The technology landscape is shifting beneath our feet. And it’s doing so at a head-spinning rate. IoT, driverless cars, connected health – if there’s one thing the technology industry will never lack, it’s buzz around a new platform or trend.
But with so much hyperbole around so many new things, it can be difficult to know where to invest your time and energy. Spending a huge amount of time worrying about how blockchain, for example, will affect your business might not be the wisest choice – as many hyped new technologies will end up floundering or making a small minimal impact at best. Nevertheless, it’s important to understand how security practices may need to change in the face of emerging technologies. New platforms that haven’t materialised will inevitably ask new questions of how we stay secure. How can businesses, governments and individuals get ready for challenges that haven’t even surfaced yet?
Technology is the engine room that powers society, the economy and government. The past few years have witnessed an explosion in digital advances driving consumer and enterprise innovation that will transform the way we all live and work.
The creation and dominance of hyper-scale platforms, combined with new technologies are driving an ever more seamless integration of such platforms with humanity, bringing disruption to organisations large and small, public and private.
At a roundtable event, in partnership with RUSI, we brought together some of the world’s leading experts in this field to analyse these systemic changes via six key lenses – hidden complexity, enabling bad things, the human impact, economic side-effects, global power and navigating to benefit.
Complementary report: Emerging technology and risk – The six key lenses
At a roundtable event, in partnership with RUSI, we brought together some of the world’s leading experts in this field to analyse these systemic changes via six key lenses – hidden complexity, enabling bad things, the human impact, economic side-effects, global power and navigating to benefit.
Charles Newhouse, Director of Consulting, BAE Systems
Charles is Applied Intelligence’s Director of Consulting. He is an experienced operational and technical leader with a strong background in developing strategy, developing teams and managing £mm budgets. He has a proven record of accomplishment, providing operationally pragmatic technology solutions to complex ambiguous business challenges. His engineering and systems background allows him to operate in complex environments, providing the interchange simplifying, contextualising and communicating challenges and opportunities for a business audience.
Whether you're looking to share your perspective or simply want to find out more, we'd love to hear from you.
Get in touch with us at: theintelligencenetwork@baesystems.com
The Intelligence Network is committed to fighting cyber fraud as part of its mission to safeguard the digital world. Learn more about The Intelligence Network’s initiatives and approach – including how you can get involved and how you stand to benefit – by reading our vision report.
Cyber fraud tactics are varied – from malware through to deception scams and fraudulent identities. But they share a common aim – the theft of personal or business information. Below, we’ve listed four trends that enable cyber fraud. We’re arranging work streams to tackle each of them.
Endemic attacks: the prevailing mindset in cyber security is that organisations should think about “when” not “if” they suffer a successful cyber attack.
Operating in silos: there’s limited information sharing between security and fraud teams (and across functions and industries) and joint action is rare.
The cyber to fraud gap: cyber security, counter fraud and law enforcement all operate independently, with their own distinct objectives.
Social engineering: the ability of criminals to deceive people drives and sustains cyber attacks and fraud.
Join a work stream to help us make a difference in one of these four areas. Your input could range from knowledge-sharing, through to research and the development of proposals for industry.
Fraud is both directly and indirectly responsible for a wide range of crimes and threats to society:
Over half of all frauds are cyber enabled. Fraud is also a primary motivator for cyberattacks on organisations. So, breaking the cybercrime and fraud cycle remains a hugely important challenge for businesses, governments and society.
Social Engineering
work stream report
Our Vision for
Tackling Cyber Fraud
Perspectives across the
cyber fraud lifecycle
What does COVID-19
mean for insurance fraud?
Influencing Change
in 2020
False trust: Findings
from our focus group
Discussion Paper:
Fraud or Cyber Fraud?
The Security
Professional
Cyber fraud trends
from the frontlines
Take advantage of the many educational and awareness-boosting materials available online, including:
Whether you're looking to share your perspective or simply want to find out more, we'd love to hear from you.
Get in touch with us at: theintelligencenetwork@baesystems.com
Best practice cybersecurity certainly has its place. It will help enhance the resilience of your organisation to potential attack and mitigate the threat of most commodity threats. But to defend against the most sophisticated attacks you must gain insight into your adversaries—and more specifically, their tactics, techniques and procedures (TTPs). This is the value of threat intelligence.
To understand why organisations may need to adopt such approaches, look no further than the threat landscape. Reports from Microsoft, the UK’s NCSC and others have highlighted the scale and sophistication being seen in the wild.
Why is this happening? Partly because of an acceleration in financially-motivated cybercrime, against a backdrop where rapid adoption of remote working has expanded corporate attack surfaces. The pace of the threat landscape in 2020 is arguably most noticeable in the area of ransomware. The BAE Systems Threat Intelligence team has been tracking the ‘double-extortion’ ransomware threat closely and recently published an infographic on ransomware’s perfect storm.
Other emerging threat actors include ‘hacker-for-hire’ groups such as Dark Basin. They have increased both the volume and reach of their ‘hands-on-keyboard’ activities, performing credential harvesting against targets in an array of sectors.
Why is this happening? Partly because of an acceleration in financially-motivated cybercrime, against a backdrop where rapid adoption of remote working has expanded corporate attack surfaces. The pace of the threat landscape in 2020 is arguably most noticeable in the area of ransomware. The BAE Systems Threat Intelligence team has been tracking the ‘double-extortion’ ransomware threat closely and recently published an infographic on ransomware’s perfect storm.
Other emerging threat actors include ‘hacker-for-hire’ groups such as Dark Basin. They have increased both the volume and reach of their ‘hands-on-keyboard’ activities, performing credential harvesting against targets in an array of sectors.
To this activity, we can add the persistent threat from state-sponsored groups. New geopolitical strategies in nations with aggressive cyber capabilities are driving an expansion of attacks against not only the usual suspects of defence, military and government, but also a far wider range of sectors. Supply chain attacks further expand the number of firms that may be hit. On top of this, reports have emerged suggesting some state hackers are pursuing extra-curricular projects for their own financial gain.
Against this backdrop, threat intelligence is a strategic necessity. When done right, it can offer tremendous value to organisation, including:
However, the threat intelligence industry still faces some challenges, in terms of supply consumption and information sharing.
Supply: Threat intelligence buyers must pick their way through a market full of rival solutions. As few offer a comprehensive range of features, well-resourced firms may end up buying overlapping products while smaller ones simply don’t get enough coverage. Neither is an optimal solution.
Consumption: Organisations often have difficulty implementing and then operationalising these solutions. This can lead to time wasted chasing the wrong leads, or the generation of too many alerts for limited threat intelligence teams to manage. Data may be too old and not actionable. Organisations may also delay crucial investigations over legal concerns.
Sharing: There are problems associated with opening-up intelligence sharing to everyone: if systems were free and open they could be infiltrated by nation states and cyber-criminals. But make systems too restrictive and smaller organisations may be disadvantaged because they can’t afford access. Another perennial concern is that participation in intel sharing will impair corporate competitive advantage, or reveal information which could harm brand reputation.
To overcome these challenges, we as an industry need to move forward across several areas. These include:
With over 2,000 global members, The Intelligence Network is already reshaping threat intelligence for the new digital era. Among seven critical areas we’ve highlighted for action before 2025 is Understanding Adversaries. Together we can work to overcome industry challenges and harness threat intelligence to maximum effect.
Whether you're looking to share your perspective or simply want to find out more, we'd love to hear from you.
Get in touch with us at: theintelligencenetwork@baesystems.com
There’s plenty of progress being made to improve the cyber security skills of everyone across society. Government- and private sector-led initiatives abound, echoing the importance of managing your data and online activities with secure, diligent practices and principles.
Both consumers and employees are expected to know how the world of cyber security works and are obligated to use secure passwords or authentication, data backups, internet security platforms, and a plethora of wider services. This is a big (and often confusing) ask, even for those who work in technology or digital businesses. Making it easier for people to remain secure (while achieving what they need to do) remains a challenge. We need to find a way to achieve frictionless and seamless security for users, while maintaining the type of robust security that’ll dissuade would-be attackers.
Are We Aware Enough?
Obstacles to Cyber Defence
We asked our member community to share their feedback on the topics that are most pressing and front of mind to them from the seven that we have committed to exploring in detail over the coming years. While this particular topic isn't one of the first two we're focusing on, we are always keen to hear feedback from our members by way of insights, experience and ideas that might influence our action plan moving forwards. And, if there are members or corporate supporters who want to play a more active role in one of the topics we have identified, we would love to hear from you at:
Securely storing data isn’t a new demand placed on businesses – it has been necessary for a long time. But as the world becomes more digital, more data needs to be stored (with increasingly complex security implications).
Recent data breaches and instances of misuse have eroded trust in corporates to use information ethically or properly. If organisations can’t store data in a way that consumers can trust, they won’t be provided with it in the first place. And that restricts their capacity to do business effectively. In the wake of the Facebook and Cambridge Analytica scandal, and the many data breaches that have hit the headlines recently, people are waking up to data snooping and negligence by companies. Businesses are under pressure to show they are completely trustworthy – but can they guarantee their processes and systems are secure in the face of increasingly complex and advanced cyber threats?
Who Stands to Lose the Most?
We asked our member community to share their feedback on the topics that are most pressing and front of mind to them from the seven that we have committed to exploring in detail over the coming years. While this particular topic isn't one of the first two we're focusing on, we are always keen to hear feedback from our members by way of insights, experience and ideas that might influence our action plan moving forwards. And, if there are members or corporate supporters who want to play a more active role in one of the topics we have identified, we would love to hear from you at:
The information security demands that businesses must adhere to haven’t changed drastically in recent times. Long-established frameworks remain in place, and most businesses are familiar with the requirements. But the process is being made more difficult because cyber security is no longer just about protecting the internal IT environment.
With data hosted outside the organisation, information security management is now about the integrity of everything – even the physical world. In theory everyone knows the standards they need to adhere to but – in this digitally transformed world – only the biggest organisations can actually commit to meeting those demands. Changes are happening faster than businesses can react to, and security is often factored into any IT investment too late. As a result, information management and governance challenges begin to spiral.
Adopting a Sharing Culture
What Should We Be Afraid Of?
We asked our member community to share their feedback on the topics that are most pressing and front of mind to them from the seven that we have committed to exploring in detail over the coming years. While this particular topic isn’t one of the first two we’re focusing on, we are always keen to hear feedback from our members by way of insights, experiences and ideas that might influence our action plan moving forwards. And, if there are members or corporate supporters who want to play a more active role in one of the topics we have identified, we would love to hear from you at:
Digital transformation has changed the dynamic of our relationships. They’re no longer just person to person – we now have relationships with organisations. And all of our online relationships share a common characteristic, in that they depend on us verifying our identity.
Right now, every time you log in or access a digital service, you’re asked to confirm who you are and passwords are still the primary method of authentication. But there’s a problem with passwords – they’re not strong enough, and they’re vulnerable. Users find them hard to remember and criminals can easily crack simple passwords. While authentication systems from the likes of Apple and Google do a much better job, they’re proprietary and designed to keep users on specific platforms. That’s great if you’re Apple; not so much if you’re a bank. The challenge for most organisations is therefore how to link digital identity to a person in a way that’s reliable, easy and secure.
We asked our member community to share their feedback on the topics that are most pressing and front of mind to them from the seven that we have committed to exploring in detail over the coming years. While this particular topic isn't one of the first two we're focusing on, we are always keen to hear feedback from our members by way of insights, experience and ideas that might influence our action plan moving forwards. And, if there are members or corporate supporters who want to play a more active role in one of the topics we have identified, we would love to hear from you at: