offenders.

Amazingly, on average UK businesses are under-threat from a cyber-criminal every 50 seconds, totalling 146,491 over the period in question. It might sound ridiculous, but it demonstrates the simplistic nature of some of these attacks. For the most part, large businesses will be able to avoid any serious damage by simply investing in basic security principles and systems, though you have to wonder how many SMEs are underprepared to resist the suspect fingers of the dark web.

According to Beaming, 63% of small businesses suffered a cyber-attack last year, with the average cost to the business being £63,000. The total cost of cybercrime for small businesses was £13.6 billion. The under-preparedness of SMEs is perhaps best indicated by its proportion of the total; £13.6 billion of the £17 billion total.

Although there is likely to be a fair bit of fear-mongering from Beaming here, security is considered to be one of the selling points of the business, the threat of cybercrime should not be undervalued.

One trend which presents as much of a threat as it does opportunity is IOT. This is a technology which has the potential to revolutionise business models but also give rise to new services and products. However, the threat is just as prominent. The more a company relies of IOT, the bigger the perimeter of its network and the more points of exposure. The number of gateways increases, increasing complexity of cybersecurity.

For those companies which are struggling to cope in the embryonic version of digital which we live in today, tomorrow could be a disaster.

The research has been released at a very intelligent time when you consider the number of GDPR fines which are potentially on the horizon. Earlier today, July 8, the Information Commissioner’s Office (ICO) announced its intention to fine British Airways £184 million for a data breach which occurred in September 2018.

This is the biggest fine handed out by the ICO, but it is worth remembering this is only one of the first examples of the watchdog swinging the GDPR stick. The number of ‘contacts’ the ICO has had with businesses, organizations and individuals has increased 66% since GDPR was introduced in May 2018. In terms of workforce, 200 additional employees have been drafted in since GDPR with plans to hire another 100 to take the total north of 800.

These numbers suggest the ICO is getting more serious about investigation and enforcement, though another consideration for the importance of security is the buying preferences of UK consumers.

If the number of complaints about personal data breaches are increasing, up to 14,000 for the 12 months to May 1 from 3,300 in the prior year period, consumers are clearly more aware about security and data protection. With more products incorporating connectivity, and consumers becoming more away of the dangers of the internet, the security credentials of an organization will become a factor in the purchasing decision-making process.

If start-ups are going to challenge the status quo in the digital world, they will need to sort out security systems and processes. It might surprise some that SMEs account for such a large proportion of the cost of cybersecurity to UK businesses, but such statistics will start to become more prominent as digital increasingly becomes the norm.

Theoretically, the digital world levels the playing field, affording the opportunity for start-ups to challenge the status quo, but if they aren’t up-to-speed when it comes to security, it might well turn out to be a non-starter.

Cisco forks out $2.35bn for Duo – the acquisition train thumps on

Cisco has announced its intent to acquire Duo Security for $2.35 billion in its quest for more subscription based deals.

Michigan-based Duo Security was founded in 2010, growing to 700 employees with offices across the US and in London. The company’s cloud-based two-factor authentication is becoming a much more common tool for employees around the world who want to access sensitive information from multiple devices, in various locations. The deal is expected to be completed in the first quarter of 2019.

Combining the words Cisco and Acquisition is not uncommon, as the business seems to believe acquisition is a much more efficient means to success than organic growth. This is the fourth acquisition to be announced by Cisco in 2018, with the company swallowing up another nine organizations across 2017 and another seven in 2016. Eleven were added to the mix in 2015.

“When we started Duo, the security industry was badly broken,” Duo CEO Dug Song wrote in a letter to employees. “Users were blamed and victims were shamed for what were really design failures in IT – or worse, vendors spent more time admiring attackers versus defeating them.

“The complexity of security products often introduced more problems than they solved, and for every dollar of product, twice as many dollars were spent on services to support them. A new philosophy and approach to security was needed; one that demonstrated respect for people, both in the design of the products and in how business is done. And so we formed Duo.”

The move itself is another step forward for Cisco which has been striving to prove its security credentials in the competitive world of cloud services. Aside from this acquisition, the networking giant has also brought OpenDNS, Sourcefire and Cloudlock into its armoury to bolster resources and offerings to customers. For the moment, the companies will continue to act as separate entities, with Song continuing as GM, though the business will fit into Cisco’s Networking and Security business led by EVP and GM David Goeckeler.

“I’m excited to welcome the Duo team to Cisco,” said Goeckeler in a blog post. “I’m even more excited about the impact as part of Cisco’s intent-based networking portfolio that Duo is going to make for customers deploying multi-cloud models.”

For Cisco, Duo fits into the intent-based networking strategy, adding another arrow to the quiver; identity and access. It does sound like a good fit for Cisco, as identity and access is becoming much more of a headache for CTOs around the world, especially considering the continuous flood of data breaches hitting the headlines. That said, acquiring Duo provides another step into the world of recurring revenues for the business, which is never a bad thing.