Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

Cyber Security

computer-1591018__340

Andrus Ansip proposes new Euro cyber security centre

A senior European politician has proposed that the EU should set up a new cyber security centre, with the aim of certifying the security level of technology products.

Andrus Ansip, European Commissioner for the Digital Single Market, says the new centre would focus on technology products and technical expertise, working separately from NATO’s cyber security centre.

“European products and cybersecurity products are not able, only some of them are able, to compete in the world market. We have to pay much more attention to this,” commented Ansip.

“When the WannaCry ransomware attack affected companies across Europe in May, there were a lot of member states who asked for some help from the European Union.”

Ansip had previously tweeted earlier in the month that “more centres of excellence were needed” after a visit to NATO’s cybersecurity centre based in Estonia.

It is thought that Ansip will reveal more information on the centres in September, ahead of conversations on cybersecurity certification, along with an announcement on an updated EU cybersecurity strategy and a new legal basis for the European Network and Information Security Agency (ENISA).

However, the news of the centre could create problems and an overlap between organisations.

Speaking with EURACTIV, Steve Purser, ENISA’s director of operations said: “There is already a lot of competition between EU offices tasked with managing cyber security… it does make sense to have hundreds of people at the European level, but not hundreds of organisations.”

binary-1327512__340

Government invests £20m in teen cyber security education

The Government has launched an ambitious Cyber Schools Programme aimed at secondary school students between the ages of 14 and 18.

The initiative, launched by the Department for Digital, Culture, Media and Sport (DCMS) will provide training for up to 6,000 teenagers through extracurricular clubs and activities, along with an online game. The pilot programme is due to launch in the autumn.

The Cyber Schools Programme is part of the National Cyber Security Programme to find the online security experts of tomorrow. Students, teachers and cyber security professionals will be invited to register their interest online by the DCMS, which claims that the programme is intended “to make sure the UK is prepared for the future, and ready to tackle the growing threat posed by cyber criminals”.

“We want to help young people learn some of the skills needed to work in the cyber security profession. In the coming years, it will be your generation building, running and protecting the UK – you could be needed to help protect industries such as banking, transport and public services,” explains the DCMS website.

The training will be supported by Cyber Security Challenge UK, BT, FutureLearn and The Sans Institute.

Students between the ages of 14 and 18 will be assessed, before taking the course, with those that are accepted benefiting from connections within the cyber security sector. The DCMS is looking for at least 5,700 teenagers trained by 2021.

Commenting on the course, Matt Hancock, Minister of State for Digital, said: “Our Cyber Schools Programme aims to inspire the talent of tomorrow and give thousands of the brightest young minds the chance to learn cutting-edge cyber security skills alongside their secondary school studies. I encourage all those with the aptitude, enthusiasm and passion for a cyber security career to register for what will be a challenging and rewarding scheme.”

Wannacry

BT and KPMG pinpoint corporate cyber security traps

BT and KPMG have published a new cyber security report offering practical advice to businesses of all sizes on how best to manage their security journey and turn it into a business opportunity.

The new report, “The cyber security journey – from denial to opportunity”, warns businesses against falling into dangerous traps as they deal with the complexity of securing a digital enterprise. These include being stuck in ‘Denial’ and ‘Worry’ phases at one end of the spectrum, and ‘False Confidence’ and ‘Hard Lessons’ at the other end.

While the report stresses that investment in technology such as firewalls and antivirus protection is essential ‘good housekeeping’ practice at the start of the security journey, firms should avoid throwing money away on IT security products as a knee-jerk reaction. This is especially true for companies who have matured from the stage of denial into the stage of constant worry, where investing in the latest technology can be viewed as the silver bullet to the problem. This common mistake can make such firms a target, not just for cyber criminals, but also for over-zealous IT salespeople.

Businesses must first assess their current controls against best practice, such as the guidance issued by the UK’s National Cyber Security Centre (NCSC), to help identify any gaps and prioritise essential areas in which to invest. Furthermore, everyone in the organisation, from the board down, must take responsibility for maintaining high standards of cyber hygiene, while businesses must invest in training and raise awareness amongst staff. This can help turn employees from the weakest point in any security chain into every company’s greatest asset in the fight to protect data.

Mark Hughes, CEO, BT Security, said: “The global scale of the recent ransomware attacks showed the astonishing speed at which even the most unsophisticated of attacks can spread around the world. Many organisations could have avoided these attacks by maintaining better standards of cyber hygiene and getting the basics right. These global incidents remind us that every business today – from the smallest sole trader through to SMEs and large multinational corporations – needs to get to grips with managing the security of their IT estate, as well as their people and processes.

“Our report aims to help secure the digital enterprise by navigating businesses through their cyber security journey. By sharing valuable insights from senior IT security leaders, we hope to help businesses of all sizes transform cyber security from operational risk into a business opportunity.”

David Ferbrache, Technical Director in KPMG’s cyber security practice, said: “The recent spate of cyber-attacks is keeping cyber risk at the top of the business agenda, and as such investments are being made. The business community needs to avoid knee-jerk reactions as cyber security is a journey – not a one size fits all issue, and getting the basics like patching and back-ups right matters. It’s important to build a security culture, raise awareness amongst staff, and remember that security needs to enable business, not prevent it.

“Cyber threats are evolving and businesses face ruthless criminal entrepreneurs. The solution isn’t jargon ridden technology silver bullets but one that involves a community effort in a world where business boundaries are vanishing. With criminals getting increasingly creative about finding the weakest link, the CISOs of the future need to care about digital risk, help the business seize opportunities and build cyber resilience.”

Although cyber security issues are increasingly discussed at board level today, the report claims that those discussions are too infrequent and are treated as a separate and disconnected issue from broader operational risk. All too often, the issue of cyber security is not incorporated into the overarching business strategy.

The paper also argues that overly complex IT architecture can worsen security gaps. This is especially the case if the technology deployed is too difficult to use or there’s a lack of integration.

In order to address these risks and gain true leadership in cyber security, the report calls on firms to focus on good governance processes, the proper integration of technologies and to consider outsourcing some less critical aspects of their security to a trusted partner. This, combined with the sharing of intelligence, good practice and hard-won lessons among a network of peers and beyond would put the company in a position to think about cyber security differently. Namely, not as a risk which is discussed by the board perhaps twice a year, but as a business opportunity and enabler for digital transformation.

Hacking

Cyber security specialist Trend Micro launches $100m venture fund

Trend Micro has launched a corporate venture fund to explore emerging technology markets with an initial investment of $100 million.

The fund will nurture a portfolio of startups that are incubating ideas in hyper growth markets, such as the Internet of Things (IoT).

Japan-based Trend Micro cites Gartner data, which estimates 26 billion devices will be connected to the Internet by 2020

Eva Chen, founder and chief executive officer for Trend Micro, said:”Trend Micro’s vision has always been to make the world safe for exchanging digital information. The explosion of devices is transforming how the world works, thinks and acts. It is clear that the ecosystem is still evolving and there is work to do to ensure organisations and individuals can operate and live safely in this new reality.”

Trend Micro’s venture will offer companies financial backing, access to its global threat intelligence, strategic alliances, as well as its channel of more than 28,000 partners.

In return, the company says working with these investments will uncover insights into emerging ecosystem opportunities, disruptive business models, market gaps and skillset shortages – influencing its cybersecurity solution planning.

“We have a 29-year history of successfully anticipating technology trends to secure all types of environments,” said Chen. “The first mega wave we caught was the growth of the PC marketplace; we committed early on to endpoint protection and remain a Leader in Gartner’s Magic Quadrant for Endpoint Protection Platforms today2. The second mega wave was all about the cloud; we made a bet early on to securing the cloud and so far we have secured over two billion workload hours on Amazon Web Services (AWS) alone. Now, we believe the next wave has arrived with IoT; our fund will help us harness this opportunity.”

 

Tim Cook

Apple and Cisco team up for cheaper corporate cyber security insurance

Apple and Cisco Systems have teamed up on an initiative they claim should enable businesses to secure cheaper cyber security insurance.

The tech giants shared a stage in Las Vegas to pitch the idea that if companies are using a combination of their respective technologies, which both claim are more secure than rivals such as Android, then this should be reflected in the pricing of premiums.

There were few details of how this would work in practical terms, but Apple CEO Tim Cook (pictured) said: “The thinking we share here is that if your enterprise or company is using Cisco and Apple, the combination of these should make [cyber-security] insurance cost significantly less. This is something we’re going to spend some energy on. You should reap that benefit.”

Cisco elaborated a little further in a blog post, stating that the partners were “collaborating with insurance industry heavyweights… to offer more robust policies to customers.”

One area the company is looking at is continuous security monitoring, with checks and balances available to insurers so they can see if systems have been set up and configured correctly.

It’s an interesting development, which will almost certainly illicit a response from rivals in the corporate IT and software sectors.