Stuart O'Brien, Author at Cyber Secure Forum | Forum Events Ltd - Page 42 of 61
Posts By :

Stuart O'Brien

Benchmark yourself against the industry standard for identity

 960 640 Stuart O'Brien
By:
0
0

Okta is the standard in workforce and customer identity. Discover where you stand against your peers with a free self-assessment and get a relevant, actionable executive report!

Show us your completed report at IP EXPO Manchester (stand R506) and a security expert will walk you through your results. You can also choose from our selection of prizes and giveaways!

https://assessment.excellenceplatform.com/theme/362/template/2?source=linkedin

Security IT Summit – There’s a free VIP ticket waiting for you

 960 640 Stuart O'Brien
By:
0
0

There’s a free VIP place reserved for you at this summer’s Security IT Summit on July 2nd.

Confirm you will be joining 60 of your fellow cyber security professionals by registering here.

This unique event takes place at the Hilton Canary Wharf, London.

The Summit will give you access to innovative and budget-saving suppliers for a series of pre-arranged, face-to-face meetings based on your requirements.

You can also attend a series of seminars, and network with like-minded peers.

Plus lunch and refreshments are included.

Register today and join cyber security professionals from Heathrow Airport, the Home Office, United International Pictures and more.

Or for more information, contact Emily Gallagher on 01992 374085 / e.gallagher@forumevents.co.uk.

To attend as a solution provider, call Chris Cannon on 01992 374096 or email c.cannon@forumevents.co.uk.

Do you provide Phishing Detection solutions? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – in April we’re focussing on Phishing Detection solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Phishing Detection specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here are the areas we’ll be covering, month by month:

Apr – Phishing Detection
May – Advanced Threat Dashboard
Jun – Browser/Web Security
Jul – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

For information on any of the above topics, contact Chris Cannon on c.cannon@forumevents.co.uk.

National Audit Office raises cyber security concerns

 960 640 Stuart O'Brien
By:
0
0

The National Audit Office (NAO) has revealed failings in the way the Cabinet Office established its current cyber security programme, with the government unclear whether it will meet programme objectives along with issues surrounding its cyber-attack strategy after 2021.

The UK has one of the world’s leading digital economies, the report asserts, making it more vulnerable to cyber-attacks from hostile countries, criminal gangs and individuals, which continue to increase and evolve as it becomes easier and cheaper to launch attacks.

The National Cyber Security Strategy 2016 (the Strategy) outlines how the government aims to make the UK more secure online. The £1.9 billion Strategy includes £1.3 billion of funding for the National Cyber Security Programme 2016-21 (the Programme) and the NAO report assesses progress just beyond the mid-point of the five-year Programme.

The Programme provides a focal point for cyber activity across government and has already led to some notable innovation, such as the establishment of the National Cyber Security Centre (NCSC).

The Programme has also reduced the UK’s vulnerability to specific attacks. For example, the NCSC developed a tool that led to 54.5 million fake emails being blocked in 2017-18 and the UK’s share of global phishing attacks falling from 5.3% to 2.2% in two years.

However, despite agreeing an overall approach to cyber security as part of the 2015 Strategic Defence and Security Review and Spending Review, the NAO says the Cabinet Office did not produce a business case for the Programme before it was launched.

The NAO says it is unclear whether the Cabinet Office will achieve the Strategy’s wider strategic outcomes by 2021. This is partly due to the difficulty of dealing with a complex and evolving cyber threat but also because it has not assessed whether the £1.9 billion of funding was ever sufficient. It has acknowledged that it may take longer than 2021 to address all the cyber security challenges set out in the Strategy but does not yet know when these might be achieved.

The NAO recommends that, going forward, the Cabinet Office establishes which areas of the Programme are having the greatest impact and are most important to address, and focuses its resources there until 2021. Building on existing work, it should consult widely and develop a strategy for UK cyber security after 2021 which clearly sets out which work should be centrally-funded, which are private sector responsibilities and which are core departmental activities. It should also consider more flexible approaches to cyber security that involve a mixture of shorter programmes, so that it can be more responsive to changing risks.

“Improving cyber security is vital to ensuring that cyber-attacks don’t undermine the UK’s ability to build a truly digital economy and transform public services,” said Amyas Morse, Head of the NAO. 

“The government has demonstrated its commitment to improving cyber security. However, it is unclear whether its approach will represent value for money in the short term and how it will prioritise and fund this activity after 2021. Government needs to learn from its mistakes and experiences in order to meet this growing threat.”

Nuance trumpets $1bn fraud savings

 960 640 Stuart O'Brien
By:
0
0

Nuance says it saved saved organisations more than $1 billion in total fraud costs in 2018 using AI-powered biometrics technology.

Fraud in enterprise contact centres has always been a challenge to manage, but with the explosion of digital channels, organisations today are faced with securing an increasingly complex ecosystem.

At the same time, fraudsters are getting more sophisticated, working through networks and social engineering their way into accounts to commit intricate, devastating crimes, using information they obtain through one attack to gain access to other accounts a given person may own.

Javelin Strategy & Research reports that account takeovers (ATOs) tripled over the past year, resulting in $5.1B in losses and a CFCA report found that the telco industry was hit with nearly $30B in fraud losses in 2018.  

Nuance Security Suite helps enterprises thwart omni-channel fraud through a layered offering of artificial intelligence technologies, including voice and behavioural biometrics, intelligent channel, geo and network detectors and ConversationPrintand DevicePrint algorithms.

Together, these technologies can identify legitimate customers through the sound of their voice, location, device and the way they talk, tap and type – flagging when a call or online interaction is likely fraudulent by analysing typical conversation patterns, voice characteristics and other aspects of an interaction, identifying perpetrators whose profiles do not match those of a given customer.  

“With Nuance voice biometrics, we get a clearer view of customer and fraudster behaviour, so we can keep genuine customers protected and take the fight to the criminals who are targeting their accounts,” said Jason Costain, Head of Fraud Strategy and Relationship Management, RBS Group. 

In less than one year, RBS screened 17 million inbound calls with Nuance Security Suite. Of these, 23,000 have led to alerts, and the bank has found that one in every 3,500 calls is a fraud attempt.

“The ROI from the tool is well over 300%, so as payback our technology deployment has been very impressive,” Costain added.    

As consumers are getting more comfortable with biometric identification and organisations look for innovative ways to authenticate, adoption of Nuance’s Security Suite is growing at a rapid rate.

Recent deployments include Lloyds Banking Group, Allied Irish Bank, Deutsche Telekom, Rakuten Life Insurance and RBS Group. In addition to curbing fraud, Nuance biometrics decreases the overall time agents spend resolving customer queries with one multinational financial services firm reducing agent handle time by 89 seconds after deploying the product.  

“Our customers come to us not only wanting to make their authentication process more convenient for customers but perhaps more importantly to evolve their contact centre security strategy. Our approach is unique in that our algorithms can not only identify and validate individuals by their voice, but also understand what types of conversation patterns fraudsters typically use. That’s powerful when you consider how much money is lost due to fraudulent account access each year, whether through traditional phone channels or in complex cross-channel attacks,” said Brett Beranek, General Manger, Security Business, Nuance Enterprise. 

GDPR post Brexit: What will the impact be on hosting and cloud providers?

 960 640 Stuart O'Brien
By:
0
0

By Güneş Ilgüy, Head of Data Protection at A City Law Firm

The UK needed to upgrade its data privacy laws and bring it in line with the rest of the world. The main reason for the GDPR was to assist in harmonising the data privacy laws across Europe, setting a standard that the nations could adhere to. 

The GDPR was exactly that change. It was designed to ensure that a high standard was implemented, a code if you like, for businesses to be held more accountable for the data they collect and process. It also gave more power to the people by allowing them to have a say in how their data can be used. 

The question remains however: Will GDPR still be relevant post Brexit? 

In England and Wales, The Data Protection Act 2018 (DPA) came into force replacing the old one of 1998. The DPA mirrors the GDPR and where the GDPR is vague in some areas, the DPA adds more meat to the bone. 

Also, remember, the GDPR applies to all EU member states and any business collecting data of an EU national has to be GDPR compliant. It is also worthy of noting how far the GDPR reaches out in the international community. Any data processing by businesses outside of the EU, who process the personal data of individuals in the EU, are also subject to the GDPR. 

The Information Commissioner has stated that the GDPR “will send an important signal about the UK’s commitment to a high standard of data protection post-Brexit. This in turn will play a role in ensuring uninterrupted data flows between the UK and the EU.” 

The position of the UK post Brexit 

The GDPR is a directive and whilst the UK is still a member of the EU, it had a duty to implement this directive into domestic law. The DPA allows the UK to hold itself up to the same standard as the GDPR. It is not likely that the UK will now abandon the GDPR and amend its own laws, given the amount of money public bodies and businesses have invested into ensuring they are compliant. Changing the law would not make sense given that it has been brought up to date and implemented, with businesses winning over their customers

Keeping its current law in line with the GDPR will also pay dividends post Brexit as businesses will hope to maintain good relations with their EU counterparts. 

Hosting companies and Cloud providers 

Online data collection is probably most popular method of collecting data. Hosting companies and cloud providers have spent a lot of time and money ensuring that they can meet the demands of being compliant in terms of providing server security and processing data they handle.

Data transfer in itself does not have any boundaries. There is some uncertainty of how the UK will react to data privacy post Brexit however it would not make sense to go backwards and change the current regime to render it incompatible with the GDPR.

Developing strong ties with the EU in the terms of trade is of utmost importance and any change post Brexit will not be welcomed by companies.

Hosting and cloud providers, as data controllers or processors, have already been pushed to ensure they operate in line with the GDPR by their customers. If there was to be a different standard implemented by the UK, this could see UK providers losing customers to EU based providers who will be able to conform to the standards needed.

Companies outside of the UK are also looking at the current market. Where they have business operation in the UK, they are likely to use UK hosting companies. Post Brexit, using UK based hosting services might be more cost effective, depending on the value of the pound sterling, as opposed to using EU hosting providers who may look to increase the price of their services. 

One case that makes the crossover unclear is the Google Breach – in the future Post-Brexit can this scenario arise? As surely the reach of an EU country into the UK to this extent will no longer apply? There is no answer to this question, but it is something to watch.

The French Data Regulator, CNIL, fined Google a record £44 million (50 million Euros) for breaching the EU’s data protection laws. This made headline news because what makes this case remarkable is that the complaints against Google in May 2018 were raised by two privacy rights groups in France, and against a company whose headquarters were and are based in Ireland. 

Generally, you would expect the Irish regulator to have addressed this however, the CNIL found that the overarching decisions about the processing operations complained of were not made by Google’s Irish offices, or by anyone in the EU. It was discovered those were made by the US company. As this case was not about a data controller’s main EU establishment, CNIL was at liberty to take its own action. This conclusion was reached following communications with other EU supervisory authorities, including the Irish DPC. 

What can be learned from this? 

The Google case sends a strong message about data protection which should be received loud and clear. Regulators have powers to levy huge fines on companies found to be in breach and they are willing to use it even outside of the companies housed jurisdiction. whether an EU country would have this right post Brexit is something to watch? 

Conclusion

Focus is now on how an effective deal can be negotiated however any hard Brexit or no deal will have consequences on the economy, and this will affect how business choose to operate. It is hoped that the current data legislation is adequate enough not to be changed or significantly amended. Any changes that are incorporated would mean businesses in the UK and EU would need to adapt to ensure they maintain their customer base. What happens after Brexit is anyone’s guess. 

Under EU regulations an EU based data controller has to ensure that when data is passed to a country outside of the EU (which the UK will be upon Brexit even to Ireland) that the country housing the data has adequate levels of protection comparable to those of the EU. 

Whilst we don’t expect a significant shift given the UK is currently having to comply with GDPR and its own Data Protection legislation so harmonized, we do not know how the EU will view this in the future, especially since at the time of writing we may still be looking at a ‘hard Brexit’. It is likely EU based controllers will have to deal with the UK as it does for any non-EU countries – with established data protection mechanisms in place, such as the United States. 

UK’s first female cyber security apprenticeship graduate achieves Distinction

 960 640 Stuart O'Brien
By:
0
0

QA cyber security apprentice Stephanie Haynes has become the first woman in the UK to successfully complete the Cyber Security Technologist Level 4 apprenticeship programme.

Haynes gained a Distinction, the highest possible grade achieved by only one other learner so far.

Of the 238 learners currently on a QA cyber security apprenticeship, 39 (16%) are female, with new research from Cybersecurity Ventures predicting that women will represent more than 20 percent of the global cyber security workforce by the end of 2019.

“We’re delighted for Stephanie and we congratulate her on an amazing achievement,” said QA Apprenticeships Director Ben Pike.

“According to a new QA survey of 200 women working in the tech sector or in a digital role, 87% felt there needed to be more female role models in tech. QA is passionate about encouraging more women into tech roles and empowering this through apprenticeships. Pioneers like Stephanie are inspiring others to follow in their footsteps.”

Discussing her achievement, Haynes said: ”When I found out I was the first female cyber security apprenticeship achiever in the UK, it was a surprise, but I was also really happy to hear it. It’s exciting because I’m hoping that, with this result, I can help to inspire more women into a career in tech. 

“I want them to know that you don’t always need a strong technical background before starting your career, or have a particular ‘personality type’ to fit into the industry. If you’re enthusiastic about your field of interest and love what you do, you will thrive!”

Haynes was recruited through a national campaign for cyber apprenticeships in line with a wider government cyber skills strategy.

During her time as an apprentice at HORIBA MIRA, an automotive engineering and development consultancy company based in Nuneaton (Warwickshire), Haynes has risen to the unique challenge of adapting and applying the general information security principles she’s learned on her apprenticeship to a vehicle product cyber security context.

“I chose to do the cyber security apprenticeship because it not only offers a comprehensive mix of theoretical and practical knowledge and training, but the opportunity to work within the industry and gain experience by applying those new skills in a real-world security environment,” explains Haynes. 

Paul Wooderson, Cyber Security Principal Engineer and team leader at HORIBA MIRA, says that Haynes has become a highly valued member of the team.

“Her contribution continues to directly benefit the ongoing delivery and further development of our automotive cyber security services,” said Wooderson. “Apprenticeships have proven to be an effective additional means for us to develop the diverse teams of competent professionals that we will need to address the challenges of the future.”

Haynes plans to pursue a degree in cyber security to bolster her career and complete further professional certifications.

“To anybody considering an apprenticeship, I would strongly encourage you to go for it,” she said. “This combination of technical competence, soft skills and experience will make you a valuable and well-rounded asset to your workplace – not to mention it will look great on your CV!”

NCSC beta website unveiled

 960 640 Stuart O'Brien
By:
0
0

The National Cyber Security Centre (NCSC) has launched a redesigned version of its website, which the body says will enable businesses and individuals stay better informed about cyber threats.

The NCSC, which is part of GCHQ, says the redesign will help people of all cyber expertise through its new site, creating new sections designed around the specific needs of those using it, meaning users will spend less time looking for the guidance they need, and more time reading it.

Stuart T, the NCSC’s Digital Product Manager, said: “We want our website to become the UK’s homepage for cyber security.

“Cyber risks pose a real threat to us all, and we have tailored a site to help all users, from FTSE 350 giants to family businesses – as well as individuals and families who want to know a bit more about how to secure their devices around the home.

“We’re aiming to create a community and are asking for feedback on the new site, so we can continually improve our offering and ensure our site is always user-centred. This is not the end of our improvements – it’s the beginning.”

The NCSC says the website was created after extensive user research, which has been used to develop concise guides tailored to each audience, multi-page articles for complex topics and an alert banner on the homepage with important advice and guidance during live cyber security incidents.

The NCSC says it remains committed to demystifying cyber jargon, and will continue to explore innovative ways to present content in a way that appeals to each audience.

While security and risk management were central to every stage of the website’s design, another key decision the NCSC made was to make it as secure as necessary, rather than as secure as possible.

Richard C, the NCSC’s Chief Security Architect, said: “The National Cyber Security Centre has always said organisations should invest in an appropriate amount of security – and that’s what we’ve done with our new website.

“There is often a tendency amongst the cyber security community to set the bar as high as possible. We want to show that the vital thing is sensible risk management, so we’ve focused on making our user experience fantastic and our security good enough.

“When designing computer systems, we always tailor our approach to the system in question. Our website is intended to openly share content with the public so has quite different controls to systems that handle information we need to keep private.”

Secure your place at this summer’s Security IT Summit

 960 640 Stuart O'Brien
By:
0
0

It takes just a few minutes to register your free VIP ticket for the Security IT Summit, taking place on July 2nd at the Hilton in London.

In addition to a day of business networking, you will get the latest insights and advice on trends in the sector via a series of seminar session.

Lunch and all refreshments are included with your free ticket.

Register today and join cyber security professionals from Heathrow Airport, the Home Office, United International Pictures and more.

We have just 60 places available so register for your free place here today.

Or for more information, contact Emily Gallagher on 01992 374085 / e.gallagher@forumevents.co.uk.

To attend as a solution provider, call Chris Cannon on 01992 374096 or email c.cannon@forumevents.co.uk.

Government challenges UK boards to up cyber security game

 960 640 Stuart O'Brien
By:
0
0

Boards at some of the UK’s biggest companies still don’t fully understand the potential impact of a cyber attack, according to a government report.

The Government’s Cyber Governance Health Check looked at the approach the UK’s FTSE 350 companies take for cyber security.

The 2018 report shows that less than a fifth (16%) of boards have a comprehensive understanding of the impact of loss or disruption associated with cyber threats.

That’s despite almost all (96%) having a cyber security strategy in place.

Additionally, although the majority of businesses (95%) do have a cyber security incident response plan, only around half (57%) actually test them on a regular basis.

However, awareness of the threat of cyber attacks has increased. Almost three quarters (72%) of respondents acknowledge the risk of cyber threats is high, which is a big improvement of only just over half (54%) in 2017.

The reports says implementation of the General Data Protection Regulations (GDPR) in 2018 has had a positive effect in increasing the attention that boards are giving cyber threats. Over three quarters (77%) of those responding to last years health check said that board discussion and management of cybersecurity had increased since GDPR. As a result over half of those businesses had also put in place increased security measures.

Digital Minister Margot James said: “The UK is home to world leading businesses but the threat of cyber attacks is never far away. We know that companies are well aware of the risks, but more needs to be done by boards to make sure that they don’t fall victim to a cyber attack.

“This report shows that we still have a long way to go but I am also encouraged to see that some improvements are being made. Cyber security should never be an add-on for businesses and I would urge all executives to work with the National Cyber Security Centre and take up the government’s advice and training that’s available.”

Ciaran Martin, CEO of the NCSC, said: “Every company must fully grasp their own cyber risk – which is why we have developed the NCSC’s Board Toolkit to help them. This survey highlights some urgent issues companies will be able to address by putting our Toolkit’s advice into practice.

“Cyber security is a mainstream business risk, and board members need to understand it in the same way they understand financial or health and safety risks.”

Meanwhile, more work is being done to improve the cyber resilience of business, and a new project has been announced that will help companies understand their level of resilience. The cyber resilience metrics will be based on a set of risk-based principles to allow firms to measure and benchmark the extent to which they are managing their cyber risk profile.

Once developed these indicators will provide board members with information to understand where further action and investment is needed.