All Archives - Page 60 of 79 - Cyber Secure Forum | Forum Events Ltd

All

Healthcare IT leaders outline cyber security concerns

 960 640 Stuart O'Brien
By:
0
0

Healthcare IT leaders are increasing their spending to defend against cyberattacks and feeling anxiety about Apple, Amazon and Google entering the health care space.

That’s according to a new report from the US-based Center for Connected Medicine (CCM) entitled Top of Mind for Top Health Systems 2019, which focuses on three areas of health IT set to impact health systems next year, namely Cybersecurity, Telehealth, and Interoperability.

Key findings of the report include:

  • Hackers and other cyber-criminals are stepping up their attacks on the health care industry, leading 87 percent of respondents to say they expect to increase spending on cybersecurity in 2019; no health system was expecting to decrease spending.
  • Health IT leaders overwhelmingly expect government and commercial reimbursement to provide the majority of funding for telehealth services by 2022; internal funding and patient payments are expected to provide the majority of funding for telehealth in 2019.
  • 70 percent of responding executives said they were “somewhat concerned” about big tech companies, such as Apple, Amazon and Google, disrupting the health care market; 10 percent were “very concerned.”

The US health care industry was hit with 2,149 breaches comprising a total of 176.4 million records between 2010 and 2017, according to a study published in JAMA Network in September 2018. And the number of data breaches increased in almost every year, starting with 199 in 2010 and ending with 344 in 2017.

The findings are based on quantitative and qualitative surveys of C-suite executives at nearly 40 US health systems. The research was conducted by the Health Management Academy in partnership with the CCM.

UK Government cyber security efforts ‘lack clear political leadership’

 960 640 Stuart O'Brien
By:
0
0

The cyber threat to the UK’s critical national infrastructure (CNI) is as credible, potentially devastating and immediate as any other threat faced by the UK, according to the Joint Committee on the National Security Strategy.

The Committee’s latest report says the Government is not acting with the urgency and forcefulness that the situation demands, with the UK’s CNI a natural target for a major cyber attack because of its importance to daily life and the economy.

The Report on Cyber Security of the UK’s Critical National Infrastructure says that as some states become more aggressive and non-state actors such as organised crime groups become much more capable, the range and number of potential attackers is growing.

In fact, the head of the National Cyber Security Centre has said that a major cyber attack on the United Kingdom is a matter of ‘when, not if’.

The state-sponsored 2017 WannaCry attack greatly affected the NHS even though it was not itself a target and demonstrated the potential significant consequences of attacks on UK infrastructure.

Ministers have acknowledged that more must be done to improve the cyber resilience of CNI and the Government has taken some important steps in the two years since the National Cyber Security Strategy was published.

It set up the National Cyber Security Centre as a national technical authority, but the Joint Committee says its current capacity is being outstripped by demand for its services.

The Joint Committee added that while a tightened regulatory regime, required by an EU Directive that applies to all member states, has been brought into force for some, but not all, CNI sectors, it will not be enough to achieve the required leap forward across the thirteen CNI sectors (including energy, health services, transport and water).

Chair of the Committee, Margaret Beckett MP, said: “We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat.

“It is a matter of real urgency that the Government makes clear which Cabinet Minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure.

“There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors.

“My Committee recently reported on the importance of also building the cyber security skills base.

“Too often in our past the UK has been ill-prepared to deal with emerging risks.

“The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”

GUEST BLOG: People and processes are key to effective cyber security

 960 640 Stuart O'Brien
By:
0
0

Alan Calder Founder and Executive Chairman at IT Governance

Cyber security investment continues to spiral, with Gartner predicting global security spend will reach £71.72 billion by the end of the year, as a result of regulatory change, mindset and a growing awareness of threats.

And with over 40 per cent of UK businesses experiencing some form of cyber security attack or breach in the last 12 months, with the attendant cost and reputational damage, it is easy to see how information security teams can argue for ever higher budgets.

But is handing over another tranche of cash really the most effective route to cyber resilience? Look closely at any recent high profile breach and the hack was not achieved through bypassing top of the line security technology but by identifying weaknesses within processes and staff. Whilst technology certainly has its part to play in a business’ overall cyber security strategy, people and processes actually have a much more significant role in ensuring a business is protected. From management commitment to strategic risk assessment to process change and employee awareness, as Alan Calder Founder and Executive Chairman, IT Governance argues, organisations need to reconsider security and rapidly onboard the skills required to achieve this three-fold approach to mitigating cyber risk.

Weakest Link

No organisation is immune to the threat of a cyber attack, especially as the types and methods of attack become increasingly more sophisticated. Given the enormous cost associated with breach, from regulatory fines to lost customers and compromised supplier relationships, this is clearly on the board’s agenda.  Unfortunately, most boards would rather commit to hiking the security budget than take the steps actually required to improve cyber resilience: namely, get involved.

According to the ISO 27001 security standard, board level commitment is an essential requirement – yet this is a message that the CIO or CISO is finding hard to get across. Most senior level individuals perceive that cyber security is too complex and too technical to have a place in any board meeting. Yet this attitude underlines a patent lack of understanding of the cyber criminal: it is not all about incredibly complex and sophisticated threats, attackers will aim at the weakest link in an organisation’s security posture – its people.

People are a risk because they will forget passwords, make errors, click on phishing emails or access web sites loaded with malware. It is not malicious – in the main – but it is a huge problem.  The fact is that the vast majority of breaches are linked to human error – and more often than not, the cause is ill considered processes and education, not inadequate security solutions.

Proving the Point

The massive data breach at Sony came about as a result of hackers getting access to the list of passwords written in plain text, essentially an open door to an extraordinary raft of sensitive information; while at Morrison’s, it was a disgruntled employee who was able to upload the details of 99,998 staff, including bank account details, salary information, dates of birth, National Insurance numbers, addresses and phone numbers, to data sharing websites.  Having spent more than £2 million tackling the breach, the High Court ruled the supermarket was vicariously liable because the individual was acting in the course of his employment when he leaked the information online.

A lack of management understanding of risk also contributes to technology and process compromises that create unacceptable exposure. The WannaCry ransomware attack that ravaged so many businesses in 2017 is a prime example of poor processes – in this case, failing to update software, creating huge vulnerabilities. The attack affected companies globally, although in the UK the media brunt was borne by the NHS, which estimates a cost of £92 million to recover damaged IT equipment; although it has made no public acknowledgement of the cost to patients’ health as a result of cancelled operations and missed diagnoses.

While these events clearly focus management attention on the escalating risk created by cyber security, none of these organisations had failed to invest in security hardware or software. What they had overlooked was that a cyber resilient business is underpinned by highly effective processes and a highly aware and educated staff.

New Information Security Culture

User awareness and education is a huge component of a cyber resilient organisation. Simple steps such as teaching employees to recognise a phishing email or spot a rogue Wi-Fi hotspot at the café, station or conference centre, can radically reduce incidents. But this is just the start: user awareness and training must be part of a complete resilience process.

Continually testing staff awareness – by sending phishing emails and following up with additional training to those who mistakenly click on the email – is essential, but staff also need to know what to do if they do click on a phishing email by mistake. And that means the company needs to put in place a clearly defined process that encompasses everything from ensuring users recognise the importance of immediately notifying the incident response team, to locking down the device and removing it from the network, and critically, undertaking an assessment to determine whether the incident has created a regulatory reportable breach.

In addition to improving awareness and understanding, it is also important to make life easy for the user.  While IT has become obsessed with the concept of complex passwords changed every sixty to ninety days, for the user the only option is to write these down – or continually waste time calling the help desk for a reset.  How much more effective to opt for single sign in and passwords changed only when the user perceives a risk? Or once a year? Not only does the business lose the massive risk associated with passwords written down everywhere, but the help desk calls plummet – and the IT team has time to fix the gaping security hole left by the disturbing number of network devices still operating on easily breached default settings!

Security Standards

This people and process model is at the heart of the global ISO 27001 security standard – a standard which in this post GDPR era is prompting increasing interest as a way of demonstrating the security provision in place should a breach occur. And, to circle back to where we came in, this is where the board needs to get involved: ISO 27001 states that management must be engaged in the information security management process; they must lead by example and provide clear guidance to the organisations on issues such as risk management. That means that security is not just a line on the budget and a chance to pass the buck to the information security management team; the board must actively discuss and consider security policy is certification is to be achieved.

And, to be frank, the board should be actively involved. The creation of a cyber resilience framework is key not only to reducing the likelihood of a breach but also to ensure systems can get back up and running as quickly as possible to minimise business disruption – and that framework is ultimately defined and directed by a corporate understanding of risk.

Simply accepting an ever increasing security cost is not enough. It is not until the board has discussed and agreed upon the risk appetite, which will vary significantly between organisations, that the business can begin to take the correct steps towards managing information security – and that means investing in the right skills to define and implement new processes and staff awareness.

Ransomware and phishing top concerns for IT professionals

 960 640 Stuart O'Brien
By:
0
0
Ransomware (24%) and phishing attacks (21%) are the top two concerns among IT leaders in 2018, according to new research.
Barracuda surveyed more than 1,500 IT and security professionals in North America, EMEA, and APAC about their IT security priorities, how these have shifted over the 15 years and what is expected to change within another 15 years.
Other key finding include:
  • In 2003, viruses (26%) and spam and worms (18%) were noted as the top two threats
  • In 2003 only 3% identified cloud security as a top priority. This number has gone up to 14% in 2018
  • 43% identified AI and machine learning as the development that will have the biggest impact on cyber security in the next 15 years
  • 41% also believe the weaponisation of AI will be the most prevalent attack tactic in the next 15 years

Overall, Barracuda says study indicates that while the top security priorities have remained consistent over the past 15 years, the types of threats organisations are protecting against has shifted significantly.

Looking ahead, respondents believe that the cloud will be a higher priority 15 years in the future and that AI will be both a threat and an important tool.

A full 25 percent of respondents said email was their top security priority in 2003, and 23 percent said the same about their current priorities.

Network security came in a close second for both 2003 and 2018 priorities, with 24 percent and 22 percent respectively.

31 percent of respondents chose AI as the new technology that they will rely on to help improve security, and 43 percent identified the increasing use of artificial intelligence and machine learning as the development that will have the biggest impact on cyber security in the next 15 years.

On the other hand, 41 percent believe the weaponisation of AI will be the most prevalent attack tactic in the next 15 years.

“Artificial intelligence is technology that is top of mind for many of the IT professionals we spoke with — both as an opportunity to improve security and as a threat,” said Asaf Cidon, VP email security at Barracuda. “It’s an interesting contrast. We share our customers’ concern about the weaponization of AI. Imagine how social engineering attacks will evolve when attackers are able to synthesize the voice, image, or video of an impersonated target.”

Do you provide Anti-Malware solutions to business? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’ll be shining the spotlight on a different part of the cyber security market – in December we’re focussing on Anti-Malware solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Anti-Malware specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Stuart O’Brien on stuart.obrien@mimrammedia.com.

Security IT Summit 2019 – Register now for FREE!

 960 640 Stuart O'Brien
By:
0
0

Registration has opened for the Security IT Summit – the unique one-day event for senior cyber security professionals.

It takes place on July 2nd 2019 at the Hilton Canary Wharf, London and is entirely free to attend.

Simply register your place here and enjoy the following benefits:

  • Talk face-to-face with innovative and budget-saving suppliers for a series of pre-arranged meetings.
  • Attend insightful and inspirational seminar sessions.
  • Network with like-minded peers.
  • Complimentary lunch and refreshments.

We have just 60 places available so register for your free place here today.

Or for more information, contact Emily Gallagher on 01992 374085 / e.gallagher@forumevents.co.uk.

To attend as a solution provider, call Chris Cannon on 01992 374096 or email c.cannon@forumevents.co.uk.

IT employment landscape dominated by AI & cybersecurity

 960 640 Stuart O'Brien
By:
0
0

Nearly one in three organisations plans to increase their IT staff in 2019, with AI and cybersecurity top of the list of skills required.

The 2019 State of IT report from Spiceworks surveyed 1,000 tech professionals in businesses across North America and Europe, and also found that one in four IT pros plans to seek new employment; with millennials are most likely to job hop.

Behind cybersecurity skills, AI tech expertise is the number two skill large enterprises are seeking, while job-hopping IT pros are primarily seeking better salaries and opportunities to advance their IT skills.

The report also found that while 29% of companies plan to increase their IT staff in 2019, most companies (59%) aren’t planning to build up their IT staff next year.

However, Spiceworks says that doesn’t necessarily mean they’re not hiring at all. For example, some companies may be focused on backfilling positions formerly held by IT pros who may have left the building in search of greener pastures.

When comparing the data by company size, enterprises with 1,000+ employees are more likely to increase their IT staff next year than their smaller counterparts – the reports suggests this is because larger companies have more IT needs and data assets to manage, and they’re more likely to increase their tech spend in 2019 too.

IT security/cybersecurity skills are most sought after among companies planning to shore up IT staffing levels next year. When comparing the data by company size, it’s clear large enterprises (5,000+ employees) are more likely to seek AI expertise than their smaller counterparts. In fact, it’s the number two skill they’re looking for after security know-how.

On the other hand, midsize companies (500 to 999 employees) are more likely to seek candidates with DevOps skills. Smaller companies are more likely to prioritise hiring IT pros with end user hardware and infrastructure expertise. This finding comes as small businesses plan to significantly boost their hardware budgets in 2019.

In 2019, 26% of IT pros plan to find a new employer, 8% plan to leave the IT field for a new career, 6% plan to move into IT consulting, and 5% plan to retire.

However, job plans vary significantly by age. For example, 33% of millennial IT pros plan to seek new employment in 2019, compared to 26% of Gen X and 13% of baby boomers. Millennials are also more likely to expect a raise and promotion, while unsurprisingly, baby boomer IT pros are most likely to retire in 2019.

Additionally, when comparing the data by gender, Spiceworks says it’s worth noting that women are more likely to expect a promotion next year: 25% of female IT pros expect a promotion in 2019 compared to 14% of male IT pros. However, men are slightly more likely to anticipate a raise… 37% of men expect a raise next year compared to 33% of women.

Job plans also vary by region. For example, in the UK specifically, 38% of IT pros plan to find a new employer next year, compared to the 28% average in Europe and 24% in North America. Spiceworks speculates that this is because digital tech jobs are on the rise in the UK, which means more job opportunities for IT pros (and more temptation to job hop). In fact, according to the 2018 Tech Nation Report, UK employment in the digital tech sector increased by 13% between 2014 and 2017.

“Companies looking to maximize efficiencies and grow profits understand the potential artificial intelligence has to automate tasks and reduce the cost of doing business,” Peter Tsai, Senior Technology Analyst at Spiceworks. “But to effectively deploy and manage AI-enabled tech, organisations need workers with relevant AI skillsets and experience. And large enterprises, which often have resources dedicated to R&D, are already ahead of the game when it comes to experimenting with and getting value out of AI.”

Symantec snaps up Javelin and Appthority

 960 640 Stuart O'Brien
By:
0
0

Symantec has confirmed the acquisitions of Javelin Networks and Appthority as it looks to bolster its directory-based attack and mobile app vulnerability solutions.

Israel-based Javelin Networks is a privately held company that offers software to defend enterprises against Active Directory-based attacks, with Symantec saying that Microsoft Active Directory (AD) services have become an increasingly popular target for attackers using AD reconnaissance to discover the users, servers and computers in an enterprise network and then move laterally across the network using this information to carry out multi-stage attacks.

Recently, multiple major advanced persistent threat (APT) campaigns have used AD credentials to move laterally in the network beginning with a single compromised endpoint. This challenge is pervasive, as a large number of enterprises worldwide use AD services to manage their users, applications, and computers.

The Javelin Networks team and its technology will become part of Symantec’s endpoint security business.

Appthority, meanwhile, is a privately held company that offers Mobile Application Security Analysis. Symantec says the technology will give its customers the ability to analyse mobile apps for both malicious capabilities and unsafe and unwanted behaviours, such as vulnerabilities, risk of sensitive data loss, and privacy-invasive actions.

Prior to the acquisition, Appthority was a Symantec Ventures portfolio company.

“Mobile apps are a critical threat vector that every company must address to protect their enterprise security,” said Adi Sharabani, SVP, Modern OS Security. “The Appthority technology extends SEP Mobile’s capabilities in limiting unwanted app behaviors, supporting regulatory compliance, and assessing vulnerabilities.”

Security IT Summit 2019 – Are you registered yet?

 960 640 Stuart O'Brien
By:
0
0

The Security IT Summit takes place on July 2nd 2019 in London, providing you with a rare full working day of networking, learning and connection building – plus cost-saving cybersecurity solutions.

In short, the Security IT Summit will enable you to lay the groundwork for your organisation’s cyber security strategy.

And what’s more, the Security IT Summit is completely FREE to attend as our VIP guest – benefits include:

– A personalised itinerary of meetings with solution providers who match your project requirements
– Attendance to a series of seminar sessions hosted by industry thought leaders
– Informal networking with peers
– Lunch and refreshments provided throughout the day

You’ll be joining 65+ other senior IT security professionals, and the the industry’s most trusted solution providers.

Among the delegates attending the last Security IT Summit were representatives from Arcadia, British Red Cross, Barclays PLC, Cancer Research, Fenwick, Financial Ombudsman Services, GE Capital, John Lewis, London Stock Exchange Group, Marshall Motor Group plc, Moonpig, Nationwide, O2 Telefonica, Pret A Manager, Prudential, The Guardian, Vodafone, Yorkshire Housing and more.

Register for your free place here.

Or for more information, contact Emily Gallagher on 01992 374085 / e.gallagher@forumevents.co.uk.

To attend as a solution provider, call Chris Cannon on 01992 374096 or email c.cannon@forumevents.co.uk.

SD-WAN deployments up, but networking and security challenges persist

 960 640 Stuart O'Brien
By:
0
0
 
New research has highlighted the improved network security, connectivity, flexibility, and cost savings enabled by SD-WAN , but says 98% of IT leaders cite networking challenges with their current WAN setup.

The report from Barracuda Networks includes data from more than 900 respondents in the Americas, EMEA, and APAC.

Respondents come from companies ranging from 1,000 to more than 5,000 employees across multiple sectors, including healthcare, finance, education, manufacturing, public sector, and retail.

Overall, the study indicates that SD-WAN deployments are increasing to address networking challenges resulting from the explosive growth of WAN traffic due to high demand for cloud applications and services. Security remains a top concern for an overwhelming majority of IT leaders as they consider upgrading to an SD-WAN solutions.

Highlights include:

  • Networking challenges are common with current WAN setups.
    • Top three challenges are complexity (48%), cloud performance (47%), and performance between locations (46%).
  • SD-WAN deployments are on the rise.
    • One-third have already deployed SD-WAN in most of their sites, and 49 percent are in the process of doing so or will in the next year.
    • 70 percent of IT leaders said they risk losing a competitive advantage if they don’t update their WAN.
  • Security is a top priority when choosing an SD-WAN solution.
    • 81 percent said advanced threat protection and centralized management were very important or crucial to their SD-WAN purchase.
  • SD-WAN offers improved security and lower costs.
    • Most common benefits of SD-WAN deployments are improved network security (57%), connectivity (56%), and network flexibility and agility (53%). 
    • Nearly half of respondents said they had reduced overall costs thanks to SD-WAN, and 36 percent reduced costs specifically for MPLS services.
Click here to download the full report.