- Jersey Cyber Security Centre Newsletter
- Posts
- CERT.JE - It's time to step up
CERT.JE - It's time to step up
Dear all, Not only have reconnaissance attacks on Jersey increases following Russia’s invasion of Ukraine, but we see real evidence on a daily basis of the impact of cyber attacks on local organisations.Were you the company whose compromised computer was part of a botnet launching international attacks from Jersey last week? Was the denial of service attack we saw yesterday, yours? Was it you whose email account was compromised - because it didn’t use two factor authentication and cyber criminals found information on social media to guess your password? And did your company figure out that’s how they got in to the client portal, too? When you approved that controls exception last week, did the international cybercrime network kindly agree to leave it alone – or whilst you stood guard over the front door, did they find the window you left open and climb through?We may be an island, but cyber is a global threat. It does not respect borders or barriers. It respects only engaged people, strong business processes, and good technology controls. It's time for Jersey to step up - we have work to do.If you’d like to be part of this effort, there’s a lot you can do in your organisation, in your home, and in your community. CERT.JE are working with a number of bodies across the island to bring together our first Cyber Security Awareness Month in October, and we look forward to telling you more soon. In the meantime, every organisation can sign up for NCSC’s Active Cyber Defence Early Warning System to be notified of known vulnerabilities and compromises in your network so you can respond when they occur.Last week I spoke at a Chamber of Commerce event, where a speaker described cyber security as a ‘young man’s game’. Unfortunately he had a point: cyber as a profession is predominantly male and not sufficiently diverse, and that’s something we need to address. The number of cyber roles globally is projected to increase by a third over the next 5 years, and to have an effective workforce we need welcome all talents and skills. After all, hackers don’t care how you dress, how your brain works, how you identify, what your gender is, how old you are, or what you did before. And nor should we.With that in mind I’m particularly pleased to be advertising a Cyber Defence Apprenticeship for the first time in Jersey. We can all do our bit to bring more people into the profession, and to support islanders to develop their skills. This role provides the opportunity to work whilst studying for a degree from a top UK university. It’s a remarkable opportunity, and it’s open to everyone who meets the academic criteria (those have flexibility too). Prior experience is purely optional - selection is on capability and commitment, not what you have done before. School leavers are welcome to apply, as are those from other fields. Application is as simple as sending your CV. For information on this role, as well as two other crucial roles we’re hiring at Manager and Senior level, see the jobs section below or click here for details.Regards,Matt
24 hours in cyber
The top question we're asked is the one question that usually isn't very important: "has it happened here?". Understanding that cyber threats are real when you think you have not been impacted yet is hard - these are fires we often can't see.
To show that these issues are real, over the next few weeks CERT.JE will be publishing selected stats from the threat intelligence we handled in just one 24 hour period.
It's a difficult balance because that means responsibly sharing some information on compromises that actually happened, as well as indicating those that could have.
But if all cyber security is local, then all good cyber security begins at home.
Here's the first:
24 hours in cyber security @CERTJersey
Join us to help prepare, protect, and defend the island against cyber threats - linktr.ee/certjersey
What did you see on your network today?
#24hoursincyber#cybersecurity#certjersey
— CERT.JE (@CERTJersey)
11:00 AM • Jun 1, 2022
From around the web
Resources
Upcoming Events
Online: Cyber Aware for Sole Traders and Micro-Businesses with the NCSC - 13th June 2022
In this 1 hour NCSC Digital Loft small organisations can learn how to protect themselves online including advice on passwords and 2-Step Verification (2SV).
Online: Leader's Brief with Special Guest Dr Emma Philpott MBE, CEO | UK Cyber Security Council – 15th June 2022
This lively interactive chat will feature Simon Hepburn, CEO of the UK Cyber Security Council, and special guest Dr Emma Philpott, CEO of IASME, a company which focuses on information assurance for small companies and the supply chain.
Online: Cyber Essentials with the NCSC - 22nd June 2022
The NCSC's Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security.
Local: Channel Islands Information Security Forum - 22nd June 2022
The CIISF delivered three events this week, focussed on women in cyber, email security, and human behaviour. A further event is provisionally planned next month at the Airport. Hold the evening in your diary and watch for details on social media or via their newsletter.
Looking ahead: It's cyber security awareness month in October, and CERT.JE are working on a catalogue of events alongside local partners - details to follow.
Tool of the month
If you've been victim to ransomware, this site may allow you to unlock your data by uploading your encrypted files or entering details of the ransom demand.
This public initiative by the joint forces of the Netherlands’ police High Tech Crime Unit, Europol, Kapersky, and McAfee, aims to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
Since it’s much easier to avoid a cyber threat than to fight it once your system is compromised, The No More Ransom Project also aims to educate users about how ransomware works and what countermeasures can be taken to prevent infection effectively.
Cyber Vacancies
Many people have told us there are not many cyber security roles in Jersey, or that it is difficult to find new team members, so we’re sharing the opportunities we are aware of below… including three with CERT.JE.
(Please note that sharing is not endorsement).
CERT.JE are hiring cyber security professionals at manager, mid-senior and junior levels to join a small team where each member plays a critical role and is involved in every aspects of our operations. This includes monitoring threat intelligence, handling incidents, delivering CERT operations, and providing advice and assistance to organisations and business leaders across the Island.
More information at the following links.
Further roles available in Jersey
“Ogier need an Information Security Risk Analyst to add value across their teams, proactively partnering with the business to continually assess and identify potential risks, evaluating these to ensure that they are appropriately mitigated through properly implemented policies, procedures, training, ‘systems and controls.”
"This is a technical hands-on role leading a team of Network & Security Technicians, delivering technical support across the organisation. The role requires that you will to be passionate about the ever changing environment of Network and Security infrastructure services, particularly the shift towards Cloud computing, as well as technically expert in a number of key Ogier technologies."
“The Security Technical Lead will act as JTs primary lead within the technical security domain. Reporting directly to the Head of Security, you will provide subject matter expertise in a range of information and cyber security activities across the business including driving the implementation of a programme of works aligned to JTs security strategy.”
If you’d like to share local resources, jobs or events related to cyber security please do let us know via email to [email protected].