BIT Security identify nearly 300 ‘high vulnerabilities’ across the regions computer networks
Plymouth based cyber security specialists have identified potentially serious attacks and vulnerabilities in commercial computer networks across the south west.
Protected by state of the art firewalls, and based at one of the most technologically advanced civilian technological hubs in the UK, the team has been able to monitor more than 1000 devices for more than a month.
BIT Security, with its HQ at Plymouth Science Park, will release its findings on Thursday (19 October) at the Derriford site. They trialled the state of the art security monitoring system with a number of regional companies.
The BIT Security team installed high tech devices designed to collect network activity and traffic. The analysts were able to constantly monitor and identify attacks to discover vulnerabilities within the computer networks. In some instances, they found there were up to 100 cyber-attacks per second.
They also uncovered evidence of 750 so-called ‘brute force attacks’ – whereby a company is bombarded by constant login attempts to try to find a correct username and password so allowing hackers entry to a company’s mainframe.
“It’s amazing how much a company’s computer network is bombarded every day. There’s a saying in security that we have to be lucky all the time, whilst the attacker only needs to get lucky once,” says BIT Security’s Richard Cashmore.
The project unearthed nearly 300 ‘high vulnerabilities’ in some systems (which could have been simply fixed by ensuring software was up to date).
“We also found 38 serious vulnerabilities, where the hackers can literally take control and practically own your company, so forcing complete information disclosure.”
They also discovered some firms are still vulnerable to the Wannacry virus – which received huge publicity earlier this year when it crippled the NHS IT systems.
“Our relatively small trial shows the huge scale of the cyber security situation,” says Richard.
BIT Security’s security service allows its experts to delve ‘below the surface’ of IT systems and provide a complete overview of the real-time attacks.
“The BIT Security Operations Centre is like having a security team working constantly in your office.”
The team is rapidly becoming the ‘go to’ experts for local and national businesses as their technical expertise is matched by an in-depth knowledge of all the regulations surrounding the cyber security and IT industry.
“Sometimes small and medium sized businesses ask too much of their IT staff. There are cases where they’re asked to write security policies but they’re untrained in this specialist area and completely unaware of all the different compliance requirements.”
“As such, they cannot produce the right policies, and procedures, and may even implement incorrect control rights. In short, the technical controls concerning encryption, firewall policy management and access control rights may subsequently be incorrect.”
“The accompanying paperwork will be wrong and, in turn, the team risk serious compliance issues regarding their procedures.”
“We not only understand procedures, regulations and policies, but we also have the cyber security knowledge and expertise to be able to implement the correct solution and the supporting policies.”
“This type of service, using high level technology is only normally available to enterprise firms with big budgets. However, we are making it more affordable, thus more accessible to businesses across the UK to ensure they are safe from a growing worldwide issue.”
The presentation will also include a talk on the new data protection act by BIT Security’s Managing Director, Michael Dieroff. Michael is also Chairman of the UK government’s advisory Cyber Security Skills Group.
“Every business should be aware of the new General Data Protection Regulation, which Michael will focus on during his talk, but will also come away which practical solutions to deal with this regulation.” says Richard.
The event will also cover how BIT Security can provide the full package of resources for businesses – from establishing threats and risks, through to impact assessments, procedures and the benefit of engaging with the highest available level of cyber security.