All Archives - Security IT Summit | Forum Events Ltd

All

Final call for the Security IT Summit – Register today!

960 640 Stuart O'Brien

With just under three weeks until the Security IT Summit, we wanted to let you know there are only two delegate places remaining.

Your place is entirely free and you will receive; an itinerary of meetings with suppliers, access to seminars*, and a place at our networking lunch.

Wednesday 29th June – Hilton London Canary Wharf

If you have an upcoming cyber/IT security project, and would like a time efficient way to source new solution providers, secure a place by booking here.

Contact Georgia Longhurst for more information here.

IT security solutions – 2022 buying trends revealed

960 640 Stuart O'Brien

Authentication, Compliance and Cloud Web Security top the list of services the UK’s leading IT security professionals are sourcing in 2022.

The findings have been revealed ahead of July’s Security IT Summit and are based on delegate requirements at the upcoming event.

Delegates registering to attend were asked which areas they needed to invest in during 2022 and beyond.

Authentication was most in-demand, followed by Compliance and Cloud Web Security.

Just behind were Multi-Factor Authentication, Employee Security Awareness and Identity Access Management.

% of delegates at the Security IT Summit sourcing certain products & solutions (Top 10):

  • Authentication
  • Compliance
  • Cloud Web Security
  • Multi-Factor Authentication
  • Employee Security Awareness
  • Identity Access Management
  • Penetration Testing
  • Phishing Detection
  • Risk Management
  • UK Cyber Strategy

To find out more about the Security IT Summit, visit https://securityitsummit.co.uk.

Just one crack – That’s all a hacker needs…

960 640 Guest Post

By Michael Oldham, CEO of PortSys, Inc.

Just one crack. That’s all a hacker needs to find to cripple your organization. Here are three essential steps to take to stop that crack from blowing your infrastructure wide open for bad actors:

Multi-factor authentication (MFA) that includes device validation, certificate checks, Geo IP intelligence and other security policies makes it much harder for hackers to get inside your infrastructure by stealing, guessing or buying credentials.

Close ports across your legacy infrastructure that you opened for cloud, web services, Shadow IT and other applications. This will minimize your exposure to hackers through the internet. Every open port – such as VPN, RDP, MDM, Web Servers, cloud services or infrastructure – is another point of attack hackers gleefully exploit.

A single crack in just one port increases your exposure dramatically.  And your IT team already fights a losing battle trying to manage, maintain, patch and install updates for all those security solutions for those open ports. Closing ports to better secure your organization has a real, direct, significant, long-lasting business benefit.

Segmentation of resources limits the damage anyone can do inside your infrastructure in the event you are breached. Everyone is committed to keeping hackers out, but the truth is they still get in, or you may even be a victim of an insider attack.

Segmentation prevents bad actors from pivoting once they are inside to gain access to other parts of your infrastructure, where they can steal or lock up data. With segmentation, those compartmentalized resources aren’t accessible without proper authentication.

Another benefit of segmentation is that it doesn’t have to just be at the network level. Segmentation can be done at the resource level through intelligent policies that provide access to resources only under specific circumstances.

These three steps help prevent just one crack – or several – that puts your infrastructure at risk to ensure much greater security across your enterprise. And that’s good for any business.

Michael Oldham is CEO of PortSys, Inc., whose Total Access Control (TAC) Zero Trust solution is used by enterprise organizations around the world to secure their infrastructure.

What is Red Team Assessment and how can it benefit business?

960 640 Eleanor Barlow

By Eleanor Barlow, SecurityHQ

Red Team Assessment as a service used to simulate real-life attacks, to know that the right security controls are implemented and working within a business, and to highlight the security gaps that would otherwise go undetected.

A key part of Red Team Assessment is where a simulation is used to mimic the behaviour of an internal employee in the company being tested. For this, the red team will have the same devices and privileges and try to gain unauthorised access to sensitive IT systems, active directory, business sensitive application/database and to see what data is accessible. The goal of this assessment is to learn which machines, servers and data can be reached, and if an attack can be made on the machine to move laterally throughout the organisation.

Obviously, in this attack there is no malicious intent, the purpose is to highlight if someone with malicious intent could indeed infiltrate and gain access to sensitive data/company information and the people and processes involved.

The Challenges Red Team Assessment as a Service Solves

The challenge with most organisations is that the majority, around the world, are now working remotely. The issue with this is that businesses do not know how secure their corporate devices are. In a Red Team Assessment, specific users/employees are targeted, to see if security solutions can be bypassed, and controls to elevate higher privileges and create backdoors into the target’s endpoint, can be made. This provides a clear understanding of vulnerabilities and the weaknesses in a company’s infrastructure especially while teams work remotely.

What Next?

‘Security Awareness is not just for those interested in cyber security. It is a crucial element that all employees must be aware of. The issue is that few organisations have a dedicated cyber security team, which means that few are educated on the necessary processes that should be conveyed to all employees in separate departments. With this lack of awareness, systems, processes, data, and people are left vulnerable. But once employees are cyber security aware, have a checklist in place, are able to recognise cyber threats, the impact of a cyber-attack, and know the steps to prevent cyber threats from attacking and infiltrating their systems, businesses improve their security posture significantly.’ – Tips to Educate and Protect Your Staff from Security Threats

For a comprehensive view of the features and benefits available with Red Team Assessment, download the data sheet here.

Or, to speak with an expert, contact a member of our team here.

About The Author

Eleanor Barlow

Based in London, Eleanor specialises in researching and reporting on the latest in cyber security intelligence, developing trends and security insights. As a skilled Content Manager and experienced named author and ghost writer, she is responsible for SecurityHQ’s content strategy. This includes generating content for the latest articles, press releases, whitepapers, case studies, website copy, socials, newsletters, threat intelligence and more. Eleanor holds a first-class degree in English Literature, and an MA from the University of Bristol. She has strong experience writing in B2B environments, as well as for wider technology-based research projects.

About SecurityHQ

SecurityHQ is a Global MSSP, that detects, and responds to threats, instantly. As your security partner, we alert and act on threats for you. Gain access to an army of analysts that work with you, as an extension of your team, 24/7, 365 days a year. Receive tailored advice and full visibility to ensure peace of mind, with our Global Security Operation Centres. Utilize our award-winning security solutions, knowledge, people, and process capabilities, to accelerate business and reduce risk and overall security costs.

Facebook: https://www.facebook.com/Sechq

Twitter: https://twitter.com/security_hq

LinkedIn: https://www.linkedin.com/company/securityhq/

Website: https://www.securityhq.com/

CIISec CyberEPQ qualification will kick-start cyber security careers

960 640 Guest Post

The Chartered Institute of Information Security (CIISec) is now managing the UK’s first and only Extended Project Qualification (EPQ) in cyber security. The Level 3 CyberEPQ will give anyone from 14 years old the best possible opportunity to kick-start their cyber security career and will integrate with CIISec’s broader development programmes to provide a clear pathway to progress.

Originally introduced by Qufaro in 2016, the CyberEPQ provides a starting point for anyone considering a career in cyber security. Now under CIISec’s management, and with rebranding underway, the qualification will become a more integral part of helping people to start and then progress their cyber security careers, from apprenticeship to university to full employment. It will open access to the full support of a professional body and an extensive community, ranging from students and academics at CIISec’s academic partner institutions through to established security professionals and corporate partners.

“We’re delighted to welcome the Level 3 CyberEPQ into our broader programme,” commented Amanda Finch, CEO of CIISec. “This qualification provides a springboard for individuals to start their careers, and, embedded within our development programme, it will help individuals to understand exactly what skills are needed to progress in their roles. From cyber digital investigation professionals to system architects and testers to cryptographers to risk management professionals, the variety of roles available in the industry is vast and there are opportunities out there for everyone. This qualification will play a key role in attracting a fresh pool of talent, which the industry so desperately needs to keep up with evolving cyber threats.”

The qualification is underpinned by CIISec’s skills framework, which is designed to help individuals and organisations understand precisely what skills are needed to fulfil a specific role at a specific level. Students that enrol in the CyberEPQ will also have access to CIISec’s development programme, which supports individuals and their employers at all stages of their career, from apprenticeships to junior-level associates, to full members and people at the peak of their careers.

Contact the CyberEPQ team at CIISec for further information – cyberepq@ciisec.org.

https://www.ciisec.org/
https://cyberepq.org.uk/

The fastest growing threat

960 640 Guest Post

By Atech

Did you hear about the hackers who got away from the scene of the crime? They just ransomware.

There are countless evolved versions of this joke out there. Just as the jokes are evolving, ransomware attacks are evolving, too, and they are not funny. The true cost of an attack consists of both the cost of the forensic investigation, any downtime suffered, and on top of that any costs that the business agrees to pay the threat actors. The damage can have a lasting impact on the business.

According to the UK National Cyber Security Centre, there were three times as many ransomware attacks in the first quarter of 2021 as there were in the whole of 2019. And research by PwC suggests that 61% of technology executives expect this to increase in 2022. Once again, we can largely blame this on the pandemic, and the growth in the amount of activity carried out online and in digital environments.

Ransomware typically involves infecting devices with a virus that locks files away behind unbreakable cryptography and threatens to destroy them unless a ransom is paid, usually in the form of untraceable cryptocurrency. Alternatively, the software virus may threaten to publish the data publicly, leaving the organization liable to enormous fines.

Ransomware is typically deployed through phishing attacks – where employees of an organization are tricked into providing details or clicking a link that downloads the ransomware software or malware onto a computer. However, more recently, a direct infection via USB devices by people who have physical access to machines is becoming increasingly common. Worryingly there has been an increase in these types of attacks targeting critical infrastructure, including one at a water treatment facility that briefly managed to alter the chemical operations of the facility in a way that could endanger lives. Other ransomware attacks have targeted gas pipelines and hospitals.

Education is the most effective method of tackling this threat, so read on to find out what you can do to fight this threat more effectively than ever before.

Do you specialise in Browser Security? We want to hear from you!

960 640 Stuart O'Brien
Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in June we’re focussing on Browser Security solutions. It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today. So, if you’re a Browser Security solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk. Here’s our full features list: Jun – Browser/Web Security July – Authentication Aug – Penetration Testing Sep – Vulnerability Management Oct – Employee Security Awareness Nov – Malware Dec – Network Security Management

The Security IT Summit is almost here – Make sure you register today!

960 640 Stuart O'Brien

Have you claimed you free place at the next Security IT Summit. If not, sign up today, as delegate spots are being snapped up quickly!

Wednesday 29th June – Hilton London Canary Wharf

This unique event is entirely FREE for you to attend – simply reserve your place here.

  • Source new innovative and budget-saving suppliers
  • Attend inspirational seminar sessions from industry thought-leaders
  • Network with like-minded peers
  • Enjoy complimentary lunch and refreshments

Register now to avoid disappointment or contact us for more information.

‘Simplicity is the ultimate sophistication’ for Access Control

960 640 Guest Post

By Tim Boivin (pictured), Marketing Director, PortSys

Leonardo DaVinci’s philosophy in the headline has never rung so true as it does today in IT – especially when we’re talking about providing users secure access in our perimeterless world.

If your access approach is wrong, your risk of being hacked ramps up exponentially. Counterintuitively, installing more security solutions can make access less – not more – secure. Each different access solution, each port opened to the outside world, increases your attack surface.

That’s where a Zero Trust Access Control approach helps paint your own sophisticated, yet simple, security masterpiece. For instance, Total Access Control (TAC) offers single sign-on to a central portal that gives users seamless, secure access to resources they need to do their jobs – and only those resources.

With TAC, you can inspect every connection to evaluate a user’s full context – including robust endpoint inspection, credentials verification, device validation, location of the user and more – prior to granting access to any resources, local or cloud. In addition, each connection to each resource through TAC must first pass the security policies you set – and not those set by some third party such as a cloud provider – before that access is granted.

With TAC’s microsegmentation, users are granted access only to the specific resources they are authorized to access, effectively making users captive within the application resources – rather than gaining access to your entire network infrastructure. Each resource can also have its own rules for access – an advanced level of microsegmentation that allows for variable or even partial secure access to resources, based on the user’s context of access for each request.

TAC makes the lives of end users and administrators alike much simpler, so they can focus on doing their jobs instead of trying to remember what password works where for which application. Along the way, your security becomes much more sophisticated in its ability to close the gaps across your infrastructure and keep hackers out.

That’s an IT security masterpiece Leonardo DaVinci would be proud to paint.

To learn more about TAC, watch our video.

Security IT Summit: Don’t miss June’s essential event for cybersecurity leaders

960 640 Stuart O'Brien

We have a free place waiting for you at next month’s Security IT Summit. Can you join us?

Wednesday 29th June – Hilton London Canary Wharf

This unique event is entirely FREE for you to attend – simply reserve your place here.

  • Source new innovative and budget-saving suppliers
  • Attend inspirational seminar sessions from industry thought-leaders
  • Network with like-minded peers
  • Enjoy complimentary lunch and refreshments

Register now to avoid disappointment or contact us for more information.