All Archives - Page 63 of 79 - Cyber Secure Forum | Forum Events Ltd

All

UK cybersecurity skills concerns highlighted

 960 640 Stuart O'Brien
By:
0
0

Only 56 per cent of UK firms believe they have sufficient cybersecurity skills in-house to deal with the numerous threats they are facing, according to new research.

Databarracks questioned over 400 IT decision makers in the UK as part of its 10th annual, survey in order to understand their views on a series of issues relating to IT security and business continuity.

Certainly, it seems cybersecurity investment has grown – in 2016, 59 per cent of respondents said that they had invested in safeguards to help fight against cyber threats, with the figure rising to 67 per cent in 2018.

Likewise, in 2016 only 12 per cent of firms surveyed said that they had updated their cybersecurity policy in the past 12 months, while in 2018 26 per cent of those surveyed said they had done so.

Meanwhile, threat monitoring software is now used by 28 per cent of businesses, compared to just 13 per cent of businesses in 2016.

Plus, the number of organisations that employed a Chief Security Information Officer has increased massively from one per cent in 2016 to 14 per cent in 2018.

Peter Groucutt, Managing Director at Databarracks, said: “Investment in cyber security safeguards, should translate to improved confidence but the findings show it is yet to make a significant difference. We are in the midst of a rapidly accelerating arms race. Organisations are desperately trying to match criminals, by working hard to improve knowledge, training and investment in security defences, but are clearly concerned about keeping pace. Importantly, organisations shouldn’t become disheartened. While confidence levels are not where we hoped, businesses are making positive strides and acting on the front-foot to fight back, which makes us optimistic for the future.”

Secure your place at next year’s Security IT Summit

 960 640 Stuart O'Brien
By:
0
0

It’s confirmed! The next Security IT Summit will take place on July 2nd 2019 at the Hilton London Canary Wharf – secure your place today!

The event will provide you with a rare full working day of networking, learning and connection building – plus cost-saving cybersecurity solutions.

In short, the Security IT Summit will enable you to lay the groundwork for your organisation’s cyber security strategy.

And what’s more, the Security IT Summit is completely FREE to attend as our VIP guest – benefits include:

– A personalised itinerary of meetings with solution providers who match your project requirements
– Attendance to a series of seminar sessions hosted by industry thought leaders
– Informal networking with peers
– Lunch and refreshments provided throughout the day

You’ll be joining 65+ other senior IT security professionals, and the the industry’s most trusted solution providers.

Among the delegates attending the last Security IT Summit were representatives from Arcadia, British Red Cross, Barclays PLC, Cancer Research, Fenwick, Financial Ombudsman Services, GE Capital, John Lewis, London Stock Exchange Group, Marshall Motor Group plc, Moonpig, Nationwide, O2 Telefonica, Pret A Manager, Prudential, The Guardian, Vodafone, Yorkshire Housing and more.

Register for your free place here.

Or for more information, contact Emily Gallagher on 01992 374085 / e.gallagher@forumevents.co.uk.

To attend as a solution provider, call Chris Cannon on 01992 374096 or email c.cannon@forumevents.co.uk.

Home Office announces Government Counter Fraud Profession division

 960 640 Stuart O'Brien
By:
0
0

The Home Office has this week announced the Government Counter Fraud Profession (GCFP), which will create a new community of counter fraud specialists across government, with benefits for both individuals and organisations.

The GCFP will enhance the structure of the Government’s counter fraud capability and put the UK Government in a better position to find and fight fraud and economic crime.

The launch of the profession represents the culmination of two years work, with over 100 organisations having been involved in its development. It will provide counter fraud specialists across Government organisations with a common framework of Professional Standards and Competencies.

It will also introduce a Professional Skills Platform (PSP), a web-based tool through which members can register their knowledge, skills, and experience, and self-assess against a range of counter fraud roles.

According to the Home Office, by having common standards, organisations will be able to identify what skills they do, and do not, have and get those skills to the right areas. They will also be provided with the ability to improve access to counter fraud capability and help deliver better quality products, whether fraud investigations, risk assessments or data analytics. Working with a common framework of standards, organisations will also be able to share learning programmes and develop new initiatives together.

The Profession will move beyond a focus on investigation and will look more at preventing and understanding fraud. This is because the GCFP recognises that to build a world-class counter fraud capability in the public sector, the UK needs a professional structure that recognises the complexity of counter fraud activity.

“I am pleased to be announcing that the government will launch the new Counter Fraud Profession on the 9th October,” said Minister for the Constitution Chloe Smith.

“The launch of the GCFP will make the UK a global leader in the professionalisation of counter fraud and will give our specialist staff an excellent and well-deserved opportunity for career progression within the discipline.

“This government remains committed to tackling fraud in any capacity, including against the public purse, and this new Profession is one way we are enhancing our ability to do so.

“In recognition of our global lead in this field, our international partners have already asked us to lead an international working group in this area. The GCFP will continue to be flexible, evolving in line with the needs of its members, and the changing threat posed by fraud and economic crime.”

Don’t click if you receive any of these emails…

 960 640 Stuart O'Brien
By:
0
0

Hackers are getting smarter and now know how to leverage psychological triggers to get the attention of victims, according to a new report.

KnowBe4, a provider of security awareness training an simulated phishing platform has published its Top 10 Global Phishing Email Subject Lines for Q2 2018. The messages in the report, which were compiled from analysing KnowBe4 user data, are based on simulated phishing tests users received or real-world emails sent to users who then reported them to their IT departments.

Ironically, the top three messages for Q2 2018 show that hackers are playing into users’ commitment to security, all tricking users with clever subject lines that deal with passwords or security alerts.

Hackers continue to take advantage of the human psyche. A recent report from Webroot validates this notion with IT decision makers believing their organisations are most vulnerable to phishing attacks – more so than new forms of malware. Some 56 per cent of IT decision makers in the US believe their businesses will be most susceptible to phishing attacks, while 44 per cent of IT decision makers in the UK are most concerned with ransomware attacks. By playing into a person’s psyche to either feel wanted or alarmed, hackers continue to use email as a successful entry point for an attack.

“Hackers are smart and know how to leverage multiple psychological triggers to get the attention of an innocent victim,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “In today’s world, it’s imperative that businesses continually educate their employees about the tactics that hackers are using so they can be savvy and not take an email at face value. Hackers will continue to become more sophisticated with the tactics they use and advance their utilisation of social engineering in order to get what they want.”

The Top 10 Most-Clicked General Email Subject Lines Globally for Q2 2018 include:

  1. Password Check Required Immediately
  2. Security Alert
  3. Change of Password Required Immediately
  4. A Delivery Attempt was made
  5. Urgent press release to all employees
  6. De-activation of [[email]] in Process
  7. Revised Vacation & Sick Time Policy
  8. UPS Label Delivery, 1ZBE312TNY00015011
  9. Staff Review 2017
  10. Company Policies-Updates to our Fraternisation Policy

GUEST BLOG: Security insights from the outer edge

 960 640 Stuart O'Brien
By:
0
0

Gallagher Security Perimeter Product Manager, Dave Solly, talks about security at the perimeter and not just at the door…

If there’s one area of security that’s often overlooked in commercial channels, it’s perimeter. This all too common gap in thinking is preventing businesses from really solving their security issues, often issues they don’t realise, or don’t want to admit they have.

As a product manager for perimeter systems, of course I’d say that. But hear me out.

In my experience, few businesses who have a security problem think they need a perimeter solution. Instead, they turn to traditional access and intruder solutions and their well-known benefits of business efficiency, compliance and risk management. These are all great reasons to spend money on a reader at the door, but they don’t address the business continuity problem at the gate, nor do they provide any protection to outdoor assets or the building itself. That’s where the perimeter comes in.

What’s the difference between securing a door and securing a gate? In my opinion, other than the physical structure, not a lot, though many organisations would rather secure a building because that’s where they see the value. But if an intruder is already in your yard, breaking through a door, then damage has already occurred and the intruder has potentially reached your assets anyway. Securing your perimeter allows you to solve this. Wouldn’t you rather stop an intruder before they even have a chance to get in?

Too often, perimeter security is a box-ticking exercise: employ a guard and put in CCTV cameras. This type of approach is cheap, easy to deploy and very common. It’s also retrospective, prone to human error, reliant on other technologies to be truly useful, and often results in continued security problems.

As the first cordon of security, your perimeter system gives you the chance to completely stop theft and damage from intruders. Not reduce: completely stop. I’ve seen many examples where this has happened – such as when a freight depot was experiencing ongoing fuel theft, they invested in a secure, well designed perimeter solution. Overnight, intruders and theft disappeared and they haven’t had a problem since. Right now, you should be asking not just “What investment have we put in to our perimeter?” But also “How much do we value our business?”

Theft, damage, trespassers and accidental access to potentially dangerous environments are all risk factors that put business continuity firmly at the heart of perimeter security. The low upfront cost of the most common perimeter solutions needs to be considered in the context of ongoing guard patrol expenses, lost work time to fix damage, replacing stolen assets and the often unseen cost to staff morale of repeated break-ins. What’s the true cost of your not-so-secure perimeter?

In places like water treatment plants, rail yards, council yards, manufacturing plants and power stations there’s also a duty of care required to the community – preventing people from accessing dangerous environments and doing silly things. As a kid growing up in the country, I remember running on the conveyer belts in the nearby dolomite (fertiliser) plant. Interestingly, the control room and processing rooms were secure, but not the conveyor that feeds the rocks into the crusher. Perimeter security would’ve prevented me from doing what in hindsight was clearly very foolish (but fun at the time). This is a good example of the growing need for proper protection at the perimeter – for both your organisation and the public.

There needs to be a widespread change in mind-set when it comes to perimeter security for commercial businesses. Done well, a perimeter solution is an important investment in business continuity and duty of care, with a huge impact on safety and cost reduction in the long term. It’s a change in thinking many businesses can’t afford to ignore.

McAfee unveils new enterprise security portfolio

 960 640 Stuart O'Brien
By:
0
0

McAfee says its new MVISION portfolio offers a comprehensive, flexible defense system that manages security products with multiple devices and the cloud in mind.

Specifically, the firm says MVISION strengthens the device as a control point in security architectures by delivering simplified management, stronger Windows security, behavior analytics, and threat defense for Android and iOS devices.

Plus, with its single integrated management workspace, MVISION has been designed to empower enterprise security professionals to proactively manage, optimise, and integrate security controls across any combination of McAfee advanced protection and Windows 10 native capabilities.

“To overcome the complexity created by too many device types, security products, and consoles, things must get simpler and the directional approach to security must shift,” said Raja Patel, vice president and general manager, Corporate Security Products, McAfee. “Modern device security needs to defend the entire digital terrain while understanding the risks at play. This first wave of McAfee’s MVISION technology portfolio provides businesses with an elevated management perspective where security administrators can more easily defend their devices and fight cyber-adversaries in a cohesive and simplified manner.”

The new McAfee MVISION portfolio includes McAfee MVISION ePO, McAfee MVISION Endpoint, and McAfee MVISION Mobile.

ePO is a SaaS that offers a simplified, centralised point of view and comprehension. It removes the deployment and maintenance overhead of backend infrastructure and allows customers to easily migrate their existing ePO environment. Organisations can focus exclusively on reducing security risk with the agility of the cloud ensuring they are always running the latest security capabilities. In addition to the new MVISION ePO SaaS offering, ePO has been updated to enable security teams to better understand threat risks, ensure security compliance, and act faster with less effort than ever before.

Risk-based approach needed to stop cyber crime

 960 640 Stuart O'Brien
By:
0
0

A report by Gartner has advised companies to take a risk-based approach to stop cyber crime, rather than trying to prevent attacks with large-scale, expensive security deployments.

A survey commissioned by Gartner of 3,160 CIOs across 98 countries and various major industries showed that 35% had already invested in a form of digital security at their company, with 36% admitting that they were planning to activate digital security at their company in the short term.

Discussing the findings, Rob McMillan, research director at Gartner, said: “Raising budgets alone doesn’t create an improved risk posture.

“Security investments must be prioritised by business outcomes to ensure the right amount is spent on the right things.”

McMillan advised companies to take a risk-based approach, with businesses continuously changing plans and security techniques as and when necessary.

“Taking a risk-based approach is imperative to set a target level of cybersecurity readiness,” added MacMillan.

“In a twisted way, many cybercriminals are digital pioneers, finding ways to leverage big data and web-scale techniques to stage attacks and steal data.

”CIOs can’t protect their organisations from everything, so they need to create a sustainable set of controls that balances their need to protect their business with their need to run it.”

Microsoft launches identity bug program

 960 640 Stuart O'Brien
By:
0
0

Microsoft has unveiled a new bug program that rewards researchers for discovering vulnerabilities in Microsoft’s Identity services up to $100,000.

Rewards offered range from $500 to $100,000 for any flaws found that impact a range of services, including Microsoft and Azure Active Directory accounts, OpenID and OAuth 2.0 standards, Microsoft Authenticator applications for iOS and Android and identity services.

On a page dedicated to the new bug program, Microsoft invites security researchers who may have discovered a security vulnerability the opportunity to disclose of the problem privately to the company so they have the opportunity to fix the issue before publishing technical details, stating that “together we can bring assurance that digital identities are safe and secure.”

Microsoft goes on to say that “a high-quality report provides the information necessary for an engineer to quickly reproduce, understand, and fix the issue. This typically includes a concise write up containing any required background information, a description of the bug, and a proof of concept. We recognise that some issues are extremely difficult to reproduce and understand, and this will be considered when adjudicating the quality of a submission.”

A full description of the program can be found here.

UK firms ‘overconfident’ on cybersecurity

 960 640 Stuart O'Brien
By:
0
0

Business are displaying a false sense of security when it comes to their IT security, flying in the face of evidence showing rising incidents of cyber attacks.

That’s the conclusion of a study conducted by Ovum on behalf of US-based analytics firm FICO, which found that three quarters of UK execs felt their firm was getter prepped than competitors for  a cyber attack.

What’s more, and 43 per cent said their firm was a top performer – second highest only to Canada out of the eight countries surveyed.

By comparison, 68 per cent of executives from US firms said their firm was better prepared than their competitors, and 37 per cent said their firm was a top performer.

Ovum conducted telephone surveys for FICO of security executives at 500 companies in the US and 10 other countries in order to compile its report.

Power and utilities providers respondents in the US were the most confident, or least realistic, with 86 per cent rating their firms above average or top performers.

Financial services respondents were the least confident, or most realistic, with 60 per cent rating their firms above average or top performers.

In the UK, financial services respondents were least realistic, with 96 per cent rating their firms above average or top performers, while retail and e-commerce respondents were most realistic, with 57 per cent rating their firms above average or top performers.

Only 36 per cent of organisations are carrying out more than a point-in-time assessment of what their cybersecurity risk is.

Security IT Summit

Security IT Summit 2019: Save The Date!

 960 640 Stuart O'Brien
By:
0
0

The next Security IT Summit will take place on July 2nd 2019 at the Hilton London Canary Wharf – secure your place today!

The event will provide you with a rare full working day of networking, learning and connection building – plus cost-saving cybersecurity solutions.

In short, the Security IT Summit will enable you to lay the groundwork for your organisation’s cyber security strategy.

And what’s more, the Security IT Summit is completely FREE to attend as our VIP guest – benefits include:

– A personalised itinerary of meetings with solution providers who match your project requirements
– Attendance to a series of seminar sessions hosted by industry thought leaders
– Informal networking with peers
– Lunch and refreshments provided throughout the day

You’ll be joining 65+ other senior IT security professionals, and the the industry’s most trusted solution providers.

Among the delegates attending the last Security IT Summit were representatives from Arcadia, British Red Cross, Barclays PLC, Cancer Research, Fenwick, Financial Ombudsman Services, GE Capital, John Lewis, London Stock Exchange Group, Marshall Motor Group plc, Moonpig, Nationwide, O2 Telefonica, Pret A Manager, Prudential, The Guardian, Vodafone, Yorkshire Housing and more.

Register for your free place here.

Or for more information, contact Emily Gallagher on 01992 374085 / e.gallagher@forumevents.co.uk.

To attend as a solution provider, call Chris Cannon on 01992 374096 or email c.cannon@forumevents.co.uk.