Latest news with #Secureworks
Business Mayor
15-05-2025
- Automotive
- Business Mayor
‘Source of data': are electric cars vulnerable to cyber spies and hackers?
Mobile phones and desktop computers are longstanding targets for cyber spies – but how vulnerable are electric cars? On Monday the i newspaper claimed that British defence firms working for the UK government have warned staff against connecting or pairing their phones with Chinese-made electric cars, due to fears that Beijing could extract sensitive data from the devices. Here we look at whether there are problems with electric cars and security. Security experts spoken to by the Guardian say electric cars – the most advanced road vehicles on the market – could be exploited by hackers. Rafe Pilling, the director of threat intelligence at the cybersecurity firm Secureworks, says electric cars have myriad ways of generating data that is of interest to hostile states, given the microphones, cameras and wifi connectivity they contain. 'There are lots of opportunities to collect data and therefore lots of opportunities to compromise a vehicle like that,' he says. He adds that wifi or cellular connectivity, which allows a manufacturer to update a car's operating software – known as an 'over the air' capability – could allow data to be exfiltrated. 'A modern vehicle that has over the air update capabilities – which is crawling with computers, various radios, Lidar sensors and external cameras – could well be repurposed as a surveillance platform,' he says. A mobile phone connected to the car, whether via a charging cable or Bluetooth, is another source of data, he says. Experts say car owners in sensitive industries or in political and government positions should exercise discretion. 'If you are an engineer who is working on a sixth-generation fighter jet and you have a work phone that you are connecting to your personal vehicle, you need to be aware that by connecting these devices you could be allowing access to data on your mobile,' says Joseph Jarnecki, a research fellow at the Royal United Services Institute thinktank. Nate Drier, a tech lead at the cybersecurity firm Sophos, says concerned drivers or passengers can click the 'don't trust' option when they connect their phone charger with the car – but they then lose out on all the benefits that ensue, from using music streaming apps to messaging. 'I would assume most people are allowing that connection to happen so they can have all the benefits of the features on that phone,' he says. Pilling adds that hire car users should take note as well. 'In general, it's a bad idea to sync your phone or device with a vehicle that isn't yours, as you can leave copies of contacts and other sensitive data in the car entertainment and navigation system and most people forget to wipe this after they leave a hire car,' he says. China is a major manufacturer of electric vehicles (EVs) through brands including BYD and XPeng. This, allied with the Chinese state's use of cyber-espionage, makes those cars a source of potential concern. China's National Intelligence Law of 2017, for instance, states that all organisations and citizens shall 'support, assist and cooperate' with national intelligence efforts. 'Chinese law obliges Chinese companies to cooperate with state security, so one has to assume that if a car is capable of spying on you it may be misused to do so,' says Prof Alan Woodward, a computer security expert at the University of Surrey. There is 'no evidence' in the public domain to point to use of Chinese vehicles in such a way, he adds. However, experts also wonder if China would risk causing serious damage to a key export sector such as EVs by making it a vector for intelligence gathering. Mobile phones, smart watches and other wearable devices are more likely targets for espionage. A government spokesperson would not comment on specific security measures, but said: 'Protecting national security is our top priority and we have strict procedures in place to ensure that government sites and information are appropriately protected.' A more detailed statement was made last month by the defence minister Lord Coaker, who said the Ministry of Defence (MoD) was 'working with other government departments to understand and mitigate any potential threats to national security from vehicles'. He said the work related to all types of vehicle and 'not just those manufactured in China'. Referring to an i report that the MoD had banned EVs with Chinese components from sensitive sites and military training bases, he said there were 'no centrally mandated policy restrictions on the movement of Chinese manufactured vehicles'. However, he said individual defence organisations – a reference to public and private entities – may have stricter EV requirements on certain sites. BYD has been contacted for comment. XPeng said it was 'committed to continuously adhering to and complying with the applicable UK and EU privacy laws and regulations'. The SMMT, the trade body for UK carmakers and traders, told the i: 'All manufacturers with cars on sale in the UK must adhere to relevant regulations on data privacy, and EVs are no different. 'The industry is committed to upholding a high level of customer data protection, including proportionate use of data, including apps and paired mobile phones, which can be removed from cars according to individual manufacturer instructions, giving peace of mind to motorists.' READ SOURCE
Tahawul Tech
07-05-2025
- Business
- Tahawul Tech
Check our spectacular Infosec & Cybersecurity Congress 2025
ISACA UAE and tahawultech recently hosted the 2025 edition of the Infosec & Cybersecurity Congress at the impressive Habtoor Grand Resort, Autograph Collection, JBR Dubai. Under the banner of 'Securing the Intelligent Age' the event sought to focus on delving deep into the evolving cybersecurity landscape, providing industry leaders, experts, and security professionals with practical insights to navigate today's digital threats. The digital landscape is evolving at an unprecedented pace, with AI, quantum computing, and blockchain reshaping the way we operate. While these technologies unlock vast potential, they also introduce new complexities and vulnerabilities that demand robust cybersecurity strategies. The event opened with a welcome speech by Sandhya D'Mello, Editor, CPI Media Group which was then followed by opening remarks from Tuteja, CGEIT, CRISC Ex-President, ISACA UAE Chapter on 'The imperative of Digital Trust focusing on securing our interconnected future'. The first panel discussion followed titled, 'Navigating the trust deficit in the Intelligent Age focus'. The speakers included Taskeen Khan, Aditya Kaushik from ZMI Holdings, Padam Sundar Kafle from Aster Digital Health and Jayesh Nandanan from Mediclinic Middle East. After a short break the proceedings resumed with a keynote speech from Gopan Sivasankaran, General Manager, META Secureworks, a Sophos company titled 'Think like Attackers – The Shift beyond EDR'. Afterwards, we proceeded to the next panel discussion titled, 'AI's double edge in the perfect storm – Navigating security paradoxes amidst converging global risk'. The speakers included Dhiraj Sasidharan, Oma Martins – Okonkwo from IHS Towers, and Annu Chouraria. Our final panel discussion was on 'Building resilience – Strategy, culture, and digital trust in the age of uncertainty'. The speakers included Faisal Khan from Dubai World Trade Centre, Zahid Altaf from Majid Al Futtaim Holding LLC, Abraham Rabind Parbhunath from the Federal Authority for Nuclear Regulation and Muhammad Musa Mazhar from Liva Group. As the event drew to a close, we hosted a fireside chat between Harriet de Morton, SASE Sales Manager for Middle East & Africa HPE Aruba Networking and Shijeesh Sahadevan, WAN & Security transformation Expert HPE Aruba Networking. After that it was time for awards ceremony to reveal who had won a CISO Infosec & Cyber Risk Leadership Award. The full list of winners are as follows: CISO Infosec & Cyber Risk Leadership Awards Dhiraj Sasidharan – Emirates NBD Kausar Mukeri – GEMS Education Sajjad Ahmad – DP World Anand Nataraj – Emaar Oma Martins-Okonkwo – IHS Towers Ahmed Nabil Mahmoud – Abu Dhabi Islamic Bank (ADIB) Ram Soni – Mashreq Ahmed Al Zarouni – Investment Corporation of Dubai Sunil Nair – Majid Al Futtaim Retail LLC Cybersecurity Visionary Leader of the Year Award
The Guardian
29-04-2025
- Automotive
- The Guardian
‘Source of data': are electric cars vulnerable to cyber spies and hackers?
Mobile phones and desktop computers are longstanding targets for cyber spies – but how vulnerable are electric cars? On Monday the i newspaper claimed that British defence firms working for the UK government have warned staff against connecting or pairing their phones with Chinese-made electric cars, due to fears that Beijing could extract sensitive data from the devices. Here we look at whether there are problems with electric cars and security. Security experts spoken to by the Guardian say electric cars – the most advanced road vehicles on the market – could be exploited by hackers. Rafe Pilling, the director of threat intelligence at the cybersecurity firm Secureworks, says electric cars have myriad ways of generating data that is of interest to hostile states, given the microphones, cameras and wifi connectivity they contain. 'There are lots of opportunities to collect data and therefore lots of opportunities to compromise a vehicle like that,' he says. He adds that wifi or cellular connectivity, which allows a manufacturer to update a car's operating software – known as an 'over the air' capability – could allow data to be exfiltrated. 'A modern vehicle that has over the air update capabilities – which is crawling with computers, various radios, Lidar sensors and external cameras – could well be repurposed as a surveillance platform,' he says. A mobile phone connected to the car, whether via a charging cable or Bluetooth, is another source of data, he says. Experts say car owners in sensitive industries or in political and government positions should exercise discretion. 'If you are an engineer who is working on a sixth-generation fighter jet and you have a work phone that you are connecting to your personal vehicle, you need to be aware that by connecting these devices you could be allowing access to data on your mobile,' says Joseph Jarnecki, a research fellow at the Royal United Services Institute thinktank. Nate Drier, a tech lead at the cybersecurity firm Sophos, says concerned drivers or passengers can click the 'don't trust' option when they connect their phone charger with the car – but they then lose out on all the benefits that ensue, from using music streaming apps to messaging. 'I would assume most people are allowing that connection to happen so they can have all the benefits of the features on that phone,' he says. Pilling adds that hire car users should take note as well. 'In general, it's a bad idea to sync your phone or device with a vehicle that isn't yours, as you can leave copies of contacts and other sensitive data in the car entertainment and navigation system and most people forget to wipe this after they leave a hire car,' he says. China is a major manufacturer of electric vehicles (EVs) through brands including BYD and XPeng. This, allied with the Chinese state's use of cyber-espionage, makes those cars a source of potential concern. China's National Intelligence Law of 2017, for instance, states that all organisations and citizens shall 'support, assist and cooperate' with national intelligence efforts. 'Chinese law obliges Chinese companies to cooperate with state security, so one has to assume that if a car is capable of spying on you it may be misused to do so,' says Prof Alan Woodward, a computer security expert at the University of Surrey. There is 'no evidence' in the public domain to point to use of Chinese vehicles in such a way, he adds. However, experts also wonder if China would risk causing serious damage to a key export sector such as EVs by making it a vector for intelligence gathering. Mobile phones, smart watches and other wearable devices are more likely targets for espionage. A government spokesperson would not comment on specific security measures, but said: 'Protecting national security is our top priority and we have strict procedures in place to ensure that government sites and information are appropriately protected.' A more detailed statement was made last month by the defence minister Lord Coaker, who said the Ministry of Defence (MoD) was 'working with other government departments to understand and mitigate any potential threats to national security from vehicles'. He said the work related to all types of vehicle and 'not just those manufactured in China'. Referring to an i report that the MoD had banned EVs with Chinese components from sensitive sites and military training bases, he said there were 'no centrally mandated policy restrictions on the movement of Chinese manufactured vehicles'. However, he said individual defence organisations – a reference to public and private entities – may have stricter EV requirements on certain sites. BYD has been contacted for comment. XPeng said it was 'committed to continuously adhering to and complying with the applicable UK and EU privacy laws and regulations'. The SMMT, the trade body for UK carmakers and traders, told the i: 'All manufacturers with cars on sale in the UK must adhere to relevant regulations on data privacy, and EVs are no different. 'The industry is committed to upholding a high level of customer data protection, including proportionate use of data, including apps and paired mobile phones, which can be removed from cars according to individual manufacturer instructions, giving peace of mind to motorists.'
The Guardian
20-04-2025
- Business
- The Guardian
British firms urged to hold video or in-person interviews amid North Korea job scam
British companies are being urged to carry out job interviews for IT workers on video or in person to head off the threat of giving jobs to fake North Korean employees. The warning was made after analysts said that the UK has become a prime target for hoax IT workers deployed by the Democratic People's Republic of Korea. They are typically hired to work remotely, enabling them to escape detection and send their wages to Kim Jong Un's state. Google said in a report this month that a case uncovered last year involved a single North Korean worker deploying at least 12 personae across Europe and the US. The IT worker was seeking jobs within the defence industry and government sectors. Under a new tactic, the bogus IT professionals have been threatening to release sensitive company data after being fired. John Hultquist, the chief analyst at Google's Threat Intelligence group, told the Guardian that North Korea had turned to Europe, and the UK in particular, after it became more difficult to implement its fake worker ploy in the US. He said: 'North Korea is facing pressure in the US and it is particularly focused on the UK for extending its IT worker tactic. It is in the UK where you can see the most extensive operations in Europe.' The fake IT worker scam typically works with the help of 'facilitators', or people with a physical presence in the country where the company inadvertently employing the North Korean agents is based. These facilitators carry out important assisting work such as providing false passports and maintaining a physical address in the country, where laptops are sent to the IT employee when they are hired. This laptop is then made accessible to a person working for Pyongyang, who typically does not reside in the same country as the facilitator. However, the fake workers are also known to be taking advantage of companies offering 'bring your own device' employment,which are less easily monitored. 'The bottom line is their operations have a physical presence in the UK, which is the most important step to grow across multiple sectors in the country,' said Hultquist. Hultquist said carrying out job interviews in person or on video would disrupt North Korean tactics. 'Many of the remedies are in the hands of the HR department, which usually has very little experience dealing with a covert state adversary,' he said. 'If you want to you've got to use background checks, do a better job checking physical identities, and ensuring the person you're talking to is who they claim to be. This scheme usually breaks down when the actor is asked to go on camera or come into the office for an interview.' Sarah Kern, a North Korea specialist at the cybersecurity firm Secureworks, said the threat is 'more widespread than companies realise'. She added that British firms can fight the threat by verifying candidates thoroughly and educating their HR departments about the ploy. They should then conduct in-person or video interviews to check that the prospective employee they are considering hiring tallies with who is on their CV. 'In the US it has also been fruitful to conduct in-person interviews, or at the very least video interviews, and checking that you're talking to who was actually advertised on the résumé,' she said. Kern said telltale signs that an IT worker may not be who they claim to be include frequent changes in address and where they want their wages sent – such as money exchange services rather than a conventional bank account. The bogus IT professionals are being recruited in Europe recruited through online platforms including Upwork, Freelancer and Telegram. Upwork said any attempt to use a false identity was a 'strict violation of our terms of use' and the company takes 'aggressive action to … remove bad actors from our platform'. Kern added: 'We observed that they were very avoidant of video interviews because often they're located in a working centre where there's a lot of these North Korean IT workers working from one small room. 'They wouldn't want to show their video, or it sounded like they're in a call centre, but with no actual reason as to why.'
Web Release
10-04-2025
- Business
- Web Release
Sophos Names Chris Bell as Senior Vice President of Global Channel, Alliances and Corporate Development to Lead Next Evolution of Global Channel Strategy
Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced it has named Chris Bell as senior vice president of global channel, alliances and corporate development, where he will lead the evolution of Sophos' global channel strategy. This key appointment reinforces Sophos' channel-first commitment to deliver a world-class partner experience. Bell joined Sophos following its acquisition of Secureworks, where he served as chief strategy officer, responsible for long-term vision, strategic partnerships, corporate development and strategy. Building on his career of more than two decades working in the technology industry, including nearly a decade in cybersecurity and channel; Bell's leadership will focus on developing and executing a channel strategy that prioritizes expanding reach, empowering partners and driving growth. Key priorities for Bell at Sophos will include: · Enhancing Sophos Partner Experience to make it seamless for partners to do business with Sophos at high velocity, while streamlining operations. · Continued Innovation for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) with Sophos' industry-leading cybersecurity platform, enabling superior cybersecurity outcomes for customers, enhancing operational efficiency for security analysts, and boosting profitability for partners. · Fueling Partner Growth with service delivery competencies, expanded partner enablement programs including persona-based training and fast-track training to expand partners cybersecurity expertise. · Increasing Sophos' Market Reach by leveraging the unified portfolio of Sophos and Secureworks to deliver best-in-class security technologies and services, empowering partners to enhance cybersecurity and strengthen the security posture of organizations, from commercial to enterprise. · Expanding Routes to Market by bolstering Sophos' presence across technology alliances, marketplaces and the cyber insurance ecosystem. Sophos will also continue to maintain its focus across resellers, service providers, and OEM channels. 'Partners need adaptable strategies that prioritize flexibility to stay ahead of the increasingly complex threat landscape,' said Bell. 'Unifying Sophos' and Secureworks' portfolios presents a unique opportunity to accelerate a future-ready channel program that arms partners with the technology, services, insights, and enablement needed to protect customers and fuel long-term growth.' A core piece of Sophos' channel strategy is to better equip partners in addressing the evolving security challenges faced by businesses of all sizes. By aligning more closely with partner needs and prioritizing an open ecosystem, Sophos aims to create a stronger partner network that supports customers from strategy to technology and deployment. 'Evolving our channel business to consistently deliver excellent customer outcomes is at the core of our partner go-to-market approach,' said Torjus Gylstorff, chief revenue officer at Sophos. 'We are thrilled to have Chris' strategic vision and deep channel and cybersecurity expertise to shape Sophos' channel strategy and build programs to empower partners to scale their security business.' Sophos consistently expands its service delivery capabilities and is recognized for its leadership in implementing partner feedback into its products and enablement offerings. Following the acquisition of Secureworks, Sophos is the leading pure-play cybersecurity vendor of managed detection and response services, protecting more than 28,000 global customers. Sophos also strives to streamline partner operations through initiatives like Sophos Partner Care, a 24×7 team dedicated to providing quoting, licensing and general partner account support, and Sophos Customer Success, a single point of contact for maximizing customer onboarding, retention and growth throughout the post-sales experience. Sophos Channel Recognition Sophos has been recognized as a Champion in the Canalys Global Cybersecurity Leadership Matrix 2025, underscoring its excellence in channel management and market performance. Additionally, Sophos received a 5-Star Award in the 2025 CRN Partner Program Guide and has been a recipient of the 5-Star Award for the past 12 years. The CRN Partner Program Guide is a key resource that helps solution providers identify vendor programs aligned with their business goals and committed to delivering high partner value. To learn more about the Sophos Partner Program, visit:
