HANDD Archives - Cyber Secure Forum

5 Minutes With… HANDD Business Solutions’ Sam Malkin

https://cybersecureforum.co.uk/wp-content/uploads/2021/10/scott-graham-5fNmWej4tAA-unsplash-1-1.jpg 480 320 Stuart O'Brien Stuart O'Brien https://secure.gravatar.com/avatar/81af0597d5c9bfe2231f1397b411745a?s=96&d=mm&r=g 6th October 2021 21st October 2021

By: Stuart O'Brien

6th October 2021

In the latest instalment of our IT security industry executive interview series we spoke to Sam Malkin (pictured, right), Lead Solutions Architect at HANDD Business Solutions, about the company, the security challenges presented by the shift to home working, the opportunities it also creates and the potential of Gaia-X…

Tell us about your company, products and services.

HANDD Business Solutions, a data-centric cyber security service partner. Headquatered in the UK providing services globally to protect and manage data throughout it’s lifecycle, At-Rest, In-Transit, In-Use and when it’s created.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

Without a doubt the obvious challenge is the shift to remote and hybrid working. Many different areas arise because of this, securing BYOD, understanding privilege access, accelerated cloud adoption, data proliferation. The list is enormous, many organisations were forced to adopt new technologies to protect the health of their workforce. This meant forgoing the usual processes around procurement, security, privacy etc just in order to keep the lights on. We also saw Brexit and things like the Schrems II which always keeps us on our toes.

And what have been the biggest opportunities?

Ironically enough the shift to remote and hybrid working. New technology adoption and moves into as-a-Service type models give lots of flexibility and quite often cost savings. People can realise opex-v-capex models. Luckily for us regardless of the location data needs managing and securing.

What is the biggest priority for the IT security industry in 2021?

Unfortanately I think it’s probably still going to be around remote working and transitioning back into the office. Safe collaboration platforms and things like CASB, Zero Trust Networks and Identity management platforms for me. VDI vendors are probably going to do alright again.

What are the main trends you are expecting to see in the market in 2022?

I’m expecting new legislation across the world around data privacy, data residency etc. Insider threat and accidental data loss safeguarding will no doubt feature as folk continue to resist going back to the traditional workplace. I’d love to see some organisations develop a dedicated privacy function within their organisation, taking data privacy seriously and running it alongside a traditional SoC.

What technology is going to have the biggest impact on the market this coming year?

Edge Computing is something I’m very intriqued by. I’m looking forward to seeing how enterprises can adopt this and the challenges in securing that. I’m also hearing lots of good things from analysts about Privalege Access Management. With administrators being outside the office understanding what and who are making changes is going to be crucial.

In 2025 we’ll all be talking about…?

Gaia-X hopefully – it aims to create a federated open data infrastructure based on European values regarding data and cloud sovereignty. https://www.gaia-x.eu/

Which person in, or associated with, the IT security industry would you most like to meet?

Linus Torvalds.

What’s the most surprising thing you’ve learnt about the IT security sector?

I’m often surprised by the lack of security in some organisations. And where those organisations prioritise spending.

You go to the bar at the Security IT Summit – what’s your tipple of choice?

An IPA, the quirkier the better. I’ve been referred to as a “craft beer snob” on more than one occasion!

What’s the most exciting thing about your job?

Without a doubt meeting customers, understanding how they’re using the technology and ultimately solving their problems. Pre-pandemic, actually visting a customer site always gave me a buzz, shaking hands and having a coffee whilst talking data security. Perhaps that makes me a little sad?

And what’s the most challenging?

No customer environment is the same. We’re fortunate enough to work with very flexible software which means I’m often trying to swot up on something to integrate with. It means I never stop learning though which is something I also get a buzz about. Particularly if it means doing some engineering in a lab or testbed.

What’s the best piece of advice you’ve ever been given?

No one ever got fired for being early.

Succession or Stranger Things?

I had to Google this to work out what I was being asked, so neither. We do watch a lot of Paw Patrol and Cricket in my house!

Agari Report: New BEC scam 7X more costly than average, bigger phish start angling in

https://cybersecureforum.co.uk/wp-content/uploads/2021/04/agari-image.jpg 960 640 Stuart O'Brien Stuart O'Brien https://secure.gravatar.com/avatar/81af0597d5c9bfe2231f1397b411745a?s=96&d=mm&r=g 7th April 2021 6th May 2021

By: Stuart O'Brien

7th April 2021

Sophisticated threat actors, evolving phishing tactics, and a $800,000 business email compromise (BEC) scam in the second half of 2020 all signal trouble ahead, according to analysis from the Agari Cyber Intelligence Division (ACID).

After attacks on Magellan Health, GoDaddy, and the SolarWinds “hack of the decade,” one thing is distressingly clear. Phishing, BEC, and other advanced email threats continue to be one of the most effective attack vectors into organisations. And it’s getting worse.

Throughout the second half of 2020, ACID uncovered a troubling rise in eastern European crime syndicates piloting inventive forms of BEC. Indeed, the state-sponsored operatives launching attacks from pirated accounts in the SolarWinds attack were just a few of the sophisticated threat actors moving into vendor email compromise and other forms of BEC.

But in November, a sudden surge in the amount of money targeted in BEC scams could be tracked back to the resurgence of one particular source—the threat group we’ve dubbed Cosmic Lynx.

After sewing chaos with COVID 19-themed scams earlier in the year, the group’s tactics shifted toward vaccine ruses. More alarmingly, the group’s emails also started requesting recipients’ phone numbers in order to redirect the conversation. It’s unclear if the request is designed to disarm recipients or if actual phone messages or conversations are now part of the con.

The second biggest driver behind the late-year increase in the amount sought in BEC scams is a potent new pretext—capital call investment payments. Capital calls are transactions that occur when an investment or insurance firm seeks a portion of money promised by an investor for a specific investment vehicle.

In emails to targets, BEC actors masquerade as a firm requesting funds to be transferred in accordance to an investment. Because of the nature of such transactions, the payments requested are significantly higher than the average $72,044 sought in wire transfer scams during 2020. The average payout targeted in these capital call cons: $809,000.

To learn more about the latest trends in phishing, BEC scams and advanced email threats and how to stop them, request information at https://www.handd.co.uk/agari-secure-email-cloud/.

Employees are companies’ biggest data security risk

https://cybersecureforum.co.uk/wp-content/uploads/2017/08/data-1590455__340.jpg 960 649 Stuart O'Brien Stuart O'Brien https://secure.gravatar.com/avatar/9defd7b64b55280442ad2d7fb546a9db?s=96&d=mm&r=g 7th August 2017 27th September 2017

By: Stuart O'Brien

7th August 2017

A consensus study commissioned by data security specialist HANDD Business Solutions (HANDD) has revealed that nearly a quarter of IT professionals believe that the behaviour of employees and their reactions to social engineering attacks – which can trick them into sharing user credentials and sensitive data – poses a big challenge to data security.

The survey of 304 IT professionals in the UK shows that 21 per cent of respondents say regulations, legislation and compliance will be one of the two greatest business challenges to impact data security. The General Data Protection Regulation (GDPR) is causing real concern among professionals in their bid to be compliant by the deadline, which is less than 12 months away. GDPR will not only raise the privacy bar for companies across the EU, but will also impose extra data protection burdens on them.

HANDD CEO and co-founder Ian Davin commented: “Companies must change their mindset and look at data, not as a fungible commodity, but as a valuable asset. Data is more valuable than a pot of gold, which puts companies in a challenging position as the stewards of that data. C-suite executives must understand the data protection challenges they face and implement a considered plan and methodical approach to protecting sensitive data.”

41 per cent of those surveyed assign the same level of security resources and spend for all company data, regardless of its importance. Analysing and documenting the characteristics of each data item is a vital part of its journey through an organisation. A robust data classification system will see all data tagged with markers defining useful attributes, such as sensitivity level or a retention requirement and ensuring that an organisation understands completely which data requires greater levels of protection.

“Employees are probably your biggest asset, yet they are also your weakest link, and so raising user awareness and improving security consciousness are hugely important for companies that want to drive a culture of security throughout their organisation,” commented Danny Maher, CTO at HANDD.