27-10final

The things you say Write to: Professional Security Magazine
Westcroft, Cannock Road, Wolverhampton WV10 8QW
Phone: 01922 415233 Email: info@professionalsecurity.co.uk Web: www.professionalsecurity.co.uk
Knife crime issues
I would not want it thought that I leap into action
every time my chum Steve Collins goes to print,
but I must again take issue with his position on
knife crime, repeated in Professional Security,
September 2017 – although, this time, I
(almost) agree with him. Logic seems to be
completely missing in current discussions of
knife crime. “Knife crime is now four times more
prevalent than gun crime”. Of course it is –
have you ever tried to walk into a hardware
store and buy a gun? Does everyone have a
rack of guns hanging in the kitchen? There is a
complaint that we are continually assured ‘knife
crime has fallen’, but that those statistics are
‘massaged’. And yet, 120,000 fewer people with
violence-related injury were treated in A&Es
across England and Wales in 2016 compared
with 2010. So, ‘between 2014 and 2016 the
number of children carrying knives in London
schools rose by almost 50pc’. What actual rise
is that – up from 2pc to 3pc of pupils is a 50pc
rise. In my schooldays, virtually every boy (yes,
it was a boy thing) carried a knife in school –
for playing ‘split the kipper’ and other harmless
pursuits. Now a child doing that is ‘a potential
murderer’. In amongst all of these figures
showing offences involving knives, where is the
figure that shows what percentage of the knives
were being carried illegally in a public place,
and how many were kitchen knives turned on a
domestic partner in the home? PC Keith
Palmer’s killing – used an edged weapon - in
Westminster in March [pictured; flowers in his
memory outside the Houses of Parliament] was
a tragedy of the first order. But, in the same
incident, the attacker killed four other people,
using a vehicle, a modus operandi that has now
Cyber aware
Cyber awareness training for staff is important; so
is constant communicating of risks.
Ongoing cyber awareness training is an integral
element in an organisation’s defence against
cyber-attacks. However, our research indicates
that this has not been a focal point for many
organisations over the past 12 months. This is
concerning, especially in light of the NIS
[security of network and information systems]
directive and therefore immediate action is
needed to address it. Firstly, for organisations
who only carry out awareness training once a
ID responsibility
Identity fraud is a very real, and growing, threat.
The responsibility to protect against it is shared
between banks, online stores and other online
providers, government and consumers. Online
providers, for example, have a duty of care to
safeguard the personal data of their customers.
However, consumers must be vigilant and do all
they can to minimise the risk of their personal data
being stolen. Central to this is having up-to-date
and appropriate Internet security software on all
connected devices, installing operating system and
application updates promptly, using strong and unique passwords,
applying caution when using public Wi-Fi networks, being aware of our
digital footprint and not revealing too much information about ourselves
online.
David Emm
Principal Security Researcher, Kaspersky Lab
82 OCTOBER 2017 PROFESSIONAL SECURITY
been copied in several other terrorist attacks
around the world. I have heard no-one say that,
in consequence, driving cars and vans in a
public place should therefore be made illegal.
That would be seen as a stupid demand: is the
ban on carrying a pocket-knife or multi-tool any
less ludicrous? Steve is right: the law on knives
and edged weapons is a failure. More, I would
add: it is criminalising decent honest people,
and giving police officers the right (I am not
suggesting that they necessarily use or abuse
it) to harass law-abiding citizens. The law is
achieving nothing, and it is over-bearing. It
should be repealed, and an effective system of
dealing with all violence-related offences
brought into being. Punish the offender, not the
innocent - a country does not protect freedom
by denying it to its citizens.
Bill Wyllie
year - typically as part of an initial employee
induction - we’d recommend increasing this to at
least twice annually as well as providing
employees with frequent security refreshers.
The rate of change in cyber-threats means that
we all need to constantly adapt our methods of
protection. It’s no longer acceptable for cyber
awareness training to be a five-minute warning
given to new starters, the entire workforce
needs to be informed and up to date on new
threats. Additionally, this approach needs to be
supported by the IT department who, when an
incident occurs, needs to communicate this to
the entire business, providing insight as to why
an incident took place, what the implications
Data shake-up
Shocking stat
The UK anti-fraud organisation Cifas recently
released statistics highlighting that identities
were being stolen at the rate of almost 500 a
day! This is a truly shocking statistic and
highlights how much at risk we are all in today’s
online world. More important than anything is
not to get complacent or be ignorant of the
threat. A good starting point on this is to
perform a holistic vulnerability assessment
based on one of the well-defined frameworks
that provides an organisation with a benchmarked
assessment of their controls and
readiness as well as a path to improvement.
These risks are not going away and with
regulatory oversight increasing, for example
with the upcoming GDPR, they are going to
become more and more important! An epidemic
needs to be addressed from multiple angles.
Yes, there is a lot that you can do as an
individual but there is also a lot that
organisations can do and should do to
protected personal information.
Phil Beckett
Managing Director of Global Disputes and
Investigations, Alvarez and Marsal
Awareness among executives is now absolutely
critical in today’s digital age. While educating
and up-skilling every executive would be a
Sisyphean task, every business needs C-Level
functional leaders to take responsibility for
keeping the business running in these difficult
circumstances. The stakes are simply too high
for organisations to stand by and wait for an
attack to happen.
Jon Geater
CTO, Thales e-Security
were and, most importantly, what can be done
to prevent this from happening again. Protecting
your organisation from threats in not just about
preventative technology, it’s also about building
a culture of information security. An employee’s
understanding of security is one of the most
important and effective security measures that
organisations should be investing in, not least
because unwitting employees are often the
unknowing accomplice within an attack. While
good security habits take time, effort and
repetition, it’s better to invest in good practices
now than pay the price later.
Peter Groucutt
MD, Databarracks
The previous couple of issues, we’ve featured the likely UK law to update data
protection according to the General Data Protection Regulation (GDPR).
The GDPR is the greatest shake up in privacy legislation that we have
seen. The proposed laws align organisations’ responsibilities with the
expectations of individuals. It requires organisations to exchange data in
a safe and ‘properly regulated’ way and continues to protect the privacy
of individuals. Just as GDPR is based on how the European Union
values personal data and requires businesses to behave in an
appropriate manner, so does these data protection laws. Compliance
officers familiar with the requirements of the EU’s GDPR will not be
surprised by the contents of the Government’s proposal. These laws,
alongside GDPR and the Data Protection Bill show that the Government
is serious about Britain’s digital economy and is making steps to ensure
the way our data is protected will not be negatively impacted by Brexit.
Steve Durbin
Managing Director, Information Security Forum (ISF)
www.professionalsecurity.co.uk