Guest Post, Author at Security IT Summit | Forum Events Ltd - Page 2 of 7
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts By :

Guest Post

WEBINAR: Managing the Compliance & Security Nightmares Caused By A Remote Workforce

960 640 Guest Post

Webinar – March 11th, 12pm GMT 

How do companies protect themselves with the right tools to mitigate compliance and security concerns?

There are precautions and best practices that are being employed by many companies, and should be part of the security and compliance infrastructure as companies adapt to the new norm of both people and sensitive data residing in remote locations.

In this Webinar we’ll discuss:

  • Maintaining compliance while employees work remotely
  • Maintaining Compliance when employees go offline
  • Monitoring the activity of employees working from home
  • The increased threat posed by remote employees?

Sign up for our latest Webinar on March 11th at 12pm GMT!

Sign Up Now!

Zero Trust: The practical way to look at cybersecurity

960 640 Guest Post

By LogRhythm

Zero Trust is quickly becoming the security model of choice for enterprises and governments alike. The need to protect, defend and respond to threats is more apparent than ever as we continue to work from remote locations.

Where to start

Zero Trust is more than implementing a new software, it is a change in architecture and in corporate culture. The pandemic has increased interest in this working practice, with a recent survey finding 40 per cent of organisations around the world working on Zero Trust projects.

The first aspect of any project is identifying key data and where it sits in your organisation, and then documenting who needs access to it. This will allow you to begin dividing up your network keeping users and their data in appropriate areas.

The main challenges

The key principle to a Zero Trust model is rock-solid identity management. All users, devices and applications must all be correctly identified to ensure everyone is granted the right level of access.

The data identification process described above is one of the main challenges, understanding where your data is stored and who should have access to it can be tricky with legacy applications and weak identity management.

Then there is the question of culture, will employees be resistant to the change? Managing the amount of friction caused by the process is key to success.

The benefits

Some sort of security compromise is inevitable, Zero Trust mitigates the damage by restricting the intruder to one small part of your network.

It will allow simpler provisioning and deprovisioning of staff as they join or leave, with corresponding cost benefits as IT teams spend less time onboarding and offboarding staff.

It can provide a solution to the registration of trusted devices onto your network and cut spending on managing active directory.

Moving the ‘perimeter’ to the user and their device provides a way to extend the security we take for granted in the office to staff, wherever they might be working.

Learn more about a Zero Trust implementation in the latest Forrester Report.

Remote Workforces Create New Security & Compliance Headaches

960 640 Guest Post

The new remote world has ushered in a host of security issues. Sensitive data now sits in laptops in employees’ houses and if an employee disconnects from the corporate VPN, the company goes blind. This massively increases the risk footprint and leaves the company out of compliance.

Veriato utilizes AI-driven micro-agents that sit on the endpoint, monitoring and recording all user activity. Veriato watches for signs of insider threat and because it’s not network-dependent it maintains visibility to meet compliance standards.

Additionally, it can provide productivity reporting critical for managing remote employees. Veriato is the multitool you’ve been missing.

Click here to find out more.

WHITE PAPER: Get total endpoint security with KACE

960 640 Guest Post

As an IT professional, you’re likely under pressure to manage an increasingly complex environment, while also protecting your network and devices from cyberthreats.

Read this white paper to discover how the KACE Unified Endpoint Manager by Quest enables you to streamline complex endpoint management tasks and gain greater control of both traditional and modern managed devices — all from one easy-to-use interface.

  • Track all connected devices and software throughout your IT environment.
  • Provision, manage and secure assets across a variety of platforms, from Windows, Macintosh, Chromebook and Linux to iOS, Android and others.
  • Be proactive with patch management and vulnerability scanning.

Click here to download the white paper:- https://www.quest.com/whitepaper/get-total-endpoint-security-with-kace-8146293/

Is your business CyberFit?

960 640 Guest Post

If your business relies on Microsoft 365, then it’s essential that you take the time to protect it by backing up your Microsoft 365.  Learn how Acronis Cyber BackUp can help avoid downtime, protect data and improve security.  

We aim to protect your business, whilst eliminating complexity and reducing cost. We help you to upgrade cybersecurity and backup with one complete integrated solution. Acronis Cyber Protect provides unmatched protection and increased productivity while decreasing TCO.  

Find out more at: www.everycloud.co.uk/protect/cloud-backup

To succeed, enterprise cybersecurity needs IoT scale

960 640 Guest Post

By Nigel Thompson, VP Product Marketing at BlackBerry

There are few things in cybersecurity that aren’t up for endless debate. Yet one thing that is universally agreed upon is that anything with an Internet address can and will be attacked. We’ve certainly witnessed this happening on a large scale with the proliferation of Internet of things (IoT) devices in recent years, and we’re likely to see the scale and complexity of these attacks escalate in the years ahead. And due to their newness on the security scene, IoT devices will cause large headaches for enterprise security during those years.

IoT, on the whole, remains a misunderstood risk. When many consider IoT security, what comes to mind first are usually “smart home” automation systems, such as thermostats, lights, doorbells, speakers, and other consumer devices. One concerning case last year saw cyber attackers take over a family’s smart home devices to blast music at loud volumes, talk to the couple through a camera in their kitchen, and crank their thermostat to 90 degrees. In cases like these, such attacks could arguably be considered more of a nuisance than a life-endangering event.

But once you step outside the home, a more profound and immediate danger lies in wait, in the form of industrial, or enterprise IoT. This IoT includes connected devices found in manufacturing, the food supply chain, healthcare, and building automation, among other verticals. Of course, security events involving consumer IoT devices are bad enough, but such attacks hitting enterprise systems and critical infrastructure can be devastating, or in the case of medical devices, life-threatening. For example, at a past DEF CON security conference, Jay Radcliffe, an ethical hacker and diabetic, demonstrated that it wasn’t that difficult to take remote control of an insulin pump and deliver a lethal dose to a patient.

According to a recently published report from research and consulting firm Frost and Sullivan, by 2025 there will be 67 billion new connected devices in the world, up from 24 billion in 2019. Enterprises in every industry need be prepared for that eventuality. Because the more Internet-connected devices come online, the larger the potential attack surface of the organisation. In the years ahead, that attack surface is going to continue to expand exponentially.

The Threats to Enterprise IoT Are Real

The threats due to enterprise IoT are significant and should not be underestimated. These connected devices generate an enormous amount of highly detailed data. Should this data be stolen, or its network flow disrupted through a denial of service attack or a targeted ransomware strike, the results could be highly destructive to business reputation and operational availability. Also, the data within supply chains that detail operational demands, production data and more will always have value to competitors.

IoT security is a challenge across verticals. According to Frost and Sullivan, the factory and industrial automation market will have nearly 10.8 million connected devices by 2025, while building automation will reach 30 million. Other verticals expecting substantial growth, according to the report, include connected cars and telematics, retail, healthcare and medical devices, and enterprise-issued and bring your own (BYO) devices.

“This will substantially increase the threat surface, which is reflected in the rapidly expanding threat landscape,” the firm wrote in their report. The total number of devices include recognisable endpoints, such as phones and tablets, as well as devices across nearly every other industry.

Of course, with these device deployments, there is great opportunity to improve operational efficiency, improve the lifecycle management of capital assets, provide real-time insight into the enterprise happenings, and engage with customers in new ways. But the security concerns are also real. The challenge is to manage the security risks so that these benefits can be realised, and the risks minimised.

Attain Control and Visibility Across All Endpoints

There are a number of steps that can be taken to ensure adequate IoT security. One step every organisation can take right away is to procure devices from manufacturers that develop their products with security in mind – baking security in from the ground up, rather than bolting it on afterwards. As part of that effort, organisations should make sure to have their security teams test any new hardware and software for security flaws and ensure the devices can be managed just like other endpoints.

Of course, while it would be ideal that all enterprise IoT devices ship securely and without flaws, that’s not going to be the reality. Design mistakes will be made over the course of bringing even the most secure devices to market, and most enterprises will similarly make deployment and configuration mistakes that create detrimental security ramifications. For instance, according to Frost and Sullivan, effective IoT security is complicated by how different business departments will independently choose to manage and secure their IoT devices in different ways. All organisations must be aware of this, and should prepare to effectively track, secure, and manage all newly connected devices across the enterprise in a uniform way.

One of the most important strategies to success will be not treating IoT devices as a discrete security challenge, but as part of the organisation’s overall endpoint security strategy. If security teams are to have the visibility and control they need, endpoint and IoT security management must be unified. That includes devices that run any operating system, such as Android™, Chrome™, Windows®, and macOS®. With fewer consoles, or ideally a single console, when managing all endpoints, security teams will have all the information they need to properly identify security threats and respond to potential breaches, and to more intelligently defend systems and data.

Enterprises can’t afford to wait long to centralise their IoT and endpoint security. The longer they wait, the harder it’s going to be to successfully consolidate, especially as IoT deployments accelerate and there are ever more devices on networks, for example, as a result of the explosion of remote working caused by the recent COVID-19 pandemic. Without a centralised console, decentralised information about security events — including attacks across domains — will be lost or overlooked, and teams will be forced to try to manually piece together their responses.

Here are a number of key attributes security teams should look for from their providers when consolidating IoT and endpoint security:

  • The ability to centrally manage users, data files, devices as well as apps
  • Compatibility with most leading endpoint operating systems
  • Ability to manage security configurations for things like access credentials
  • The ability to track usage patterns through comprehensive analytics
  • The ability to deploy across cloud and on-premises environments

The swift pace of IoT has created an issue of scale “where the size of the environment of endpoints, data, and threats is making the job of the CIO and CISO unmanageable,” as the Frost and Sullivan analysts put it. While that’s accurate, it doesn’t have to be true everywhere. By taking the necessary steps today to consolidate endpoint security solutions, enterprises can make certain that their security efforts reach IoT scale.

Hold tight for 2021: A volatile global outlook will continue to fuel fraud and cyber-threats

960 640 Guest Post

By Ian Newns, Fraud Specialist at RSA Security

2020 was full of surprises. But one thing that didn’t come as a revelation was the speed and agility with which the criminal community reacted to unfolding global events. We’ve often witnessed groups behind phishing attacks, for example, capitalise on breaking news stories and consumer behavioural change to improve click-through rates. Well, news events don’t come much bigger than a global healthcare and financial crisis, and 2020 has been the year we’ve all had to embrace online working, shopping and socialising. 

UK consumers are predicted to have spent more than £141 billion on internet shopping last year, up nearly 35% from 2019. The bad news for 2021 is that cyber-criminals and fraudsters will continue to exploit our rapidly changing world to monetise their campaigns. On the other hand, following some simple best practices still offers a highly effective way for businesses to mitigate escalating online fraud risk. With that, here are five fraud and cyber-threat predictions for the coming year:

  1. Loyalty points become a valuable commodity

From frequent flyer miles to retailer loyalty schemes, the pandemic and subsequent lockdowns mean there’s a lot of loyalty points that weren’t used in 2020 and may have been forgotten about. That hasn’t been lost on the cybercrime community though, who have been observed by RSA’s FraudAction team to be discussing in online forums how to conduct loyalty scams on a range of companies – from fast food restaurants and retailers to hotel companies and gaming websites. These fraudsters will increasingly look to target the growing trove of points accruing in consumers’ online accounts this year.

Tried-and-tested methods for account takeover, including phishing or credential stuffing, will be among the tactics of choice here. That makes it even more important that every retailer or business with a loyalty scheme communicates the dangers of password reuse, and offers multi-factor authentication (MFA) options for customers. Monitoring for suspected botnet activity with behavioural tools can also help.

2. Beware the rise of malicious QR codes 

The past year has seen an explosion in the use of QR codes. They’ve become especially common in hospitality settings where businesses want to promote hygienic access to menus and useful in facilitating the government’s Track & Trace scheme. However, whenever a new form of tech starts to become popular, there’s always the danger that it will be subverted by cyber-criminals.

QR codes are no exception – they are now being used in phishing emails and via social media to take users to fake websites designed to harvest their details or covertly download malware. Tackling the problem is more about user education than anything else. Just as recipients shouldn’t click on links in unsolicited communications, they need to be educated not to scan QR codes either. Organisations can also help by aligning any QR codes they use with MFA to mitigate the risk of account takeover.

3. Fraudsters will capitalise on COVID-19 vaccine hype

COVID-19 vaccines signal the beginning of the end of a traumatic period in recent history. But the media attention focused on the vaccine roll-out at the moment will also help cybercriminals hoping to make gains at the expense of others. Europol has already warned of counterfeit versions of the Pfizer/BioNTech vaccine appearing for sale on dark web sites, and warns that these types of forgeries will increase.

Online promotions and phishing emails are a perfect way to lure individuals desperate to jump the queue and get inoculated. Unfortunately, by paying the fraudsters up front, they not only have your money but potentially also your bank details. Governments and social media companies will need to step-up their efforts at taking down any signs of fake advertising related to COVID-19 vaccines and warn citizens of the dangers of engaging with them.

4. Buyer’s revenge as consumers dabble in first-party fraud

Historically, times of recession usually lead to an increase in fraud. According to Portsmouth University, there was an increase in fraud offences after both the 1990 recession (10%) and the financial crash of 2008 (7.3%). The coming economic crisis could be much deeper than these events, especially after the government furlough scheme ends. Cash-strapped individuals may be forced to try and see what they can get away with to make ends meet. A classic example is chargeback fraud, where a customer makes a legitimate purchase and then claims the product was never delivered, thereby generating a refund from their bank.

It’s suspected by some banks that as many as 35% of cases classified as third-party fraud could in fact be first-party scams. Many banks would prefer to write-off lower value transactions than go through the painful and awkward experience of accusing customers of lying, especially as figures showed a 36% rise in complaints last year about how banks deal with fraud and scams. If they’re going to try and tackle first-party fraud, banks need cast-iron proof. This is where more sophisticated data-centric fraud solutions can help. Such tools can crunch hundreds of data points – like age, buying habits, and previous fraud claims – to determine the likelihood of fraud having taken place.

5. Brexit: good news for scammers

There’s still some uncertainty for businesses surrounding Brexit, which opens the door for fraudsters to step in. Given the huge demand for information and advice on how to adapt, this is the perfect opportunity for cybercriminals to swoop in with some well-timed phishing emails spoofing government and other trusted institutions. Some may even request the recipient confirm bank details to continue trading in the EU.

Organisations should enhance their user awareness training simulations accordingly, and ensure they have the right email security tools to spot any phishing. Aside from URL and attachment scanning and IP reputation checks, they could invest in AI-powered tools that analyse writing style and other elements to say with more certainty whether inbound messages are to be trusted or not.

There’s plenty to look forward to this year, not least hopefully an end to social distancing, self-isolation and concerns over vulnerable friends and family. But consumers and organisations alike will need to retain their digital savvy and invest in new tools to ensure the next 12 months is a success.

WEBINAR: Security Champions – Making the Business Case

960 640 Guest Post

You have an awesome idea. You plan it in full. You share it with your colleagues. What happens next?

Hang-on… They’re not jumping up and down. In fact, they’re frowning. They don’t get it!

Sound familiar?

When that happens remember:

“If you want something to change, only you can make that happen”

Join us – 1st Feb for a Masterclass in Making the Business Case for Security Champions. 

https://us02web.zoom.us/webinar/register/1816100266890/WN_OgUMcWkuTqWWtlSZBHyvsw

We’ll look at:
· Finding your WHY for your Champions Programme through socially constructed change (e.g. impactful conversations)
· Creating a 5-minute pitch for your programme
· Establishing resource and budget requirements

5 innovative cybersecurity training methods to try in 2021

960 640 Guest Post

By Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams

As much as 88% of data breaches are caused by human error, but only 43% of workers admit having made mistakes that compromised cybersecurity. In the past year a third of the breaches incorporated social engineering techniques and the cost of a breach caused by a human error averaged to $3.33 million

To mitigate the risk, enterprises develop complex cybersecurity strategies and action plans, yet they are insufficient unless acknowledged by every member of their organization. Half of the Chief Information Security Officers (CISOs) plan to extend cybersecurity and privacy into all business decisions and that makes it every employee’s concern. 

With the ever-changing and evolving digital threats, maintaining cyber resistance is no longer limited to IT and security officers and depends on every member of the organization. Constant training is a way to build the team’s resilience against threats, yet it is not uncommon for them to turn into dull PowerPoint sessions, after which few remember the safety measures they should take. The problem is amplified by the workforce operating from home and not subscribing to security policies of the company.

CISOs and other stakeholders can grab employees’ attention by changing the methods of the regular cybersecurity training. Those who found training to be very interesting were 13 times more likely to change the way they think about cyber threats and protection against them. Therefore, organizations should seek memorable, entertaining and accessible ways to talk about complicated security matters.

5 ways to make cybersecurity training more attractive

Gamify it. Dull figures slide after slide, myriads of ‘dos and don’ts’ along with knotty safety procedures make the process lethargic. Quizzes, games, prizes and quality time with colleagues will enhance enjoyment and learning. Interactive activities boost engagement and thus yield better results when it comes to teaching staff about cybersecurity. 

Engage in friendly competition. The key element of the gamification is competition. However,  putting a prompt question within the video lesson or offering ‘innovative’ content is not enough. People are engaged when they have an incentive, be it a prize or pride. Companies should organize monthly, quarterly or yearly competitions to keep a workforce constantly aware of new threats and how to tackle them.

Make it rewarding. Turn the right answer into a badge, a discovered vulnerability into a star, and a year without an incident into a holiday bonus. People expect feedback while participating in a competition, and the reward system is the optimal way to do it. Instead of giving an opinion to everybody in private, security and IT professionals can award the achievements. They also help to track the progress of each employee and take the precautions if necessary.

Turn it into a team effort. Staying protected from breaches and attacks is everyone’s interest. Thus employees should be encouraged to work in teams and solve riddles with their colleagues. In a cybersecurity workshop, for instance, employees can be asked to craft a phishing email. This encourages them to find out more about this criminal technique, to look at the examples of it and thus recognize them at the first glance next time. 

Be understood. For information security professionals, IT and cybersecurity jargon is a native language.  Yet for accountants, marketers and many others it’s just a meaningless jabber. Make sure to speak clearly and to explain every term in plain language so the relative layman understands and remembers.

These tips also apply when teaching the staff how to use various cybersecurity tools, such as cloud services or VPNs. With people working remotely, many of them face the need to use two-factor authentication or secure connection for the first time as it was readily available by default at their usual workstations. Now they have to care for their and their company’s protection themselves. 

Cybersecurity is no longer a thing only information security and IT departments care about. As many workplaces rely solely on digital solutions which are used by the entire workforce, staying protected against cyberattacks requires everyone’s joint effort. The main notions of data security must be conveyed in an appealing manner.

Where is cybersecurity in 2020 and where are we heading?

960 640 Guest Post

At the start of 2020, smart businesses were already preparing their security practices against threats including ransomware and phishing. That was before the pandemic, which has resulted in a shift in traditional working practices and a significant rise in remote working this year that has introduced the possibility of additional security risks. Paul Colwell (pictured), CTO at OGL Computer and CyberGuard Technologies reveals where we are now with cyber security and what the IT services providers’ team foresees the next 12 months bringing for UK businesses...

Where are we now with cyber security?

The last year has been full of rapidly evolving cyber threats made increasingly public via the news of high-profile breaches and allegations of election rigging as well as growing global data protection regulation.

News stories, consumer data protection awareness and corporate accountability at every level have contributed to an increased awareness of the need for excellent cyber security. Small to medium-sized businesses are more cyber aware as common attack vectors, such as email phishing, infiltrate every type of business, often costing millions.

Advances in cloud technology, AI and IoT have created a realisation that cyber protection must fully encompass the entire on-site and off-site network as well as peripheral IoT enabled devices.

Cyber Essentials is in high demand and has been accepted across the UK as a good standard for customer and supplier relationships, especially as companies recognise third-party risk can be severe. There has also been a maturity in patch management as specialists strive to fix the stress point of out of date software. Companies are also understanding the rapid development of Windows 10 and other software from cutting-edge creators means new business-beneficial features launch frequently.

What will the next 12 months in cyber security bring?

Companies are transitioning from reacting to threat after threat to a more pro-active security prevention approach. Industry wide advances such as AI-enhanced security services and a conditional rule approach are delivering better threat detection, and faster response rates.

Widespread recognition that threat-intelligence sharing must be enacted for all to benefit has been achieved so that today, and moving forward, companies and specialists can learn from attacks on their peers, and from industry experts and leaders before they themselves fall victim.

2021 in cyber security will see further growth in the need for “visibility” of network activity. Software developments such as the use of AI, high-performing integrated cyber security dashboards, real-time and cloud monitoring as well as regularly scheduled internal checks by specialists will allow the effective monitoring, tracking and response to network events. Real-time monitoring means threats are identified quicker and can be purged faster thus reducing corporate risk, loss, and potential litigation from expensive data breaches.

The combination of threat intelligence sharing, and the development of real-time monitoring means fast reaction – the ability for ‘zero day’ vulnerabilities to be pro-actively stopped before their impact is felt. Gone should be the days where cyber threats are able to infiltrate corporate networks for weeks and sometimes months without discovery.

The use of cloud technology and DevOps methodology as well as widespread remote working and IoT adoption have increased the awareness that cyber security practices must be implemented for every platform, device and user location. The security of cloud data will become increasingly the responsibility of the user. Two factor authentication for VPNs and Office 365 access will be a must. And, as in 2020, the popularity of next generation anti-virus services such as Carbon Black will grow with the need for enhanced security for off-network devices.

Where are we now with IT services

The growth in remote working, and even distance learning, has changed cyber security requirements but also the entire basis of IT provision. Figures from the Office for National Statistics in the UK point to homeworking having become common for nearly half of UK workers by the summer of 2020. This prompted both demand and technology change for bandwidth, remote connections, VPNs and RDS farms.

The use of interactive tools such as Microsoft Teams and Zoom has mushroomed affecting IT solution design, which has to keep up with the resource demand of such applications. Instead of hardware, software and softphones are being used for communication and audio/video calling, and instant messaging is far more prevalent.

Before 2020, IT services providers and IT departments were slowly adapting to remote working trends and greater digital transformation. In many cases mobile devices and laptops were still add-ons to a corporate network and employee perks instead of essential tools for many workers.

What will the next 12 months in IT services bring?

By 2021 digital transformation will have accelerated further. We believe that cloud-based solutions will continue to replace on-premise solutions in most instances, being more suited to remote working trends. Platforms like Microsoft Azure will no longer seem reserved for the enterprise, instead these are tools for almost any sized company.

Microsoft 365 applications, such as SharePoint, PowerBi and Flow, will see increased use. The onward migration to the cloud will give rise to greater use of cloud-based data storage and networking services, especially those that integrate with Microsoft 365 like OneDrive.

Security products that protect such services, like Datto, will prosper. Data storage technology will continue to change with SSD and NVMe (Non-Volatile Memory Express) increasing performance and interoperability for corporate systems. The demand for on-premise and physical equipment will fall, reducing capital expenditure. However, the need for services and subscriptions will increase monthly and yearly operating spend.

Social distancing means less human interaction. As this need continues and embeds into workplace culture the use of AI, machine learning, automation, virtual, augmented and mixed reality will also accelerate. IoT and smart devices will be used more frequently for real-time monitoring of processes, especially to aid distancing. Without Covid-19, AI was already set to revolutionise business intelligence and create efficiencies, especially in sales and customer service processes.

Businesses will budget in 2021 for homeworking solutions and equipment for their employees. Both companies and individuals will utilise smart home solutions to deliver multi-format fluid communications platforms, which need to be engaged frequently during the day. Smart assistants such as Google and Alexa will augment work processes as well as home lives for remote workers.