chanpipat - stock.adobe.com
Innovation key to halt cyber attacks
In the light of the number of cyber breaches taking place, innovative security systems are required, according to the UK National Cyber Security Centre (NCSC)
Current cyber defence technologies from standard suppliers are unlikely to be able to protect organisations in five years’ time, said Ian Levy, technical director at the NCSC.
“We need innovation. We need different ways of thinking about this,” he told the launch of the second GCHQ Cyber Accelerator in London.
More than 100 cutting-edge cyber security entrepreneurs and startup firms applied to join the second programme in the GCHQ Cyber Accelerator, but just nine were chosen for the nine-month programme.
At the launch event, representatives of the participating companies pitched their products and services to potential investors.
James Smith, CEO of cryptocurrency investigation firm Elliptic, said the company’s aim is to keep cyber criminals out of cryptocurrencies.
While the company believes cryptocurrencies will be part of the future of financial services, he said cryptocurrencies are also increasingly being used to pay for illicit goods and services online.
“For the ecosystem to grow, there needs to be a way of detecting that criminal activity, preventing it and pursuing criminal actors, which is what we do at Elliptic,” said Smith.
The London-based four-and-a-half year old company monitors cryptocurrency transactions and works with cryptocurrency firms and law enforcement in the US, UK and Europe to identify and investigate cyber criminal activity, he added.
Alex Cowan, CEO of transport network security firm RazorSecure, said cyber security is now a critical in the transport industry and is expected to be a $14bn market by the year 2022.
The company’s main product, he said, is an active intrusion and anomaly detection set of software that learns what is normal for the device. This ties in nicely, he said, with the Network and Information Systems (NIS) directive on critical infrastructure that comes into effect in 2018, and mandates active monitoring and anomaly detection.
According to Cowan, an important differentiator is that RazorSecure enables “independent, on-device” decision making. “This is critical in the transport industry where there is no guarantee that there will be a connection back to the cloud,” he said.
In the next five years, RazorSecure aims to secure all European trains. “To do this, we need partners such as GCHQ and Wayra UK. We also need investors,” said Cowan.
Rachel O’Connel, founder and CEO of verified parental consent provider Trust Elevate, said the company is dedicated to enabling businesses to protect children and young people online, and to help parents concerned about big companies tracking their children’s activities.
“Trust Elevate solves the verified parental consent and age-checking challenges that businesses face,” she said.
The service is aimed in part at eliminating the problem of adults with a sexual interest in children accessing content that is posted by children who have lied about their age to join such sites.
O’Connel said Trust Elevate is currently working with children’s entertainment service Azoomee. “We are seeking investment to run a pilot project,” she added.
John Tolhurst, sales director of secure cloud connectivity service Ioetec, said the company’s mission is to “save the internet of things”.
“We are entering the age of automated device communication or IoT, and this is great news for UK firms because that automation brings efficiency that will boost productivity and cost savings. But there is a problem because the majority of these connections are fundamentally insecure,” he said.
This represents a threat to the UK, said Tolhurst, because ultimately it will enable the “weaponisation” of the internet of things (IoT), and that weapon could be used to attack national infrastructure.
The lack of security also means that remotely maintained healthcare devices could be hijacked with potentially fatal consequences and child monitoring cameras could be hijacked to spy on children.
To address these threats, he said Ioetec has created a device communication platform specifically for IoT, using complex encryption and authentication protocols to ensure that devices can be connected safely and securely to the internet of things.
Although Ioetec already has some strategic partners, Tolhurst said the company is growing and is looking to increase the number of those partnerships, especially for collaboration on proof of concept projects, as well as investors.
Amadeo Pellicce, CEO of website account protection firm Warden, said the company is aimed at helping website owners to protect their users from hacks.
Billions of records a day are being leaked on the internet, he said, and the problem is only getting worse. To help stop this problem, Warden integrates with websites, maps the normal behaviour patterns, devices and locations of users, identifies abnormal activity and provides tools to stop it.
For all but the large tech companies, this is difficult to do in-house, said Pellicce, which is why Warden provides these capabilities through a software-as-a-service (SaaS) model that enables easy integration with customer websites.
According to Pellicce, the importance of protecting accounts is underlined by the fact that Warden data shows that 2% to 4% of funds held at cryptocurrency exchanges are lost due to account hacks, totalling hundreds of millions of pounds worth of losses a year.
Jack Chapman, CTO and co-founder of anti-phishing firm Cybershield, said more than 90% of cyber attacks start with an email that was not what it claimed to be.
“Opening a phishing email can allow ransomware or other forms of malware onto a network leading to data breaches that each cost UK businesses more than a million pounds on average,” he said.
To help employees identify risky emails, Cybershield changes the subject line of every email to green, amber or red to indicate the level of risk. The system uses an artificial intelligence (AI) algorithm based on an analysis of the key components of phishing emails to combine human and machine recognition.
“By detecting the techniques used behind the phishing emails, our system is able to detect new and targeting phishing attacks on phones, tablets, laptops or any other device with an email client,” said Chapman. “We are looking for partnerships and pilots, and to talk to anyone who understands that phishing is an issue.”
Chris Wallis, CEO of vulnerability management firm Intruder which helps businesses find their digital weaknesses, said finding weaknesses before hackers do is important, especially in the light of the fact that around 8,000 of these weaknesses are discovered every year, which is more than 20 a day.
“No company afford to ignore weaknesses in their systems, as Equifax discovered. The company ignored just one tiny weakness, which resulted in a major breach of data relating to millions of consumers,” he said.
Intruder is designed to run daily check on customers’ IT estates, identify any weaknesses and provide information on how to fix it.
The service, said Wallis, is designed to provide banking-grade security to organisations that do not have the resources, expertise or people to carry out these daily checks or carry out context-based analysis of threats.
“Any organisations subscribing to our service would have been protected from the devastating WannaCry attacks because the vulnerability it relied on to spread had been made public two weeks before the attack,” he said. “We are looking to expand and for investors to help us do that.”
Secure Code Warrior
John Fitzgeral, chairman of secure software coding training firm Secure Code Warrior, said there are around 14 million professional developers who write around 110 billion lines of new code every year as companies rush to transform themselves into digital organisations.
But if that is not done securely, he said there will continue to be data breaches caused by weaknesses or vulnerabilities in the software code being used by organisations.
To address this problem, Secure Code Warrior built a platform that has a learning component and is designed to help developers write secure code by identifying in real time any vulnerabilities that could be exploited by attackers and fixing it automatically, if required.
“Secure Code Warrior is like spell checker for software developers,” said Fitzgerald, claiming that the platform is able to eliminate 80% of web application vulnerabilities at source.
“We can change the world by making software development more secure from the start,” he said, adding that the already profitable company is looking for more partners and customers.
The final pitch was from Norman Shaw, CEO of remote data locking service ExactTrak. “We make mobile security with a difference because it is embedded into hardware,” he said.
To illustrate the scale of the problem, Shaw said 6.9 million laptops were reported stolen around the world in 2016. “But just last weekend alone, 131 laptops were lost at Heathrow airport,” he said.
ExactTrak technology is currently being built into AMD processors that will be used in devices made by companies such as Hewlett Packard and Dell. “In the meantime, we have a USB product that is already shipping, that is trackable and can be remotely controlled from anywhere in the world,” said Shaw.
ExactTrak uses a range of technologies, he said, to provide “global visibility” of a device and to send codes to either shutdown the device or to wipe all data.
The company has already partnered with some high-profile companies, which collectively sell around 100 million laptops a year, and raised around £2m from a small group of investors for development. “But now we need more investment to take us to the next level,” he said.
Read more about UK cyber security innovation
- NCSC engagement director Alex Dewdney is leading government’s new approach in working with UK industry to build a national cyber security community and capability.
- Cyber security should not be seen as a necessary evil, but an economic opportunity, says UK government.
- The NCSC aims to ensure the UK has the ability to take offensive action if necessary, while also growing an innovative cyber security industry.
- Britain has a proud tradition of innovation, but in the field of information security, much of this innovation has been performed under a cloak of secrecy.