News

Google Live Transcribe To Help Hard of Hearing

Posted on by Andy Miller

Google has announced the introduction of its ‘Live Transcribe’ app for Android which allows people who are deaf or hard of hearing to see a live, near real-time written display of conversations on their phone.

Live Transcribe

The Google Live Transcribe app offers deaf and hard of hearing a new portable, accessibility tool that offers a convenient and innovative new way to join in conversations. With the Live Transcribe app turned on, the Android phone microphone feeds conversations into the app which can display accurate, near real-time captions on the phone screen in 70 different languages and dialects.  It also enables two-way conversation via a type-back keyboard for users who can’t or don’t want to speak.  The app can connect with external microphones to improve transcription accuracy.

Another feature of the app is a blue circle in the corner of the screen that pulses to show the user the ambient noise level of wherever they are, thus showing the user if they need to move the phone / external microphone closer to a person for the app to ‘hear’ what they’re saying.

Live transcribe also vibrates the phone if someone speaks after a period of silence to prompt the user to look at the screen again.

Where, When & How Can You Get Live Transcribe?

The Live Transcribe app is available preinstalled on Pixel 3 phones and can be operated by switching it on in the Accessibility Settings.  The app is also available via the Google Play Store for other phones but is being released as a limited beta.  You can, however, sign up to be notified when more downloads of Live Transcribe are available in the Google Play Store by clicking on this link and scrolling to the bottom of the page: https://www.android.com/accessibility/live-transcribe/ .

Sound Amplifier App Too

Another Android phone accessibility app launch that has also been announced by Google is that of ‘Sound Amplifier’.  As the name suggests, this app can be used with headphones plugged into the phone to boost the volume (e.g. of the voice of someone who’s talking to you) especially in situations where there’s a lot of background noise. Sound Amplifier filters, augments and amplifies sounds in any environment that you find yourself in, and it works by increasing quiet sounds, while not over-boosting loud sounds.

The app can be customised via sound enhancement settings, and noise reduction can be applied to minimise distracting background noise with simple sliders and toggles.

Where, When & How Can You Get Sound Amplifier?

Sound Amplifier is available now, supports Android 9 Pie (or later) phones, is pre-installed on Pixel 3 phones, and is available on the Play Store.

What Does This Mean For Your Business?

These apps could prove to be very convenient and useful in business, home and other settings for anyone who is deaf or is hard of hearing.  These apps demonstrate how technology can be used to solve old and difficult problems in new, and easy-to-use ways, and could provide an important step forward in accessibility for an outwardly invisible problem that millions of people suffer from.  For example, The World Health Organization estimates that by the year 2055, there will be 900 million people with hearing loss.

The Sound Amplifier app also provides Google with a way to compete with similar offerings from Apple.  For example, Apple offers a similar feature that works with AirPods, and iPhones can also work with some hearing aids.

$180 Million Password Taken To The Grave

Posted on by Andy Miller

115,000 customers of the of Canadian digital platform Quadriga are believed to be owed C$250 million, but C$180 ($137.21 million) in cryptocurrencies have been frozen after the platform’s founder, who was the only person with the password to the platform’s stored funds, died in December 2018.

What Is Quadriga?

QuadrigaCX is a Canadian cryptocurrency exchange/platform, which allows the trading of Bitcoin, Litecoin and Ethereum.  QuadrigaCX, was founded by Gerald Cotten and was Canada’s largest cryptocurrency exchange until 2019 and has 363,000 registered users.

Cold Storage

As part of QuadrigaCX’s security measures, ‘Cold Storage’ was used for most of the Bitcoins within their system. Unfortunately for Quadriga, it is this part of the system, where the bulk of their funds are stored that is ultimately protected by one main password that was known only to the late founder, Gerald Cotton.

Dead

Mr Cotton died aged 30 from complications related to Crohn’s disease while he was volunteering at an orphanage in India.

Widow Under Pressure

With so much money owed to customers, Mr Cotton’s widow, Jennifer Robertson is reported to have found herself under pressure to find the password.  It has been reported that Robertson, who was not involved in Cotten’s business while he was alive and does not have business records for QuadrigaCX, has conducted repeated searches for the password.

Although Robertson has Mr Cotten’s laptop, she has (so far) been unable to access the contents because it is encrypted, and no one has the password or recovery key for it. Additional attempts to decrypt the laptop have also been unsuccessful.

It has also been reported that Robertson has consulted an expert to help recover details from Cotten’s other computer and cell phones, although the expert’s attempts have been reported to have had only ‘limited’ success to date.

QuadrigaCX has now filed for “creditor protection” in an attempt to avoid bankruptcy.

Customers Unable to Withdraw Funds

In the meantime, customers have reported online that they have been unable to withdraw their funds from the platform for months, that they have only received limited information, and that the website was also recently taken down for maintenance.

What Does This Mean For Your Business?

This story highlights some of the risks associated with cryptocurrencies, and a how a lack of regulation and a market that’s still in its relatively early stages can leave investors in unusual, worrying situations such as this one. In many other types of financial business where there is that level of funding involved, it would also be highly unlikely that a single password known only to one person would play such an important role. Some would say that it’s ironic that passwords are often considered now to be much less secure than other security tools, and yet this password-controlled system has confounded even the experts so far.  What is also ironic is that the ‘cold storage’ of funds, in this case, was introduced as a security measure to protect customer funds but has ended up being so secure customers have no access to those funds.

Looking at the size of QuadrigaCX and the number of customers it has, cryptocurrencies clearly still provide a useful and valuable opportunity for trading and investment. They have, however, had a turbulent life to date, making the news for many negative reasons.  For example, just for bitcoin, regulations and restrictions in some countries (e.g. China), hacks, its volatility, a negative image from its use by international criminals and from its use in scams, a lack of knowledge about how to use it, and the fact that the high price of just one bitcoin made it (even more) niche, meant that it became a commodity and a fast-buck opportunity rather than an actual, useful currency, and the over-consumption and over-inflated value of bitcoin lead to its spectacular fall in value.  There have also been well-publicised falls in value for crypto-currencies like Ethereum’s ‘eher’ and Ripple’, and Tether found itself being investigated by the U.S. Department of Justice over possible manipulation of bitcoin prices at the end of 2017.

All this said, many governments and banks would still like a ‘piece of the action’ of cryptocurrencies, and many market analysts see a future for them as a part of a wider ecosystem.

Large Rises in Amazon’s Web Services (AWS) Revenues, Fuelled By Public Cloud Demand

Posted on by Andy Miller

A massive 45% growth in the revenue of Amazon’s Web Services (AWS) in the fourth quarter has been fuelled by big profits in Amazon’s public cloud arm.

Beats Microsoft & Google In Cloud Infrastructure

The $7.4 billion cloud revenue, which is a jump 45% compared to the previous year, means that AWS is beating competitors Microsoft and Google in the market for cloud infrastructure.  These are the services that businesses and organisations use to outsource their computing and data storage needs.

To give some idea of the scale of the jump in revenue for AWS, these figures mean that it generated more operating income during 2018 than its North American retail operations and that AWS generated the revenue through $25.65bn in sales (compared with the $141.3bn from North American retail operations).

Central To Success

The operating income for AWS in the quarter was $2.18 billion, accounted for 58% of Amazon’s overall operating income, although there was a slight decrease in AWS’s operating margin.

This means that the cloud business has become central to Amazon’s success in terms of revenue and profits.

More Cloud Regions

Amazon purchased two more new cloud computing regions online in 2018, and it says that it plans to open four new regions and 12 new availability zones within those regions by the first half of 2020.

The company widened its base of cloud customers last year, including some big-name sign-ups such as Santander, Korean Air and Amgen.

Not Fastest Growing

Even though AWS has seen significant growth in revenue, Microsoft’s cloud business is growing even faster.  For example, Azure cloud revenue grew by 76% in the latest quarter.

It is, however, perhaps to be expected that the revenue growth rate of a fast-growing company drops off as their revenue base swells e.g. AWS’s has dropped from 78% in 2015 to 42% during the third quarter of 2017.

What Does This Mean For Your Business?

Amazon is clearly a company that has grown very quickly and has diversified (far) beyond its online roots into many areas, including bricks-and-mortar stores (groceries and books), self-service stores in the US, and healthcare, as well as experimenting with innovative new ways to gain an edge in its core business e.g. drone and robot parcel deliveries.  Amazon’s Alexa virtual personal assistant technology and Echo voice-controlled devices have also proven to be very popular in the marketplace.

It hasn’t all been plain sailing though, with the company’s business practices coming under more scrutiny from UK, US, and EU regulators, as well the UK government.

In the business cloud market, AWS is showing strong growth in what is a highly profitable sector as more businesses look to outsource to the cloud, but many market analysts now predict slowing growth and higher spending for Amazon as it tries to compete and fight competitor challenges on many diverse fronts.

Windows 10 Error Messages Soon To Make More Sense

Posted on by Andy Miller

Starting with the April 2019 update, Microsoft will be adding “Learn more” links to its error code messages in a bid to enable users to see what the code means, plus the chance to fix the error on the spot.

Resolved During Installation

The “Learn More” links will be there to help if there is an error during the upgrade (or installation) of Windows 10.  As well as explaining what the error is, Microsoft will also be giving users the chance to resolve the error messages themselves within the installer and will offer suggestions on how to update any problematic applications without having to uninstall.

What’s The Problem?

If a problem is encountered during the upgrade/installation of Windows 10, users are given error messages, for example if a version of an app isn’t compatible with the latest Windows 10 OS, and users need to either update or reinstall the app.

To date, Microsoft has provided articles on how to solve Windows errors written by support staff called the ‘Knowledge Base’ (KB).  The main problems for users have been that:

  • Users don’t know what the numerical error messages in the upgrade and installation of Windows 10 mean, or what to do with those error codes.
  • Users generally don’t know how to use KBs, look for specific KBs using their numerical ID, and there are no direct links to KB articles in setup error notifications.
  • Users have also found that ‘back ‘and ‘refresh’ buttons don’t fit with the error notifications they receive.

Link To A Quick Fix

Whereas the October 2018 Update means that users were only given the options of uninstalling the app, going back, or refreshing in the case of an error, the changes in the April update (code-named 19H1) should afford user the opportunity to save time and hassle by having information about the error to hand, and being able to get quick fix on the spot.

What Does This Mean For Your Business?

The current system of offering up codes that mean little to many to users who are not acquainted with the existence of the Knowledge Base or how to use it causes frustration and can waste time and therefore waste money for businesses.  This change in April appears to be a straightforward, user-friendly way of saving time and hassle by offering users the chance to more easily understand and find a fix for errors on the spot.

At present, a list of the common errors experienced during a Windows 10 upgrade and installation plus explanations of them can be found on the Microsoft Windows Support pages here: https://support.microsoft.com/en-gb/help/10587/windows-10-get-help-with-upgrade-installation-errors

Apple’s Video-Calling ‘Eavesdropping’ Bug

Posted on by Andy Miller

Apple Inc has found itself at the centre of a security alert after a bug in group-calling of its FaceTime video-calling feature has been found to allow eavesdropping of a call’s recipient to take place prior to the call being taken.

Sound, Video & Broadcasting

As well as allowing the caller to hear audio from the recipient’s phone even if the recipient has not yet picked up the call, if the recipient has pressed the power button on the side of the iPhone e.g. to silence/ignore the incoming call, the same bug was also found to have allowed callers to see video of the person they were calling before that person had picked up the call. This was because pressing the power button effectively started a broadcast from the recipient’s phone to the caller’s phone.

Data Privacy Day

Unfortunately for Apple, insult was added to injury as news of the bug was announced on Data Privacy Day, a global event that was introduced by the Council of Europe in 2007 in order to raise awareness about the importance of protecting privacy. Shortly before news of the Apple group FaceTime bug was made public, Apple’s Chief Executive, Tim Cook, had taken to Twitter to highlight the importance of privacy protection.

It Never Rains…But It Pours

To make things even worse, news of the bug was made public on the day before Apple was due to announce its reduced revenue forecast figures as part of its quarterly financial results. Apple has publicly reduced its expected revenue forecast by £3.8bn.  Apple’s chief executive put the blame for the revised lower revenue mainly on the unforeseen “magnitude of the economic deceleration, particularly in Greater China”.  He also blamed several other factors such as a battery replacement programme, problems with foreign exchange fluctuations, and the end of carrier subsidies for new phones.

Feature Disabled

In order to close the security and privacy hole that the bug created, Apple announced online that it had disabled the Group FaceTime feature at 3:16 AM on Tuesday.

Fix On The Way

Apple has announced that a fix for the bug will be available later this week as part of Apple’s iOS 12.2 update.

What Does This Mean For Your Business?

Apple has disabled the Group FaceTime feature with the promise of a fix within days, which should provide protection from any new attempts to exploit the bug. Those users who are especially concerned can also decide to disable FaceTime in the iPhone altogether via the phone’s settings.

Even though the feature has been disabled, the potential seriousness of allowing eavesdropping of private conversations and the broadcasting of video from a call recipient’s phone appears to have been a major threat to the privacy and security of some Apple phone users.  This has caused some tech commentators to express their surprise that a bug like this could be discovered in the trusted, trillion-dollar company’s products, and concern to be expressed that those users who, for whatever reason, don’t update their phones to the latest operating system, may not be protected.

Research Reveals Top-Selling Car Keyless Theft Risk

Posted on by Andy Miller

Research by consumer Group Which? has revealed that hundreds of popular models of car are vulnerable to “keyless theft”.

Keyless Car Theft

Keyless car entry systems enable owners to unlock the doors of their car with the brush of a hand if the key fob is nearby. If the car has keyless start-stop, once inside the car, the keyless system allows the user to simply press a button to start and stop the engine.

These systems work by using an identity chip in the fob that constantly listens out for radio signals broadcast by the car. These radio signals can only travel short distances, usually less than five metres.

The Which? Research

The Which? research involved the analysis of data on keyless/relay attacks of tests held by the General German Automobile Club (ADAC), a roadside recovery organisation.

Top-Selling Cars At Risk

The ADAC test highlighted by Which? showed that, of the 237 keyless cars tested, all but three were susceptible to keyless theft.

The 237 keyless cars tested and found to be vulnerable to this type of attack included many of the UK’s top-selling cars such as the Ford Fiesta, Volkswagen Golf, Nissan Qashqai and Ford Focus.  Of the top-selling cars in the UK, only the Vauxhall Corsa was found to be safe, only because it isn’t available with keyless entry and ignition.

Jaguar Land Rover’s latest models of the Discovery, Range Rover, and 2018 Jaguar i-Pace, were all found to be secure.

Car Theft Figures – Rising

England and Wales police figures show that the highest number of offences of theft of (or unauthorised taking of) a motor vehicle since 1990 were reported in the year to March 2018 (106,000).  This worrying rise in the level of car theft comes despite improvements in vehicle security aided by the use of new technology.

Less Than 0.3% Stolen

Mike Hawes, head of the Society of Motor Manufacturers & Traders (SMMT), is reported as saying that, aided by technology, new cars are more secure than ever with, on average, less than 0.3% of the cars on the roads stolen.

Not The First Time Concerns Raised

This is certainly not the first time that concerns have been raised about keyless security in cars.  For example, as far back as 2011, Zurich-based researchers highlighted how radio signals emitted by a car could be boosted, thereby tricking systems into thinking the key fob was nearby.

Also, in 2014, many Range Rover thefts led to police advising owners to fit a steering wheel lock as the second line of defence, after keyless security had been breached by thieves.

There have also been reports of Police investigating cases of criminals blocking the signals from keyless devices, so that car doors never lock, and of thieves using blockers in service station car parks in order to steal items from cars.

What Does This Mean For Your Business?

For car manufacturers, there is likely to be an ongoing battle with thieves, and the need for continuous investment to ensure that car entry and ignition systems are as secure as possible. It is likely that this may even require a move into biometrics.

The SMMT has also been calling for action to stop the open sale of equipment which serves no legal purpose but that helps criminals steal cars e.g. grabbers and jammers, which can be purchased online for as little as £40.

The advice from security experts to owners of cars with keyless systems is to keep keyless entry keys away from doors and windows and in a shielded protection case.  This is because some thieves are known to be able to steal the signal to replicate an owner’s key wirelessly, from outside of their house.

Register Now Or Lose EU Research Grants Post-Brexit

Posted on by Andy Miller

The UK government is urging organisations that benefit from European Union (EU) research funding to sign-up to a UK-led replacement scheme now in order to guarantee that their Horizon 2020 project funding can continue after Brexit.

What Is Horizon 2020?

Dating back to 2014, Horizon 2020 from the EU, is the largest ever European funding programme for research and innovation with a budget of 79 billion euros and is set to run until 2020.  It is aimed at improving Europe’s global competitiveness in research and innovation.  Applications for the funding are open to registered businesses, charities, partnerships or research organisations with a legal standing across the EU. For example, higher education institutions, public bodies and charities make up many of the applicants.

What’s The Problem?

The concern, highlighted by The Department for Business, Energy and Industrial Strategy (BEIS), is that when the UK leaves the EU (possibly without a deal), in order to ensure no disruption in the receipt of funding that organisations are currently receiving from the EU’s Horizon 2020 project, they will need to sign up to a UK-led replacement programme that guarantees continuity in a no-deal Brexit scenario.  According to BEIS figures, therefore, the 2,700 public and private sector organisations that are receiving Horizon 2020 funding from the EU but have not yet signed up to the replacement programme could be at risk of disruption in funding and delays to future grants if they don’t sign up asap.

Guaranteed

Although the Science and Innovation Minister, Chris Skidmore, has guaranteed that UK organisations and businesses who already receive EU science and research funding will continue to do so, even if there’s no-deal Brexit at the end of March, he is urging businesses to register their details on a simple online portal for Horizon 2020 grants in future.

Online Portal – Doesn’t Take Long

The BEIS is, therefore, encouraging the remaining 2,700 businesses to join the current 5,500 registrations to date, to sign-up on the online portal. Reports suggest that it only takes around ten minutes per grant for the data to be inputted. The new portal can be found here:  https://www.ukri.org/funding/how-to-apply/

What Does This Mean For Your Business?

If you are a business or an organisation that receives Horizon 2020, and if you haven’t already done so, the advice is to sign-up via the government’s online portal (run by UKRI) to the UK-led replacement programme in order to avoid disruption to funding.  The BEIS has said, for example, that If an organisation leaves it until 5th March, ahead of a no-deal Brexit on 29 March 2019, they could be risking delays to future Horizon 2020 funding.

Millions of Taxpayers’ Voiceprints Added to Controversial HMRC Biometric Database

Posted on by Andy Miller

The fact that the voiceprints of more than 2 million people have been added to HMRC’s Voice ID scheme since June 2018, to add to the 5 million plus other voiceprints already collected, has led to complaints and challenges to the lawfulness of the system by privacy campaigners.

What HMRC Biometric Database System?

Back in January 2017, HMRC introduced a system whereby customers calling the tax credits and Self-Assessment helpline could enrol for voice identification (Voice ID) as a means of speeding up the security steps. The system uses 100 different characteristics to recognise the voice of an individual and can create a voiceprint that is unique to that individual.

When customers call HMRC for the first time, they are asked to repeat a vocal passphrase up to five times before speaking to a human adviser.  The recorded passphrase is stored in an HMRC database and can be used as a means of verification/authentication in future calls.

Got Voices By The Back Door Said Big Brother Watch

It has been reported that in the 18 months following the introduction of the system, HMRC acquired 5.1 million people’s voiceprints this way.

Back in June 2018, privacy campaigning group ‘Big Brother Watch’ reported that its own investigation had revealed that HMRC had (allegedly) taken 5.1 million taxpayers’ biometric voiceprints without their consent.

Big Brother Watch alleged that the automated system offered callers no choice but to do as instructed and create a biometric voice ID for a Government database.  The only way to avoid creating the voice ID on calling, as identified by Big Brother Watch, was to say “no” three times to the automated questions, whereupon the system still resolved to offer a voice ID next time.

Big Brother Watch were concerned that GDPR prohibits the processing of biometric data for the purpose of uniquely identifying a person, unless the there is a lawful basis under Article 6, and that because voiceprints are sensitive data but are not strictly necessary for dealing with tax issues, HMRC should request the explicit consent of each taxpayer to enrol them in the scheme (Article 9 of GDPR).

This led to Big Brother Watch registering a formal complaint with the ICO, the result of which is still to be announced.

Changes

Big Brother Watch’s complaint may have been the prompt for changes to the Voice ID system. In September 2018, HMRC permanent secretary John Thompson said that HMRC felt it had been acting lawfully, by relying on the implicit consent of users.  Mr Thompson acknowledged, however, that the original messages that were played to callers had not explicitly stated it was possible, or how, to opt out of the voice ID system, and that, in the light of this, the message had been updated (in July 2018) to make this clear.

Mass Deletions?

On the point of whether HMRC would consider deleting the 6 million voiceprint profiles of people who registered before the wording was changed to include ty opt-out option, Mr Thompson has said that HMRC will wait for the completion of the ICO’s investigation.

Backlash

Big Brother Watch has highlighted a backlash against the Voice ID system as indicated by the 162,185 people who have called HMRC to have their Voice IDs deleted.

What Does This Mean For Your Business?

Even though many businesses and organisations are switching/planning to switch to using biometric identification/verification systems in place of less secure password-based systems, it is still important to remember that these are subject to GDPR. For example, images and unique Voiceprint IDs are personal data that require explicit consent to be given, and that people have the right to opt out as well as to opt-in.

It remains to be seen whether the outcome of the ICO investigation will require mass deletions of Voice ID profiles.  Big Brother Watch states on its website that if people are not happy about the HMRC system they can complain to the HMRC directly (via the government website) or file a complaint about the HMRC system to the ICO via the ICO website (the ICO is already investigating HMRC about the matter).  HMRC has said that all the voice data is stored securely and that customers can now opt out of Voice ID or delete their records any time they want.

Too Much Time In Front of a Screen Adversely Affects Child Development Says Study

Posted on by Andy Miller

Psychologists from the University of Calgary have published a study in the JAMA journal of Paediatrics, which found that 2-5 years olds who engaged in more screen time received worse scores in developmental screening tests.

The Study

The toddlers in the study were from 2,500 Alberta homes between 2011 and 2016.  Their families or caregivers were asked to report on how much time the toddlers spent in front of screens. The toddlers were reported to be averaging 2-3 hours per day screen time, and their families/caregivers filled out standard questionnaires about the basic motor and communication skills of the toddlers.  Results were reported for the children at 24, 36 and 60 months old.

Correlation Found

The study revealed a perhaps unsurprising correlation between more screen time and lower results.  For example, greater screen time at 24 months was found to be associated with poorer performance on developmental screening tests at 36 months, and greater screen time at 36 months was found to be associated with lower scores on developmental screening tests at 60 months.

In short, the study found that those toddlers who had excessive screen time were failing to meet developmental milestones in language and communication, problem-solving, and fine and gross motor skills.

Missing Important Interactions

Lead author of the report of the study, Sheri Madigan, commented on the University of Calgary website that if children are consumed with screen time, they aren’t getting enough physical activity, and that this means they aren’t developing the motor skills they need to run, ride a bike, or throw a ball. Madigan said that positive stimulation that aids physical and cognitive development comes from interactions with caregivers and that when children are “in front of their screens, these important parent-child interactions aren’t happening, and this can delay or derail children’s development.”

What Use Are The Results?

The authors of the report, Madigan and Dr Suzanne Tough, have suggested that the findings from this study could, for example, be of use to health-care professionals who are seeking to guide parents on the appropriate screen time limits for their children.

What Does This Mean For Your Business?

As any parent of young children will know, and indeed as the authors of the report have acknowledged, technology is deeply entrenched in modern-day lives, and spending time in front of a screen is something that children do today as part of learning, playing an interacting with their peers.  The point here is that too much screen time for very young children (2 to 5) can set their personal development back in many important areas.

The authors of the report have said that parents needn’t become too concerned, because children’s brains develop over the course of childhood and beyond, so there’s time to make changes.  The authors also suggest that one way that parents can minimise damage to the development of their children from too much screen time by creating and implementing a family media plan. This can involve controlling the number of hours spent in front of screens, establishing device-free zones e.g. at the dinner table, and introducing baskets where everybody puts their devices at certain times of the day, in order to make time for the family connect and interact.

Naming and Shaming of Companies With Poor Cyber Security

Posted on by Andy Miller

A report from the Cyber Security Research Group and the Policy Institute at King’s College London, has suggested that the government could help combat high cyber-crime levels by naming (and shaming) companies with poor cyber-security.

Who?
The Cyber Security Research Group at King’s College London brings together experts with backgrounds in international relations, security studies, strategic studies, intelligence, public policy, informatics and computer science in order to promote better research into cyber-security.  The other research partner in this case, the Policy Institute at King’s College London is an independent research institute focusing on using evidence and expertise to tackle societal challenges.

Cyber-crime Levels

The report highlights the fact that government’s 2018 data breach survey showed that 4 in 10 businesses experienced a cyber-security breach or attack in 2017-18 should be grounds to enable the public to see what steps are being taken by companies (or not) to keep users safe online and to protect their data.

Championing The ACD Programme

The report also champions the government’s Active Cyber Defence (ACD) programme, which was developed by the National Cyber Security Centre (NCSC) for the public sector, as something that could bring benefits if rolled-out to the private sector too, and/or if at least the tools and techniques of ACD could be extended beyond the public sector.

The report points to the relative success that ACD has had in bringing about a fall in scam emails from fake government addresses, and in shutting down thousands of “phishing” sites that pose as government agencies in order to steal users’ personal information.  Symantec figures, for example, show that phishing rates have increased across most industries and organisation sizes, and in this latest report, Tim Stevens, convenor of the Cyber Security Research Group at King’s College London notes that, according to his research findings, ACD could be rolled out beyond the public sector legally, cheaply and efficiently, with few obstacles, and could help to tackle phishing. The report, therefore, urges non-public sector organisations to engage more actively with the NCSC in order to deploy ACD as a tool to better tackle cyber-crime in the UK.

According to the National Cyber Security Centre (part of GCHQ), the ACD defence programme can be used to tackle cyber attacks in a relatively automated and scalable way. Last February, when the results of the NCSC’s Active Cyber Defence programme figures were published, they showed that UK share of visible global phishing attacks dropped from 5.3% (June 2016) to 3.1% (Nov 2017), and that 121,479 phishing sites hosted in the UK had been removed, and 18,067 sites worldwide that were spoofing UK government sites had been removed as a result of the ACD programme.

What Does This Mean For Your Business?

Reputations are valuable and vitally important to businesses, as should be cyber-security defences, and making sure that strong data protection measures are in place is critical. With this in mind, the idea that there could be a public naming and shaming of companies with poor cyber-security could be one way to incentivise action to be taken to bring about improvements and contribute to the tackling of cyber-crime across the private as well as the public sector. 

The NCSC, for example, has been working with companies for some time anyway with the ACD programme to help them protect their customers.  For example, the NCSC launched a collaborative online platform where BT has been able to share its threat intelligence data with other UK ISPs, and the NCSC has offered support to BT to help strengthen its security and block malicious malware infections. 

As acknowledged, however, in the Cyber Security Research Group and the Policy Institute at King’s College London report, ACD is not a finished product but a work in progress, and it is not a single entity, amenable to simple, one-off deployment. Also, a government programme that is extended to the private sector could face suspicion as being perhaps a way of the government scanning and collecting data about private organisations.  For this reason, the CSRG and King’s College London Report recommends perhaps putting a buffer between the government’s intelligence community and third parties in the form of regulatory authorities in each sector e.g. the Charity Commission in the third sector.

In reality, effective cyber-security comes from a large number of factors working together, including education and training as well as deploying relevant technologies, but the figures from the success of the ACD programme so far, show that it, or tools based upon it, could have real value as part of a number of measures that could help reduce cyber-crime for private as well as public sector organisations.