ICYMI: UK cyber-security courses, government malware and the new Sony hack
ICYMI: UK cyber-security courses, government malware and the new Sony hack

CESG approved cyber-security training launched

CESG, the information security arm of GCHQ, this week launched - in partnership with APM group – the CESG Certified Training (CCT) scheme, which sees the CESG stamp of approval given to 12 cyber-security training courses and eight training bodies.

These courses range from digital forensics to the recruitment of the appropriate cyber-security staff, and are open to individuals and companies (acting on behalf of their employees).

Chris Ensor, deputy director for the National Technical Authority at CESG, explained to SCMagazineUK.com at the time that the course is part of the wider National Cyber Security Programme Objective 4: Building the UK's cyber security knowledge, skills and capability – a programme that also saw accreditation for six out of 27 UK cyber-security Masters degrees earlier this year.

Ensor told SC that there was no specific target for numbers to be trained under the CESG accredited courses, but a primary purpose was that those in the industry seeking to improve or demonstrate their skill level would have independent criteria to help them navigate through the cyber-security training landscape and choose from the options available.  

Meanwhile, in the same week, the Coventry University Business School launched a national MBA in cyber-security.

NSA, GCHQ or both behind Stuxnet-like Regin malware?

Symantec revealed the discovery of a new piece of customisable malware – said to be more advanced than Stuxnet – which has observing and stealing data from governments, telcos, energy companies and SMEs since 2008.

Most interestingly however, the firm said that the malware ‘bears the hallmarks of a state-sponsored operator' – a comment which was followed up by Dutch IT firm Fox-IT suggesting it was likely to be the work of NSA/GCHQ. The Intercept has since published more revelations on this.

However, Fox-IT - and various other security firms- have since faced criticism in other quarters for not disclosing details on the malware earlier, having known about it for many years. Fox-IT has faced tough questioning in particular following an interview with Mashable, where the CEO said the firm didn't want to "interfere with NSA/GCHQ operations".

ICYMI: Cyber-terrorism and politics, former hackers & supply chain problems

Last week's column certainly attracted attention, focusing on bold new claims of cyber-terrorism, reports of enterprises hiring hackers and new issues in the supply chain. 

Hackers blackmail Sony film company

US film and TV company Sony Pictures Entertainment was hit by a blackmailing hacker attack that shut down its IT systems, hijacked Twitter accounts and likely stole confidential documents and passwords.

The attack was launched on Monday by the so-called ‘Guardians of Peace' who reportedly posted a picture of a skeleton on the screens of every Sony Pictures employee worldwide, with the threat to expose the company's ‘top secret data' if their demands were not met.

UK government to refresh 10 Steps To Cyber Security

The British government is to amend its well-received '10 Steps To Cyber sSecurity' guide within the next month, a senior civil servant has revealed.

Speaking at the Cyber Security Summit in London recently, Giles Smith, deputy director of cyber-security and resilience at BIS, said that plans were underway to refresh and republish the guide, which was first launched some three years ago to coincide with the government's £860 million Cyber Security Strategy.

A BIS spokesperson later told SCMagazineUK.com that the changes are minimal and have been made to accommodate new schemes such as Cyber Essentials.

The government is also updating its ‘Cyber Security Skills: A Guide for Business' document which details new courses on offer. The guide is to be updated by the end of the year.

Other stories you should read this week

Chinese threat actors exploiting new Windows flaws (FireEye)

6 in 10 firms will be hit by a data breach next year (Forrester)

Danger of cyber-attack to US power grid (Siouxland News)

Hackers exfiltrating data with video steganography via cloud video services (Tripwire)

Poland slammed over holes in cyber-defence landscape (ZDNet)