SafeShark selected as finalist in DCMS ‘Most Innovative Cyber SME 2022’ competition

SafeShark has been selected as one of the UK’s 14 most creative and original information security businesses in the UK.

SafeShark, a Joint Venture between DTG Testing and Connect Devices, backed by BSI to provide the leading independent certification for new IoT cybersecurity standards, has been shortlisted in the UK’s Most Innovative Cyber SME 2022 contest, run by the Department for Digital, Culture, Media & Sport (DCMS) in partnership with Infosecurity Europe.

As a finalist, SafeShark will have a stand (M96) in the DCMS Cyber Innovation Zone at InfoSecurity Europe 2022 (21-23 June at ExCeL London) where we’ll be demo-ing the SafeShark objective and continuous testing to meet the new upcoming legislative requirements, backed by BSI certification to turn compliance into competitive edge.

A full list of 2022 finalists can be found here.

This is the seventh year the competition has been run, and is open to micro, small and medium cybersecurity businesses registered in the UK. The overall winner will be announced live on the Innovation Showcase stage at the show. Visitor registration is open here.  

Commenting on the news, SafeShark Director and DTG CEO Richard Lindsay-Davies said: “We are delighted that SafeShark has been recognised as one of the most important innovations in the cyber security space. The legislation that is now before Parliament is designed to add a layer of protection for consumers in their own homes. This award underlines that SafeShark goes beyond those mandated requirements to demonstrate to retailers and their consumers that device manufacturers have really gone the extra mile to keep their customers safe.”

New Scottish co-ordination centre to tackle cyber threats

Scotland’s ability to prevent and respond to a growing cyber threat will soon be increased with the creation of a new Scottish Cyber Co-ordinations Centre (SC3).

This £1.5 million centre will pool expertise to: share intelligence; provide early warning of cyber threat and attacks; manage incidents and lead recovery. It is a part of the Scottish Government’s Covid Recovery Strategy as they are committed to establishing a recognised, authoritative and collaborative function to combat the accelerating threat of cyber attacks.

“At times of heightened international tension, it is more important than ever to ensure that Scotland is ready to defend itself against cyber attacks […] Establishing a new dedicated cyber co-ordination centre is a bold and ambitious development for Scotland. By providing a central coordination function that pools expertise from across a number of existing or developing Centres of Excellence, we can maximise our ability to work together to address cyber threats and attacks – whether that is sharing intelligence, providing early warnings, managing incidents or leading recovery.”

John Swinney, Deputy First Minister

Read the full report here.

Report: 90% of technology decision-makers deem security a 'business priority'

According to the PSA Certified 2022 Security Report, 90% of its technology decision-maker respondents have increased the importance placed on security in the past 12 months, making it one of their top three business priorities.

The annual report, now in its second year, surveyed 1,038 technology decision-makers across Europe, USA, and APAC. They found that a third of companies believe that the risk of IoT hacks has risen during the pandemic due to widespread distributed working. A further 31% of respondents identified cost as the major inhibitor from implementing more stringent security measures.

The desire for guidance is also higher than ever, with 96% of respondents saying they would be interested in an industry-led set of guidelines on IoT best practices – considerably higher than the 84% in 2021.

Security frameworks and step-by-step guides were ranked as the most useful tools for deploying secure products to market, underlining the critical nature of education and support in shaping a more secure IoT.

Read the full report here.

Study: UK firms most likely to pay ransomware hackers

A new report by security firm Proofpoint suggests that around 82% of British firms, which have been victims of ransomware attacks, paid the hackers in order to gain back their data. The global average was 58%, making the UK the most likely country to pay cyber-criminals.

Proofpoint’s data also found that more than three-quarters of UK businesses were affected by ransomware in 2021 alone, with phishing being the key way that criminals accessed company networks.

Furthermore, only half of the companies affected by ransomware regained access to data and systems after the first payment, the research found, as criminals got greedy and demanded more money.

The fact that phishing remains the favoured method of attack for cyber-criminals means that firms need to build "a culture of security", said Proofpoint researchers.

Read the full study here.

Record levels of investment into UK’s cyber security sector

New government data shows that 1,800 UK-registered cyber security firms have generated a total of £10.1bn in revenue in the most recent financial year, a massive 14% increase from the previous financial year. The DCMS Annual Cyber Sector Report, which tracks the growth and performance of the UK cyber security sector, reveals the industry contributed around £5.3bn to the UK economy in 2021, rising from the previous year’s figure of £4bn.

More than £1bn of external investment for these UK cyber security firms was secured across 84 deals. Employment across the industry also grew by 13%, with more than 6,000 new jobs added to the UK’s 50,000-strong cyber workforce.

“Cyber security firms are major contributors to the UK’s incredible tech success story. Hundreds of British firms from Edinburgh to Bristol are developing and selling cutting-edge cyber tools around the world that make it safer for people to live and work online. We are investing in skills training and business initiatives to help the UK go from strength to strength as a global cyber power and open up the sector to people from all walks of life.”

Nadine Dorries, Digital Secretary

Read the full release here

Jan 28th is Data Protection Day – are you taking action?

Cyber security and data protection and privacy is becoming an increasingly hot topic amongst consumers. From high profile cyber attacks and hacks, to GDPR and awareness of personal permissions, the UK population is becoming ever more savvy about how their data is being used, and by whom.

Our 2021 Consumer survey report – State of the Nation – found that privacy concerns around personal data while watching TV corelated strongly with age. More than a third (36%) of all respondents said they didn’t want their personal data or viewing behaviour accessed or shared at all by or with broadcasters, advertisers and streamers/platforms. However, this rises sharply to 62% in older demographics, while only 16% of 16-25 year olds expressed any concerns.

But, the cybersecurity threat is evolving. IoT devices are increasingly a target for cyber criminals as security by design hasn't yet been properly established in such a fast-moving and emerging market.

Add to that a changing threat landscape, and new working patterns driven by the pandemic, and lines between consumer home network security and that of employers has become blurred. It means privacy and security in the home is now a critical issue for both users and employers.

The upcoming Product Security and Telecommunications Infrastructure Bill, which had its second reading in Parliament this week, is designed to set minimum requirements of manufacturers to protect consumers using connected devices, laying down a compliance baseline, but the real market opportunity lies in driving best practice in an area that is moving closer to the top of the consumer agenda.

Certification offers proactive manufacturers the opportunity to leverage first mover advantage, parlaying it into a point of differentiation and positioning themselves and their products as the most trusted on the market.

What is SafeShark?

Set up through DCMS funding, SafeShark is a Joint Venture between DTG Testing and Connect Devices, backed by BSI to provide the leading independent certification for new IoT cybersecurity standards. SafeShark certification is designed to secure consumer trust and ‘Protect, Prepare and Enhance’ product, offer and brand position.

What will basic legislative compliance look like? 

There are three security requirements for legislative compliance:

These requirements are a subset of a European IoT cyber security standard (ETSI EN 303 645) and associated test specification (ETSI TS 103 701). 

Is this enough?

However, these represent a minimum baseline requirement for compliance and on their own are not enough to build trust around a product or brand.

DCMS has said the regulation is the first step on a journey, and it is undoubtedly the rock on which secure IoT can be built – but it is not, by any means, the entire solution. Compliance alone will not represent or demonstrate good practice, but the standard does.  So, there is a unique opportunity for first movers to go beyond basic compliance and drive differentiation by forging trust with an ever more security-savvy consumer base.  Proactive manufacturers will:

Protect your customers, your business, your investors, your reputation, and your brand position.

Prepare for the legislation and increasing consumer demand before this becomes a business-critical issue.

Enhance your products and brand early on, building a reputation and trust by taking a hard consumer protection stance.

So, why SafeShark?

SafeShark’s assessment process will incorporate the requirements in the ETSI test specification that have been classified as ‘Mandatory’. But it takes manufacturers beyond that, turning compliance into a competitive edge and combining accessibility and affordability using its automated Intercept software.

Preparation and protection

The UK Government has said the legislation will adapt over time to remain effective. Additionally, with European requirements also being developed, the SafeShark assessment process will ensure products are prepared for future developments, protecting customers, shareholders, and brand trust. 

Support

We are here to support manufacturers, help navigate the legislation, ease the burden of in-house testing and self-certification, and ensure your products demonstrate appropriate security certification.

Independent

Going beyond basic compliance, the BSI mark demonstrates a rigorous, objective, and independent verification of a connected device’s security - offering peace of mind to consumers and shareholders, and giving manufacturers a genuine, certified point of differentiation on shelf. 

Uniquely placed

Our proprietary testing platform – Intercept – is the only pass/fail model in this market providing repeatable, objective results. Our UKAS-accredited lab in Central London – the UK’s only comprehensive testing and accreditation centre for digital TV devices and services – incorporates the DTG Testing Zoo, the world’s largest independent collection of connected televisions and devices and our team of dedicated expert technologists.

Ongoing service

SafeShark’s best-in-class service ensures the device is subjected to continuous testing, throughout its market life to ensure our certification remains valid. The manufacturer and retailer remain informed and confident in the security credentials ultimately protecting the end consumer.

PSTI bill introduced to parliament for second reading

The Product Security and Telecommunications Infrastructure Bill has its second reading today, 26 January 2022. The bill would make provisions about the security of internet-connectable products and products capable of connecting to such products; to make provision about electronic communications infrastructure; and for connected purposes.

The Bill would:

This briefing explains the background and main provisions of the Product Security and Telecommunications Infrastructure Bill 2021-22.

Read it in full here.

New laws proposed by DCMS to strengthen UK resilience to cyber attacks

DCMS has launched two consultations seeking the public’s views on new proposals stated to improve the UK’s resilience to cyber attacks.

The following statement was released by the Minister for Media, Data and Digital Infrastructure:

"It is vital that cyber security is a fundamental part of our country’s digital transformation journey."

Julia Lopez
Minister for Media, Data and Digital Infrastructure

DCMS have presented three pillars, each one representing a challenge the country faces with cyber security. These are:

These pillars with be addressed through two separate consultations. The first looks at the first two challenges and aims to create a comprehensive framework for managed services and upgrading security legislation so the country can more easily manage future risks. The second focuses on embedding the standards and pathways across the cyber profession by 2025. These consultations close at 11:45pm on Sunday 10 April 2022, and 11:45pm on Sunday 20 March 2022, respectively.

The full press release can be read here.

SafeShark wins Highly Commended in Security Innovation of the Year

SafeShark, a Joint Venture between DTG Testing and Connect Devices and backed by BSI, has been awarded the Highly Commended medal for ‘Security Innovation of the Year’ at the 2021 Security Excellence Awards.

Beating fellow finalists White Bullet, Quantum Security, Stellar Cyber, Egress, Ermetic, Evina, Ava Security and Clayton, SafeShark may not have taken home the overall win (congratulations to KnowBe4) but for a brand new offering in line with legislation that only went before Parliament last week, it feels like one to us!

The 2021 Security Excellence Awards is dedicated to ‘recognising and rewarding the companies, people, products and projects that keep the rest of us safe’ and SafeShark is designed to do exactly that.

Set up through DCMS funding, SafeShark provides the leading independent certification for the IoT cyber security standards set out in new legislation that went before Parliament last week. That legislation lays down a compliance baseline, but the real market opportunity lies in driving best practice in an area that is moving closer to the top of the consumer agenda.

Our certification offers proactive manufacturers the opportunity to leverage first mover advantage, parlaying it into a point of differentiation with a ‘Protect, Prepare and Enhance’ approach to position themselves and their products as the most trusted on the market.

Get in touch today to find out more about how we can help you go beyond compliance to create competitive edge.

We are delighted that SafeShark has already been recognised as one of the most important innovations in the cyber security space. The legislation that is now before Parliament is designed to add a layer of protection for consumers in their own homes. SafeShark goes beyond those mandated requirements to demonstrate to retailers and their consumers that device manufacturers have really gone the extra mile to keep their customers safe.

Richard Lindsay-Davies, CEO, DTG

EU requirements for IoT cyber security adopted

The EC has today (October 29th) adopted the delegated act for RED (Radio Equipment Directive) which relates to cyber security.

This means that by the end of this year, the European standards bodies like ETSI will begin work on creating consumer IoT cyber security standards that can be used to demonstrate conformity to these acts.

The delegated act will come into force following a two-month scrutiny period, should the Council and Parliament not raise any objections.

There will then be a 30-month transition period, including standards development and review, before it is mandatory to conform as part of market access in the EU, likely mid-2024.

New standards will be derived from the existing IoT Cyber Security Standard EN 303 645 and its test specification TS 103 701, which are comprehensively covered on all devices by SafeShark’s BSI-backed certification scheme.

More information is available here.