Cyber Coffee with Mark Godsland

Hello

 

The UK’s National Cyber Security Centre, has recently released a commissioned “report that reveals the state of cyber security in the UK charity sector”

“This report has revealed that more than half of UK charities believe that they are likely to suffer a cyber-attack.

Charity Digital, in partnership with the NCSC, has published new research which highlights the current understanding of cyber security within the UK’s charity sector, with the aim of identifying areas for improvement and reducing the risk from cyber threats.

Based on a survey of 506 people working within the sector, the report found that 98% of charities believe cyber security is important, though 27% of charities said they did not have a plan in place in the event of a cyber-breach.

Like businesses, charities are increasingly reliant on IT and technology to store sensitive data – such as financial, personal, and commercial information – which can make them an attractive target for cyber attackers.

The NCSC has published guidance for small charities on how to improve cyber security quickly, easily, and at low cost.

The NCSC has also published an assessment which outlines the cyber threat that charities of all sizes face, which also includes advice and guidance on how to build resilience”

 

If you work with the Charity sector and you believe they would benefit from being signposted to the above report and NCSC guidance, please do so.

 

We here in the TVP Cyber Protect Team, are more than happy in 2022 to deliver a bespoke 90min online presentation (Teams or Zoom) to individual charities or the wider charity sector, subject to availability / notice. To arrange such they can contact me direct.

 

Thank you, regards, Mark

 

” src=”blob:https://westberksvillagers.com/cd9789a6-a6b1-4116-a4be-205cacc7e7f2″ alt=”tvp” border=”0″ class=”Apple-web-attachment” style=”width: 1.8416in; height: 0.4916in; opacity: 1;”>

Mark Godsland | Mr CISMP

Police Cyber Security Advisor

Thames Valley Police & South East ROCU

” src=”blob:https://westberksvillagers.com/e87f4697-8afb-4cf1-bba7-7a3e262969ba” alt=”rocu” border=”0″ class=”Apple-web-attachment” style=”width: 1.1in; height: 0.6166in; opacity: 1;”>

 
 

https://serocu.police.uk/cyber/

Loddon Valley Police Station

Lower Earley, RG6 4PS

” src=”blob:https://westberksvillagers.com/a6a37213-3287-47dd-8b5b-cec3bc821362″ alt=”cyber_aware” border=”0″ class=”Apple-web-attachment” style=”width: 0.9in; height: 0.4416in; opacity: 1;”>

Follow us on Twitter for advice and guidance how to stay safe onlinehttps://twitter.com/TVPCyber_Fraud

” src=”blob:https://westberksvillagers.com/1e41a7c6-fa19-4c6f-9dcb-b93637613d63″ alt=”crc” border=”0″ class=”Apple-web-attachment” style=”width: 1.2083in; height: 0.525in; opacity: 1;”>

The SECRC is working with the public, private and academic sectors to provide businesses with free guidance and affordable cyber services. https://www.secrc.co.uk/

 

Have you received a phishing email recently? You can now report it to report@phishing.gov.uk

 

For further information see: https://www.ncsc.gov.uk/report-suspicious-emails

 

Report a suspicious website – NCSC.GOV.UK

 

Create your own Cyber Action Plan to improve your cyber security here: https://www.ncsc.gov.uk/cyberaware/actionplan

 

**Guide to the reporting of Fraud and Cyber Crime to Action Fraud**

https://www.actionfraud.police.uk/guide-to-reporting

The National Cyber Security Centre (NCSC) have recently announced that the Cyber Essentials are to adopt tiered pricing structure from January 2022 which will reflect an organisation’s size.

 The full post by the NCSC is available here: https://www.ncsc.gov.uk/information/cyber-essentials-prices-2022

If you have any questions on this matter IASME have provided an online blog and further questions concerning the CES and the forthcoming changes or indeed membership should de direct to IASME:

https://iasme.co.uk/cyber-blog/the-january-changes-to-the-cyber-essentials-scheme-reflect-the-changing-cyber-threats-in-todays-digital-environment/

 

Thank you, regards, Mark

Seasons greetings and very best wishes from the TVP Cyber Protect Team

I have previously posted on this matter, but the UK National Cyber Security Centre (NCSC) has recently published the below item in Arial text, which you can share with your internal and external contacts.

 

Please note the reporting process.

 

“This is an update to previously issued advice and guidance about the Log4shell vulnerability. Please continue to check the NCSC website for future updates: Alert: Apache Log4j vulnerability (CVE-2021-44228) – NCSC.GOV.UK

Log4shell is a critical vulnerability in the widely-used logging tool Log4j, which is used by millions of computers worldwide running online services. A wide range of people, including organisations, governments and individuals are likely to be affected by it.

 

What’s the issue?

Last week, a vulnerability was found in Log4j, an open-source logging library commonly used by apps and services across the internet. If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

Log4j is used worldwide across software applications and online services, and the vulnerability requires very little expertise to exploit. This makes Log4shell potentially the most severe computer vulnerability in years.

 

Who is affected by this?

Almost all software will have some form of ability to log (for development, operational and security purposes), and Log4j is a very common component used for this.

For individuals, Log4j is almost certainly part of the devices and services you use online every day. The best thing you can do to protect yourself is make sure your devices and apps are as up to date as possible and continue to update them regularly, particularly over the next few weeks.

For organisations, it may not be immediately clear that your web servers, web applications, network devices and other software and hardware use Log4j. This makes it all the more critical for every organisation to pay attention to our advice, and that of your software vendors, and make necessary mitigations.

 

 

What if …

 

… I know we are using Log4j in applications developed in house?

 

Update to version 2.16.0 or later.

 

… I know Log4j is present in applications supplied by a third party?

 

Keep any such products updated to the latest version. More products may release patches over the next few days and weeks, and so organisations should make sure they’re checking for updates regularly.

 

… I don’t know if anything we use is using Log4j?

 

Ask your in-house developers and/or third-party suppliers. We have asked that developers of affected software communicate promptly with their customers to enable them to apply available mitigations or install updates. In turn, you should act promptly on any such communications from developers.

 

What else can we do?

  • Check your systems for the use of Log4j
  • Check the list of vulnerable software
  • Contact software vendors
  • Set Web Application Firewall rules
  • Check for scanning activity
  • Check for exploitation
  • Sign up for the NCSC’s Early Warning

 

See the vulnerability alert for more technical detail on these steps.

 

Police CyberAlarm is a free tool to help members understand and monitor malicious cyber activity and we are using Police CyberAlarm to support member organisations to identify Log4J vulnerabilities on their networks and any threat actors attempting to exploit them.  If you want to improve your organisation’s resilience to this and other threats, sign up here for our free tool: Police CyberAlarm.

 

You can also sign up for your regional Cyber Resilience Centre for ongoing support. Cyber Resilience Centres are non-profit organisations designed to support businesses to protect themselves from cyber-crimes and fraud. You can find your nearest Resilience centre at: https://nationalcrcgroup.co.uk/regional-centres/

 

 

What if we have been compromised because of this vulnerability?

 

If you have been a victim of cyber-crime  you should report to Action Fraud any time of the day or night using their online reporting tool, or by calling 0300 123 2040 Monday to Friday 8am – 8pm.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week. Please note, if you are member of the public you must call to report through our core opening hours.

If you are a UK organisation compromised by this vulnerability you can also report to the NCSC via our website. See the alert for the kind of activity you should report”

 

Best wishes, Mark

 

” src=”blob:https://westberksvillagers.com/a14ce5fe-4c95-4c67-a5c1-1ba9fe1753d6″ alt=”tvp” border=”0″ class=”Apple-web-attachment” style=”width: 1.8416in; height: 0.4916in; opacity: 1;”>

Mark Godsland | Mr CISMP

Police Cyber Security Advisor

Thames Valley Police & South East ROCU

” src=”blob:https://westberksvillagers.com/41f1cc03-75e4-4829-826a-eb1a28c7eca2″ alt=”rocu” border=”0″ class=”Apple-web-attachment” style=”width: 1.1in; height: 0.6166in; opacity: 1;”>

 
 

https://serocu.police.uk/cyber/

Loddon Valley Police Station

Lower Earley, RG6 4PS

” src=”blob:https://westberksvillagers.com/4251c317-4531-4192-8af1-1e875f88b7a5″ alt=”cyber_aware” border=”0″ class=”Apple-web-attachment” style=”width: 0.9in; height: 0.4416in; opacity: 1;”>

Follow us on Twitter for advice and guidance how to stay safe onlinehttps://twitter.com/TVPCyber_Fraud

” src=”blob:https://westberksvillagers.com/9de64dc2-b0cc-4333-a5a7-16eb5e61cbcf” alt=”crc” border=”0″ class=”Apple-web-attachment” style=”width: 1.2083in; height: 0.525in; opacity: 1;”>

The SECRC is working with the public, private and academic sectors to provide businesses with free guidance and affordable cyber services. https://www.secrc.co.uk/

 

Have you received a phishing email recently? You can now report it to report@phishing.gov.uk

 

For further information see: https://www.ncsc.gov.uk/report-suspicious-emails

 

Report a suspicious website – NCSC.GOV.UK

 

Create your own Cyber Action Plan to improve your cyber security here: https://www.ncsc.gov.uk/cyberaware/actionplan

 

**Guide to the reporting of Fraud and Cyber Crime to Action Fraud**

https://www.actionfraud.police.uk/guide-to-reporting

 

Skip to content