New Joint International Cyber Project: Loss Prevention Practices Still Needed

The UK's Ministry of Defense (MoD) is teaming up with the U.S. Defense Advanced Research Projects Agency (DARPA), and the Canadian Department of National Defense (DND) to work together on cybersecurity.

The idea is to jointly research, develop, test, and evaluate technologies for AI, cyber, resilient systems, and information-related technologies in the defense sector, all based on real-world challenges.

One joint research project already underway is the Cyber Agents for Security Testing and Learning Environments (CASTLE) program, which trains AI to autonomously defend networks against advanced persistent cyber threats.

Meanwhile, DARPA said researchers are working on interoperable defensive cyber capabilities and creating test beds that simulate a network architecture. The aim is to create AI-based defensive software to assess, categorize, and generate a response to cyber threats more quickly.

Other research and development areas in the pipeline include human-AI teaming, including military medical triage, and defining and creating trustworthy AI systems. The countries will also work together to protect, monitor, and detect attacks on networks, and to produce new tools and policies aimed at speeding up the certification of software. "UK, US, and Canadian defense agencies team up to drive cybersecurity research" www.itpro.com (Sep. 23, 2024).

Commentary

Cooperation among the governments of the U.K., the U.S., and Canada is not a new concept. The security services of these three countries, along with New Zealand and Australia, make up the so-called Five Eyes Nations, which work together to combat cyberterrorism, and this latest announcement is an extension of that collaboration.

Organizations of any size and sector need not be a target of a foreign threat to sustain cyber losses. A breach of your network resulting in stolen data can originate from across the world, from the cubicle of a disgruntled employee down the hallway, or from the mistake of another employee, who inadvertently clicks on a link, giving access to your network.

Canadian organizations should make employee education the top priority. An IBM Security Study found that more than "95 percent of all incidents investigated recognize human error as a contributing factor." https://taproot.com/are-95-of-data-security-breaches-caused-by-human-error/

The most common employee errors reported were:

  1. "Sending emails to the wrong person.
  2. Sending the wrong attachment in an email.
  3. Responding to/falling for a phishing attack."

Employees reported these mistakes were made because they were "distracted, stressed, tired, or working quickly."  https://taproot.com/are-95-of-data-security-breaches-caused-by-human-error/
Teaching employees to slow down, identify, and avoid social engineering phishing attacks will stop most threats before they begin.

Finally, your opinion is important to us. Please complete the opinion survey: