• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts By :

Stuart O'Brien

Transitioning to Secure Remote Working During and Beyond COVID-19

960 640 Stuart O'Brien

By Steve Law, CTO, Giacom and Sébastien Gest, VadeSecure

Organisations of all sizes that typically work in office environments have been thrown into the deep end due to the Covid-19 outbreak. Social distancing measures and restricting unnecessary travel has meant that a majority of companies had to unexpectedly revert to remote working. Many of these businesses quickly realised that they weren’t ready for this digital transformation, with recent research suggesting that UK firms are among the world’s least prepared for home-working.

With 25% of businesses having no crisis plan in place and 55% of employees having little to no experience of working from home, organisations have had to revise their working practices to be able to conduct their work digitally and remain effective. Technology plays a key role in enabling remote work, but many organisations did not have this planned in advance, and subsequently, are at a disadvantage due to their current inadequate technology solutions and infrastructure in place. This can lead to significantly increased security risks and concerns, as Steve Law, CTO, Giacom and Sébastien Gest, VadeSecure, explain.

Workplace Challenges

Workforces may not have access to the necessary devices from their homes such as work laptops, the correct video conference solutions or collaboration tools in place to perform their role. As a result, employees who are working from home will have to do so from their own devices. This ‘Bring Your Own Device’ (BYOD) phenomenon creates a security concern as not all personal electronic devices will have the correct level of security installed on them – the software may not be up to date, they may have an older version of Windows installed or no antivirus software available.

This creates an issue for both the consumer and the professional, as the same credentials are often used across multiple accounts at the same time. Hackers’ creativity is limitless and is becoming more sophisticated over time. Vade Secure has seen a shift in cyber criminals’ strategies, changing from attacking individuals with ransomware to instead using these individuals as a backdoor to gain access to corporate networks, and there is no better opportunity to do this than via individuals using their personal devices from home. However, by implementing the correct software and security solutions across all employees’ devices, these risks can be mitigated. 

Evolving threats 

The number of cyberattacks has continued to increase over time, with up to 88% of UK companies being targets of breaches in the last 12 months. However, hackers are taking advantage of the current coronavirus situation by sending phishing emails purporting to be PPE suppliers or medication. Recent statistics have found that since January 2020, there have been over 4,000 coronavirus-related domains registered globally, with 3% found to be malicious and 5% suspicious. These results heighten the importance of ensuring your workforce are securely remote working.

Over the last three months, as the coronavirus outbreak has unfolded, Vade Secure has seen a surge in spear-phishing and malware activities. Examples of this which have been found include capitalising on psychological aspects of the victims, including Covid-19 charity campaigns, fake mask and sanitiser suppliers, as well as stock and medications for purchases which don’t exist.

With 91% of cyber attacks using emails as their first vector, it’s more important than ever to ensure that your employees have a secure email network in place. No organisation is immune to the threat and companies which don’t have the right security software in place need to act now before it’s too late. By adding these security elements, companies can benefit from detecting and blocking features and using Artificial Intelligence to secure their networks and become notified when a non-legitimate email appears.

Securing the weakest link  

Often, the weakest link of an organisation is the employee, as 88% of UK data breaches are caused by human error. Employees are not security experts and can fall foul to phishing scams if they don’t have the right level of education or awareness. When working from home, your workforce is under more pressure to work both faster and harder, which can lead to mistakes being made. Staff members don’t have the time to check every email before they open them, but this one click can make all the difference.

Instead, by educating employees and making them more vigilant, they will be able to spot scams and cyber attacks before the damage is done. Combined with the right security software that uses techniques such as alert ‘pop-ups’ to prompt users to check emails before clicking on links, for example, the workforce will become more aware of the signs to look out for. By enabling users to make an informed decision about the nature and legitimacy of their email before acting on it, organisations can now mitigate against this high-risk area.

Conclusion

In order for organisations to limit the number of insider data and security breaches,  particularly when working remotely, it’s crucial for employees to understand the role they play in keeping the company’s information secure. By preparing in advance and having a secure contingency plan in place which provides employees with the necessary devices and security, companies will be in a stronger position to defend their systems against hackers. In addition to this, supporting employees with training will allow workforces to understand the evolving risks they face, and how to keep their information and systems secure. 

UK’s manufacturing sector facing COVID-19 cyber threats

960 640 Stuart O'Brien

Manufacturing is now the most attacked sector representing almost a third of all cyber attacks in the UK & Ireland, while Technology was the most attacked sector globally.

That’s according to the 2020 Global Threat Intelligence Report (GTIR) from NTT, which says that despite efforts to layer up defences, many organisations are unable to stay ahead of attackers, while others are struggling to do the basics like patching old vulnerabilities. 

NTT asserts that manufacturing increasingly faces financially motivated data breaches, global supply chain risks and risks from unpatched vulnerabilities. The UK was the only country (apart from Hong Kong) this year where Manufacturing topped the list of most attacked sectors, representing 29% of all attacks, with Technology (19%) second and Business and Professional Services (17%) third. Government and Finance made up the other two sectors in the top five. 

Reconnaissance attacks accounted for half of all hostile activity in the UK and Ireland, with web application the next most common form of attack (22%). Reconnaissance activity (60%) was also the most common attack type against manufacturers followed by web application attacks (36%).

Rory Duncan, Security Go-to-Market Leader, NTT, said: “UK manufacturing has become a major target for attackers in recent years as a result of the increased risks brought about from the convergence of IT and Operational Technology (OT). The biggest worry is that security has lagged behind in this sector, potentially exposing systems and processes to attack. Poor OT security is a legacy issue; many systems were designed with efficiency, throughput and regulatory compliance in mind rather than security. In the past, OT also relied on a form of ‘security through obscurity’. The protocols, formats and interfaces in these systems were often complex and proprietary and different from those in IT systems, so it was difficult for attackers to mount a successful attack. As more and more systems come online, hackers are innovating and see these systems as ripe for attack.

“Now more than ever, it’s critical for all organisations, regardless of sector or region, to pay attention to the security that enables their business; making sure they are cyber-resilient and secure-by-design, which means embedding privacy and security into the fabric of their enterprise architecture and organisational culture. The current global pandemic and the flow of trusted and untrusted information used to mask the activities of cyber criminals has shown us that they will take advantage of any situation. Organisations must be ready to respond to these and other threats in a constantly evolving landscape.”

The 2020 Global Threat Intelligence Report calls last year the ‘year of enforcement’ with the number of Governance, Risk and Compliance (GRC) initiatives growing, creating a challenging global regulatory landscape. Several acts and laws now influence how organisations handle data and privacy, including the General Data Protection Regulation (GDPR), which has set a high standard for the rest of the world. The report provides organisations with recommendations to help navigate compliance complexity, including identifying acceptable risk levels, building cyber-resilience capabilities and implementing solutions that are secure-by-design.

The 2020 GTIR – the eigth annual report – analyses and summarises trends based on log, event, attack, incident and vulnerability data from trillions of logs and billions of attacks. To learn more about how this year’s GTIR offers organisations a robust framework to address today’s cyber threat landscape, and to learn more about the emerging trends across different industries and regions, including the Americas, APAC and EMEA, follow the link to download the NTT Ltd. 2020 GTIR

Global Highlights: 2020 Global Threat Intelligence Report:

  • Most common attack types accounted for 88% of attacks: Application-specific (33%), web application (22%), reconnaissance (14%), DoS/DDoS (14%) and network manipulation (5%) attacks.
  • Weaponisation of IoT: Botnets like Mirai, IoTroop and Echobot have advanced in automation, improving propagation capabilities. Mirai and IoTroop are also known for spreading through IoT attacks, then propagating through scanning and subsequent infection from identified hosts.
  • Old vulnerabilities remain an active target: Attackers leveraged those that are several years old, but have not been patched by organisations, such as HeartBleed, which helped make OpenSSL the second most targeted software with 19% of attacks globally. A total of 258 new vulnerabilities were identified in Apache frameworks and software over the past two years, making Apache the third most targeted in 2019, accounting for over 15% of all attacks observed.
  • Attacks on Content Management Systems (CMS) accounted for about 20% of all attacks: Targeting popular CMS platforms like WordPress, Joomla!, Drupal, and noneCMS, cyber criminals used them as a route into businesses to steal valuable data and launch additional attacks. Additionally, more than 28% targeted technologies (like ColdFusion and Apache Struts) support websites.

Upcoming Vendorcom events for the Cards & Payments community

960 640 Stuart O'Brien

If you’re in payments and interested to not only keep abreast of new developments, but also influence and drive positive change and innovation in the way that merchants take payments from consumers, don’t miss this series of essential events from Vendorcom.

Vendorcom Europe is a multi-stakeholder business community that connects seekers, solvers and shapers in the European payments industry. It has helped shape the collaborative/competitive landscape in payments since launching in 2003 and has developed its reputation over the past 15 years by establishing itself as Europe’s definitive forum for keeping in touch with the what’s what and the who’s who in payments. It is the most trusted, independent forum for suppliers and users of payment systems in Europe.

Vendorcom does this through core activities such as Networking Events, Future of Payments Conferences, and Payments Forums.

All Vendorcom events are free for merchants to attend because the company saw in the roll-out of Chip & PIN over 10 years ago, the voice of the users of payment systems, particularly merchants and consumers, is vital to the development and rapid adoption of new payments initiatives. Having established Vendorcom initially as a forum for solutions providers, in the past eight years it has benefitted from the involvement and influence of merchants, from all market sectors, who have shaped the discussions and decisions made on a wide range of topics at both our Future of Payments Conferences and Payments Forums.

For many merchants, navigating the increasingly confusing range of ‘innovations’ that the payments industry promotes as self-evident ‘must-haves’ presents a huge challenge. Having access to a source of independent, authoritative, coherent information on the options you face and the opportunity to compare experiences with your peers will be invaluable as you seek to determine how payment systems can align with your business requirements.

Upcoming events include:-

Payment Risk Forum – 3rd June (Online) – https://www.vendorcom.com/event.php?event_id=1251

Payments Identity & Authentication Forum – 16th September – https://www.vendorcom.com/event.php?event_id=1268

Payment Risk Forum – 2nd December – https://www.vendorcom.com/event.php?event_id=1284

For more information, click here

Take the IT Security Briefing Industry Lockdown Survey today!

960 640 Stuart O'Brien

Here at IT Security Briefing we’re looking for the best ways to keep you connected with the industry during these difficult times, so we’ve created a short survey to gauge your views on lockdown working practices and the kind of virtual events you might be interested in attending – it’s all completely anonymous and will take less than two minutes to complete.

To take part, simply start answering the questions below – if you can’t see the questions, just click here to display them in a new browser window.

Thank you in advance for taking part – your answers will help make our content and events even more relevant to your needs.

Create your own user feedback survey

Do you specialise in Browser/Web Security? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in June we’re focussing on Browser/Web Security solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Intrusion Browser/Web Security solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

Jun – Browser/Web Security
Jul – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

Security IT Summit: A unique virtual event

960 640 Stuart O'Brien

As our guest at the Security IT Summit, you can enjoy an entirely free day of building business relationships that can benefit you and your company in a variety of ways – all from the comfort and safety of your home office.

We’ve been thinking of you as we navigate through these uncertain times, we are feeling it too. So we wanted to share a way to help keep business relationships going.

By attending the virtual Security IT Summit you’ll still get the same benefits as the physical event, namely meeting 1-2-1 with industry suppliers matched to you and your upcoming projects via our interactive and real time video events platform.

You’ll also have maximum flexibility too, with options to attend for either a full or half day, plus full access to a series of educational webinars hosted by industry thought leaders.

The virtual Security IT Summit will take place on June 30th – You can register here for your place today!

Financial services organisations ‘increasingly prone to authentication and DDoS attacks’

960 640 Stuart O'Brien

Financial services organisations have experienced a significant increase in the number of authentication and distributed denial of service (DDoS) attacks over the past three years.

That’s according to research from F5 Labs, which says the opposite was true of web attacks, which were notably down during the same period.

The analysis, which examined customer security incident response (SIRT) data from 2017-2019, covered banks, credit unions, brokers, insurance, and the wide range of organisations that serve them, such as payment processors and financial Software as a Service (SaaS).

On average, brute force and credential stuffing constituted 41% of all attacks on financial services organisations over the full three-year period. The percentage of attacks grew from 37% in 2017 to a high point of 42% in 2019.

Brute force attacks involve a bad actor attempting large volumes of usernames and passwords against an authentication endpoint. Other forms of brute force attacks simply use common lists of default credential pairs (for example, admin/admin), commonly used passwords, or even randomly generated password strings.

Occasionally, brute force attacks leverage credentials that have been obtained from other breaches. These are then used to target the service in an attack known as “credential stuffing.” 

Delving deeper, F5’s SIRT team found that there were clear regional variations in attack trends. In EMEA, brute force and credential stuffing attacks only amounted to 20% of the total, which is higher than the 15% observed in Asia Pacific but significantly lower than North America’s 64%. The latter is likely driven by a large volume of existing breached credentials.

“The first indications of an authentication attack are often customer complaints about account lockouts, rather than any sort of automated detection,” said Raymond Pompon, Director at F5 Labs.

“Early detection is key. If defenders can identify an increase in failed login attempts over a short period of time, it gives them a window of opportunity to act before customers are affected.”

DDoS attacks were the second biggest threat to financial services organisations, accounting for 32% of all reported incidents between 2017 and 2019. It is also the fastest growing threat. In 2017, 26% of attacks on financial services organisations focused on DDoS.  The figure soared to 42% in 2019.

Yet again there were distinct regional variations. 50% of all attacks reported in EMEA over the three-year period were DDoS-related. Asia Pacific was similarly affected with 55%, but the volume dropped to 22% in North America.

According to F5 Labs, denial-of-service attacks against financial service providers usually target either the core services used by customers (such as DNS) or the applications that allow users to access online services (i.e. viewing bills or applying for loans). Attacks are often sourced from all over the world, likely via the use of large botnets that are either rented out by attackers, or purpose-built from compromised machines.

“The ability to quickly identify the characteristics of traffic when under attack conditions is critically important. It is also vital to quickly enable in-depth logging for application services in order to identify unusual queries,” Pompon explained.

While authentication and DDoS attacks continue to spread, there was also a concurrent dip drop in web attacks against financial services organisations. In 2017 and 2018, they accounted for 11% of all incidents. In 2019, it was just 4%. 

“While it is difficult to determine causality, one likely factor driving this trend is the growing sophistication of properly implemented technical controls such as web application firewalls (WAFs),” said Pompon.

F5 Labs’ 2018 Application Protection Report found that a greater proportion of financial organisations tend to deploy WAFs (31%) than the average across all industries (26%).

Most of the web attacks recorded by the F5 SIRT centred on APIs, including those related to mobile authentication portals and Open Financial Exchange (OFX). Web scraping –copying content for the purpose of creating realistic phishing pages – was also in evidence. 

F5 Labs suggests that web attacks against financial services targets tend to be more persistent compared to other sectors – partly due to the cybercriminals’ precise targeting and the potential high value of success.

F5 Labs’ analysis concludes that, although the financial services industry tends to require less convincing about the merits of substantive security programs, there is no room for complacency.

“Despite the valuable assets at stake, it can still be a challenge to convince some organisations of the need for multifactor authentication, which probably represents the most impactful way to prevent nearly all access-style attacks like brute force, credential stuffing, and phishing,” said Pompon.

“Having said that, there is still a lot that can be done. On the preventative side this includes hardening APIs and implementing a vulnerability management program that features external scanning and regular patching. On the detective side, it is critical to continually monitor traffic for traces of brute force and credential stuffing. As ever, it is essential to develop, and regularly practice, procedures for incident response that address all risks.”

Learn from these expert speakers at the Security IT Summit

960 640 Stuart O'Brien

Make sure you claim you place at the Security IT Summit – Alongside your 1-2-1 meetings and networking, you’ll also enjoy access to seminar sessions with the latest tips and challenges from leading industry experts.

Lunch and refreshments are also included with your pass to the Security IT Summit – click here to RSVP.

Here are just some of the confirmed sessions:-

“Cloud – Rationale, Challenges and Get Rights”

This presentation focuses on why financial services firms are moving to the cloud, the key challenges that they face and the ‘get rights’ they can adopt to help deliver cloud in an efficient, effective and controlled way. 

Presented by: Angela Johnson de Wet, Head of IT Change and New Technologies Risk at Lloyds Banking Group

“How to counter data theft by eliminating the insider threat”

Insider threats are among the top IT security risks organizations today must brace for. Conventional security measures typically focus on external attacks, but do not provide protection against attacks from potential internal perpetrators. Simon Cuthbert, responsible for International Business Development at tenfold, will demonstrate why you must never underestimate the threat from within and how you can use identity and access management to minimize the risk of insider threats in your company.

Presented by: Simon Cuthbert, Founder & CEO, VARChannels

“Fraud: How it’s done, and what to look out for”

I will relate my story, utilising anecdotes and stories to show how I managed it, as well as giving advice on how to avoid being a victim.

Presented by: Elliot Castro, Owner at EC Consultancy

This Summit will go ahead either as a live or virtual eventclick here to RSVP.

84% of security and IT teams ‘don’t have a positive relationship’

960 640 Stuart O'Brien

Almost two thirds (59%) of European IT heads believe it is challenging to gain end-to-end visibility of their network, with almost half saying this lack of visibility is a major concern.

That’s according to a new poll by IDC/Forrester/VMware, which says more than a third (37%) feel the challenges associated with this lack of visibility has resulted in misalignment between security and IT teams – and a quarter (29%) have no plans to implement a consolidated IT and security strategy.

Only a third (38%) of networking teams are currently involved in the development of security strategies. Yet, 60% of these are involved in the execution of security, perhaps signalling that networking teams are not seen as having an equal role with the other IT or security teams when it comes to cybersecurity.

This is in stark contrast to the fact that network transformation is seen as being essential to delivering the levels of resilience and security required by modern businesses, with 43% of European organisations saying this is a key priority for them between 2019 to 2021. 

Critically, organisations need shared thinking and responsibilities to establish a cohesive security model if they are to deliver their company’s strategic goals, seen by Forrester as increased security (55%), technological advancement (56%) and the ability to respond faster (56%). 

Alongside the inconsistency in how the role of the network in security is perceived, there is a lack of cohesion within the IT and security teams as to who is responsible for network security.

“Businesses who are looking to adapt to fast-changing market conditions rely on the ability to efficiently connect, run and secure modern applications consistently, from the data center, across any cloud and all the way to the device. And it is the virtual cloud network that is delivering this. The network needs to be recognised as the DNA of any modern security, cloud and app strategy, and it should be seen as a strategic weapon and not merely the plumbing,” said Jeremy Van Doorn, Sr Director of Systems Engineering, Software Defined Data Center EMEA, VMware

The research also sheds light on the difference in priorities for both the IT and security teams. Globally, the top priority for IT is efficiency (51%), whilst security teams are focused on incident resolution (49%). And while new security threats require visibility across the entire IT infrastructure, less than three quarters of securityteams are involved in executing the organisation’s security strategy. 

Forty five percent of respondents recognise that a consolidated strategy could help reduce data breaches and more quickly identify threats. Yet this relationship isn’t proving an easy one to maintain as 84% of security and IT teams admit they don’t have a positive relationship with one another (at VP level and below). More than half of organisations want to move to a model of shared responsibility in the next 3-5 years, where IT securityarchitecture (58%), cloud security (43%) and threat hunting response (51%) is shared between IT and securityteams; but that calls for much closer collaboration than exists today. 

Denis Onuoha, Chief Information Security Officer at Arqiva, said: “It is critical that IT and security teams work in harmony to ensure every touch point of the IT infrastructure remains secure. The network forms a critical part of the business in delivering the best and most efficient services to customers. We recognise the importance of the network and therefore ensure security is embedded into the fabric of its infrastructure from the beginning and not bolted on as an afterthought. As we navigate a growing number of cloud and Edge environments and the network remains the connector between them all, it has become business critical for us to keep network security a top priority.” 

WEBINAR: How to Tackle Working From Home Security Threats

960 640 Stuart O'Brien

Learn the secrets to securing your organization’s communications while safeguarding against costly data leaks with a remote workforce. 

This April 30 webinar from ZIVVER features three industry experts who will bring you up to speed on the new threat landscape. 

Stay alert to WFH security threats 

Be in the know and hear about the following:

  • Behind the stats: the top causes of data breaches in the UK
  • Data leak blunders and how to prevent them 
  • Evolving security threats with a remote workforce 
  • Modern solutions to secure outbound communications 

Learn from these IT security experts

We’re delighted to have two incredible guest panelists alongside ZIVVER’s co-founder and CEO, Rick Goud. They’re ready to share valuable insights on how to effectively secure outbound communications.

  • Quentyn Taylor is Head of Security for one of the largest enterprises in London. He is regarded as a key security commentator and is regularly quoted and published in industry publications and mainstream media.
  • Becky Pinkard is a renowned practitioner and commentator on the information security sector who has been working in information technology and security since 1996.
  • Rick Goud is the co-founder and CEO of one of the top secure communication platform companies in Europe.

Following the panel discussion there will be an interactive Q&A session where you can ask questions.

Click here to register for the webinar