• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

Cyber-security

Coding

Cardiff home to Europe’s first cyber attack research centre

960 640 Stuart O'Brien

A new research centre aimed at tackling cyber attacks has been launched in Cardiff.

The Centre of Excellence in Cyber Security Analytics has been set up by Airbus Defence & Space and Cardiff University, located at the university’s School of Computer Science and Informatics. It’s the first centre of its kind in Europe.

The research carried out will aim to protect corporate IT networks, national infrastructure and intellectual property, along with data analytics and artificial intelligence for cyber-attack detection.

The university has been awarded £2 million to develop and create software that is able to detect cyber threats.

“Cyber security analytics is about improving our resilience to cyber-attacks through data modelling to detect and block malicious behaviour before it causes its full impact,” said Dr Pete Burlap, the centre’s director.

“But (it’s) also about understanding what motivates the behaviour, what its likely impact will be, and how to communicate security alerts among decision and policy-makers.”

Dr Kevin Jones, head of cyber security innovation at Airbus, said collaborating with universities was “a key approach in the future protection of critical systems”.

He said the centre would enable the rapid transfer of research into operational activities and ensure researchers are able to access the latest techniques and data.

Cyber security is a priority research area at Cardiff University, with collaborative projects receiving more than £5 million in funding from UK Research Councils (EPSRC, ESRC), Welsh Government (Endeavr Wales) and Industry (Airbus).

www.cardiff.ac.uk

NATO-Foreign-Ministers

NATO to upgrade its IT & satellite technology for 3 billion Euros

960 640 Stuart O'Brien

A senior official at the NATO Communications and Information Agency has revealed how the organisation are set to spend over 3 billion euros (£2.6 billion) upgrading its satellite and computer technology over the next three years.

Plans include a 1.7 billion euro investment upgrading satellite communications  in a bid to support troops more effectively, along with aiding the use of Unmanned Aerial Vehicles (UAVs) or ‘drones’.

The investment is a result of realisation by the North Atlantic Treaty Organisation (NATO) that modern warfare is fought as much online as in traditional air, sea and land combat, with the new technology helping to deter hackers and cyber terrorism.

It is not yet clear whether NATO allies would fund a new military communications satellite to be launched into space, or whether an increase in broadband capacity could be gained from existing US and other allied satellites.

Back in January of this year, non-NATO member Japan launched its first military communications satellite to help boost the broadband capacity of its Self Defence Forces, reinforcing an island chain stretching along the southern edge of the East China Sea.

The NATO official also revealed that proposals include around 800 million euros invested in upgrading computer systems that help command air and missile defences, although some of the funding was yet to be approved by NATO governments.

Improving the protection of NATO’s 32 main locations from cyber attacks would cost 71 million euros. A further 180 million euros is to be spent to provide more secure mobile communications for alliance soldiers in the field.

The proposals are likely to attract major Western defence contractors including Airbus Group, Lockheed martin Corp and Raytheon.

NATO prevents contractors from non-NATO companies of bidding, although Russian or Chinese suppliers are allowed if there is a specific need that allied companies cannot provide.

www.nato.int

Total Security Summit logo

Crises, CCTV and Cyber Crime top the total security summit

800 450 Jack Wynn

The global landscape has experienced a rather monumental change over the last year, with security being more relevant than ever as we go into 2017.

The first Total Security Summit of the year is determined to address these issues and uncertainties in a bespoke two-day event for security professionals.

Meet, share, connect and debate business relevant to your current and future projects with matchmade face-to-face meetings, experience a day of dining, drinks and discussion as you network with fellow business professionals and attend seminars covering a range of relevant topics.

Reaching a landmark age in political global challenges and uncertainties, it’s vital to prepare for the future, protecting crowded areas, addressing terror threats and discussing counter-terrorism is Dr Anna Maria Brudenell, Lecturer in Military and Security Studies,
Cranfield Defence and Security for the first seminar on Global Security Strategy.

As terror threats continue to rise and evolve without warning, discussing and understanding the implications is crucial to develop your security in a crisis. Chris Phillips, Managing Director, International Protect and Prepare Security Office (IPPSO) is presenting seminar 2 on Crisis Management and Communications

Video surveillance is being used in greater quantity and with higher quality expectations, with Britain among the leaders in CCTV operation, but are the benefits worth the cost? With few resources and increasing legal parameters, Simon Lambert, Independent CCTV Consultants, Lambert Associates is discussing  CCTV and Video Surveillance in seminar 3.

axis-excell-4

John Marsden, Head of Fraud, Equifax, is discussing how to identify and tackle theft as it happens, assessing risk, detecting threats and ensuring on-going training in Seminar 4: Keeping your Business’ Cash and Assets Safe and Secure

Going into your second day, and following morning networking, James Willison, Founder, Unified Security Ltd goes digital. As our dependency on technology grows, many companies are more vulnerable than ever, between data and privacy risks to ransomware, hackers are becoming more sophisticated, and businesses need to adapt quickly for Seminar 5 on Cyber Crime – the United Security Response.

With a continuing rise in companies at risk of fraud, from physical fraud to high level hacking, security needs to be tight across the board, and the final seminar before more discussion and networking addresses these fears. Fraud Prevention with David Lee, Fraud Prevention Manager, Transport for London sees the summit almost to a close.

Taking place between the 13-14 March at the Radisson Blu Hotel, London Stansted, this year’s Total Security Summit is the industry go-to for professionals.

To secure a complimentary delegate place at either of the two annual Total Security Summit events, call Liz Cowell on 01992 374 072 or email l.cowell@forumevents.co.uk.

Or, to attend either event as a supplier, call Nick Stannard on 01992 374 092 or email n.stannard@formumevents.co.uk.

For more information, visit www.totalsecuritysummit.co.uk.

Guest Blog, Tom Lysemose Hansen: Raising cybersecurity awareness in a mobile world

840 520 Jack Wynn

Promon founder and CTO Tom Lysemose Hansen, who has extensive experience in IT security and risk analysis and founded the company more than 10 years ago, analyses how companies tackle the growing threat of cyber-attacks, from the pros and cons of raising awareness among their customers, to the in-house cybersecurity talent shortage…

Mobile phones have become indispensable elements of our daily lives, from booking an Uber to checking the bank account, from online shopping to storing addresses and names. It even goes beyond that: with the steady rise of the Internet of Things (IoT), smartphones can now unlock your front door or start your car’s engine. While many laud the convenience and simplicity of modern mobile technology, cybercriminals are waiting for mobile users to make one single mistake to compromise their personal data.

Because mobile phones are an everyday item, human error, when it comes to safe usage, is unavoidable. Let your guard down for one second, and an innocent-looking email turns out to be a phishing one; one wrong click, and malware is up and running on your device. But it gets worse. They say identifying the problem is the first step towards solving it. The problem is that, according to a recent study by Promon, an overwhelming 89 per cent of users wouldn’t know if their smartphone has been infected. This leaves potential for an enormous amount of data to be exposed to hacking attacks.

Educating users about the threats of cybersecurity and how to protect their own data is one solution. But beyond individual users there are SMEs, multinational corporations, and banks, all of whom are storing and handling sensitive data. Should companies rely on the best judgement of their customers and employees when it comes to protecting enterprise apps? Users’ lack of awareness of the risks can lead to a disaster, not only at a personal level, but also for businesses across every sector.

Consumers need to be better educated about the threat of cyberattacks, that much is clear. But the ultimate responsibility lies within companies holding the know-how, financial support and immense decision-making power. The same study conducted by Promon shows that 43 per cent of users rely on passwords as the most popular security measure. This comes after numerous data breaches involving high-profile companies, such as Dropbox, Last.FM, Netflix and Yahoo. Clearly, businesses can no longer rely on the password and those who use them.

Despite repeated calls by industry experts, the problem is amplified by a shortage of cybersecurity professionals, as a consequence of insufficient education and lack of support from governments. It leaves organisations vulnerable, and while in-house talent shortage presents a challenge across every industry sector, companies need to take their fate in their own hands to ensure all employees are trained accordingly.

UK businesses are not the only ones fighting to gain their customers’ trust and keep their data safe, with US officials announcing that cyber attacks have quadrupled since last year and are increasingly targeting businesses, and companies in Australia and New Zealand being targeted by a ransomware campaign. The scale of the problem is a global one, and our response needs to be equally wide-ranging.

Another study conducted across as many as eight countries, including the UK, shows that four out of five respondents believe there is a shortage of cyber security skills, and 71% feel that this leads, subsequently, to direct and measurable damage.

The pressure that companies are under to tackle security threats is undeniable, but there is certainly cause for optimism. A growing awareness of cybersecurity among young people, topped up with alternative, hands-on leaning methods widely available on the market – such as Raspberry Pi – mean there are computer science enthusiasts than ever before, and it is the employers’ responsibility to guide and train these people, or at least loosen up entry requirements for jobs in cybersecurity.

Alternative, non-traditional options of training should be accepted for entry-level jobs; cybersecurity skills are not always gained through formal higher education and companies need to take a dynamic approach towards protecting their data and safeguarding their online presence. Mobile cybersecurity is still a relatively new discipline compared to traditional cybersecurity, so dynamism in building skills is even more important here.

It is important that businesses exploit the full potential of the cybersecurity environment. Companies need to act quickly to overcome the skills shortage, while governments need to implement long-term plans to make cybersecurity awareness the norm for all. This is no simple task, but tapping into the talent businesses already have at their disposal is a good place to start.

promon.co/

Donald Trump accepts Russian intelligence hacking

Donald Trump ‘accepts’ Russian cyber attacks on US election

837 506 Jack Wynn

REUTERS: Toni Clarke / Dustin Volz

President-elect Donald Trump accepts the US intelligence community’s conclusion that Russia engaged in cyber attacks during the US presidential election and may take action in response, his incoming chief of staff said on Sunday.

Reince Priebus said Trump believed Russia was behind the intrusions into the Democratic Party organisations, although Priebus did not clarify whether the president-elect agreed that the hacks were directed by Russian President Vladimir Putin.

“He accepts the fact that this particular case was entities in Russia, so that’s not the issue,” Priebus said on Fox News Sunday.

It was the first acknowledgment from a senior member of the Republican president-elect’s team that Trump had accepted that Russia directed the hacking and subsequent disclosure of Democratic emails during the 2016 presidential election.

Trump had rebuffed allegations that Russia was behind the hacks or was trying to help him win, saying the intrusions could have been carried out by China or a 400-pound hacker on his bed.

With less than two weeks until his January 20 inauguration, Trump has come under increasing pressure from fellow Republicans to accept intelligence community findings on Russian hacking and other attempts by Moscow to influence the November 8 election. A crucial test of Republican support for Trump comes this week with the first confirmation hearings for his Cabinet picks.

A US intelligence report last week said Putin directed a sophisticated influence campaign including cyber attacks to denigrate Democratic presidential candidate Hillary Clinton and support Trump.

The report, commissioned by Democratic President Barack Obama in December, concluded vote tallies were not affected by Russian interference, but did not assess whether it influenced the outcome of the vote in other ways.

Esoteric

Esoteric awarded ISO 27001 Information Security

860 470 Jack Wynn

Esoteric, a global counterespionage and electronic sweeping company, has announced that after a rigorous evaluation of its information security processes is has been granted ISO 27001 Certification by British Standards Institution (BSi).

Accreditation demonstrates Esoteric’s commitment to information security, both of internal data and that of its clients and partners – who entrust them with their valuable sensitive information.

Compliance with the International Organization for Standardization’s (ISO) strict requirements highlights a commitment to using best practice, providing clients and partners reassurance with the handling and protection of their information.

Peter Gregg, Operations & Compliance Manager stated: “We place the highest priority on information security, our ISO 27001 certification demonstrates our commitment to continual improvement and confirms our policies and practises comply with the most stringent standards.”

Emma Shaw, Managing Director remarked: “We recognise that information is one of a company’s most valuable assets – any risk to the integrity of that data can make or break a business – security threats impact a company financially, impede expansion, prevent client attraction, damage assets and above all impact reputation.”

Industry Spotlight: Are CCTV images too low quality to identify criminals?

800 450 Jack Wynn

No organisation wants to breach the Data Protection Act (DPA) because doing so would have serious consequences for their business: fines, bad publicity and even criminal sanctions. However, many do not realise that the Act also applies to the CCTV systems they may use to secure their premises, as well as protect tenants or staff members.

Businesses typically install CCTV to protect staff and their assets. Nonetheless, according to our recent survey, many worry that the images they are collecting are not actually good enough to identify perpetrators should criminal activity take place. This leaves them wide open to breaching the DPA, which states that data recorded with the purpose of identifying individuals performing criminal activities must be of sufficient quality to do so, otherwise its capture is unjustified.

For a CCTV system to serve its purpose, i.e. to deter crime and protect people while meeting the demands of the DPA, the recordings must be of sufficient quality to identify individuals performing criminal activity and be easily accessible by the police, with the right credentials to be used as evidence, such as accurate timestamping.  

Only footage relating to the purpose of the CCTV system should be recorded, so it is important to be able to schedule recording periods, redact areas of a camera ‘s view to prevent collateral intrusion and ideally to trigger recording by way of an event such as motion detection. Any recordings taken must be stored securely to prevent unauthorised access and hacking; this means using encryption wherever possible.

All concerns around the effectiveness of CCTV, from image quality, secure access and image sharing to accurate time-stamping, can easily be addressed through integration with the Internet of Things (IoT). Cloud based solutions enable users to record and store high definition images and video footage securely. Data can be fully encrypted and time stamped, then stored securely with access available through an authorised web-enabled device. Such systems are designed to handle large volumes of data and are also highly scalable to accommodate any future growth of a business such as new locations and the need for increased security. 

Using the cloud makes sharing of images easy within a highly-secure, proven technology platform, thus crowdsourcing a community which can help to piece together any suspicious activity. Some can also be retrofitted to existing systems without the need to replace cameras or cabling, enabling users to take advantage of the IoT with minimum additional cost.

Not only does this make the data much safer but it is also easier to use, giving users secure, encrypted storage for high quality images, accurate time and date stamping and immediate access to their data if it is needed by the police – helping to ensure that even older analogue systems comply with the DPA and providing peace of mind that their physical assets and their people are protected.

CCTV may seem like an unlikely area for concern, and the data it collects may seem very innocuous in comparison with other personal data. However, with the potential of heavy fines and even criminal sanctions applying to any breach of data protection regulations, organisations need to ensure that they take the quality and security of their CCTV extremely seriously.

Words by James Wickes, CEO and co-founder of Cloudview

Global cyber security confidence falls to ‘C-‘ average grade…

800 450 Jack Wynn

Global confidence in the ability to assess cyber risk accurately has dropped 12 percentage points during the course of 2016, according to the second annual Global Cybersecurity Assurance Report Card by Tenable Network Security.

Soliciting insights from 700 security practitioners in nine countries, the majority gave global cyber security readiness a ‘C-’ average with an overall score of 70 per cent.

Cloud software as a service (SaaS) and infrastructure as a service (IaaS) were two of the lowest scoring Risk Assessment areas in the 2016 report. SaaS and IaaS were combined with platform as a service (PaaS) for the 2017 survey and the new ‘cloud environments’ component scored 60 percent (D-); a seven point drop compared to last year’s average for SaaS and IaaS.

Risk Assessment for mobile devices dropped eight points from 65 per cent (D) to 57 percent (F); correlating with being identified alongside IaaS and SaaS in last year’s report as one of the biggest enterprise security weaknesses.

Cris Thomas, strategist at Tenable Network Security said: “Today’s network is constantly changing — mobile devices, cloud, IoT, web apps, containers, virtual machines — and the data indicate that a lot of organisations lack the visibility they need to feel confident in their security posture.

DevOps technology was acknowledged as transforming the way software teams collaborate through increased consistency and automation, but 57 per cent of respondents said it could bring new security concerns in the ability to assess security during the DevOps process.

Thomas added: “It’s pretty clear that newer technologies like DevOps and containers contributed to driving the overall score down, but the real story isn’t just one or two things that need improvement, it’s that everything needs improvement.”

Download the full report here

UK must prepare for increased transport cyber-security threat…

800 450 Jack Wynn

A new report from Transport Systems Catapult (TSC) suggests the UK transport sector needs to increase its focus on cyber-security in the face of ‘rapidly emerging’ technological developments.

The report – supported by The Institute of Engineering Technology (IET), the Digital Catapult, IBM and the Intelligent Mobility Partnership (IMPART) – cites a number of trends in mobility, cyber-security, technology and society that are making the environment ‘much more complex’ to deliver safe, secure, and reliable infrastructure and mobility services.

The emergence of a global ‘Intelligent Mobility’ market is one particular example highlighted by TSC, featuring the Internet of Things (IoT), automated vehicles and increasing use personal data to create services tailored to the individual. This could potentially add another layer of complexity into an already vulnerable transport network, as well as open new cyber-threats.

Andrew Everett, chief strategy officer at TSC said: “The cyber security issues faced by transport in the future will not simply be an acceleration of the current constant, with more cyber-attacks. The way we move people and goods around the globe is undergoing a radical change.

“It is being driven by technological advances such as wireless communications, smart devices, Open Data, the Internet of Things and more recently artificial intelligence. The surface area of potential attacks is set to increase significantly and the transport industry needs to get to grips with this immediately.”

A further example is the rush to automation, for trains, buses and cars. Current detection and action times on cyber incidents is measured in days, weeks and even months, however TSC warns that autonomous vehicle systems will require detection, identification and resolution within seconds to prevent serious safety consequences.

Anna Bonne, head of Sector – Transport at the IET, added: “Intelligent mobility has huge potential to transform the way we travel. The UK is leading the world in this area especially through its trials of autonomous vehicles.

“Operation of an autonomous vehicle will be heavily dependent on a lot of software embedded in the vehicle and their ability to communicate to other vehicles and the road infrastructure, so it is crucial that all aspects of cyber security are considered carefully. This report aims to raise awareness of the cyber security challenge in intelligent mobility and ensure that cyber security is considered at the design phase and not as an afterthought.”

Read the full report here

Online retailers must be transparent after a data breach, says NTT Security…

800 450 Jack Wynn

Online shoppers in the UK are demanding retailers to be honest and transparent on whether they have suffered a security breach, a survey commissioned by NTT Security has revealed.

When asked what retailers could do to help build consumer trust whilst online shopping, 80 per cent of the 500 survey respondents said they expect more transparency following a breach, as well as more secure payment options and for retailers to insist on regularly changing and using strong passwords.

Further to worrying about the risk of paying online and identity fraud, the majority are also concerned about the privacy of personal information (63 per cent), a site being fake (63 per cent) and the risk of being sent ‘phishing emails’ that link to malware (60 per cent).

Stuart Reed, director at NTT Security said: “The retail sector is among one of the most targeted industries for attacks and, with one of the busiest trading periods of the year now upon us, it makes sense that both consumers and retailers are diligent in terms of data security.

“While some shoppers are happy to continue using sites, even when they have been breached, they are also anxious for retailers to let customers know when they have been hacked. Consumers certainly seem to be growing in security awareness when online; more savvy, they are willing to take responsibility for their own security to some extent, but they are also more demanding of retailers and expect to see privacy and security polices displayed clearly on websites.”

However, only 18 per cent would permanently stop using a retailer’s website if a security breach was exposed and a third admit they would carry on using an online store but would upgrade their security.

More than 40 per cent believe retailers should publish their privacy policies to allow customers to see how data is being stored and managed, while a third (32 per cent) want stores to listen and respond to customer concerns via social media to help build consumer trust.

 

Read more on the research, including five top tips on how retailers can mitigate cyber risks here