11 months ago


Secure systems, secure

Secure systems, secure data, secure people, secure business Computing Security May/June 2017 contents CONTENTS Computing Security New encryption in use technology ELIMINATES MASS DATA BREACHES NEWS OPINION INDUSTRY COMMENT CASE STUDIES PRODUCT REVIEWS Panoptex Technologies releases its groundbreaking Olfactex Solution PANOPTEX CTO INTERVIEW PG 12 COMMENT 3 Cyber attacks soar across the UK EDITOR’S FOCUS 5 The massive cyber attack that crippled the NHS could have been readily avoided ARTICLES CAN PRIVACY BE PROTECTED? 6 The NHS breach, plus revelations over CIA hacking methods, have cast a long shadow over how to keep data safe and secure DATA BREACHES ELIMINATED 12 Panoptex Technologies is making waves by providing a powerful industry first SHOW TIME ONCE AGAIN 18 Infosecurity Europe 2017 is not far off now - and it’s the right place to be! REAL PRICE OF SECURITY 29 Making purchasing decisions for security solutions that are based on quality is vital PRESSURE MOUNTS ON ISPS 30 More and more security professionals are demanding additional help from their ISPs to block DDoS traffic before it hurts them MANY HAPPY RETURNS! 31 Recalls happen, but handled right they can be turned into a positive experience HEAVEN SCENT? 32 Two new 'fragrances' have been released by Kaspersky that have that certain whiff of danger about them REVIEWS • Acunetix 11 20 • Aegis Secure Key 3z 34 NOWHERE TO HIDE 8 With email under constant attack, what is the best way to protect your organisation's communications? How do you keep your data vital and easily accessible to you and yours, yet useless to anyone out to access/steal it? THE DOUBLE-EDGED SWORD 14 Encryption plays a vital role in protecting valuable information from being stolen or altered. But it can be used by your enemies just as readily THE CLOCK IS TICKING 22 With the new European General Data Protection Regulations soon due to become law, many businesses will need to look closely at how they protect their data throughout the course of its lifecycle AFTER THE FLOOD 26 With mobile devices now in their multibillions globally, and more and more applications flooding the market, the need for mobile monitoring and device management has never been greater or more urgent 4 computing security May/June 2017 @CSMagAndAwards

NHS breach OBSOLETE SOFTWARE LEFT NHS TRUSTS WIDE OPEN THE MASSIVE CYBER ATTACK THAT CRIPPLED THE NHS COULD - AND SHOULD - HAVE BEEN AVOIDED Almost all NHS trusts were using an obsolete version of Windows for which Microsoft had stopped providing security updates in 2014. This left them at the mercy of the kind of attack that crippled a swathe of hospitals across the UK. The perilous state to which the trusts were exposed was revealed less than six months ago, but there was a widespread failure to act on that warning. A statement from Microsoft president and chief legal officer Brad Smith has criticised the way governments store up information about security flaws in computer systems. "We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world," he commented. The global ransomware attack used hacking tools widely believed to have been developed by the US National Security Agency, causing chaos across the NHS, but also infecting computers in what is thought to have been nearly 100 countries. "The governments of the world should treat this attack as a wake-up call," he warned. Microsoft also pointed out that many organisations had failed to keep their systems up to date, allowing the virus to spread. The software giant had released a Windows security update in March to tackle the problem that lay at the core of the latest attack, but many users were yet to run it. "As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats, unless they update their systems," added Smith. According to IS Decisions, which recently conducted research into the poor state of IT security in healthcare: 39% of healthcare workers do not receive IT training 37% do not have unique logins Only 38% of healthcare organisations enforce the use of secure passwords 29% of healthcare workers are not required to log in to a network to access files and folders Only 63% of healthcare organisations have a documented security policy Less than half (48%) of healthcare organisations offer ongoing security training to employees Only 27% of healthcare workers believe senior management takes enough responsibility for IT security 75% of healthcare workers have access to patient data (quite a wide window of opportunity for hackers to exploit). The stats are from the company's healthcare compliance report, based on a survey of 500 healthcare professionals. Significantly, Christopher Graham, the information commissioner at The Information Commissioner's Office, said in 2015: "The Health Service holds some of the most sensitive personal information available, but instead of leading the way in how it looks after that information, the NHS is one of the worst performers. This is a major cause for concern." Indeed it is. But will the lesson be grasped and the NHS made secure in the future? @CSMagAndAwards May/June 2017 computing security 05