Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts By :



Andrus Ansip proposes new Euro cyber security centre

A senior European politician has proposed that the EU should set up a new cyber security centre, with the aim of certifying the security level of technology products.

Andrus Ansip, European Commissioner for the Digital Single Market, says the new centre would focus on technology products and technical expertise, working separately from NATO’s cyber security centre.

“European products and cybersecurity products are not able, only some of them are able, to compete in the world market. We have to pay much more attention to this,” commented Ansip.

“When the WannaCry ransomware attack affected companies across Europe in May, there were a lot of member states who asked for some help from the European Union.”

Ansip had previously tweeted earlier in the month that “more centres of excellence were needed” after a visit to NATO’s cybersecurity centre based in Estonia.

It is thought that Ansip will reveal more information on the centres in September, ahead of conversations on cybersecurity certification, along with an announcement on an updated EU cybersecurity strategy and a new legal basis for the European Network and Information Security Agency (ENISA).

However, the news of the centre could create problems and an overlap between organisations.

Speaking with EURACTIV, Steve Purser, ENISA’s director of operations said: “There is already a lot of competition between EU offices tasked with managing cyber security… it does make sense to have hundreds of people at the European level, but not hundreds of organisations.”


SMB’s ‘lack of concern’ regarding Ransomware threat an issue

A new report from security vendor Webroot has revealed that less than half of small and medium sized businesses think they’re at risk of suffering a ransomware attack in 2017, despite the fact that more than 60 per cent have already been affected.

600 IT decision makers at companies with 100-499 employees from across the UK, US and Australia were contacted to compile and publish Webroot’s latest report ‘Cyber Threats to Small and Medium Sized Businesses in 2017’.

Only 42 per cent thought that ransomware was a major external security threat for the company, despite the recent major global attacks such as WannaCry and Petya.

However, almost 100 per cent of all IT decision makers polled for the report said they would be increasing their annual IT security budget in 2017.

72 per cent of UK IT decision makers said their business wouldn’t be fully prepared to combat threats, such as DDoS, phishing and other forms of malware infections.

“The lack of concern about ransomware is leaving a gaping hole in the security of global businesses, as witnessed by the recent outbreaks of WannaCry and not-Petya,” said Webroot’s EMEA regional manager, Adam Nash.

“This, combined with the UK’s false sense of security when it comes to businesses’ ability to manage external threats, is worrying. Small- to medium-sized businesses can no longer afford to put security on the back burner and need to start engaging with the issues and trends affecting the industry.”


Employees are companies’ biggest data security risk

A consensus study commissioned by data security specialist HANDD Business Solutions (HANDD) has revealed that nearly a quarter of IT professionals believe that the behaviour of employees and their reactions to social engineering attacks – which can trick them into sharing user credentials and sensitive data – poses a big challenge to data security.

The survey of 304 IT professionals in the UK shows that 21 per cent of respondents say regulations, legislation and compliance will be one of the two greatest business challenges to impact data security. The General Data Protection Regulation (GDPR) is causing real concern among professionals in their bid to be compliant by the deadline, which is less than 12 months away. GDPR will not only raise the privacy bar for companies across the EU, but will also impose extra data protection burdens on them.

HANDD CEO and co-founder Ian Davin commented: “Companies must change their mindset and look at data, not as a fungible commodity, but as a valuable asset. Data is more valuable than a pot of gold, which puts companies in a challenging position as the stewards of that data. C-suite executives must understand the data protection challenges they face and implement a considered plan and methodical approach to protecting sensitive data.”

41 per cent of those surveyed assign the same level of security resources and spend for all company data, regardless of its importance. Analysing and documenting the characteristics of each data item is a vital part of its journey through an organisation. A robust data classification system will see all data tagged with markers defining useful attributes, such as sensitivity level or a retention requirement and ensuring that an organisation understands completely which data requires greater levels of protection.

“Employees are probably your biggest asset, yet they are also your weakest link, and so raising user awareness and improving security consciousness are hugely important for companies that want to drive a culture of security throughout their organisation,” commented Danny Maher, CTO at HANDD.


Government invests £20m in teen cyber security education

The Government has launched an ambitious Cyber Schools Programme aimed at secondary school students between the ages of 14 and 18.

The initiative, launched by the Department for Digital, Culture, Media and Sport (DCMS) will provide training for up to 6,000 teenagers through extracurricular clubs and activities, along with an online game. The pilot programme is due to launch in the autumn.

The Cyber Schools Programme is part of the National Cyber Security Programme to find the online security experts of tomorrow. Students, teachers and cyber security professionals will be invited to register their interest online by the DCMS, which claims that the programme is intended “to make sure the UK is prepared for the future, and ready to tackle the growing threat posed by cyber criminals”.

“We want to help young people learn some of the skills needed to work in the cyber security profession. In the coming years, it will be your generation building, running and protecting the UK – you could be needed to help protect industries such as banking, transport and public services,” explains the DCMS website.

The training will be supported by Cyber Security Challenge UK, BT, FutureLearn and The Sans Institute.

Students between the ages of 14 and 18 will be assessed, before taking the course, with those that are accepted benefiting from connections within the cyber security sector. The DCMS is looking for at least 5,700 teenagers trained by 2021.

Commenting on the course, Matt Hancock, Minister of State for Digital, said: “Our Cyber Schools Programme aims to inspire the talent of tomorrow and give thousands of the brightest young minds the chance to learn cutting-edge cyber security skills alongside their secondary school studies. I encourage all those with the aptitude, enthusiasm and passion for a cyber security career to register for what will be a challenging and rewarding scheme.”


‘Fake Security’ at festivals under investigation

The Security Industry Authority (SIA) has begun investigation into a security firm for allegedly supplying copied badges to unlicensed stewards at UK festivals.

LS Armour Security of Barry, South Wales is alleged with the offence.

The investigation has led to two arrests, along with seizure of business records, including contracts for future events.

It is believed that the SIA has also requested the assistance of other event organisers of festivals that have used the firm previously and have future bookings.

In a statement, an SIA spokesman said: “This type of unlawful conduct remains rare due to responsible organisers and security providers conducting appropriate due diligence.

“Nevertheless, the SIA understands that at this time of year, event organisers and primary contractors may not have sufficient SIA-licensed staff, which can lead to extensive sub-contracting.

“This provides opportunities to rogue providers that, with appropriate checks by organisers and primary contractors, can be largely mitigated.”

The watchdog issues licences to bouncers and security firms.

The SIA has also sent letters to promoters asking that “all reasonable steps to ensure the person named on and in possession of the licence are the same person by requiring them to provide further evidence of identity”. The SIA adds that by doing so “this will mitigate the risk of the cloned licence”.


The £1m cost of a data security breach

A new report by NTT Security has revealed that a UK business will spend more than  £1 million recovering from a data security breach.

The study of 1,350 non-IT business decision makers across 11 countries, 200 of which are from the UK, also reveals that respondents anticipate it would take, on average, almost three months (80 days) to recover from an attack, almost a week longer than the global average of 74 days. UK respondents also predict a significant impact of their organisation’s revenue, suggesting as much as a 9.5 per cent drop, which fares slightly better than the global average of nearly 10 per cent.

In the UK, business decision makers expect a data breach to cause short-term financial losses, as well as affect the organisation’s long-term ability to do business. More than two-thirds (64 per cent) cite loss of customer confidence, damage to reputation (67 per cent) and financial loss (44 per cent), while one in 10 anticipate staff losses, and nine per cent expect senior executives to resign following a security incident.

Some 63 per cent of respondents in the UK ‘agree’ that a data breach is inevitable at some point, up from the previous report’s UK figure of 57 per cent.

“Companies are absolutely right to worry about the financial impact of a data breach – both in terms of short-term financial losses and long-term brand and reputational damage,” said Linda McCormack, vice president UK & Ireland at NTT Security.

“Although this year’s £1.1m figure is slightly down on last year’s report (£1.2m), no company, regardless of its size, sector or focus, can afford to ignore the consequences of what are increasingly sophisticated and targeted security attacks, like the widespread and damaging ransomware attack we recently witnessed.“

A full copy of the 2017 Risk:Value report can be found here.




CPA Global awarded ISO 37001 anti-bribery certification

IP management and technology company CPA Global has been awarded the ISO 37001 standard for anti-bribery management systems, following an extensive assurance audit conducted by the independent certification body ETHIC Intelligence.

CPA Global has had a long-standing commitment to bribery prevention, both internally and between its wider network of partners and agents.

“Our objective is always to operate to the highest professional standards across the entire business” said CEO Simon Webster. “The achievement of ISO 37001 certification at such an early stage in its existence demonstrates our commitment to delivering a professional and trusted service to our customers around the world.”

Mark Speck, Chief Compliance Officer at CPA Global, added: “Commitment to the highest level of professional practice which includes careful selection and continuous due diligence of our third parties has always been part of the CPA Global DNA.

“The granting of ISO 37001 certification is testimony to our employees’ collective dedication to meeting and exceeding on security, privacy, and performance standards. Following the audit, the lead auditor praised CPA Global’s noteworthy compliance achievements, including the commitment that CPA Global employees across the globe had to our anti-bribery policy.

“We believe that by achieving this certification quickly, we can encourage our partners, suppliers and agents to reach the same level of compliance.”

The World Bank estimates that businesses and individuals pay an estimated $1.5 trillion in bribes each year, around two per cent of global GDP. Bribery and corruption has been shown to have a negative impact on economic development and to reduce overseas investment in impacted countries. The ISO standard 37001 was established in 2016 to raise the level of awareness and compliance with anti-bribery best practice on an international scale. The standard specifies requirements for establishing, implementing, and continually improving anti-bribery management systems. The system can be stand-alone or integrated into an overall management system.


Responsible leadership critical to managing AI and robots

A recent roundtable held at Nyenrode Business Universieit has found that responsible leadership is critical to manage changes such as job losses to AI and robotics technologies, both societally and environmentally.

The roundtable, made up of 24 managers of prominent, ethically responsible Dutch firms, as well as 24 outstanding students from seven Dutch universities, met to discuss AI and robotics technologies developments.

Bob de Wit, Professor of Strategic Leadership at Nyenrode Business Universiteit and organiser of the event, commented: “Advancements such as AI, robotics and big data will be the catalysts for a societal revolution. As businesses increasingly adopt them, huge numbers could lose their jobs, affecting both work and economic structures globally.

“It is likely that the new jobs that these technologies create will be high-skilled and too few in number. And when every economy relies on its citizens having income, once these job losses start hitting – purported by consulting firm, CBRE, to be half of professional jobs by 2025 – then spending will stop, taxes will plummet and the economy will suffer.

“Although every business wants to keep up with the digital revolution, cutting corners ethically could result in far worse consequences for us all.”

Without commitment to responsible leadership, sectors such as oil and energy could harness tech advancements to protect their interests at great future cost.

Wit concluded: “Businesses, societies and governments are not fully prepared for the speed of the advancements we are making in work-related technology. The next generation of managers need to prioritise ethical, social and environmental responsibility when making big decisions, perhaps even putting these above profit. The power tech affords us is immense, but if misused, the consequences could be irreversible.”


NHS faces staff retention crisis

Figures released by the Nursing and Midwifery Council have revealed that more nurses and midwives are leaving the profession than joining, up to 51% in a four year period.

Low pay, poor working conditions, long hours and a shortage of qualified staff are all blamed for the decision to leave.

For the first time ever, the Royal College of Nursing (RCN) figures show that more have left the register than joined during 2016/17.

With over 40,000 nursing vacancies in England, the RCN and Royal College Of Midwives (RCM) have called on the Government to scrap the pay cap to help halt the loss of talent.

In an interview with Sky News, Saffron Cordery, director of policy and strategy at NHS Providers, said: “This goes beyond the concerns over Brexit – worrying though they are.

“The reduction in numbers is most pronounced among UK registrants. And it is particularly disappointing to see so many of our younger nurses and midwives choosing to leave.”

Janet Davies, chief executive of the Royal College of Nursing, said: “With more people leaving than joining, the NHS will be further than ever from filling the 40,000 vacant nurse jobs in England alone.

“The 1% cap means nursing staff can no longer afford to stay in the profession and scrapping student funding means people can no longer afford to join it.”


Apprenticeship Levy spurs HR strategies

New research from talent and acquisition firm Alexander Mann Solutions has revealed that the introduction of the Apprenticeship Levy offers companies the opportunity to embrace new opportunities.

The White Paper was based on in-depth interviews with organisations including BAE Systems, Barclays, BT, CapGemini, GE, HSBC, Jaguar Land Rover and Santander, amongst others.

It found that the introduction of the Levy presents a rare opportunity to engage in meaningful conversations with both finance and general management teams about what is needed in terms of future talent, sourcing, and development.

The research also revealed further opportunities around improving the inclusion of individuals from under-represented groups; the majority of contributors agree that the new round of apprenticeships has the potential to tap into under-utilised pools of talent and consequently generate significant workplace diversity benefits.

“What I find really encouraging about the interviews we conducted for this White Paper, and the wider discussions I’ve had with other senior HR figures since, is the fact that major employers in the UK are embracing opportunities offered by the introduction of the Levy,” commented Tim Campbell, head of client services, Emerging Talent, Alexander Mann Solutions.

“Its introduction seems to have galvanised thinking around the sourcing and the development of talent and how it can be more closely aligned with the real needs of organisations, both now and in the foreseeable future. And the result has already been a set of innovative and imaginative strategies, which, while still in their early stages, seem set to revolutionise the way we recruit, train and retain our people – not only with regards to emerging talent, but also wider workforces.”