Stuart O'Brien, Author at Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts By :

Stuart O'Brien

2021 Signals in Security Report: Renewed focus on vendor security

960 640 Stuart O'Brien

By Synack

The operational chaos of last year not only accelerated a number of cybersecurity trends, but elevated the importance of vetting secure vendors and the trust that goes hand in hand with each partnership.

We also found that training employees in cybersecurity best practices and integrating security more tightly into the development cycle stalled in 2020 as companies shifted priorities to adapt to the new norm and conduct business as usual, according to the 2021 Signals in Security report.

The urgency around many of these critical security efforts, unfortunately, slowed down last year as the pandemic and remote work took precedence, according to the vast majority of security professionals who responded to the survey. During that period, compliance issues and shifting security became less of a priority than in previous years.

But the pandemic didn’t upend every security priority. Finding and fixing vulnerabilities is still the No. 1 concern with 75% of respondents saying that was an “extremely urgent” or “very urgent” priority.

And being perceived as a secure vendor became the 2nd most urgent priority in 2021. Pre-pandemic, a greater portion of respondents considered fixing vulnerabilities (48%) and maintaining status as a secure vendor (43%) are extremely urgent, compared to 37% and 31% in 2021. The decline is yet another indication of the shifting security priorities during the pandemic. Remote workers may also have focused more on securing their own devices in 2020 rather than considering the company as a whole.

When it comes to security testing, the Signals in Security Report showed that despite a drop in urgency, it remained a top priority. When ranking the importance of testing, 88% said it was extremely or very important in 2021 compared with 97% last year. At the same time, however, attack surfaces have grown and hacking activities have increased.

Recent hacks have shown that testing should remain a top priority, especially in tumultuous economic periods such as the pandemic. This is especially true after the supply-chain attacks, such as Colonial Pipeline and JBS, that have led to widespread business disruptions. Furthermore, in December 2020, companies and the US government warned of a supply-chain attack using SolarWinds’ Orion remote management software that compromised more than 18,000 businesses and government agencies. Early in 2021, a zero-day attack on Microsoft Exchange servers, which reportedly impacted 30,000 organizations, led to additional compromises.

With the recent supply chain attacks, security teams should renew efforts to integrate cybersecurity throughout the entire business process. Security should be incorporated into the due diligence of third-party relationships, and security testing should be part of the onboarding of third-party applications.

Read more about these insights in the 2021 Signals in Security Report. Click here to download the full report.

Respect in Security seeks to stamp out industry harassment

960 640 Stuart O'Brien

Around a third of cybersecurity professionals have had personal experience of harassment online (32%) and in-person (35%), according to a study from Respect in Security – a new initiative set up to support victims and encourage coordinated industry action to tackle the problem.

Respect in Security engaged Sapio Research to poll 302 industry professionals (male, female and non-binary) across multiple age groups, organisation sizes and levels of seniority.

Of those that reported experiencing in-person harassment, most said it came at industry events (36%), in the office (47%) or work socials (48%).

Online harassment is most likely to have occurred on Twitter (44%) or email (37%).

Respondents who had suffered from harassment online and in-person were fairly evenly split between male, female and non-binary respondents.

Although 82% of those polled said their organisation has an anti-harassment policy and complaints procedure, nearly half (45%) argued that their employer should do more to ensure all employees understand what constitutes harassment and what acceptable behaviour looks like.

A further 40% said organisations need to improve the transparency of processes to show that any cases of harassment are acknowledged and investigated promptly.

As it stands, 16% of respondents said they would not tell anyone if they witnessed or were a victim of harassment, either by choosing not to (9%) or because they’re too scared to (7%).

“Harassment comes in many forms. It might be online or in-person, physical, verbal or non-verbal, and involve direct communication or deliberate action to exclude individuals. It violates personal dignity and can create an intimidating, hostile, degrading, humiliating or offensive environment for the victims,” said Rik Ferguson, co-founder of Respect in Security.

“As much as we’re tempted to retaliate against what we see happening, it’s not always the best way to deal with this kind of behaviour”, said Lisa Forte, co-founder of Respect in Security.  “We would instead like the industry to come together to eradicate harassment and make the perpetrators accountable for their actions through official channels. We urge all organisations to sign our pledge today.”

Over two-fifths (44%) of cybersecurity professionals believe that reports of harassment in the industry are fairly accurate, and a quarter (25%) think they are highly under representative.

Respect in Security urges all employers to sign its pledge and help to build a more tolerant and respectful industry. The pledge is not only a commitment to a respectful environment within your own company, but a promise to publish your grievance policy externally, there is no place for harassment anywhere within the industry.

IT security solutions: 2021 buying trends revealed

960 640 Stuart O'Brien

Security Analytics, Cloud Web Security and Access Control top the list of services the UK’s leading IT security professionals are sourcing in 2021.

The findings have been revealed by the Security IT Summit and are based on delegate requirements at this summer’s recent event.

Delegates registering to attend were asked which areas they needed to invest in during 2021 and beyond.

A significant 29.4% are looking to invest in Security Analytics, following by Cloud Web Security (33.3%) and Access Control (30.3%).

Just behind were Business Continuity (30.3%) and Application Security (27.3%).

% of delegates at the Security IT Summit sourcing certain products & solutions (Top 10):

Security Analytics 39.4%
Cloud Web Security 33.3%
Access Control 30.3%
Business Continuity 30.3%
Application Security 27.3%
Identity Access Management 27.3%
Penetration Testing 27.3%
Red Teaming 27.3%
Supplier Due Diligence 27.3%
Compliance 24.2%

To find out more about the Security IT Summit, visit https://securityitsummit.co.uk.

Lack of endpoint visibility costs a uK organisation £1.8M over three years

960 640 Stuart O'Brien

Tanium has released findings of a study that highlights the potential savings that public and private sector European organisations could realise by improving endpoint visibility and control across their IT estates.

This comes at a time when endpoint visibility and management is crucial as organisations deal with issues such as mass remote working and the increasing frequency of ransomware attacks. To effectively address these challenges, organisations need to have a high level of cyber hygiene in place. A fundamental aspect of this is endpoint visibility so that weak points in IT infrastructure can be identified and action taken to remediate them. However, this visibility is often delivered by multiple, ineffective tools, meaning that many organisations have an opportunity to improve efficiencies and reduce costs.

Key findings include:

  • UK organisations that fail to implement comprehensive endpoint management technology risk losing out on significant cost savings. UK organisations are estimated to save on average a total of £995,120 in their first year of using endpoint technology, followed by an additional £343,463 in year two and £517,817 in year three.
  • Businesses losing largest amount of savings because of under-managed assets. UK organisations are missing out on an average of £338,163 in savings after just one year due to under-managed assets, specifically. Endpoints that are poorly managed are more vulnerable to cyber threats and cause more incidents, making them more expensive to support. This is the area of endpoint management that offers organisations the largest value, closely followed by threat detection (£268,026) and endpoint security (£249,791) —both of which begin to generate savings after three years of using the technology.
  • Full benefits of the technology realised after three years of implementation. The rising value of savings is due to improved efficiency and insight gained in areas such as patch management and threat detection, which can save UK businesses an average of £174,854 and £268,026 after two and three years respectively. These benefits become more evident after full endpoint visibility and control has been in place for over a year.
  • Enterprises are missing out on higher cost savings compared to public sector organisations. Private sector organisations in the UK could experience an average three-year cost savings of £2,351,834, compared to £995,910 for those in the public sector. This is likely to be, because public sector organisations have fewer endpoints connected to their network in comparison to the private sector, where employees are more likely to work from multiple devices.
  • Organisations in the Nordics are forgoing the largest potential savings across Europe. The study revealed that Nordic organisations were estimated to save on average £5,631,240 over three years, the highest of any country/region studied. This is closely followed by France (£4,255,899), Benelux (£2,303,492), the UK (£1,856,400) and Germany (£1,444,571).

The study analysed 132 large organisations across EMEA, with an average employee count of 39,202. These organisations are from a variety of industries including financial services, entertainment, automotive, retail and the public sector.

“The shift to mass remote working during the pandemic marked an end to traditional network perimeters,” said Chris Vaughan, Area Vice President of Technical Account Management – EMEA, Tanium. “You can’t protect what you can’t see – so for organisations to operate safely under these new conditions and secure their IT infrastructure, they need clear visibility of all devices connected to their networks. Our data shows that this can lead to large financial savings across a number of areas in IT, but it also provides a level of certainty about endpoints that will give organisations increased peace of mind about the resilience of their IT estates.”

Find out here how the University of Salford made significant savings by using the Tanium platform.

Digital transformation: The long-term revenue opportunity

960 640 Stuart O'Brien

At the start of the pandemic many people would have been mistaken for thinking that work-from-home and stay at home orders were going to be short-lived. After the Prime Minister introduced these initial instructions to the nation, many IT teams rushed like mad to maintain business continuity and productivity for their organisations. Since then, society’s behaviour has changed; and so has the way in which people work, seeing the rise of remote working. 

During that time cloud application usage skyrocketed too. Digital transformation initiatives sped up almost overnight. And, while the initial scramble focused on business continuity and technology upgrades; across the board, the cloud evolution has not ceased and neither will digital transformation. Especially since the UK is encouraging investments in connectivity and digitising Britain. Rob Hancock, Head of Platform, Giacom reflects on the last year and provides the channel with an outlook on where the opportunity to generate revenue lies through the rest of 2021.

Changing the shape of organisations 

Initially, during the pandemic, homeworking was considered temporary. But, through 2020 many organisations came to accept the longevity of the situation and changed their working policies. Today, we see more firms opt for continued remote working and / or hybrid working policies, offering a blend of office-based and remote working options to employees.

But, where does the opportunity to sell ‘remote working’ truly lie for the channel in this scenario? Research shows that in 2020 there were 6.0 million SMEs in the UK; which was over 99% of all businesses. Clearly, there is vast revenue potential available here.

Another driver of organisational change across enterprise and SMB markets is cloud adoption. Research points out that 88 per cent of organisations expect the adoption of cloud services to increase in the next 12 months. This underpins the importance of cloud within wider future technology strategies; which will, no doubt, improve organisational operations too.

Business-grade and secure

Through the pandemic we’ve seen many people work from their kitchen tables, for instance. Often employees have used their personal broadband and, in some cases, own mobile devices and laptops. While this workforce’s diligence is worth applauding, the use of their own personal technology is often not business grade or secure. At first, these temporary solutions may have been sufficient; but they are not sustainable long-term.

This is where the ongoing opportunity lies for the channel. As organisations make committed strides towards remote or hybrid-working, they will require the right blend of technology and equipment to enable employees to be productive. This means, kitting out employees with fast, efficient, robust and secure internet and voice connectivity that is suitable for their jobs. Moreover, they need to offer staff access to feature-rich communication applications, like Microsoft Teams, for unified communications and collaboration (UC&C), so that productivity can be maintained.

At a practical and physical level, organisations need to supply employees with reliable equipment to do their jobs. We’ve talked about business grade laptops and phones. But what about support with setting up ergonomic home working stations for staff, as they provide people with voice, data and cloud applications to enable them to work.

Collaboration and brainstorming applications

Before the pandemic, Microsoft Teams wasn’t used effectively by many firms. However, since last March, Microsoft Teams usage for video calls increased by 1000%. And, it is also reasonable to say that many firms have become adept at driving productivity with UC&C technology; and that they derive substantial return on investment from these applications.

The need for UC&C is not going to go away anytime soon. Meaning the revenue opportunity will remain available for a long time yet – especially in the SMB market. What will change over time is the need for richer features that enable people to do aspects of their job better, since they no longer meet as often in person. This might, for example, mean employees seek out features from technologies that enable them to brainstorm more effectively, such as digital whiteboarding – or, more accurate meeting transcription services. Therefore, CSPs and MSPs will need to work more closely to match client needs against partner technologies.

The data security opportunity

And, while remote and hybrid-working will likely remain standard for many organisations in the future, it does raise security concerns for IT teams. As various pandemic lockdowns ease over time, many people will likely be eager to change their work scenery and work in different locations. Some might want to take a week away and work remotely. Some might want to work in a local coffee shop. Regardless of their choice, organisations will have to assess if their IT security strategies are robust enough to accommodate these sorts of situations.

In these kinds of scenarios, are MSPs then equipped to help organisations with these new data security needs? Do they offer multi-factor (MFA) and single sign-on (SSO) security? What about the on-boarding of new employees at the SMB level when new staff join? Has cyber security awareness training been offered to employees – is training ongoing in order to protect data?

Line of business moves to the cloud

Aside from offering voice, data, UC&C and security technologies, many organisations are shifting entire business applications into the cloud. This was a large focus for many organisations in 2020 and will continue to be the case for the foreseeable future. This presents further opportunity for MSPs as they consult with clients. They may already be speaking with customers about these aforementioned technologies – but, since they have their clients’ ears, there is opportunity to become more deeply embedded within client organisations by supporting wider initiatives to move business applications into the cloud.  It then also means MSPs will be able to offer a great deal of value-add off the back of existing contracts and generate incremental revenue.

Conclusion

During the pandemic the channel demonstrated how adaptable it is to step up and meet customer needs fast. Strong relationships between CSPs and MSPs were at the heart of this success. But, it can’t stop there. Digital transformation is a long-term destination and the use of the cloud to support organisations is here to stay: be it for collaboration; data security; or to enable business applications to shift to the cloud. The opportunity is almost endless.

To capitalise further, though, means MSPs need to align with CSPs that can provide the strong foundations they need to support their customers with their cloud journeys. Can their preferred CSP offer collaborative consultancy and work with them to solve any technology challenges? Do they support with training and marketing? Can they bring value to the MSP’s proposition by offering a breadth of technologies that enables them to expand their portfolio of products that they offer to customers? What is their long-term technology roadmap? The right CSP partner will have all these bases covered.

What is more, the future is promising in 2021 for the channel – especially when you consider the revenue generation opportunity across that 6-million strong UK SMB market. It just begs the question about whether the channel has the right partnerships in place to succeed.

WEBINAR REWIND: Ransomware Has Evolved, And So Should Your Company

960 640 Stuart O'Brien

Don’t worry if you missed last week’s excellent webinar from Veriato – you can now rewatch the entire session online!

Right now, a cybercriminal gang like Prometheus, Maze, Ryuk, or NetWalker could be looking for vulnerabilities in your network to launch a Ransomware attack.

Ransomware is typically initiated via phishing or social engineering tactics, these attacks often take advantage of human error for the successful delivery of the malware. These criminal organizations are impartial to the size of your organization. They target any company with data, and if you don’t pay the ransom, your information could be posted to a public forum or sold on the Dark Web for profit. Most companies unfortunately are forced to pay due to system failure and file corruption.

The scariest about these methods is that the Ransomware doesn’t need to be developed by the attackers. Ransomware services can now be purchased on the DarkWeb and used at the Cybercriminal’s will (RAAS). As these Ransomware attacks and services evolve, how can companies arm themselves with the right solutions to defend themselves from these ever-growing attacks?

Join Dr. Christine Izuakor (cybersecurity expert) and Jay Godse (head of product dev at Veriato) as they discuss:

  • Ransomware 101
  • The Colonial Pipeline Breach
  • Ransomware As A Service
  • Anti-virus is not enough
  • Ransomware detection and prevention

Click Here To Watch Again

Multi-cloud environments ‘pose greater security challenges’

960 640 Stuart O'Brien

73% of organisations currently operate in a multi-cloud environment, but those responsible for these types of complex environments overwhelmingly (98%) report that relying on multiple cloud providers creates additional security challenges.

That’s according to the research conducted by Tripwire that evaluated cloud security practices across enterprise environments in 2021.

Conducted by Dimensional Research in June, the survey evaluated the opinions of 314 security professionals with direct responsibility for the security of public cloud infrastructure within their organisation.

Organizations have a wide range of reasons for going multi-cloud, including meeting varying business needs, running certain applications, distributing risk, taking advantage of cost savings, and to provide redundancy in the event of downtime. In the industrial space specifically, organizations are twice as likely to use a multi-cloud approach to manage risk.

“We’ve seen a massive shift to cloud in response to the growing business need to manage more data and have greater accessibility,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Given the growing complexity of systems and threats that come with moving to a cloud environment, and security policies that are unique to each provider, it makes sense that organizations are finding it increasingly difficult to secure the perimeter.”

The majority (59%) have configuration standards for their public cloud and use best practice security frameworks (78%), but only 38% of framework users apply them consistently across their cloud environment. Not to mention, only 21% have a centralized view of their organization’s security posture and policy compliance across all cloud accounts. Most also noted that shared responsibility models for security between cloud service providers and their customers are not always clear – three quarters rely on third-party tools or expertise to secure their cloud environment.

Additionally, the survey examined ongoing concerns of security professionals responsible for cloud infrastructure:

  • When it comes to managing their cloud environment, most organizations rely/relied on existing security teams to complete training or self-teach, but only 9% of those surveyed would categorize their internal teams as experts.
  • Overall, customers want cloud providers to increase security efforts. Most (98%) would like to see specific security improvements, including communicating security issues faster and following consistent security frameworks.
  • And 77% prefer their existing security service extends into the cloud rather than finding a separate cloud-only solution.

“For most security professionals, managing a multi-cloud environment is a fairly new and somewhat ambiguous part of their day to day,” added Erlin. “Fortunately, there are well established frameworks and solutions that exist to help fill in the gaps and ensure organizations don’t have to rely solely on their cloud providers to secure their environment.”

Organizations have come to realize that cloud providers don’t offer the tools they need to fully secure their systems, and as a result, are taking matters into their own hands. In the last year, Tripwire says it has seen an increase in the number of companies doing real-time assessments of their cloud security posture and a slight increase in the level of enforcement automation, both positive indications that companies are taking the necessary steps to harden their cloud environments.

Introducing the AI in Business Summit

960 640 Stuart O'Brien

The AI in Business Summit is a unique one-day hybrid event created for senior professionals like you.

The Summit will put you directly in front of innovative suppliers via a series of pre-arranged, 1-2-1 meetings.

You can attend this one day event entirely for free – register here via our two minute booking form.

4th November – Hilton London Canary Wharf
(Virtual attendance options are also available)

Confirm your complimentary place and enjoy benefits such as;

– 1-2-1 meetings with budget-saving suppliers who match your requirements and upcoming projects
– No hard sell and no time wasted – pre-scheduled meetings are based on relevant interest
– Attend insightful and educational seminars on future trends within the sector
– Network with other senior professionals
– Complimentary lunch and refreshments throughout

If you have any questions, please get in touch with us.

Do you specialise in Penetration Testing? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in August we’re focussing on Penetration Testing solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Penetration Testing solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

Digital employee experience crucial to meeting Millennial workforce needs

960 640 Stuart O'Brien

Delivering a great digital employee experience is key to recruiting and retaining the Millennial frontline workforce, according to a new report, with associated implications for cyber security requirements as a result.

With job vacancies advertised across the UK increasing by 88,000 in April to hit a post-pandemic high of 747,000, with the biggest demand in accommodation and food service, a new report says frontline employers must address the specific digital and motivational needs of Millennial workers – who now make up more than three quarters of the frontline workforce.

However, the study of 1,000 frontline workers in YOOBIC’s latest ‘Frontline Employee Workplace Survey 2021’ report, reveals employers are falling behind expectations when it comes to providing an engaging work environment and fulfilling career options.

28% of Millennial frontline workers report not feeling empowered on the job, compared to 17% of other age groups.  Additionally, just 28% of Millennials find it easy to understand whether their work meets company expectations, in comparison to 41% of workers aged over 54.  Over a third (34%) of frontline employees in this demographic reported a lack of career as opposed to 17% for other age groups.

Key to meeting millennial workers’ desire for career progression and workplace engagement is understanding the importance of their digital world – both personally and professionally – which is reflected by Walmart’s decision tooffer new smartphones to more than 740,000 of its almost 1.6 million U.S. workers by the end of the year, free of charge. Staff can then use Walmart’s new workplace app tool while working but will be able to use the device for personal use.

Fabrice Haiat, CEO of YOOBIC, said: “Millennials are digital natives and accordingly see mobile technology as a crucial part of daily life.  Therefore, mobile workplace tools are essential as they deliver the information and communications frontline staff need to perform their best on the job.  These devices, and the format of the information they deliver, must be modern and user-friendly to meet Millennial workers’ high expectations of technology and content.  Providing outdated or ineffective technology will only have a negative impact on staff retention and engagement.”

Almost three quarters (72%) of frontline workers surveyed indicated they would feel more connected if communications were delivered via their smartphone or tablet, while a further 76% felt digital formats would increase their productivity and simplify their workload.

Haiat concluded: “There is no denying the significant impact Millennial workers play as part of the UK’s frontline workforce.  Recognising their needs and specific talents, and responding accordingly, is key to engaging, motivating and retaining staff in this demographic.  As they do in their day-to-day life, millennials expect a digital employee experience that allows them to use mobile devices to communicate with their peers and managers and access training information and documentation easily.  Providing this information in a gamified, digital format empowers the Millennial frontline workforce and meeting their needs in this way ensures businesses can build with them into the future.”

For further information on how employers can engage the UK’s frontline workers download the latest YOOBIC report.