Tag Archive | cyber security

Highlights from today’s Cyber Awareness webinar

Your people are the most effective line of defence when it comes to Cyber Security. It’s a message that has been passionately expounded by cyber security experts for many years, but it has taken the recent hike in the profile of cybercrime for people start to really start listening.

Today’s webinar was a chance to gain a little insight into the topics of cybercrime and cyber awareness from two seasoned professionals with a wealth of first-hand experience. Nick Wilding leads the Cyber Resilience Best Practice division of AXELOS GBP – a joint venture between the UK Cabinet Office and Capita; and Vicki Gavin is Compliance Director and Head of Business Continuity, Information Security and Data Privacy at The Economist Group.

At Unicorn we are fortunate to count AXELOS among our strategic partners, and have worked closely with them to develop and continually improve RESILIA – an integrated best practice portfolio designed to put people at the centre of an organisation’s cyber resilience strategy. Ahead of the imminent relaunch of this suite, Nick and Vicki took some time to lend context to the need for cyber awareness training.

This morning’s webinar kicked off with a roundup of the latest statistics relating to cyber attacks:

Screen grab from AXELOS cyber awareness webinar showing recent hack statistics

“One thing’s for sure”, said Nick Wilding, “looking at the stats, it’s clear that at some point you will be breached.” The frequency and nature of these attacks are such that it’s easy to see where he’s coming from: over the past year alone we’ve seen everything from repeated attacks on the SWIFT network, to the sustained efforts of Russian hacking group Fancy Bear in their attempts to upset the US electoral process.

“To be honest, it’s easy to see why people end up with ‘security fatigue’, said Vicki Gavin. “We’re incessantly bombarded with frightening statistics to the point that sometimes these headlines end up just having the opposite effect. For me personally, I’ve found a way to leverage this kind of information, and the key is making it specific and relevant to the activities of your own organisation.”

Screen grab from AXELOS cyber awareness webinar showing a statistics board

“If we accept that people are our best line of defence”, continued Nick, “it’s shocking to think that in a recent study, we found that as many as 45% of organisations don’t do any kind of cyber security training, and of those that do, 81% are relying on mandatory training that is completed once a year or less.”

It’s about technology and people, not just bits and bytes.
– Vicki Gavin, The Economist

One of the anecdotes that AXELOS have come back to time and again is that of Jim Baines – a personal friend of Nick Wilding, and a CEO who has spoken at length about his traumatic experience at the hands of cybercriminals. Nick relayed this story today, and followed it with an extract from one of Baines’ letters that poignantly reminded others that none of us are invulnerable when it comes to falling foul of cybercrime. “Interestingly,” said Vicki, “what we seem to see time and again is the prevalence of this culture of blame. Whenever something happens, businesses are quick to want to assign blame – who’s fault was it? Who clicked on a malicious link? Who opened a phishing email? But when we’ve talked about organisations only offering cyber awareness training once a year, how are people supposed to learn?”

“They say it takes a minimum of three weeks to start developing a new habit,” she continued, “so what we really need is to start embracing this idea of continuous learning.”

When you consider AXELOS’ stats that of the firms supposedly running ‘effective cyber awareness training programmes’, no more than 50% of them had full completion rates, it’s little wonder that learning continues to be a barrier to resilience.

Screen grab from AXELOS cyber awareness webinar showing coloured panels about training

“In the simplest of terms, where it comes to awareness there’s too much stick and not enough carrot,” says Nick. “At the heart of it, people sometimes forget that cyber is an interesting topic – so engagement ought not to be something that’s seen as tedious.”

“The problem is often that people think just because someone is a cyber expert, that that automatically means they will be a good trainer”, asserted Vicki – followed by another acknowledgement that in order to achieve real engagement, it’s critical to make learning relevant to your target audience. Sharing her experiences of responding to attempted cyber-attacks mounted on The Economist in the past twelve months, Vicki pointed out that this is now becoming the norm for businesses operating in the digital age.

At the source of every error which is blamed on the computer, you will find at least two human errors, one of which is the error of blaming it on the computer. – Tom Gilb, US Systems Engineer

“I can tell you we’ve had 360 cyber events in the last year, of which 60 we might categorise as ‘incidents’, and 3 that were escalated to crises,” she said. “In the latter part of last year, we had a breach when an individual unwittingly gave away their user credentials by clicking on a link in a phishing email. Although the hackers then used this breach to send a further email to everyone in the business, of the 1400 people we have working for The Economist Group globally, only 50 people actually opened this email, and no one else clicked on anything. In summary, we had the whole thing contained in under 3 minutes. This is exactly the kind of compelling event that shows the true value of cyber awareness training to our board.”

Speaking about the need to promote awareness learning that really works to change behaviours across businesses, Nick said: “What we come back to time and again is this theme of storytelling –  making training relevant and relatable. Don’t just tell people what the policy is, help them to make that relevant, and to interpret and understand what you want them to do in order to support it. What we see instead is lots of ‘don’t do this, don’t do that’ – but what about the why?”

Screen grab from AXELOS cyber awareness webinar showing new RESILIA content

“Through our partnership with Unicorn, we have moved beyond the model of once a year training,” he continued. “We have built creative, innovative, engaging learning to help businesses design and implement effective training programmes for their organisations. The RESILIA suite gives you the power to build an adaptive, efficient programme of learning, utilising diagnostic tools to test current knowledge and then deliver only relevant content to address areas of weakness. The content is a mixture of online videos; refresher snippets and tests; games and animations – and in its variety is sympathetic to the notion that people learn in different ways.”

RESILIA is designed for businesses of all sizes to help them on the journey of developing a culture that recognises the need to keep abreast of the threats posed by cybercrime. As both Nick and Vicki explained today, a business is only as resilient as its people – something that unavoidably echoes the old adage about a chain being only as strong as its weakest link. “Critically, we want to get people talking about this stuff,” said Nick. “The more that people talk about it, the more resistant they become.”

If you want to find out more about RESILIA Cyber Awareness Learning – or book a demo – you can do so here.

Cyber Security: ‘A Tale of Two Banks’

This week, Emma Dunkley of the Financial Times published an amusingly titled yet insightful piece on the recent cyberattacks levelled at two major high street banks. Not to be misled by the lighthearted headline of the article, her account provided another chilling glimpse into the reality of what major banks and consumer organisations now face on almost a daily basis when it comes to protecting their data.

People working at computers in a bank

“The recent attacks on Lloyd’s Banking Group and Tesco Bank revealed the evolving techniques used by cybercriminals to expose financial institutions’ vulnerabilities”, she wrote, as she sought to explain the wider implications of what had happened. “The threat of cyber assaults is increasing. As banks roll out more digital services, and as more customers use technology to handle their money, cyber criminals have a greater number of entry points through which to access systems and customer data.”

What happened?

On January 11th, Lloyds was hit by what is commonly known as a ‘denial of service’ attack, where hackers hijacked several of the bank’s servers and flooded their website with large amounts of traffic designed to cripple online services. Upon discovering that they could not gain access to online banking, many customers took to social media to vent their frustration, as Lloyds deployed a series of counter-measures designed to isolate the attacks and limit the damage caused.

Although large banks are typically targeted by denial of service attacks around once a month, the Lloyds incident was particularly severe – with this attack lasting far longer than the usual few hours.

“Denial of service attacks are happening 24/7 globally,” says Philip Halford, a senior adviser at financial services consultancy Bovill. “There are multiple perpetrators, often targeting the same trophy targets. They share the common objective to breach a control system sufficiently to allow or deny legitimate users access to it. The motivation can vary from criminal intent to mere bragging rights. The effect, however, can be crippling for organisations.”

Compared to the Tesco Bank fraud that took place in November last year, the Lloyds attack was relatively mild, with no customer data or money having been stolen. It is reported that the hackers behind the attack demanded a £75,000 bitcoin ransom, although it is unclear whether Lloyds bowed to this request.

Stressed businesswoman sitting at desk in office

Tesco Bank was not so lucky. Last year’s assault led to nearly £2.5m worth of payouts to 9000 customers who had money stolen by cyber criminals. This time, the data breach was facilitated by a weakness in one of Tesco’s mobile banking apps, which was exploited to access personal information connected to thousands of current and savings accounts. Thankfully Tesco Bank acted quickly to reimburse customers, but the incident still represents a significant and worrying reality of the risks posed by hackers.

What the attacks on Lloyds & Tesco Bank tell us about how online crime is evolving

Over the past twelve months, news of major cyberattacks has become increasingly commonplace –  with 2016 seeing more sophisticated assaults than ever before.

Cyber crime is on the rise, with attackers developing increasingly sophisticated hacking techniques to break through organisations’ defences. It is one of the biggest risks to global banking, threatening to cripple lenders and defraud customers.

As the Financial Times rightfully put it, “the stakes are high”. When we consider the reputation of the UK banking sector amongst its customers, trust is a critical factor, and information security plays a huge role in this. Not only must banks consider their reputation in this matter, but also the potentially significant fines and sanctions imposed by financial regulators where institutions are seen to have failed in their obligation to protect customer information and assets.

Under the UK Data Protection Act, banks can currently be hit with a penalty of up to £500,000, but an EU directive that comes into force in May 2018 will mean companies can be fined up to 4 per cent of their global revenues for serious data breaches.

As we move into an increasingly tech-dependent world, banks and other organisations alike have an ongoing responsibility to stay ahead of the threats posed by cybercriminals – and as we so often hear, this isn’t just down to software.

Hexagon grid with social engineering keywords like phishing and tailgating with a elite hacker in suit background

Education also plays a huge part in cyber resilience, and equipping staff with the right knowledge can mitigate risk on a truly massive scale. We know that as much as 90% of all cyberattacks are mounted as a direct result of the unwitting action of a member of staff – whether that’s clicking on a phishing email, or falling foul of social engineering. Never before has it been so important to place cyber resilience at the top of your business agenda.


Interested in better understanding the implications of increased cybercrime for your business? Join our free webinar in partnership with AXELOS GBP and featuring Vicki Gavin of the Economist Group, as we explore the most effective ways to safeguard against cyberattacks. Join the webinar and explore more here.

For the full original FT article, click here

Why None of us are Above Cyber Attacks: How Hackers Broke into John Podesta and Colin Powell’s Gmail Accounts

It’s fair to say that when it comes to high profile cyber security failures, the past twelve months have seen more than their fair share.

As if the loss of customer data in TalkTalk-gate wasn’t enough, 2016 brought fresh attacks on the SWIFT (Society for Worldwide Interbank Financial Telecommunication) network, costing a number of banks both their reputations and tens of millions in losses. But why do security breaches keep befalling global giants who pump millions into their cyber security initiatives?

Computer keyboard secured with chain and padlock representing cyber security

Organisations or individuals?

When reports of cyber-attacks hit the headlines, the press are quick to condemn the overarching failings of the organisations in question. Given that global consumer businesses are in possession of vast amounts of private customer data, it’s little wonder that the kneejerk reaction to security failures on this scale is anger. But with user error often relegated to a single line in damming press pieces, it’s easy to miss a common trend across many of these cases: that initial access to an otherwise secure system was granted by the accidental opening of an email, or a click on a seemingly innocuous link by somebody within the organisation.

If we’re looking for evidence in support of this statement, all we need do is delve a little deeper into the mountain of reports into these instances that are available on the web. In fact, one report published earlier this year in the Federal Times noted that as much as fifty percent of all cyber breaches and data leaks can be attributed to human error.

In short, in this era of increasingly sophisticated cyber threats, a critical truth remains: your firewall can be as sophisticated as you like, but it means nothing if your people aren’t armed with the right knowledge.

Falling foul of cybercriminals can happen to anyone

In spite of the usual dialogue of blame that implies a certain ‘stupidity’ on the part of the staff in question, the reality of human-error data breaches is that they happen often enough to highlight a genuine problem with education around information security. There was perhaps a time when malicious phishing emails were laughably obvious, but with the ever-increasing sophistication of available technology, and smarter social engineering, falling foul of a cyber-attack can quite literally happen to anyone.

Never has this been illustrated more than by the recent email leaks from senior officials in Hillary Clinton’s US presidential election campaign.

Hillary Clinton talking on Paris TV last year

Case in point: How hackers infiltrated the Clinton Clan

Back in March, John Podesta – former chief of staff to the Whitehouse and Chairman of the 2016 Clinton campaign – received an email that appeared to come from Google. It wasn’t until some months later, in October of this year, when hundreds of Podesta’s private personal emails began to appear on WikiLeaks that officials were alerted to any data breach. Rather than a legitimate Google security alert, what Podesta had received was a well-disguised phishing message designed to dupe him into giving up the password to his Gmail account.

Of course when news of the hack broke, people were quick to point the finger at Russia. With mounting international tensions, and the profile of notorious hacking group Fancy Bears continuing to rise, such accusations were hardly unexpected.

The phishing email sent to John Podesta by Fancy Bears

The subsequent investigation into exactly where this particular email came from claimed to have traced the malicious URL contained within it to a single account on the popular URL shortening service, Bitly. Using a Bitly short-link, hackers concealed a longer link which, to the untrained eye, looked very much like a legitimate Google URL. Within this was a 30-character string that contained the encoded Gmail address of John Podesta.

Screen grab showing the malicious bitly link responsible for the Podesta hack


The Bitly account used in this attack was found to be the very same one responsible for generating malicious short links used in a significant number of other hacks on members of the National Democratic Committee (including one on former Secretary of State, Colin Powell, where his private emails later appeared on the website DC Leaks.) Investigators at cyber firm SecureWorks also claimed to have been able to trace ownership of the Bitly to a domain under the control of Fancy Bears when they discovered that privacy settings had not been activated on the account.

Using Bitly allowed third parties to see their entire campaign including all their targets— something you’d want to keep secret
– Tom Finney, Researcher at SecureWorks

“It’s unclear why the hackers used the encoded strings, which effectively reveal their targets to anyone,” said Kyle Ehmke, a threat intelligence researcher at security firm ThreatConnect. “[Perhaps] the strings might help them keep track of or better organize their operations, tailor credential harvesting pages to specific victims, monitor the effectiveness of their operations, or diffuse their operations against various targets across several URLs to facilitate continuity should one of the URLs be discovered.”

As it stands, investigators have drawn connections between nearly 9000 malicious phishing emails used to target 4000 individuals across the US and Europe – all seemingly originating from Fancy Bears. The Podesta hack was not the first time the Bears have made the headlines; their connections to the Kremlin have remained the subject of speculation for some time following their meteoric rise to media fame when they leaked documents from WADA (The World Anti-Doping Agency) incriminating American athletes. Whether there is any truth in claims of suspected Russian ties remains to be seen – but if the authorities are in possession of any hard evidence, such information is unsurprisingly not in the public domain.

The use of popular link shortening services such as Bitly or Tinyurl [that left an uncharacteristic trail] might have a simple explanation – the hackers probably wanted to make sure their phishing attempts went past their targets’ spam filters
– Thomas Rid, King’s College London

What we do know is that in Podesta’s case, something as simple as apparently legitimate account security email has led even some of the most tech-savvy figures down the rabbit hole.

Phishing emails that even evaded Clinton’s IT team

Perhaps the most surprising thing of all in this account is the fact that John Podesta did actually report the email to his IT officers as suspicious – and was reassured that the request to reset is password was indeed ‘legitimate’:

The email from Podesta's IT team saying the phishing email was legitimate

To his credit, Mr Delavan does advise that Podesta uses an alternative (authentic) link to change his Gmail password, but was clearly also under the impression that this was a genuine Google security alert.

Clearly, Podesta had some awareness of phishing emails as a means to obtaining sensitive private data, but was ultimately still duped into giving hackers access to his account and surrendering sensitive private information to criminals.

Comment from Bitly

When avid tech-reporters Motherboard published their original series of articles covering the Clinton campaign hacks, they approached Bitly directly for comment. Their official reply, amongst stating that they ‘can only do so much’ when it comes to preventing use of their services for unlawful or malicious purposes, read as follows:

“The links and accounts related to this situation were blocked as soon as we were informed. This is not an exploit of Bitly, but an unfortunate exploit of Internet users through social engineering. It serves as a reminder that even the savviest, most sceptical users can be vulnerable to opening unsolicited emails.”
– Bitly, speaking to Motherboard

Lessons learnt – how do businesses protect themselves against cybercrime?

Irrespective of their size or stature, no firm wants to fall foul of cybercriminals. The reality is that the ‘wolf-in-sheep’s-clothing’ analogy runs deep – within an organisation as high-profile as the Clinton camp, even seasoned IT security professionals were tricked into believing that a phishing email sent to one of their most prominent officials was legitimate.

As the tech world continues to advance, there will always be instances where data breaches and malicious attacks mounted on organisations by cybercriminals will be effective. This said, with an estimated fifty-percent of cyber security breaches attributed to human error, businesses need to view the education of their entire workforce as a critical line in the defence against hackers and cybercrime.

 “We are all vulnerable, regardless of role or seniority”, says Mark Logsden, former Head of Cyber Security at AXELOS Global Best Practice. “The most effective way of managing this risk is via a good cyber awareness programme that promotes good cyber behaviours and teaches all staff about their role in maintaining the cyber resilience of the company.”


Still want more? Check out these other interesting resources
The fantastic original Motherboard article on the Podesta hack
Another piece on how Clinton’s IT team were duped by hackers
Interactive visualisation of the world’s biggest data breaches by sector/fault
Cyber Security Training from Unicorn in partnership with AXELOS GBP


ONS Reports Hike in Cyber Crime Figures

Last week the BBC reported that last year saw nearly six million instances of cyber crime in England and Wales.

According to the Office for National Statistics (ONS), cyber is fast-becoming the most common type of crime – with 3.8 million fraud offences and 2 million instances of computer misuse recorded between March 2015 and 2016. It also noted that the majority of these were linked to some kind of bank account fraud, meaning that as ever banks remain at the forefront of issues of cyber security.

“In today’s climate, 70% of all fraud is cyber-related”, said Arancha Sanchez (CISO, Santander) at last month’s BBA Annual Retail Banking conference, where she expressed a belief that banks have a clear duty not only to protect themselves, but also to educate and assist their customer base. “Although at present, only half of firms consider cyber security to be a priority for them.”

Online Secure Connection Concept Illustration with Padlock and Cyber Background. Online Encryption Technologies.

“The widespread use of computers, laptops and smart-phones to facilitate fraud has changed [the way we perceive crime]”, said Danny Shaw, BBC home affairs correspondent.  “[The ONS found] we are more likely to be a victim of fraud than any other type of crime, with one in 10 adults defrauded in the past 12 months.”

“Fraud and cyber offences are not a new threat and the government has been working to get ahead of the game, committing to spend £1.9bn on cybersecurity and cybercrime over the next five years.” –Policing Minister Brandon Lewis

Indeed, of the reported two million instances of computer misuse, 1.4million involved the device in question becoming infected with a malicious virus, with the remainder related to “unauthorised access to personal information” – such as hacking. As technology continues to advance, and banks seek to provide seamless, cross-platform solutions to their customer base, it is crucial that cyber awareness is given adequate attention. “Consumers need confidence in banks, and banks need confidence in customers, said Donald Toon, Director of Economic Crime Command NCA;Cyber Security is about Tech, Processes AND People.”

“Boards need to be able to heavily tasked with promoting a culture of cyber confidence. There isn’t a silver bullet when it comes to cyber security; and it’s a Chief Exec problem not just an IT one.” –Arancha Sanchez, CISO, Santander

Bank of England Urges Security Hike

Just last week we brought you news of a second high-profile cyber-attack on a major UK bank. With the Financial Services sector still reeling from the $81 million cyber heist involving Bank Bangladesh earlier this year, the second attack highlighted the growing need for increased cyber security across the industry.

With news that the Bank of England recently issued a request to all UK banks to redouble their security efforts when it came to all computers connected to the SWIFT messaging network, it’s obvious that cyber-crime is a very real threat to institutions across the board. “What we’re seeing is the very clear need for businesses to realise the potential cost of not only software security, but also cyber awareness among staff”, says Unicorn Training’s own Alex Prodromou. “With the increased sophistication of cyber-crime, more often than not hackers are able to access and wreak havoc across an organisation, simply because of the unwitting action of a member of staff who may have clicked on a phishing link, or opened an unsecured attachment.”

“Contrary to what we often read in the news, this isn’t anything to do with stupidity or negligence”, he continues; “but rather that organisations don’t always see the value in adopting a bottom-up approach, and educating staff about the potential threat posed by cyber-criminals.”

Closeup of computer keyboard with green and red buttons highlighted

Indeed, the Bank of England’s alleged warning to the UK banks it regulates constitutes the first of its kind – and is the first time in history that a bank in a major economy has issued an alert of this kind.

It should be noted that The bank of England – one of the central G10 banks responsible for co-overseeing Brussels-based SWIFT – had no comment. However, it is undeniable that the Bangladesh theft has sent shockwaves through the established money transfer service for both commercial and central banks across the globe.

One thing is for sure – cyber resilience remains one hot topic for the industry, and institutions of all sizes ought to be taking concrete steps to safeguard their interests. Talk to us today about RESILIA, powered by AXELOS, and learn how Unicorn can help safeguard your business against cyber-crime.

BBC reports second major bank cyber-attack following Bangladesh raid

It’s been another eventful few months for high profile cybercrime. In the wake of last year’s very public TalkTalk hack, SWIFT (Society for Worldwide Interbank Financial Telecommunication) has this year reported not one, but two instances of devastating cyber-attacks that have targeted high profile organisations in the commercial banking sector.

Back in February, a cyber-attack aimed at stealing cash from Bangladesh’s central bank at New York’s Federal Reserve was reported to have cost the organisation in the region of $81m (or £56m). In the investigation that followed, the extent of this attack was largely attributed to the central bank network’s lack of adequate security controls – including the fact that they had no functioning firewall, and that they were connecting to global financial networks using second-hand $10 internet routers.

Given the circumstances, it is incredibly fortunate that the bank’s total loss was in the region of millions; rather than the 1 billion dollars that the cyber-theives were allegedly out to steal. It was later revealed that a simple spelling mistake in one of the transfer orders was what had alerted staff to the attack, and stopped much of the money going astray.

However, to think that cyber criminals are only out to target financial institutions whose systems are clearly substandard would be a grave misconception. Last week, SWIFT reported a second attack that targeted a commercial bank in a similar manner. Although SWIFT and the wider media has not as yet revealed the organisation question – or indeed if any money has actually been taken – it did report that the techniques employed in this attack bore a remarkable resemblance to those used in the February attack on the Bangladesh central bank. What this shows us is that these attacks are not isolated in nature, but rather what SWIFT called, “part of a wider and highly adaptive campaign targeting banks”, that exhibit a, “deep and sophisticated knowledge of specific operational controls.”

We are all vulnerable, regardless of role or seniority. An effective way of managing this risk is via a good cyber awareness programme that promotes good cyber behaviours and teaches all staff about their role in maintaining the cyber resilience of the company.”
Mark Logsdon, AXELOS Cyber Security

As the growing prevalence of cyber-attacks such as these proves, cyber resilience rightly remains a hot topic for financial institutions. Mark Logsdon from our Cyber Security training partner, AXELOS, says: “The details of these high profile attacks remain subject to speculation, however they appear to be very similar to that carried out on Sumitomo Mitsui Banking Corporation (SMBC) in London back in 2005. In that attack criminals sought to create a series of SWIFT money transfer orders with an estimated value of £220M. Similar to these recent attacks they were only foiled by a combination of a vigilant member of staff and a simple error in the transfer order.

“An effective and consistent controls environment is key to preventing cyber-attacks”, he continues, “including those that are far less sophisticated than this one. This includes technology, process and critically people based controls. We know that over 90% of all cyber-attacks start with the unwitting action of a member of staff, i.e. they click on a link, open up an attachment contained in an email or innocently provide a critical piece of information to an attacker. The impact on the company or to us individually can be devastating.”

AXELOS is a joint venture between the UK Government (Cabinet Office) and Capita plc. They own and develop global best practice, including ITIL, Prince2 and RESILIA, used by millions of users in thousands of organisations around the world. Find out how Unicorn can help safeguard your entire organisation with our RESILIA cyber awareness learning here –  brought to you through our partnership with AXELOS.

An image of several people sitting around a desk discussing cyber security

Alternatively, read more about Cyber Crime at the BBC website here.

NEWS: AXELOS And Unicorn Partner In New Cyber Awareness Learning Launch

Unicorn and AXELOS RESILIA working together to improve workforce behaviours through innovative cyber awareness learning


AXELOS has launched a comprehensive new suite of cyber awareness learning, in partnership with Unicorn, to meet the challenging demands all organisations face in managing their vulnerabilities to growing cyber risks.

Nick Wilding, Head of Cyber Resilience at AXELOS Global Best Practice, has laid down the gauntlet to firms in their fight against cyber crime, insisting, “Whatever you’re doing to improve cyber resilience and raising awareness, skills and insight amongst all your staff, you can never do enough.”

Upwards of 90% of successful security breaches are regularly being attributed to human error, regardless of a person’s role or responsibility. As organisations regularly evolve and adapt their technical security controls throughout the year so they need to be providing engaging, regular and easy to understand learning that will help to embed and sustain more resilient behaviours with all their staff.

Resilia_logoAXELOS is a joint venture between the UK Government and Capita plc.

Its RESILIA cyber resilience best practice portfolio puts staff at the heart of an organisation’s cyber resilience strategy and gives companies the confidence to recognise, respond to and recover from cyber attacks effectively. The portfolio includes certified training, all staff awareness learning, leadership development and a maturity assessment tool. The RESILIA cyber awareness learning modules are hosted on Unicorn’s award-winning learning and development platform, SkillsServe.

Typically if companies have carried out any information security awareness training, staff have been put through an uninspiring annual eLearning course, which has little or no impact on embedding good cyber resilient behaviours within the workforce. But Nick believes organisations cannot continue to rely on this ‘compliance-based’ approach to cyber awareness if they are going to successfully manage their ever-changing cyber risks.

He said: “Every individual within an organisation can be a target. No one is immune so everyone has a critical role to play in protecting their organisations most valuable and sensitive information.

“Providing your staff with engaging and innovative learning programmes to promote genuine cultural change and understanding is critical. The learning should be ongoing and regular, short and practical, adaptive and personalised with the option to learn inside and out of work hours.

RESILIA’s new cyber awareness learning modules include games, simulations, animations, videos, eLearning, posters, plus refresher learning and ‘up-front’ tests to meet the demand for both operational efficiency and learning effectiveness.”

Mark Jones, Commercial Director at Unicorn Training, added: “The cyber resilience module is designed to suit all individuals regardless of their preferred learning style or when and how they like to undertake their learning, with SkillsServe supporting 24/7 mobile just-in-time learning at the point of need.

“This approach gets to the heart of cyber resilience – enabling all staff to take personal responsibility for better protecting their employer’s most valuable and precious information.”

SkillsServe is the World’s top ranked LMS for financial services and fourth overall in the learning industry-renowned 2016 Top 50 Global LMSs Report. For more information visit www.unicorntraining.com/off-the-shelf-content/cyber-resilience/

BLOG: Are You Safe From Cyber Criminals? Probably Not As Safe As You Think…

MJ_Colour_Cropped_medAs Dido Harding, TalkTalk CEO, described cybercrime as “the crime of our generation,” Unicorn’s Mark Jones talks cyber resilience ahead of Learning Technologies 2016.

Tucked away in the Chancellor’s 2015 Spending Review and Autumn Statement before Christmas was a little, but not insignificant nugget, that would have been missed by most commentators.

The government is committing £1.9bn by 2020 to support a comprehensive programme of cyber security prevention measures.

Recent high profile cases, including TalkTalk and VTech, have again highlighted how the cost of cyber security breaches is rising dramatically. Yet too often technology is still seen as the solution, when in reality it’s regularly reported upwards of 90% of successful breaches are down to human error.

In the wake of their breach, Dido Harding, TalkTalk CEO, described cybercrime as “the crime of our generation,” and moves like the Government’s budget pledge merely serve to reinforce her view.

RESILIA-Cyber-Resilience-Best-PracticeLast summer, we partnered with AXELOS – a joint venture between the UK Government and Capita plc – to help raise awareness of the critical importance of staff engagement in countering the threat of cyber crime following the launch of AXELOS’s RESILIA Cyber Resilience Best Practice portfolio.

The aim was to provide a platform – SkillsServe – for RESILIA’s suite of cyber resilience learning modules to help address an issue that is infinitely more about people and training than computers and technology. Critically SkillsServe’s ISO 27001 security rating confirms its status as a secure portal, free of the vulnerabilities experienced by other open source, higher risk solutions, while SkillsServe’s position as the World’s top LMS for financial services adds further credibility the learning.

TCNews Jan 2016PW_cover_medIn this month’s T-C News, Unicorn’s Commercial Director Mark Jones analyses how effective and engaging training can help firms better manage their ever-changing cyber risks.

Backed by the expert insight of Nick Wilding, Head of Cyber Resilience, AXELOS Global Best Practice, Mark observes how “no matter what you’re doing to improve cyber resilience and raising the awareness, skills and insight amongst all your staff you can never do enough,” before concluding, “The impact of not engaging all your people is too great a risk to take for most – are you ready to make a change?”

You can read the full article by downloading the January edition of T-C News here (password required).

Meanwhile if you want to learn more about getting your staff up to speed with cyber resilience come and see us at Learning Technologies 2016 conference and exhibition, at Olympia, London on Wednesday 3 and Thursday 4 February, where Unicorn will be on Stand P14. Register for free entry to the Learning Technologies and Learning and Skills 2016 exhibitions and seminars at www.learningtechnologies.co.uk