Posts Tagged :

UK

Security concerns of Brits among the lowest in the world

960 640 Stuart O'Brien

Brits are maintaining their characteristic ‘stiff upper lip’ in the face of adversity, according to the latest findings from the 2019 Unisys Security Index survey.

Globally, UK consumers registered the fourth-lowest level of concern of the 13 countries surveyed on a range of security issues, with a notable dip in British concerns over national security in relation to war or terrorism – lower in 2019 with 50% seriously concerned as compared to 55% in 2018.

The 2019 Unisys Security Index surveyed more than 13,000 consumers in 13 countries, including more than 1,000 in the UK, in February and March 2019, with additional supplemental research in April 2019.

The survey gauged attitudes on a wide range of security-related issues and created an index based on their feedback. The index is a calculated score from zero to 300 based on concern about eight specific issues within the categories of national, financial, internet and personal security. 

On a scale of zero to 300, with 300 representing the highest level of concern, the UK index is now at 147 – down from 149 in 2018 – which is one of the lowest of the countries surveyed.

The global average stands at 175, with The Philippines scoring highest with an index score of 234 and the Netherlands registering the lowest concern ratings with a score of just 115. 

“The 2019 Unisys Security Index shows a typical British resolve that, while security concerns remain high across the globe, U.K. citizens are registering lower levels of concern relating to security than many,” said Salvatore Sinno, global chief security architect, Unisys. “Political upheaval, the value of the pound and growing international tensions are front and centre in the news, yet the overall Unisys Security Index score has decreased in the UK Britons really are ‘keeping calm and carrying on’ as the old slogan suggests.” 

The 2019 Unisys Security Index surveyed the public on a number of security issues relating to large-scale events. In the UK, 45% expressed serious concerns that a criminal might attack and harm event attendees, and 39% recorded serious concern that criminals might target them on street near event venues. Serious concern was also recorded in relation to the theft of credit card (45%) or personal data (43%) via mobile devices and public WIFI services at events. 

In addition, 51% of UK respondents say they have not changed plans to attend large-scale events due to security concerns, but some have taken extra precautions to secure their mobiles or wallets (28%); look out for threatening or suspicious behaviour (18%); protect their data or location (12%); or check the latest security alerts from the authorities (11%). And 9% say such threats make no difference to their plans and they take no additional precautions.

Also, 30% of those surveyed in the UK eported they will ‘think twice’ about attending large scale events due to data or physical security issues, and 21% have changed their plans to attend certain events or certain locations. 

For more results and information on the 2019 Unisys Security Index, visit www.unisys.com/unisys-security-index.

Image by Free-Photos from Pixabay

‘Growing security gap’ amid mass digital transformation

960 640 Stuart O'Brien

There’s a growing physical and cyber security gap among European businesses – almost a third (29%) of enterprises experiencing a breach last year, and only a little more than half (55%) believe their digital transformation deployments are very or extremely secure.

These findings are detailed in the 2019 Thales Data Threat Report – Europe Edition, with research and analysis from IDC.

Across Europe, more than 84% of organisations are using or planning to use digitally transformative technologies including cloud, big data, mobile payments, social media, containers, blockchain and Internet of Things (IoT).

Sensitive data is highly exposed in these environments: in the UK, almost all (97%) of these organisations state they are using this type of data with digital transformation technologies.

“Across Europe, organizations are embracing digital transformative technologies – while advancing their business objectives, this is also leaving sensitive data exposed,” said Sebastien Cano, senior vice president of cloud protection and licensing activity at Thales. “European enterprises surveyed still do not rank data breach prevention as a top IT security spending priority – focusing more broadly on security best practice and brand reputation issues. Yet, data breaches continue to become more prevalent. These organisations need to take a hard look at their encryption and access management strategies in order to secure their digital transformation journey, especially as they transition to the cloud and strive to meet regulatory and compliance mandates.”

However, not everyone is confident of the security of these environments. Across Europe, only a little more than half (55%) claim their digital deployments are very or extremely secure.

The UK is the most confident in its levels of security with two thirds (66%) saying they are very or extremely secure. In Germany, confidence is much lower at 49%.

The most common use of sensitive data within digital transformation is in the cloud. Across Europe, 90% of organisations are using, or will use, all cloud environments this year (Software as a Service, Platform as a Service and Infrastructure as a Service). These deployments do not come without concerns, however. The top three security issues for organisations using cloud were ranked as:

  • 38% – security of data if cloud provider is acquired/fails;
  • 37% – lack of visibility into security practises; and,
  • 36% – vulnerabilities from shared infrastructure and security breaches/attacks at the cloud provider.

Businesses are working hard to alleviate these concerns. Over a third (37%) of organisations see encryption of data with service provider managed encryption keys, detailed architecture and security information for IT and physical security, and SLAs in case of a data breach tied as the most important changes needed to address security issues in the cloud.

Despite more than 100 new data privacy regulations, including GDPR, affecting almost all (91%) organisations across Europe, compliance is only seen as a top priority for security spend in the UK by 40% of businesses.

Interestingly, 20% of UK businesses failed a compliance audit in the last year because of data security issues. When it comes to meeting data privacy regulations, the top two methods named by respondents working to meet strict regulations are encrypting personal data (47%) and tokenising personal data (23%).

One of the most jarring findings of the report is that almost two thirds of organisations across Europe (61%) have encountered a data breach at some stage.

The UK fares slightly better than the average for Europe with just over half (54%) of organisations saying they have encountered a breach. However, across Europe 29%, of organisations who have faced a data breach did so in the last year; a shocking one in 10 have suffered a data breach both in the last year and at another time.

For more key findings and security best practices, download a copy of the new 2019 Thales Data Threat Report – Europe Edition.

Thales also will host a webinar on Thursday, 13 June at 3:00 PM BT about “The State of Data Security in Europe.”

Image by Andreas Samuelsson from Pixabay

Government offers £6m for IoT security solutions

960 640 Stuart O'Brien

The UK government is offering up to £6 million in funding to support new ideas that can help keep connected devices and applications safe and secure.

The competition aims to join up the UK’s research base with industry to transfer knowledge and develop new products and services that tackle cyber security in the IoT.

Projects should include artificial intelligence or machine learning and have a clear plan for commercialisation.

They should focus on at least one of the following:

  • operational resilience technologies that can protect and recover data
  • intelligent control systems for industry, commercial and public sector buildings
  • protection of people living in digital homes and their smart systems

Projects could also look at complementary technologies, such as distributed ledger technologies that support the sharing of data across multiple locations, or 5G mobile networks.

Innovate UK has up to £6 million to invest in organisations with ideas that address industry-focused cyber security-related challenges.

The investment forms part of the UK Research and Innovation Strategic Priorities Fund, which supports the highest priorities identified by researchers and businesses.

It is part of a set of measures by UK government to build increased security and protections into digital devices and online services. As well as this programme, this includes an up to £70 million investment through the Industrial Strategy Challenge Fund to tackle digital security by design.

The competition opens on 18 February 2019 and the deadline for applications is at midday on 1 May 2019 – more information can be found here.

Total Security Summit logo

Crises, CCTV and Cyber Crime top the total security summit

800 450 Jack Wynn

The global landscape has experienced a rather monumental change over the last year, with security being more relevant than ever as we go into 2017.

The first Total Security Summit of the year is determined to address these issues and uncertainties in a bespoke two-day event for security professionals.

Meet, share, connect and debate business relevant to your current and future projects with matchmade face-to-face meetings, experience a day of dining, drinks and discussion as you network with fellow business professionals and attend seminars covering a range of relevant topics.

Reaching a landmark age in political global challenges and uncertainties, it’s vital to prepare for the future, protecting crowded areas, addressing terror threats and discussing counter-terrorism is Dr Anna Maria Brudenell, Lecturer in Military and Security Studies,
Cranfield Defence and Security for the first seminar on Global Security Strategy.

As terror threats continue to rise and evolve without warning, discussing and understanding the implications is crucial to develop your security in a crisis. Chris Phillips, Managing Director, International Protect and Prepare Security Office (IPPSO) is presenting seminar 2 on Crisis Management and Communications

Video surveillance is being used in greater quantity and with higher quality expectations, with Britain among the leaders in CCTV operation, but are the benefits worth the cost? With few resources and increasing legal parameters, Simon Lambert, Independent CCTV Consultants, Lambert Associates is discussing  CCTV and Video Surveillance in seminar 3.

axis-excell-4

John Marsden, Head of Fraud, Equifax, is discussing how to identify and tackle theft as it happens, assessing risk, detecting threats and ensuring on-going training in Seminar 4: Keeping your Business’ Cash and Assets Safe and Secure

Going into your second day, and following morning networking, James Willison, Founder, Unified Security Ltd goes digital. As our dependency on technology grows, many companies are more vulnerable than ever, between data and privacy risks to ransomware, hackers are becoming more sophisticated, and businesses need to adapt quickly for Seminar 5 on Cyber Crime – the United Security Response.

With a continuing rise in companies at risk of fraud, from physical fraud to high level hacking, security needs to be tight across the board, and the final seminar before more discussion and networking addresses these fears. Fraud Prevention with David Lee, Fraud Prevention Manager, Transport for London sees the summit almost to a close.

Taking place between the 13-14 March at the Radisson Blu Hotel, London Stansted, this year’s Total Security Summit is the industry go-to for professionals.

To secure a complimentary delegate place at either of the two annual Total Security Summit events, call Liz Cowell on 01992 374 072 or email l.cowell@forumevents.co.uk.

Or, to attend either event as a supplier, call Nick Stannard on 01992 374 092 or email n.stannard@formumevents.co.uk.

For more information, visit www.totalsecuritysummit.co.uk.

Esoteric

Esoteric awarded ISO 27001 Information Security

860 470 Jack Wynn

Esoteric, a global counterespionage and electronic sweeping company, has announced that after a rigorous evaluation of its information security processes is has been granted ISO 27001 Certification by British Standards Institution (BSi).

Accreditation demonstrates Esoteric’s commitment to information security, both of internal data and that of its clients and partners – who entrust them with their valuable sensitive information.

Compliance with the International Organization for Standardization’s (ISO) strict requirements highlights a commitment to using best practice, providing clients and partners reassurance with the handling and protection of their information.

Peter Gregg, Operations & Compliance Manager stated: “We place the highest priority on information security, our ISO 27001 certification demonstrates our commitment to continual improvement and confirms our policies and practises comply with the most stringent standards.”

Emma Shaw, Managing Director remarked: “We recognise that information is one of a company’s most valuable assets – any risk to the integrity of that data can make or break a business – security threats impact a company financially, impede expansion, prevent client attraction, damage assets and above all impact reputation.”

Guest Blog, Marc Sollars: Five ways UK firms can size up to GDPR compliance…

800 450 Jack Wynn

Even as Britain’s business community looks to the government for a workable Brexit plan, the shadow of much tougher data privacy regulation is falling right across UK Plc’s economy.

That’s because the EU’s General Data Protection Regulation (GDPR) is dragging citizens’ right to data privacy back to the heart of the continent’s digital economy from May 2018. And this seismic shift will apply however quickly, and most likely on whatever terms, once Britain leaves the EU.

Concern has grown in Europe for years as personal details being exposed in a connected world. But the GDPR goes way beyond previous privacy thinking, enshrining principles of ‘accountability’, and citizens’ ‘right to be forgotten’ in law – transforming day-to-day business and social interactions with digital and cloud footprints. 

The directive will pervade commerce. When trading partners agree contracts post-2018, they must decide if a workable contract involves consent; from a citizen or data subject, to the handling of personal data that isn’t needed to perform the actual contract. This ruling could upset sectors like eCommerce, or manufacturing with extended supply chains, that draw on multiple partners and data sets.

There’s no escaping the GDPR’s shadow, even with Brexit, because it:

  • Applies to those supplying goods and services to the EU from inside the union or outside; 
  • Goes into law without any enabling legislation; 
  • It takes effect before Britain can make its earliest technical Brexit, we will need different compliance regimes before and after leaving Europe.

Government ministers, the technology sector and legal commentators agree that complying with the directive will change the way that UK organisations, down to comparatively smaller businesses, operate. Post-Brexit, Britain will still need a close imitation of the GDPR to trade with European partners.

And if that hasn’t focused C-level minds, penalties for GDPR non-compliance dwarf anything seen before: offender organisations could be fined up to four per cent of turnover.

But the GDPR’s biggest impact will be on day-to-day work, since UK organisations will become directly liable for managing all the unstructured data (customer details, images and social media interactions) on their networks and in the cloud – a challenge for any business.

Legal and technology experts rightly say there is no silver compliance bullet. Boards, we are told, should take a strategic approach; driving compliance, examining privacy standards and getting their employees on board. 

But this thinking breaks down in the face of exploding cloud-based data processing levels. IT teams have little or no visibility of their data assets and their final uses, a situation only exacerbated as new cloud services come on-stream or organisations authorise bring-your-own-device (BYOD) programmes simply to stay competitive.

GDPR planning begins with visibility: as employees use cloud apps from Evernote to Netsuite, IT and security professionals are asking: where is the data – and who owns it after it leaves our offices?  When a company’s customers use, for example, OneDrive, data is accessed by customers from any device anywhere, so the corporate security team must build corporate-level checks and controls to stop easy data leakage. Well-known UK companies are beginning to deploy Cloud Access Security Brokers (CASBs) solutions for sanctioning and controlling IT applications; only employees on a patched corporate device can access the application.

At present, no team of IT suppliers can provide a complete GDPR compliance solution but suppliers such as CASBs are starting to put organisations on a practical path towards it. This is because these suppliers can integrate corporate network and application monitoring systems – delivering that essential visibility of data.

These fast-evolving capabilities enable us to set out five broad, practical measures for IT and security professionals to anticipate GDPR compliance, as well as help streamline operations, after 2018:

  • Boards must oversee systems that meet data subjects’ future requests under GDPR, such as the right to be forgotten, or requesting copies of relevant (unstructured) personal data;
  • Organisations must start to design data security into products or services – by default;
  • UK companies must plan data security and auditing processes and ways to notify stakeholders of a data breach – as well as making suppliers document their own information security processes;
  • Companies over 250 employees, or whose operations are based on data handling, will need a data protection officer to scrutinise their IT processes, data security and privacy systems;
  • Boards must operate Data Protection Assessments and train up their IT and security personnel on compliance.

It’s a lengthy list, but cloud services and related hardware technologies will transform organisations’ processing and network monitoring power – with these capabilities increasingly available to CIOs and security teams as flexible, managed services. 

There is no silver bullet. But senior IT executives are already scoping the foundations of GDPR compliance. And others will appreciate the irony that UK companies will achieve far better control and visibility of their fast-evolving cloud data processing operations through such focused innovations, even as the directive’s long shadow finally falls over us.

Marc Sollars is CTO of Teneo, a specialist integrator of next generation technology, offering global organisations optimisation solutions for networks, security, storage and applications. The company designs its solutions by understanding through consultancy and delivering through managed services. Marc is on Twitter at: @MarcatTeneo

UK must prepare for increased transport cyber-security threat…

800 450 Jack Wynn

A new report from Transport Systems Catapult (TSC) suggests the UK transport sector needs to increase its focus on cyber-security in the face of ‘rapidly emerging’ technological developments.

The report – supported by The Institute of Engineering Technology (IET), the Digital Catapult, IBM and the Intelligent Mobility Partnership (IMPART) – cites a number of trends in mobility, cyber-security, technology and society that are making the environment ‘much more complex’ to deliver safe, secure, and reliable infrastructure and mobility services.

The emergence of a global ‘Intelligent Mobility’ market is one particular example highlighted by TSC, featuring the Internet of Things (IoT), automated vehicles and increasing use personal data to create services tailored to the individual. This could potentially add another layer of complexity into an already vulnerable transport network, as well as open new cyber-threats.

Andrew Everett, chief strategy officer at TSC said: “The cyber security issues faced by transport in the future will not simply be an acceleration of the current constant, with more cyber-attacks. The way we move people and goods around the globe is undergoing a radical change.

“It is being driven by technological advances such as wireless communications, smart devices, Open Data, the Internet of Things and more recently artificial intelligence. The surface area of potential attacks is set to increase significantly and the transport industry needs to get to grips with this immediately.”

A further example is the rush to automation, for trains, buses and cars. Current detection and action times on cyber incidents is measured in days, weeks and even months, however TSC warns that autonomous vehicle systems will require detection, identification and resolution within seconds to prevent serious safety consequences.

Anna Bonne, head of Sector – Transport at the IET, added: “Intelligent mobility has huge potential to transform the way we travel. The UK is leading the world in this area especially through its trials of autonomous vehicles.

“Operation of an autonomous vehicle will be heavily dependent on a lot of software embedded in the vehicle and their ability to communicate to other vehicles and the road infrastructure, so it is crucial that all aspects of cyber security are considered carefully. This report aims to raise awareness of the cyber security challenge in intelligent mobility and ensure that cyber security is considered at the design phase and not as an afterthought.”

Read the full report here

Online retailers must be transparent after a data breach, says NTT Security…

800 450 Jack Wynn

Online shoppers in the UK are demanding retailers to be honest and transparent on whether they have suffered a security breach, a survey commissioned by NTT Security has revealed.

When asked what retailers could do to help build consumer trust whilst online shopping, 80 per cent of the 500 survey respondents said they expect more transparency following a breach, as well as more secure payment options and for retailers to insist on regularly changing and using strong passwords.

Further to worrying about the risk of paying online and identity fraud, the majority are also concerned about the privacy of personal information (63 per cent), a site being fake (63 per cent) and the risk of being sent ‘phishing emails’ that link to malware (60 per cent).

Stuart Reed, director at NTT Security said: “The retail sector is among one of the most targeted industries for attacks and, with one of the busiest trading periods of the year now upon us, it makes sense that both consumers and retailers are diligent in terms of data security.

“While some shoppers are happy to continue using sites, even when they have been breached, they are also anxious for retailers to let customers know when they have been hacked. Consumers certainly seem to be growing in security awareness when online; more savvy, they are willing to take responsibility for their own security to some extent, but they are also more demanding of retailers and expect to see privacy and security polices displayed clearly on websites.”

However, only 18 per cent would permanently stop using a retailer’s website if a security breach was exposed and a third admit they would carry on using an online store but would upgrade their security.

More than 40 per cent believe retailers should publish their privacy policies to allow customers to see how data is being stored and managed, while a third (32 per cent) want stores to listen and respond to customer concerns via social media to help build consumer trust.

 

Read more on the research, including five top tips on how retailers can mitigate cyber risks here

Open source ‘fuelling innovation and cost savings’ in UK businesses…

800 450 Jack Wynn

According to research commissioned by Rackspace surveying 300 of the UK’s largest organisations, more than half (54 per cent) of those using open source technologies perceive external security threats as the biggest challenge to adoption.

The ‘Rackspace State of Open Source’ study, carried out by the technology market research firm, Vanson Bourne, found that 49 per cent of companies are not fully supportive of open source, or closed source, technologies being a more secure methodology; with an additional 43 per cent concerned about the vulnerabilities related to open source code.

In addition, 90 per cent deploy open source-based enterprise applications, while the vast majority (89 per cent) believe that open source has become ‘more professional’ over the last three years, becoming attractive for enterprise development and use.
Read Abe Selig’s ‘The Enterprise is Ready for Open Source’ blog here

UK start-up reveals ‘secret’ to solving identity fraud crisis…

800 450 Jack Wynn

ShowUp, a new British start-up which claims to be taking an ‘entirely independent approach’ to online digital identification, has created a solution to combat the rising issue whereby individuals can take a selfie with the company’s newly-created app.

By taking a selfie via the ShowUp app, a friend or family member proves the image of the person is correct, which is then securely stored on file as the reference photo. Therefore, when an individual logs into their online account, they take another ShowUp selfie whilst reading out a randomly generated phrase displayed on the screen; ensuring the selfie is unique to that moment, and that the camera is pointing at a live person.

The company removes the need for the complex mix of pins and passwords of memorable information that supposedly protect consumers across banking, social media and other secure interactions where despite these burdensome login processes, identity fraud still takes place.

Founder and executive director at ShowUp, Jeremy Newman, said: “ShowUp exploits the fact that for the first time nearly everyone has a camera connected to the internet. We work on the principle that organisations don’t know people, people know people. Therefore instead of relying on passwords or any other data to verify identity, we can now draw upon the natural ability of people to recognise one another.

He continued: “With mobiles, ShowUp and social collaboration, ordinary people become the source of true identity, rather than being the victims of outdated and flawed practices forced upon them by organisations.”

ShowUp is attracting investment from senior executives in key industries who are helping the company build and scale this new technology to the whole population.

 

Learn more about ShowUp here

  • 1
  • 2