Case study
Lead the market
Addressing the challenges of Internet of Things security via policy, thought leadership and research. NCC Group works extensively on the challenges of Internet of Things (IoT) security, driving improvement at government level and across various industrial sectors. The proliferation of embedded connected devices poses a substantial risk to nations, enterprises and consumers and the threat of exploitation is only increasing. In the past year we have helped shape legislation and regulation of IoT security through engaging and educating politicians working on the Product Security and Telecoms Infrastructure Bill in the United Kingdom. Where the UK has led, other countries are following, including Australia and Singapore, ensuring the Group’s influence is seen globally. NCC Group’s Global Chief Technical Officer participated in several Atlantic Council forums, a US think tank in the field of international affairs. We proposed novel incentives for IoT device manufacturers to drive improved cyber security, such as using the sustainability pillars of environmental, social and governance (ESG) and introducing forced buyback for end-of-life devices to drive systemic change. Our applied security research teams: • Demonstrated fundamental weaknesses in technologies such as Bluetooth Low Energy with regards to relay attacks • Discovered and exploited vulnerabilities in printers, network attached storage, firewalls, routers, 5G core network components and embedded cryptographic libraries • Demonstrated weaknesses in Field Programmable Gate Arrays (FPGAs) • Issued guidance on the use of embedded components in a secure manner for designers and manufacturers
Deliver world-class research and thought leadership coupled with leaders who can engage audiences and convey our message across all channels
What we said we would do Continue investment in high impact research
What we have achieved • Published 100 blog posts and 40 technical advisories on our dedicated research blog, attracting a quarter of a million visitors • Released 20 open-source tools, and contributed to security standards development for C, Kubernetes and post-quantum cryptography • Our consultants have been recognised as some of Microsoft Security Response Center’s (MSRC’s) most valuable security researchers • Participated in UK government forums on Quantum Communications and connected places as independent experts • Continued to build our commercial research services resulting in numerous engagements for large US-based technology companies • Delivered the second of our industry acclaimed annual research reports
KPIs
4,841 research days including GMS (2021: 6,043)
65 conference presentations, 41 at Tier 1 venues (2021: 51)
Future focus NCC Group continues to drive the concept of “cyber as a science” as a fundamental aspect of what we do. We see it as crucial to build strong evidence for what works where, against which threats and with what limitations. Similarly, being able to measure and quantify the “before” and “after” is critical so we can truly evaluate material changes in organisations’ resilience posture. Beyond these fundamental drivers, we will continue our research focus on the security of machine learning, open source, smart cities and 5G along with nascent programmes around the metaverse ecosystem and future finance technologies.
Link to risks
1 2 4
5 6 7 8
10
29
Made with FlippingBook Online newsletter maker