Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts By :

Stuart O'Brien

RECOMMENDED: ANTI VIRUS

960 640 Stuart O'Brien

IT Security Briefing highlights some of the industry’s key suppliers of anti-virus solutions…

Glasswall-Logo-small-450x230

Glasswall 

Glasswall’s patented deep file inspection, remediation, sanitisation and document regeneration technology eliminates the threat from document-based malware. Glasswall processes files such as PDF, Word, Excel and image files in milliseconds, without relying on detection signatures.

Glasswall does not look for bad but ‘looks for good’, checking every byte of a document against the manufacturer’s file design standard, completely disarming and regenerating clean, standard-compliant files whilst preserving their full usability. The technology seamlessly integrates within email architectures and via an API into web, file transfer, data guards and diodes to deliver real-time protection from file-borne threats.

www.glasswallsolutions.com

 

logo_barracuda_main_black

Barracuda Networks

Barracuda Networks offers industry-leading solutions designed to solve mainstream IT problems – efficiently and cost effectively – while customer support and satisfaction remain at the heart of what it does.

Its products span three distinct markets, including: 1) content security, 2) networking and application delivery and 3) data storage, protection and disaster recovery. Barracuda simplifies IT with cloud-enabled solutions that empower customers to protect their networks, applications and data, regardless of where they reside.

Barracuda develops its products for ease of use and ease to deploy, to appeal to SMEs and the mid-market. Therefore, all of the documentation associated with its products is extremely easy for customers to digest and understand. Barracuda also maintains a continuous feedback loop including in-person seminars, user groups, online customer feedback forums, regular customer surveys and ongoing communication and assistance.

While Barracuda maintains a strong heritage in email and web security appliances, its award-winning portfolio includes more than a dozen purpose-built solutions that support all aspects of the network – providing organisations of all sizes with end-to-end protection that can be deployed in hardware, virtual, cloud and mixed form factors.

www.barracuda.com

If you’d like to highlight your Anti Virus solutions, contact lisa.carter@mimrammedia.com

Fines of up to £17m if UK infrastructure firms neglect cyber security

960 640 Stuart O'Brien

The Government has announced plans to fine Infrastructure firms up to £17m if they don’t have adequate cyber security measures in place.

Under a new directive, UK regulators will be able to inspect cyber security at premises operated by transport, energy water and health companies, checking for any threat to public safety and possibility of significant adverse or economic impact resulting from a disruptive incident.

The announcement follows plans last year from the Department for Digital, Culture, Media and Sport to bring the UK in line with the EU Network and Information Systems (NIS) Directive, which comes into effect in May.

The directive will also cover threats affecting IT services, hardware failures and environmental attacks.

Margot James, Minister for Digital and the Creative Industries, said: “Today we are setting out new and robust cybersecurity measures to help ensure the UK is the safest place in the world to live and be online.

“We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services.”

Discussing the directive, Jens Monrad, analyst at cyber security company FireEye, said: “With so many nations, including the UK, now relying on digitalisation, hackers may look to cause mass disruption by targeting critical national infrastructure,” said Jens Monrad, at cyber-security company FireEye.

“This could be systems, which the UK government and citizens rely on, like healthcare systems, water supply and electricity.”

US cyber security start-ups failing to actually start up

960 640 Stuart O'Brien

Cyber security start-ups in the US are failing to make an impact in a crowded market, according to experts.

Venture capitalists have also seen a rise in security products that have been overtaken by advances in hacking, making them obsolete, along with larger companies “locking down” clients with more sophisticated security products and services.

Speaking with it news, David Cowan, partner at venture capital firm Bessemer Venture Partners, said: “I have never seen such a fast-growing market with so many companies on the losing side.”

Commentators have highlighted how many of the start-ups are now processions of corporates, operating as “zombies”, with little chance of becoming acquisition targets or fetching a good price in an initial public offering (IPO).

Corporate companies have also consolidated their security work, using a select few recognised companies in a bid to save money and time.

“Suddenly, we are in this situation where there are just too many vendors and too few can be sustained,” said Dave DeWalt, the former CEO of cyber security company FireEye.

“You’re starting to see companies go, ‘oh my gosh, what do I do? Can I get more capital, do I have to merge?”

It’s thought about 300 cyber security start-ups launch every year in the US alone.

However, not all venture capital firms are leaving the sector, with some investing in smaller companies.

“Start-ups that are likely to reach between US$100 million and US$300 million in value are still offering excellent opportunities for an exit,” said Yoav Leitersdorf, founder of YL Ventures and investor of Hexadite that was sold to Microsoft last year.

Falanx secures three-year contract with UK Health Sector organisation

960 640 Stuart O'Brien

Global intelligence and cyber defence provider Falanx has secured a £250,000 three-year contract with an unnamed UK Health Sector provider.

The contract will see Falanx provide 24/7 cyber ‘Incident Response’ coverage to protect and contain infrastructure in the event of a cyber attack.

The company explained: “This new contract provides an expansion of our Protective Monitoring service to provide more comprehensive coverage of the IT estate.”

The cover will allow the team at Falanx to immediately isolate any compromised parts of the network as cyber sabotage is detected from within the Falanx Security Operations Centre while action takes place.

Discussing the contract, Mike Read, Chairman and CEO said: “I am delighted to report the extension and increase of services to one of our most valued clients in the Health Sector.

“This further demonstrates our ability to successfully migrate clients consuming traditional cyber test and consultancy services into managed monitoring of their network with our proprietary platform and on-call response.

The company has also announced a new CFO, Ian Selby.

Read added: “I am also very pleased to welcome Ian Selby to our team. Ian comes with an extremely strong background in assisting the development of successful businesses and knowledge of AIM.

“I am sure he will be an extremely valued and influential member of our team as we continue to grow.”

Malware-infected prize handed out at cyber quiz

960 640 Stuart O'Brien

Winners of a cyber security quiz in Taiwan got more than they bargained for when the prizes were given out – they received malware-infected USB thumb drives.

The quiz, which took place in December 2017, was hosted by the Taiwanese Presidential Office and included 250 8GB thumb drives as prizes. 54 contained malware.

Winners realised after inserting the thumb drive into computers and being alerted to the possible risks from antivirus software. An investigation by the Criminal Investigation Bureau found that the USB drives came from a third-party contractor and contained a strain of malware named XtbSeDuA.exe.

The malware was designed to collect data from infected devices and send information to a web server located ion Poland.

The Bureau has apologised to the Presidential Office and quiz participants.

Wanted: Cyber security chief for the GDS

960 640 Stuart O'Brien

Fancy heading up an international security operation? Well, now could be your chance…

The Government Digital Service (GDS) is on the hunt for a new cyber security chief following the departure of Michael Brunton-Spall late last year.

The role will see the successful candidate heading up the GDS, working for the deputy director of technology and operations, earning £70,000 per annum.

The job role states that: “The team needs to stay on top of changes to security good practice and industry wide trends and ensure that teams can easily and securely use the best products. The team also acts as an independent source of assurance and advice for other delivery teams and should help facilitate security investigations, red teams, and to act as an audit for teams internal security operations.”

Qualifications and experience include having a background in managing software development  and a good knowledge of cyber security principles.

Candidates should also be able to demonstrate the following:

  • Leadership skills, with demonstrated experience of taking ownership and responsibility for the successful delivery of complex projects or teams
  • Proven experience in the full lifecycle delivery of digital products or services, ideally within a large government or multi supplier organisation
  • Experience of being a leader of change projects or programmes with a focus on improved security and risk mitigation
  • A good understanding and awareness of new digital and emerging technologies, contemporary technological service design, delivery, and secure development practices
  • Experience working with technical experts and product development teams, to specify and assure secure design solutions and technical approach for products or services developed in cross functional teams

Closing date for applications is 14th January, with interviews commencing 22nd January.

‘Meltdown and Spectre’ bug could require every computer to be redesigned

960 640 Stuart O'Brien

Issues in the CPU hardware – dubbed Meltdown and Spectre – could force a redesign of the software at the heart of all major operating systems.

Windows, Linux, Android, Macs, Chromebooks and other operating systems all need the CPU hardware to run effectively, and it looks like a ‘quick fix’ of the system will negatively affect your PC’s performance.

The flaw could allow hackers access into the sensitive parts of a computer and the information contained within it, including passwords, cryptographic keys, personal photos, emails and other data stored on your computer.

Meltdown issues can be fixed relatively quickly, although the patch can slow systems down by as much as 30%.

Spectre issues are much more complicated as issues arise in the fundamental foundations of the chip itself, meaning the issue won’t be fixed until computers are redesigned completely.

The Spectre bug affects almost every computer manufactured in the last 20 years, including phones and other devices such as laptops and tablets. it is thought that a remedy could take years to resolve.

So far, no malicious exploit has been reported, with experts keeping precise details of the issues secret in a bid to keep hackers at bay. Patches have already been released to try and solve initial problems in most consumer systems.

In a statement from Intel advice was to: “Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available.”

The company added: ”Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.

“Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.”

Top 10 IT security predictions for 2018

960 640 Stuart O'Brien

Ian Kilpatrick, executive vice president for cyber security company, Nuvias Group, offers his top 10 IT security predictions for the year ahead…

1. Security blossoms in the boardroom

Sadly, security breaches will continue to be a regular occurrence in 2018 and organisations will struggle to deal with them. New security challenges will abound and these will grab attention in the boardroom. Senior management is increasingly focusing on security issues and recognising them as a core business risk, rather than the responsibility of the IT department alone. The coming year will see further commitment from the boardroom to ensure that organisations are protected.

2. Ransomware has not gone away

Too much money is being made from ransomware for it to disappear – it won’t. According to Cyber Security Ventures, global ransomware damage costs for 2017 will exceed US$ 5 billion, with the average amount paid in ransom among office workers around US$ 1400. Companies can help prevent ransomware by tracking everything coming in and out of the network and running AV solutions with anti- ransomware protection. And, of course, you should do regular backups to a structured plan, based around your own business requirements – and make sure you test the plans.

3. IoT – A security time-bomb

IoT is a rapidly growing phenomenon which will accelerate in 2018, as both consumers and businesses opt for the convenience and benefits that IoT brings. However, manufacturers are not yet routinely building security into IoT devices and 2018 will see further problems generated through the use of insecure IoT. IoT is a major threat and possibly the biggest threat to businesses in the coming years. Unfortunately, it is not easy, and in some cases impossible, to bolt on security as an afterthought with IoT, and many organisations will find it challenging to deal with the consequences of such breaches. As IoT cascades through organisations’ infrastructures, it is likely to become the ultimate Trojan horse.

4. More from the Shadow Brokers

The Shadow Brokers, a hacker group which stole hacking tools from the American National Security Agency (NSA), created havoc in 2017 with the Wannacry ransomware episode. The group has already stated that it will soon release newer NSA hacking tools, with targets that might include vulnerabilities in Windows 10.

There will certainly be further episodes from them in 2018, so patch management, security and regular backups will be more crucial than ever. A major target of these hackers is the data that organisations hold, including PII (Personally Identifiable Information) and corporate data, so protecting the data ‘crown jewels’ inside the network will become ever more crucial.

5. GDPR – Have most businesses missed the point?

The arrival of GDPR in May 2018 will, of course, be a big story. However, many organisations are missing the main point about GDPR. It is about identifying, protecting and managing PII – any information that could potentially identify a specific individual. This will become more important in 2018 and there will be considerable focus on identifying, securing and, where required, deleting PII held on networks.

6. GDPR Blackmail – The new ransomware?

Unfortunately, GDPR will give a great opportunity to criminals, hackers, disgruntled staff and anyone who might want to do an organisation harm. They simply have to ask you to identify what data you hold on them, ask for it to be erased, and ask for proof that it has been done. If you can’t comply, they can threaten to go public – exposing you to the risk of huge fines – unless you pay them money. Watch out for that one!

7. DDoS on the rise

It is now possible for anyone to ‘rent’ a DDoS attack on the internet. For as little as US$ 5, you can actually pay someone to do the attack for you! https://securelist.com/the-cost-of-launching-a-ddos-attack/77784/. This is just one of the reasons DDoS threats will continue to escalate in 2018, alongside the cost of dealing with them. The dangers of DDoS for smaller companies are that it will leave them unable to do business. For larger organisations, DDoS attacks can overwhelm systems. Remember that DDoS is significantly under-reported, as no-one wants to admit they have been under attack!

8. Cloud insecurity – It’s up to you

Problems with cloud insecurity will continue to grow in 2018 as users put more and more data on the cloud, without, in many cases, properly working out how to secure it. It is not the cloud providers’ responsibility to secure the information – it is down to the user. With the introduction of GDPR in 2018, it will be even more important to ensure that PII stored in the cloud is properly protected. Failure to do so could bring serious financial consequences.

9. The insider threat

Historically, insider threats have been underestimated, yet they were still a primary cause of security incidents in 2017. The causes may be malicious actions by staff or simply poor staff cyber-hygiene – i.e. staff not using the appropriate behaviour required to ensure online “health.” In 2018, there will be growth in cyber education, coupled with more testing, measuring and monitoring of staff behaviour. This increasingly involves training and automated testing, such as simulated phishing and social engineering attacks.

10. Time to ditch those simple passwords

In 2018, simple passwords will be even more highlighted as an insecure ‘secure’ method of access. Once a password is compromised, then all other sites with that same user password are also vulnerable. As staff often use the same passwords for business as they use personally, businesses are left vulnerable. While complex passwords do have a superficial attraction, there are many challenges around that approach and multi-factor authentication is a vastly superior method of access.

IoT projects held back by security concerns

960 640 Stuart O'Brien

The majority (94%) of IT professionals from organisations that are undertaking Internet of Things (IoT) initiatives say they need to invest in it over the next 12 months in order to stay competitive – but they are facing significant barriers to adoption.

These obstacles include security concerns, the cost of implementation and commitment from the company’s leadership.

The findings are part of a major new report released by the Wi-SUN Alliance, a global association driving the proliferation of interoperable wireless solutions for use in smart cities, smart grids and Industrial IoT applications.

The research, which looks at attitudes to IoT, including the drivers, barriers, challenges and benefits, surveyed 350 IT decision makers in the UK, US, Sweden and Denmark. While all respondents come from organisations that are investing in at least one IoT initiative, just over half (51%) report that they have a fully implemented IoT strategy in place, while more than a third (36%) have one being rolled out. While enabling IoT is the second most important IT priority for the next 12 months, only just behind improving security, almost all respondents (90%) have struggled to implement a plan, with over a third (36%) saying they find it “very or extremely difficult”.

Security tops the list of major concerns, holding back nearly six in ten (59%), while cost of implementation is also a barrier, delaying around half (46%). More worrying is that, while 42% say that creating efficiencies for the business is an important driver to implementing IoT initiatives and 37% say the same for reducing operational costs, getting access to funding for projects is a problem, with a third (32%) admitting this is a barrier. The same amount struggle because of reluctance by senior executives in the organisation to commit to IoT projects.

As well as barriers, the research also highlights technical challenges that organisations are facing when delivering on IoT initiatives and processes. Security and safety tops the list at 63%, while data management (46%), network configuration (41%) and recruiting the right IoT skills and resources (39%) are also seen as technical challenges.

For implementation of smart city and smart utility solutions, proven security with multi-layer protection and continuous monitoring is considered ‘absolutely crucial’ for around half of respondents, while industry-wide open standards are also crucial (45% and 43% respectively).

The benefits of IoT are also widely recognised, with the majority of respondents citing better business efficiency (54%), improved customer experience (49%) or better collaboration (48%). Nearly half (45%) have seen lower costs and 41% higher customer satisfaction.

According to the Wi-SUN research, when organisations are evaluating which IoT technology to move forward with, 58% look for network topology and coverage, while communications performance (53%), industry standards support (52%), and power efficiency (50%) are also sought after. Around half look for reliability (47%) or scalability (44%).

“When it comes to the design, development and implementation of IoT projects, especially around smart cities and smart utilities, there are a number of issues that organisations are having to contend with and security is proving to be a particularly significant barrier,” according to Phil Beecher, President and CEO, Wi-SUN Alliance.

“The research highlights that more education is needed: there are many network options, but not all provide the features necessary for large-scale outdoor networks, as required by smart cities or utilities. For instance, unlike tower-based networks, such as LoRa, SigFox, Ingenu and NB-IOT, Wi-SUN Field Area Network (FAN) specifies a wireless mesh network, which not only supports higher data rates and bi-directional data transmission, but can also provide complete coverage with greater resilience and reliability. Wi-SUN FAN networks are also highly secure as only “vetted” devices can join the network, preventing compromised devices from causing disruption of essential services that may include public safety. It is essential that organisations understand the level of security and the associated risks provided by different network solutions, and choose the very highest security levels available for their IoT networks.”

Kaspersky software dropped by Barclays

960 640 Stuart O'Brien

High street bank Barclays will no longer offer free Kaspersky antivirus software to its new customers after an official warning from cyber security chiefs, amidst fears that the Kremlin could potentially use the software to control and monitor user’s devices.

 290,000 new online bankers of Barclays who signed up within the last 12 months have been notified as a ‘precautionary measure’.

 “The UK government has been advised… to remove any Russian products from all highly sensitive systems classified as secret or above. We’ve made the precautionary decision to no longer offer Kaspersky software to new users. However, there’s nothing to suggest that customers need to stop using Kaspersky. At this stage there is no action for you to take. It’s important that you continue to protect yourself with anti-virus software,” said a spokesperson for Barclays.

 “Even though this new guidance isn’t directed at members of the public, we have taken the decision to withdraw the offer of Kaspersky software from our customer website,” added the bank.

 Kaspersky said it was ‘disappointed’ by the news.