security Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts Tagged :

security

WEBINAR REWIND: The next generation of secure digital communications – Why now and why it matters

960 640 Stuart O'Brien

Don’t worry if you missed December’s fantastic Zivver webinarThe next generation of secure digital communications – Why now and why it matters – You can now watch the entire session again online!

Regulatory reforms, digital transformation, hybrid working… The business landscape continues to evolve and the need for secure and compliant digital communications solutions is higher than ever. The current state of communications security cannot keep pace.

By watching the webinar you’ll get practical insights from Zivver’s panel of industry leaders, security experts and end-users as they discuss the impact and value of a new generation of digital communications security. There’s discussion around how new solutions can empower secure work with maximum effectiveness and minimal disruption, as well as:

  • The evolution of 3rd generation secure digital communications: Why now and why it matters
  • Creating an empowering ‘secure-first’ lifestyle: How to enable employees to succeed through smart technology, while alleviating pressure and reducing the need for training

The panel also investigates Zivver’s perspective on this and how it is shaping our innovation today and in the future.

Panel participants include:

  • Stephen Khan: Global Head of Tech & Cyber Security Risk (former security exec HSBC)
  • Vinood Mangroelal: Executive Vice President, KPN Health
  • Brenno de Winter: Chief Security and Privacy Operations, Ministry of Health, Welfare and Sport Netherlands
  • Sarah Judge: Digital operational lead & CCIO, West Suffolk NHS Foundation Trust
  • Wouter Klinkhamer: CEO and Co-founder, Zivver
  • Robert Fleming: CMO, Zivver
  • Kelly Hall: VP, Corporate Communications & Campaigns, Zivver

What you’ll take away

Find out how your organization can embed security into everyday workflows to empower effective working, and gain actionable insights on how to enable people to secure their digital communications with minimal disruption.

Watch Again Now

Cybersecurity in 2022: A view from the experts

1024 682 Stuart O'Brien

There is no doubt that this year has been a year of disruption, change and opportunity within the cybersecurity industry. With 2022 on the horizon, find out what the experts have to say about the top trends impacting the industry now and what to look out for in the future…

Carlos Morales, VP Solutions, Neustar Security Solutions:

“Cybercrime has become a lucrative and mature market. We have witnessed the proliferation of extortion tactics and the huge disruption they can cause to both public and private interests. Meanwhile, criminal groups have openly collaborated with peers – aligning their strategies, picking targets, and agreeing on safe-havens. This sophistication, combined with a booming market, means that what were once individual criminal ‘groups’ and malicious actors are now fully-fledged criminal enterprises, providing as-a-service offerings and malware licenses to established customer bases and target markets.

“As a result, we will see stronger strains of existing well-known malware and refined attack strategies emerge, while targets become ever more ambitious. What’s (or rather, who’s) next? Public infrastructure and large, private businesses that provide vital services (like cloud providers or data centres) will likely remain at the top of the target list – with the risk of the potential knock-on effects making paying-up an enticing offer. Organisations really need to implement an ‘always on’ approach to network security to ensure fast and automated responses to attacks and they need to partner with security providers that continually evolve their defence capabilities.  These new best practices offer far, far more cost-effective in the long run and provide peace of mind for organisations.”

Jim Hietala, Vice President of Business Development and Security, The Open Group

“2021 saw the emergence of Zero Trust security architecture as the forward-looking security architecture, and as a consequence, we also saw vendors using and abusing Zero Trust in their messaging. In 2022, we expect to see Zero Trust move from concept to practical implementation, with the availability of more vendor-neutral industry standards and best practices, including reference models and architectures that will help end users to build viable, multi-vendor security architectures based on Zero Trust principles. Open standards will be key to this development.”

Stephan Jou, CTO Security Analytics, Interset at CyberRes, a Micro Focus Line of Business

“All indications are that AI technologies will be increasingly prevalent in cybersecurity. This includes everything from the increasing adoption of technologies like UEBA by enterprises, surveys that show investment in AI by SOC teams, and the adoption of ML and other AI methods by SIEM, IAM and other systems.

“However, the types of AI that will be adopted in 2022 will be focused on specific, battle-tested techniques such as statistical learning, anomaly detection, and (in a more limited capacity) NLP. Certain areas of AI research, such as large language models (like GPT-3), will not be heavily adopted in 2022 for cybersecurity. This is because there is not yet a good use case match within cybersecurity for those technologies, and also because the computationally expensive and non-transparent nature of these approaches do not lend themselves well to the SOC needs at present.”

Kai Waehner, Field CTO and Global Technology Advisor, Confluent

“Cyber threats are not new. However, our more and more connected world increases the risks. Successful ransomware attacks across the globe enforce enterprises to take action by implementing situational awareness and threat intelligence in real-time at scale to act proactively against cyberattacks.”

Fabien Rech, EMEA Vice President, McAfee Enterprise

“Our reliance on API-based services is rising, as they quickly become the foundations of most modern applications. This is only set to rise further in 2022, as global use of the internet, 5G, and connected devices continues to boom – this year alone, we saw a 57% increase in online activity.

“Often business-critical data and capabilities lie behind these APIs, and cybercriminals have been quick to take note of this and exploit the increase in API usage. However, attacks targeting APIs go undetected in many cases, as they are generally considered trusted paths and lack the same level of governance and security controls.

“It’s therefore critical that enterprises make API security a priority next year. Organisations must ensure they have visibility of all application usage across their systems, with the ability to look at consumed APIs. Adopting a Zero Trust mindset will support this. It allows enterprises to maintain control over access to the network and all its instances, including applications and APIs, and restrict them if necessary.

“Shoring up on API security is particularly crucial amidst the current supply chain crisis, as APIs are often used as an entry vector for wider supply chain attacks due to their interconnected nature. Next year, supply chains will continue to be a prime target for hackers, and so enterprises should look one step ahead and use threat intelligence solutions to predict and prevent API attacks before they take place.”

Rory Duncan, Security Go To Market Leader UK at NTT

“This year, as we’ve started to recover from the pandemic, demonstrating effective cyber-resilience has become more crucial than ever. This will continue to be a priority for organisations as we move into 2022, as the shift towards permanent hybrid working models for many enterprises will put continued pressure on their ability to detect threats. It’s essential that businesses leaders prioritise security, especially as the trusted perimeter expands to encompass remote users.

“As businesses consider their 2022 hybrid workplace strategies, they need to revisit and re-evaluate security from the ground up and assess where they may have unwittingly created gaps in their security armour. 80.7% of IT leaders have said it’s more difficult to spot IT security or business risk when employees are working remotely, so ensuring visibility by developing a multi-pronged approach to re-imagining enterprise security will be fundamental in 2022.

“The ability to respond quickly and effectively across the distributed IT environment will be paramount next year. The number of cyber-attacks in the headlines is only rising and it’s no longer a case of “if” but “when” an attack will occur. Ultimately, your business will be more exposed if it doesn’t have the right security measures and response capability in place.”

Pritesh Parekh, VP of Engineering and Chief Trust & Security Officer at Delphix

“With intense scrutiny on how businesses prepare for and respond to breaches next year, it’s clear that security and compliance concerns will be the key determinant for any interactions with third parties – whether customers, partners, or vendors. Following the pandemic, digital guides every third party interaction – potentially exposing data as soon it moves outside of the business’s digital walls. Endpoints have become beyond critical when it comes to securing data, but you can’t always control your endpoints if they exist within another organization, right? The answer is, you must, meaning that technology vendors who don’t rise to the occasion and implement the same standards as their enterprise customers will lose business, big time.”

Keith Glancey, Director of Technology Western Europe, Infoblox

“Cybercrime is getting organised. Gone are the days of lone hackers operating from back bedrooms. Cybercriminals are banding together to form businesses, using the dark web to recruit new “talent” and advertise “jobs” they’re looking to fulfil. With bigger businesses behind attacks, the stakes are significantly higher for organisations under fire. It’s not just businesses, either – we’re seeing an increasing number of nation state-led attacks from major players like Russia, China and the US. Their target? Personal data.”

“This systematic approach to cybercrime is a continuation of a broader trend towards “as-a-service” business models. Cybercrime-as-a-Service (CaaS) brings together malware developers, hackers, and other threat actors selling out or loaning their hacking tools and services to people on the dark web. Ultimately, CaaS makes these tools and services accessible to anyone who wants to launch a cyberattack, even those without the technical knowledge to do so.”

Forrester Consulting research shows Human Layer Security is the solution security leaders have been looking for

960 640 Stuart O'Brien

A commissioned study conducted by Forrester Consulting on behalf of Tessian  shows that Security and Risk leaders feel little control over risks posed by employees.

On the other hand, organisations that deploy Human Layer Security technology feel more prepared to face email security threats and data breaches, demonstrating a higher level of security maturity.

Key insights from the study include:

  • Nearly 40% of organisations report 10+ employee-related email security incidents per month
  • 61% of our survey respondents think an employee will cause their next data breach
  • Over 75% of  firms report that 20% or more email security incidents get past their existing security controls
  • One-third say they lack visibility into threats and risky behaviours
  • Organisations spend up to 600 hours per month resolving employee-related email security incidents
  • 42% of security and risk leaders are looking to improve their email security postures

Read the complimentary Forrester Consulting study to understand why Human Layer Security solutions are necessary to achieve the full value of your existing security tech stacks in a way that empowers employees while achieving maximum protection.

WHAT IS HUMAN LAYER SECURITY? 

Human Layer Security (HLS) automatically detects and prevents threats by understanding human communication patterns and behaviour, building a unique security identity for each and every employee, and continuously improving their security reflexes over time.

Security and risk leaders who take a Human Layer believe their email security posture is extremely effective at alerting the organisation to potential attacks/threats from users’ risky behaviours or poor security decisions. Meanwhile, those who don’t take a Human Layer approach feel less control over business disruptions.

Want to learn more about the impact of Human Layer Security? Download the full study.

You can also book a demo to see Tessian’s Human Layer Security platform in action.

Cloud applications put your data at risk — Here’s how to regain control

961 639 Guest Post

By Yaki Faitelson, Co-Founder and CEO of Varonis

Cloud applications boost productivity and ease collaboration. But when it comes to keeping your organisation safe from cyberattacks, they’re also a big, growing risk.

Your data is in more places than ever before. It lives in sanctioned data stores on premises and in the cloud, in online collaboration platforms like Microsoft 365 and in software-as-a-service (SaaS) applications like Salesforce.

This digital transformation means traditional security focused on shoring up perimeter defenses and protecting endpoints (e.g., phones and laptops) can leave your company dangerously exposed. When you have hundreds or thousands of endpoints accessing enterprise data virtually anywhere, your perimeter is difficult to define and harder to watch. If a cyberattack hits your company, an attacker could use just one endpoint as a gateway to access vast amounts of enterprise data.

Businesses rely on dozens of SaaS applications — and these apps can house some of your organisation’s most valuable data. Unfortunately, gaining visibility into these applications can be challenging. As a result, we see several types of risk accumulating more quickly than executives often realise.

Three SaaS Security Risks To Discuss With Your IT Team Right Now

Unprotected sensitive data. SaaS applications make collaboration faster and easier by giving more power to end users. They can share data with other employees and external business partners without IT’s help. With productivity gains, we, unfortunately, see added risk and complexity.

On average, employees can access millions of files (even sensitive ones) that aren’t relevant to their jobs. The damage that an attacker could do using just one person’s compromised credentials — without doing anything sophisticated — is tremendous.

With cloud apps and services, the application’s infrastructure is secured by the provider, but data protection is up to you. Most organisations can’t tell you where their sensitive data lives, who has access to it or who is using it, and SaaS applications are becoming a problematic blind spot for CISOs.

Let’s look at an example. Salesforce holds critical data — from customer lists to pricing information and sales opportunities. It’s a goldmine for attackers. Salesforce does a lot to secure its software, but ultimately, it’s the customer’s responsibility to secure the data housed inside it. Most companies wouldn’t know if someone accessed an abnormal number of account records before leaving to work for a competitor.

Cloud misconfigurations. SaaS application providers add new functionality to their applications all the time. With so much new functionality, administrators have a lot to keep up with and many settings to learn about. If your configurations aren’t perfect, however, you can open your applications — and data — to risk. And not just to anyone in your organisation but to anyone on the internet.

It only takes one misconfiguration to expose sensitive data. As the CEO of a company that has helped businesses identify misconfigured Salesforce Communities (websites that allow Salesforce customers to connect with and collaborate with their partners and customers), I’ve seen firsthand how, if not set up correctly, these Communities can also let malicious actors access customer lists, support cases, employee email addresses and more sensitive information.

App interconnectivity risk. SaaS applications are more valuable when they’re interconnected. For example, many organisations connect Salesforce to their email and calendaring system to automatically log customer communication and meetings. Application program interfaces (APIs) allow SaaS apps to connect and access each other’s information.

While APIs help companies get more value from their SaaS applications, they also increase risk. If an attacker gains access to one service, they can use these APIs to move laterally and access other cloud services.

Balancing Productivity And Security In The Cloud

When it comes to cloud applications and services, you must balance the tension between productivity and security. Think of it as a broad, interconnected attack surface that can be compromised in new ways. The perimeter we used to defend has disappeared. Endpoints are access points.

Now consider what you’re up against. Cybercrime — whether it’s malicious insiders or external actors — is omnipresent. If you store sensitive data, someone wants to steal it. Tactics created by state actors have spilled over into the criminal realm, and cryptocurrency continues to motivate attackers to hold data for ransom.

Defending against attacks on your data in the cloud demands a different approach. It’s time for cybersecurity to focus relentlessly on protecting data.

Data protection starts with understanding your digital assets and knowing what’s important. I’ve met with large companies that guess between 5-10% of their data is critical. When ransomware hits, however, somehow all of it becomes critical, and many times they end up paying.

Next, you must understand and reduce your SaaS blast radius — what an attacker can access with a compromised account or system.

An attacker’s job is much easier if they only need to compromise one account to get access to your sensitive data. Do everything you can to limit access to important and sensitive data so that employees can only access what they need to do their jobs. This is one of the best defenses, if not the best defense against data-related attacks like ransomware.

Once you’ve locked down critical data, monitor and profile usage so you can alert on abuse and investigate quickly. Attackers are more likely to trigger alarms if they have to jump through more hoops to access sensitive data.

If you can’t visualize your cloud data risk or know when an attack could be underway, you’re flying blind.

If you can find and lock down important data in cloud applications, monitor how it’s used and detect abuse, you can solve the lion’s share of the problem.

This is the essence of zero trust— restrict and monitor access, because no account or device should be implicitly trusted, no matter where they are or who they say they are. This makes even more sense in the cloud, where users and devices — each one a gateway to your critical information — are everywhere.

This article first appeared on Forbes.

YAKI FAITELSON

Co-Founder and CEO of Varonis, responsible for leading the management, strategic direction, and execution of the company.

International Fraud Awareness Week – Hear from the experts

960 640 Stuart O'Brien

Fraud is not a new concept – far from it. Since the dawn of time, fraudsters have looked to take advantage of circumstance and innocent people have fallen victim as a result. But, in our digital age, fraud is more prevalent than ever before. That’s why this International Fraud Awareness Week, we spoke to three experts in the field; to find out more about how organisations can protect themselves and their customers. Here’s what they had to say:

Ben Fraser, Global Head of Business Development, Insurance at Endava  

“As we enter International Fraud Awareness Week this year, it’s a startling realisation that fraud continues to plague consumers despite leaps and bounds in cybersecurity. Last year alone, scam attempts rose by 33%, resulting in £2.3bn in losses for consumers. As fraud continues to rise, the question needs to refocus not just on how we can prevent fraud, but also how consumers can take matters into their own hands.

“Part of the answer the answer may lie within embedded insurance, which allows insurers to reach consumers where they live and work: through offering solutions when they’re needed most, whether that’s while consumers are shopping online, checking their bank details, comparing cars for purchase, or looking for vets. 

“The concept of embedded insurance exists in a limited form today. There is, however, plenty of opportunity for insurers to better integrate solutions to eliminate the effort in consumers having to seek out support themselves, making it easier than ever to protect themselves from bad actors across their digital footprints. 

“As we head into International Fraud Awareness Week, hopefully we will see more of just that: better awareness of how technology can accelerate and combat the multiple threats we’ve see escalate as we all move toward a digital-first lifestyle. Making sure consumers have easy access to insurance is one – but one critical – element of that, and will go a long way in making sure consumers feel safe when heading online, flashing some cash, or hitting the road.”

Raj Samani, Chief Scientist and McAfee Enterprise fellow:

“International Fraud Awareness Week comes as a timely reminder that enterprises and individuals should all take time to shore up their cyber defences. The threat landscape is constantly evolving, and cybercriminals are expanding their tactics and target groups. As well as posing a threat to individuals across the country, fraud and scams intensify the threat for businesses. Today, many employees are accessing work files and information across both corporate and personal devices, meaning that while criminals could be targeting an individual, the end goal could be accessing sensitive enterprise information. Unfortunately, this threat has continued to increase due to the pandemic, with our research finding that 57% of UK organisations experienced increased cyber threats during COVID-19.

“To tackle rising fraud threats, businesses need to educate their workforce on best practices, such as reporting any suspicious activity, questioning whether a link is dodgy, or thinking before accepting an unknown phone call. Employees must be aware of and vigilant against threats to avoid making it too easy for criminals to cash in on both personal and company data.   

“It is also crucial that organisations deploy the necessary security protections across their enterprise. For example, they should adopt a Zero Trust mindset that can help them maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary. By taking these measures, organisations can rest easy knowing that they have taken the correct steps to protect themselves and their workforce from cyber-led scams.”

Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance Communications

“Fraud Awareness Week acts as a reminder to businesses and consumers alike that cyber security solutions and fraud prevention tools are no longer optional, especially in our current climate. Indeed, new research from Nuance has found that on average victims of fraud lost over £3,300 each in the last 12 months – three times higher than in 2019.”  

“As we transition into a post-pandemic world of remote working, shopping and socialising, it has never been more important for businesses to ensure that users are provided with a more sophisticated and secure experience. Now is the time to confine PINs and passwords to the history books, so that modern technologies – such as biometrics – can be more widely deployed in order to robustly safeguard customers. 

“Biometric technologies authenticate individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by scammers and providing peace of mind, as well as security, for end-users.” 

INDUSTRY SPOTLIGHT: HANDD Business Solutions

960 640 Stuart O'Brien

HANDD Business Solutions (HANDD) are a data-centric cyber security service partner providing software sales, delivery, and support to organisations across the globe. Operating in the IT security channel market for 15 years, HANDD concentrate solely on data security rather than the wider security challenges organisations face.

Every platform inside the HANDD product portfolio is designed to keep your organisations information secure regardless of which stage of the data lifecycle it may be.

HANDD have chosen a suite of solutions which help secure data from its initial creation, whilst at rest, during transit and whilst it’s being used by your organisation. To accomplish this in conjunction with the HANDD ethos of Discover, Classify, Protect, we offer services to cover a lot of the challenges experienced by privacy and IT personnel.

Platforms such as data discovery to understand where sensitive information or data subject to regulatory compliance might exist, both on premise and in cloud environments, as well as structured and unstructured formats. This also extends to remediating the inevitable issues exposed once this data is identified.

Applying persistent classification markings to identify data rapidly, benefiting downstream and upstream systems in quicker decision making.

A raft of protection platforms to ensure data is used safely and not lost through insider threat, accidental data loss or malicious actors on the outside. Understanding where employees meet data, what levels of access are required to do their jobs and to notify when people or processes start to use that data differently to the norm.

There’s always plenty of choice when it comes to who to turn to in data security. Hundreds of vendors and resellers all vying for your business. What sets HANDD apart is their dedication to data security. We’re not interested in selling endpoint security or firewalls, we hand pick the best of breed vendors we work with and ensure the highest standards of cutting-edge technology is delivered.

HANDD are truly customer focused, compared to a vendor whose sole objective is to secure you business for their offering, HANDD offer independent advice and above and beyond services both pre and post-sale. HANDD pride themselves on delivering the right software fit into your organisation, including integration with existing security stack.

By offering a vendor agnostic outlook, HANDD have vast experience when it comes to delivering data security projects to organisations in over 27 countries. Be that initial implementation, upgrades, bespoke configuration or migration from one tool to another.

If you’ve a data security or data privacy project, then consider reaching out to a HANDD data security specialist for advice www.handd.co.uk

NCSC reveals role play exercises to keep home workers cyber safe

960 640 Stuart O'Brien

Business owners are being urged to help keep their home working staff safe from cyber attacks by testing their defences in a roleplay exercise devised by the NCSC.

The ‘Home and Remote Working’ exercise is the latest addition to the National Cyber Security Centre’s Exercise in a Box toolkit, which helps small and medium sized businesses carry out drills in preparation for actual cyber attacks.

Launched last year, the toolkit sets a range of realistic scenarios which organisations could face, allowing them to practise and refine their response to each.

The latest exercise – the tenth in the series – is focused on home and remote working, reflecting the fact that for many organisations this remains a hugely important part of their business.

Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, said: “We know that businesses want to do all they can to keep themselves and their staff safe while home working continues, and using Exercise in a Box is an excellent way to do that.

“While cyber security can feel daunting, it doesn’t have to be, and the feedback we have had from our exercises is that they’re fun as well as informative.

“I would urge business leaders to treat Exercise in a Box in the same way they do their regular fire drills – doing so will help reduce the chances of falling victim to future cyber attacks.”

The exercise follows a range of products developed by the NCSC – which is a part of GCHQ – to support remote working during the coronavirus pandemic, including advice on working from home and securely setting up video conferencing.

The new ‘Home and Remote Working’ exercise is aimed at helping SMEs to reduce the risk of data compromise while employees are working remotely.

The exercise focuses on three key areas: how staff members can safely access networks, what services might be needed for secure employee collaboration, and what processes are in place to manage a cyber incident remotely.

Some of the most popular exercises include scenarios based around ransomware attacks, losing devices and a cyber attack simulator which safely imitates a threat actor targeting operations to test an organisation’s cyber resilience.

As part of the exercises, staff members are given prompts for discussion about the processes and technical knowledge needed to enhance their cyber security practices. At the end an evaluative summary is created, outlining next steps and pointing to NCSC guidance.

Exercise in a Box is an evolving tool and since it was launched the NCSC has continued to work on the platform. It has recently been given a new refreshed look to make it even more intuitive for users and soon micro-exercises – ‘bite-sized’ exercises that focus on a specific topic – will be added.

Jonathan Miles, Head of Strategic Intelligence and Security Research at Mimecast, said: “This new NCSC tool is a fantastic measure and will be welcomed universally as the threat of cyber attack continues to rise. In fact, our State of Email Security shows that 91% of UK organisations believe their organisation volume of web and email spoofing will increase in the coming year, while 59% of UK organisations have observed an increase in phishing attacks over the last year. It’s important that organisations prioritise cyber security, especially at a time where remote working has become the norm and connecting corporate devices via the home router becomes commonplace. This provides greater opportunity for malicious actors to infiltrate and obtain sensitive corporate data through unsecured home devices, so it’s important that businesses educate their staff on the tell tales signs of compromise and the benefits of good cyber hygiene practices.

“Regular cybersecurity awareness education is also key. Our State of Email Security report found 56% of organisations don’t provide awareness training on a frequent basis, leaving organisations incredibly vulnerable. This is supported by further research which found that enterprises that didn’t utilise Mimecast awareness training were 5x times more likely to click on malicious links as opposed to those companies that did. Often such training and education exercises may be viewed as burdensome or tedious, but it’s crucial that organisations work to change this perception and using tools such as these provided by the NCSC and others can significantly help. Our research has identified that awareness training, which is fun, interactive, and done in intervals can significantly help with retention, in addition to bolstering cyber defence in depth.”

You can sign up for Exercise in a Box or find out more about it on the NCSC’s website.

RECOMMENDED: ANTI VIRUS

960 640 Stuart O'Brien

IT Security Briefing highlights some of the industry’s key suppliers of anti-virus solutions…

Glasswall-Logo-small-450x230

Glasswall 

Glasswall’s patented deep file inspection, remediation, sanitisation and document regeneration technology eliminates the threat from document-based malware. Glasswall processes files such as PDF, Word, Excel and image files in milliseconds, without relying on detection signatures.

Glasswall does not look for bad but ‘looks for good’, checking every byte of a document against the manufacturer’s file design standard, completely disarming and regenerating clean, standard-compliant files whilst preserving their full usability. The technology seamlessly integrates within email architectures and via an API into web, file transfer, data guards and diodes to deliver real-time protection from file-borne threats.

www.glasswallsolutions.com

 

logo_barracuda_main_black

Barracuda Networks

Barracuda Networks offers industry-leading solutions designed to solve mainstream IT problems – efficiently and cost effectively – while customer support and satisfaction remain at the heart of what it does.

Its products span three distinct markets, including: 1) content security, 2) networking and application delivery and 3) data storage, protection and disaster recovery. Barracuda simplifies IT with cloud-enabled solutions that empower customers to protect their networks, applications and data, regardless of where they reside.

Barracuda develops its products for ease of use and ease to deploy, to appeal to SMEs and the mid-market. Therefore, all of the documentation associated with its products is extremely easy for customers to digest and understand. Barracuda also maintains a continuous feedback loop including in-person seminars, user groups, online customer feedback forums, regular customer surveys and ongoing communication and assistance.

While Barracuda maintains a strong heritage in email and web security appliances, its award-winning portfolio includes more than a dozen purpose-built solutions that support all aspects of the network – providing organisations of all sizes with end-to-end protection that can be deployed in hardware, virtual, cloud and mixed form factors.

www.barracuda.com

If you’d like to highlight your Anti Virus solutions, contact lisa.carter@mimrammedia.com

Top 10 IT security predictions for 2018

960 640 Stuart O'Brien

Ian Kilpatrick, executive vice president for cyber security company, Nuvias Group, offers his top 10 IT security predictions for the year ahead…

1. Security blossoms in the boardroom

Sadly, security breaches will continue to be a regular occurrence in 2018 and organisations will struggle to deal with them. New security challenges will abound and these will grab attention in the boardroom. Senior management is increasingly focusing on security issues and recognising them as a core business risk, rather than the responsibility of the IT department alone. The coming year will see further commitment from the boardroom to ensure that organisations are protected.

2. Ransomware has not gone away

Too much money is being made from ransomware for it to disappear – it won’t. According to Cyber Security Ventures, global ransomware damage costs for 2017 will exceed US$ 5 billion, with the average amount paid in ransom among office workers around US$ 1400. Companies can help prevent ransomware by tracking everything coming in and out of the network and running AV solutions with anti- ransomware protection. And, of course, you should do regular backups to a structured plan, based around your own business requirements – and make sure you test the plans.

3. IoT – A security time-bomb

IoT is a rapidly growing phenomenon which will accelerate in 2018, as both consumers and businesses opt for the convenience and benefits that IoT brings. However, manufacturers are not yet routinely building security into IoT devices and 2018 will see further problems generated through the use of insecure IoT. IoT is a major threat and possibly the biggest threat to businesses in the coming years. Unfortunately, it is not easy, and in some cases impossible, to bolt on security as an afterthought with IoT, and many organisations will find it challenging to deal with the consequences of such breaches. As IoT cascades through organisations’ infrastructures, it is likely to become the ultimate Trojan horse.

4. More from the Shadow Brokers

The Shadow Brokers, a hacker group which stole hacking tools from the American National Security Agency (NSA), created havoc in 2017 with the Wannacry ransomware episode. The group has already stated that it will soon release newer NSA hacking tools, with targets that might include vulnerabilities in Windows 10.

There will certainly be further episodes from them in 2018, so patch management, security and regular backups will be more crucial than ever. A major target of these hackers is the data that organisations hold, including PII (Personally Identifiable Information) and corporate data, so protecting the data ‘crown jewels’ inside the network will become ever more crucial.

5. GDPR – Have most businesses missed the point?

The arrival of GDPR in May 2018 will, of course, be a big story. However, many organisations are missing the main point about GDPR. It is about identifying, protecting and managing PII – any information that could potentially identify a specific individual. This will become more important in 2018 and there will be considerable focus on identifying, securing and, where required, deleting PII held on networks.

6. GDPR Blackmail – The new ransomware?

Unfortunately, GDPR will give a great opportunity to criminals, hackers, disgruntled staff and anyone who might want to do an organisation harm. They simply have to ask you to identify what data you hold on them, ask for it to be erased, and ask for proof that it has been done. If you can’t comply, they can threaten to go public – exposing you to the risk of huge fines – unless you pay them money. Watch out for that one!

7. DDoS on the rise

It is now possible for anyone to ‘rent’ a DDoS attack on the internet. For as little as US$ 5, you can actually pay someone to do the attack for you! https://securelist.com/the-cost-of-launching-a-ddos-attack/77784/. This is just one of the reasons DDoS threats will continue to escalate in 2018, alongside the cost of dealing with them. The dangers of DDoS for smaller companies are that it will leave them unable to do business. For larger organisations, DDoS attacks can overwhelm systems. Remember that DDoS is significantly under-reported, as no-one wants to admit they have been under attack!

8. Cloud insecurity – It’s up to you

Problems with cloud insecurity will continue to grow in 2018 as users put more and more data on the cloud, without, in many cases, properly working out how to secure it. It is not the cloud providers’ responsibility to secure the information – it is down to the user. With the introduction of GDPR in 2018, it will be even more important to ensure that PII stored in the cloud is properly protected. Failure to do so could bring serious financial consequences.

9. The insider threat

Historically, insider threats have been underestimated, yet they were still a primary cause of security incidents in 2017. The causes may be malicious actions by staff or simply poor staff cyber-hygiene – i.e. staff not using the appropriate behaviour required to ensure online “health.” In 2018, there will be growth in cyber education, coupled with more testing, measuring and monitoring of staff behaviour. This increasingly involves training and automated testing, such as simulated phishing and social engineering attacks.

10. Time to ditch those simple passwords

In 2018, simple passwords will be even more highlighted as an insecure ‘secure’ method of access. Once a password is compromised, then all other sites with that same user password are also vulnerable. As staff often use the same passwords for business as they use personally, businesses are left vulnerable. While complex passwords do have a superficial attraction, there are many challenges around that approach and multi-factor authentication is a vastly superior method of access.

VASCO and Nuvias expand distributor agreement

960 640 Stuart O'Brien

VASCO Data Security International and Nuvias have expanded their existing distributor agreement across EMEA in line with the demand for digital security solutions across the region.

Nuvias will play a key role in driving further growth and meeting demand across EMEA for VASCO’s security solutions, including two-factor authentication, transaction data signing, e-signatures, identity management and secure access to the cloud for online and mobile applications.

Previous to Nuvias’ acquisition of Wick Hill, VASCO had an ongoing 10 year distributor relationship in the UK and Germany with Wick Hill. Both Nuvias and VASCO are now looking to replicate this successful partnership across EMEA, with an initial focus on France, Poland and Benelux.

“Increasing reports of stolen passwords, along with the arrival of GDPR and a growing need for cloud and wi-fi authentication, are all major factors in driving the market for solutions that combat online and mobile fraud,” said Nuvias Group’s EVP Cyber Security, Ian Kilpatrick. “VASCO’s range of digital trust solutions are already delivering growth for us and our partners in many regions and we are really excited by this expansion of our longstanding relationship.”

“Partnerships with organisations like Nuvias enable VASCO to maximise its channel business opportunities,” said VASCO’s Channel Sales Manager EMEA, David De Pauw. “Nuvias’ knowledge of VASCO’s products and its presence in more than 20 countries across EMEA will help further VASCO’s success and offer value to a broader-reaching end user base.”

Kilpatrick concluded: “We are looking forward to expanding our relationship with VASCO, a company that is investing heavily in R&D to develop exciting new products and building strong go-to-market propositions.”

  • 1
  • 2