Categories
Cyber security

New year, new password – but not if you’re already doing it right

Author: Jon Trickey, Information security officer Intro “Change your password regularly” is a frequently heard piece of password advice. However, enforcing password expiry can result in users making small, predictable changes to their existing password (for example, winter2021 > spring2022), rather than choosing an entirely new one.  This has the opposite effect to the one […]

Categories
Cyber security Uncategorized

The Log4j vulnerability and supply chain security

Author: Jon Hunt, Cyber security service delivery manager The National Cyber Security Centre (NCSC) describes the seriousness of the recently identified Log4j vulnerability very succinctly:  “Last week, a vulnerability was found in Log4j, an open-source logging library commonly used by apps and services across the internet. If left unfixed, attackers can break into systems, steal […]

Categories
Cyber security Uncategorized

Expert support to gain Cyber Essentials certification

Author: Tracy Matthews, cyber security assessment manager, Jisc Expert support to gain cyber essentials certification Jisc’s Cyber Essentials service is a trusted way to obtain and renew your cyber essentials certificate. Cyber Essentials is a government-backed certification that will help your organisation provide protection against the most common cyber attacks. Give your stakeholders confidence in […]

Categories
Cyber security

Implementing multifactor authentication (MFA) for students at NCG

By Hannah Marshall, Director of Information and Data Services at NCG On Thursday 30th September NCG implemented MFA on Microsoft 365 for all students, no exceptions. You might think why not a phased rollout? With over 40,000 student accounts in our Microsoft Tenancy across our seven colleges we simply couldn’t resource a phased rollout, and to […]

Categories
Cyber security

Initial Access Broker Landscape

An initial access broker specialises in gaining access to target organisations before selling that access on underground marketplaces. Ransomware groups commonly purchase this access from them. Curated Intelligence have written a blog post showing how information flows between the different parties involved this work.

Categories
Cyber security

Ransomware Scare – Halloween Special

Ransomware steals headlines year on year. ‘The Uninvited’ malware can cause quite the fright, especially if it ‘Comes at Night’ and encrypts your data; restricting access to computers files and systems before requesting payment. No organisation or sector is immune. Since the first ever ransomware attack believed to be in 1989, it’s become one of the fastest growing malware, used to extort […]

Categories
Cyber security

Jisc’s vulnerability disclosure policy, the first 1,000 days

Jisc launched its vulnerability disclosure policy in February 2019. The policy was drawn up using ISO 29147:2018, and using guidance from other organisations, most notably NCSC-NL. Here, we look back at some of the trends and successes, as well as the lessons we’ve learned and what we have planned in future. The policy encourages external […]

Categories
Cyber security

The future of your cyber security incident response team

Author: David Batho, Head of Incident Response Formerly known as Janet CSIRT, exciting new changes are underway. The cyber landscape is changing, and so has our purpose as an incident response team. Ransomware and phishing attacks are significant threats to education. Therefore, we need to be proactive, partner with our members and provide accurate and […]

Categories
Cyber security

Cyber Security Awareness Month 2021

After great success during October 2020, GÉANT are launching a similar initiative for cyber security awareness month 2021. They have collaborated with other organisations within the National Research and Education Network (NREN) to organise a fantastic calendar of activities throughout October following the theme: Cyber Hero @ home.   GÉANT will be focusing on the following topics, providing useful information through blogs, videos, presentations and more:  Week 1 (4-10 October): Be aware […]

Categories
Cyber security

Free tools from the National Cyber Security Centre

Most* UK colleges and universities are already using one or more of the NCSC’s free cyber security tools, but for those of you that aren’t yet actively using their Active Cyber Defence services, you might want to look at the following: • Web Check checks your websites for common web vulnerabilities and misconfigurations in an […]