CS Oct 2021
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Secure systems, secure data, secure people, secure business<br />
Computing Security <strong>Oct</strong>ober <strong>2021</strong><br />
contents<br />
CONTENTS<br />
Computing<br />
Security<br />
NEWS<br />
OPINION<br />
INDUSTRY<br />
COMMENT<br />
CASE STUDIES<br />
PRODUCT REVIEWS<br />
SUPPLY & DEMAND<br />
BACKING YOURSELF<br />
How to achieve backup<br />
The supply chain has never<br />
protection - with your<br />
been more vulnerable and at risk<br />
workforce fully engaged<br />
RANSOMWARE PAYDAYS<br />
If you are a victim, should<br />
you give in or fight it out?<br />
COMMENT 3<br />
Police point finger at tech giants<br />
CYBER THREAT INTELLIGENCE<br />
Some resources you just can’t do<br />
without and top intel is one of them<br />
ARTICLES<br />
ACHIEVING A SECURE WIPE 8<br />
Gareth Owen of Redkey USB delves into<br />
the world of Data Wipe Standards<br />
SECURITY AND THE SUPPLY CHAIN 10<br />
With supply chains under heavy pressure<br />
and shortages forecast, Paul Harris,<br />
Pentest Limited, looks at the implications<br />
NORTHERN IRELAND: HELPING TO<br />
BUILD A CYBER-SECURE FUTURE 12<br />
A new type of expertise is helping to safeguard<br />
personal, business and government<br />
data - and to defend critical infrastructure<br />
against hostile attacks<br />
4<br />
A SHAPE-SHIFTING WORLD<br />
ATTACKERS USE TRUSTED CLOUD SERVICES AND CONSTANTLY CHANGE THEIR<br />
TACTI<strong>CS</strong> TO AVOID KNOWN PATTERNS OF BEHAVIOUR. CAN ADVANCED THREAT<br />
PROTECTION STILL BE EXPECTED TO KEEP PACE AGAINST SUCH FORCES?<br />
A<br />
Patrick Wragg, Integrity360: the key to<br />
advanced threat protection is layers<br />
ensuring your operating systems and<br />
applications are up to date; users are<br />
educated; and that you have the latest<br />
security solutions in place.<br />
dvanced threat protection (ATP)<br />
refers to a category of security<br />
solutions that defends against<br />
sophisticated malware or hacking-based<br />
attacks, targeting sensitive data. ATP<br />
solutions can be available as software or<br />
as managed services. They can differ in<br />
approaches and components, but most<br />
include some combination of endpoint<br />
agents, network devices, email gateways,<br />
malware protection systems, and a<br />
centralised management console to<br />
correlate alerts and manage defences.<br />
But how do they operate and perform 'in<br />
anger', so to speak, and where might there<br />
be any weaknesses? At the same time,<br />
in a world where the threat levels alter<br />
i ally and rapidly at an alarming rate,<br />
d to be adapted to<br />
HEART OF THE ORGANISATION<br />
email attack is phishing [ie, harvesting login<br />
information using spoofed web pages of<br />
trusted brands]; once attackers have the<br />
ability to remotely log in to a corporate<br />
network, they can launch convincible fraud<br />
campaigns and surveil the environment to<br />
find the most sensitive data to steal or the<br />
most business-critical servers to infect with<br />
ransomware."<br />
Security controls beyond the gateway<br />
have traditionally focused on data loss<br />
prevention, sophisticated malware analysis<br />
and endpoint security solutions, he points<br />
out. "However, advanced email threats still<br />
evade detection and containment largely<br />
because attackers use trusted cloud servic<br />
and constantly change their tactics to avo<br />
known patterns of behaviour. Endpoint<br />
security agents can quickly spot a<br />
compromised device, but it may be too<br />
loss prevention can detect sensiti<br />
rganisation, but<br />
i<br />
A SHAPE-SHIFTING WORLD 14<br />
Can advanced threat protection (ATP) outwit<br />
attackers who now use trusted cloud services<br />
and constantly change their tactics to avoid<br />
known patterns of behaviour? Or is keeping<br />
ahead of such potent forces slipping out of<br />
the grasp of those under fire?<br />
CALLING FOR BACKUP 20<br />
ALL THE LATEST INTEL 17<br />
What approach should an enterprise take to<br />
Steven Usher, Brookcourt Solutions, offers<br />
ensure it has the best protections in place -<br />
his insights on measuring the success of<br />
a cyber threat intelligence program<br />
as well as employees who are fully engaged<br />
in making the process work? Getting this<br />
DATA IMPACT ASSURANCE LEVELS 18<br />
right is a complex, but essential, process<br />
The time has come to 'DIAL' it in, states<br />
and the payback its own reward!<br />
ADISA founder Steve Mellings<br />
SHOULD YOU PAY THE RANSOM? 23<br />
When threatened with a ransom demand,<br />
should you just submit? Steven Usher, of<br />
Brookcourt Solutions, weighs up the pros<br />
and cons<br />
TO PAY OR NOT TO PAY? 28<br />
Paying ransomware is a topic that greatly<br />
OPERATIONAL RESILIENCE 24<br />
divides opinion, especially in the corporate<br />
James Drake, of XCINA Consulting, looks<br />
boardroom. Cold logic might dictate that<br />
at the challenges and many opportunities<br />
any demand should be firmly rejected.<br />
that new regulations will bring<br />
What if it turned out to be a matter of life<br />
THE FLAWS IN HOME WORKING 25<br />
or death, though - wouldn’t that change<br />
Organisations have been opened up to<br />
everything?<br />
a world of new and unmanaged cyber risk<br />
AUTHENTICATION VS INSURANCE 26<br />
Nick Evans, of SecurEnvoy, considers a<br />
KNOWING YOUR ENEMY 32<br />
perplexing dilemma - and the role of MFA<br />
Threat intelligence is massively important<br />
STING IN THE TALE 34<br />
for all levels of organisations, since even<br />
Tim Callan, of Sectigo, on how easy it is to<br />
large companies have limitations on<br />
manipulate and falsify business emails<br />
resources. So, efforts must be put into<br />
projects that will pay off and help keep<br />
PRODUCT REVIEWS<br />
enterprises that much safer<br />
• Redkey USB 6<br />
• Zivver Secure Email 27<br />
computing security <strong>Oct</strong>ober <strong>2021</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk