The question asked by many a business is ‘Where do I find information about cybercrime and the threat it poses ?’
One good starting point is the CERT, the Government's Computer Emergency Response Team. In its own words it is described itself as: “Working with partners across industry, government and academia to enhance the UK’s cyber resilience”
Its role is to support industry and make it safer, operating in a digital world and taking advantage of the speed efficiency and accuracy of moving data around the globe, creating opportunities and trade which is a core function of the government.
The CERT operates a number of regional groups around the UK where businesses can share information and data in order to enhance their own and others security online. Only by working together and sharing concerns, learning about new threats and helping each other will the online world really be safe. So, each region is developing a Cyber Security Information Sharing Partnership (CISP), often initiated by the police or through an existing public/private sector arrangement.
Having access to a CISP provides access to the latest threats and trends identified by the CERT Fusion Centre where such data is analysed and reported to members. The CISP is a joint industry government initiative to share cyber threat and vulnerability information in order to increase overall situational awareness of the cyber threat and therefore reduce the impact on UK business.
CISP allows members from across sectors and organisations to exchange cyber threat information in real time, on a secure and dynamic environment, whilst operating within a framework that protects the confidentiality of shared information.
CISP produces a wide range of products to cater for organisations at all levels of cyber maturity. These include, but are not limited to:
– Alerts and advisories, including from national and international partners
– Best practice and guidance documents on common themes
– Quarterly reports on threat trends
– Malware and phishing email analysis
CISP members benefit from:
1. Engagement with industry and government counterparts in a secure environment
2. Early warning of cyber threats
3. Ability to learn from experiences, mistakes, successes of other users and seek advice
4. An improved ability to protect their company network
5. Access to free network monitoring reports tailored to your organisation's requirements
The broader CERT-UK has four main responsibilities that flow from the UK Cyber-Security Strategy:
– National cybersecurity incident management support critical national infrastructure companies to handle cyber-security incidents.
– Promoting cybersecurity situational awareness across industry, academia and the public sector.
– Providing the single international point of contact for coordination and collaboration between national CERTs
Network monitoring reports
CERT-UK is able to offer CISP members a network monitoring report detailing malicious activity that is based on network abuse feeds received which means that businesses can be as up to date as possible. To benefit from CISP, a business needs to be a member and can then receive the important threat and risk information .
Reports can also be scheduled weekly depending on the organisation’s needs and scale of the network.
What activity will a member be warned about?
– Infected hosts (eg bots communicating with sinkholes)
– Indicators derived from malware analysis
– Botnet infrastructure (eg command and control)
– Compromised hosts that are serving malware
– Web server defacements
– Attacking IPs (hosts inside a network observed conducting brute force attacks)
– Sources of spam and phishing
– Perceived vulnerable network services
This service does not replace or act as an alternative to any intrusion detection system or other security systems. It is an additional tool to keep business aware of threats and risk. Membership information is available at: National membership criteria for CERTs.
Unfortunately not everywhere in the UK has a CISP, although there are other arrangements in place. This map illustrates where they exist. Their ability to provide all sorts of data and opportunities to share threat and risk information is sound.
Maybe it’s time to regulate or at least enforce this so that all regions have them. The North East is the next region to sign up. This is being set up in December and details are available through the North East Serious Organised Crime Unit.
What else can a business do?
The government's publication Cyber Essentials is a simple scheme to ensure that your business has made effective action to address cyber threats and to keep your business safe and operating. Many organisations will help you through the process and can help you achieve Cyber Essentials Plus.
Many companies are assessed and given approval to deliver Cyber Essentials and Cyber Essential Plus they all meet the CREST approval criteria
The government's 10 Steps to Cybersecurity is a great start for any organisation to understand what they should and can do to protect themselves
For really useful advice on individual and businesses go to the Get Safe Online website. This has a large amount of highly relevant and up to date information about Cyber Safety for individuals and organisations of all sizes.
Another area that is well worth considering is that of exercising. The CERT website provides advice on this, but also worth looking at is the Cabinet Office-supported Cybx Suite based at the Emergency Planning College.
There is plenty of information available, and the developing CISPs are there to help along with Get Safe Online and others.