Empowering the Freelance Economy

Russian cyberattacks on Germany spur intensified cyber recruitment and training  

Germany accused Russia’s military intelligence service, the GRU, of hacking the email accounts of officials in Chancellor Olaf Scholz’s Social Democratic Party (SPD) in late 2022. Image source: Bundesreigierum
0 302

Cybersecurity Talent Gap: Businesses Must Upskill or Get Hacked

THIS ARTICLE HAS BEEN UPDATED

The United Kingdom joined its allies on the 3rd of May in condemning a series of cyberattacks attributed to Russian intelligence services. The attacks, targeting governments and political organisations, raise concerns about the vulnerability of critical infrastructure and democratic processes.

However, reports of malign attacks on a Ministry of Defense contracted payroll system came to light on 7 May raising concerns at home. Here’s the latest based on statements made by the Ministry of Defence and The Rt Hon Grant Shapps MP:

MOD Data Breach: Service Personnel Information Exposed

Ministry of Defence (MOD) Confirms Data Breach: The MOD has identified a data breach impacting the Armed Forces payment network, operated by an external contractor. Mr Schapps informed Parliament that the contractor is SSCL (Shared Services Connected Ltd).

Data Accessed: Information including names, bank details, and some addresses for regular and reserve personnel, and some recently retired veterans may have been accessed.

Government Response:

  • Secured the compromised system.
  • Launched a full investigation with external support.
  • Alerted affected personnel and veterans through chain of command and letters.
  • Offering data security guidance, a helpline (01249 596665), and a commercial personal data protection service.
  • Providing welfare and financial advice through chains of command.
  • Delayed some non-salary payments but expect resolution by Friday.
  • Salaries, pensions, and high-value payments (e.g., Forces Help To Buy) unaffected.

National Security Concerns:

  • The MOD suspects a “malign actor” and cannot rule out state involvement.
  • Incident highlights rising cyber threats.

Next Steps:

  • Reviewing all MOD personnel data security.
  • Increasing defense spending to address evolving threats.

European politics attacked

Germany accused Russia’s military intelligence service, the GRU, of hacking the email accounts of officials in Chancellor Olaf Scholz’s Social Democratic Party (SPD) in late 2022, it was reported. The attack, believed to be carried out by the hacking group Fancy Bear (APT28), exploited a vulnerability in Microsoft Outlook.

This is the latest incident highlighting Russia’s attempts to disrupt European politics before an upcoming EU election. Germany responded by summoning the Russian ambassador and condemning the cyberattack. The extent of the data breach and its potential impact remains unclear.

This is not the first time Germany has been hacked. In 2020, the UK announced sanctions against APT28 and 2 individual GRU officers for their reckless cyber-attacks on Germany’s Parliament in 2015, which affected email accounts belonging to German MPs and the German Vice Chancellor

A UK government spokesperson emphasised the seriousness of these ongoing efforts, stating, “This is the latest in a known pattern of behaviour by the Russian Intelligence Services to undermine democratic processes across the globe.”

On 7 December 2023, the UK exposed a series of attempts by the Russian Intelligence Services to target high-profile UK individuals and entities through cyber operations. At the same time, the UK sanctioned 2 Russian nationals responsible for political interference, said the unnamed spokesperson.

The press release cites recent attacks on the German Social Democratic Party as an example. This focus on political organisations suggests that businesses involved in elections, such as campaign offices and voting infrastructure providers, may be prime targets for similar attacks.

The need to bolster cybersecurity extends beyond the political sphere. The UK government highlighted the importance of “collective resilience” in the face of these threats. This suggests a heightened need for cybersecurity contractors across various industries.

Which businesses are most at risk of a Russian cyberattack?

Critical Infrastructure Providers: Companies that supply essential services like power, water, and communications could be targeted to disrupt daily life.

Financial Institutions: Banks, investment firms, and other financial institutions hold sensitive data and could be targeted for financial gain or to sow economic chaos.

Healthcare Providers: Hospitals and other healthcare companies store patient data and manage critical medical equipment, making them vulnerable targets.

Telecom Companies: These companies play a vital role in communication and could be disrupted to hinder information flow.

Cyber talent shortage means a different recruitment model

The cybersecurity industry faces a growing talent shortage, according to Jeremy Broome, senior vice president of global talent at Visa. This shortage stems, according to a report by UKTN, from a combination of factors, including a decline in degreed professionals entering the field and a rise in cyberattacks requiring more cybersecurity workers.

Traditionally, a four-year degree was seen as a prerequisite for cybersecurity jobs. However, Broome highlights a trend of skilled workers entering the workforce without such degrees. To bridge this gap, companies need to adapt their hiring practices.

“It’s critical for organisations to invest in training and development,” says Broome in the UKTN report. He emphasises the importance of fostering diversity within the industry and reevaluating what constitutes a qualified cybersecurity professional.

Visa itself is taking action through its Visa Payments Learning Program. This programme offers training and certifications to equip individuals with the foundational knowledge needed to excel in payment cybersecurity. Visa uses various methods to achieve this, including on-the-job training, upskilling for employees and clients, and partnerships with educational institutions.

The financial implications of a robust cybersecurity workforce are significant. Broome highlights that Visa’s AI-powered systems blocked over $4.2 billion in fraudulent transactions in 2022 alone. This highlights the crucial role cybersecurity professionals play in protecting sensitive data and financial systems.

The rise of cybersecurity contractors

As cyber threats become more sophisticated, businesses are increasingly turning to cybersecurity contractors and./or consultants for expertise and support. These contractors can help with tasks such as:

Penetration testing: Identifying vulnerabilities in a company’s systems before attackers exploit them. Penetration Tester Jobs

Security awareness training: Educating employees about cybersecurity best practices.

Incident response: Developing a plan to respond to and mitigate cyberattacks.

Incident Response Jobs

The UK government’s condemnation of Russian cyberattacks serves as a stark reminder of the ever-present threat to businesses and democratic institutions. By implementing robust cybersecurity measures and potentially hiring cybersecurity contractors, businesses can help mitigate these risks and protect their assets, data, and even the integrity of elections.

Leave A Reply

Your email address will not be published.