Stuart O'Brien, Author at Cyber Secure Forum | Forum Events Ltd - Page 31 of 61
Posts By :

Stuart O'Brien

Do you specialise in Advanced Threat Dashboards? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in May we’re focussing on Advanced Threat Dashboard solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Intrusion Phishing Detection solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

May – Advanced Threat Dashboard
Jun – Browser/Web Security
Jul – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

Learn new things on lockdown with our online courses!

 960 640 Stuart O'Brien
By:
0
0

Why not use lockdown downtime to learn new skills and improve existing ones with our newly available and unlimited annual courses?

These are specially-curated online courses designed to help you and your team, improve expertise and learn new things.

The IT and Personal Development online learning bundle provides you with over 50 courses, which cover all areas of both professional and personal development:

  • CSS Certification Level 1
  • HTML 5 Certification Level 2
  • Introduction to Cloud Computing Certification
  • IT Security Certification
  • Website Development Foundations Certification
  • WordPress Certification
  • How to Handle Criticism at Work Certification
  • How to Improve Your Mental Health Certification
  • Building Your Confidence and Self-Esteem Certification
  • Managing Teams Certification
  • Master Planning Certification

And many more!

Find out more and purchase your online bundle here

For just £99 +vat (usually £149), you can share the courses with your colleagues over a 12-month period.

Additionally, there are a variety of bundles available on all spectrums;

  • Personal & Professional Development
  • Healthcare
  • Sports & Personal Development
  • Human Resources
  • Customer Services
  • Health & Safety
  • Education & Social Care Skills
  • Sales & Marketing
  • IT & Personal Development

Book your courses today and come out of this stronger and more skilled!

Security IT Summit: We’ll get through this together!

 960 640 Stuart O'Brien
By:
0
0

 Have you confirmed your place at this June’s Security IT Summit? If not, hurry as we only have limited spaces available!

Your complimentary pass includes; an itinerary of 1-2-1 meetings with budget-saving suppliers, access to a series of seminars led by industry experts, networking with peers who share your challenges, plus lunch and refreshments throughout.

RSVP here to register your place, as we have a limited number of places left available.

If you cannot make this date, we will also be running a 2nd Annual Security IT Summit on the 5th November at the Hilton London Canary Wharf.

We want to assure you that we are following all the government guidelines and taking all necessary measures to ensure the safety of all our attendees and staff. 

We’ll get through this together!

McAfee flags autonomous vehicle hacking risks

 960 640 Stuart O'Brien
By:
0
0

IT security giant McAfee’s has successfully tricked an autonomous vehicle to accelerate up to 85 MPH in a 35 MPH zone using just two inches of electrical tape.

The McAfee Advanced Threat Research (ATR) team and McAfee Advanced Analytic Team (AAT) partnered to explore how artificial intelligence can be manipulated through research known by the analytics community as adversarial machine learning or, as McAfee calls it, ‘model hacking‘.

McAfee ATR successfully created a black-box targeted attack on the MobilEye EyeQ3 camera system, utilised today in many vehicles including certain Tesla models. Through this attack, McAfee researchers were able to cause a Tesla model S implementing Hardware pack 1 to autonomously speed up to 85 mph, after manipulating the AI technology to misclassify a speed limit sign that read 35 mph.

McAfee says the implications of this research are significant, because:

  • By 2023, worldwide net additions of vehicles equipped with autonomous driving capabilities will reach 745,705 units, up from 137,129 units in 2018, according to Gartner
  • However, there is more discussion and awareness needed about the potential pitfalls and safety concerns associated with such rapid acceleration in this technology.
  • Given this projected growth, it’s a rare and critical opportunity for the cybersecurity industry and automobile manufacturers to be ahead of adversaries in understanding how AI/machine learning models can be exploited in order to develop safer next-gen technologies.

Mo Cashman, Principle Engineer at McAfee, said: “The automotive and cybersecurity industries will need to work together closely to design, develop, and deploy the right security solutions to mitigate threats both before they occur and after they happen. Unlike automotive safety, cybersecurity is not probabilistic. Threats come from a variety of sources, including intentionally malicious and unintentionally malignant. As a result, processes must be put in place to mitigate these cyber threats over the entire lifecycle of the product, from early design decisions through manufacturing to operation and decommissioning.

“With new systems come new attack surfaces and vectors – all of which should lead to new risk management considerations. Manufacturers must recognise this and take the appropriate measures for cyber resilience. Key actions range from conducting rigorous checks to using security tools to distinguish real threats from ‘noise’. Manufacturers must also ensure connections are secured from the cloud through to the vehicle endpoint, minimising vulnerabilities which hackers could use for their own gain.

“No matter the state of the threat landscape today, best practices for automotive security are an evolution and amalgamation of both product safety and computer security. By collaborating with the cybersecurity industry, the automotive and manufacturing sectors can research, develop, and enhance products, services, and best practices for a more secure driving experience.”

McAfee’s Top Tips for manufacturers:

  • Conduct rigorous checks. There are times when a product functions in a way developers/engineers didn’t expect it to perform, as evidenced by McAfee’s research. Perform rigorous checks and validations, considering new scenarios and edge cases that could be introduced in real-world use that perhaps the technology wasn’t specifically designed to handle. Additionally, McAfee encourages auto manufacturers to assess model hacking in systems.
  • Human-Machine teaming. Adversaries are human, continuously introducing new techniques. Machine learning can be used to automate the discovery of new attack methods; creative problem solving and the unique intellect of the security team strengthen the response.
  • Apply multiple analytic techniques and closely monitor changes. Protection methods include multiple techniques, for example noise addition, distillation, feature squeezing, etc. In addition, implement statistically-based thresholds and closely monitor false positives and false negatives, paying attention to the reason for the change. 
  • Take a ‘one enterprise’ and systems approach to security and risk management. Many organisations still operate in silo and this needs to change. Threats enter from multiple routes. As a result, increased collaboration and achieving one unified view across the manufacturer’s digital workplace, cloud services, industrial controls and supply chain are necessary considerations if a manufacturer is to maintain a strong cybersecurity posture as it develops autonomous vehicles.
  • Build a strong culture of security. For manufacturers, safety is often a strategic pillar of the business. Signs are posted highlighting accident-free days and senior leaders are champions of the programme. Bring that same focus to cybersecurity.

69% of SAP users: projects do not prioritise IT security

 960 640 Stuart O'Brien
By:
0
0

More than two thirds (68.8%) of SAP users believe their organisations put insufficient focus on IT security during previous SAP implementations, while 53.4% indicated that it is ‘very common’ for SAP security flaws to be uncovered during the audit process.

That’s according to the SAP Security Research Report by risk management consultancy, Turnkey Consulting, which also uncovered that most respondents were not fully equipped to manage risk. A fifth (20.8%) felt most businesses did not have the skills and tools to effectively secure their SAP applications and environment, with 64.3% saying they only had some skills and tools.

Looking at specific concerns, nine out of ten (93.2%) people thought it was likely that an SAP audit would flag Access Management issues. Privileged or emergency Access was also a major concern with 86.4% believing it was common or very common to have audit findings specifically related to it.

However, the research also showed a growing awareness of the security challenges faced by today’s enterprise, with the adoption of ‘security by design’ regarded as a solution. 74.0% expect IT security to take greater priority in future SAP deployments, with 89.6% agreeing that security specialists should be brought on board to support their SAP S/4 HANA transformation programmes.

Richard Hunt, managing director at Turnkey Consulting, said: “The findings of this survey mirror our day-to-day experiences; SAP security is often an afterthought on SAP deployments, with the result that not enough time and resource is allocated to the essential security activities that need to take place throughout the project.”

“However it is encouraging to see that boardroom awareness is growing as the general business environment becomes increasingly focused on compliance, data protection and cyber security. This understanding will drive organisations to take the critical step of designing security into implementations from day one.”

Turnkey says it undertook its inaugural SAP research to determine organisations’ preparedness as the SAP landscape undergoes a time of transition and the deadline to adopt SAP S/4 HANA approaches. The SAP ERP offers extensive user benefits in terms of increased interconnectivity and mobility, but risks leaving SAP applications and infrastructure open to exploitation.

Hunt concluded: “Rolling out SAP S/4 HANA requires significant investment and organisational commitment. This reinforces why building in security from the start is vital if remediation, which is costly from both a financial perspective as well as in terms of business disruption, is to be avoided further down the line.”

You can download Turnkey’s SAP Security Research Report by clicking here.

Your place awaits at the Security IT Summit

 960 640 Stuart O'Brien
By:
0
0

There’s a complimentary guest place reserved for you at the Security IT Summit on June 30th – make sure you claim it before it’s too late!

Confirm you will be joining us here.

This small and niche event is far removed from the traditional busy and crowded exhibitions and conferences, and takes place at the Hilton London Canary Wharf.

The Summit will give you access to innovative suppliers who can help you reduce your expenditure for a series of pre-arranged, face-to-face meetings based on your requirements. You can also attend a series of seminars, and network with like-minded peers, including representatives from the likes of:

  • ABF Soldiers Charity
  • Asprey London
  • Associated British Foods
  • BNP Paribas
  • Catalyst
  • Department of Work & Pensions
  • Endemol Shine
  • Girls’ Day School Trust
  • Global Switch
  • Homebase
  • Legal and General
  • Natural History Museum
  • Royal Mail Group
  • Tesco Mobile
  • TGI Fridays
  • Twentieth Century Fox Film
  • United International Pictures
  • United Utilities

Lunch and refreshments are included with your free guest place.

If this would be useful for your business, please confirm your attendance here.

Places are limited, so confirm your place today or contact me to avoid disappointment.

Security IT Summit

Join your peers at the Total Security Summit

 960 640 Stuart O'Brien
By:
0
0

Due to the current situation relating to the outbreak of COVID-19, we have taken the decision to postpone the Total Security Summit until June.

The Summit will now take place on the 29th & 30th June at the Radisson Blu, London Stansted.

This event is small & niche unlike other large, busy exhibitions and conferences.

If you were unable to attend the previous dates, we would love for you to join us as our guest.

This unique event is entirely complimentary for you to attend – reserve your place here.

  • Meet new suppliers, based on your business requirements and upcoming projects
  • Attend a series of insightful and inspirational seminar sessions
  • Networking with like-minded peers
  • Enjoy complimentary hospitality, including overnight accommodation, plus all meals and refreshments
  • Receive an invitation to our networking dinner

If you are able to make the new dates, then please RSVP here.

The rise of the Chief Cybercrime Officer

 960 640 Stuart O'Brien
By:
0
0

Matt Cable, VP Solutions Architects & MD Europe, Certes Networks, discusses the role of the CCO and how the CCO and CISO should work in harmony to achieve the common cyber security goals…

The TalkTalk data breach in 2015 was monumental for the cyber security industry. At the time, data breaches were hardly new, but this particular breach resulted in UK MPs recommending that an officer should be appointed with day-to-day responsibility for protecting computer systems from cyber attack.

This governmental guidance was not a consequence of the size of the breach. With the personal details of 157,000 customers accessed, including bank account numbers and sort codes of over 15,000 customers, it certainly was not the largest the industry had seen. Rather, the guidance resulted from the way in which the immediate situation and the following aftermath, were handled.

In most organisations, the responsibility of following this guidance has historically fallen to the Chief Information Security Officer (CISO), with support from the CEO. In the wake of the TalkTalk data breach in particular, the CISO was given ‘free rein’ to strengthen the organisation’s cyber security capabilities.

The many faces of the CISO 

Yet, the role of the CISO was not a new concept. In fact, the CISO dates back to 1994 when Steve Katz was hired to run the world’s first formal cyber security executive office, and was subsequently given the title of CISO. Unsurprisingly, the role has many aspects to it, from security operations, cyber risk and cyber intelligence, data loss and fraud prevention, security architecture, identity and access management, programme management and compliance and governance, to name but a few.

Recently however, the role has come under increasing scrutiny and with the rise of cyber crime and the sophistication of cyber attacks, it’s easy to see why. Research shows that over two-thirds of organisations have experienced at least one security breach in the past year and that the majority of both CISOs and the entire C-Suite believe the CISO is ultimately responsible for the response to a data breach. However, with so many ‘hats’ to wear and multiple day-to-day responsibilities, it is clear to see why, with the increasing threat landscape, many organisations feel that it’s time to add another role to the C-Suite. 

Enter the CCO 

Enter the Chief Cybercrime Officer (CCO), whose remit will entail ensuring the organisation is cyber-ready and who will bear the responsibility of mitigating breaches, taking the lead if a breach does occur and providing the necessary link between the Board and the rest of the company to mitigate risk and work collaboratively to resolve issues as they arise.

With the need for cyber security to become far more central to C-Suite strategies, this new role should ease the load on the CISO and ensure the organisation can get one step ahead of hackers in the cyber crime race. However, organisations must take into account the need for both the CISO and CCO to work in harmony, with clearly defined roles and support from the Board. 

Aligning to boundaries

With both the CISO and CCO working towards keeping the company’s data safe from cyber threats, it is essential for each role to be clearly defined. This definition may look different to each organisation: each role, and the teams working with them, should have clear parameters and responsibilities so that in the event of a data breach, the organisation clearly understands the steps that should be taken, and who should take them.

In practice, this should make every CISO breathe a big sigh of relief. Many CISOs would identify cyber security as the greatest risk within their role, and when they’re also trying to juggle multiple other responsibilities, it’s a lot to have on their shoulders. With the CCO focused on the system architecture and the CISO focused on the security of the information within the organisation, there should be no reason that both roles can’t work collaboratively towards keeping the organisation safe.

Making decisions 

With both roles working in tandem, the next step that organisations need to take is ensuring the CISO and the CCO have enough influence with the Board to make critical decisions and resolve issues immediately. By ensuring that all members of the Board have visibility of the entire cyber security strategy and that the strategy is regularly reviewed and updated in line with new threats and intelligence, the CCO and CISO can be given the responsibility to report and respond to incidents and make rapid decisions on behalf of the business. In the event of a data breach, removing unnecessary approval and authorisation steps ensures that the organisation can respond quickly and put remediating measures in place to minimise potentially catastrophic repercussions.

In a world where cyber security threats can’t be ignored, now is the time for the structure of organisations to truly be considered. Has cyber security been given enough prominence at Board level? Can decisions be made quickly? Can space be made for both the CISO and CCO to work in harmony? By asking these questions and making changes, organisations can ensure they are in a far better position to keep their data safe and protect their reputation.

Coronavirus: Business Continuity During a Global Crisis

 960 640 Stuart O'Brien
By:
0
0

By Nicole Alvino, Cofounder and Chief Strategy Officer, SocialChorus

We’re living through an unprecedented time, globally and for how long, none of us are that sure. While the new coronavirus may seem like a singular threat, dealing with crises is a fact of doing business—one companies can expect to encounter with increasing frequency. According to PWC, 69% of businesses had experienced a crisis in the last five years even before COVID-19, and the most disruptive causes of crises in the U.S. were natural or environmental. 

Under these conditions, it’s likely that your company already has crisis management and business continuity plans in place. But what should you do to ensure your infrastructure is robust enough and capable of helping you to reach all your workers?

There are five critical challenges that CIOs will face as they try to utilise their stack to reach employees. If you’re a CIO, then you know that you’re the best equipped person in your executive team to plan for business continuity but to be successful you’re going to need every person, across the entire business to understand your plans. Ultimately, your company is looking to you to:

·       Establish a source of truth for your company and communicate with one voice, so employees can separate rumours from facts and trust what they’re being told

·       Reach every worker on every digital channel with the targeted, personalised information they need to respond in an emergency

·       Use intelligent automation to certify message delivery, prompt response, and make sure your crisis communications are not just read but understood

·       Track the success of crisis initiatives and measure the effectiveness of your communications using in-depth analytics

·       Be prepared for emergency situations during COVID-19 and beyond – your stack and your workforce need to prepared for every twist and turn during this pandemic.

As you and the senior leadership team implement your crisis communications strategy you (and they) will ask whether you can reach every employee on every digital channel, even those that are deskless. And can you reach them with personalised, up-to-the minute information that they need? You’ll need to ensure that whatever communications technology you use, whether it be SharePoint, Slack, Zoom, Teams, mobile apps or others, that you can consistently reach and broadcast your company’s messages to all.

One thing we’re hearing is that people are overwhelmed with communications. On average a worker receives 120 emails per day, that’s not counting the ones via other channels such as Slack, IM or Teams. Now consider that your people, like you, are also getting bombarded by emails from school, IM from friends and family and messages via Facebook and WhatsApp. There is an information overload going on so whatever you do, you need to make sure your messages reach people urgently and that they can review them promptly. Our latest paper on CIO Crisis Communications takes you through several steps on how to reach all employees, across all channels, consistently.

Consistency from your business will help to establish trust in your message, especially if you’re able to deliver it immediately to all. And that’s of paramount importance. You don’t want workers in the London office getting communications three hours later than those in Paris or Madrid, or the other side of the world for that matter. All employees are equal, and all deserve to be communicated with, no matter where they are. They may consume your communications in different ways so use your different channels to reach all.

You’ll also need to judge how many times you communicate. Don’t hassle people as we’ve said, they’re inundated with messages already. If you need to know that they’ve received a critical message or piece of advice, then track acknowledgements or read receipts. Then you can take further communications actions with those that are unresponsive and not send repeat messages company wide.COVID-19 is changing the way we live and the way we work. In a world where change seems to be the only constant be the consistent voice across your organisation. Your emergency plans may need to be tweaked over the coming weeks, your infrastructure might need to be extended to ensure your reach is truly companywide but remember it is the companies that manage this situation well that will thrive through the chaos.

Image by Thor Deichmann from Pixabay 

Join our A-list line-up of cyber security professionals

 960 640 Stuart O'Brien
By:
0
0

The Security IT Summit is taking place this summer and we’d like to invite you to attend as our guest – Sign up today!

30 June – Hilton London Canary Wharf

This complimentary guest pass will give you the opportunity to meet with suppliers based on your own unique requirements, attend a series of seminars and network with like-minded senior cyber security professionals. Lunch and refreshments are complimentary.

The Security IT Summit is a small-scale event, far removed from the large and busy exhibitions and conferences within the sector.

Unlock your priority pass here and join representatives from:

3T Logistics 

AB World Foods

Barclays

Bishop Konstant Catholic Academy Trust

BNP Paribas

Communisis

Diligenta

EMW Law LLP

Euromoney PLC

Firstport

Furniture Village

George Green’s School

GlobalWebIndex

Herod Food

Kennet Equipment Leasing

Knight Care 

Marine Stewardship Council

Marshalls Motor Group

Metropolitan Thames Valley

Parliament Digital Services

Save the Children

Sika 

Telefonica

Ten Group

The Savoy Hotel

Thrive Homes

Willis Towers Watson

Wirral University Teaching Hospital NHS Foundation Trust, Wirral

Your World Recruitment Group

Confirm your complimentary guest pass here today!