Stuart O'Brien, Author at Cyber Secure Forum | Forum Events Ltd - Page 2 of 5
Posts By :

Stuart O'Brien

Kaspersky software dropped by Barclays

 960 640 Stuart O'Brien
By:
0
0

High street bank Barclays will no longer offer free Kaspersky antivirus software to its new customers after an official warning from cyber security chiefs, amidst fears that the Kremlin could potentially use the software to control and monitor user’s devices.

 290,000 new online bankers of Barclays who signed up within the last 12 months have been notified as a ‘precautionary measure’.

 “The UK government has been advised… to remove any Russian products from all highly sensitive systems classified as secret or above. We’ve made the precautionary decision to no longer offer Kaspersky software to new users. However, there’s nothing to suggest that customers need to stop using Kaspersky. At this stage there is no action for you to take. It’s important that you continue to protect yourself with anti-virus software,” said a spokesperson for Barclays.

 “Even though this new guidance isn’t directed at members of the public, we have taken the decision to withdraw the offer of Kaspersky software from our customer website,” added the bank.

 Kaspersky said it was ‘disappointed’ by the news.

Uber conceal massive data hack

 960 640 Stuart O'Brien
By:
0
0

Global transportation tech company Uber concealed a massive breach of personal information of over 57 million customers and drivers in October 2016, with the company acknowledging that it failed to notify individuals and regulators it has been revealed.

The company covered up the breach, and instead paid the hackers responsible $100,000 to delete data and keep the breach quiet.

Addressing the situation, new CEO Dara Khosrowshahi admitted that, while there was no excuse for the incident, he had “obtained assurances that the downloaded data had been destroyed”.

“None of this should have happened, and I will not make excuses for it,” Uber’s chief executive, Dara Khosrowshahi, said in a statement to The Guardian: “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.

“We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

It is thought the hackers managed to download data including names, email addresses and phone numbers, including driver license numbers of over 600,000 Uber drivers around the US.

Uber claims that other information, including credit card numbers, bank account details and birth dates were not compromised.

Khosrowshahi admitted that the breach had prompted him to take several measures, with the departure of two senior members of staff responsible fro the company’s 2016 response.

 

 

 

Armour Comms enjoys sales boost

 960 640 Stuart O'Brien
By:
0
0

Armour Communications, a provider of specialist, secure communications solutions, has seen unprecedented growth in the last few months following a flurry of new high profile deals.

The firm has installed its flagship Armour Mobile at three Government departments, while its US division has also signed a number of new agreements.

Armour is now working with 15 technology and innovation partners to deliver its higher assurance solution Armour Black, and its Push To Talk variant Armour Blue. In order to support partners and customers, Armour has also launched a new website which will include portals for specific content and marketing material for partner and customer audiences.

David Holman, a director at Armour Communications said: “We’ve had a very strong quarter. As well as three major contracts signed, we have pilot projects running with several more Government departments and law enforcement agencies. We have a number of new technology partners, who will be instrumental in our development of further higher assurance solutions through our Armour Black family of products. To support all this growth and development we have recruited several new members of staff for development, quality and testing.”

Armour Mobile provides secure voice calls, video calls, one-to-one and group messaging, voice and video conference calls, file attachments and sent/received/read message status. It is FIPS-140-2 validated and has been awarded many other certifications including CPA (Commercial Product Assurance) from the National Cyber Security Centre (NCSC) and is included in the NATO Information Assurance catalogue.

Queen’s Uni rolls out £5m research scheme to tackle cyber threats

 960 640 Stuart O'Brien
By:
0
0

Queen’s University in Belfast is set to improve the research into hardware security with the launch of a £5m cyber-security centre, tackling threats in smart technology in particular.

With the increase in smart technology in everyday appliances, such as kettles, cars and toys, the focus will be to keep hackers out of the public’s homes.

Funded by the Engineering and Physical Sciences research Council (EPSRC) and National Cyber Security Centre (NCSC), the Research Institute in Secure Hardware and Embedded Systems (RISE) at Queen’s will be a global centre for research in hardware security over the next five years, one of four cyber security institutes in the UK.

“We will also work closely with leading UK-based industry partners and stakeholders, transforming research findings into products, services and business opportunities, which will benefit the UK economy,” said RISE director Prof O’Neill.

DJI in cyber security fracas

 960 640 Stuart O'Brien
By:
0
0

Chinese tech company DJI is at the centre of a row with a cyber security researcher, who the firm believes hacked into its servers to benefit from a “bug bounty” of up to $30,000.

Kevin Finisterre claims that he found a public key that allowed him access to confidential customer data, including unencrypted flight logs, passports, drivers licences and identification cards.

DJI offers a bug bounty reward for any security weaknesses discovered in its systems.

Despite initially offering the reward to independent security researcher Finisterre, DJI then refused to agree to the terms of the bug bounty claiming that the server access was “unauthorised”.

In a statement, DJI said: “DJI takes data security extremely seriously, and will continue to improve its products thanks to researchers who responsibly discover and disclose issues that may affect the security of DJI user data and DJI’s products.”

The company added that it would continue to pay bug bounty rewards in exchange for reports.

Finisterre claims that DJI tried to make him sign a non-disclosure agreement, and that it was almost a month after he sent the report to the company before the full terms were shared with him, which he said “posed a direct conflict of interest to many things including my freedom of speech.”

“Cyber security is one of those areas where there is no government organisation or central body or standards agency holding these people to account. It’s ethical hackers and security researchers,” commented cyber security expert Professor Alan Woodward from Surrey University.

“The public has a right to know when there’s a security problem.”

Scottish Government outlines cyber security plans

 960 640 Stuart O'Brien
By:
0
0

The Scottish government has outlined its cyber strategy in a 48-page document – The Public Sector Action Plan on Cyber Resilience.

 The plan offers details to local authorities, Government departments and NHS boards on best practices for protecting themselves against cyber attacks. The Scottish Government fast-tracked the strategy in wake of the global cyber attack in May when 11 Scottish health boards were targeted by hackers.

 Discussing the plan, First Minister John Swinney said it would “encourage all public bodies, large or small, to achieve common standards of cyber resilience,” before adding: “I want our public sector to lead by example on strengthening cyber security, to help ensure Scotland is ready to deal with all emerging threats.”

 Some £200,000 is to be made available for organisations to assess, identify and improve cyber security issues, while ministers will also write to chief executives of Scottish public bodies to urge them to ensure all firewalls and security procedures are up-to-date with companies in public service chains asked to demonstrate how they have protected themselves.

 Colin Slater, head of cyber security at PwC in Scotland said: “To date we’ve been reacting to cyber security using frameworks that are almost 30 years old. That’s not representative of the risk we’re dealing with these days.

 “During that attack NHS trusts couldn’t take appointments, they couldn’t do imaging, they couldn’t prescribe drugs, couldn’t admit patients. The ultimate consequence is that you can’t deliver your public service.

 “Cyber criminals are brilliantly tooled up, they’re very dogged, they’re very very clever and they’re very fast and agile.”

 Dr Keith Nicholson, joint chair of the National Cyber Resilience leaders’ board’s public sector steering group, said by following the plan “Scotland’s public sector will be better protected against cyber attacks to the benefit of both the organisation and the citizens of Scotland.”

UK Government prioritises cyber skills

 960 640 Stuart O'Brien
By:
0
0

The UK Government is “acutely aware” of the need for more skilled cyber security professionals working within the sector, and is embarking on a series of initiatives to help promote the profession.

Discussing the concern with members of UK technology industry body TechUK, Matt Parsons, head of cyber security skills at the Department for Culture, Media and Sport (DCMS) said: “We are looking at a number of ways to retrain people who are interested in moving into the industry at pace and at scale.

“Using what we have learned, we are planning to scale up and look at how we can support the cyber security industry – and get more people in at a quicker rate.”

Initiatives include a two-year bursary pilot programme for candidates taking a GCHQ accredited masters degree to return to become a cyber security professional. The Government is also running a 10-week training academy to provide training for candidates looking to pursue a career in cyber security, along with an apprenticeship scheme that has launched offering students work placements and on-the-job training.

“The National Cyber Security Strategy outlines a number of strategic outcomes, one of which is that the UK has a sustainable supply of home-grown cyber security professionals to meet the growing demands of an increasingly digital economy in both the public and private sectors – and in defence,” commented Parsons.

The Government also believes that the creation and development of professional body with cyber security  is “absolutely key” to the continuing development of the profession, with Parsons indicating that the Government is looking at ways to support it.

“And that is not about creating something new to replace what already exists, but rather about looking at the existing landscape and thinking about how all that work can be harnessed to be even more effective and help deliver the desired outcome,” said Parsons.

Embrace AI, say cyber security professionals

 960 640 Stuart O'Brien
By:
0
0

The global head of security intelligence at IBM Nick Coleman has called for cyber professionals to embrace the world of Artificial Intelligence (AI) and automation.

During the Isaca CSX Europe 2017 conference in London, Coleman said that without embracing the worlds of AI and automation, security execs will be “obsolete in three of four years.”

“The threats are becoming so serious that we need to embed artificial intelligence and automation into security processes so that we can be more intelligent and efficient in our response.

“We should be looking at each of these areas and finding ways to embed AI and automation wherever it makes sense to do so to improve efficiency, and thereby improve capability and, ultimately, enable greater business resilience,” Coleman said.

Coleman added that as the cyber security world becomes more sophisticated, the number of threats will continue, highlighting the need to automate as much as possible.

Commenting on IBM’s Watson super computer and the ability of it to ingest four million security-related documents an hour, Coleman added: ““Research shows that around a third of their time is spent gathering and processing information, but this is something that can be automated.

“We already have automated planes and ships, and relatively soon we will have self-driving cars, so they should be looking to where it makes most sense to automate in cyber security to make sure they are ready for the future and have developed the skills to deliver value on top of automation.”

Telecoms networks attacked the most by hackers

 960 640 Stuart O'Brien
By:
0
0

Telecoms organisations face the most DNS-based attacks, and each attack costs companies an average of £460,000 to remediate, according to a new cyber security report by EfficientIP.

EE, TalkTalk and other recent outages remind us of the pressure telecoms and their networks are beginning to face due to the rise of edge computing, mobile app usage and on-demand videos to name a few.

The findings from EfficientIP research on the global telecoms industry shows how much access into DNS Server is valued by cyber criminals. A successful cyber breach on a telecoms organisation could lead to a loss of revenue for businesses due to slower internet connections and no landline telephone services. The research found four key themes:

DNS-based attacks cost organisations globally £1.7 million on average every year across several industries.

  • 76% of all organisations globally were subjected to a DNS attack in the past twelve months, and 28% suffered data theft.
  • 42% of all respondents in the UK spent an entire business day (six hours) to restore their systems.
  • Top five security threats for Telecoms organisations are: DDoS (42%), Malware (36%), DNS Tunnelling (31%), Cache Poisoning (28%) and Zero-Day Exploits (20%).

Telecoms have suffered more attacks than any other sector surveyed, with organisations admitting to having faced four attacks on average over the last twelve months.

The average cost to fix a single attack is £460,000 in the telecoms sector, the highest in the survey. To put that into perspective, the average cost for the healthcare sector is £210,000.

Furthermore 5% of telecoms organisations surveyed admitted an attack cost them more than £3.75 million.

A quarter of telecoms organisations (25%) admitted they have lost sensitive customer information as a result of a DNS attack. This is higher than any other sector surveyed.

For 42% of telecoms companies surveyed, attacks resulted in in-house application downtime, which causes poor customer experience online. This number is the highest in the survey, tied with education (42%) and services (42%), followed closely by manufacturing (39%) and retail (37%), the lowest number going to the public sector (28%).

As recent cyber-attacks showed how crucial patching was to avoid easy exploits, telecoms have only applied an average of four patches out of the 11 critical patches recommended by ISC in 2016.

EfficientIP’s CEO, David Williamson, points out that recent news makes it more urgent than ever Telecoms organisations protect their networks from DNS-based attacks and improve their network management tools.

He said: “Telecoms organisations need to adapt to the new surge of cyber-attacks and cannot use yesterday’s security technology for today’s problems, otherwise short and long term costs could strike a severe blow to company revenues.” He added: “To face recent industry challenges and customers’ high performance expectations, the communications sector needs to change their approach to network management and incorporate automation as quickly as possible.”

Extra online security for Bank of America Corp

 960 640 Stuart O'Brien
By:
0
0

Bank of America Corp has announced that it will add to its existing security protection for online banking following a series of high-profile data breaches at several big US companies in recent months.

The bank will incorporate Intel’s Online Connect technology, enabling fingerprint touch payments, within its online banking systems over the next 12 months.

Data breaches are nothing new within the finance sector, and can be among the most costly due to the amount of commodity and data that banks and financial partners process on a daily basis.

Credit monitoring firm Equinox was the victim of a cyber breach between May and June 2017, when information belonging to millions of American customers stolen.