10 months ago


Secure systems, secure

Secure systems, secure data, secure people, secure business Computing Security March/April 2017 contents CONTENTS Computing Security Malware fightback Predict..Prevent..Protect NEWS OPINION INDUSTRY COMMENT CASE STUDIES PRODUCT REVIEWS Only human, after all How do we safeguard against human error in data breaches? IoT: threat and treat How to avoid the downsides A breach too far Security breaches could bring massive fines COMMENT 3 Voicing deep concerns NEWS 5 • 'Witchcraft' slur prompts backlash • Businesses begin to fight back ARTICLES SIMPLE TWIST OF FATE 8 In Part 2 of our look at what the experts are predicting for security in 2017, the big message is that things are going to get worse - and not necessarily before they get better! SCAMMERS GET SCAMMED! 30 Hackers and attackers are often seen as being in total control, causing utter mayhem for unsuspecting and defenceless organisations. But sometimes they get a lot more than they bargained for! SOLDIER'S FIGHTING QUEST 32 Dorset-based cyber-security company C3IA Solutions is backing the efforts of a British soldier who wants to build a library in his impoverished home town in Ghana CLOUD-BASED SECURITY 33 Many companies' endpoints represent under-secured, unnecessary risks. A new cloud-based service has been set up to help remedy that BREACHES SURGE 34 Cyber security incidents are soaring. That could be bad news for businesses when the GDPR comes into force next year REVIEW • CYjAX Intelligence Platform 16 MALWARE MALEVOLENCE 14 The average breach results in a cost of $158 per stolen record and is often not detected for an average of 229 days, it is estimated. Where should the fightback against malware begin? THE FINGER OF BLAME 18 Employees are a company's greatest asset. Businesses say so emphatically. But sometimes those same employees are the ones who spark a data breach, albeit unwittingly, through careless actions - or lack of planning on the part of their bosses CENTRE OF EXCELLENCE 22 A massive step forward has been taken in the battle to outwit the cybercriminals - in the shape of the new National Cyber Security Centre. Brian Wall reports IOT - THE GOOD AND THE BAD 26 Having suffered two of the largest hacks in history, Yahoo ended 2016 very much on a low note, with its approach to cyber security brought seriously into question. So what went so wrong - and how can others learn from its mistakes? 4 computing security March/April 2017 @CSMagAndAwards

news ‘WITCHCRAFT’ SLUR SPARKS BACKLASH Mike Ahmadi Computer security companies have been accused of "massively" exaggerating the abilities of malicious hackers. Dr Ian Levy, technical director of the UK's National Cyber Security Centre, made the accusation in a speech. He said the firms played up hackers' abilities to help them sell security hardware and services. Overplaying hackers' skills let the firms claim only they could defeat attackers, a practice he likened to "witchcraft". Commenting on this, Mike Ahmadi, global director – systems security at Synopsys, said: "While Dr Levy may indeed feel that security firms being creative in their marketing approach is tantamount to witchcraft, presenting that as some sort of supporting argument that hacker capabilities are overstated is not only nonsense, but is completely contradicted through empirical evidence one can gather through a simple web search. "Hackers stopping a car while it is being driven, as Miller and Valasek demonstrated in 2015, or the Mirai BotNet infecting millions of devices, or the US OPM breach exposing millions of records, Yahoo having 1.5 billion records hacked, are all things that happened well outside of the world of witchcraft and were not overstated. The list goes on and on, and the fact that hackers are exploiting old and known vulnerabilities is not an indicator of capability level by any measure I am aware of. His assertion is both misguided and pedantic." FREE CYBER SECURITY COURSE TARGETS PEOPLE SAFETY The latest ways to protect online privacy are at the centre of a free cyber security course being offered by Newcastle University’s School of Computing Science. Recent figures released by the Crime Survey for England and Wales highlighted more than two million computer misuse offences, with a sharp increase in cybercrime. And now experts at Newcastle University are offering everyone – including anyone working in cyber security or IT who wants to enhance their knowledge – the opportunity to stay up to date with the latest methods of keeping safe online. The three-week online course – start date 20 March – will explore the latest research into cyber security and give practical advice on issues such as privacy online, payment safety and security at home. Research carried out by the university last year highlighted how criminals can take as little as six seconds to work out credit card security details, leaving people open to their Britain is being hit by dozens of cyber-attacks a month, including attempts by Russian statesponsored hackers to steal defence and foreign policy secrets, GCHQ’s new cybersecurity chief has said. Ciaran Martin, head of the new National Cyber Security Centre (NCSC), told the Sunday Times there had been a "step change" in Russia’s online aggression against the West. His comments bank accounts being compromised. "Cyber security is a massive issue that affects everyone," said Dr Steve Riddle, lead educator on the MOOC (Massive Open Online Courses). "Criminals are getting increasingly clever in the way they target people and we believe this course is invaluable not only to people who want to work in the cyber security industry, but also the public at large." CYBERCRIMINALS WAGE WAR ON WHITEHALL SYSTEMS Peter Carlisle Dr Steve Riddle came as the chancellor Philip Hammond revealed to the Sunday Telegraph that the centre had blocked 34,550 "potential attacks" on government departments and members of the public in the past six months – about 200 cases a day. "It’s crystal clear that cyber criminals will stop at nothing to breach public sector security in an effort to get into Whitehall systems," commented Peter Carlisle, VP EMEA at Thales e-Security. "With hackers also targeting local government organisations, it's absolutely critical that the public sector continues the collaborative approach set out by the National Cyber Security Centre. "We all have a responsibility to protect national security and that’s why it's so important that industry works in partnership with the government to protect the public sector and critical national infrastructure from increasingly sophisticated attacks." 5 computing security March/April 2017 @CSMagAndAwards