Latest news with #NationalCyberSecurityCentre
Biz Bahrain
15 hours ago
- Business
- Biz Bahrain
NCSC announces third edition of Arab International Cybersecurity Conference and Exhibition (AICS 2025)
On Tuesday morning, a press conference was held to announce the launch of the third edition of the Arab International Cybersecurity Conference and Exhibition (AICS 2025), under the patronage of His Royal Highness Prince Salman bin Hamad Al Khalifa, Crown Prince, Deputy Supreme Commander of the Armed Forces, and Prime Minister. The event is scheduled to take place from November 5 to 6 at the Bahrain International Exhibition Centre, officially organised by Faalyat, a leading company in international event management. The National Cyber Security Centre (NCSC) will host the third edition of the conference and exhibition in collaboration with the global DEF CON conference, one of the most prominent and specialised cybersecurity conferences worldwide. His Excellency Shaikh Salman bin Mohammed Al Khalifa, Chief Executive Officer of the NCSC, expressed pride in hosting the third edition of AICS under the patronage of His Royal Highness the Crown Prince, which reflects the Kingdom of Bahrain's continued commitment to consolidating its position as a leading global centre in the field of cybersecurity. HE emphasised that the partnership between the NCSC and DEF CON provides an opportunity for exchanging international expertise and establishing strategic partnerships, in addition to showcasing the latest solutions and technologies that play a pivotal role in enhancing cybersecurity readiness both regionally and internationally to address escalating and evolving cyber threats. HE also commended the ongoing cooperation with the official organising company, Faalyat, recognising its deep expertise in stakeholder engagement, strategic communications, and experiential design, which reflects a shared commitment to positioning Bahrain as a global leader in cybersecurity. The CEO pointed out that the previous two editions achieved remarkable success in terms of participation numbers and the diversity and richness of training workshops and panel discussions led by distinguished cybersecurity experts from the region and worldwide, reflecting growing regional and international confidence in Bahrain's ability to host and organise specialised international technology events. HE added that the third edition aligns with the NCSC's vision to enable secure digital transformation, foster innovation, develop future defence mechanisms against rising cyber threats, and strengthen regional and international cooperation to enhance Bahrain's cybersecurity ecosystem. During the press conference, a partnership agreement was signed between the National Cyber Security Centre and the global DEF CON conference, announcing the regional launch of the specialised DEF CON Villages focusing on artificial intelligence, space, cloud security, and industrial control systems, alongside interactive Demo Labs offering innovative technical and practical experiences. This initiative aims to provide researchers, students, and startups with opportunities to showcase their innovations and projects before a global group of experts in an engaging environment. Additionally, a cooperation agreement was signed between the NCSC and the Bahrain Institute of Banking and Finance (BIBF) to enhance efforts and collaboration in cybersecurity capacity building through specialised training programmes to prepare current and future national talents for the upcoming conference. The press conference also announced the formation of DEF CON Group Bahrain, a community bringing together leading experts, students, and those interested in digital safety and cyber resilience, focusing on discussing key defensive cybersecurity practices within Bahrain. It is expected that the third edition of AICS will attract over 10,000 participants from 50 countries to attend specialised panel discussions featuring more than 100 global cybersecurity experts. The event will also include international pavilions and youth empowerment programmes aimed at preparing the next generation of cybersecurity leaders through mentorship, training, and practical experience. The conference will include DEF CON Villages and interactive Demo Labs presented by distinguished cybersecurity experts from around the world, technical workshops, and training programmes tailored to the needs of professionals and institutions. Furthermore, it will feature a Capture the Flag (CTF) competition and other exciting cybersecurity contests designed to showcase local and international cybersecurity skills and talents. The event will also host a technology exhibition displaying the latest global solutions and innovations. BNA(R)
Yahoo
2 days ago
- Business
- Yahoo
Simple ways employees can prevent cyber attacks
The scale and complexity of cyber threats facing large organisations today have never been greater. From targeted ransomware attacks to internal data leaks, the risk landscape is evolving rapidly. For large enterprises, which often hold vast quantities of sensitive data and critical infrastructure, robust cyber security measures are no longer optional—they're essential for resilience, reputation, and regulatory compliance. Effective cyber security strategy requires a layered, proactive approach. While technology plays a significant role, success depends just as much on leadership, policy, and staff behaviour. This article outlines key cyber security advice for large organisations, using guidance from trusted sources like the UK's National Cyber Security Centre (NCSC), and highlights best practices that will remain relevant as threats evolve. Build a strong governance framework For any organisation with complex systems and a large workforce, cyber security governance is the foundation on which all defences rest. Clear governance ensures that security responsibilities are defined at every level, from board members to frontline staff. Start by establishing a formal cyber security strategy aligned with your wider business objectives. The board should have visibility of cyber risks, supported by senior leaders with appropriate expertise, such as a Chief Information Security Officer (CISO). Risk ownership must be assigned, and accountability built into every level of the organisation. The NCSC recommends adopting frameworks such as the Cyber Assessment Framework (CAF), which helps assess your organisation's ability to manage cyber risks to essential services. Implement regular audits and maturity assessments to identify gaps and ensure continuous improvement. Risk management should extend beyond the organisation's boundaries. Third-party vendors, contractors, and supply chains are common entry points for attackers. Ensure that partners adhere to comparable security standards and include cyber clauses in all contracts. Carrying out regular supplier risk assessments can significantly reduce exposure. Invest in layered technical defences Large organisations typically manage a diverse mix of legacy systems, cloud services, and mobile infrastructure—all of which can introduce vulnerabilities. Implementing a layered, defence-in-depth approach can prevent a single point of failure from compromising your entire network. At the perimeter, firewalls, intrusion detection systems (IDS), and secure gateways can help block unauthorised traffic. Within the network, segment systems by function or sensitivity to limit the impact of a breach. For instance, sensitive HR data should never reside on the same network as public-facing services. Endpoint protection should include next-generation anti-virus software, real-time monitoring, and automated incident response capabilities. Ensuring that systems are regularly patched is vital; unpatched software remains one of the most exploited weaknesses. Cloud security requires its own set of controls. Apply the principle of least privilege to user accounts, enforce strong authentication (ideally multi-factor authentication), and monitor usage through centralised dashboards. Encrypt data both in transit and at rest to safeguard against interception or theft. Backup strategies are equally critical. Maintain secure, off-site backups of all essential data and test your recovery processes regularly. Many ransomware attacks attempt to corrupt backups first, so isolating them from the main network is best practice. Prioritise staff awareness and secure behaviours While sophisticated malware grabs headlines, many breaches result from simple human error—phishing emails, weak passwords, or misconfigured permissions. Cultivating a culture of security awareness is therefore one of the most cost-effective defences an organisation can implement. Regular training should cover not just technical knowledge, but also behavioural aspects. Teach employees how to spot suspicious messages, how to handle sensitive data, and the importance of reporting incidents quickly. Cyber security awareness should be embedded into onboarding processes, and updated through ongoing campaigns or simulated phishing exercises. Adopt strong access control policies across the organisation. Encourage the use of password managers and enforce minimum standards such as length, complexity, and uniqueness. Where possible, use biometric or multi-factor authentication to reduce the risk of credential theft. Set clear policies for remote work, device use, and data sharing. As hybrid and mobile working becomes the norm, organisations must secure both corporate and personal devices. Deploy mobile device management (MDM) solutions and ensure secure virtual private network (VPN) access for all remote users. Incident response plans should be tested regularly so staff know how to act quickly and effectively during a breach. Knowing who to contact, what evidence to preserve, and how to contain the incident can dramatically reduce the impact of an attack. The takeaway Cyber security for large organisations is not a single solution but a continuous process. It combines governance, technology, and people in a coordinated effort to reduce risk and increase resilience. By implementing strong governance structures, maintaining layered technical defences, and promoting a culture of cyber awareness, organisations can better prepare for the threats of today—and those yet to come. As cyber attackers grow more sophisticated, the importance of forward-thinking, holistic strategies cannot be overstated. Large organisations must remain agile, informed, and committed to continuous improvement in their security posture. By doing so, they protect not only their data and systems but also the trust of customers, partners, and the public at large. "Simple ways employees can prevent cyber attacks" was originally created and published by Retail Insight Network, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Sign in to access your portfolio
RNZ News
2 days ago
- RNZ News
New Zealand businesses warned as Microsoft SharePoint targeted in cyber attack
File photo. Photo: AFP / Gerard Julien New Zealand's cyber watchdog has picked up on a Microsoft warning about attacks on server software globally. The Washington Post reported hackers had been able to launch a so-called "zero-day" attack , targeting a previously unknown but "major security flaw". Microsoft issued an alert several days ago to governments and businesses that servers within organisations that use SharePoint, were exposed. The hack does not affect SharePoint online in cloud computing systems. The National Cyber Security Centre said New Zealand organisations should install security updates or isolate their SharePoint from the internet. However, the remedy appeared limited. "Currently ... patches are only available for SharePoint Subscription Edition and SharePoint Server 2019," the centre said on its website. US regulators last year castigated Microsoft for what they called a lax security culture around a 2023 attack on cloud services by Chinese hackers. Microsoft responded by saying it was hardening all its systems. Sign up for Ngā Pitopito Kōrero , a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
NZ Herald
2 days ago
- Business
- NZ Herald
The rapidly evolving world of scams in NZ is ‘whack-a-mole'
'Most of the time, the money's been whisked offshore, and once it goes offshore, the police tend to throw their hands up and say it's too difficult. We don't have jurisdiction... 'What police tend to do is go for the low-hanging fruit, which is the domestic money mules whose accounts have been used to receive the money and transfer it off... those ones are a little bit easier for police to identify and prosecute. But that leaves the ringleaders, who are generally offshore, free just to carry on doing what they're doing,' he said. The National Cyber Security Centre's latest insight report, released last month, revealed $7.8 million in financial losses were reported to the government agency in the first quarter of 2025. Financial losses rose 14.7% compared with the previous quarter ($6.8m). This month, Commerce and Consumer Affairs Minister Scott Simpson announced the launch of the Anti-Scam Alliance to 'strengthen New Zealand's scam defences'. 'Some reports suggest scams cost the economy up to $2 billion annually, and it is crucial we get on top of the problem,' he said. Banks have agreed to updated protections and new compensation rules, committing to reimburse customers up to $500,000 in losses in circumstances where banks fail to meet anti-scam commitments. Several other protections are being rolled out, including the 'confirmation of payee,' which makes sure the account name being sent money matches the one inputted into the system, to help prevent misdirected payments. Nichols said banks are working hard towards anti-scam measures, but more could be done. 'In a lot of the cases I've seen, people have made a very unusual series of transactions which are completely at odds with their history of banking. I think there needs to be better systems, algorithms that pick up those really unusual transactions and put a halt on it, put a bit of friction in the system. 'One thing I know the banks are working on is trying to share more information about known mule accounts. Mule accounts are people who have agreed to receive money, and then they are under instructions to send it straight overseas. 'There have been cases where banks have known that they are harbouring a suspect account or customer, they haven't shared that information with other banks, and these people have been able to go on and open other bank accounts and keep receiving money,' he said. Nichols has spoken to multiple scam victims and said there are many commonalities. 'The emotional toll, the embarrassment, the shame, the financial stress it's put them under... But the worst thing was the loss of trust in humanity. How do you ever trust anyone ever again when someone that you believe to be honest and helping you has swindled you for everything you've got? 'Everyone is different. There have been some real tales of heartache and a lot of tears on the phone. One that really sticks out to me is a Spanish fellow who's a lovely guy. He lost a very, very large sum of money when he was singled out by a scam that was going around. He talked to me about his loss and what he'd gone through... he told me that he felt he had failed his wife, and that was really hard to hear. 'Fortunately, the Banking Ombudsman found BNZ was at fault, and he received a 70% refund in that case, which was great for him. But like I say, a lot of people aren't so lucky,' Nichols said. Listen to the full episode to hear more about Lane's years of reporting on scams and how you can better protect yourself. The Front Page is a daily news podcast from the New Zealand Herald, available to listen to every weekday from 5am. The podcast is presented by Chelsea Daniels, an Auckland-based journalist with a background in world news and crime/justice reporting who joined NZME in 2016. You can follow the podcast at iHeartRadio, Apple Podcasts, Spotify, or wherever you get your podcasts.
Time of India
2 days ago
- Time of India
Britain's NCSC detects 'limited number' of UK victims in Microsoft hack campaign
Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day". Tired of too many ads? Remove Ads Britain's National Cyber Security Centre (NCSC) said on Monday it had detected a "limited number" of UK-based victims in an ongoing hacking campaign that has affected servers using Microsoft 's SharePoint on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day".
