News/Blog

Seven cyber threats to watch out for in 2019

  • January 07, 2019

About the Author

Josh Keeley

Consultant - Cyber Security 0207 759 7878
With six years’ experience as an IT engineer within the Royal Marines, Josh has a strong network of ex-services CTI analysts and CCTIM qualified managers. Bringing sound technical knowledge and in-depth market expertise, Josh works with consultancies, defence, MSSPs and TIPs; from rapidly-growing start-ups to established global enterprises.   Seniority: Junior - Senior Job Type: Permanent Geographical coverage: London Market: Cyber Security, Threat Intelligence, TIP’s and Professional Services
See Profile & Vacancies
 

With cyber security systems constantly shifting and cyber attackers shifting with them, threats come from new directions all the time – whether they’re variations on perennial cyber nuisances such as phishing, malware and ransomware, or plucked from a deep, dark corner of cyberspace. Here are a few of the major cyber threats we’re expecting to see in 2019.

Whaling

Phishermen are increasingly realising that there’s little point casting out a huge net in the hope of catching anything and everything. Or in other words, sending the same email to hundreds of employees of all levels, for limited reward. So instead, they’re increasingly trying their hand at whaling: high-value phishing attacks targeting CEOs, CSOs, CFOs and anyone else with a company credit card. After all, it’s easy enough to find out a CEO’s contact details from Google – and the rewards are so much greater. Watch out for harpoons.

The smash and grab

By targeting websites with high-value, high-volume transactions, hackers will only need to pull off a handful of e-heists in order to make huge gains. Exploiting a loophole in an organisation’s web infrastructure, hackers inject a sneaky bit of code that allows them to snatch data while transactions are in progress. These attacks are the epitome of opportunism: silent, swift, on-the-fly. They’re the cyber equivalent of performing a train robbery between stops. In September 2018, hackers used such an attack to steal the credit card details of 380,000 BA customers.

Organisations don’t just need to think about protecting their web infrastructure, but also testing the security of their live transactions through transaction stack security.

The perilous plug-in

There’s talk of a rise in USB-based attacks, with hackers infiltrating organisations’ endpoints using USB mechanisms that bypass blocking and security systems. One of the more famously disruptive examples of recent years came in the form of Stuxnet. A malicious computer worm which targets SCADA systems, Stuxnet is believed to have harmed Iran’s nuclear programme after someone found a random USB lying suspiciously around the carpark...and made the mistake of plugging it in.

Abuse of privileged access

With a lack of privileged access management (PAM) in many organisations, particularly SMEs, there’s almost an open invitation for cyber criminals to target an entire market. If administrative rights in a firm have been configured so that the user can access the whole network, and the firm doesn’t have the security in place to prevent code executing itself at that level, hackers will have free reign to cause some serious damage.

The weakest link

Many organisations are affiliated to dozens or even hundreds of third party suppliers. That’s a lot of bases to cover. So cyber attackers will increasingly probe organisations’ networks, hoping to gain access to their data via a supplier who’s connected to their corporate systems.

Organisations need to ensure not only that they’re protected, but that their partners and supply chain are protected too – along with any information that passes between them. Automated testing can reveal what data’s available to the public and identify holes in the infrastructure, so organisations can see where their suppliers need to improve.

Cloudy permissions

Too many organisations do not control who and what has access to the cloud service. It’s easy enough to set up a new user in a number of different cloud services, but it can become difficult to keep track of things when someone changes roles or leaves the company. Without the right restrictions or basic governance in place, users can often access sensitive data through their username and password. Organisations will need to keep a close eye on their users’ individual access and permissions to ensure the right user is accessing the right data with the right device.

The hidden door

Connection brings convenience. But it can also bring chaos. Hackers are increasingly getting into corporate networks by targeting unprotected “internet of things” devices such as air conditioning systems, CCTV and…fish tanks.

Nicola Eagan, CEO of cyber security firm Darktrace, recently revealed that hackers had stolen thousands of data entries from a casino’s high-roller database after gaining access to the network via the thermometer of a fish tank in the lobby. With this kind of access now a growing problem, there are calls for new laws outlining minimum security standards for internet of things devices. These days, you almost need eyes in the back of your head.

It’s all very well having the right security software in place. But as we move through 2019, the key for organisations will be to arm their users with effective cyber security training. As cyber criminals look for new angles, as cyber threats continue to come from every conceivable direction – and a few that aren’t so conceivable – an educated workforce will be far more equipped to meet the cyber security challenges of the future.

If you’re an employer looking for the right cyber security talent or you need advice on how to protect your business from cyber threats, we’d be happy to talk to you. If you’re a job seeker looking for your next great cyber security job, we’ve got access to the best opportunities on the market. Speak to one of our experts now.

 
 

Vacancies


 

SOC Analyst

Are you looking to work for one of the longest standing companies in the UK who live and breathe security? A company that will reflect your passion? My client is looking for a SOC Analyst who will be working in a secret location and who will deal with secret breaches and information.

You will be working alongside a large security team and will have scope to transfer to many different sections within the company should this be of interest. You must be eligible for a SC/DV clearance.

Roles and Responsibilities:

  • Provide analysis and trending of security log data from a large number of heterogeneous security devices
  • Provide threat and vulnerability analysis as well as security advisory services
  • Analyse and respond to previously undisclosed software and hardware vulnerabilities
  • Investigate, document, and report on information security issues and emerging trends
  • Provide support to the communication of relevant IT security procedure and/or process as relevant
  • To support delivery of aspects of an IT and/or Network Security procedure or processes, operations and architectural solution or security build
  • Completes assigned elements of IT security risk assessments and compliance audits
  • Manages where applicable team members to ensure high performing and well-motivated people delivering a specific function or service
  • Resolve and take ownership of customer incidents attending technical and service management bridge calls as required
  • Participate in the drafting of quality technical and incident reports as well as recommendations to the management team
  • Key role in passing on knowledge and skills across the operational support teams
  • Undergo additional training to match operational requirements and equipment
  • Provide support to the Service Management Teams (Capacity, Availability, Release, Information Security)

Skills and Requirements:

  • Experience working in a SOC, with knowledge of attack vectors, tactics and techniques
  • Networking, Windows and Linux knowledge
  • Industry Recognised Qualification from bodies such as COMPTIA or (ISC)2 or GIAC or equivalent experience would be desirable.
  • Experience of 1st line incident detection, hunting and response as well as the ability to analyse and manage response activities Knowledge of various security methodologies and processes, and experience with technical security solutions (SIEM firewall and intrusion detection systems)
  • Knowledge of TCP/IP Protocols, network analysis, and network/security applications
  • Ability to multi-task, prioritise, and manage time effectively, to deliver on agreed deadlines

 

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

SOC Analyst

As a member of the Information Security - Security Operations team you will maintain the confidentiality, availability and integrity of our information and information systems. This will primarily be achieved through identification and mitigation of risk through security systems management and incident management.

As a Information Security Analyst, it is your responsibility to monitor internal and external cyber threats and vulnerabilities to ensure that the clients technical controls are appropriate. It requires rapid response, detection, isolation and remediation of information security incidents.

Roles and Responsibilities:

  • Responsible for operational support of technical security systems, including; installation, configuration, tuning, coverage, support and maintenance
  • To establish and maintain security technical standards, procedures and guidelines
  • To provide IT teams with security focused technical support, training and consultancy to ensure compliance with security standards, policies and legislation
  • Facilitate a process of continuous improvement in the delivery of security services
  • As part of a managed project evaluate products and related technologies that mitigate risk and recommend and support their introduction.
  • Retain a working knowledge of related technical areas such as end user computing, database administration and networks
  • To enable effective liaison with other technical groups and the coherent protection of their technologies
  • To monitor internal and external cyber threats and vulnerabilities and ensure that their technical controls are aligned to these
  • Rapid response, detection, isolation and remediation of information security incidents
  • Reporting to and informing management of incidents and incident prevention activities
  • Produce performance metrics to demonstrate the efficiency and effectiveness of IT and Security Operations controls
  • Develop and operate procedures that counteract potential threats/vulnerabilities
  • Support of the IT Change Management Process ensuring that information security risks are identified and addressed
  • To provide a focal point for technical information security expertise
  • Assist in the rapid execution of information security initiatives by maintaining an appropriate level of prioritisation, focus and persistence in an environment of significant change and growth
  • Out of hours support required on a rota basis

Skills and Requirements:

  • Thorough understanding of the information security threat landscape, significant risks, technical developments and directions
  • Strong interpersonal skills are essential as the jobholder must be able to operate effectively at all levels within
  • At least 3 years' in IT Security/IT Operations or equivalent position
  • Information Security Incident handling experience
  • Proven experience in writing Information Security Standards, procedures and guidelines
  • Experience in industry recognised security standard such as ISO or COBIT
  • Excellent written and oral communication skills
  • Ability to conduct and direct research into threats and vulnerabilities and preventative capabilities
  • Ability to effectively prioritise and execute tasks in a high-pressure environment

Qualifications (desirable):

  • Certified Information Systems Security Professional (CISSP)
  • MSc Information Security
  • Vendor technology trained (certifications) eg Antimalware, Intrusion prevention, email security management technologies

 

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

Cyber Security Specialist

We have partnered with a global leader in providing innovative and data-driven solutions to sports, media and regulated betting markets that are on the lookout for passionate, energetic and talented people to join their rapidly expanding team.

Job Description:

As a Security Specialist you will be responsible for providing policies and guidance to ensure the software developed by teams you have responsibility for is Secure by Design. You will champion security and coach development teams in how to develop secure software.

Role and Responsibilities:

  • Leadership of Working Groups to define technical policies and guidelines relating to security
  • Ensure standards are aligned with any business accreditation needs:
    - ISO 27001
    - Cyber Essentials
    - GDPR Related Security Controls
  • Hands-on involvement with the implementation secure technical architectures e.g. authentication and authorisation solutions
  • Creating and developing Reference Security Architecture Blueprints and Standards
  • Coaching of technical DevOps product teams to ensure technical security standards and architectures are well understood and best practice is followed
  • Champion technical product security implementation within the company to ensure Product Owners and other non-technical stakeholders understand the benefits and risks
  • Technical security risk assessment of existing and future products
  • Security auditing of software developed by the company and its partners
    - Black-box penetration testing
    - White-box code reviews, static analysis
  • Investigation of security related events and incidents
  • Technical liaison with third-parties on security related discussions:
    - Customers
    - Regulators and compliance auditors
  • Automation of security testing
    - Tests within the software delivery pipeline
    - Continuous monitoring
  • Report to senior technical managers about security risks

Required Skills:

  • In depth understanding of security best practice and standards:
  • Security by Design
  • ISO 27001 & Cyber Essentials
  • OWASP Top 10
  • Encryption
  • In depth understanding of authentication and authorisation technologies:
    - OpenID Connect
    - SAML
    - OAuth
    - AWS Cognito
    - AWS IAM
    - Active Directory
  • Experienced in:
    - Penetration Testing and use of Burp Suite
    - AWS cloud infrastructure & security
  • Good communication skills
    - Technical and non-Technical staff
    - Senior Management and external Customers

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

Researcher (Second Language Crucial)

Are you a subject matter expert in a second language and associated Culture? We are looking for a research orientated individual to join a team of professionals who work to fight harmful content online.

Utilising your specialist language skills to translate content, you will play a vital role in the proactive reporting of online trends to those who need to know, in order to prevent online Crisis from occurring.

Roles and Responsibilities:

  • Analytical mind-set
  • Research focused
  • Investigative and inquisitive nature
  • Work proactively to identify risks
  • Fluent in a second language (reading, writing and speaking)
  • Strong understanding of associated culture

Relevant Experience:

  • Research skills
  • Working under pressure
  • Working to deadlines
  • Social media articulate

Benefits:

  • Supportive office culture
  • Weekly incentives
  • Health care plan
  • Access to bespoke equipment and software
  • An opportunity to make a difference to digital experience

Are you looking to apply your language skills to a new and exciting role within digital content, where each day offers you the opportunity to make a difference to digital experience? Contact me today.

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

Data Privacy Consultant

How would you like to chance to work for an innovative global consultancy? This opportunity is for experienced data privacy consultants to become a key part of the organisation. You would be part of a global network of security professionals working on projects for FTSE 100 and Fortune 500 clients, with a company ethos that centres around your progression and career.

If successful you will be working with clients from around the world, from a wide range of business sectors. Your key focus will be ensuring that the client achieves compliance in an organised and efficient manner while creating new business strategies deriving from new policies and legislation's.

As part of their team, you will be involved in a variety of projects, such as:

  • Assessing data privacy compliance against the relevant legislative frameworks
  • Designing and implementing data protection and privacy programs to achieve compliance
  • Creating, testing and implementing new business strategies to take advantage of the legislation
  • Conducting privacy impact assessments
  • Third-party assessments
  • Data governance and discovery tool implementation
  • Information flow mapping to a common standard / using tools
  • Deploying processes and tools to help detect and prevent privacy breaches
  • Creating effective data privacy governance within our clients, creating a harmonised approach towards data protection and privacy by bringing together stakeholders (e.g. legal, compliance, risk, HR, security, business functions etc.)
  • Assisting clients in privacy-related incident response activities
  • Supporting the client's team by acting as an interim team member (e.g. data protection officer, security officer, security manager, security analyst etc.)

Skills and Requirements:

  • Professional consulting background with a focus on data privacy and legislation
  • Preference on sectors such as Life Sciences consultancy

You should also have the following skills/experiences:

Bachelor's or Master's Degree in IT, Law or relevant field that demonstrates your interest in the data protection and privacy domain.

Proven experience with relevant data protection and privacy laws and regulations (e.g. CCPA, EU GDPR, Privacy Shield) and industry standards and frameworks, such as GAPP and BCR

Possession of relevant qualifications such as CIPM, CIPT, CIPP/E, CISM, CISSP, and/or HCISSP, as well as involvement in industry related organisations (e.g. IAPP, ISACA, (ISC)²) is desirable. Where you do not have the qualifications, we will support you in achieving them

The ability to efficiently understand client organisations and their business model and to tailor relevant processes to privacy requirements

To communicate effectively with different stakeholders (e.g. business, legal, IT, security) about data protection and privacy matters

An analytical mindset, with a focus on producing quality work in a results-oriented environment

 

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

Security Consultant

 

How would you like to chance to work for a innovative global consultancy? This opportunity is for experienced Security Consultants to become a key part of the organisation. You would be part of a global network of security professionals working on projects for FTSE 100 and Fortune 500 clients, with a company ethos that centres around your progression and career.

 

Role Requirements:

As a Security Consultant within this consultancy you will be working with both public and private sector clients. A strong, broad knowledge is needed within information security to successfully thrive in this role.

  • Creating and delivering end-to-end security architecture and solutions.
  • Working with other Consultants, Architects and Developers to deliver leading solutions across; identity management, network and infrastructure protection, security monitoring etc., with the aim of defending against some of the most cutting-edge threats and capable threat actors.
  • Track record of delivering security solutions for enterprise businesses with large-scale infrastructures.

Qualifications:

  • Academic prowess should be backed with relevant experience and technical knowledge.
  • CISSP, CISM, IISP/CCP, TOGAF, SABSA are preferred qualifications.

 

Company benefits:

  • Transport allowance - £6,000 per year
  • Private medical insurance
  • Bonus scheme
  • Market leading salary

 

 

 

Security Analyst

Blackthorn Trace has a new and exciting opportunity for you to join a fast-growing technology start up based in London! Our client is looking for individuals who are passionate about understanding the detail in cyber security attacks. Using this knowledge, you will improve their detective capabilities and develop to become in time a subject matter expert in cyber defence!

Roles and Responsibilities:

  • You will need to be able form relationships with their clients by understanding cyber security from the viewpoint of these clients and then offer timely expert advise and analysis
  • You will support and eventually lead the creation of intelligence reports and then discuss the issues directly to their customers
  • You will have the opportunity to work with their experts to help assist the creation of machine learning and artificial intelligence models. This is an amazing opportunity to show off your technical skill sets!
  • You will need the ability to detail the emergence of new threats and do this by conducting original research

Skills and Requirements

  • A degree in a computing related field
  • 3 years' experience in a technical IT environment
  • Good knowledge in Linux, Windows, SIEM's, IP networking or malware analysis
  • A strong desire to understand how technology works and generate ideas to detect suspicious or malicious behaviour
  • An incredibly personable and passionate candidate

This is a great opportunity to join a fast past and growing start up and if this sounds like you then please get in touch and apply now!

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

Cyber Incident Response Specialist

Are you looking for your next Incident Response position? Our Fintech client based in London are looking to add to their outstanding cyber credentials after creating a multi-million pound cyber fusion centre by bringing on a Cyber Defence Analyst. They pride themselves that Cyber Security is at the beating heart of their culture.

This would be an ideal role if you are incredibly passionate about Cyber Security and want to be a part of a well known company who would value your skill set!

Roles and Responsibilities:

  • We'll need you to identify Cyber Security threats and confidently perform analysis of anomalies on client's networks
  • Monitor Cyber Security alerts though the SIEM to triage, mitigate and escalate issues
  • Coordinate the initial workflow and response for different case types with both internal and external teams
  • They'll need you to work closely with operational support staff to ensure they are actively engaged in potential security threats and concerns
  • This role means you'll be providing round-the-clock support for their global security operations centre. Analysts work a 12-hour shift pattern, including holidays and weekends - so commitment is everything here

Skills and Requirements:

  • Display great problem solving skills - this coupled with the tenacity and resilience to resolve issues
  • A solid foundational understanding of TCP/IP and networks to include packet analysis, firewalls, routers, and ACLs
  • Strong working knowledge of malware in its varying forms, common delivery mechanisms, and common mitigation steps
  • Ability to convey security concepts related Cyber Security events to both technical and non-technical audiences
  • Experience with IDS/IPS, Endpoint protection, Network Security, WAF, Sandboxing and analysis toolsets
  • Experience operating and administrating Security Information and Event Management (SIEM) platforms
  • The ability to communicate and collaborate with other team members in a dynamic workforce
  • Preferred - security operations experience but candidates with Forensics or Penetration Testing background will also be considered

If you are looking for your next Incident Response role then go ahead and apply now for immediate consideration.

 

 

 

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.