Improving the cyber security of companies that allow distributed devices access to corporate networks to facilitate remote working resulting from the longer term COVID-19 response.

提高公司的网络安全性，允许分布式设备访问公司网络，以促进长期应对 COVID-19 所产生的远程工作。

• 批准号: 85374
• 金额: $ 10.75万
• 依托单位: INSURTECHNIX LIMITED
• 依托单位国家: 英国
• 项目类别: Collaborative R&D
• 财政年份: 2020
• 资助国家: 英国
• 起止时间: 2020 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=85374
• 关键词: Improving; cyber; security; companies; allow

According to Gallagher, in 2019_: "1.4m UK SMES suffered a cyber-attack/significant security incident. This cost the economy £8.8bn with the average attack costing £6,500\. 17% spent \>£10k to combat an incident with 10% paying out \>£20k. 23% of SMEs couldn't survive for \> a month if unable to trade following an incident ... 57,000 SMEs could be at risk of collapse."_COVID-19 has dramatically increased these risks. Cyber-criminals are adapting their tactics and targeting endpoint vulnerabilities exposed by the surge in home working. In Q2, UK businesses reported a 92% increase in cyber-attacks (VMWare). ZNET identifies a 72% increase in file-encrypted malware in the last three months and notes that ransomware attacks are now focused on stealing data as well as encrypting it. As a recent example, on 17 July, the NCSC exposed Russian attacks on Covid-19 vaccine developers.These risks are unlikely to reduce in a post-COVID environment. A recent Gartner poll shows that 48% of employees will likely work remotely at least part of the time after COVID-19 versus 30% before the pandemic.SMEs are particularly vulnerable to remote working attacks as they typically lack the resources required to protect against cybercrime. Given the increased number of attacks, over 100,000 UK SMEs could now be at risk of collapse.Per Aon "_Over the past few years, bring your own device ("BYOD") programs have increased in popularity as organizations aim to increase employee mobility._ _In 2018, 45% of UK businesses allowed employees to use their own devices."_ A July 2020 survey by CyberArk shows that 77% of remote employees are now using unmanaged, insecure BYOD to access corporate systems. Per Aon _"Ideally, entirely separate devices should exist for corporate and personal data. However,_ _most organizations that did not follow a policy of issuing employees separate corporate devices prior to the coronavirus outbreak are highly unlikely to incur the costs of doing so now._ _...**As a result, there is an increased risk of data leakage particularly if personal devices are shared between family members or insecure network connections are being used**._"SMEs, while among the most vulnerable organisations, lack the specialists to assist them defend against the threat. Cyber risk management needs to be democratised to allow non-specialists to manage the basics of cyber defence.The Innovation Focus is to extend and repurpose InsurTechnix's existing software to meet the needs that Aon and many others describe by:**1\. Providing a means by which SMEs can ensure that laptops and phones, including BYOD, being used to access their networks meet the minimum security thresholds to defend against/avoid the substantial majority of threats;** and,**2\. Characterising, quantifying and reporting the data held on distributed devices, including BYOD, so that the risk of a data breach can be minimised by reducing the nature and volume of data held in higher-risk environments.**

据加拉格尔称，2019 年，“140 万家英国中小企业遭遇网络攻击/重大安全事件。这给经济造成了 88 亿英镑的损失，平均攻击成本为 6,500 英镑\。17% 花费\> 1 万英镑来应对事件，10% 支付\> 2 万英镑。如果事件发生后无法进行交易，23% 的中小企业将无法生存\>一个月...... 57,000家中小企业可能面临风险 崩溃。”_COVID-19 极大地增加了这些风险。网络犯罪分子正在调整他们的策略，并瞄准家庭工作激增所暴露的端点漏洞。第二季度，英国企业报告网络攻击增加了 92% (VMWare)。 ZNET 发现文件加密恶意软件在过去三个月中增加了 72%，并指出勒索软件攻击现在的重点是窃取数据并对其进行加密。最近的一个例子是，7 月 17 日，NCSC 曝光了俄罗斯对 Covid-19 疫苗开发商的攻击。在后 COVID 环境中，这些风险不太可能减少。 Gartner 最近的一项民意调查显示，在 COVID-19 疫情之后，48% 的员工可能至少会在部分时间进行远程工作，而在疫情爆发之前，这一比例为 30%。 中小企业特别容易受到远程工作攻击，因为它们通常缺乏防范网络犯罪所需的资源。鉴于攻击数量不断增加，超过 100,000 家英国中小企业现在可能面临倒闭的风险。Per Aon “_过去几年，随着组织旨在提高员工流动性，自带设备 (“BYOD”) 计划越来越受欢迎。_ _2018 年，45% 的英国企业允许员工使用自己的设备。”_ CyberArk 2020 年 7 月的一项调查显示，77% 的远程员工现在使用非托管、不安全的 BYOD 访问公司系统。 Per Aon _“理想情况下，公司和个人数据应该存在完全独立的设备。但是，_ _大多数在冠状病毒爆发之前没有遵循向员工发放单独公司设备的政策的组织现在不太可能承担这样做的成本。_ _...**因此，数据泄露的风险会增加，特别是在家庭成员之间共享个人设备或不安全的网络连接时。 使用**._“中小企业虽然是最脆弱的组织之一，但缺乏专家来帮助他们抵御威胁。网络风险管理需要民主化，以允许非专家管理网络防御的基础知识。创新重点是扩展和重新利用 InsurTechnix 的现有软件，以满足 Aon 和许多其他人描述的需求：**1\。提供一种方法，使中小企业能够确保用于访问其网络的笔记本电脑和手机（包括 BYOD）满足最低安全阈值，以防御/避免绝大多数威胁；** 和**2\。表征、量化和报告分布式设备（包括 BYOD）上保存的数据，以便通过减少高风险环境中保存的数据的性质和数量来最大程度地降低数据泄露的风险。**