it security Archives - Security IT Summit | Forum Events Ltd
Posts Tagged :

it security

The four biggest mistakes in IT security governance

960 640 Guest Post

By Atech

Intelligent IT security and endpoint protection tools are critical components of security governance, and the stakes within today’s threat landscape have never been higher.

A lapse in identity protection or zero trust networks could spell financial disaster for a company. We know that attacks are increasing in sophistication and frequency, and in cost with research showing the average cost of a data breach at an eye-watering $4.24 million.

But what about the other end of the spectrum? How can companies identify and rectify issues in their security governance before they become a problem?

#1 Not realising you are a target with less-than-perfect cloud IT security

Many business leaders using cloud data storage mistakenly believe they are not vulnerable to security breaches from outside attackers. However, this is not the case.

The barriers to entry in becoming a cybercriminal are incredibly low, yet the cost to a brand’s reputation is staggeringly high. Furthermore, fines issued to businesses for not adequately managing customer data are also extremely costly.

Therefore, IT leaders need reliable security governance systems and full visibility over user data, secure identity and access management protocols, encryption, and more.

Businesses can update their IT security playbook by partnering with managed security service providers. By understanding the distinct accreditations that service providers display, solution specialisms can be distinguished from operating procedures, to build a real picture of how the service aligns with your business’ needs. You need to receive timely guidance on the latest cloud security threats and how to mitigate them and how to remediate fast. This can only come with in-near-real-time insights of behaviours and attacks and with the expert support of a security operations centre, carrying an industry recognised accreditation such as CREST.

We outline the biggest mistakes in IT security governance and provide a comprehensive view of today’s cloud security challenges and how best to tackle them as an organisation. Read on to identify the other critical mistakes you could be making.

OPINION: Local authorities shouldn’t be daunted when moving to the cloud

960 640 Stuart O'Brien

Local Authorities are under intense pressure to escalate Digital Transformation strategies while also dramatically reducing IT costs, achieving public sector sustainability goals and extending citizen self-service access to key services. With stretched in-house resources and a widely acknowledged skills shortage, the existing IT team is dedicated to keeping the lights on for as long as possible.

With many councils asking where they can find the time, resources or confidence to advance a cloud-first strategy, Don Valentine, Commercial Director, Absoft outlines five reasons for why embracing ERP in the cloud right now will actually solve many of the crisis facing public sector IT…

Unprecedented Challenge

Local Authority IT teams are facing incompatible goals. Is it possible to cut the IT budget by £millions per year over the next five years while also replacing an incredibly extensive legacy infrastructure with an up to the minute cloud based alternative? Or improve operational processes and ramp up citizen self-service while also ensuring stretched staff across departments have constant, uninterrupted access to the information and systems they need to be effective and productive?

With so many stakeholders to satisfy, the future looks daunting. But there are many reasons why Local Authorities should be confident to embrace a cloud-first strategy and the latest ERP solutions.

To read for article, hop on over to our sister site FM Briefing here.

IT security solutions – 2022 buying trends revealed

960 640 Stuart O'Brien

Authentication, Compliance and Cloud Web Security top the list of services the UK’s leading IT security professionals are sourcing in 2022.

The findings have been revealed ahead of July’s Security IT Summit and are based on delegate requirements at the upcoming event.

Delegates registering to attend were asked which areas they needed to invest in during 2022 and beyond.

Authentication was most in-demand, followed by Compliance and Cloud Web Security.

Just behind were Multi-Factor Authentication, Employee Security Awareness and Identity Access Management.

% of delegates at the Security IT Summit sourcing certain products & solutions (Top 10):

  • Authentication
  • Compliance
  • Cloud Web Security
  • Multi-Factor Authentication
  • Employee Security Awareness
  • Identity Access Management
  • Penetration Testing
  • Phishing Detection
  • Risk Management
  • UK Cyber Strategy

To find out more about the Security IT Summit, visit https://securityitsummit.co.uk.

IT security in 2022 – what you need to know

960 640 Guest Post

By Jack Rosier of QMS International, one of the UK’s leading ISO certification bodies

We’re living in the age of computers, with technology playing a more important role in our lives with each passing year. With the pandemic acting as a catalyst for increasing digitalisation, 2022 is likely to see more technology usage than ever before – so businesses need to make sure they’re prepared.

Embracing technology has been great for us as a global community in many ways. For example, it has enabled people and businesses to almost seamlessly shift to remote or hybrid working models, with a plethora of collaborative software to utilise.

However, this can be a double-edged sword. The more technology organisations interact with, the more opportunities for cyber criminals to launch cyber-attacks.

At the beginning of 2021, QMS International carried out a cyber security survey among businesses and 75.7% of the respondents reported that they now felt more open to attack. Another 10% reported that they had no confidence in fending one off.

This stresses the importance of understanding what good IT security looks like and how you can protect your business, employees, clients and stakeholders from dangerous and costly cyber-attacks. If organisations and individuals are aware of best practises and show due diligence in cyber security protocol, there is minimal reason to worry.

In this article, the experts at QMS International take you through potential risks to IT security in 2022, upcoming changes that might affect businesses, and best practises to implement to ensure cyber operations are completely secure.

Ransomware

The Chief Executive of the UK’s National Cyber Security Centre, Lindy Cameron, has warned that ransomware is “the most immediate danger to UK businesses” and all organisations could be at risk of cyber-attacks through the use of ransomware.

According to an analysis of reports made to the UK’s Information Commissioner’s Office (ICO) by CybSafe, the number of ransomware incidents in the first half of 2021 doubled compared to the number reported in the first half of 2020.

Ransomware is a type of malicious software which cyber criminals deploy on an unsuspecting person’s computer network in order to encrypt their files.

​​If a cyber-criminal is successful in doing this, it enables them to extort the victim into paying large fees to decrypt their files and make them accessible again.

Nowadays, most people tend to have their data backed up somewhere, whether it be on an external hard drive or on the Cloud. Most cyber criminals have clocked onto this and now threaten to release stolen files online. This same threat has also been used on those who have refused to pay the criminal.

Often, cyber criminals will target customer service and HR teams as they are easily reachable employees who hold information valuable to the cyber-criminal.

It’s absolutely crucial that organisations ensure they’re well equipped to prevent ransomware attacks in the coming year, and make sure all employees have a fundamental understanding of how to spot and avoid potential ransomware attacks.

Spear phishing

With the pandemic forcing people to adopt new technologies, cyber criminals have been using different methods to carry out their attacks. One method that seems to have gained popularity has been spear phishing.

Spear phishing is a type of digital communication scam that targets a specific individual or organisation. It’s designed to trick unsuspecting victims into clicking a link and willingly giving away their credentials. Unlike conventional phishing, which is a broader approach to the same goal, spear phishing is a lot more personal, and can be a lot more deceiving.

In order to prevent spear phishing attacks, organisations should create filters which flag incoming emails as either internal or external, which allows the recipient to see if somebody is trying to trick them.

Additionally, organisations should ensure employees are educated to understand what spear phishing is and how it can be prevented. This information can be simply delivered through eLearning on cyber security.

Remote or hybrid working

Over the past two years, the various lockdowns and a shift in attitudes has led to businesses adopting mass remote working or moving into hybrid working models. Now, in 2022, it’s clear to see that the movement towards remote and hybrid working is here to stay, with 85% of managers believing that having teams with remote workers will become the new norm.

However, remote working presents a number of challenges to an organisation’s cyber security. Data supplied by Darktrace to The Guardian revealed that the proportion of attacks targeting home workers rose from 12% of malicious email traffic in March 2020 to more than 60% six weeks later when the nation was in lockdown.

Risks like unsafe networks, digital file sharing, and outdated software make up part of a long list of risks that should be addressed by all organisations with remote workers.

These risks should not put off organisations from allowing employees to work remotely, but instead should encourage all businesses to ensure their cyber security policies are up to date and cover remote working responsibilities.

Training employees, carrying out risk assessments, making sure workers are using secure connections, and introducing robust information management frameworks will all help protect your business during hybrid or remote working.

Create a culture of IT security in 2022

From larger businesses to SMEs and start-ups, creating a culture of security is one of the most effective ways to protect your business against all types of cyber-attack in 2022 – and you can do this through ISO 27001 and ISO 27002.

ISO 27001 is the internationally recognised Standard which provides the framework for a comprehensive Information Security Management System (ISMS). It implements 114 legal, physical and technical risk controls that allow an organisation to carry out robust information management.

It’s set to be updated in the coming months to reflect the current challenges to an organisation’s IT security – making 2022 a great time to put in place a futureproof framework to protect your business.

Another Standard receiving an update in 2022 is ISO 27002 – the code of practice for an ISMS, which provides details on the requirements and controls in ISO 27001. Again, this update will make sure ISO 27002 reflects and addresses the current challenges businesses face in relation to IT security.

Adopting the latest versions of these Standards is a great way to give your business all-round protection in 2022 and beyond – so you can reassure your stakeholders and clients, fulfil your legal obligations, and keep your information secure at all times.

Forrester Consulting research shows Human Layer Security is the solution security leaders have been looking for

960 640 Stuart O'Brien

A commissioned study conducted by Forrester Consulting on behalf of Tessian  shows that Security and Risk leaders feel little control over risks posed by employees.

On the other hand, organisations that deploy Human Layer Security technology feel more prepared to face email security threats and data breaches, demonstrating a higher level of security maturity.

Key insights from the study include:

  • Nearly 40% of organisations report 10+ employee-related email security incidents per month
  • 61% of our survey respondents think an employee will cause their next data breach
  • Over 75% of  firms report that 20% or more email security incidents get past their existing security controls
  • One-third say they lack visibility into threats and risky behaviours
  • Organisations spend up to 600 hours per month resolving employee-related email security incidents
  • 42% of security and risk leaders are looking to improve their email security postures

Read the complimentary Forrester Consulting study to understand why Human Layer Security solutions are necessary to achieve the full value of your existing security tech stacks in a way that empowers employees while achieving maximum protection.

WHAT IS HUMAN LAYER SECURITY? 

Human Layer Security (HLS) automatically detects and prevents threats by understanding human communication patterns and behaviour, building a unique security identity for each and every employee, and continuously improving their security reflexes over time.

Security and risk leaders who take a Human Layer believe their email security posture is extremely effective at alerting the organisation to potential attacks/threats from users’ risky behaviours or poor security decisions. Meanwhile, those who don’t take a Human Layer approach feel less control over business disruptions.

Want to learn more about the impact of Human Layer Security? Download the full study.

You can also book a demo to see Tessian’s Human Layer Security platform in action.

International Fraud Awareness Week – Hear from the experts

960 640 Stuart O'Brien

Fraud is not a new concept – far from it. Since the dawn of time, fraudsters have looked to take advantage of circumstance and innocent people have fallen victim as a result. But, in our digital age, fraud is more prevalent than ever before. That’s why this International Fraud Awareness Week, we spoke to three experts in the field; to find out more about how organisations can protect themselves and their customers. Here’s what they had to say:

Ben Fraser, Global Head of Business Development, Insurance at Endava  

“As we enter International Fraud Awareness Week this year, it’s a startling realisation that fraud continues to plague consumers despite leaps and bounds in cybersecurity. Last year alone, scam attempts rose by 33%, resulting in £2.3bn in losses for consumers. As fraud continues to rise, the question needs to refocus not just on how we can prevent fraud, but also how consumers can take matters into their own hands.

“Part of the answer the answer may lie within embedded insurance, which allows insurers to reach consumers where they live and work: through offering solutions when they’re needed most, whether that’s while consumers are shopping online, checking their bank details, comparing cars for purchase, or looking for vets. 

“The concept of embedded insurance exists in a limited form today. There is, however, plenty of opportunity for insurers to better integrate solutions to eliminate the effort in consumers having to seek out support themselves, making it easier than ever to protect themselves from bad actors across their digital footprints. 

“As we head into International Fraud Awareness Week, hopefully we will see more of just that: better awareness of how technology can accelerate and combat the multiple threats we’ve see escalate as we all move toward a digital-first lifestyle. Making sure consumers have easy access to insurance is one – but one critical – element of that, and will go a long way in making sure consumers feel safe when heading online, flashing some cash, or hitting the road.”

Raj Samani, Chief Scientist and McAfee Enterprise fellow:

“International Fraud Awareness Week comes as a timely reminder that enterprises and individuals should all take time to shore up their cyber defences. The threat landscape is constantly evolving, and cybercriminals are expanding their tactics and target groups. As well as posing a threat to individuals across the country, fraud and scams intensify the threat for businesses. Today, many employees are accessing work files and information across both corporate and personal devices, meaning that while criminals could be targeting an individual, the end goal could be accessing sensitive enterprise information. Unfortunately, this threat has continued to increase due to the pandemic, with our research finding that 57% of UK organisations experienced increased cyber threats during COVID-19.

“To tackle rising fraud threats, businesses need to educate their workforce on best practices, such as reporting any suspicious activity, questioning whether a link is dodgy, or thinking before accepting an unknown phone call. Employees must be aware of and vigilant against threats to avoid making it too easy for criminals to cash in on both personal and company data.   

“It is also crucial that organisations deploy the necessary security protections across their enterprise. For example, they should adopt a Zero Trust mindset that can help them maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary. By taking these measures, organisations can rest easy knowing that they have taken the correct steps to protect themselves and their workforce from cyber-led scams.”

Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance Communications

“Fraud Awareness Week acts as a reminder to businesses and consumers alike that cyber security solutions and fraud prevention tools are no longer optional, especially in our current climate. Indeed, new research from Nuance has found that on average victims of fraud lost over £3,300 each in the last 12 months – three times higher than in 2019.”  

“As we transition into a post-pandemic world of remote working, shopping and socialising, it has never been more important for businesses to ensure that users are provided with a more sophisticated and secure experience. Now is the time to confine PINs and passwords to the history books, so that modern technologies – such as biometrics – can be more widely deployed in order to robustly safeguard customers. 

“Biometric technologies authenticate individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by scammers and providing peace of mind, as well as security, for end-users.” 

INDUSTRY SPOTLIGHT: HANDD Business Solutions

960 640 Stuart O'Brien

HANDD Business Solutions (HANDD) are a data-centric cyber security service partner providing software sales, delivery, and support to organisations across the globe. Operating in the IT security channel market for 15 years, HANDD concentrate solely on data security rather than the wider security challenges organisations face.

Every platform inside the HANDD product portfolio is designed to keep your organisations information secure regardless of which stage of the data lifecycle it may be.

HANDD have chosen a suite of solutions which help secure data from its initial creation, whilst at rest, during transit and whilst it’s being used by your organisation. To accomplish this in conjunction with the HANDD ethos of Discover, Classify, Protect, we offer services to cover a lot of the challenges experienced by privacy and IT personnel.

Platforms such as data discovery to understand where sensitive information or data subject to regulatory compliance might exist, both on premise and in cloud environments, as well as structured and unstructured formats. This also extends to remediating the inevitable issues exposed once this data is identified.

Applying persistent classification markings to identify data rapidly, benefiting downstream and upstream systems in quicker decision making.

A raft of protection platforms to ensure data is used safely and not lost through insider threat, accidental data loss or malicious actors on the outside. Understanding where employees meet data, what levels of access are required to do their jobs and to notify when people or processes start to use that data differently to the norm.

There’s always plenty of choice when it comes to who to turn to in data security. Hundreds of vendors and resellers all vying for your business. What sets HANDD apart is their dedication to data security. We’re not interested in selling endpoint security or firewalls, we hand pick the best of breed vendors we work with and ensure the highest standards of cutting-edge technology is delivered.

HANDD are truly customer focused, compared to a vendor whose sole objective is to secure you business for their offering, HANDD offer independent advice and above and beyond services both pre and post-sale. HANDD pride themselves on delivering the right software fit into your organisation, including integration with existing security stack.

By offering a vendor agnostic outlook, HANDD have vast experience when it comes to delivering data security projects to organisations in over 27 countries. Be that initial implementation, upgrades, bespoke configuration or migration from one tool to another.

If you’ve a data security or data privacy project, then consider reaching out to a HANDD data security specialist for advice www.handd.co.uk

How can businesses maintain IT security in a hybrid working model?

960 640 Guest Post

By Claire Price of QMS International, one of the UK’s leading ISO certification bodies

Businesses now have the green light to go back to work, but your organisation may not be returning to its old working practices. So, if a hybrid model is being adopted, what can you do to ensure that information stays secure?

The introduction of more widespread homeworking has certainly piled on the pressure for businesses’ IT security.

At the beginning of 2021, QMS International carried out a survey of businesses about their cyber security and 75.7% of the respondents reported that they now felt more open to attack. Another 10% reported that they had no confidence in fending one off.

And businesses have a right to be worried. According to analysis of reports made to the UK’s Information Commissioners Office (ICO) by CybSafe, the number of ransomware incidents in the first half of 2021 doubled compared to the number reported in the first half of 2020.

Malicious emails have also been redirected to attack those working from home. Data supplied by Darktrace to The Guardian revealed that the proportion of attacks targeting home workers rose from 12% of malicious email traffic before the first lockdown in March 2020 to more than 60% six weeks later. With homeworking becoming more of a permanent fixture in business models, this trend is likely to continue.

While hybrid working offers your team the best of both worlds when it comes to office and home working, it also leaves your business open to the unique risks associated with both, with the added bonus of those linked to transport and travel.

But this doesn’t mean you have to abandon this new way of working. With the right processes in place, you can ensure your information stays secure, no matter where your staff are based.

Carry out a risk assessment

First things first – you must carry out a risk assessment.

Knowing the precise risks your business faces is key to developing methods of removing or mitigating them, but assessments like this are often overlooked. In fact, QMS’ cyber report found that 30% of respondents admitted that no new information security risk assessments had been carried out, despite changes to working practices.

Discover the risks, analyse their likelihood, and then decide if and how they can be controlled. This will give you the grounding you need to build your wider hybrid IT strategy.

Train and test your team

With cyber-attacks on the rise and remote workers being more vulnerable, it’s crucial that your hybrid team know what to look for and, just as crucially, how to report anything suspicious. The best way to do this is through training, which can now be carried out very effectively via e-learning.

This training should cover common cyber-attacks – such as phishing emails – how to spot them, the fundamentals of social engineering, and how to report suspicious activity. Ideally, this training should be refreshed regularly as new cyber threats emerge. You may also like to include training on the safe use of video calls and how to ensure video cameras are switched off when not in use.

To ensure your team have absorbed what they’ve learnt, carry out penetration testing. This involves crafting fake phishing emails and sending them out to your employees. What they do will give you an idea of whether your training has been effective.

Address access

When your hybrid team aren’t in the workplace, they will need to access servers and files remotely. This will often be via a VPN (Virtual Private Network), so you need to ensure that this is as secure as possible.

Remote workers will also be relying on their home Wi-Fi, but this may not be as secure as the Wi-Fi in your office. Your team should therefore be encouraged to create strong passwords – not the default ones on the base of the router.

Workers need to be cautioned against the use of free Wi-Fi hotspots too. It’s possible that your workers may want to use it to work on the train, for example, or in a coffee shop. However, public Wi-Fi is notoriously unsecure, and your workers should be cautioned against using it.

Think about physical protection

If your workers are going to be travelling between locations, then they are going to have to carry equipment such as laptops, phones and removable media with them. If something is lost or stolen, your business information could be compromised. Indeed, IBM’s Cost of a Data Breach report revealed that around 10% of malicious breaches are due to a physical security compromise.

A solid back-up protocol is key to ensuring that any lost information can be recovered. A robust password and access process are also musts – you may want to think about two-factor authentication to make logging in more secure. Make sure you also have a protocol in place so that if your team do report something as lost or stolen, you can act quickly.

When working remotely, you need to ensure that your staff keep their physical devices safe too. Equipment should be kept out of sight when not in use and papers stored away. If your workers are printing content, you may also need a safe disposal or destruction policy in place.

To prevent prying eyes seeing something they shouldn’t, workers should lock their screens when away from their workspace, whether they’re in the office or at home. And if any of your team do want to work while in public, they should be cautioned about the kind of work they perform – who knows who’s sitting next to you?

Create a culture of security

If you really want to take information security to the next level, you may want to consider a more wide-reaching measure such as ISO 27001.

ISO 27001 is the international Standard for information security management, and it is designed to help organisations integrate information security into every aspect of business.

Its 114 controls tackle every angle of security, including physical, legal, digital and human, bringing them together to enable you to maintain compliance and showcase to employees, customers and stakeholders that you have the processes in place to protect information from theft and corruption.

Going forward, it could give you the framework you need to adapt your practices to suit your new hybrid working model and any changes in the future.

Varonis Systems

WEBINAR: Keeping critical national infrastructure secure

960 640 Guest Post

Cyber-attacks are now arguably the biggest threat to the UK’s national infrastructure. In recent months we have seen ransomware on food production and fuel transportation wreak havoc in the United States. So how are we keeping the UK safe?

Join Varonis Field CTO, Brian Vecci, as we host a panel session with senior experts from Sellafield Ltd, Royal BAM, The National Cyber Security Centre and more on Friday 10th September at 2pm.

We will discuss the threat landscape, responding to breaches and how to implement controls and provide visibility across expansive and complex IT estates.

Our panelists and IT experts will also dive into;

  • Real life war stories of APT attacks and more
  • The actual cost of a breach and how to recover
  • Understanding and implementing NIS directives
  • Common entry points for attackers
  • Supply chain attacks

Register here for your exclusive Zoom invite link to the session.

IT security solutions: 2021 buying trends revealed

960 640 Stuart O'Brien

Security Analytics, Cloud Web Security and Access Control top the list of services the UK’s leading IT security professionals are sourcing in 2021.

The findings have been revealed by the Security IT Summit and are based on delegate requirements at this summer’s recent event.

Delegates registering to attend were asked which areas they needed to invest in during 2021 and beyond.

A significant 29.4% are looking to invest in Security Analytics, following by Cloud Web Security (33.3%) and Access Control (30.3%).

Just behind were Business Continuity (30.3%) and Application Security (27.3%).

% of delegates at the Security IT Summit sourcing certain products & solutions (Top 10):

Security Analytics 39.4%
Cloud Web Security 33.3%
Access Control 30.3%
Business Continuity 30.3%
Application Security 27.3%
Identity Access Management 27.3%
Penetration Testing 27.3%
Red Teaming 27.3%
Supplier Due Diligence 27.3%
Compliance 24.2%

To find out more about the Security IT Summit, visit https://securityitsummit.co.uk.

  • 1
  • 2