Stuart O'Brien, Author at Security IT Summit | Forum Events Ltd
Posts By :

Stuart O'Brien

NETWORK SECURITY MONTH: A decade of evolution to combat networking threats

960 640 Stuart O'Brien

In an era marked by sophisticated cyber threats, corporate cybersecurity professionals have had to evolve their strategies and technologies to protect organisational assets effectively. Here we delve into the key developments that have shaped IT network security management for cybersecurity professionals over the last decade, informed be attendees at the Security IT Summit…

1. From Perimeter Defence to Layered Security

Traditionally, network security focused on perimeter defence, akin to a fortress with strong walls. However, this approach has shifted due to the rise of cloud computing, mobile computing, and the Internet of Things (IoT), which have expanded the corporate network beyond traditional boundaries. The modern approach is layered security, also known as defence in depth, where multiple layers of security controls are deployed throughout the IT network. This method ensures that even if one layer is breached, others are in place to protect the network.

2. The Adoption of Advanced Threat Detection Technologies

The last decade has seen a surge in the adoption of advanced threat detection technologies. Tools such as Intrusion Prevention Systems (IPS), advanced malware protection, and anomaly detection systems have become standard. These technologies employ artificial intelligence (AI) and machine learning algorithms to detect and respond to threats in real-time, a significant leap from the traditional, signature-based antivirus and anti-malware software.

3. Emphasis on Network Segmentation

Network segmentation, the practice of splitting a network into subnetworks, has become increasingly popular. This approach limits the spread of cyber-attacks within networks. By segmenting networks, cybersecurity professionals can apply more stringent security controls to sensitive areas, thus reducing the attack surface.

4. Rise of Zero Trust Security Models

The concept of ‘Zero Trust’ has gained traction, fundamentally altering how network access is managed. Under a Zero Trust model, trust is never assumed, regardless of whether the user is inside or outside the network perimeter. This necessitates rigorous identity and access management (IAM) strategies, including multi-factor authentication (MFA) and least privilege access controls.

5. Increased Focus on Compliance and Regulatory Requirements

There has been an increased emphasis on compliance with legal and regulatory standards, particularly with the introduction of the General Data Protection Regulation (GDPR) in the EU. UK businesses have had to ensure that their network security practices comply with GDPR and other regulations, mandating a more rigorous approach to data security and privacy.

6. Integration of Security Information and Event Management (SIEM) Systems

SIEM systems have become a cornerstone of network security, providing a holistic view of an organisation’s security posture. These systems aggregate and analyse data from various sources within the network, enabling cybersecurity professionals to detect patterns and signs of malicious activity more effectively.

7. The Importance of Employee Training and Awareness

Finally, there is a growing recognition of the role of human error in network security breaches. As a result, there has been a concerted effort to enhance employee cybersecurity awareness and training. Regular training sessions, simulations, and awareness campaigns are now common, reducing the likelihood of breaches caused by employee negligence or error.

In conclusion, the evolution of IT network security management in the UK has been marked by a transition from traditional perimeter-based defence to more sophisticated, multi-layered approaches. Today’s cybersecurity professionals must navigate a complex landscape of advanced threats, regulatory requirements, and rapidly changing technologies. By adopting a more holistic, proactive, and adaptive approach to network security, they can better protect their organisations in an increasingly interconnected world.

Are you on the hunt for network security solutions? The Security IT Summit can help!

Photo by JJ Ying on Unsplash

Have you registered for the 2024 Security IT Summit?

960 640 Stuart O'Brien

Do you have an upcoming security project that you need help with? The Security IT Summit is a bespoke and highly targeted event, where you can meet with a selection of suppliers, who can help with your upcoming business plans and projects.

You will be provided with a personalised itinerary of pre-arranged, 1-2-1 meetings with suppliers relevant to you. No hard sell, and no time wasted.

The event is entirely free for security professionals, like you, to attend.

19th & 20th March 2024

Radisson Hotel & Conference Centre, London Heathrow

Your free pass includes;

A corporate itinerary of one-to-one meetings with solution providers

A seat at our industry seminar sessions (live attendance only)

All meals and refreshments throughout

Networking breaks to make new connections in your field

Register Here

Private wireless networks set for ‘substantial’ growth as demand for security soars

960 640 Stuart O'Brien

The global private wireless network market is on the cusp of substantial growth, driven by the escalating demand for reliable and secure wireless connectivity across various industries. Against this backdrop, the market is set to grow at a compound annual growth rate (CAGR) of 23.3% from $2.8 billion in 2022 to $7.9 billion in 2027.

That’s according to GlobalData’s latest report, “Private Wireless Networks Market Opportunity Forecasts by Geography, Technology Segments and Industry Verticals to 2027,” which reveals that the US emerged as the largest market for private wireless networks in 2022, capturing 21% of the total revenue share, followed by China at 11%. Furthermore, the US is expected to record the highest growth rate with a CAGR of 30.6% over the forecast period, with Germany and the UK following closely at CAGRs of 26.4% and 26.2%, respectively.

The early availability of spectrum for private cellular networks has been a key driver behind the growth of the private wireless network market in these countries. In Europe, there is a strong emphasis on industry automation and smart factories, which is fueling the growing adoption of private wireless networks in a number of sectors.

Rohit Sharma, Lead Analyst at GlobalData, commented: “Businesses are increasingly adopting private wireless networks, recognizing the importance of dependable and secure connectivity in the age of increasingly connected business operations and the proliferation of the industrial Internet of Things (IoT). This surge is enabled by the rollout of 5G technology by major industry players including availability of flexible solutions designed for use in private enterprise networks.”

GlobalData highlights manufacturing, mining, utilities, and government as the key verticals for private wireless network market, which collectively accounted for 51.3% of the overall market in 2022. The rollout of devices supporting 5.5G technology starting in 2025 is set to enhance 5G private networks significantly. This advancement will unlock a plethora of new device capabilities, harnessing advanced features like NR-Light (Redcap) and expanded side link functionality.

John Marcus, Senior Principal Analyst at GlobalData, explained: “The convergence of operational technologies (OT) with IT systems in the manufacturing industry is further bolstering the adoption of private wireless networks as it requires a robust and reliable communications infrastructure. Private 5G networks will accelerate this integration with their ability to provide ultra-reliable, low-latency communications to enable real-time automation of industrial processes.”

Additionally, innovations in indoor/outdoor positioning techniques and passive IoT tag technology will further amplify the potential of these networks. These groundbreaking developments are poised to facilitate the emergence of novel applications and foster growth in sectors such as manufacturing, energy, and utilities, where sensitive data and critical operations require a high level of protection and will benefit greatly from the ability of private wireless networks to provide enhanced security and control over the network.

Sharma continueed: “With the evolving use cases in industrial IoT, traditional LAN/WiFi connectivity can often have limitations in coverage and stability. Private 4G/5G wireless provides consistently stable connections using fewer access points, increasing performance for connected devices on an organization’s premises whether the devices move around the campus or are fixed in one location. Digital twins, computer vision, autonomous vehicles/drones, and AR/VR-assisted applications will all benefit from the private wireless connectivity integrated with edge computing for local data processing.”

Marcus concludes: “As organizations continue to embrace their digital transformation, private wireless networks are positioned to become the fundamental element of future operations, enabling seamless connectivity and empowering industries to innovate and thrive. With the ongoing technological advancements, robust security measures, and a growing demand for IoT solutions, the private wireless network market is on a strong growth trajectory which is reshaping the future of wireless enterprise connectivity.”

Choosing Secure Web Hosting Environments: Seven top tips for IT Managers

960 640 Stuart O'Brien

The security of a brand’s website is paramount. For IT managers, selecting a hosting environment is a crucial decision that significantly impacts security, performance, and reliability. So what are the essential factors? Here are seven to get you started…

1. Security Features

The foremost consideration is the security features offered by the hosting provider. This includes firewalls, intrusion detection and prevention systems (IDPS), regular malware scanning, and DDoS (Distributed Denial of Service) protection. It’s essential that the provider implements robust measures to safeguard against common threats such as SQL injection, cross-site scripting (XSS), and other types of cyberattacks. Additionally, options for SSL (Secure Sockets Layer) certificates are crucial for encrypting data transmitted between the server and the users.

2. Compliance and Data Protection

Compliance with legal and regulatory standards, particularly the General Data Protection Regulation (GDPR), is a critical factor. The hosting provider must ensure that their operations comply with these regulations, especially in handling and storing user data. This includes having clear data protection policies and potentially offering data hosting within specific geographical locations to meet regulatory requirements.

3. Server Location

The physical location of the servers can significantly impact website performance and latency. Server locations closer to the website’s primary user base can improve loading times, enhancing user experience. Furthermore, IT managers must consider the legal and political stability of the server location, as it can affect data security and accessibility.

4. Scalability and Performance

The ability of the hosting environment to scale according to the website’s traffic and resource demands is vital. IT managers should assess the hosting provider’s capacity to handle traffic spikes and scalability options to accommodate business growth. Performance metrics such as uptime guarantees are also critical, as downtime can severely impact the brand’s reputation and revenue.

5. Backup and Disaster Recovery

Effective backup and disaster recovery solutions are crucial in maintaining data integrity. IT managers must ensure that the hosting provider offers regular backups, easy data retrieval, and a comprehensive disaster recovery plan. This is essential for mitigating data loss risks due to hardware failures, cyberattacks, or other unforeseen events.

6. Technical Support and Service Level Agreements (SLAs)

Reliable technical support is a key aspect of a secure hosting environment. IT managers should seek providers who offer 24/7 support with a proven track record of responsiveness and technical expertise. Additionally, clear SLAs outlining service expectations, responsibilities, and response times can provide assurance of the hosting provider’s commitment to quality service.

7. Reviews and Reputation

Lastly, the reputation and reviews of the hosting provider should be considered. IT managers can gain valuable insights from other customers’ experiences, particularly regarding the provider’s reliability, customer service, and security incident handling.

When selecting a hosting environment for a brand’s website, IT managers must undertake a thorough assessment of security features, compliance, server location, scalability, performance, backup, support, and provider reputation. By carefully considering these factors, they can ensure a secure and reliable online presence for the brand, safeguarding both the company and its customers against the ever-present threats in the digital landscape.

Photo by Desola Lanre-Ologun on Unsplash

MALWARE MONTH: Devising effective anti-malware strategies

960 640 Stuart O'Brien

In the complex cybersecurity landscape of the UK, Chief Information Security Officers (CISOs) face the daunting task of protecting their organisations against a multitude of evolving malware threats. An effective anti-malware strategy is essential for safeguarding sensitive data and maintaining business continuity. Here we delve into the key considerations that CISOs must weigh when formulating such a strategy…

1. Comprehensive Threat Analysis

The first step in crafting an anti-malware strategy is a thorough understanding of the current threat landscape. CISOs need to analyse the types of malware most likely to target their sector, including ransomware, spyware, Trojans, and worms. Understanding the techniques employed by cybercriminals, such as phishing, drive-by downloads, or zero-day exploits, is crucial. This analysis should guide the development of a strategy that addresses specific vulnerabilities and potential attack vectors.

2. Layered Defence Mechanisms

In the world of cybersecurity, relying on a single line of defence is insufficient. CISOs must adopt a multi-layered approach that encompasses not just anti-malware software but also firewalls, intrusion detection systems, and email filtering. Each layer serves to block different types of threats and provides redundancy should one layer fail.

3. Integration with Existing IT Infrastructure

Any anti-malware solution must seamlessly integrate with the existing IT infrastructure. CISOs should ensure compatibility with current systems to avoid any disruptions in operations. This also involves considering the scalability of the solution to accommodate future organisational growth and technological advancements.

4. Regular Software Updates and Patch Management

Keeping software up-to-date is a fundamental aspect of an anti-malware strategy. CISOs must implement robust policies for regular updates and patches, as outdated software is a common entry point for malware. This includes not only security software but also operating systems and other applications.

5. Employee Education and Awareness

Human error remains one of the largest vulnerabilities in cybersecurity. CISOs must prioritise educating employees about safe online practices, recognising phishing attempts, and the importance of reporting suspicious activities. Regular training sessions, simulations, and awareness campaigns can significantly reduce the risk of malware infections.

6. Incident Response Planning

Despite the best preventive measures, malware breaches can still occur. Therefore, a well-defined incident response plan is vital. This plan should outline the steps to be taken in the event of an infection, including containment procedures, eradication of the threat, recovery actions, and communication protocols.

7. Compliance and Legal Considerations

CISOs must also consider legal and regulatory requirements, such as the General Data Protection Regulation (GDPR), which mandates stringent data protection measures. Failure to comply can result in substantial fines and reputational damage.

8. Continuous Monitoring and Analysis

Finally, continuous monitoring and analysis of network traffic and system activities are essential for early detection of malware. Implementing advanced analytics and AI-driven tools can help in identifying anomalies that might indicate a malware infection.

For CISOs in the UK, devising an anti-malware strategy requires a balanced approach that combines technological solutions with employee training and robust policies. As malware threats continue to evolve, so must the strategies to combat them. A proactive, dynamic, and comprehensive approach is key to safeguarding an organisation’s digital assets against the ever-present threat of malware.

Are you searching for Anti-Malware solutions for your company or organisation? The Security IT Summit can help!

Photo by Michael Geiger on Unsplash

Do you specialise in Network Security Management? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in December we’re focussing on Network Security Management solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Network Security Management solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jenny Lane on j.lane@forumevents.co.uk.

Here’s our full features list:

Dec – Network Security Management
Jan 2024 – Anti Virus
Feb 2024 – Access Control
Mar 2024 – Intrusion Detection & Prevention
Apr 2024 – Phishing Detection
May 2024 – Advanced Threat Dashboard
Jun 2024 – Browser/Web Security
July 2024 – Authentication
Aug 2024 – Penetration Testing
Sep 2024 – Vulnerability Management
Oct 2024 – Employee Security Awareness
Nov 2024 – Malware

Nearly half of EMEA CIOs are shifting to co-owning digital leadership with their CxO peers

960 640 Stuart O'Brien
Forty-six per cent of CIOs in Europe, the Middle East and Africa (EMEA) are partnering with their CxO peers to bring IT and business area staff together to co-own digital delivery on an enterprise-wide scale.

That’s according to Gartner’s annual global survey of CIOs and technology executives, which has found that CIO’s relationship with their CxO peers is ‘reaching a different level’.

Daniel Sanchez-Reina, VP Analyst at Gartner, said: “CIOs who co-own efforts with their CxO peers to place the design, management and delivery of digital capabilities with teams closest to the point where value is created, are most effective at maximising digital investments.”

In this CIO-CxO co-ownership, also called democratization of digital delivery, the CIO acts as a franchiser of technology within their organization.

Gartner analysts presented the survey findings during Gartner IT Symposium/Xpo, taking place here through Thursday. The 2024 Gartner CIO and Technology Executive Survey gathered data from 2,457 CIO respondents in 84 countries and all major industries, representing approximately $12.5 trillion in revenue/public-sector budgets and $163 billion in IT spending. In EMEA, 917 CIOs participated in the survey, representing nearly $3.9 trillion in revenue and $66 billion in IT spending.

“Consciously or unconsciously, CIOs have already been laying the foundation for democratized digital delivery with technologies such as low-code platforms,” said Sanchez-Reina. In EMEA, 66% of CIOs said they have deployed or plan to deploy low-code platforms in the next 24 months. Artificial intelligence (AI), which 72% of EMEA CIOs say will be a game-changing technology in the next three years (29% for generative AI), will also rapidly advance the democratization of digital delivery beyond the IT function.

The survey revealed that CIOs’ top areas for investment in 2024 include cybersecurity, data analytics and AI (see Figure 1).

Figure 1. EMEA CIOs’ Expected Change in Technology Investments in 2024

Source: Gartner (November 2023)

CIOs who franchise IT ‘by design’, which is through co-leading, co-delivering and co-governing digital initiatives with their CxO peers, perform significantly better at general IT management activities, such as executive leadership development and digital business strategy.

“Franchiser CIOs are breaking down the barriers of IT, allowing other business units to produce IT beyond using it,” said Sanchez-Reina. “Those business units participate in the IT delivery responsibility and are accountable for the success of their own IT applications and systems they produce. Such participation in technology production goes from managing to implementing and building technology initiatives.

“This shows that the distinction between what is “IT” and what is “business” is becoming virtually impossible.”

There is no one pattern for franchised digital delivery. Several factors such as the enterprise culture and CEO sponsorship will influence the design and inner workings of the franchise model and the ways in which CIOs and their CxO peers engage. Above all, the CIO must coach their business partners on the journey, offering advice and frameworks, and brokering the internal and external connections they need to successfully co-own digital delivery.

“The payoff of modeling CxO-CIO partnerships for digital delivery on a franchise model is substantial,” said Sanchez-Reina. “CxOs who embrace this franchise model are twice as likely to meet or exceed expectations from digital investments, compared with those who don’t embrace it.”

Photo by ThisisEngineering RAEng on Unsplash

MALWARE MONTH: Emerging malware trends and how the UK’s CISOs are having to adapt

960 640 Stuart O'Brien

The cybersecurity landscape is being shaped by sophisticated and evolving malware threats on a weekly and even daily basis. Chief Information Security Officers (CISOs) are on the front lines, adapting to these emerging challenges with innovative approaches to protect corporate assets.

One of the most concerning trends is the rise of ransomware-as-a-service (RaaS), allowing even low-skilled cybercriminals to launch devastating attacks. For instance, the 2021 attack on the NHS systems highlighted vulnerabilities in public sector security and showcased the crippling effect of ransomware. CISOs must now consider the possibility of insider threats or inadvertent aid from employees to such external attackers.

The emergence of polymorphic and metamorphic malware, which can alter its code to evade detection, has demanded more dynamic and proactive detection mechanisms. Traditional signature-based defenses are no longer sufficient. CISOs are pivoting towards deploying advanced heuristics, behavior analytics, and machine learning algorithms that can anticipate and neutralize threats before they crystallize into attacks.

Additionally, the proliferation of IoT devices has expanded the attack surface dramatically. The 2020 breach of a UK-based energy provider through an IoT device served as a wake-up call. It has prompted CISOs to enforce stringent security protocols and integrate IoT device management into their overall security framework.

The trend of remote work, accelerated by the COVID-19 pandemic, has also introduced novel vulnerabilities. Cybersecurity hygiene for remote employees has become a top concern, with CISOs having to extend corporate security measures to home networks and personal devices through virtual private networks (VPNs), endpoint protection, and zero-trust models.

State-sponsored malware, targeting critical national infrastructure, has added a geopolitical dimension to the CISO’s role. The UK’s National Cyber Security Centre (NCSC) has flagged several such threats, necessitating public-private partnerships for shared intelligence and coordinated responses to these sophisticated threats.

In response to these challenges, CISOs are focusing on creating a robust cybersecurity culture within their organisations. This involves regular training and drills, phishing simulations, and promoting awareness about the latest malware trends among all employees. Emphasising the human factor is crucial, as a single lapse can lead to significant breaches.

CISOs are also adopting integrated security platforms that offer a unified view of the organisation’s security posture. By leveraging Security Information and Event Management (SIEM) systems, they can correlate data from various sources to identify potential threats quickly. Furthermore, advanced threat hunting teams are being employed to proactively scour networks for signs of compromise.

As malware continues to evolve, so must the strategies of CISOs. The modern CISO must not only be a technical expert but also a savvy business leader who can articulate the risks and required investments to stakeholders. They must ensure that cybersecurity is not seen as just an IT issue but as a pivotal part of the organisation’s overall risk management strategy. Through collaboration, innovation, and a relentless focus on education and culture, UK CISOs are reshaping their organisations to withstand the threats of tomorrow.

Are you searching for Anti-Malware solutions for your company or organisation? The Security IT Summit can help!

Photo by Ed Hardie on Unsplash

SAVE THE DATE: Security IT Summit – June 2024

960 640 Stuart O'Brien
Couldn’t join us at this week’s Security IT Summit? The next event will take place in London next June – both live and virtual attendance options will be available!

25th June 2023 – Hilton London Canary Wharf – Booking form (flexible attendance options)

Benefits of attending include: 
  • Receive a bespoke itinerary of relaxed, 1-2-1 meetings with innovative and budget savings suppliers who you would like to meet and those who match your requirements.
  • Access to a series of live seminar sessions led by industry thought-leaders
  • Lunch & refreshments throughout
  • Unparalleled networking with like-minded peers, who share your challenges
Register today!

210 million industrial endpoints will be secured by 2028

960 640 Stuart O'Brien

A new study by Juniper Research has found that there will be growth of 107% over the next five years in the number of industrial endpoints featuring cybersecurity protection.

The research identified the rise of interconnected processes within the Industry 4.0 revolution as increasingly exposing critical industrial infrastructure to external threats; requiring wholesale changes in how industrial stakeholders secure their operations.

The research found that industrial endpoint cybersecurity spend will reach $7.8 billion by 2028; rising from $3.8 billion in 2023. This rapid growth of 105% demonstrates how quickly the market is evolving, and how industrial endpoint cybersecurity is rapidly becoming a priority for cybersecurity vendors.

Research co-author Nick Maynard commented: “As more processes become connectivity enabled, the threat environment within industrial settings is exponentially increasing. Cybersecurity vendors must partner with key industrial IoT vendors to better secure this problematic area.”

With the research forecasting 21% of industrial endpoints to be protected by endpoint cybersecurity services by 2028, this is ultimately a very low proportion of total industrial endpoints. As such, industrial stakeholders must move much faster to secure their critical operations, or they will face spiralling threats from nefarious actors.

Boosting visibility in the industrial supply chain and optimising cloud security for critical operations will be vital to ensuring greater protection levels.

Photo by Sigmund on Unsplash