security Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

security

NCSC reveals role play exercises to keep home workers cyber safe

960 640 Stuart O'Brien

Business owners are being urged to help keep their home working staff safe from cyber attacks by testing their defences in a roleplay exercise devised by the NCSC.

The ‘Home and Remote Working’ exercise is the latest addition to the National Cyber Security Centre’s Exercise in a Box toolkit, which helps small and medium sized businesses carry out drills in preparation for actual cyber attacks.

Launched last year, the toolkit sets a range of realistic scenarios which organisations could face, allowing them to practise and refine their response to each.

The latest exercise – the tenth in the series – is focused on home and remote working, reflecting the fact that for many organisations this remains a hugely important part of their business.

Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, said: “We know that businesses want to do all they can to keep themselves and their staff safe while home working continues, and using Exercise in a Box is an excellent way to do that.

“While cyber security can feel daunting, it doesn’t have to be, and the feedback we have had from our exercises is that they’re fun as well as informative.

“I would urge business leaders to treat Exercise in a Box in the same way they do their regular fire drills – doing so will help reduce the chances of falling victim to future cyber attacks.”

The exercise follows a range of products developed by the NCSC – which is a part of GCHQ – to support remote working during the coronavirus pandemic, including advice on working from home and securely setting up video conferencing.

The new ‘Home and Remote Working’ exercise is aimed at helping SMEs to reduce the risk of data compromise while employees are working remotely.

The exercise focuses on three key areas: how staff members can safely access networks, what services might be needed for secure employee collaboration, and what processes are in place to manage a cyber incident remotely.

Some of the most popular exercises include scenarios based around ransomware attacks, losing devices and a cyber attack simulator which safely imitates a threat actor targeting operations to test an organisation’s cyber resilience.

As part of the exercises, staff members are given prompts for discussion about the processes and technical knowledge needed to enhance their cyber security practices. At the end an evaluative summary is created, outlining next steps and pointing to NCSC guidance.

Exercise in a Box is an evolving tool and since it was launched the NCSC has continued to work on the platform. It has recently been given a new refreshed look to make it even more intuitive for users and soon micro-exercises – ‘bite-sized’ exercises that focus on a specific topic – will be added.

Jonathan Miles, Head of Strategic Intelligence and Security Research at Mimecast, said: “This new NCSC tool is a fantastic measure and will be welcomed universally as the threat of cyber attack continues to rise. In fact, our State of Email Security shows that 91% of UK organisations believe their organisation volume of web and email spoofing will increase in the coming year, while 59% of UK organisations have observed an increase in phishing attacks over the last year. It’s important that organisations prioritise cyber security, especially at a time where remote working has become the norm and connecting corporate devices via the home router becomes commonplace. This provides greater opportunity for malicious actors to infiltrate and obtain sensitive corporate data through unsecured home devices, so it’s important that businesses educate their staff on the tell tales signs of compromise and the benefits of good cyber hygiene practices.

“Regular cybersecurity awareness education is also key. Our State of Email Security report found 56% of organisations don’t provide awareness training on a frequent basis, leaving organisations incredibly vulnerable. This is supported by further research which found that enterprises that didn’t utilise Mimecast awareness training were 5x times more likely to click on malicious links as opposed to those companies that did. Often such training and education exercises may be viewed as burdensome or tedious, but it’s crucial that organisations work to change this perception and using tools such as these provided by the NCSC and others can significantly help. Our research has identified that awareness training, which is fun, interactive, and done in intervals can significantly help with retention, in addition to bolstering cyber defence in depth.”

You can sign up for Exercise in a Box or find out more about it on the NCSC’s website.

RECOMMENDED: ANTI VIRUS

960 640 Stuart O'Brien

IT Security Briefing highlights some of the industry’s key suppliers of anti-virus solutions…

Glasswall-Logo-small-450x230

Glasswall 

Glasswall’s patented deep file inspection, remediation, sanitisation and document regeneration technology eliminates the threat from document-based malware. Glasswall processes files such as PDF, Word, Excel and image files in milliseconds, without relying on detection signatures.

Glasswall does not look for bad but ‘looks for good’, checking every byte of a document against the manufacturer’s file design standard, completely disarming and regenerating clean, standard-compliant files whilst preserving their full usability. The technology seamlessly integrates within email architectures and via an API into web, file transfer, data guards and diodes to deliver real-time protection from file-borne threats.

www.glasswallsolutions.com

 

logo_barracuda_main_black

Barracuda Networks

Barracuda Networks offers industry-leading solutions designed to solve mainstream IT problems – efficiently and cost effectively – while customer support and satisfaction remain at the heart of what it does.

Its products span three distinct markets, including: 1) content security, 2) networking and application delivery and 3) data storage, protection and disaster recovery. Barracuda simplifies IT with cloud-enabled solutions that empower customers to protect their networks, applications and data, regardless of where they reside.

Barracuda develops its products for ease of use and ease to deploy, to appeal to SMEs and the mid-market. Therefore, all of the documentation associated with its products is extremely easy for customers to digest and understand. Barracuda also maintains a continuous feedback loop including in-person seminars, user groups, online customer feedback forums, regular customer surveys and ongoing communication and assistance.

While Barracuda maintains a strong heritage in email and web security appliances, its award-winning portfolio includes more than a dozen purpose-built solutions that support all aspects of the network – providing organisations of all sizes with end-to-end protection that can be deployed in hardware, virtual, cloud and mixed form factors.

www.barracuda.com

If you’d like to highlight your Anti Virus solutions, contact lisa.carter@mimrammedia.com

Top 10 IT security predictions for 2018

960 640 Stuart O'Brien

Ian Kilpatrick, executive vice president for cyber security company, Nuvias Group, offers his top 10 IT security predictions for the year ahead…

1. Security blossoms in the boardroom

Sadly, security breaches will continue to be a regular occurrence in 2018 and organisations will struggle to deal with them. New security challenges will abound and these will grab attention in the boardroom. Senior management is increasingly focusing on security issues and recognising them as a core business risk, rather than the responsibility of the IT department alone. The coming year will see further commitment from the boardroom to ensure that organisations are protected.

2. Ransomware has not gone away

Too much money is being made from ransomware for it to disappear – it won’t. According to Cyber Security Ventures, global ransomware damage costs for 2017 will exceed US$ 5 billion, with the average amount paid in ransom among office workers around US$ 1400. Companies can help prevent ransomware by tracking everything coming in and out of the network and running AV solutions with anti- ransomware protection. And, of course, you should do regular backups to a structured plan, based around your own business requirements – and make sure you test the plans.

3. IoT – A security time-bomb

IoT is a rapidly growing phenomenon which will accelerate in 2018, as both consumers and businesses opt for the convenience and benefits that IoT brings. However, manufacturers are not yet routinely building security into IoT devices and 2018 will see further problems generated through the use of insecure IoT. IoT is a major threat and possibly the biggest threat to businesses in the coming years. Unfortunately, it is not easy, and in some cases impossible, to bolt on security as an afterthought with IoT, and many organisations will find it challenging to deal with the consequences of such breaches. As IoT cascades through organisations’ infrastructures, it is likely to become the ultimate Trojan horse.

4. More from the Shadow Brokers

The Shadow Brokers, a hacker group which stole hacking tools from the American National Security Agency (NSA), created havoc in 2017 with the Wannacry ransomware episode. The group has already stated that it will soon release newer NSA hacking tools, with targets that might include vulnerabilities in Windows 10.

There will certainly be further episodes from them in 2018, so patch management, security and regular backups will be more crucial than ever. A major target of these hackers is the data that organisations hold, including PII (Personally Identifiable Information) and corporate data, so protecting the data ‘crown jewels’ inside the network will become ever more crucial.

5. GDPR – Have most businesses missed the point?

The arrival of GDPR in May 2018 will, of course, be a big story. However, many organisations are missing the main point about GDPR. It is about identifying, protecting and managing PII – any information that could potentially identify a specific individual. This will become more important in 2018 and there will be considerable focus on identifying, securing and, where required, deleting PII held on networks.

6. GDPR Blackmail – The new ransomware?

Unfortunately, GDPR will give a great opportunity to criminals, hackers, disgruntled staff and anyone who might want to do an organisation harm. They simply have to ask you to identify what data you hold on them, ask for it to be erased, and ask for proof that it has been done. If you can’t comply, they can threaten to go public – exposing you to the risk of huge fines – unless you pay them money. Watch out for that one!

7. DDoS on the rise

It is now possible for anyone to ‘rent’ a DDoS attack on the internet. For as little as US$ 5, you can actually pay someone to do the attack for you! https://securelist.com/the-cost-of-launching-a-ddos-attack/77784/. This is just one of the reasons DDoS threats will continue to escalate in 2018, alongside the cost of dealing with them. The dangers of DDoS for smaller companies are that it will leave them unable to do business. For larger organisations, DDoS attacks can overwhelm systems. Remember that DDoS is significantly under-reported, as no-one wants to admit they have been under attack!

8. Cloud insecurity – It’s up to you

Problems with cloud insecurity will continue to grow in 2018 as users put more and more data on the cloud, without, in many cases, properly working out how to secure it. It is not the cloud providers’ responsibility to secure the information – it is down to the user. With the introduction of GDPR in 2018, it will be even more important to ensure that PII stored in the cloud is properly protected. Failure to do so could bring serious financial consequences.

9. The insider threat

Historically, insider threats have been underestimated, yet they were still a primary cause of security incidents in 2017. The causes may be malicious actions by staff or simply poor staff cyber-hygiene – i.e. staff not using the appropriate behaviour required to ensure online “health.” In 2018, there will be growth in cyber education, coupled with more testing, measuring and monitoring of staff behaviour. This increasingly involves training and automated testing, such as simulated phishing and social engineering attacks.

10. Time to ditch those simple passwords

In 2018, simple passwords will be even more highlighted as an insecure ‘secure’ method of access. Once a password is compromised, then all other sites with that same user password are also vulnerable. As staff often use the same passwords for business as they use personally, businesses are left vulnerable. While complex passwords do have a superficial attraction, there are many challenges around that approach and multi-factor authentication is a vastly superior method of access.

VASCO and Nuvias expand distributor agreement

960 640 Stuart O'Brien

VASCO Data Security International and Nuvias have expanded their existing distributor agreement across EMEA in line with the demand for digital security solutions across the region.

Nuvias will play a key role in driving further growth and meeting demand across EMEA for VASCO’s security solutions, including two-factor authentication, transaction data signing, e-signatures, identity management and secure access to the cloud for online and mobile applications.

Previous to Nuvias’ acquisition of Wick Hill, VASCO had an ongoing 10 year distributor relationship in the UK and Germany with Wick Hill. Both Nuvias and VASCO are now looking to replicate this successful partnership across EMEA, with an initial focus on France, Poland and Benelux.

“Increasing reports of stolen passwords, along with the arrival of GDPR and a growing need for cloud and wi-fi authentication, are all major factors in driving the market for solutions that combat online and mobile fraud,” said Nuvias Group’s EVP Cyber Security, Ian Kilpatrick. “VASCO’s range of digital trust solutions are already delivering growth for us and our partners in many regions and we are really excited by this expansion of our longstanding relationship.”

“Partnerships with organisations like Nuvias enable VASCO to maximise its channel business opportunities,” said VASCO’s Channel Sales Manager EMEA, David De Pauw. “Nuvias’ knowledge of VASCO’s products and its presence in more than 20 countries across EMEA will help further VASCO’s success and offer value to a broader-reaching end user base.”

Kilpatrick concluded: “We are looking forward to expanding our relationship with VASCO, a company that is investing heavily in R&D to develop exciting new products and building strong go-to-market propositions.”

Larry Ellison Oracle

Oracle unveils automated database cyber defence solution

960 640 Stuart O'Brien

Oracle Executive Chairman and CTO Larry Ellison has unveiled new machine learning applications for database and cyber security in the opening keynote presentation at Oracle OpenWorld 2017 in San Francisco’s Moscone Center.

Ellison introduced Oracle Autonomous Database Cloud, the world’s first 100 percent self-driving autonomous database, and new automated cyber defense applications that detect and remediate attacks in real time.

With total automation based on machine learning, Oracle claims its Autonomous Database Cloud eliminates the human labour required to manage a database by enabling a database to automatically upgrade, patch and tune itself while running.

With no more scope for human error or requirements for human performance testing, Oracle says it’s able to minimise costly planned and unplanned downtime to less than 30 minutes a year and guarantee that organisations can cut their costs in half compared to Amazon.

Ellison also shared benchmark test results during short demonstrations that highlighted an alleged performance gap between Oracle Database on Oracle Cloud and Oracle Database running on Amazon’s best Oracle Database Cloud Service, Amazon Relational Database Service (RDS). The direct comparison also highlighted the difference between Amazon’s 99.95 percent reliability and availability SLAs, which exclude most sources of unplanned and planned downtime, and Oracle’s 99.995 percent SLA guarantees.

Other key quotes from Larry Ellison’s keynote presentation:

  • “Now, I don’t use the word revolutionary new technology every year here at Oracle OpenWorld. We don’t — you know, because there aren’t that many revolutionary new technologies. But this one is.”
  • “This thing is truly elastic, instantaneously elastic. So you never provision more resource than you need. It really is on-demand computing.”
  • “These are not Oracle went out and made up the most ridiculous demos to make Amazon look bad they could come up with. These are datasets that we actually used for stress testing, and performance testing, and validating our database.”
  • “Amazon is five to eight times more expensive running the identical workload than the Oracle Autonomous Database.”
  • “We guarantee you contractually to cut your Amazon bill in half. It’s fairly easy when you’re five to eight times faster. We feel pretty comfortable.”
  • “It’s not unusual for our competitors to use our technology. Amazon knows this. They are one of the biggest Oracle users on the planet Earth. SAP is one of the biggest users of Oracle on Earth.”
  • “Bring-your-own-license to PaaS applies to all of our PaaS services. Not just database, but also middleware, also analytics. These are dramatic price reductions.”
  • “You’ll see a migration, an evolution of database skills, where you’re focused more on database design, schema design, different kinds of data analytics including machine learning, setting the policies as to what is mission critical, what requires disaster recovery, figuring out those policies.”

HMRC site suffering from ‘serious’ security flaws

960 640 Stuart O'Brien

A researcher who spent 57 days trying to report a bug on HMRC’s online tax service site has said that the UK tax office must improve the way it handles website security problems – adding that finding the correct contact to report the issue to was even more challenging than actually finding the bug in the site.

Speaking with the BBC, the researcher and security expert simply known as ‘Zemnex’ found two separate bugs within the site, which could have easily have attackers view or modify tax records or collect key details from UK taxpayers.

“I spent days reaching out to half a dozen different Government social media accounts attempting to find where the right place to go was and got nothing meaningful in response,” he told the BBC.

He added that eventually the UK’s National Cyber Security Centre (NCSC) was able to help get the security problems solved.

Zemnex realised that the HRMC site was at risk as he checking his taxes. He quickly realised that it was possible to use the HRMC site as a ‘’forwarding service’, which could be utilised to coax a victim into revealing financial information, credentials and usernames and passwords. He then discovered a second bug that could potentially give an attacker control over a victim’s information.

Although the bugs were fairly easy to find, Zemnex then realised that trying to contact the right person to report the security issues wouldn’t be quite as easy.

“I understand the significant difficulties involved in these programmes,” he told the BBC. “If a programme were opened to the public to disclose issues without very significant and robust preparation, it would quickly become totally overwhelmed by the volume of reports, both valid and invalid.”

In a statement, HRMC said it was working with the NCSC regarding its security procedures.

Calipsa launches next-gen video surveillance

400 280 Stuart O'Brien

British start-up Calipsa has launched its next generation video surveillance technology, built on Deep Learning models.
The technology revolves around algorithms that can process and analyse hours of video feeds to provide alerts and detailed reports for applications where real-time video monitoring is key, including traffic enforcement, road accidents and public disorder.
The Calipsa engine uses a feedback loop to continuously evolve and improve over time. Human operators can ‘teach’ the artificial intelligence using a simple point and click interface, which automates repetitive parts of their jobs. Designed to work with any existing camera or video source, the technology can be deployed quickly via the cloud or on-premise, with no retrofit required. Calipsa is highly adaptable to all weather and lighting conditions, with 95 per cent accuracy.
“There are around 250 million video surveillance cameras in operation worldwide today, capturing 1.6 trillion hours of video annually. Yet despite the fact that we live in the 21st century, the majority of video surveillance carried out by the police, military, transport operators and security companies, is still done by humans,” explains Mohammad Rashid Khan, co-founder and CEO at Calipsa. “This doesn’t make sense, as it’s very time consuming, expensive and inefficient. You can imagine that manually viewing huge quantities of video data for hours and hours can lead to fatigue, loss of attention, and most important, errors – at a time when video surveillance has never been more critical in our society.”
The Calipsa team, which comprises expertise from universities including Cambridge, Imperial College London and UCL, has raised a seven figure seed funding round from a number of well-respected venture capitalists, including LocalGlobe, Horizons Ventures and Entrepreneur First – which have backed some of the biggest companies in the world.
Calipsa is already working with customers in the UK, France and India and is now seeking strategic partners to take its technology to the market.
www.calipsa.io