Latest news with #OllieWhitehouse
Belfast Telegraph
07-05-2025
- Business
- Belfast Telegraph
Government to roll out passwords replacement on Gov.UK to boost cyber security
In contrast to using a password and then an additional text message or code sent to a user's trusted device – known as two-factor authentication – passkeys are unique digital keys tied to a specific device that proves the user's identity when they log in without requiring them to input any further codes. The National Cyber Security Centre (NCSC) said this approach is more secure because the digital key remains stored on the user's device and cannot be easily intercepted or stolen, making them resistant to being compromised through phishing and scam emails or texts, unlike passwords, which can be more easily shared. The NCSC said it considers the adoption of passkeys as a vital step in improving cyber resilience on a national scale, in particular in the wake of high-profile cyber attacks against major retailers, including Marks and Spencer and Co-op. The NCSC's chief technical officer, Ollie Whitehouse, said: 'The NCSC has a stated objective for the UK to move beyond passwords in favour of passkeys, as they are secure against common cyber threats such as phishing and credential stuffing. 'By adopting passkey technology, Government is not only leading by example by strengthening the security of its services but also making it easier and faster for citizens to access them. 'We strongly advise all organisations to implement passkeys wherever possible to enhance security, provide users with faster, frictionless logins and to save significant costs on SMS authentication.' AI and Digital minister Feryal Clark said: 'The rollout of passkeys across services marks another major step forward in strengthening the UK's digital defences while improving the user experience for millions. 'Replacing older methods like SMS verification with modern, secure passkeys will make it quicker and easier for people to access essential services — without needing to remember complex passwords or wait for text messages. 'This shift will not only save users valuable time when interacting with government online, but it will reduce fraud and phishing risks that damage our economic growth.' The announcement came on the first day of the CyberUK conference in Manchester, where NCSC chief executive Richard Horne warned that the number of 'nationally significant' cyber attacks in the last eight months has doubled on the same period a year ago. Mr Horne said the agency had dealt with 200 incidents since September 2024, including twice as many causing widespread disruption as the same period last year. Also at the conference, Chancellor of the Duchy of Lancaster Pat McFadden said the cyber attacks in recent weeks should be a 'wake-up call' for British businesses as he announced a £16 million package to boost defence at home and abroad.
Yahoo
07-05-2025
- Business
- Yahoo
Government to roll out passwords replacement on Gov.UK to boost cyber security
The Government has announced plans to replace passwords as the way to access its digital services platform for the public. In contrast to using a password and then an additional text message or code sent to a user's trusted device – known as two-factor authentication – passkeys are unique digital keys tied to a specific device that proves the user's identity when they log in without requiring them to input any further codes. The National Cyber Security Centre (NCSC) said this approach is more secure because the digital key remains stored on the user's device and cannot be easily intercepted or stolen, making them resistant to being compromised through phishing and scam emails or texts, unlike passwords, which can be more easily shared. The NCSC said it considers the adoption of passkeys as a vital step in improving cyber resilience on a national scale, in particular in the wake of high-profile cyber attacks against major retailers, including Marks and Spencer and Co-op. The NCSC's chief technical officer, Ollie Whitehouse, said: 'The NCSC has a stated objective for the UK to move beyond passwords in favour of passkeys, as they are secure against common cyber threats such as phishing and credential stuffing. 'By adopting passkey technology, Government is not only leading by example by strengthening the security of its services but also making it easier and faster for citizens to access them. 'We strongly advise all organisations to implement passkeys wherever possible to enhance security, provide users with faster, frictionless logins and to save significant costs on SMS authentication.' AI and Digital minister Feryal Clark said: 'The rollout of passkeys across services marks another major step forward in strengthening the UK's digital defences while improving the user experience for millions. 'Replacing older methods like SMS verification with modern, secure passkeys will make it quicker and easier for people to access essential services — without needing to remember complex passwords or wait for text messages. 'This shift will not only save users valuable time when interacting with government online, but it will reduce fraud and phishing risks that damage our economic growth.' The announcement came on the first day of the CyberUK conference in Manchester, where NCSC chief executive Richard Horne warned that the number of 'nationally significant' cyber attacks in the last eight months has doubled on the same period a year ago. Mr Horne said the agency had dealt with 200 incidents since September 2024, including twice as many causing widespread disruption as the same period last year. Also at the conference, Chancellor of the Duchy of Lancaster Pat McFadden said the cyber attacks in recent weeks should be a 'wake-up call' for British businesses as he announced a £16 million package to boost defence at home and abroad.
The Independent
07-05-2025
- Business
- The Independent
Government to roll out passwords replacement on Gov.UK to boost cyber security
The Government has announced plans to replace passwords as the way to access its digital services platform for the public. In contrast to using a password and then an additional text message or code sent to a user's trusted device – known as two-factor authentication – passkeys are unique digital keys tied to a specific device that proves the user's identity when they log in without requiring them to input any further codes. The National Cyber Security Centre (NCSC) said this approach is more secure because the digital key remains stored on the user's device and cannot be easily intercepted or stolen, making them resistant to being compromised through phishing and scam emails or texts, unlike passwords, which can be more easily shared. The NCSC said it considers the adoption of passkeys as a vital step in improving cyber resilience on a national scale, in particular in the wake of high-profile cyber attacks against major retailers, including Marks and Spencer and Co-op. The NCSC's chief technical officer, Ollie Whitehouse, said: 'The NCSC has a stated objective for the UK to move beyond passwords in favour of passkeys, as they are secure against common cyber threats such as phishing and credential stuffing. 'By adopting passkey technology, Government is not only leading by example by strengthening the security of its services but also making it easier and faster for citizens to access them. 'We strongly advise all organisations to implement passkeys wherever possible to enhance security, provide users with faster, frictionless logins and to save significant costs on SMS authentication.' AI and Digital minister Feryal Clark said: 'The rollout of passkeys across services marks another major step forward in strengthening the UK's digital defences while improving the user experience for millions. 'Replacing older methods like SMS verification with modern, secure passkeys will make it quicker and easier for people to access essential services — without needing to remember complex passwords or wait for text messages. 'This shift will not only save users valuable time when interacting with government online, but it will reduce fraud and phishing risks that damage our economic growth.' The announcement came on the first day of the CyberUK conference in Manchester, where NCSC chief executive Richard Horne warned that the number of 'nationally significant' cyber attacks in the last eight months has doubled on the same period a year ago. Mr Horne said the agency had dealt with 200 incidents since September 2024, including twice as many causing widespread disruption as the same period last year. Also at the conference, Chancellor of the Duchy of Lancaster Pat McFadden said the cyber attacks in recent weeks should be a 'wake-up call' for British businesses as he announced a £16 million package to boost defence at home and abroad.
Time of India
06-05-2025
- Business
- Time of India
How hackers 'tricked' IT department of one of the biggest UK retailers to disable its entire online operations
Last month, a group of cybercriminals brought the online operations of Marks & Spencer to a halt by reportedly exploiting a basic human vulnerability. Posing as legitimate employees, the hackers called up the IT help desks of one of the UK's largest retailers and convinced its staff to reset passwords for the accounts they had impersonated, a report claims. Tired of too many ads? go ad free now With those credentials in hand, they infiltrated the company network and disabled its website and app ordering systems. Two weeks after the incident, customers remain unable to place clothing and home orders online, while M&S claims to be working 'day and night' to restore services. However, the retailer has not provided a timeline for resuming online orders, noted that some food products remain unavailable, and has yet to disclose the financial impact of the disruption. How has this cybercrime affected the retailer's customers M&S first encountered disruptions over the Easter weekend, when customers reported issues with Click & Collect and contactless payments. The company confirmed it was dealing with a 'cyber incident,' and although these services have since resumed, it paused online orders on its website and apps last week. A week later, there is still no timeline for when online ordering will restart. In-store, some food items remain unavailable as M&S continues to take systems offline to manage the attack. Signs on empty shelves read: 'Please bear with us while we fix some technical issues affecting product availability.' Although the retailer had hoped to restore full food availability by the end of the week, it remains unclear whether that target will be met. Additionally, M&S has temporarily removed all job adverts from its website. Visitors now see a message stating: 'Sorry you can't search or apply for roles right now, we're working hard to be back online as soon as possible.' Tired of too many ads? go ad free now Cybersecurity experts have warned UK businesses against data breaches According to a report by BleepingComputer, Britain's National Cyber Security Centre has also advised all organisations to audit their help-desk procedures to identify and prevent such incidents. In a joint blog post (seen by Bleeping Computer), Jonathon Ellison and Ollie Whitehouse, national resilience director and chief technology officer at Britain's cyber security centre, respectively, said: 'Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant. Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared.' Investigators have confirmed that it was a ransomware attack. Ransomware is malicious software that infiltrates computer systems, encrypts critical data or files, and demands payment, often under threat of leaking or selling the stolen information. Security experts speaking to the BBC have attributed the breach to a ransomware group known as 'DragonForce,' which rents its malware tools to other criminals. This arrangement makes it difficult to identify the exact actors, though many in the cybersecurity community suspect a teen hacker collective called Scattered Spider. Meanwhile, the Metropolitan Police have confirmed they are investigating the incident.
Forbes
05-05-2025
- Business
- Forbes
Government Security Warning Issued As Password And 2FA Hackers Strike
Act now to prevent ransomware strikes, NCSC warns. Criminal ransomware gangs have no moral or ethical compass; we have seen that proven time and time again in attacks aimed directly at blood banks and even hospitals. The latest target, however, would appear to be the retail sector in the U.K. with devastating ransomware attacks disrupting the business of high-street names such as Marks & Spencer and The Co-Op, even global luxury brands such as Harrods have not escaped the cybercrime crosshairs. With threat actors such as The ToyMaker specialising in the acquisition of compromised passwords and stolen 2FA codes to facilitate initial access to target systems, it has never been more important to take action to prevent becoming yet another ransomware statistic. The U.K. government's National Cyber Security Centre has now issued a security warning concerning the dangers of the latest attacks and has recommended six critical mitigations. Here's what you need to know and do as a matter of some urgency. The NCSC works with law enforcement, intelligence and security agencies within the U.K. as well as with international partners in order to 'provide effective incident response to minimise harm to the U.K., help with recovery, and learn lessons for the future,' when it comes to the threat from cyber attacks of all kinds. It should come as no surprise that it has been heavily involved, therefore, with the ongoing ransomware attacks against the retail sector. Although, at this stage of the investigations, it is has not been possible to say if the attacks are linked to a single threat actor or the result of opportunistic attacks, even maybe a vulnerability in a shared service provider within the supply chain of the victims, what the NCSC has been able to do is issue an advisory with recommended mitigations that should be applied immediately. Authored by the NCSC's national resilience director, Jonathon Ellison, and chief technology officer, Ollie Whitehouse, two of the best in the cybersecurity business, you would be well advised to take note and apply the mitigations as soon as possible if you are in the retail sector, and adapt them where applicable to other businesses. Above all else, do not ignore this security warning from the NCSC, no matter what country you are in, or what your organization does, unless you want to become another victim of the ransomware plague.
