Stuart O'Brien, Author at Cyber Secure Forum | Forum Events Ltd - Page 36 of 60
Posts By :

Stuart O'Brien

Security IT Summit – Just 5 complimentary guest passes left

 960 640 Stuart O'Brien
By:
0
0

Don’t miss out! Register today for the Security IT Summit. It’s free for you to attend and could help you reduce your expenditure by matching you up with innovative suppliers who match your business requirements.

But we have just five complimentary guest places left, so register today to avoid disappointment. Here’s why you should attend:

  • As one of our guests, you will be provided with a bespoke itinerary of face-to-face meetings with suppliers based on mutual agreement. No hard sell, and no time wasted.
  • You’ll have the opportunity to attend insightful seminars and interactive workshops.
  • Network with 60+ other cyber security professionals who share your challenges.
  • Enjoy complimentary lunch and refreshments.

Taking place on November 5th at the Hilton London Canary Wharf, the Security Summit provides a platform for new business connections.

But act swiftly! There are just five guest passes left – register today!

LORCA begins open call for fourth cohort of cyber scaleups

 960 640 Stuart O'Brien
By:
0
0

The London Office for Rapid Cybersecurity Advancement (LORCA) has launched a global open call for its fourth cohort of cyber scaleups, who will receive bespoke support to help them build in the UK and abroad.

Successful cohorts will also gain access to commercial and engineering experts through delivery partners Deloitte and the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast.

The deadline for applying is Monday 4 November 2019, with full details available at lorca.co.uk/apply.

LORCA is inviting applications based on three innovation themes after consulting with industry leaders from various sectors about their most pressing cyber challenges and the types of solutions they need from the market in the future.

The three cross-cutting themes (Connected Economy, Connected Everything and Connected Everyone) relate to the macro challenges faced by business and society as the world becomes more digitised and connected.

LORCA looking for a broad range of innovators who can solve real-world cyber challenges across a variety of business and societal contexts to apply. 

Saj Huq, Programme Director, LORCA, said: “As technology increasingly impacts all aspects of business and society, it’s clear that a cybersecurity paradigm shift is needed. Now more than ever, we need to support the development of cutting-edge innovations across the board to help us lead safer digital lives, keep our infrastructure secure and protect our digital economy from complex and evolving cyber threats. Given its increasing significance within a world that is more connected by the day, cybersecurity has to be everywhere – and serve everyone.”

NCSC publishes university threat assessment

 960 640 Stuart O'Brien
By:
0
0

The threats facing the UK’ universities and the steps they can take to protect themselves have been outlined in a report from the National Cyber Security Centre (NCSC), a part of GCHQ.

The NCSC’s threat assessment aims to raise awareness of state-sponsored espionage targeting high-value research, as well as the risk of financial losses at the hands of cyber criminals.

While the NCSC has been working with the academic sector on an ongoing basis to improve security practices, this is the first threat assessment it has produced specifically for universities.

The assessment notes that while cyber criminals using methods such as phishing attacks and malware pose the most immediate, disruptive threat, the longer-term threat comes from nation states intent on stealing research for strategic gain.

To mitigate the risks, universities are encouraged to adopt security-conscious policies and access controls, as well as to ensure potentially sensitive or high-value research is separated rather than stored in one area.

Measures to support universities have been outlined in Trusted Research, from the Centre for the Protection of National Infrastructure (CPNI) and the NCSC, which offers accessible and actionable cyber security advice for university leaders, staff and researchers.

Sarah Lyons, Deputy Director for Economy and Society at the National Cyber Security Centre, said: “The UK’s universities are rightly celebrated for their thriving role in international research and innovation collaborations.

“The NCSC’s assessment helps universities better understand the cyber threats they may face as part of the global and open nature of research and what they can do about it using a Trusted Research approach.

“NCSC is working closely with the academic sector to ensure that, wherever the threat comes from, they are able to protect their research and their universities in cyberspace.”

The assessment found that the open and outward-looking nature of the universities sector, while allowing collaboration across international borders, also eases the task of a cyber attacker.

Among the examples highlighted in the assessment was an attack from last year attributed to Iranian actors in which they were able to steal the credentials of their victims after directing them to fake university websites.

The attack took place across 14 countries, including the UK, and many of the fake pages were linked to university library systems, indicating the actors’ appetite for this type of material.

The assessment also highlights the financial damage which can be caused by cyber attacks on UK universities, citing previous figures from UK Finance which estimated that UK university losses from cyber crime for the first half of 2018 were £145m. 

The threat assessment for universities can be read here.

5 reasons to attend the Security IT Summit

 960 640 Stuart O'Brien
By:
0
0

Register today for the Security IT Summit – It’s FREE for you to attend and could help you reduce expenditure by matching you up with innovative suppliers.

As one of our guests, you’ll be joining just 60 other senior cyber security professionals who are attending the event to network, learn and forge new business relationships. 

If that’s not incentive enough for you to register, here are 5 more reasons…

  • As one of our VIP guests, you will be provided with a bespoke itinerary of face-to-face meetings with suppliers based on mutual agreement. No hard sell, and no time wasted.
  • You’ll have the opportunity to attend insightful seminars and interactive workshops.
  • Network with 60 other senior professionals who share your challenges.
  • Enjoy complimentary lunch and refreshments.

Taking place on November 5th at the Hilton London Canary Wharf, the Security IT Summit provides a platform for new business connections. You’ll be joining representatives from the likes of:

  • ADVANZ Pharma
  • All Fleet Services 
  • Alvarez & Marsal
  • Ashville College
  • Asto, by Santander
  • Avanti Communications Group 
  • Bank of America Merrill Lynch
  • Baringa Partners LLP
  • Belvoir Group
  • Bibby Financial Services
  • Birketts LLP
  • Carpmaels and Ransford LLP
  • CashFlows
  • Catalyst
  • CLS Group
  • Consulum UK
  • Cote Restaurants
  • CSL Group
  • DP World
  • ED&F Man Holdings 
  • EDF Energy
  • Emico
  • First Choice Homes Oldham
  • Freight Transport Association
  • Freshfields Bruckhaus Deringer LLP
  • Harrods 
  • Howard Kennedy
  • Inspired Education
  • Intellectual Property Office
  • Lloyds Banking Group
  • London Mutual Credit Union
  • London School of Economics
  • Metro Bank 
  • Optum International
  • Petroleum Pipe 
  • PunterSouthall Group
  • RB (Reckitt Benckiser)
  • Sainsbury’s
  • Simplyhealth
  • Skyes Cottages 
  • St. Dominics SFC
  • State Street Corporation
  • Ten Lifestyle Management
  • Whitbread

Don’t miss out – register today!

Do you specialise in Employee Security Awareness? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in October we’re focussing on Employee Security Awareness solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Employee Security Awareness solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here are the areas we’ll be covering, month by month:

Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

For information on any of the above topics, contact Chris Cannon on c.cannon@forumevents.co.uk.

NCSC issues DoS attack guidance for business

 960 640 Stuart O'Brien
By:
0
0

Organisations worried about the threat of Denial of Service (DoS) attacks have been recommended to read guidance published by the National Cyber Security Centre.

Wikipedia suffered a suspected DoS attack on Saturday September 7th that resulted in intermittent site access for some users in the UK, Europe and the Middle East.

Advice for SMEs, large organisations, the public sector and cyber security professionals is available on the NCSC’s website.

When a website suffers a DoS attack, it will appear to users that the site has simply stopped displaying content. However, for businesses it could mean that the online systems they depend upon have ceased to respond. 

The collection of guidance published by the NCSC helps organisations mitigate against DoS attacks and outlines the importance of understanding your service, creating a response plan, scaling and monitoring. 

There is also guidance around the very minimal DoS response plan any organisation should have in place.

Image by Pexels from Pixabay 

Humans: The root cause of your cyber security issues

 960 640 Stuart O'Brien
By:
0
0

More than 99 per cent of cyber threats require human interaction to execute – enabling a macro, opening a file, following a link, or opening a document – signifying the importance of social engineering to enable successful attacks.

That’s according to the latest Human Factor report from Proofpoint, which highlights the ways in which cybercriminals target people, rather than systems and infrastructure, to install malware, initiate fraudulent transactions and steal data.

The report, based on an 18-month analysis of data collected across Proofpoint’s global customer base, also found:-

  • Microsoft lures remain a staple. Nearly 1 in 4 phishing emails sent in 2018 were associated with Microsoft products. 2019 saw a shift towards cloud storage, DocuSign, and Microsoft cloud service phishing in terms of effectiveness. The top phishing lures were focused on credential theft, creating feedback loops that potentially inform future attacks, lateral movement, internal phishing, and more.
  • Threat actors are refining their tools and techniques in search of financial gain and information theft. While one-to-one attacks and one-to-many attacks were more common when impostor attacks first began to emerge, threat actors are finding success in attacks using more than five identities against more than five individuals in targeted organizations.
  • The top malware families over the past 18 months have consistently included banking Trojans, information stealers, RATs, and other non-destructive strains designed to remain resident on infected devices and continuously steal data that can potentially provide future utility to threat actors.

People-centric Threats

  • Attackers target people – and not necessarily traditional VIPs. They often target Very Attacked People (VAPTM) located deep within the organization. These users are more likely to be targets of opportunity or those with easily searched addresses and access to funds and sensitive data.
  • Thirty-six percent of VAP identities could be found online via corporate websites, social media, publications, and more. For the VIPs who are also VAPs, nearly 23 percent of their email identities could be discovered through a Google search.
  • Imposters mimic business routines to evade detection. Impostor message delivery closely mirrors legitimate organizational email traffic patterns, with less than 5 percent of overall messages delivered on weekends and the largest portion – over 30 percent – delivered on Mondays.
  • Malware actors are less likely to follow expected email traffic. Overall malicious message volumes sampled in the second quarter of 2019 were distributed more evenly over the first three days of the week and were also present in significant volumes in campaigns that began on Sundays (more than 10 percent of total volume sampled).
  • Click times have traditionally shown significant regional differences, reflecting differences in work culture and email habits among major global regions. Asia-Pacific and North American employees are far more likely to read and click early in the day, while Middle Eastern and European users are more likely to click mid-day and after lunch.

Email Attacks: Verticals at Risk

  • Education, finance, and advertising/marketing topped the industries with the highest average Attack Index, an aggregated measure of attack severity and risk. The education sector is frequently targeted with attacks of the highest severity and has one of the highest average number of VAPs across industries. The financial services industry has a relatively high average Attack Index but fewer VAPs.
  • 2018 saw impostor attacks at their highest levels in the engineering, automotive, and education industries, averaging more than 75 attacks per organization. This is likely due to supply chain complexities associated with the engineering and automotive industries, and high-value targets and user vulnerabilities, especially among student populations, in the education sector. In the first half of 2019, the most highly targeted industries shifted to financial services, manufacturing, education, healthcare, and retail.
  • The Chalbhai phish kit, the third most popular lure for the first half of 2019, targeted credentials for many top U.S. and international banks and telecommunications companies, among others, using a range of templates attributed to a single group but leveraged by multiple actors.
  • Attackers capitalize on human insecurity. The most effective phishing lures in 2018 were dominated by “Brainfood,” a diet and brain enhancement affiliate scam that harvests credit cards. Brainfood lures had click rates over 1.6 clicks per message, over twice as many clicks as the next most clicked lure.

“Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure,” said Kevin Epstein, vice president of Threat Operations for Proofpoint. “More than 99 percent of cyberattacks rely on human interaction to work—making individual users the last line of defense. To significantly reduce risk, organizations need a holistic people-centric cybersecurity approach that includes effective security awareness training and layered defenses that provide visibility into their most attacked users.”

Image by Jan Vašek from Pixabay

Look who you’ll be joining at the Security IT Summit

 960 640 Stuart O'Brien
By:
0
0

The Security IT Summit is taking place this autumn and we’d love for you to join us as our VIP guest.

5 November 2019 – Hilton London Canary Wharf

This VIP pass will give you the opportunity to meet with suppliers based on your own unique requirements, attend a series of seminars and network with like-minded senior cyber security professionals. Plus, lunch and refreshments are complimentary.

Unlock your priority pass here and join representatives from:

  • ADVANZ Pharma
  • All Fleet Services 
  • Alvarez & Marsal
  • Ashville College
  • Asto, by Santander
  • Avanti Communications Group 
  • Bank of America Merrill Lynch
  • Belvoir Group
  • Baringa Partners LLP
  • Bibby Financial Services
  • Birketts LLP
  • Catalyst
  • CashFlows
  • Consulum UK 
  • Cote Restaurants
  • CSL Group
  • EDF Energy
  • ED&F Man Holdings 
  • First Choice Homes Oldham
  • Freshfields Bruckhaus Deringer LLP
  • Harrods 
  • Howard Kennedy
  • Inspired Education
  • Intellectual Property Office
  • Lloyds Banking Group
  • London Mutual Credit Union
  • London School of Economics
  • Metro Bank 
  • Optum International
  • Petroleum Pipe 
  • PunterSouthall Group
  • RB (Reckitt Benckiser)
  • Sainsbury’s
  • Simplyhealth
  • Skyes Cottages 
  • St. Dominics SFC
  • Ten Lifestyle Management
  • Whitbread
  • Willis Towers Watson

Confirm your VIP ticket here to avoid disappointment!

Keeping data secure in the oil and gas industry

 960 640 Stuart O'Brien
By:
0
0

By Jerry Askar, Managing Director Middle East, Levant & Africa, Certes Networks

As automation continues to evolve, the utilities sector is finding that encryption of their network data is a critical to safeguard against cyber-attacks.  And, as organisations across the globe continue to prioritise cybersecurity, the threat landscape continues to expand.  Although good progress is being made, it is evident that critical network vulnerabilities are still being left unprotected. 

This is particularly the case in the oil and gas sector, which is the latest to enter the cyber security spotlight according to the latest threat report by security firm Dragos that highlighted that the sector is a valuable target for adversaries seeking to exploit industrial control systems (ICS) environments.

The report revealed a new activity group targeting the industry, bringing the total number of tracked ICS-targeted activity groups to nine, five of which directly target oil and gas organisations. What’s more, the increased deployment of automation within the oil and gas industry to manage costs, extract the most value from current assets and maximise up-time, only causes the threats to ICS and supervisory control and data acquisition (SCADA) networks to rise.

The threat is clearly high, as are the potential consequences of a cyber-attack on this sector. An attack on an oil or gas organisation would not only have severe political and economic impacts, but it would also have a direct effect on civilian lives and infrastructure. Much of how the population lives and works is dependent upon the energy from oil and gas production, from communication, the use of electronic devices and appliances, and even heating, cooling and cooking. The smallest attack on this sector could result in devastating effects. 

Beyond consumer impact, an oil or gas company hit by a cyber-attack could experience a plant or production shutdown, utilities interruptions, equipment damage or loss of quality, undetected spills and of course safety measure violations. For example, in December 2018, Saipem, an Italian oil and gas industry contractor, fell victim to a cyber-attack that hit servers based in the Middle East, India, Aberdeen and Italy, which led to the cancellation of data and infrastructures.

Mitigating cyber-attack damage 

Understanding not just the threats faced by this sector, but also how the attacks are taking place and the behaviours and capabilities of activity groups targeting oil and gas companies, is essential. As the Dragos report warned, there is currently limited visibility – or observability –into the network ecosystem, including communications to and from operations centers, distribution substations and even home “smart grid” networks. This means that intruders can dwell for longer and the root cause of the attack can remain undetected. As is widely documented, the longer an attacker remains in a network, the more damage the breach will cause.

To protect data in ICS/SCADA environments, organisations in the oil and gas industry need an encryption solution that not only safely encrypts data enterprise-wide, but that is also scalable and easy to implement, without disrupting, replacing or moving the network infrastructure. Furthermore, some encryption technologies will provide organisations with greater visibility of their data to monitor deployed policies. By defining and deploying policies and keys based only on which users should have access to what data, organisations can ensure that only those who need to send or receive the data have the access to do so. In addition, many Observability network features can provide crucial flow data so that IT operators can observe policy enforcement and quickly shut down a policy if compromised to stop further damage and potential escalation.

Conclusion

Lessons need to be learned from the past attacks on the oil and gas industry, such as the Saipem attack which had global consequences. With the sector facing such a high cyber risk, it’s more crucial than ever for oil and gas organisations to inhabit a cyber security culture and move from reactionary to proactive. 

This means employing an encryption management solution, along with the right forensic intelligence tools, to understand and safeguard against future cyber-attacks and their potential for devastating consequences.

Image by Robson Machado from Pixabay

Are trusted employees your biggest threat?

 960 640 Stuart O'Brien
By:
0
0

Trusted employees have access to company-sensitive information, assets and intellectual property, and permission to make financial transactions – often without requiring any further approval.

Attackers target these privileged, trusted people – impersonating suppliers, regulators and colleagues – and try to encourage them to do something they have permission to do, but shouldn’t, like diverting payments to a different account.

As far as they’re aware, they’re not doing anything wrong…

Find out how to combat this threat at: https://www.corvid.co.uk/blog/are-employees-your-biggest-threat