All Archives - Page 61 of 79 - Cyber Secure Forum | Forum Events Ltd

All

GUEST BLOG: Phishing and Facebook – A test of reputation for businesses

 960 640 Stuart O'Brien
By:
0
0
By Asaf Cidon, VP Email Security, Barracuda Networks
 
Facebook is never far from the news agenda, so it was no surprise to see the company under the media spotlight again when it was revealed that a recent hack exposed the personal information of 30m users.
After polling visitors to Cloud Expo earlier this year on their views of Facebook and data privacy, we took to the floor at the IP Expo show in London earlier this month to learn how businesses were feeling about their defences in the wake of the latest high profile attack. 
 
The last time we spoke to the tech industry at a UK trade show, it was on the back of the news that millions of Facebook profiles were apparently exploited for political purposes, so we were keen to understand how views had changed in the six months since then. 
 
Back in April, trust in Facebook appeared to have been badly affected, with 55% claiming that they trusted Facebook less as a result of the Cambridge Analytica scandal. Results from IP Expo further confirmed this, with 41% of respondents citing that they didn’t trust Facebook even before this latest news story. What’s encouraging is that individuals are taking measures to protect themselves – 28% said that they had amended their security and sharing settings as a result, almost identical to the 29% who said the same at Cloud Expo.
 
Individuals in the IT industry have definitely become more wary of how they’re using Facebook, but did this have any bearing on their business?
 
So what does this mean for businesses? 
 
Whilst we still don’t know a great deal about what happened, we do know that while initial reports suggested 50 million accounts were accessed, it was actually closer to 30 million.
 
Despite this smaller number, it’s clear that hackers were able to get unfettered access to a significant amount of sensitive information. For 15 million users, the hackers had access to their name, phone number, and email address.
 
But for 14 million users, the attackers had access to the above as well as their relationship status, work, education, religion, current city, gender, username, device type, pages followed, last ten places checked into or tagged in, and 15 most recent searches.
 
Much of the information up for grabs plays right into the hands of cyber criminals planning their next phishing attack, and as it also includes people’s workplaces, it’s only natural to assume that this could well lead to an increased risk of phishing attacks at work.
 
So is this a precedent that businesses should be prepared for?
 
More than a third of the visitors we spoke to at IP Expo (35%) felt that the Facebook hack was likely to increase the likelihood of phishing attacks on businesses, since attackers would be emboldened by its success. Around 20% of our respondents felt it could work the other way though, as businesses would be forewarned and, therefore, forearmed against such attacks. 
 
Whatever the reality, businesses are certainly not being complacent when it comes to resisting phishing attacks. One in four (25%) of the 200 businesses who took part felt that they have both the technology and the user education in place to feel very confident in their protection. Confidence in technology but not user education meant that 38% felt quite confident in their ability to resist an attack, whilst a focus on user education over technology had instilled confidence in 22%. Only 7% felt that they were sitting ducks, with neither the technology nor user education in place to protect their business.

What now for businesses and individuals?
 
Anyone who regularly uses Facebook needs to review their security and sharing settings immediately, if they haven’t done so already. This is especially important if you have other apps connected to your Facebook account, as this gives attackers even more of a prize should they take over your account.
 
For businesses, the best defence against phishing and spear phishing is to help make users aware of the threats and techniques used by criminals. Organisations should implement a simulation and training program to improve security awareness for their users, regularly training and testing employees to increase their security awareness of various targeted attacks. Simulated attack training is by far the most effective form of training, as it helps humans recognise the subtle clues to identify phishing attempts, and gives employees a baseline understanding of the latest techniques attackers are using.
 
Effective user training can help prevent a lot of attacks, but keeping out attacks that don’t enter via email requires a combination of effective perimeter filtering, specially designed network architecture and the ability to detect malware that may already be inside the network. Businesses also need to keep up to date with software, security and firewall updates to ensure they have the most sophisticated approach to security in place to defend against threats. This demonstrates that SSO/MFA are not the silver bullet of protection against account compromise, because if the authentication provider gets compromised all connected applications are breached. This demonstrates the importance of using AI that can monitor employee behavior and detect anomalies in real time.
 
With huge global organisations such as Facebook and Google showing themselves to be susceptible to cyber-attacks, it’s clear that businesses need to remain vigilant. Every new breach further proves that the public needs to preserve and protect their own cloud data, because the providers are not. 

Cybersecurity skills gap increases to 2.9 million globally

 960 640 Stuart O'Brien
By:
0
0

New research shows a widening of the global cybersecurity workforce gap to nearly three million across North America, Latin America, Asia-Pacific (APAC), and Europe, the Middle East and Africa (EMEA).

The 2018 (ISC)² Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study) is based on feedback from a sample of professionals responsible for securing their organisations around the world.

It includes IT/ICT staff within organisations ranging from large enterprises to small businesses who may or may not have formal cybersecurity roles but do have hands-on responsibility for securing critical assets every day – spending at least 25% of their time on such activities.

Key insights revealed in the study include:

  • Of the 2.93 million overall gap, the Asia-Pacific region is experi­encing the highest shortage, at 2.14 million, in part thanks to its growing economies and new cybersecurity and data privacy legislation being enacted throughout the region
  • North America has the next highest gap number at 498,000, while EMEA and Latin America contribute a 142,000 and 136,000 staffing shortfall, respectively
  • 63% of respon­dents report that their organisations have a shortage of IT staff dedicated to cybersecurity. 59% say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage.
  • 48% of respondents say their organizations plan to increase cybersecurity staffing over the next 12 months
  • 68% of respondents say they are either very or somewhat satisfied in their current job
  • Women represent 24% of this broader cybersecurity workforce (compared to 11% from previous studies), while 35% are Millennial or Gen Y (compared to less than 20% from previous studies)
  • More than half of all respon­dents globally (54%) are either pursuing cybersecurity certifications or plan to within the next year

Some of the biggest career progression challenges respondents reported are:

  • Unclear career paths for cybersecurity roles (34%)
  • Lack of organisational knowledge of cybersecurity skills (32%)
  • The cost of education to prepare for a cybersecurity career (28%)

The four areas cybersecurity pros feel they will need to develop most or improve on over the next two years in order to advance in their careers include:

  • Cloud computing security
  • Penetration testing
  • Threat intelligence analysis
  • Forensics

“This research is essential to fostering a clearer understanding of who makes up the larger pool of cybersecurity workers and enables us to better tailor our professional development programs for the men and women securing organizations day in and day out,” said (ISC)2 CEO David Shearer, CISSP. “We will share these powerful insights with our partners in government and the private sector to help establish the programs necessary to advance the cybersecurity profession. By broadening our view of the workforce to include those with collateral cybersecurity duties within IT and ICT teams, we discovered that professionals are still facing familiar challenges, but also found striking differences compared to previous research, including a younger workforce and greater representation of women.”

Download the full study at www.isc2.org/research.

NCSC deals with 1,100 cyber attacks in first two years

 960 640 Stuart O'Brien
By:
0
0

The National Cyber Security Centre (NCSC) has defended the UK from an average of more than 10 attacks per week in the two years since it was set up.

The NCSC, a part of GCHQ, has published its second Annual Review, which highlights the sustained threat from hostile state actors and cyber criminals.

Since it became fully operational in 2016, the NCSC’s cyber security front line has helped to support with 1,167 cyber incidents – including 557 in the last 12 months. The report reveals the majority of attacks against the UK are carried out by hostile nation states.

The Annual Review gives detail about the tactics used by the NCSC’s Incident Management team, who work behind the scenes to co-ordinate defences to support UK victims when attacks do get through.

For the first time, the NCSC is giving a glimpse into the work against the ongoing cyber threat in a podcast, “Behind the scenes of an incident”, which features interviews with a range of staff who defend the UK from cyber attacks.

David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said: As the minister with responsibility for overseeing the implementation of the National Cyber Security Strategy, I am proud of what NCSC has achieved in just two years of operations.

“Our National Cyber Security Strategy set out ambitious proposals for how this Government will defend our people, deter our adversaries and develop UK capabilities to ensure we remains the safest place to live and do business online.

“NCSC has more than risen to this challenge, defending the UK from over 1,100 cyber attacks and reducing the UK’s share of global phishing attacks by more than half.”

The NCSC takes a proactive approach to securing the UK’s online defences. The Active Cyber Defence (ACD) initiative aims to protect the UK from high-volume commodity attacks that affect people’s everyday lives.

Since its launch, ACD has reduced the UK’s share of visible global phishing attacks by more than half; from 5.3% to 2.4%. Between September 2017 and August 2018, the service has removed 138,398 phishing sites hosted in the UK.

Ciaran Martin, Chief Executive of the National Cyber Security Centre said: “I’m extremely proud that the NCSC is strengthening the UK’s defences against those who seek to harm us online.

“We are calling out unacceptable behaviour by hostile states and giving our businesses the specific information they need to defend themselves. We are improving our critical systems. We are helping to make using the Internet automatically safer.

“As we move into our third year, a major focus of our work will be providing every citizen with the tools they need to keep them safe online. I’m confident that the NCSC will continue to provide the best line of defence in the world to help the UK thrive in the digital age.”

Earlier this year, the government’s flagship cyber security conference, CYBERUK, was held in Manchester and attracted 2,500 delegates.

Following the success of CYBERUK 2018, the NCSC will widen its geographical footprint in year three as Scotland will, for the first time, host the 2019 event. Government and industry professionals will gather in Glasgow, one of the first UK cities to get 5G internet, on 24 and 25 April to share cyber security best practice in the face of complex problems and threats.

Director GCHQ, Jeremy Fleming said: “In just two years, the NCSC has become a world leading organisation. I’d like to thank everyone at the NCSC for the outstanding work they do every day.

“Whether that’s thwarting the growing cyber threat from hostile nation states, providing excellent incident management services to large and small businesses, or pushing the boundaries of research and innovation, the NCSC operates on the front line of efforts to keep us all safe online.”

The Annual Review 2018 can be reached here and you can also listen to the NCSC’s first podcast – behind the scenes of an incident.

Security IT Summit 2019 – Secure your free place

 960 640 Stuart O'Brien
By:
0
0

Secure your free place at the Security IT Summit – it takes place on July 2nd 2019 at the Hilton London Canary Wharf and is an unmissable event for cyber security professionals.

It will provide you with a rare full working day of networking, learning and connection building – plus cost-saving cybersecurity solutions.

In short, the Security IT Summit will enable you to lay the groundwork for your organisation’s cyber security strategy.

And what’s more, the Security IT Summit is completely FREE to attend as our VIP guest – benefits include:

– A personalised itinerary of meetings with solution providers who match your project requirements
– Attendance to a series of seminar sessions hosted by industry thought leaders
– Informal networking with peers
– Lunch and refreshments provided throughout the day

You’ll be joining 65+ other senior IT security professionals, and the the industry’s most trusted solution providers.

Among the delegates attending the last Security IT Summit were representatives from Arcadia, British Red Cross, Barclays PLC, Cancer Research, Fenwick, Financial Ombudsman Services, GE Capital, John Lewis, London Stock Exchange Group, Marshall Motor Group plc, Moonpig, Nationwide, O2 Telefonica, Pret A Manager, Prudential, The Guardian, Vodafone, Yorkshire Housing and more.

Register for your free place here.

Or for more information, contact Emily Gallagher on 01992 374085 / e.gallagher@forumevents.co.uk.

To attend as a solution provider, call Chris Cannon on 01992 374096 or email c.cannon@forumevents.co.uk.

Do you specialise in Employee Security Awareness solutions? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – in November we’re focussing on Employee Security Awareness solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Employee Security Awareness specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Stuart O’Brien on stuart.obrien@mimrammedia.com.

Here are the areas we’ll be covering, month by month:

November – Employee Security Awareness

December – Malware

For information on any of the above topics, contact Stuart O’Brien on stuart.obrien@mimrammedia.com.

Reading is UK’s top destination for cybersecurity professionals

 960 640 Stuart O'Brien
By:
0
0

A new study has revealed the top UK cities for those working in the cybersecurity industry, measured against a criteria of salary levels, affordability, job availability and sector growth potential.

Reading came out top of the rankings, followed by Leeds, Cardiff, Edinburgh and Manchester, according to data pulled together by cyber security training outfit, Crucial Academy.

The research makes for interesting reading (no pun intended) against the backdrop of the perceived skills gap within the UK’s cybersecurity community, and beyond – the Information Systems Audit and Control Association (ISACA) estimates a global shortage of 2 million cyber security professionals by 2019, according to the UK House of Lords Digital Skills Committee.

In August, research from Databarracks revealed only 56 per cent of UK firms believe they have sufficient cybersecurity skills in-house to deal with the numerous threats they are facing, according to new research.

Databarracks questioned over 400 IT decision makers in the UK as part of its 10th annual, survey in order to understand their views on a series of issues relating to IT security and business continuity.

And 12 months ago the UK Government said it was “acutely aware” of the need for more skilled cyber security professionals working within the sector, and that it was embarking on a series of initiatives to help promote the profession.

Discussing the concern with members of UK technology industry body TechUK, Matt Parsons, head of cyber security skills at the Department for Culture, Media and Sport (DCMS) said at the time: “We are looking at a number of ways to retrain people who are interested in moving into the industry at pace and at scale.

“Using what we have learned, we are planning to scale up and look at how we can support the cyber security industry – and get more people in at a quicker rate.”

Neil Williams, CEO of Crucial Academy, said: “The cyber security skills gap is a growing issue across the UK. Every city in the ranking is a tech hub within its own right, however, it is fascinating to see which cities, based on these factors, may be more attractive to the much-needed talent pool of cyber security professionals.”

Tom Marcus, an MI5 veteran who works with Crucial Academy, said: “Cyber security is one of the most serious issues UK business faces today. For young people leaving education, ex-military people looking to transition to civilian life or those looking for a career change, there is no career no more Brexit-proof than cyber security.”

NCSC outlines case against Russian military hackers

 960 640 Stuart O'Brien
By:
0
0
The National Cyber Security Centre (NCSC) says it has identified that ‘a number of cyber actors’ widely known to have been conducting cyber attacks around the world are, in fact, the GRU – the Russian military intelligence service.

It says the attacks have been conducted ‘in flagrant violation of international law’, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.

The statement came as part of a joint message coordinated with the likes of the US and France.

Specifically, the NCSC says cyber attacks orchestrated by the GRU have attempted to undermine international sporting institution WADA, disrupt transport systems in Ukraine, destabilise democracies and target businesses.

It says the campaign by the GRU shows that it is working in secret to undermine international law and international institutions.

The Foreign Secretary, Jeremy Hunt said: “These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens.  This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.

“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

The statement from the NCSC used the strongest language possible, saying: “Given the high confidence assessment and the broader context, the UK government has made the judgement that the Russian Government – the Kremlin – was responsible.”

The body says the GRU are associated with the following names:

  • T 28
  • Fancy Bear
  • Sofacy
  • Pawnstorm
  • Sednit
  • CyberCaliphate
  • Cyber Berkut
  • Voodoo Bear
  • BlackEnergy Actors
  • STRONTIUM
  • Tsar Team
  • Sandworm

Get ready for the Security IT Summit 2019

 960 640 Stuart O'Brien
By:
0
0

The Security IT Summit will take place on July 2nd 2019 at the Hilton London Canary Wharf – and it’s your gateway to the best cybersecurity products and services the market has to offer.

The event will provide you with a rare full working day of networking, learning and connection building – plus cost-saving cybersecurity solutions.

In short, the Security IT Summit will enable you to lay the groundwork for your organisation’s cyber security strategy.

And what’s more, the Security IT Summit is completely FREE to attend as our VIP guest – benefits include:

– A personalised itinerary of meetings with solution providers who match your project requirements
– Attendance to a series of seminar sessions hosted by industry thought leaders
– Informal networking with peers
– Lunch and refreshments provided throughout the day

You’ll be joining 65+ other senior IT security professionals, and the the industry’s most trusted solution providers.

Among the delegates attending the last Security IT Summit were representatives from Arcadia, British Red Cross, Barclays PLC, Cancer Research, Fenwick, Financial Ombudsman Services, GE Capital, John Lewis, London Stock Exchange Group, Marshall Motor Group plc, Moonpig, Nationwide, O2 Telefonica, Pret A Manager, Prudential, The Guardian, Vodafone, Yorkshire Housing and more.

Register for your free place here.

Or for more information, contact Emily Gallagher on 01992 374085 / e.gallagher@forumevents.co.uk.

To attend as a solution provider, call Chris Cannon on 01992 374096 or email c.cannon@forumevents.co.uk.

Fujitsu helps set up UK cybersecurity college

 960 640 Stuart O'Brien
By:
0
0
Fujitsu has launched the University Technical College (UTC) Cyber Security Group in the UK, which looks to prepare students aged 14-19 years for work in the field of cybersecurity.
Working with cyber UTCs across the country, along with the help of leading edge Security and Private Sector organisations, the group says it’s looking to bridge the security resource and skills gap that organisations face, to help better protect today’s society from cyber threats.
The group will aim to equip a minimum of 500 students a year with the right cyber skills to be able to hit the ground running when they start employment, and to better prepare those moving into Higher Education.
At launch there will be 23 organisations and UTCs who will form the group alongside Fujitsu. Those involved will have the opportunity to sponsor their local UTC, meaning they can get to know the students personally, potentially offering them a job at the end of the tenure or offering further sponsorship to allow students to go onto Higher Education.
“In a world of connected devices, and increasingly AI and machine learning, the security landscape is seeing exponential growth with attack techniques and sectors changing at an alarming rate. In light of recent attacks it is especially important that we do more to help the next generation of students better understand the positive impact that cybersecurity knowledge can have on their lives and future careers,” said Rob Norris, Vice President of Enterprise and Cyber Security, Fujitsu. “As we fast progress towards a ‘digital first’ nation, we need to ensure we are investing at the very beginning of the digital journey and developing the right skills to support the future digital economy.”
As UTCs provide an alternative and innovative technical education for students in their final years of school, whilst working in partnership with leading national and local employers, the group says it will ensure teachers are also equipped with the necessary tools and knowledge – such as updates on the latest threats and solutions, as well as available job roles – to help students leave with the relevant and appropriate skills needed for today’s digital world.
Norris added: “All organisations – private and public – are pivotal in closing the cybersecurity skills gap, ensuring our children are fully equipped for facing future inevitabilities. As this is something Fujitsu really recognises, the group will look to empower UTC students and teachers to develop the skills, knowledge and understanding of the role that cybersecurity plays in today’s business and society, preparing them to start their career in a digital world.”
Mike Halliday, Business Relations Manager for UTC Reading, UTC Swindon, and UTC Heathrow, said: “With cyber threats becoming more prolific and hackers increasingly more creative and savvy in their approach to attacks and breaches, the people and skills available to protect organisations and society must respond. While UTCs are attracting more and more ‘academic’ students, our real strength is in offering a learning journey that allows students to experience a practical education that prepares them for the world of work. Historically students may not have considered entering a cybersecurity profession, often meaning they missed out on a career that they could be good at, and one in which they’d find purpose and fulfilment.”
“The UTC Cyber Group looks to connect industry to an untapped source of thinking in order to meet the current cybersecurity challenges. There will be a particular focus on supporting students who could provide real value to an organisation due to their natural technical skill and ability. UTCs have the advantage of focusing on technical skills development, and are a real alternative for those that wish to learn hands-on, which makes a cyber UTC the ideal environment to nurture and accelerate cyber talent with the support of our industry partners.”
As part of the commitment, the group will meet every quarter to agree the course content that will be delivered to cyber security students. Each organisation will commit a minimum of five days of teaching and training to UTCs annually over the next three years.

Barracuda integrates with Microsoft Azure Virtual WAN

 960 640 Stuart O'Brien
By:
0
0
Barracuda Networks has announced support for Microsoft Azure Virtual WAN service through its CloudGen Firewall, extending networking security to organisations looking to deploy software giant’s solution.
In public preview since July, Microsoft Azure Virtual WAN provides optimized, automated, and global-scale branch connectivity and brings the ability to connect customers’ branches to Azure with SD-WAN and VPN devices (i.e. Customer Premises Equipment or CPE), with built-in ease of use and automated connectivity and configuration management.
 
The Barracuda connection to Azure Virtual WAN is automated: Users need only fill out authentication information and click ‘connect’. Barracuda also utilises dynamic routing protocols in the background to make sure new routes to new locations are automatically picked up and made available.
 
“Customers want choice and flexibility in the cloud, but they can’t sacrifice security,” said Tim Jefferson, VP Public Cloud at Barracuda. “By using our integration with Azure Virtual WAN, customers can have the best of both worlds — large-scale branch connectivity over Azure Virtual WAN with enhanced network security via the Barracuda CloudGen Firewall.”
 
“We’re pleased that customers looking to simplify branch connectivity and extend application workloads on Microsoft Azure now have access to the Barracuda integrated Azure Virtual WAN solution,” said Ross Ortega, Partner PM Manager, Azure Networking, Microsoft. “The integration between Azure Virtual WAN and Barracuda provides ease of use and simplification of connectivity and configuration management, hence providing optimized and automated branch-to-branch connectivity through Azure.” 
 
The integration is available now and can be leveraged by organizations using Azure Virtual WAN in the Public Preview.