• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

IT

84% of security and IT teams ‘don’t have a positive relationship’

960 640 Stuart O'Brien

Almost two thirds (59%) of European IT heads believe it is challenging to gain end-to-end visibility of their network, with almost half saying this lack of visibility is a major concern.

That’s according to a new poll by IDC/Forrester/VMware, which says more than a third (37%) feel the challenges associated with this lack of visibility has resulted in misalignment between security and IT teams – and a quarter (29%) have no plans to implement a consolidated IT and security strategy.

Only a third (38%) of networking teams are currently involved in the development of security strategies. Yet, 60% of these are involved in the execution of security, perhaps signalling that networking teams are not seen as having an equal role with the other IT or security teams when it comes to cybersecurity.

This is in stark contrast to the fact that network transformation is seen as being essential to delivering the levels of resilience and security required by modern businesses, with 43% of European organisations saying this is a key priority for them between 2019 to 2021. 

Critically, organisations need shared thinking and responsibilities to establish a cohesive security model if they are to deliver their company’s strategic goals, seen by Forrester as increased security (55%), technological advancement (56%) and the ability to respond faster (56%). 

Alongside the inconsistency in how the role of the network in security is perceived, there is a lack of cohesion within the IT and security teams as to who is responsible for network security.

“Businesses who are looking to adapt to fast-changing market conditions rely on the ability to efficiently connect, run and secure modern applications consistently, from the data center, across any cloud and all the way to the device. And it is the virtual cloud network that is delivering this. The network needs to be recognised as the DNA of any modern security, cloud and app strategy, and it should be seen as a strategic weapon and not merely the plumbing,” said Jeremy Van Doorn, Sr Director of Systems Engineering, Software Defined Data Center EMEA, VMware

The research also sheds light on the difference in priorities for both the IT and security teams. Globally, the top priority for IT is efficiency (51%), whilst security teams are focused on incident resolution (49%). And while new security threats require visibility across the entire IT infrastructure, less than three quarters of securityteams are involved in executing the organisation’s security strategy. 

Forty five percent of respondents recognise that a consolidated strategy could help reduce data breaches and more quickly identify threats. Yet this relationship isn’t proving an easy one to maintain as 84% of security and IT teams admit they don’t have a positive relationship with one another (at VP level and below). More than half of organisations want to move to a model of shared responsibility in the next 3-5 years, where IT securityarchitecture (58%), cloud security (43%) and threat hunting response (51%) is shared between IT and securityteams; but that calls for much closer collaboration than exists today. 

Denis Onuoha, Chief Information Security Officer at Arqiva, said: “It is critical that IT and security teams work in harmony to ensure every touch point of the IT infrastructure remains secure. The network forms a critical part of the business in delivering the best and most efficient services to customers. We recognise the importance of the network and therefore ensure security is embedded into the fabric of its infrastructure from the beginning and not bolted on as an afterthought. As we navigate a growing number of cloud and Edge environments and the network remains the connector between them all, it has become business critical for us to keep network security a top priority.” 

Retailers ‘struggling to balance customer experience with IT security’

960 640 Stuart O'Brien

Retailers are struggling to balance the challenges of delivering increased footfall, bigger basket sizes, and an enhanced customer experience with their fundamental technology and IT security needs.

That’s the conclusion of a survey conducted in May 2019 at RetailEXPO 2019 by Cybera, which revealed that offering a differentiated customer experience (31 percent) and increasing footfall (28 percent) are the biggest challenges for retailers.

In addition, another recent report showed that poor customer experiences cost British retailers up to £102 billion in lost sales each year.

Retailers are well aware of the need to positively differentiate themselves, with 83 percent of respondents in the Cybera survey citing that delivering an enhanced in-store customer experience is very important.

Cybera says the key to addressing all these new challenges is additional applications and services, the majority of which will rely on secure, stable, and scalable network technology. However, nearly one quarter (23 percent) of the respondents have not introduced additional services to their stores in the past 12 months.

The primary inhibitors included cost—25 percent said they thought it would be too expensive—followed by IT security concerns (19 percent) and a belief that their network would not support additional applications (14 percent).

Moreover, many retailers noted the ever-evolving regulatory landscape—including GDPR, PCI, and the upcoming PSD2—as an added distraction. Nearly half (47 percent) said they were concerned about new regulatory demands, admitting it was time to review their technology and processes.  

Interestingly, less than 10 percent considered IT security to be a key business challenge. This is particularly startling compared to the findings of the British Retail Consortium’s annual crime survey, which found that members are generally seeing a growth in the number of cyber-attacks, continuing previous years’ patterns. Nearly 80 percent of respondents in that survey said the volume of cyber-attacks and breaches had increased in 2018 over the previous year.

Cybera SVP and GM EMEA, Hubert da Costa, said, “Retail technology and customer demands are constantly changing, but one thing that will always be critical is customer experience. The growth of IoT in retail is staggering and it threatens the ability to deliver a consistent, high-quality customer experience. All of these network-enabled devices are disparate, which means separate management and requirements. This IoT growth is challenging for retailers—many of whom operate remote, smaller-footprint sites managed by a staff with limited IT expertise. The solution is to leverage a network platform that enables them to deliver these new breakthrough apps and services quickly, easily, and without compromising their security.”

Digital skills shortages ‘costing UK £63bn a year’

960 640 Stuart O'Brien

A lack of technical expertise has fuelled skills shortages across the UK for the last two decades.

That is according to comparative analysis of the professional jobs market by The Association of Professional Staffing Companies (APSCo).

A 1999 report from University College London said almost half (47%) of all ‘skill-shortage vacancies’ that year could be attributed to a lack of technical expertise.

For ‘associate professional and technical’ roles, the need for ‘advanced IT’ skills was responsible for 31% of vacancies, while a lack of ‘other technical and practical skills’ were responsible for a further 49% of all open roles.

A separate report published the same year by Computer Weekly revealed that C++ developers were the most in-demand professionals with Java the second most sought-after skill in the IT recruitment market.

Now, research from The Edge Foundation suggests that around half of all employers (51%) have been forced to leave a role open because there are no suitable candidates available, and that tech job vacancies are costing the UK economy £63 billion a year.

LinkedIn data indicates that cloud and distributed computing is the most valued skill among employers, with user interface design, SEO/SEM marketing and mobile development also featuring in the top 10.

Commenting on the analysis, Ann Swain, Chief Executive of APSCo, said: “While the specific skills that employers are seeking have changed dramatically over the past two decades, the fact that talent gaps continue to be aligned with technical competencies suggests that we need to do more to boost Britain’s digital capabilities.

“Our members have long reported shortages of talent across the IT and digital fields. For this reason, it is crucial that we ensure that we retain access to the STEM professionals that businesses need in the short term – through maintaining access to global talent and retaining our flexible labour market.

“However, perhaps more importantly, we must pipeline the calibre and volume of skills we need for the future so that we break free from this perpetual skills shortage. As this data indicates, for the past 20 years we have been playing catch-up – and we must break the cycle if individual businesses, and the wider UK economy, are to fulfil their full potential.”

RECOMMENDED: ANTI VIRUS

960 640 Stuart O'Brien

IT Security Briefing highlights some of the industry’s key suppliers of anti-virus solutions…

Glasswall-Logo-small-450x230

Glasswall 

Glasswall’s patented deep file inspection, remediation, sanitisation and document regeneration technology eliminates the threat from document-based malware. Glasswall processes files such as PDF, Word, Excel and image files in milliseconds, without relying on detection signatures.

Glasswall does not look for bad but ‘looks for good’, checking every byte of a document against the manufacturer’s file design standard, completely disarming and regenerating clean, standard-compliant files whilst preserving their full usability. The technology seamlessly integrates within email architectures and via an API into web, file transfer, data guards and diodes to deliver real-time protection from file-borne threats.

www.glasswallsolutions.com

 

logo_barracuda_main_black

Barracuda Networks

Barracuda Networks offers industry-leading solutions designed to solve mainstream IT problems – efficiently and cost effectively – while customer support and satisfaction remain at the heart of what it does.

Its products span three distinct markets, including: 1) content security, 2) networking and application delivery and 3) data storage, protection and disaster recovery. Barracuda simplifies IT with cloud-enabled solutions that empower customers to protect their networks, applications and data, regardless of where they reside.

Barracuda develops its products for ease of use and ease to deploy, to appeal to SMEs and the mid-market. Therefore, all of the documentation associated with its products is extremely easy for customers to digest and understand. Barracuda also maintains a continuous feedback loop including in-person seminars, user groups, online customer feedback forums, regular customer surveys and ongoing communication and assistance.

While Barracuda maintains a strong heritage in email and web security appliances, its award-winning portfolio includes more than a dozen purpose-built solutions that support all aspects of the network – providing organisations of all sizes with end-to-end protection that can be deployed in hardware, virtual, cloud and mixed form factors.

www.barracuda.com

If you’d like to highlight your Anti Virus solutions, contact lisa.carter@mimrammedia.com

‘Brute force’ cyber attack on Scottish Parliament

960 640 Stuart O'Brien

Officials have confirmed that the Scottish Parliament has been targeted by a “brute force” cyber attack, similar to that which affected Westminster in June.

Chief executive Sir Paul Grice confirmed the attack in a message to MSPs and staff with parliamentary email addresses, and said the attack was from “external sources” and urged all members to be vigilant.

Grice added that systems “remain fully operational” and that “robust cyber security measures” had identified the attack early.

Grice also urged all MSPs and staff to make sure passwords were as secure as possible and that parliament’s IT team would “force a change to weak passwords as an additional security measure.”

“The parliament’s monitoring systems have identified that we are currently the subject of a brute force cyber attack from external sources,” wrote Grice.

“This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed logins.

“The parliament’s robust cyber security measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational.”

Hackers involved in a ‘brute force’ attack try to access systems by systematically using a range of different passwords in the hope that a correct password is delivered through trial and error.

 

Employees are companies’ biggest data security risk

960 649 Stuart O'Brien

A consensus study commissioned by data security specialist HANDD Business Solutions (HANDD) has revealed that nearly a quarter of IT professionals believe that the behaviour of employees and their reactions to social engineering attacks – which can trick them into sharing user credentials and sensitive data – poses a big challenge to data security.

The survey of 304 IT professionals in the UK shows that 21 per cent of respondents say regulations, legislation and compliance will be one of the two greatest business challenges to impact data security. The General Data Protection Regulation (GDPR) is causing real concern among professionals in their bid to be compliant by the deadline, which is less than 12 months away. GDPR will not only raise the privacy bar for companies across the EU, but will also impose extra data protection burdens on them.

HANDD CEO and co-founder Ian Davin commented: “Companies must change their mindset and look at data, not as a fungible commodity, but as a valuable asset. Data is more valuable than a pot of gold, which puts companies in a challenging position as the stewards of that data. C-suite executives must understand the data protection challenges they face and implement a considered plan and methodical approach to protecting sensitive data.”

41 per cent of those surveyed assign the same level of security resources and spend for all company data, regardless of its importance. Analysing and documenting the characteristics of each data item is a vital part of its journey through an organisation. A robust data classification system will see all data tagged with markers defining useful attributes, such as sensitivity level or a retention requirement and ensuring that an organisation understands completely which data requires greater levels of protection.

“Employees are probably your biggest asset, yet they are also your weakest link, and so raising user awareness and improving security consciousness are hugely important for companies that want to drive a culture of security throughout their organisation,” commented Danny Maher, CTO at HANDD.

NHS left vulnerable to cyber attacks

960 634 Stuart O'Brien

Experts from the British Computer Society (BCS) & The Chartered Institute for IT have claimed that a lack of investment in cyber-security software and accountability left the NHS open to the Wannacry virus.

The malware disrupted hospital staff across the UK in May as computers systems crashed, leaving frontline hospital staff unable to access important patient information, with operations cancelled and doctors and nurses forced to rely on hand-written notes to track patient’s case histories and treatments.

A report into the attack by the BCS found that the crisis could have been avoided had hospital IT teams had an official cyber-attack protocol, in-house cyber-security experts and up-to-date secure software.

‘’Patients should be able to trust that hospital computer systems are as solid as the first-class doctors and nurses that make our NHS the envy of the world,” said David Evans, director of community & policy at The Chartered Institute.

“Unfortunately, without the necessary IT professionals, proper investment and training the damage caused by the Wannacry ransomware virus was an inevitability, but with the roadmap we are releasing today, will make it less likely that such an attack will have the same impact in the future.”

The Chartered Institute of IT has joined forces with the Patient’s Association, the Royal College of Nursing, Microsoft to produce a blueprint that outlines steps NHS trusts should take to avoid another crippling cyber-attack.

Top of the list is ensuring there are clearly laid-out standards for accrediting relevant IT professionals. NHS board are being urged to ensure they understand their responsibilities, how to make use of registered cyber security experts and increase the number of qualified and registered IT professionals.