Stuart O'Brien, Author at Cyber Secure Forum | Forum Events Ltd - Page 43 of 61
Posts By :

Stuart O'Brien

Brits ‘more likely’ to change spending habits after a data breach

 960 640 Stuart O'Brien
By:
0
0

The consequences of a data breach have a greater impact in the UK versus the United States, according to new data.

41% of British consumers said they will stop spending with a business or brand forever following a data breach, compared to just 21% of US consumers.  

The research into consumer trust and spending habits was conducted by payment security specialists PCI Pal, and pointed to some clear cultural differences between the two countries.

The survey found that 62% of American consumers would instead stop spending for several months following a security breach or hack, with 44% of British consumers agreeing the same. 

Over half (56%) of all UK respondents were more reticent to give credit card details verbally over the phone than their American counterparts where it was found that four out of every ten (42%) of US respondents were uncomfortable reading out their details.

US consumers were generally less accepting to provide payment details over the phone with only 15% saying they would “hand over their information, no questions asked”, compared to a quarter of UK consumers. Instead 38% of American’s would ask for an online alternative to complete a transaction, while 32% of Brits said they would “hang up and find an alternative supplier.”

“Awareness of data security is something that is on everyone’s radar, yet our UK and US surveys have highlighted some real differences of opinions and traits, when comparing attitudes to data and payment security between the two countries,” said James Barham, CEO at PCI Pal.

“UK consumers certainly seem more guarded with providing personal information, such as payment card details, over the phone, yet the US is catching up fast. Similarly, if a security breach has occurred at an organisation, Brits appear more likely to avoid that organisation in future, and instead go elsewhere. In my opinion, 2019 is the year that organisations need to take steps to provide far clearer assurances to consumers as to how their data is being captured, processed and stored otherwise customers are not going to wait, and they may find them going elsewhere for their purchase.”

Looking at trust in businesses and brands, 55% of UK respondents felt they could trust a local store with their data more than a national company. They felt a local store was more likely to care about their reputation (30%) and hackers were less likely to target a local store as it is smaller (25%) while only 22% felt a national company would be more secure as they follow more security protocols.

In stark contrast, the reverse was true in the US with only 47% of respondents feeling they could trust a local company more than a national chain. In fact, 28% felt a national company would be more secure as they follow more security protocols, while 25% felt they have more money to invest in security protocols. 

Almost a third (31%) of UK consumers stated that they would spend less with brands they perceive to have insecure data practices, compared to just 18% of US survey respondents.

Under lock and key: how can the public sector keep data safe?

 960 638 Stuart O'Brien
By:
0
0

Dan Panesar, VP EMEA, Certes Networks

The public sector faces intense public scrutiny, especially when it comes to cybersecurity.

However, the launch of the National Cyber Security Centre in (NCSC) in 2016 suggests that the sector is beginning to take the issue of cybersecurity seriously, marking the Government’s commitment to making the UK a safe place to live and work online.

And it’s not just public scrutiny the sector has to contend with, but the global digital revolution means that changes are happening rapidly, and technology adoption is not happening as quickly as it should.

On top of this, the public sector has numerous regulatory and Information Assurance (IA) based obligations they are required to fulfil, making some organisations within the sector too scared to make changes or enforce new policies for fear of breaking the rules. 

Restricted budgets, small teams and intense workloads can often make cybersecurity a low priority. Rather than enforcing and developing proactive, robust strategies to keep the organisation’s data safe, teams end up working reactively to mitigate threats as they arise. Not to mention the complex and wide-reaching nature of public sector organisations, making coordinating the array of essential services, stakeholders and functions a near impossible task. 

Keeping up with digital change 

The digital transformation means that traditional connectivity solutions are being replaced to reflect cloud deployments, network function virtualisation and the ability to deploy meaningful orchestration-based management. To reflect the update of digital and online services, public sector networks are expected to grow at 15-25% per year; in order to keep up with this demand, users are becoming increasingly reliant on both high-speed and high-availability transport networks, whether they are MPLS, SD-WAN or 5G or a combination of networks to deliver information when and where needed. 

In the not so distant future, dependency on traditional hardware will become more challenging as additional capacity means the user may have to continuously upgrade its network to reflect growth. However, current and conventional approaches to data protection create numerous challenges particularly around scalability, performance, complexity, key management and key rotation.

Don’t shy away from new technology

The public sector needs to start embracing new technology; the prospect of digital transformation should be exciting, rather than daunting. As a sector with a reputation for being slow to adopt mobile technology, potentially due to concerns over its lack of security, there is a tendency to instead lock down data and restrict the use of technology altogether. However, this just isn’t sustainable, and a lack of mobile technology won’t keep the hackers out. 

If changes don’t happen soon, the public sector will get left behind. To keep up, it needs to recognise that a digital network with a mix of connected users, devices and applications, does not need to make an organisation vulnerable; no matter how complex it may be. Flexibility and digital agility are undoubtedly at the top of every government’s agenda, making it essential for organisations to embrace the technology available. However, instead of putting adopting technology that attempts to secure each entity itself, or worse, layering technology on top of technology with a security solution tied into the network, organisations need to focus on what’s really important – and that’s Information Assurance (AI). In order for organisations in the public sector to really be secure, rather than securing the network, the focus needs to be on protecting the data.

An organisation’s biggest asset

Data is arguably an organisation’s biggest asset; it’s the crown jewels that must be protected, and what the hackers will inevitably set their sights on when planning an attack. In reality, a fine won’t be enforced under regulations such as the General Data Protection Regulation (GDPR) for a breach to an organisation’s network; the fine comes into play when a breach results in data being lost or stolen. That’s the difference in value between an organisation’s network and its data. 

And the fact is, the public sector is quickly becoming a prime target for hackers. But how can organisations ensure their data is really protected? Firstly, organisations need to move to a data-centric, IA security model underpinned by a robust and strategic security overlay, on top of an organisation’s existing network and independent of the underlying transport infrastructure, making the network itself irrelevant. A software-defined security overlay enables a centralised orchestration of IA policy and by centrally enforcing capabilities such as software-defined application segmentation using cryptography, key management and rotation, data is protected in its entirety on its journey across whatever network or transport it goes across. 

For the public sector, this means organisations no longer need to fear technology; each application on the network and the data it holds will be kept secure, irrespective of any changes made. Furthermore, if a data breach does occur, as long as it’s encrypted it will be rendered useless to hackers, mitigating the potential damaging consequences of a breach. 

Quite simply, cybersecurity must be at the forefront of business strategy. Public sector organisations need to embrace technology, coupled with the right security architecture, or risk being left behind. 

Guest Blog: The cyber resilience model

 960 638 Stuart O'Brien
By:
0
0

For too long, organisations have sought the holy grail of 100% Cyber Security. But security is never absolute; it is essential to understand that a breach is inevitable. It is the way in which organisations respond to a cyber security breach that is critical.

Alan Calder, Chief Executive of GRC International plc, parent company of IT Governance explains the fundamental importance of creating a Cyber Resilient model…

Cyber Security Myth

Cyber security is defined as the state of protecting information from attack by identifying risks and establishing appropriate defences. But as investment in security solutions continues to spiral it is essential for organisations to recognise the truth: total cyber security is unachievable. 

Cyber criminals can and will dramatically outspend their targets, creating ever changing and ever more sophisticated threats. At the same time, the ease with which these individuals and organisations bypass security technology and exploit poor process and ill-educated employees simply reinforces the futility of the current model: when 93% of security breaches occur as a result of a phishing or pretexting email, clearly a different approach is required.

Breaches occur routinely – and companies rarely know they have been breached. Not only are the majority of security breaches actually identified by third parties, on average it takes 193 days after the breach first occurred. So much for the much vaunted cyber security strategy.

What is required, therefore, is a far more robust approach to both managing the breach and minimising the business impact – a model that is predicated on achieving cyber resilience, not cybersecurity.

Cyber Essentials

To create a cyber resilience model an organisation needs to totally reconsider security provision; to assess and determine the business specific acceptable level of risk and acknowledge that an attack may be successful however well prepared the defences. By adopting a standards-based approach that encompasses technology, people and processes, a cyber resilience strategy can be designed to reflect each organisation’s maturity level with regards to both cyber security and data privacy.

At the heart of a cyber resilience strategy is defence in depth. In addition to using technology to block phishing emails, for example, a company must also ensure staff are trained to recognise the signs that an email may not be genuine. They must know how to respond if they mistakenly click on the email, including immediately notifying the help desk, which will prompt clearly defined escalation processes to minimise corporate exposure. Add in a device level back up process that does not allow the spread of malware and a business has a robust cyber resilience approach to the most prevalent form of breach.

Resilience Journey

This is, of course, an evolution. For smaller or start up business, a simple first step is to adopt Cyber Essentials, five basic controls which should prevent around 80% of Internet borne attacks from being successful. As an organisation matures, it is important to add process and people controls, even pursue the ISO 270001 information security standard, and to consider the wider business ecosystem. Is there a corporate network vulnerability created by the heating supplier routinely accessing the building’s heating, ventilation and air conditioning system, for example? What about customer security? Should the hosted web site be relocated to the cloud to achieve the encryption demanded by PCI DSS when handling credit card details? Throughout the evolution, a good cyber resilience model will continually learn, collecting data about breaches, for example, to highlight staff that need additional training or improvements to escalation processes, and ensuring the cyber risk assessment adapts in line with business expectation.

Critically, therefore, this is a board level issue and, over time a board’s awareness of and involvement in the business’ cyber resilience model must become part of the standard governance framework, as embedded as board and market reporting, health and safety and social engagement. 

Simply raising the cyber security budget year on year is not the answer: what is required is an evolving, multi-layered set of responses to the continually escalating cyber threat. Replacing a futile search for cyber security with a robust, practical and risk appropriate cyber resilience model is one of the most important steps an organisation can take.

What keeps you up at night? It’s users, isn’t it

 960 640 Stuart O'Brien
By:
0
0

Ninety-two per cent of organisations’ biggest security is concern is users, with 81% having some degree of concern around security issues.

A new report, What Keeps You Up At Night 2019 – commissioned by security awareness training company KnowBe4 – looked at over 350 organisations globally.

The research was carried out against a background in which AI and machine learning are being leveraged by criminal organisations to help them better understand how to improve their attacks, targeting specific industry verticals, organisations and even individuals.

In the results, increases in the frequency of ransomware, phishing and crypto jacking attacks were experienced by businesses of nearly every size, vertical and locale.

When it came to attack vectors, data breaches were the primary concern, with credential compromise coming in as a close second.

The report says these two issues go hand-in-hand, as misuse of credentials remains the number one attack tactic in data breaches, according to Verizon’s 2018 Data Breach Investigations Report.

Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively “old” attack vectors.

Other key findings from the report include: 

• 92% of organisations rank users as their primary security concern. And at the same time, security awareness training along with phishing testing topped the list of security initiatives that organisations need to implement. 

• Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate; in terms of attacks, 95 per cent of organisations are most concerned with data breaches.

• Ensuring security is in place to meet GDPR requirements is still a challenge for 64 per cent of organisations, despite the regulation details being out for quite some time.

• Attackers’ utilisation of compromised credentials is such a common tactic, 93 per cent of organisations are aware of the problem, but still have lots of work to do to stop it. 

• When it comes to resources, 75 per cent of organisations do not have an adequate budget.

“2018 was a prolific year for successful cyberattacks, and many of them were caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start with establishing a security culture, and in order to combat the escalation of social engineering, they have to ensure users are trained and tested.” 

Join Heathrow Airport, the Home Office, UIP & more at the Security IT Summit

 960 640 Stuart O'Brien
By:
0
0

Don’t miss the chance to join senior executives from Heathrow Airport, the Home Office, United International Pictures and more this Summer.

We are gathering together key cyber security professionals for the Security IT Summit, taking place on July 2nd at the Hilton, Canary Wharf, London.

In addition to a day of business networking, you will get the latest insights and advice on trends in the sector via a series of seminar session.

Lunch and all refreshments are included with your free ticket.

Register today and join cyber security professionals from:

Alzheimer’s Society

Brett Group

Catalyst

Derwentside College

EPR Architects

Federation of Royal Colleges of Physicians of the UK

Glenny LLP

Heathrow Airport

Hesley Group

Home Office

Pickering Interfaces

Professional Standards Authority

Marshall Motor Group

Soldiers Charity

TGI Fridays

The Salvation Army

Tructryre ATS

United International Pictures

XP Power

We have just 60 places available so register for your free place here today.

Or for more information, contact Emily Gallagher on 01992 374085 / e.gallagher@forumevents.co.uk.

To attend as a solution provider, call Chris Cannon on 01992 374096 or email c.cannon@forumevents.co.uk.

Do you specialise in Intrusion Detection & Prevention? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – in March we’re focussing on Intrusion Detection & Prevention.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Intrusion Detection & Prevention specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here are the areas we’ll be covering, month by month:

Mar – Intrusion Detection & Prevention
Apr – Phishing Detection
May – Advanced Threat Dashboard
Jun – Browser/Web Security
Jul – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

For information on any of the above topics, contact Chris Cannon on c.cannon@forumevents.co.uk.

Universities invited to apply for NCSC certification

 960 640 Stuart O'Brien
By:
0
0

Universities across the UK now have a further opportunity for their cyber-security related degrees to gain certification as part of the National Cyber Security Strategy.

After a rigorous process, the National Cyber Security Centre (NCSC) – a part of GCHQ – has already certified 23 Master’s degrees, three Integrated Master’s and three Bachelor’s degrees from 19 universities over the last four years.

With applications now open the NCSC is looking for fresh candidates to increase these figures, with degree apprenticeships now also eligible.

NCSC-certified degrees are designed to help universities attract high quality students from around the world, employers to recruit skilled staff and prospective students to make better informed choices when looking for a highly valued qualification.

The degree certification programme is part of a range of programmes which the NCSC and its government partners have initiated across UK academia designed to address the knowledge, skills and capability requirements for cyber security research and education.

The other programmes include Academic Centres of Excellence in Cyber Security Research (ACEs-CSR), Academic Research Institutes, and Centres for Doctoral Training in Cyber Security.

Chris Ensor, NCSC Deputy Director for Cyber Skills and Growth, said: “I’m really pleased that we’ve now launched a programme for certifying degree apprenticeships.  This will be a valuable addition to our certified undergraduate and postgraduate degree programmes.

“Degree Apprenticeships offer a flexible option for both students and employers, as we have seen from our own Degree Apprenticeship programme.

“I’m really looking forward to seeing some more successful applications, and strongly encourage any interested universities to get in touch and find out more.”

Universities Minister Chris Skidmore said: “The fast-paced world of technology is constantly evolving and it is vital that young people have the option to study high quality courses in cutting edge industries, such as cyber security.

“We want to maximise choice and flexibility for people wanting to study in higher education, whether that’s as part of a traditional course or a degree apprenticeship.

“Not only will these certified degrees provide a benchmark for future cyber security professionals, but also help to ensure they are ready for the world of work and prepare them for an exciting career.”

Institutions who are interested in applying for certification can find out further detail via https://www.ncsc.gov.uk/information/ncsc-degree-certification-call-new-applicants-0

ThreatAware debuts cybersecurity solution for non-specialist staff

 960 640 Stuart O'Brien
By:
0
0

An ambitious software platform that allows businesses to monitor all of their cybersecutiy needs has been launched.

ThreatAware, a joint enterprise between entrepreneurs Steve Thomson and Jon Abbott, brings together cybersecurity tools and company-wide compliance procedures on a single screen, and is suitable for use by IT and cybersecurity professionals as well as by non-technical managers and directors.

Thompson and Abbott are co founders of London-London-based IT services company Priority One. The platform has been developed with backing from angel investors, in a direct response from their own clients’ needs.

“Cyber security is not solely the responsibility of the IT team but is a company-wide challenge. As many breaches stem from human error or internal threats, training staff and having the right policies are procedures in place are critical,” said Abbott.

“By monitoring tools, people and processes on one dashboard, ThreatAware co-ordinates the roles of people throughout the business, ensuring everyone plays their part. It simplifies compliance with GDPR and other standards, saves time for IT staff and provides peace of mind for directors.”

88% of UK businesses have suffered a cyber attack in the last year

 960 640 Stuart O'Brien
By:
0
0

The UK’s cyber threat environment is intensifying, with attacks growing in volume along with an increased amount of security breaches.

New research, commissioned by leading next-generation endpoint security company Carbon Black and released in its second UK Threat Report, found that:

  • 88% of UK organisations reported suffering a breach in the last 12 months
  • The average number of breaches per organisation over the past year was 3.67
  • 87% of organisations have seen an increase in attack volumes
  • 89% of organisations say attacks have become more sophisticated
  • 93% of organisations plan to increase spending on cyber defence

The research also found that compared with the previous report, published in September, the average number of breaches has increased from 3.48 to 3.67. More than 5% of organisations have seen an increase in attack volumes.

100% of Government and Local Authority organisations surveyed reported being breached in the past 12 months, suffering 4.65 breaches, on average. 40% have been breached more than five times. In the private sector, the survey indicates that Financial Services are the most likely to report a breach, with 98% of the surveyed companies reporting breaches during the past 12 months.

Discussing the report, Rick McElroy, Head of Security Strategy for Carbon Black, said: “We believe our second UK threat report underlines that UK organisations are still under intense pressure from escalating cyberattacks.

“The report suggests that the average number of breaches has increased, but as threat hunting strategies start to mature, we hope to see fewer attacks making it to full breach status.”

The report also found that malware remains the most prolific attack type in the UK, with more than a quarter (27%) of organisations naming it the most commonly encountered. Ransomware holds second position (15%). However, the human factor plays a part in the attacks resulting in breaches. Phishing attacks appear to be at the root of one in five successful breaches. Combined, weaknesses in processes and outdated security technology were reported factors in a quarter of breaches, indicating that failures in basic security hygiene continue to be high risk vectors that organisations should address as a priority.

Organisations across all sectors reported increases in the volume of attacks during the past 12 months. However, of the organisations surveyed, Government and Local Authority organisations saw particularly high increases, with 40% noting more than 50% increase in the number of attacks. Similarly, in Healthcare, 29% of respondents noted increases of 50% or more.

60% of UK organisations surveyed said they are actively threat hunting and more than a quarter (26%) have been doing so for a year or more. A very encouraging 95% reported that threat hunting has strengthened their defences. The survey results suggest that threat hunting is most mature in the financial services sector, with 53% threat hunting for more than a year.

“We believe threat hunting is an integral part of a mature security posture,” McElroy said. “It’s encouraging to see this numbers continuing to climb.”

A copy of the report can be downloaded here:

https://www.carbonblack.com/resources/threat-research/global-threat-report-series

Tech Nation rolls out cybersecurity business growth initiative

 960 640 Stuart O'Brien
By:
0
0

A panel of senior executives working within the tech and security sectors will assist in the selection of the 20 most promising cyber companies within the UK as part of an ambitious project designed to help build and grow business in domestic and global markets.

Tech Nation, a UK network of digital tech entrepreneurs, has launched the initiative ‘Cyber’, starting in April, with a six-month, non-residential programme exposing those that take part to expertise along with providing connections required to grow their businesses.

The judging panel include Robert Coles, Chief Information Security Officer at NHS; Dr Emma Philpott, CEO at The IASME Consortium; Talal Rajab, head of programme for techUK’s Cyber and National Security programmes; Alastair Paterson, CEO and co-founder of Digital Shadows and James Chappell co-founder and Chief Innovation Officer of Digital Shadows.

UK Government data had revealed that there are currently more than 80 cyber security businesses with UK headquarters, with SMEs making up 89% of the total.

With cyber attacks on the rise within the UK and the rapid development of the Internet of Things creating new vulnerabilities at the interface between digital and physical systems, the Cyber programme aims to boost the UK’s digital security sector by helping grow 20 startup companies.

“What we have put together is a programme that will help businesses on the cohort move up to the next level,” said Ollie Bone, Cyber Lead at Tech Nation.

“Making the transition from startup to scaleup requires founders and managers to develop new and often challenging personal and business skills. But scaling up also involves reaching out and making connections across the security industry itself and in the customer marketplace. What we’re offering in Cyber is a real opportunity to overcome the factors that might be putting a brake on growth.”

Digital Minister Margot James said: “To stay ahead of cyber threats it is crucial we support and promote our world-class cyber security industry. Tech Nation’s new programme will not only help young businesses to expand but ensure our thriving cyber sector continues to grow.”