27-10final
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The things you say Write to: Professional Security Magazine<br />
Westcroft, Cannock Road, Wolverhampton WV10 8QW<br />
Phone: 01922 415233 Email: info@professionalsecurity.co.uk Web: www.professionalsecurity.co.uk<br />
Knife crime issues<br />
I would not want it thought that I leap into action<br />
every time my chum Steve Collins goes to print,<br />
but I must again take issue with his position on<br />
knife crime, repeated in Professional Security,<br />
September 2017 – although, this time, I<br />
(almost) agree with him. Logic seems to be<br />
completely missing in current discussions of<br />
knife crime. “Knife crime is now four times more<br />
prevalent than gun crime”. Of course it is –<br />
have you ever tried to walk into a hardware<br />
store and buy a gun? Does everyone have a<br />
rack of guns hanging in the kitchen? There is a<br />
complaint that we are continually assured ‘knife<br />
crime has fallen’, but that those statistics are<br />
‘massaged’. And yet, 120,000 fewer people with<br />
violence-related injury were treated in A&Es<br />
across England and Wales in 2016 compared<br />
with 2010. So, ‘between 2014 and 2016 the<br />
number of children carrying knives in London<br />
schools rose by almost 50pc’. What actual rise<br />
is that – up from 2pc to 3pc of pupils is a 50pc<br />
rise. In my schooldays, virtually every boy (yes,<br />
it was a boy thing) carried a knife in school –<br />
for playing ‘split the kipper’ and other harmless<br />
pursuits. Now a child doing that is ‘a potential<br />
murderer’. In amongst all of these figures<br />
showing offences involving knives, where is the<br />
figure that shows what percentage of the knives<br />
were being carried illegally in a public place,<br />
and how many were kitchen knives turned on a<br />
domestic partner in the home? PC Keith<br />
Palmer’s killing – used an edged weapon - in<br />
Westminster in March [pictured; flowers in his<br />
memory outside the Houses of Parliament] was<br />
a tragedy of the first order. But, in the same<br />
incident, the attacker killed four other people,<br />
using a vehicle, a modus operandi that has now<br />
Cyber aware<br />
Cyber awareness training for staff is important; so<br />
is constant communicating of risks.<br />
Ongoing cyber awareness training is an integral<br />
element in an organisation’s defence against<br />
cyber-attacks. However, our research indicates<br />
that this has not been a focal point for many<br />
organisations over the past 12 months. This is<br />
concerning, especially in light of the NIS<br />
[security of network and information systems]<br />
directive and therefore immediate action is<br />
needed to address it. Firstly, for organisations<br />
who only carry out awareness training once a<br />
ID responsibility<br />
Identity fraud is a very real, and growing, threat.<br />
The responsibility to protect against it is shared<br />
between banks, online stores and other online<br />
providers, government and consumers. Online<br />
providers, for example, have a duty of care to<br />
safeguard the personal data of their customers.<br />
However, consumers must be vigilant and do all<br />
they can to minimise the risk of their personal data<br />
being stolen. Central to this is having up-to-date<br />
and appropriate Internet security software on all<br />
connected devices, installing operating system and<br />
application updates promptly, using strong and unique passwords,<br />
applying caution when using public Wi-Fi networks, being aware of our<br />
digital footprint and not revealing too much information about ourselves<br />
online.<br />
David Emm<br />
Principal Security Researcher, Kaspersky Lab<br />
82 OCTOBER 2017 PROFESSIONAL SECURITY<br />
been copied in several other terrorist attacks<br />
around the world. I have heard no-one say that,<br />
in consequence, driving cars and vans in a<br />
public place should therefore be made illegal.<br />
That would be seen as a stupid demand: is the<br />
ban on carrying a pocket-knife or multi-tool any<br />
less ludicrous? Steve is right: the law on knives<br />
and edged weapons is a failure. More, I would<br />
add: it is criminalising decent honest people,<br />
and giving police officers the right (I am not<br />
suggesting that they necessarily use or abuse<br />
it) to harass law-abiding citizens. The law is<br />
achieving nothing, and it is over-bearing. It<br />
should be repealed, and an effective system of<br />
dealing with all violence-related offences<br />
brought into being. Punish the offender, not the<br />
innocent - a country does not protect freedom<br />
by denying it to its citizens.<br />
Bill Wyllie<br />
year - typically as part of an initial employee<br />
induction - we’d recommend increasing this to at<br />
least twice annually as well as providing<br />
employees with frequent security refreshers.<br />
The rate of change in cyber-threats means that<br />
we all need to constantly adapt our methods of<br />
protection. It’s no longer acceptable for cyber<br />
awareness training to be a five-minute warning<br />
given to new starters, the entire workforce<br />
needs to be informed and up to date on new<br />
threats. Additionally, this approach needs to be<br />
supported by the IT department who, when an<br />
incident occurs, needs to communicate this to<br />
the entire business, providing insight as to why<br />
an incident took place, what the implications<br />
Data shake-up<br />
Shocking stat<br />
The UK anti-fraud organisation Cifas recently<br />
released statistics highlighting that identities<br />
were being stolen at the rate of almost 500 a<br />
day! This is a truly shocking statistic and<br />
highlights how much at risk we are all in today’s<br />
online world. More important than anything is<br />
not to get complacent or be ignorant of the<br />
threat. A good starting point on this is to<br />
perform a holistic vulnerability assessment<br />
based on one of the well-defined frameworks<br />
that provides an organisation with a benchmarked<br />
assessment of their controls and<br />
readiness as well as a path to improvement.<br />
These risks are not going away and with<br />
regulatory oversight increasing, for example<br />
with the upcoming GDPR, they are going to<br />
become more and more important! An epidemic<br />
needs to be addressed from multiple angles.<br />
Yes, there is a lot that you can do as an<br />
individual but there is also a lot that<br />
organisations can do and should do to<br />
protected personal information.<br />
Phil Beckett<br />
Managing Director of Global Disputes and<br />
Investigations, Alvarez and Marsal<br />
Awareness among executives is now absolutely<br />
critical in today’s digital age. While educating<br />
and up-skilling every executive would be a<br />
Sisyphean task, every business needs C-Level<br />
functional leaders to take responsibility for<br />
keeping the business running in these difficult<br />
circumstances. The stakes are simply too high<br />
for organisations to stand by and wait for an<br />
attack to happen.<br />
Jon Geater<br />
CTO, Thales e-Security<br />
were and, most importantly, what can be done<br />
to prevent this from happening again. Protecting<br />
your organisation from threats in not just about<br />
preventative technology, it’s also about building<br />
a culture of information security. An employee’s<br />
understanding of security is one of the most<br />
important and effective security measures that<br />
organisations should be investing in, not least<br />
because unwitting employees are often the<br />
unknowing accomplice within an attack. While<br />
good security habits take time, effort and<br />
repetition, it’s better to invest in good practices<br />
now than pay the price later.<br />
Peter Groucutt<br />
MD, Databarracks<br />
The previous couple of issues, we’ve featured the likely UK law to update data<br />
protection according to the General Data Protection Regulation (GDPR).<br />
The GDPR is the greatest shake up in privacy legislation that we have<br />
seen. The proposed laws align organisations’ responsibilities with the<br />
expectations of individuals. It requires organisations to exchange data in<br />
a safe and ‘properly regulated’ way and continues to protect the privacy<br />
of individuals. Just as GDPR is based on how the European Union<br />
values personal data and requires businesses to behave in an<br />
appropriate manner, so does these data protection laws. Compliance<br />
officers familiar with the requirements of the EU’s GDPR will not be<br />
surprised by the contents of the Government’s proposal. These laws,<br />
alongside GDPR and the Data Protection Bill show that the Government<br />
is serious about Britain’s digital economy and is making steps to ensure<br />
the way our data is protected will not be negatively impacted by Brexit.<br />
Steve Durbin<br />
Managing Director, Information Security Forum (ISF)<br />
www.professionalsecurity.co.uk