Stuart O'Brien, Author at Cyber Secure Forum | Forum Events Ltd - Page 32 of 61
Posts By :

Stuart O'Brien

Do you specialise in Phishing Detection? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in April we’re focussing on Intrusion Phishing Detection solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Intrusion Phishing Detection solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

Apr – Phishing Detection
May – Advanced Threat Dashboard
Jun – Browser/Web Security
Jul – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

Closing the gender gap in cybersecurity ‘could generate billions’

 960 640 Stuart O'Brien
By:
0
0

If the number of women working in cybersecurity rose to equal that of men, there would be a $30.4 billion boost to the industry’s economic contribution in the US and a £12.6 billion boost in the UK.

That’s according to a new report from Tessian, which also reveals that closing the gender pay gap, and equalising women’s salaries to men’s, could add a further $12.7bn and £4.4bn to the US and UK economies respectively. 

The report highlights the importance of encouraging more women into cybersecurity and identifies the barriers stopping this from happening. After surveying female cybersecurity professionals in the UK and the US, Tessian reveals that a lack of gender balance was far less of a barrier to entry in the UK, compared to the US:

·         82% of female cybersecurity professionals in the US believe that cybersecurity has a gender bias problem versus 49% of those in the UK. 

·         Just 12% of UK respondents say a lack of gender balance was a challenge at the start of their career versus 38% of those in the US.

·         US respondents were also three times as likely to believe that a more gender-balanced workforce would encourage more women to pursue roles in cybersecurity. 

The report sought to identify which other factors were discouraging women from joining the cybersecurity industry, and found that:

·         42% of respondents think a cybersecurity skills gap exists because the industry isn’t considered ‘cool’ or ‘exciting’. This opinion was most commonly shared by millennials – 46% vs. 22% of 45-54 year olds.

·         A lack of awareness or knowledge of the industry was the top challenge female professionals faced at the start of their career, with 43% citing this as a barrier.

·         43% of women said that a lack of clear career development paths was another challenge at the start of their cybersecurity career, while nearly a quarter (23%) cited a lack of role models.

·         Just 53% say their organization is doing enough to recruit women into security roles. 

Sabrina Castiglione, Senior Executive at Tessian said: “For organisations to successfully recruit more women into security roles, they need to understand what’s discouraging them from signing up beyond just gender bias. We need to make women in cybersecurity more visible. We need to tell their stories and raise awareness of their roles and experiences. And once through the door, managers need to clearly show women the opportunities available to them to progress and develop their careers.”

When asked what would encourage more women to consider a career in cybersecurity, over half (51%) said there needs to be more accurate representations of the industry in the media. Respondents ranked this as the number one way to encourage more women into cybersecurity, followed by a gender-balanced workforce (45%), cybersecurity-specific curriculum in universities (43%) and equal pay (28%).

In the report, Tessian interviewed Shamla Naidoo, former CISO at IBM who said: “To many people, cybersecurity equates to – and is limited to – someone in a hoodie bent over a keyboard in a dark room. That’s not the case at all. If we don’t expand beyond that, we’ll lose out on even more people in the industry.” 

In addition to huge economic benefits, there are other rewards for women working in cybersecurity. 93% of the women surveyed in the report feel secure or very secure in their jobs, with over half (56%) believing that cybersecurity is one of the most important industries today as cyber threats become more advanced. 

Read the full report and discover the stories of cybersecurity professionals at some of the world’s biggest organisations here: Opportunities in Cybersecurity 2020.

What you need to know about DDoS weapons today

 960 640 Stuart O'Brien
By:
0
0

By Adrian Taylor, Regional VP of Sales for A10 Networks

A DDoS attack can bring down almost any website or online service. The premise is simple: using an infected botnet to target and overwhelm vulnerable servers with massive traffic. Twenty years after its introduction, DDoS remains as effective as ever—and continues to grow in frequency, intensity, and sophistication. That makes DDoS defence a top cybersecurity priority for every organisation. The first step: understanding the threat you face.

To help organisations take a proactive approach to DDoS defence, A10 Networks recently published a report on the current DDoS landscape, including the weapons being used, the locations where attacks are being launched, the services being exploited, and the methods hackers are using to maximise the damage they inflict. Based on nearly six million weapons tracked by A10 Networks in Q4 2019, the study provides timely, in-depth threat intelligence to inform your defence strategy.

Here are a few of our key findings.

Reflected Amplification Takes DDoS to the Next Level

The SNMP and SSDP protocols have long been top sources for DDoS attacks, and this trend continued in Q4 2019, with nearly 1.4 million SNMP weapons and nearly 1.2 million SSDP weapons tracked. But in an alarming development, WS-Discovery attacks have risen sharply, to nearly 800,000, to become the third most common source of DDoS. The shift is due in part to the growing popularity of attacks using misconfigured IoT devices to amplify an attack.

In this key innovation, known as reflected amplification, hackers are turning their attention to the exploding number of internet-exposed IoT devices running the WS-Discovery protocol. Designed to support a broad variety of IoT use cases, WS-Discovery is a multicast, UDP-based communications protocol used to automatically discover web-connected services. Critically, WS-Discovery does not perform IP source validation, making it a simple matter for attackers to spoof the victim’s IP address, at which point the victim will be deluged with data from nearby IoT devices.

With over 800,000 WS-Directory hosts available for exploitation, reflected amplification has proven highly effective—with observed amplification of up to 95x. Reflected amplification attacks have reached record-setting scale, such as the 1.3 Tbps Memcached-based GitHub attack, and account for the majority of DDoS attacks. They’re also highly challenging to defend; only 46 percent of attacks respond on port 3702 as expected, while 54 percent respond over high ports. Most of the discovered inventory to date has been found in Vietnam, Brazil, United States, the Republic of Korea, and China.

DDoS is Going Mobile

Unlike more stealthy exploits, DDoS attacks are loud and overt, allowing defenders to detect their launch point. While these weapons are globally distributed, the greatest number of attacks originate in countries with the greatest density in internet connectivity, including China, the United States, and the Republic of Korea.

A10 Networks has also tracked the hosting of DDoS weapons by autonomous number systems (ASNs), or collections of IP address ranges under the control of a single company or government. With the exception of the United States, the top ASNs hosting DDoS weapons track closely with the countries hosting the majority of attacks, including Chinanet, Guangdong Mobile Communication Co. Ltd., and Korea Telecom.

In another key trend, the prevalence of DDoS weapons hosted by mobile carriers skyrocketed near the end of 2019. In fact, the top reflected amplified source detected was Guangdong Mobile Communication Co. Ltd., with Brazilian mobile company Claro S.A. the top source of malware-infected drones.

The Worst is Yet to Come

With IoT devices coming online at a rate of 127 per second and accelerating, hackers are poised to enter a golden age of possibilities. In fact, new strains of DDoS malware in the Mirai family are already targeting Linux-powered IoT devices—and they’ll only increase as 5G brings massive increases in network speed and coverage. Meanwhile, DDoS-for-hire services and bot herders continue to make it easier than ever for any bad actor to launch a lethal targeted attack.

The A10 Networks report makes clear the importance of a complete DDoS defence strategy. Businesses and carriers must leverage sophisticated DDoS threat intelligence, combined with real-time threat detection, to defend against DDoS attacks no matter where they originate. Methods such as automated signature extraction and blacklists of the IP addresses of DDoS botnets and available vulnerable servers can help organisations proactively defend themselves even before the attacks starts.

For additional insight, including the top IoT port searches and reflector searches performed by attackers, download the complete A10 Networks report, “Q4 2019: The State of DDoS Weapons” and see the accompanying infographic, “DDoS Weapons & Attack Vectors.”

Security IT Summit

Rub shoulders with Chelsea FC and more at the Total Security Summit

 960 640 Stuart O'Brien
By:
0
0

Senior professionals from some of the UK’s biggest brands will be gathering for the Total Security Summit on June 29th & 30th at the Radisson Blu, London Stansted – Don’t miss out!

In addition to two days of business networking, you will get the latest insights and advice on trends in the sector via a series of seminar session.

Overnight accommodation, all meals and refreshments, plus an invitation to our networking dinner, are included with your complimentary guest pass.

Register today and join security leaders from:

AB Southampton 

Accor Hotels 

AEG Europe

Allsaints

B&CE

BBC

BRE

Brighton BCRP

Birmingham 2022

Cargill Corporation 

Chelsea Football Club

China Construction Bank

Como Metropolitan London

Cumbric Care 

Demipower Ltd

Dorset and Wiltshire Fire and Rescue

Essex County Council

Ei Group 

Engie 

Freedom Group of Companies

Firmenich

GLL

Heathrow Airport 

HSBC PLC

Hull University Teaching Hospitals NHS Trust

Hogarh Worldwide

Kering International 

London Borough of Redbridge 

London Stansted Airport

Marks & Spencer

Matalan

Michael Kros

National Trust

NatWest Markets

Newell Brands

North West Anglia NHS Foundation Trust

Peel Media Ltd

Procter & Gamble

Portsmouth Guildhall

Pure Data Centres

Sodexo

South East Coast Ambulance Services

SSP UK & Ireland

Telent Technology 

Tesco 

The American School in London

The Lodge Hotel 

Theo Phaphitis Retail Group

Topshop

Transport for London

TransferWise

United Synagogue 

WeWork

Don’t miss out on this unique opportunity! We have just five passes remaining.

Register your free place today

A uniquely-targeted event for cyber security professionals

 960 640 Stuart O'Brien
By:
0
0

30 June & 5 November * Hilton Canary Wharf, London

If you or a colleague is responsible for your organisation’s IT security, join us as our guest for a unique one-day event tailored to your individual requirements.

The Security IT Summit will enable you to:-

  • Meet face-to-face for a series of pre-arranged suppliers who match your requirements and projects
  • Attend a series of insightful seminars
  • Network with like-minded professionals
  • Enjoy complimentary lunch and refreshments

FREE for you to attend!

Find out more at www.securityitsummit.co.uk or call 01992 374100

77% of IT managers: Physical security is not optimised

 960 640 Stuart O'Brien
By:
0
0

There are calls for greater collaboration between the physical security and IT communities to meet urgent security and intelligence challenges, after a study of 1,000 IT decision makers across Europe revealed that physical security systems are not optimised according to 77% of respondents, and 20% have identified physical security as a priority for improvement in 2020.

While nearly half of IT managers surveyed by Morphean reported currently using a cloud-based video surveillance (VSaaS) or access control (ACaaS) solution, a further 36% are considering such a solution with a majority of 79% anticipating instalment within one year.

The Video Surveillance as a Service (VSaaS) market is expected to reach $5.93 billion by 2022, growing at a CAGR of 22.0%[1] buoyed by its low cost set up, the flexible scalability on offer and the increasing demand for real-time and remote access to video surveillance data. Morphean says that for the IT security professional already working with cloud systems and services, the growth in connected digital devices through the IoT is resulting in a growing appetite for physical security, such as network cameras, to enhance existing IT systems and assist business intelligence gathering.

The results of Morphean’s independent survey of 1000 IT decision makers within companies from UK, France and Germany with more than 50 employees revealed:

  • Better security, cost benefit and better functionality are viewed as the most influential factors AND the most commonly realized benefits of hosted security solutions
  • Half of respondents cited better security as the #1 benefit of using VSaaS / ACaaS; better functionality (42%) and cost benefits (38%) placed #2 and #3 respectively
  • Half of IT managers have identified data / information security as a priority for improvement in the next 12 months
  • 84% of IT managers are currently using (48%) or considering using (36%) a cloud-based video surveillance or access control solution
  • Of those still considering VSaaS and ACaaS, 79% anticipate introducing these solutions to their business within 12 months
  • 77% of IT managers report that physical security is not optimized; 20% have identified physical security as a priority for improvement in the next 12 months

Rodrigue Zbinden, CEO at Morphean, said: “When looking at the data from our survey, we can infer a number of significant conclusions. Firstly, that while adoption of physical security systems hosted in the cloud is strong, they are not presently optimised to their full depth of intelligence gathering capabilities which the IT department seeks; and secondly, while there is a significant market to be served in the coming year, a language barrier between physical security installers and IT resellers may hamper progress.

“As the in-house IT department becomes increasingly involved in the purchasing process and on-boarding of network connected surveillance and access control devices, greater collaboration will be required between IT resellers and physical securityinstallers. In effect, the fast and effective provision of these systems that are fully optimised and fit-for-purpose, requires cooperation between the IT and physical security industries that are speaking the same language.”

The language barrier to adoption
Morphean says the IT manager, who might ordinarily turn to his/her provider of IT infrastructure to provision additional services, should also consider physical security installers who have proven expertise in this field and an understanding of the full intelligence capabilities of these systems. However, while the IT reseller sometimes lacks knowledge of the systems, the physical security installer needs to learn the language of the IT department, which is also a new skill requirement.

Greater collaboration needed between IT resellers and physical security installers
For the IT manager, easy plug and play connectivity of security devices facilitates rapid integration onto the network, governed by the security that is already in place to connect software and systems. Connection to the cloud allows for powerful insights to be gleaned from IoT sensors, while the operational expenditure model used in relation to video surveillance and access control as-a-service, is already the preferred model of the IT world. 

The increased appetite for hosted security presents an opportunity for IT resellers and physical security installers to work with businesses to help them improve their physical security, while also educating them on the potential business intelligence benefits offered by surveillance and access control solutions when integrated in the cloud. Through partnering, both sides can deliver optimal system set up protecting both the physical environment and the cybersecurity of systems through a comprehensive overarching solution that will better serve the needs of the market. 

Whitepaper download2019 Landscape Report: Hosted Security adoption in Europe

Visibility and control in the public cloud is possible – And it must be unified and contextual

 960 640 Stuart O'Brien
By:
0
0

By Josh WIlliams, Senior Sales Engineer, Cloud and Automation Solutions at FireMon

Anyone who works in enterprise technology has heard the joke that the cloud is just someone else’s computer. But if we’re being serious, there’s some logic to letting security professionals see cloud instances as just another computer to be viewed as part of their growing network infrastructure. 

We also know the public cloud is different when it comes to security. A key theme from our annual State of Hybrid Cloud Security survey two years running is there’s a lack of clarity around shared security responsibility for public cloud platforms that are being rapidly adopted at the pace of business. Every platform, including Amazon Web Services (AWS), Microsoft Azure or Google Cloud, does security configuration differently, and every FireMon customer is unique when it comes to what they opt to put in the cloud — computing, storage and networking — and what they keep on-premise. 

For the foreseeable future, most enterprises are going to have a hybrid environment, and security professionals want to see any public cloud instance as a piece of the overall puzzle, not a separate puzzle, or worse yet, several puzzles. They need complete visibility, especially as hybrid clouds continue to scale, so they can keep a handle on complexity. 

Public cloud adds security pain points that must be solved 

Extending FireMon’s capabilities to the cloud is a necessary and inevitable next step for addressing the pain points security executives must address as organizations embrace cloud-first strategies and their own digital transformation agenda.  

Security professionals are tasked with applying controls and enforcing governance in public clouds to meet compliance obligations and mitigate risk just as they do with legacy and on-premise infrastructure. Security teams are also expected to enable access to cloud applications without becoming a barrier to the business while still maintaining network and security hygiene. The frequent and rapid changes that are today’s norm must also be managed and documented within budget and resources constraints, including staff that are often stretched too thin. 

These pain points impact several members of the C-suite, including CISOs and CIOs focused on security and compliance in the public cloud, CIOs focused on network infrastructure and operations, and the Chief Digital Officer driving digital transformation efforts. More broadly, the growing complexity and scale of hybrid clouds affect network operations leaders, DevOps, application teams and lines of business, who all face pressure to increase their speed of delivery. 

The proliferation of public cloud instances adds even more complexity and diversity to an infrastructure that now encompasses on-premise data centers, virtualized environments, software defined networks and the public cloud. Visibility across this dynamic environment is paramount if security teams are to enforce policy-driven control continuously across the entire hybrid environment as frequent changes are made. 

Right now, customers find themselves doing all this with multiple tools with no unified user interface for managing different deployments, and little to no automation. They are constantly having to find the right piece to a puzzle that’s always changing as workloads migrate to the public cloud, often quickly and without the proper guardrails in place because it’s so easy for business users to spin up a new application. Even with automation, checks and balances must be put in place to make sure the organization isn’t exposed to new security risks. Most of all, applying security can’t be an afterthought; customers are looking to automate their entire policy management workflow continuum, not just the last mile policy push. 

View public cloud security with context 

FireMon’s solution to the pain points amplified by the growing scale and complexity of hybrid cloud doesn’t mean we’re shifting our focus to cloud only, nor is it to introduce products specifically for cloud platforms. Rather, our strategy is to extend visibility to the commonly deployed public cloud platforms our customers need to see and manage. In all seriousness, a public cloud instance must be seen as just someone else’s computer on the network, but with the context security teams need. 

FireMon is essentially extending intelligent security automation so customers can see the cloud the way they’ve been able to see their on-premise infrastructure. But because each public cloud is different when it comes to configuring security, we’ve done the necessary remodeling work behind the scenes to give customers the visibility they want with the context they need. We support workload migrations to public cloud platforms such as Azure and AWS by normalizing and unifying security policies, so customers are compliant throughout any change process. 

FireMon didn’t need to become a cloud vendor to offer a single, infrastructure-agnostic platform to design, implement, and validate security policies across the environment. Not only does extending our security management platform for on-premises and the data center to public cloud make it unique, it also negates the need for customers to license multiple products for different deployment models.  

Security IT Summit

Here’s what your day at the Total Security Summit will look like…

 960 640 Stuart O'Brien
By:
0
0

The Total Security Summit is a highly-focused two-day event that will help hone your security strategy for 2020 and beyond. 

It takes place on March 30th & 31st at the Radisson Blu, London Stansted and is entirely FREE for you to attend. Simply register your VIP place here!

This will be your schedule:

Monday March 30th 

8.00am: Registration

8.45am: Opening presentation

9.45am: Seminar sessions

10.40am: Pre-arranged 1-2-1 meetings with suppliers of your choice

11.35am: Networking coffee break

11.50am: Pre-arranged 1-2-1 meetings with suppliers of your choice

1.15pm: Lunch & networking

2.15pm: Pre-arranged 1-2-1 meetings with suppliers of your choice

3.40pm: Networking coffee break

3.55pm: Pre-arranged 1-2-1 meetings with suppliers of your choice

5.00pm: Seminar sessions

7.30pm: Pre-dinner drinks reception

8.00pm: Networking dinner with entertainment

Tuesday March 31st  

8.30am: Seminar sessions

9.25pm: Pre-arranged 1-2-1 meetings with suppliers of your choice

10.50am: Networking coffee break

11.05am: Pre-arranged 1-2-1 meetings with suppliers of your choice

12.40pm: Seminar sessions

1.30pm: Lunch & networking

2.30pm: Event ends

The Total Security Summit could be the best two days you spend out of the office in 2020.

Don’t miss out! Register your FREE place here!

Grab your complimentary pass for the Security IT Summit!

 960 640 Stuart O'Brien
By:
0
0

There’s a complimentary guest pass reserved for you to attend the Security IT Summit – Can you join us?

30 June – Hilton London Canary Wharf

This unique event is entirely FREE for you to attend – simply reserve your place here for the opportunity to:

  • Source new innovative and budget-saving suppliers
  • Learn from inspirational seminar sessions hosted by industry thought-leaders
  • Network with like-minded professionals who share your challenges and goals
  • Enjoy complimentary lunch and refreshments

Don’t miss out – RSVP today!

Do you specialise in Intrusion Detection & Prevention? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in March we’re focussing on Intrusion Detection & Prevention solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Intrusion Detection & Prevention solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

Mar – Intrusion Detection & Prevention
Apr – Phishing Detection
May – Advanced Threat Dashboard
Jun – Browser/Web Security
Jul – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management