All Archives - Page 78 of 80 - Cyber Secure Forum | Forum Events Ltd

All

‘Fake Security’ at festivals under investigation

 960 639 Stuart O'Brien
By:
0
0

The Security Industry Authority (SIA) has begun investigation into a security firm for allegedly supplying copied badges to unlicensed stewards at UK festivals.

LS Armour Security of Barry, South Wales is alleged with the offence.

The investigation has led to two arrests, along with seizure of business records, including contracts for future events.

It is believed that the SIA has also requested the assistance of other event organisers of festivals that have used the firm previously and have future bookings.

In a statement, an SIA spokesman said: “This type of unlawful conduct remains rare due to responsible organisers and security providers conducting appropriate due diligence.

“Nevertheless, the SIA understands that at this time of year, event organisers and primary contractors may not have sufficient SIA-licensed staff, which can lead to extensive sub-contracting.

“This provides opportunities to rogue providers that, with appropriate checks by organisers and primary contractors, can be largely mitigated.”

The watchdog issues licences to bouncers and security firms.

The SIA has also sent letters to promoters asking that “all reasonable steps to ensure the person named on and in possession of the licence are the same person by requiring them to provide further evidence of identity”. The SIA adds that by doing so “this will mitigate the risk of the cloned licence”.

The £1m cost of a data security breach

 960 640 Stuart O'Brien
By:
0
0

A new report by NTT Security has revealed that a UK business will spend more than  £1 million recovering from a data security breach.

The study of 1,350 non-IT business decision makers across 11 countries, 200 of which are from the UK, also reveals that respondents anticipate it would take, on average, almost three months (80 days) to recover from an attack, almost a week longer than the global average of 74 days. UK respondents also predict a significant impact of their organisation’s revenue, suggesting as much as a 9.5 per cent drop, which fares slightly better than the global average of nearly 10 per cent.

In the UK, business decision makers expect a data breach to cause short-term financial losses, as well as affect the organisation’s long-term ability to do business. More than two-thirds (64 per cent) cite loss of customer confidence, damage to reputation (67 per cent) and financial loss (44 per cent), while one in 10 anticipate staff losses, and nine per cent expect senior executives to resign following a security incident.

Some 63 per cent of respondents in the UK ‘agree’ that a data breach is inevitable at some point, up from the previous report’s UK figure of 57 per cent.

“Companies are absolutely right to worry about the financial impact of a data breach – both in terms of short-term financial losses and long-term brand and reputational damage,” said Linda McCormack, vice president UK & Ireland at NTT Security.

“Although this year’s £1.1m figure is slightly down on last year’s report (£1.2m), no company, regardless of its size, sector or focus, can afford to ignore the consequences of what are increasingly sophisticated and targeted security attacks, like the widespread and damaging ransomware attack we recently witnessed.“

A full copy of the 2017 Risk:Value report can be found here.

 

 

CPA Global awarded ISO 37001 anti-bribery certification

 960 247 Stuart O'Brien
By:
0
0

IP management and technology company CPA Global has been awarded the ISO 37001 standard for anti-bribery management systems, following an extensive assurance audit conducted by the independent certification body ETHIC Intelligence.

CPA Global has had a long-standing commitment to bribery prevention, both internally and between its wider network of partners and agents.

“Our objective is always to operate to the highest professional standards across the entire business” said CEO Simon Webster. “The achievement of ISO 37001 certification at such an early stage in its existence demonstrates our commitment to delivering a professional and trusted service to our customers around the world.”

Mark Speck, Chief Compliance Officer at CPA Global, added: “Commitment to the highest level of professional practice which includes careful selection and continuous due diligence of our third parties has always been part of the CPA Global DNA.

“The granting of ISO 37001 certification is testimony to our employees’ collective dedication to meeting and exceeding on security, privacy, and performance standards. Following the audit, the lead auditor praised CPA Global’s noteworthy compliance achievements, including the commitment that CPA Global employees across the globe had to our anti-bribery policy.

“We believe that by achieving this certification quickly, we can encourage our partners, suppliers and agents to reach the same level of compliance.”

The World Bank estimates that businesses and individuals pay an estimated $1.5 trillion in bribes each year, around two per cent of global GDP. Bribery and corruption has been shown to have a negative impact on economic development and to reduce overseas investment in impacted countries. The ISO standard 37001 was established in 2016 to raise the level of awareness and compliance with anti-bribery best practice on an international scale. The standard specifies requirements for establishing, implementing, and continually improving anti-bribery management systems. The system can be stand-alone or integrated into an overall management system.

Responsible leadership critical to managing AI and robots

 960 640 Stuart O'Brien
By:
0
0

A recent roundtable held at Nyenrode Business Universieit has found that responsible leadership is critical to manage changes such as job losses to AI and robotics technologies, both societally and environmentally.

The roundtable, made up of 24 managers of prominent, ethically responsible Dutch firms, as well as 24 outstanding students from seven Dutch universities, met to discuss AI and robotics technologies developments.

Bob de Wit, Professor of Strategic Leadership at Nyenrode Business Universiteit and organiser of the event, commented: “Advancements such as AI, robotics and big data will be the catalysts for a societal revolution. As businesses increasingly adopt them, huge numbers could lose their jobs, affecting both work and economic structures globally.

“It is likely that the new jobs that these technologies create will be high-skilled and too few in number. And when every economy relies on its citizens having income, once these job losses start hitting – purported by consulting firm, CBRE, to be half of professional jobs by 2025 – then spending will stop, taxes will plummet and the economy will suffer.

“Although every business wants to keep up with the digital revolution, cutting corners ethically could result in far worse consequences for us all.”

Without commitment to responsible leadership, sectors such as oil and energy could harness tech advancements to protect their interests at great future cost.

Wit concluded: “Businesses, societies and governments are not fully prepared for the speed of the advancements we are making in work-related technology. The next generation of managers need to prioritise ethical, social and environmental responsibility when making big decisions, perhaps even putting these above profit. The power tech affords us is immense, but if misused, the consequences could be irreversible.”

NHS faces staff retention crisis

 960 692 Stuart O'Brien
By:
0
0

Figures released by the Nursing and Midwifery Council have revealed that more nurses and midwives are leaving the profession than joining, up to 51% in a four year period.

Low pay, poor working conditions, long hours and a shortage of qualified staff are all blamed for the decision to leave.

For the first time ever, the Royal College of Nursing (RCN) figures show that more have left the register than joined during 2016/17.

With over 40,000 nursing vacancies in England, the RCN and Royal College Of Midwives (RCM) have called on the Government to scrap the pay cap to help halt the loss of talent.

In an interview with Sky News, Saffron Cordery, director of policy and strategy at NHS Providers, said: “This goes beyond the concerns over Brexit – worrying though they are.

“The reduction in numbers is most pronounced among UK registrants. And it is particularly disappointing to see so many of our younger nurses and midwives choosing to leave.”

Janet Davies, chief executive of the Royal College of Nursing, said: “With more people leaving than joining, the NHS will be further than ever from filling the 40,000 vacant nurse jobs in England alone.

“The 1% cap means nursing staff can no longer afford to stay in the profession and scrapping student funding means people can no longer afford to join it.”

Apprenticeship Levy spurs HR strategies

 960 640 Stuart O'Brien
By:
0
0

New research from talent and acquisition firm Alexander Mann Solutions has revealed that the introduction of the Apprenticeship Levy offers companies the opportunity to embrace new opportunities.

The White Paper was based on in-depth interviews with organisations including BAE Systems, Barclays, BT, CapGemini, GE, HSBC, Jaguar Land Rover and Santander, amongst others.

It found that the introduction of the Levy presents a rare opportunity to engage in meaningful conversations with both finance and general management teams about what is needed in terms of future talent, sourcing, and development.

The research also revealed further opportunities around improving the inclusion of individuals from under-represented groups; the majority of contributors agree that the new round of apprenticeships has the potential to tap into under-utilised pools of talent and consequently generate significant workplace diversity benefits.

“What I find really encouraging about the interviews we conducted for this White Paper, and the wider discussions I’ve had with other senior HR figures since, is the fact that major employers in the UK are embracing opportunities offered by the introduction of the Levy,” commented Tim Campbell, head of client services, Emerging Talent, Alexander Mann Solutions.

“Its introduction seems to have galvanised thinking around the sourcing and the development of talent and how it can be more closely aligned with the real needs of organisations, both now and in the foreseeable future. And the result has already been a set of innovative and imaginative strategies, which, while still in their early stages, seem set to revolutionise the way we recruit, train and retain our people – not only with regards to emerging talent, but also wider workforces.”

NHS left vulnerable to cyber attacks

 960 634 Stuart O'Brien
By:
0
0

Experts from the British Computer Society (BCS) & The Chartered Institute for IT have claimed that a lack of investment in cyber-security software and accountability left the NHS open to the Wannacry virus.

The malware disrupted hospital staff across the UK in May as computers systems crashed, leaving frontline hospital staff unable to access important patient information, with operations cancelled and doctors and nurses forced to rely on hand-written notes to track patient’s case histories and treatments.

A report into the attack by the BCS found that the crisis could have been avoided had hospital IT teams had an official cyber-attack protocol, in-house cyber-security experts and up-to-date secure software.

‘’Patients should be able to trust that hospital computer systems are as solid as the first-class doctors and nurses that make our NHS the envy of the world,” said David Evans, director of community & policy at The Chartered Institute.

“Unfortunately, without the necessary IT professionals, proper investment and training the damage caused by the Wannacry ransomware virus was an inevitability, but with the roadmap we are releasing today, will make it less likely that such an attack will have the same impact in the future.”

The Chartered Institute of IT has joined forces with the Patient’s Association, the Royal College of Nursing, Microsoft to produce a blueprint that outlines steps NHS trusts should take to avoid another crippling cyber-attack.

Top of the list is ensuring there are clearly laid-out standards for accrediting relevant IT professionals. NHS board are being urged to ensure they understand their responsibilities, how to make use of registered cyber security experts and increase the number of qualified and registered IT professionals.

Security IT Summit

EVENT REVIEW: Security IT Summit

 960 640 Stuart O'Brien
By:
0
0

The UK’s cyber security industry descended on the the Hilton London Canary Wharf last Tuesday (July 4th) for the Security IT Summit.

And the timing couldn’t have been more serendipitous – the latest high profile cyber attack demonstrated that companies around the world remain vulnerable.

After the WannaCry ransomware infected more than 230,000 computers in 150 countries last month, the latest virus outbreak last week disrupted world business again, with economic losses expected to be in the billions.

As such, the Security IT Summit represented a unique opportunity for delegates from some of the UK’s biggest corporations and organisations to find the tools they need to protect their business, allowing them to meet with trusted cyber security solution providers, learn from industry experts and discuss challenges with like-minded peers.

Among the solution providers delegates were able to meet were LogRhythm, Bomgar, Celestix, Darktrace, ESET, LGC, Onapsis, Okta, Performanta, Pervade Software, PhishMe, PT Global Solutions, SonicWall, Twist and Shout Media, Unipart Security Solutions, Varonis, WinMagic Data Security and more.

Meanwhile, the event’s seminar programme tackled the big issues of National Cyber Security Strategy, Cloud Software Security and GDPR Compliance.

Plus, delegates got to hear first hand from ex-fraudster Elliot Castro, whose seminar session ‘Fraud: How it’s done – and what to look out for’ detailed how he managed to scam call centres and individuals out of £2 million.

But don’t worry if you weren’t able to attend – we’ll be announcing dates for the Security IT Summit 2018 shortly – for more information about how you can take part, contact Haydn Boxall on 01992 374 084 or email h.boxall@forumevents.co.uk.

10Duke

INDUSTRY SPOTLIGHT: 10Duke Authentication & Authorisation

 960 640 Stuart O'Brien
By:
0
0

10Duke provides authentication and authorisation as-a-service solutions for leading consumer and technology brands worldwide such as Trimble, Unilever, Savills, Volvo, Rovio and more.

Our products are used to address three primary use cases:

The 10Duke Identity Provider – enables Single Sign-On (SSO) for customers accessing applications, whether they are desktop, mobile or web, using either their preferred email (direct login), their company ID (domain login) or their favourite social ID (social login).

The 10Duke Identity Bridge – a cloud-based service that provides Single Sign-On (SSO) capability for employees and contractors to seamlessly access multiple SaaS applications with the same username and password without the need to login separately to each service.

The 10Duke Entitlements – gives you control of the delivery and licensing of your applications; it provides an engine to dynamically create and manage the licenses you offer to customers and supports a wide variety of license models.

bluetooth

GUEST BLOG: Everything you need to know about Bluetooth security

 960 640 Stuart O'Brien
By:
0
0

By Alex Viall, MD, Mustard IT

Bluetooth technology has been around since 2000. It’s become a seamless way for professionals to connect devices and it can be deployed for a variety of uses – from diverting voice calls through car speakers, to providing the freedom of wireless mice, headphones and more. The question now however, is how safe is Bluetooth technology?

Has the ubiquity of the technology created complacency regarding Bluetooth network security? Everyone is aware of the risks involved with using the internet for business, but have you thought about the impacts of a breach of a Bluetooth connection?

This article will explore how Bluetooth actually works, where the Bluetooth security vulnerabilities are, and how to reduce your Bluetooth security risks, both on the go and from an organisational perspective.

What are the security issues?

Bluetooth is extremely convenient, but it can leave users vulnerable to Bluetooth security risks if it’s not used safely. If you have email, social media, banking apps or confidential files on your device, you are at risk.

It’s vital that devices used for business in particular are protected from attack. Once we understand some of the many ways hackers can wreak havoc on your systems using Bluetooth vulnerabilities, we can learn to protect ourselves.

Viruses and worms

Smartphones and tablets are vulnerable to viruses often downloaded from reputable looking apps. Smartphone keyboards are prone to typing errors, which can lead to mistyped web addresses. Misspelling a common website name by one letter can lead to malware and other damaging files can be installed on your devices. As smartphone screens are smaller, counterfeit websites can be more difficult to spot. Once a virus has been installed, it can open up the device to Bluetooth security vulnerabilities and other issues.

Bluesnarfing

If a hacker gains access to your device (by connecting without your permission) they can steal personal data from calendars, email, images, contacts, messages etc. This could compromise any amount of sensitive information. Does Bluetooth use data once it’s been hacked? No, it remains limited to radio waves.

Denial of Service Attacks (DDOS)

This is a malicious tactic sometimes used to inconvenience or intimidate a person. If a DDOS attack is launched on your device, it will become overwhelmed with nuisance instructions and freeze up. Calls can’t be answered, data is (sometimes permanently) inaccessible and chews up battery power.

Bluebugging

This is also known as Bluetooth eavesdropping. Just as virus websites use a misspelled address to trick users, hackers set up common looking device names (‘printer’ for example) and trick you into pairing with them instead of the actual device you were seeking. These are an unfortunate factor of Bluetooth security vulnerabilities.

As you pair with them, they gain access to your entire device – they can hear and record calls, track your location on GPS and use your contact list.

If you have connected to a headset with a microphone, hackers can even listen in to conversations that are happening around you. As with bluesnarfing, you wonder does Bluetooth use data when it’s been hacked and the answer is no, so that’s one less thing to worry about.

How to reduce risk – update your Bluetooth versions

The level of Bluetooth security involved depends on which Bluetooth versions the devices use. We’ll explain each of the versions below. It can sometimes be difficult to tell which Bluetooth versions your devices have. If you’re unsure, contact the manufacturer directly. No matter which version you use, Bluetooth multi connect won’t be available, but it may update with newer releases of the hardware.

Level One

If you have level one devices, it means they will ‘pair’ (connect) without requiring any Bluetooth passkey or verification. This can be very risky – it is essentially an open door, where anyone can pair to your device and access what’s stored there.

Level Two

This is the most common Bluetooth security setting. The devices pair together, and then ask for security codes to be exchanged to verify the connection. The short period of time between pairing and verification can create a security vulnerability but the risk is minimal.

Level Three

Devices with level three security offers strong Bluetooth protection against unwanted intrusions. These devices must authenticate (swap security codes) before pairing, which means the gap found in level two devices is completely closed.

Level Four

These devices have the most stringent authentication protocols. They act like level three devices and authenticate before pairing. The authentication process is more complex, making it extremely difficult to penetrate, reducing the Bluetooth security risks significantly.

Accessories

A final point on hardware – it may be worth researching common Bluetooth enabled accessories, such as headsets or headphones. Some brands have additional layers of encryption available. It is worth paying more for extra risk reduction, and helps to answer the question: is Bluetooth safe?

How to reduce risk – behavioural change
Once you are confident that you are using the most appropriate version of Bluetooth on your devices, you can begin to focus on behavioural change.

Because proximity is critical to connecting, a lot of harm can be avoided by doing the majority device set up in a secure location (like the office).

Implementing these changes will see a huge boost for your Bluetooth network security.

Connect devices in secure locations

The biggest opportunity for hackers to access a device through Bluetooth vulnerabilities is the moment between two devices pairing and trading authentication codes.

This gap can be only a second long but it’s long enough to be a risk. To avoid exposing yourself to this risk and increase Bluetooth protection, pair devices at the office or at home.

You only need to do this once for each coupling. Once the connection is authorised the gap is closed. Connecting privately reduces the risk of Bluetooth eavesdropping.

If your devices do become unpaired (it happens), resist the urge to reconnect them in public, even if you are on the go.

When you can’t return to the office, remember the 50m proximity rule and find somewhere isolated to reconnect.

Hide your connection

If Bluetooth is enabled on a device, it will automatically broadcast its presence to every other device within range. This is called being set to ‘discoverable’. It’s necessary to be discoverable when you’re trying to pair with another device of course. If you are not actively seeking to connect to a device, change your settings to ‘undiscoverable’ to avoid Bluetooth eavesdropping. You can still use your Bluetooth but no-one else can find your device on a list. If you’re not using Bluetooth, turn the function off completely until you do need it to provide additional Bluetooth protection.

Reset the PIN

The authorisation code used to couple devices is commonly a preset 4 digit PIN. If you have the option to change this, do so. Extend the code from 4 to 8 characters, and make the code an alphanumeric scramble. Treat it with the same respect as any other password.

Lock down your smart device

In today’s mobile business environment, a smartphone is the most likely device to broadcast information through a Bluetooth connection. Add passwords, codes and authorisations on any account that’s linked to business data. That way if hackers do access the device, there may be little for them to see, reducing Bluetooth vulnerabilities.

How to reduce risk – policy change

It’s possible that your staff are completely unaware of the risks they can bring to the business by using Bluetooth in public places. Depending on the size of your workforce, you will need to educate them on the risks and make some changes to company devices are managed.

There are changes that can be made with Bluetooth network security on the individual behavioural level and also in cooperation with your IT and cyber security teams.

The following suggestions centre around smartphones and tablets, because they are common data hubs and most likely to be paired in public areas.

When a new device is deployed:

  • Install encryption software
  • Install mobile anti-virus software
  • Enable password protection (using voice recognition and fingerprint scans if possible)
  • For all accounts connected to the device, use randomly generated passwords
  • Turn off on-screen notifications. This stops confidential business related messages and emails displaying on screen for anyone to see

Use digital hygiene:

  • Connect to company networks using SSL VPNs only. This scrambles access for opportunist hackers.
  • Do not save passwords on the device (either as autocomplete options or as a note). Autofilled passwords are a gift to anyone with bad intentions.
  • Close applications that aren’t in use. It will save battery life and restrict hackers from accessing them without passwords
  • Unpair devices from one-time connections like printing booths or rental cars. Delete your connection from the car if you can.
  • Clearing this data should be routine for company cars due for return from long term leases.
  • Turn off WiFi, Bluetooth and GPS when the connections aren’t being actively used. It’s far more difficult to connect to a device when these pathways are closed. It will save battery, too.
  • Install updates as soon as they are available. Updates are released in response to newly identified weaknesses in data security.
  • Failing to update leaves devices vulnerable to known risks.
  • Back up data as often as practical. This may occur automatically through cloud accounts or need to be done manually on a schedule. Ensure the data storage is secure too.
  • If a device goes missing (i.e. lost or stolen) it must be reported directly. Remove the device from all lists of paired devices to deny access.
  • Do not pair with an unknown device, or accept a digital business card without an identifiable source. Spontaneous pairing requests should always be denied, especially if it requests your Bluetooth passkey. Avoid this by keeping devices set to undiscoverable.

IT department involvement:

  • Issue company devices for staff. There will be an initial cost, however having high level access and control on these devices can provide a huge ROI in terms of cyber security threat reduction.
  • Make use of a company rights management system on smart devices. This allows an additional layer of security before allowing access to sensitive company data. For more information on this or other network security issues read our page on securing your network.
  • Decide if personal devices should be permitted to connect to company wifi networks. This has huge potential for exploitation. Consider establishing a separate, limited network that provides connection but no access to company systems.
  • Install anti virus software onto company devices. Business management apps can also monitor usage, which can feed into security, efficiency and other metrics.
  • Develop a new user checklist to include with company issued devices. The checklist could include information about is Bluetooth safe, instructions on how to pair Bluetooth devices safely, what is the range of Bluetooth, how to connect to the CRM and password requirements, for example.