CS Nov-Dec 2023

Computing
Security
Secure systems, secure data, secure people, secure business
THE GREAT ESCAPE
Beating the cybercriminals
NEWS
OPINION
INDUSTRY
COMMENT
CASE STUDIES
PRODUCT REVIEWS
FACING UP TO AI
The good and the bad,
but which will win out?
DATA PRIVACY DILEMMA
Can the latest rules
and regulations
keep you safe as
an avalanche of new
threats sweeps in?
NIGHT OF TRIUMPH!
Revealed: who
took the laurels
at our 2023
Awards
Computing Security November/December 2023

comment
LEGAL CHALLENGE
We all need recourse to legal
services at various times in
our lives and rely on these
firms to protect our interests during
those transactions. Yet law firms, as
is now the case with so many other
businesses, are faced with a rapidly
evolving cyber security landscape,
with cybercriminals employing
increasingly sophisticated techniques
to breach their defences.
The shift towards remote work and
cloud services has broadened the
attack surface, says Access Group,
leaving law firms very vulnerable to
a wide range of cyber threats that
include phishing attacks, ransomware and supply chain vulnerabilities. It's a formidable
task to overcome these challenges, but one that has to be actively embraced. Firms
have to set aside the right levels of investment and planning to cope with this rising
threat - which means the involvement of everyone throughout the organisation.
"To protect themselves and their clients, law firms must adopt robust cyber security
measures, such as zero-trust methodologies and conditional access policies," states
business management software provider Access Group. Adds legal IT expert Harry
Fallows: "Staying informed about the latest cyber security trends and working with
reputable IT security providers are crucial steps in safeguarding sensitive data and
maintaining client trust in the digital age."
I cannot end this Comment without singling out the BIG happening that took place
in October: the 2023 Computing Security Awards.
What a remarkable night it was, with a powerful line-up of companies, solutions
and individuals vying for the top prizes. It was a privilege to be there and to have the
honour of presenting the winners with their engraved glassware.
For a round-up of all the winners and some great pictures, see pages 12-13. If the next
awards are up there with this one, we’ve another exceptional event to look forward to.
Brian Wall
Editor
Computing Security
brian.wall@btc.co.uk
EDITOR: Brian Wall
(brian.wall@btc.co.uk)
LAYOUT/DESIGN: Ian Collis
(ian.collis@btc.co.uk)
SALES:
Edward O’Connor
(edward.oconnor@btc.co.uk)
+ 44 (0)1689 616 000
Daniella St Mart
(daniella.stmart@btc.co.uk)
+ 44 (0)1689 616 000
Stuart Leigh
(stuart.leigh@btc.co.uk)
+ 44 (0)1689 616 000
PUBLISHER: John Jageurs
(john.jageurs@btc.co.uk)
Published by Barrow & Thompkins
Connexions Ltd (BTC)
35 Station Square,
Petts Wood, Kent, BR5 1LZ
Tel: +44 (0)1689 616 000
Fax: +44 (0)1689 82 66 22
SUBSCRIPTIONS:
UK: £35/year, £60/two years,
£80/three years;
Europe: £48/year, £85/two years,
£127/three years
R.O.W:£62/year, £115/two years,
£168/three years
Single copies can be bought for
£8.50 (includes postage & packaging).
Published 6 times a year.
© 2023 Barrow & Thompkins
Connexions Ltd. All rights reserved.
No part of the magazine may be
reproduced without prior consent,
in writing, from the publisher.
www.computingsecurity.co.uk Nov/Dec 2023 computing security
@CSMagAndAwards
3

Secure systems, secure data, secure people, secure business
Computing Security November/December 2023
inside this issue
CONTENTS
Computing
Security
THE GREAT ESCAPE
Beating the cybercriminals
DATA PRIVACY DILEMMA
NEWS
OPINION
INDUSTRY
COMMENT
CASE STUDIES
PRODUCT REVIEWS
FACING UP TO AI
The good and the bad,
but which will win out?
Can the latest rules
and regulations
keep you safe as
an avalanche of new
threats sweeps in?
NIGHT OF TRIUMPH!
COMMENT 3
Legal challenge: law firms battered by
breaches to their defences
Revealed: who
took the laurels
at our 2023
Awards
NEWS 6
Hornetsecurity’s 'essential companion'
How email is used to breach accounts
340 million people hit by data breaches
ARTICLES
INSIDE THE REVOLUTION 8
A new book argues why we must act
to overcome powerful technologies
disrupting and transforming our reality
CRUCIAL ROLE OF IDENTITY 11
Zero Trust adopts a 'never trust, always
verify' philosophy, with identity pivotal
RANSOMWARE’S UPS AND DOWNS 14
RANSOMWARE HITS BACKUP FILES 18
Some observers are reporting a drop-off in
Hornetsecurity’s Daniel Hofmann looks
ransomware, although, this is sometimes
into an ever-present danger
where comparisons are made on a monthly
basis. Year on year, the trend has often
VITAL ROLE OF CYBER TRAINING 20
remained upwards. For every more upbeat
How to drive employee engagement with
statistic that emerges, there is more often
departmental cybersecurity education
than not a corresponding downbeat one.
WHY LEADERSHIP SKILLS MATTER 21
How leaders can motivate and guide their
workforces in times of great peril
ON YOUR METAL! 25
THE CRIME-BUSTING BATTLE 22
Metal fabrication company reaches out for
Cybercrime is rapidly spreading and
the right solution to protect its operations
impacting organisations across the world.
According to one company monitoring the
FAKING IT WITH AI 30
worsening situation, global cyberattacks
Scaling new heights can be exhilarating,
increased by 28% in 2022, compared to
but it's also a precipice to tumble over
the same quarter in 2021 - and this trend
is only likely to continue.
DATA PRIVACY CHALLENGE 32
Is the constant battle to keep digital
privacy laws and regulations relevant to
the digital age still being won?
PHISHING ENTERS DARKER WATERS 26
By connecting to world events, anniversaries,
PRODUCT REVIEWS
holidays, as well as the hopes and fears of
ordinary people, cybercriminals can concoct
HORNETSECURITY 365
persuasive emails and many other forms of
PERMISSION MANAGER 10
communication, gaining employee trust
and getting them to open the doors into
ENDACE: ENDACEPROBE CLOUD 29
internal systems.
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk
4
OH, WHAT A (WINNING) NIGHT! 12
The Computing Security Awards 2023 clearly
demonstrated the remarkable breadth of
talent right across our industry. Each and
every category was hotly contested: in the
end, though, there could only be one winner.
We bring you the full rundown of the top
achievers on page 13.

Layers aren’t just for cakes; they’re
essential in cybersecurity’s secret
recipe for protection!
Bake it happen with VIPRE Security Group. Secure your
bytes before you take a bite with Email Security, Endpoint
Security and User Protection
www.vipre.com

news
Daniel Hofmann, Hornetsecurity.
HORNETSECURITY UNVEILS ITS
NEW 'ESSENTIAL COMPANION'
Cybersecurity provider Hornetsecurity has
published 'Microsoft 365: The Essential
Companion Guide', designed for IT administrators
who manage a Microsoft 365
environment. The guide can be accessed
here. It is also aimed at decision-makers
looking to gain an overview of what to
expect when migrating to the cloud and
ways they can adopt services in Microsoft
365 (M365). It complements Hornetsecurity's
recent launch of Plan 4 'Compliance &
Awareness' of its flagship solution 365 Total
Protection.
"The new Plan 4 of Hornetsecurity's cloudbased
solution is its most comprehensive,
taking M365 security management and data
protection to the next level by encompassing
email security, backup and recovery, compliance,
permission management and security
awareness," says the company.
Comments Hornetsecurity CEO Daniel
Hofmann: "Administrators have a big, and
often complex, job on their hands that can
become overwhelming, given the pace
at which technology and business needs
continue to advance." The guide will play
an important role in delivering a thorough
understanding of Microsoft 365 and how
to use it to the best of its abilities, he adds.
"With this guide, we want to save time and
hassles for M365 administrators, helping
them work smarter and not harder."
HOW ATTACKERS EXPLOIT EMAIL TO BREACH AN ACCOUNT
Anew Threat Spotlight by Barracuda researchers shows
how attackers can misuse inbox rules in a successfully
compromised account to evade detection. Meanwhile,
amongst other things, they quietly move information out of
the corporate network via the breached inbox. Not only this,
but attacks can also ensure that the victims don't see security
warnings, filing selected messages in obscure folders, so the
victim won't easily find them or delete messages from the
senior executive they are pretending to be, in an attempt
to extract money. Says Prebh Dev Singh, manager, email
protection product management, at Barracuda: "Malicious
rule creation poses a serious threat to the integrity of an organisation's
data and assets. Because it is a post-compromise
technique, it's a sign that attackers are already in your
network. Immediate action is required to get them out."
THE STRUGGLE TO ALIGN CYBERSECURITY WITH BUSINESS OUTCOMES
Aworrying 97% of respondents' organisations face
challenges in trying to align cybersecurity priorities with
business outcomes. That is one finding a study conducted by
Forrester Consulting on behalf of WithSecure (formerly
F-Secure Business). WithSecure chief information security
officer Christine Bejerasco says it requires cybersecurity
professionals to develop a different strategic approach to how
they think about their jobs. "It can be difficult for security
practitioners to see their work in relation to a business'
purpose or objectives, but that's really how many boards
or executives view security work," she states. "However, the
transition to outcome-based security doesn't necessarily
involve abandoning traditional metrics. It means explicitly
recognising the value of those metrics in relation to how
they benefit the organisation and its objectives."
Prebh Dev Singh, Barracuda.
Christine Bejerasco,
WithSecure.
ALMOST 340 MILLION PEOPLE HIT BY DATA BREACHES IN FOUR MONTHS
The 'Independent Advisor' has just launched
a new Company Data Breach Tracker for 2023.
A regularly updated, month-by-month timeline
of the latest such breaches and hacks in 2023, it
also tracks overall business breach statistics for the
year. With almost 340 million people affected by
business data breaches in the first four months
of 2023 alone, staying secure online remains a
growing concern for companies. More and more
fall victim to cyber-attacks, phishing scandals and
ransomware, leading to data leaks, huge payouts and often lawsuits. Lead writer and researcher
Camille Dubuis-Welch comments: "Like it or not, cybercrime is prolific."
6
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

DON’T
SaaSSS
GET YOUR
KICKED! !
TAKE CONTROL NOW AND
PROTECT YOUR SaaS DATA
Global SaaS vendors like Microsoft, Google and Salesforce
don’t assume any responsibility for your data hosted
in their applications. So, it’s up to you to take control
and fully protect your SaaS data from cyber threats or
accidental loss. Arcserve SaaS Backup offers complete
protection for your SaaS data, eliminating business
interruptions due to unrecoverable data loss.
Arcserve SaaS Backup
Complete protection for all your SaaS data.
arcserve.com
The unified data resilience platform

ook review
INSIDE THE REVOLUTION
A RANGE OF POWERFUL TECHNOLOGIES IS DISRUPTING AND TRANSFORMING EVERY CORNER
OF OUR REALITY. A NEW BOOK ARGUES WHY AND HOW WE MUST ACT AND ADAPT TO THIS
Unsupervised: Navigating and
Influencing a World Controlled
by Powerful New Technologies'
examines the fast-emerging technologies
and tools that are already starting to
revolutionise our world.
Beyond that, the book takes an in-depth
look at how we have arrived at this
dizzying point in our history, who holds
the reins of these formidable technologies,
mostly without any supervision, state its
authors, Daniel Doll-Steinberg and Stuart
Leaf. 'Unsupervised' sets out to explain why
we, as business leaders, entrepreneurs,
academics, educators, lawmakers, investors
or users and all responsible citizens, must
act now to influence and help oversee
the future of a technological world.
There are several chilling reminders in
the book of the seeming impasse we
have arrived at in our quest for greater
'advancement'. Take, for instance, this
observation from the two authors: "…
technology in the hands of humankind
is now akin to a massive double-edged
sword - a light saber, in fact, in the hands
of an untrained child. Wielding it can
create instant and possibly irreversible
impact, for good or for bad, faster than
one can realize what has happened".
Quantum computing, artificial
intelligence, blockchain, decentralisation,
virtual and augmented reality and permanent
connectivity are just a few of the
technologies and trends considered,
but the book delves much deeper, too.
It offers a thorough analysis of energy and
medical technologies, as well as cogent
predictions for how new tech will redefine
our work, money, entertainment, transportation
and our home and cities, and
what we need to know to harness and
prosper from these technologies.
Doll-Steinberg and Leaf detail how, when
we look a bit farther into the future, we
can see that the task facing us is to
completely reinvent life as we know it -
work, resources, war and even humanity
itself will undergo redefinition, thanks
to these new and emerging tools. In
'Unsupervised', they set out to examine
what these redefinitions might look like
and how we, as individuals and part
of society, can prevent powerful new
technologies from falling into the wrong
hands or be built to harm us.
ABOUT THE AUTHORS
DANIEL DOLL-STEINBERG created one of the first global standards for digital rights management, securing and delivering
activation keys and content direct to customers, which is said to have helped transform the software industry. Specialising in
disruptive technologies, and focusing on Blockchain and AI, he was later appointed by the European Commission, and then the
UK government, as an expert advisor specialising in education, growth, disruption and Future of Work policy.
STUART LEAF started his career at Merrill Lynch Capital Markets and Goldman Sachs. He held senior positions in smaller real
estate, private equity and asset management firms, before co-founding Cadogan Management, a Fund of Hedge Funds, in 1994.
Investing around the world in a range of strategies, including a significant exposure to technology, he and his partners grew the
funds to $7.5 billion in assets.
8
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

Simplify work,
protect devices
and data
with Jamf’s award-winning solution
Trusted Access is Jamf’s vision for
a zero trust experience that users
love and organisations trust. Only
authorised users, on enrolled devices
that are secure and compliant,
can access sensitive data.
Visiting Black Hat Europe
on 6–7 December?
Join us at stand 513.
www.jamf.com
REQUEST
Y O U R
F R E E
TRIAL
TODAY

product review
HORNETSECURITY 365 PERMISSION MANAGER
Microsoft 365 (MS365) is the
productivity and communications
platform of choice for organisations
of all sizes, with it already having
reached a staggering 382 million paid seats
this year. A huge number of companies,
including those with hybrid working
practices, clearly see the benefits of MS365
cloud collaboration services; but ensuring
adequate protection of information assets,
and preventing unauthorised and anonymous
access, can be a major challenge.
Hornetsecurity's 365 Permission Manager
is the perfect solution, as it provides
administrators with all the tools needed
to control access permissions, monitor
violations and enforce compliance policies.
Easily managed from a single cloud portal,
it readily allows organisations to ensure
compliance with internal and external
regulations, and maintain access policies
across sharing sites, folders and files.
Onboarding is very swift, as you simply
select 365 Permission Manager from
Hornetsecurity's Control Panel, provide all
required tenant details and authenticate
with your MS365 account. It avoids
management issues with MS365 global
administrators and potential permission
creep, as it uses API connections and
doesn't store any credentials.
INFORMATIVE DASHBOARD
The Control Panel presents a highly
informative dashboard, with pie charts
showing overall compliance health, plus
separate ones for SharePoint, OneDrive
and Teams. A time-filtered graph reveals
fixed and approved violations, while
others are provided for item-level and
policy compliance, upcoming and overdue
audits, and violation trends over time.
You can also view your compliance
policies and 365 Permission Manager does
all the hard work for you, as it includes a
set of predefined ones. These are all based
on the ISO 27001 information security
management systems standard, so
applying them to your organisation will
help you meet certification requirements.
You can easily create custom policies and
set internal and external sharing criteria,
while, at the site level, you set external
sharing levels for all people in your
organisation, existing and new guests
or anyone; apply default sharing links
and permissions; and set guest access
expiration times in days. Policies are a very
powerful feature as, if any action violates
them, administrators will receive an alert
and an option to approve or fix them.
SharePoint site and OneDrive account
exploration reveals all entities and their
applied policy, while colour-coded icons
show if they are compliant. Further
icons highlight if they have items with
anonymous access granted, those that
have organisation-wide access and with
external user access permitted.
Click the quick actions button and you
will then be presented with five of the
most powerful features of this service.
With no more than three clicks, you can
set an external sharing level for a Share-
Point site or OneDrive account, clean up
orphaned users, remove 'Everyone' permissions,
revoke user or group access or
set site permissions.
There's much more, as 365 Permission
Manager presents a 'To Do' list, with all policy
violations that require your attention. The list
can be filtered and, with one click, you can
either approve the violation or fix it: you can
fix site settings or 365 Permission Manager
can automatically remove user access.
As you'd expect, there are plenty of reporting
tools provided, with options to generate ones
for full site permissions, user and group
access, and also external access. An activity
log provides essential auditing for all administrative
activities and the portal generates
daily alert summaries, which can be sent to
multiple recipients.
MS365 rights management presents many
pain points, as it is far too easy for users to
share files across this platform and so difficult
for administrators to stay in control.
Hornetsecurity's 365 Permission Manager
brings order to this rights chaos and gives
administrators the power to effortlessly
enforce policy compliance and ensure access
to critical data is tightly locked down.
Product: 365 Permission Manager
Supplier: Hornetsecurity
Web site: www.hornetsecurity.com
Tel: +44 (0) 203 0869 833
Sales: sales@hornetsecurity.com
Contact Hornetsecurity for pricing
10
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

zero trust
CRUCIAL ROLE OF IDENTITY IN ZERO TRUST SECURITY
ZERO TRUST ADOPTS A 'NEVER TRUST, ALWAYS VERIFY' PHILOSOPHY, WITH IDENTITY PLAYING A PIVOTAL ROLE
security while allowing for flexibility and user
productivity."
Moreover, Zero Trust extends beyond the
initial authentication process; it emphasises
both continuous monitoring and adaptive
authentication. In this context, identity is
not a one-time verification, but an ongoing
process. Users and devices are continually
assessed for risk and access privileges can be
adjusted in real time, based on changing
circumstances.
Global analyst Gartner estimates that
more than 85% of organisations will
embrace a cloud-first principle and
over 95% of new digital workloads will be
deployed on cloud-native platforms by 2025.
This increasingly digital world accelerates
cybersecurity threats, leading organisations to
embrace new strategies to protect sensitive
data and assets.
The Zero Trust approach, with identity as
the linchpin, has gained prominence among
cybersecurity trends for organisations to mitigate
emerging cyber risks and have better
cyber hygiene, according to Brian Ramsey,
VP of America, Xalient, and Jaye Tilson, field
CTO, HPE Aruba Networking.
"Traditionally, organisations relied on perimeter
based security models that operated
under the assumption that threats could
be kept at bay by securing the network
perimeter," they point out. "However, as
cyberattacks became more sophisticated,
it became clear that this approach was no
Brian Ramsey (left) and Jaye Tilson:
identity plays a pivotal role.
longer effective. Attackers found ways to
bypass these perimeter defences, rendering
them inadequate."
Zero Trust flips this model on its head
by adopting a 'never trust, always verify'
philosophy, they state. "In a Zero Trust
environment, trust is never assumed,
regardless of whether a user or device is
inside or outside the corporate network.
Identity plays a pivotal role in verifying and
authenticating users and devices, ensuring
that access to resources is granted based
on their identity, permissions and the context
of their request."
They single out identity as being right at
the heart of context-aware access control,
a fundamental component of Zero Trust.
"For example, a user attempting to access
a critical database from an unfamiliar device
and location may trigger additional authentication
measures or even deny access entirely
until their identity and intent are verified. This
dynamic approach to access control enhances
"For instance, if an authenticated user
suddenly exhibits unusual behaviour patterns
or attempts to access sensitive data outside
of their usual work hours, the system can
flag this as a potential security threat and
prompt additional authentication or restrict
access until the user's identity and intent are
confirmed."
In a Zero Trust environment, identity-centric
threat detection and response are critical
components. "By closely monitoring the
behaviour and identity of users and devices,
organisations can quickly detect and respond
to suspicious activities. Identity-based threat
detection enables security teams to identify
unauthorised access attempts, insider threats,
and other malicious activities that may go
unnoticed in traditional security models.
However, they also offer a few words of
caution. "A mature, widely deployed?Zero
Trust?implementation demands integration
and configuration of multiple different
components, which can become quite
technical and complex. Success is highly
dependent on the translation to business
value. Our advice is to start small and evolve,
making it easier to better grasp the benefits
of a programme and manage some of the
complexity, one step at a time."
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security
11

2023 CS Awards
Magician Nick Einhorn: 'Now you see him….'
https://flic.kr/s/aHBqjAZ4Es
Oh what a (WINNING) night!
THE 2023 COMPUTING SECURITY AWARDS TOOK PLACE AT A TOP LONDON VENUE:
AND WHAT A NIGHT OF SUCCESS AND CELEBRATIONS THEY PROVED TO BE
Guests gather before the dinner and awards ceremony.
The Computing Security Awards were
once again a massive success, clearly
demonstrating what a remarkable
breadth of talent there is right across every
sector of our industry.
While the winners in each category were
rightly applauded and feted by all of those
who attended, what was evident was how
competitive these awards - now in their 14th
year - have become. Category after category
was hotly contested. Everyone could enjoy
their own sense of achievement at making
it into the final.
It was a night of many surprises on many
levels - not least when Nick Einhorn took
to the stage and beguiled the whole room
with his magic skills. A winner on ITV1's hit
show, 'Penn & Teller: Fool Us', in which he
bamboozled two of the most revered and
respected magicians in the world, he's a Gold
Star member of The Inner Magic Circle and
three-times winner of The Magic Circle 'Closeup
Magician of the Year' award and it wasn't
hard to see why. Great entertainment from
an excellent entertainer.
This was a magic night in every sense.
All that remains is to extend our warmest
congratulations to the winners and everyone
who took part, making these awards a truly
unique and unmissable occasion.
On ther following page are all the Winners
on the night for each of the awards:
12
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

2023 CS Awards
THE 2023 WINNERS:
EMAIL SECURITY SOLUTION OF THE YEAR
Smarttech247 - NoPhish
ANTI MALWARE SOLUTION OF THE YEAR
Hornetsecurity - Hornetsecurity 365 Total Protection
INCIDENT RESPONSE & INVESTIGATION SECURITY SERVICE
PROVIDER OF THE YEAR
Cyderes
NETWORK SECURITY SOLUTION OF THE YEAR
macmon - macmon NAC
ENCRYPTION SOLUTION OF THE YEAR
Watchguard - AD360
ADVANCED PERSISTENT THREAT (APT)
SOLUTION OF THE YEAR
Gatewatcher - AIONIQ
DATA LOSS PREVENTION SOLUTION OF THE YEAR
VIPRE Security Group - SafeSend
CYBER SECURITY COMPLIANCE AWARD
Torsion Information Security
AI AND MACHINE LEARNING BASED SECURITY
SOLUTION OF THE YEAR
Heimdal Security - Threat Prevention Endpoint
IDENTITY AND ACCESS MANAGEMENT
SOLUTION OF THE YEAR
SecurEnvoy - Access Management Solution
ANTI PHISHING SOLUTION OF THE YEAR
Metacompliance - MetaPhish
SECURE DATA & ASSET DISPOSAL COMPANY OF THE YEAR
Gigacycle
CLOUD-DELIVERED SECURITY SOLUTION OF THE YEAR
Cyderes - Cyderes Cloud Identity
MOBILE SECURITY SOLUTION OF THE YEAR
Jamf - Jamf Protect
PENETRATION TESTING SOLUTION OF THE YEAR
Edgescan - Edgescan Professional Services
BREACH AND ATTACK SIMULATION SOLUTION OF THE YEAR
Kroll - Redscan
DATA PROTECTION AS A SERVICE PROVIDER OF THE YEAR
Veritas
REMOTE MONITORING SECURITY SOLUTION OF THE YEAR
Cursor Insight - Graboxy Sentinel
SECURITY EDUCATION AND TRAINING PROVIDER
OF THE YEAR
Metacompliance
WEB APPLICATION FIREWALL OF THE YEAR
Cyberhive - Trusted Cloud
THREAT INTELLIGENCE AWARD
VIPRE Security Group
SECURITY RESELLER OF THE YEAR
Next Generation Security
SECURITY DISTRIBUTOR OF THE YEAR
Brigantia
ENTERPRISE SECURITY SOLUTION OF THE YEAR
Libraesva - Libraesva Email Security
SME SECURITY SOLUTION OF THE YEAR
VIPRE Security Group - ATP
INDIVIDUAL CONTRIBUTION TO CYBERSECURITY AWARD
Rob Jeffery, CTO - Next Generation Security
CYBER SECURITY CUSTOMER SERVICE AWARD
Brookcourt Solutions
SECURITY SERVICE PROVIDER OF THE YEAR
Sapphire
SECURITY PROJECT OF THE YEAR - PUBLIC SECTOR
TMC3 - Department for Transport (DfTc)
SECURITY PROJECT OF THE YEAR - PRIVATE SECTOR
Redkey USB - Preloved Tech
SECURITY PROJECT OF THE YEAR - CLOUD COMPLIANCE
Barracuda - NHS Scotland
EDITOR'S CHOICE
Hornetsecurity - 365 Permission Manager
CYBER SECURITY INNOVATION AWARD
MTI - Security Targeted Operating Model (STOM)
NEW PRODUCT/SOLUTION OF THE YEAR
Veritas - Veritas Alta
ONE TO WATCH SECURITY – PRODUCT
Arcserve - Arcserve UDP
ONE TO WATCH SECURITY – COMPANY
Censornet
SECURITY COMPANY OF THE YEAR
MetaCompliance
SECURITY SOFTWARE SOLUTION OF THE YEAR
SecurEnvoy - Data Discovery
SECURITY HARDWARE SOLUTION OF THE YEAR
Arcserve - Arcserve OneXafe 4500 Series
To see the full results – Winners and Runners-up – go to:
www.computingsecurityawards.co.uk
www.computingsecurity.co.uk Nov/Dec 2023 computing security
@CSMagAndAwards
13

ansomware
ENEMY NO 1 - IS THE
CROWN SLIPPING?
WHILE THERE ARE INDICATIONS THAT RANSOMWARE MAY BE SLIDING DOWN THE CHARTS
OF PREFERRED ATTACK METHODS, THE OVERALL MESSAGE STILL REMAINS MIXED
Anumber of observers are now reporting
a drop-off in ransomware activity,
although, in some instances, this is
where comparisons are made on a monthly
basis, whereas, year on year, the trend has
often remained upwards. For every more
upbeat statistic that emerges, there is usually
a corresponding downbeat one, as can be all
too readily seen in this article.
Deepen Desai, Global CISO, head of security
research & operations at Zscaler, points to how
Zscaler's ThreatLabz research team reported
earlier this year that ransomware attacks
had grown 37% overall year over year, with
the average cost of an attack reaching a
staggering $5.3 million. "The use of phishing
and spam email has long been a primary
infection vector for ransomware threat actors,
but some actors are switching tactics." Desai
cites how the recent and growing number
of attacks on the gaming industry, along with
the popularity of malware like 'BazarCall',
showcase a technique called 'vishing'.
Vishing involves voice-based attacks where
actors speak over the phone, rather than
through email, finding it more effective, due
to a lack of awareness, compared to emailbased
spam, which often requires mandatory
training at many organisations. "While some
recent attacks didn't involve spam, the ultimate
objective remains the same: infiltrate the target
environment, perform lateral movement to
obtain access to an administrator's account,
identify crown-jewel applications to exfiltrate
large volumes of sensitive data, and potentially
deploy ransomware," he adds.
"Ransomware attacks all follow the sequence
[or similar] to the one I've mentioned above.
To stop these attacks consistently, your security
strategy should aim to disrupt as many stages
of this attack chain as possible, maximising
your chances of stopping the attack, even if
the threat actors evade some of your security
controls. To safeguard your organisation,
I recommend replacing vulnerable appliances
like VPNs and firewalls with Zero Trust Network
Access (ZTNA) for applying consistent security
with enhanced segmentation."
THEFT IS 'THE BIGGEST CONCERN'
Meanwhile, Integrity360 has recently released
research findings into the cybersecurity threats
being faced by 205 IT security decision makers,
with more than half of the respondents (55%)
citing data theft as the biggest concern, which
is followed by phishing (35%) and then by
ransomware (29%).
CIOs (30%) and CTOs (33%) surveyed also
ranked APTs (advanced persistent threats)
and targeted attacks as a bigger concern
than ransomware (28%, 33%). "As APTs are
generally established to deliver objectives with
national-level implications, such as espionage
or destruction of infrastructure, it's no surprise
that, as these threats continue to mount,
the emphasis on ransomware, whilst still an
ongoing concern, is lessening relative to other
threats," points out the cybersecurity specialist.
Ransomware (25%) was ranked fourth
amongst the challenges causing sleepless
nights, likely due to the increased awareness
surrounding backups, states Integrity360,
making ransom attacks less rewarding, "while
data theft alone can have dire consequences,
in terms of reputational damage, hefty compliance
fines and potential loss of IP, to name
but a few".
According to Brian Martin, head of product
development, innovation and strategy, at
Integrity360: "IT environments have become
increasingly complex, with many enterprises
now employing multi-cloud strategies and
multiple products, which can leave gaps
in security, and see businesses paying
for underutilised and overlapping tools
unnecessarily. Consolidation of cybersecurity
architectures can strengthen risk posture,
reduce the number of tools and vendors in
place, eliminating silos, reducing costs and
improving overall security posture."
LOWS AND HIGHS
August 2023 saw a drop in ransomware
attacks, according to NCC Group's August
Threat Pulse, with 390 attacks representing
a 22% drop from July. It comes after back-toback
record months in June and July, largely
the result of Cl0ps MOVEit exploitation and
the ongoing impact of the attack. Lockbit 3.0
14
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

ansomware
returned to pole position in August, responsible
for carrying out the largest volume of
attacks at 125, 32% of total attacks in the
month. It represents a 150% month-onmonth
increase on its July activity. BlackCat
took the second spot with 41 attacks (11%),
followed by 8Base with 32 (8%).
Some 47% of all ransomware attacks in July
took place in North America, consistent
with previous months. However, the region
experienced a 7% relative drop in August, as
compared to July where it held 54% of all
victims. Europe remains in second place with
108 victims in August, representing 28% of
total attacks.
"After two record months for ransomware
attacks, the fall in attacks in August was to
be expected," says Matt Hull, global head of
threat intelligence at NCC Group. "The number
of victims in June and July was somewhat
inflated by the huge success that Cl0p had
exploiting the vulnerability in the MoveIT
platform. This being said, the number
of recorded victims in August was still
significantly higher than this time last year."
HEALTHCARE IN NEED OF A CURE
Vitali Edrenkine, chief marketing officer at
Arcserve, says that, in the face of growing
numbers and sophistication of ransomware
attacks, the highly targeted healthcare industry
continues to grapple with inadequate data
protection and recovery mechanisms. "An
ounce of prevention may be worth a pound
of cure - but our latest market research shows
that, when it comes to ransomware resilience,
too many healthcare institutions have neither,"
he continues. "A robust backup and disaster
recovery strategy is critical for healthcare
organisations to build resistance to malicious
attacks."
Findings from Arcserve's annual independent
global research, focusing on the healthcare
sector's approach and experience of data
protection, recovery, and ransomware
readiness, indicate that 45% of healthcare
respondents experienced a ransomware attack
in the past 12 months:
83% of ransom demands were between
$100,000 and $1 million
67% paid the ransom
45% did not recover all their data after
ransomware attacks.
Some of the key issues around ransomware
highlighted by Arcserve include:
82% of healthcare IT departments lack
an updated disaster recovery plan
Nearly 75% of respondents believe data
backed up to a public cloud is safer than
data backed up on-premises
More than 50% of respondents mistakenly
believe the cloud provider is responsible for
recovering their data.
SONY DATA SOLD ON DARK WEB
A big stumbling block regarding the paying of
a ransom is whether the perpetrators will
return all, or any, of your data, if you pay up.
Whatever the reasoning, when Sony was hit
by a ransomware attack recently and refused
to shell out the ransom demanded, its data
ended up being sold online on the dark web.
Irrespective of the refusal to pay a ransom,
Carlos Morales, SVP of solutions at purposebuilt
global cloud-based security platform
Vercara, stresses how the attack itself highlights
the fact that any company, regardless
of size and level of security sophistication,
can fall victim to this threat. "The sheer
number of entry points into a company,
from supply-chain to contractors, to each
and every employee, makes it impractical to
believe that you are going to be able to seal
all of these up," he says.
"While it is extremely important to educate
your base of users to be on the look out
for these threats and to vet your suppliers
carefully, this alone will not guarantee
prevention. Now that AI is supercharging
bad actors' ability to craft spear phishing or
smishing messages, it is virtually guaranteed
that more, rather than fewer, people will
Brian Martin, Integrity360: consolidation
of cybersecurity architectures can
strengthen risk posture.
Deepen Desai, Zscaler: healthcare industry
continues to grapple with inadequate data
protection and recovery mechanisms.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security
15

ansomware
Michael Smith, Vercara: ransomware is
having "catastrophic consequences on
critical national infrastructure".
Carlos Morales, Vercara: impractical to
believe you can seal up all entry points.
become victims of this kind of attack."
CRIMINALS GO FOR THE JUGULAR
September marked 10 years since Crypto-
Locker, the first ransomware campaign to
successfully blend encryption, peer-to-peer
controls, social engineering and cryptocurrency,
first appeared. "This toxic brew
proved to be extraordinarily successful," states
Sophos, "netting the attackers 31,000 Bitcoin
[at that time, over $4 million US] in the first
four weeks, ushering in the modern era of
day-to-day financial e-crime."
Since then, says the company, ransomware
has flourished, with attacks accounting for
69% of incident response cases in the first half
of 2023. "Comparing 2022 to the first half of
2023, the time from the start of ransomware
attacks to detection shrank from a median of
eight days to just five." The median time from
data exfiltration to ransomware deployment
was just 21 hours, while, for exfiltrated data,
the median time until it was publicly posted
was just a little over 28 days.
"Ransomware has had a long history and,
while CryptoLocker is just one of many
inflection points, it's an important one when
we look at the model ransomware follows
today-encrypting data and then demanding
cryptocurrency to decrypt the data,"
comments Chester Wisniewski, field CTO,
Sophos. "Over the years, ransomware has
proven itself as a tried-and-true method
for extorting money from victims. Now,
ransomware is an everyday part of the criminal
threats we face. That's a problem, because
ransomware is still a devastating type of
attack; what's more, organisations have
increasingly less time to minimise damage.
"What we're seeing in the data from our
Active Adversary reports over the past three
years is an increasing mechanisation and
professionalisation amongst the criminals.
Not only are ransomware criminals striking
the final blow in only five days, they're going
for the jugular - your Active Directory
infrastructure, within 16 hours or so. Plodding
ransom attacks that linger for a month or more,
as we saw in the early days of enterprise
ransomware, are no longer the case."
The UK's National Cyber Security Centre
(NCSC) and National Crime Agency (NCA)
have published a joint whitepaper, examining
how the tactics of organised criminal groups
have evolved as extortion attacks have grown
in popularity with the ransomware industry
developing into a sophisticated supply chain,
defying western governments and leaving
exposed businesses on the back foot.
RISE IN CYBER-WARFARE
Ransomware is having "catastrophic consequences
on critical national infrastructure (CNI)
and other vital services", states Michael Smith,
field CTO at Vercara. "While many cyberattacks
leave businesses unscathed, 18 ransomware
incidents elicited a national level response or
government intervention. Given increased geopolitical
tensions and a rise in cyber-warfare,
international leaders and governments have
acknowledged this threat at a global scale
and the risk it poses to crucial services. Just
last year, the European Commission proposed
new rules to ensure greater consistency and
efficiency in cyber and information security
measures across EU institutions, bodies, offices
and agencies.
All this data goes to highlight the scale of the
challenge ahead for the cybersecurity sector,
adds Smith. "Cybercriminals attack everybody,
it's their means of revenue. All business leaders
must assume that at some point they will be
one of their targets. The criminals running
these campaigns are looking to cause as much
disruption as possible, with maximum impact
and even bigger reward.
"Earlier forms of ransomware typically
resulted in downtime or unavailable data,
but newer strains are emerging and threat
actors are constantly changing their tactics,
with some threatening a Distributed Denial
of Service (DDoS) style-attack."
16
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

Computing
Security
Secure systems, secure data, secure people, secure business
Product Review Service
VENDORS – HAS YOUR SOLUTION BEEN
REVIEWED BY COMPUTING SECURITY YET?
The Computing Security review service has been praised by vendors and
readers alike. Each solution is tested by an independent expert whose findings
are published in the magazine along with a photo or screenshot.
Hardware, software and services can all be reviewed.
Many vendors organise a review to coincide with a new launch. However,
please don’t feel that the service is reserved exclusively for new solutions.
A review can also be a good way of introducing an established solution to
a new audience. Are the readers of Computing Security as familiar with
your solution(s) as you would like them to be?
Contact Edward O’Connor on 01689 616000 or email
edward.oconnor@btc.co.uk to make it happen.

inside view
RANSOMWARE THREATENS BACKUP FILES
COULD THE LAST LINE OF DEFENCE AGAINST ONE OF THE MOST PERNICIOUS FORMS OF ATTACK
NOW BE IN DANGER? DANIEL HOFMANN, CEO, HORNETSECURITY, OFFERS HIS THOUGHTS
Ransomware attackers have become
increasingly focused on targeting
backup storage over the past several
years. Special measures are required to
protect data backups from malicious
manipulation. Immutable cloud storage is
the magic word.
While ransomware attacks have been a
threat for more than 30 years, they have
increased dramatically over recent years due
to many factors including the rise
of Generative AI systems.
A recent Ransomware study
by Hornetsecurity shows
that nearly 60% of
companies are 'very' to
'extremely' concerned
about ransomware
attacks. On top of
this, 76.2% of
respondents have
changed the way
their company
backs up data
partly in response
to the evolving
threat of
ransomware.
At the same time, ransomware attacks
are becoming easier, smarter, and more
dangerous. For example, ransomware-as-aservice
offerings are increasingly appearing
on the darknet, enabling fraudsters to carry
out successful extortion campaigns even
without programming skills and the
corresponding IT infrastructure. A new
dimension has recently been reached with
the spread of generative AI models such as
ChatGPT and WormGPT. With the help of
the innovative AI bot, security specialists at
Hornetsecurity succeeded in developing
sophisticated ransomware with minimal
effort, which can pose high risks for victims.
INCREASED FOCUS ON BACKUP COPIES
In increased ransomware attacks specifically
against backups, hackers are using extortion
software to encrypt data backed up on
storage media devices to deny access
to users. This is particularly perfidious, as
a company relies precisely on backups in case
the data in the production systems is lost or
damaged. The (now encrypted) backups are
only unlocked or restored in exchange for
a ransom and if the payment is not received
in time, the hackers can threaten to delete
or steal the data or even publish sensitive
18
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

inside view
company information. Ransomware costs
companies millions of pounds every year,
with six or even seven figure ransom
demands now being common. If a victim
does not pay, their business can come to
a standstill, and entire workflows and
processes become disrupted. At the same
time, there is a threat of loss and theft of
confidential company data, which can result
in high financial losses. If, for example,
a credit institution loses sensitive customer
data, it can expect not only claims for
damages but also a permanent loss of
image, reputation, and customers.
INCREASED PRESSURE, DUE
TO NIS2 REQUIREMENTS
In addition, companies must prepare for
stricter legal data protection and compliance
requirements. While the EU General Data
Protection Regulation (GDPR) of 2018 has
been the most important of these, the clock
is now ticking on the implementation of the
new EU cybersecurity directive NIS2 (Network
and Information Security) within the UK.
NIS2 tightens the security requirements for
operators of critical infrastructures (CRITIS)
and was designed to enhance cyber
resilience for organisations across the
UK and EU. For the first time, small and
medium-sized institutions in system-relevant
areas of public life such as healthcare,
education and public authorities are also
required to implement baseline security
measures to protect against cyber-attacks.
KEY TAKEAWAYS FROM 2023 RANSOMWARE ATTACKS SURVEY
Since suppliers must also comply with NIS2,
almost all companies and organisations will
be affected by the new EU cybersecurity
directive in the future. If data protection
and compliance breaches occur, NIS2 makes
those responsible personally liable and
imposes penalties of up to 10 million pounds
or 2% of annual global turnover.
NIS2 also contains stricter requirements
for organisations who suffer cyberattacks,
as initial reporting must now be made within
24 hours. UK and EU member states only
have until October 2024 to implement NIS2,
meaning that companies should install the
necessary security measures as soon as
possible.
In its recent survey, Hornetsecurity highlighted the following:
93.2% of respondents rank ransomware protection as 'very' to 'extremely'
important, in terms of IT priorities for their organisations
12.2% of respondents do not have a disaster recovery plan in place,
in the event of a ransomware attack
90.5% of respondents say they protect their backups from ransomware
75% of respondents cited 'end-point detection software with anti-ransomware
capabilities' as the most common tool to combat ransomware
19.7% of respondents said their organisations had been the victim of
a ransomware attack, with the majority, 62.1%, occurring in the past three years
79.3% of ransomware victims reported that they managed to recover the
compromised data from a backup
51.7% of respondents mentioned 'email/phishing' as the main attack vector
for ransomware attacks
81% of respondents said their organisations provide user training to recognise
ransomware attacks, with 95.8% stating the training was 'useful.'
28.9% of Microsoft 365 respondents said they do not have a recovery plan
in place, in case of a ransomware attack.
IMMUTABLE BACKUPS
AGAINST RANSOMWARE
This also applies to the protection of backup
files against the growing ransomware risks.
In principle, ransomware can originate from
different sources and be transmitted in
various ways. At the forefront are phishing
emails that contain ransomware-infected
attachments which can lead to the compromise
of the entire network. To mitigate
these risks, many organisations are
combining various methods, including
endpoint security, advanced threat detection
and response, patch management, multifactor
authentication (MFA), and employee
security training to ensure employees are
equipped to identify and prevent attempted
phishing attacks.
Several methods can be used to achieve
immutability of data backups. Today, WORM
technology, which was developed back in
the late 1970s, is the main method used
to defend against ransomware attacks.
WORM stands for Write-Once-Read-Many,
which means that a backup copy can only
be created once (writing) and is then writeprotected
for a certain period of time.
So, when choosing a backup solution,
companies should prefer a product that
supports immutability through the use of
WORM technology. Various media, such as
memory cards and external hard disks, or
external cloud services can be used to store
the data.
In the wake of rising ransomware attacks,
backups are coming under increasing threat
as the last barrier against the deletion and
manipulation of critical corporate data.
Immutable backup storage provides an
effective defence against the threat of
ransomware. With VM Backup V9 from
Hornetsecurity, organisations can leverage
a new solution to protect their backup data
via Immutable Cloud storage. This ensures
that their data cannot be modified or
deleted within a specified time period
or regulatory or legal retention period.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security
19

cybersecurity training
DRIVING EMPLOYEE
ENGAGEMENT WITH DEPARTMENTAL CYBERSECURITY TRAINING
METACOMPLIANCE'S NEW DEPARTMENTAL-FOCUSED CYBERSECURITY TRAINING SERIES AIMS TO ADDRESS
DEPARTMENT-SPECIFIC CONCERNS AND REDUCE RESISTANCE TO USER TRAINING COMPLETION
Each department within an organisation
fulfils a vital function, and each brings
distinctive challenges and vulnerabilities.
For example, the HR department handles
sensitive employee data, while the IT team
manages critical infrastructure. Likewise
privileged users, by nature of their access,
have the potential to cause significant harm,
if their credentials are compromised or if
they engage in malicious activities. These
users require specific cybersecurity training
to understand the gravity of their role in
safeguarding this information.
Despite these distinctions, it's common
practice to provide the same cybersecurity
training to all employees. This generic training
typically provides a broad overview of
cybersecurity concepts, but lacks the depth
required for individuals with specialised roles
and responsibilities. Whilst generic security
training ticks a checkbox, relying on a 'onesize-fits-all'
approach is not enough, states
MetaCompliance. "This approach can result
in employees becoming disengaged and
passive participants in Security Awareness
Training. Cyber threats are now increasingly
sophisticated and targeted attacks based on
individual job roles are on the rise."
HIGHER ENGAGEMENT RATES
By delivering content that directly aligns with
the roles and responsibilities of the end users,
organisations can drive higher engagement
rates and reduce resistance to cybersecurity
training. When employees receive targeted
content that relates to their daily tasks, this
makes them more likely to retain the
information and implement improved
cybersecurity behaviours.
"Departmental cyber training marks a
significant leap forward in the world of
security awareness training and aims
to address the pressing need for more
personalised and effective training solutions
in an era of ever-evolving cyber threats,"
adds Metacompliance.
"Embracing this shift and championing
departmental training can be a game-changer
in safeguarding organisations against the everevolving
cyber threats. This is because departmental
cybersecurity training mobilises each
department, transforming them into a wellcoordinated,
cyber-resilient workforce. It equips
individuals with the knowledge and skills
needed to defend against evolving threats
and make informed decisions that enhance
the organisation's overall security posture."
The departmental-focused approach also
empowers CISOs to communicate the value
and relevance of security awareness training
tailored to each department, it says. "This
level of personalisation fosters a sense of
ownership and commitment among
employees, leading to active participation in
security training. When employees see their
leadership prioritising cybersecurity education,
they are more likely to take it seriously."
Recognising the real need to address
department-specific concerns and reduce
resistance to user training completion,
MetaCompliance hasrecently announced
the release of its new departmental-focused
cybersecurity training series.
GAME-CHANGER
The Departmental Series addresses 12 key
cybersecurity risks and is specifically tailored
to eight organisational departments, which
include human resources, marketing, sales,
finance, privileged users, executive teams,
legal and procurement. The content is also
available in 43 languages, catering to diverse
workforces around the world.
Cybersecurity evangelist at MetaCompliance,
Robert O'Brien, says: "We understand that
employees have diverse responsibilities and
priorities, and security awareness is not
always at the top of their minds.
"This fuelled our mission to advance
cybersecurity training by speaking the
language of each department and delivering
content that truly engages end users.
The Departmental Series will help create
a cultural shift in security awareness.
"By focusing on content that directly impacts
an employee's day-to-day tasks, our training
ensures that end users stay engaged and
retain crucial information, enabling them to
implement positive cybersecurity behaviours."
To learn more about MetaCompliance's
Departmental Series, visit:
www.metacompliance.com/departmental-series
20
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

leadership skills
LEADERSHIP SKILLS - WHY THEY MATTER
AT A TIME WHEN SO MANY THREATS ARE FACED BY EVERY ORGANISATION,
LEADERS WHO CAN MOTIVATE AND GUIDE THE WORKFORCE ARE VITALLY IMPORTANT
Leadership skills help to create
a vision and rally people around
a common cause, boosting morale.
They also pass on the necessary skills
and knowledge to enable those around
them to make informed decisions and
solve problems effectively and with confidence.
When it works, it's a massive
boost to employee unity and self-belief.
But how do organisations identify, recruit
and nurture the right calibre of people
to perform this leadership role in the
first place?
"In the face of today's growing cyberattacks,
leadership is required to invest
in the means to prevent breaches and
to ensure that data is backed up or airgapped."
Such is the view of David
Trossell, CEO and CTO of Bridgeworks.
"Leadership is also about practising what
you preach by communicating with staff
and training them to avoid falling foul
of, for example, ransomware attacks
that could render an organisation's
useless and prevent any form of service
continuity."
It also involves thinking about the longterm
health of the organisation, its
partners and its customers by investing in
training ordinary staff and cyber-security
teams as an increasing number of attacks
involve social engineering, he continues.
"Within this scenario, generative AI is
making cyber-security more challenging.
So, any competent leader needs to know
how to prevent the technology from
being used to social-engineer a weakness
in staff to find a way to create a breach.
Humans are often the weakest link when
it comes to cyber-security."
Leadership should aim to prevent
disasters by focusing on service continuity
as the primary goal, using WAN
Acceleration to rapidly back up and
restore data, adds Trossell. "The common
cause should be continuity more than
disaster recovery, although plans and
procedures should be in place to ensure
that staff and cyber-security teams know
what to do when disaster strikes."
SENSE OF TOGETHERNESS
A sense of togetherness will boost
morale and pride in the organisation's
ability to thrive, no matter what cyberthreats
are thrown at it. "Nurturing
the right talent and finding competent
leaders comes from using aptitude
testing, using team exercises to allow
them to demonstrate their decisionmaking
skills, by enquiring about their
competence in other roles. That person
should show that they have an ability to
innovate - perhaps by having patents in
their name for solutions that nobody else
has considered or been able to achieve."
That leader should want to invest in
future cyber-security professionals by
working with universities, colleges and
schools to encourage, nurture, inspire
and develop new talent, he believes.
"By working with the community -
and offering apprenticeship schemes -
leadership can instil pride in their
organisation and in what it aims to
achieve. This can inspire staff loyalty
and reduce the likelihood of employee
churn. It's not so much about the leader,
but the values of the organisation that
person expresses internally and to the
wider community."
COMMUNICATING RESULTS
From a cyber-security perspective,
says Trossell, this could also be about
communicating to staff how many
cyber-attacks have been forestalled,
how clients have been helped to stave
off attacks, how much money has been
saved, and how policies and procedures
have prevented X number of cyberattacks.
"This requires a leader who
demonstrably leads from the front, who
can identify with people, who engenders
team-working and unity to protect the
organisation from attack - furthering
its commercial and operational success."
David Trossell, Bridgeworks.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security
21

cyber awareness
THE CRIME-BUSTING CHALLENGE
CYBERCRIME IS ON THE RAMPAGE, PROMPTING ONE
EXPERT TO SAY: "BEEF UP YOUR EMAIL SECURITY OR
GET READY FOR A WORLD OF HURT."
Cybercrime is rapidly spreading and
impacting organisations across the
world. According to one company
monitoring the worsening situation, global
cyberattacks increased by 28% in 2022,
compared to the same quarter in 2021 -
and this trend is only likely to continue.
"Cyber threat actors can identify and exploit
a wide range of vulnerabilities to gain
access to corporate systems," it states.
"An effective cybersecurity program is one
that provides comprehensive coverage and
protection for all potential attack vectors."
But how do you define 'effective' and how
does an organisation go about identifying
what is the best means to meet its own
particular needs and mode of operating?
Nadia Kadhim, a leading GDPR lawyer
and CEO of global automated compliance
platform Naq Cyber, warns the defence
industry needs to do more to protect
classified data, as the number of attacks
on this sector has increased by nearly 50%
with an average of 1,661, according to
a global report by Check Point Research.
This increased risk has already led to
an increased demand for additional
compliance measures from the Defence
Industry to ensure their suppliers meet
legal and regulatory compliance
requirements such as Cyber Essentials,
JOSCAR, DART, and MOD Risk Assessments.
Naq's platform guides MOD suppliers
through implementing, verifying and
maintaining the security requirements
set by the MOD and Primes. This includes
training in risk management and device
security to ensure businesses meet the
required security controls.
"The number of cyberattacks
within the defence
sector is expected to keep
rising," warns Kadhim. "While it is
crucial to ensure the MOD's systems are
secured, it is also just as crucial to ensure
defence suppliers have a strong cybersecurity
posture or risk putting the entire
defence supply chain in jeopardy. It's a
pattern we see in other highly regulated
sectors, such as healthcare, where attackers
use suppliers to access valuable and sensitive
information. To keep the UK defence sector
safe, we must focus on suppliers and ensure
they are meeting continuous compliance
with the cybersecurity requirements set by
the MOD and their primes."
ESTABLISHING A LANDMARK
October marked National Cybersecurity
Awareness Month (NCSAM), a significant
initiative that has helped to focus attention
on the threats organisations everywhere
face. Like all good initiatives, of course,
it is much more than about one month
and then forgotten. It is about bringing
a collective consciousness to bear on a
common enemy - and to ensure that it
stays there.
Launched in 2004 by the US Department
of Homeland Security and the National
Cyber Security Alliance, the goal has been
to reinforce the importance of safeguarding
online presence. While it began as an
American effort, the message has resonated
far and wide. Today, numerous countries
around the globe have embraced the cause,
underscoring that cyber threats don't recognise
borders. It's a united call to action,
urging individuals and organisations to
prioritise online
safety, no matter
where they' may be
located, in what is flagged up as
a global commitment to cyber resilience.
FRONT OF MIND
"Cybersecurity has moved from an afterthought
to one of the more important
decisions in the boardroom, as executives
have come to understand the potential scale
and impact of attacks," states Jason
Dettbarn, founder & CEO, Addigy. "Breaches
don't just cost money - they can debilitate a
company. IT leaders need to ensure they are
leveraging the right security processes and
tools to maintain compliance vigilance,
which includes a layered approach to OS
patching, application patching, adhering
to compliance frameworks and end-user
authentication management. The speed and
impact of Zero Day vulnerabilities highlight
the importance of applying these patches
throughout an organisation's entire fleet of
devices in a timely fashion."
Cybersecurity Awareness Month served
as a critical reminder that effective cybersecurity
isn't solely about building higher
walls against external threats, says Carl
D'Halluin, CTO, Datadobi. "It's equally about
under-standing and managing the data
you already hold within those walls. Illegal
and orphaned data are prime examples
of internal vulnerabilities that often go
overlooked.
The risks of harbouring illegal data are
multi-faceted, spanning potential legal
issues, reputational harm and increased
susceptibility to network compromise, due
22
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

cyber awareness
to embedded malware. Orphaned data,
often accumulating unnoticed due to
employee turnover, can pose governance
and compliance risks."
He calls on organisations to deepen their
commitment to employing the necessary
methodologies and technologies that
enable effective internal data governance
and oversight. "A proactive, inside-out
approach to cybersecurity has never been
more crucial."
OVERHAULING DIGITAL DEFENCES
Don Boxley, CEO and co-founder, DH2i,
sees today's cyber threats escalating into
full-blown crises - a stark warning that
we must urgently overhaul our digital
defences. "Gone are the days when
established security measures like VPNs
sufficed. Hackers are continually advancing,
rendering traditional methods increasingly
obsolete. Proactive security isn't an option;
it's an absolute necessity, if organisations
want to survive into the future.
What does he see as the best way
forward? He points to how Software-
Defined Perimeters (SDPs) are rapidly gaining
prominence as an innovative and intelligent
alternative to VPNs. "They address and
eliminate many traditional VPN vulnerabilities,
such as susceptibility to lateral
network attacks that could compromise
sensitive organisational assets. SDPs simplify
the secure connection of network assets
across diverse infrastructures - from onpremises
to hybrid and multi-cloud setups -
and closely align with Zero Trust Network
Access (ZTNA) principles.
By adhering to the Zero Trust tenet of
'never trust, always verify', SDPs offer
stringent security controls at the application
level. This ensures that resources like servers,
storage units, applications, IoT devices and
users gain access only to the specific data
endpoints required for their tasks, thereby
eliminating potential vulnerabilities such as
lateral movement paths that attackers could
exploit."
He refers back to October and its designation
as National Cybersecurity Awareness
Month, labelling it as an "urgent call to
action for adopting next-generation
solutions like SDPs and Zero Trust principles.
In doing so, we will be equipping organisations
and individuals with the robust
defences needed to outpace ever-advancing
cyber threats".
Amongst the many cyber threats faced,
one that's often pushed to the background,
but deserves centre stage, is email security,
states Seth Blank, CTO, Valimail. "Email is
the battleground where some of the most
sophisticated social engineering attacks,
like spear-phishing and whaling, are waged.
These attacks exploit human psychology,
leveraging the absence of the usual cues we
rely on to assess trust-no facial expressions,
no tone of voice, just cold text on a screen.
"You've probably been inundated with the
same stats again and again, like the fact
that 91% of all cyberattacks start with
phishing. Or that the FBI has reported $50
billion - with a’ b’ - in losses, due to
business email compromise (BEC). And,
due to that inundation, it's easy for some
to look at email as an old problem. But
those stats show the problem is not just
as bad as it's ever been; it's getting worse.
Much, much worse."
The bottom line, concludes Blank, is that,
even if the stats have become somewhat
easy to ignore, the problem is real and one
misstep can wreak havoc. "Beef up your
email security or get ready for a world of
hurt," he advises.
DRY-RUN YOUR RECOVERY PLAN
Simon Church, chairman, Xalient, urges
organisations to make sure they dry-run
their recovery plan, so that, in the event of
an attack, they know they are prepared, and
Nadia Kadhim, Naq Cyber: defence
suppliers must have a strong cybersecurity
posture or risk putting the entire defence
supply chain in jeopardy.
Jason Dettbarn, founder & CEO, Addigy:
cybersecurity has moved from an afterthought
to one of the more important
decisions in the boardroom.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security
23

cyber awareness
Don Boxley, DH2i: today's cyber threats
are escalating into full-blown crises -
we must urgently overhaul our digital
defences.
Simon Church, Xalient: invest heavily in
training to enable employees to make
smarter security decisions.
understand the process and who is doing
what. "And I'm not just talking about
technology here, but people and processes.
For example, what communications about
the attack will they share with employees,
customers and other stakeholders? What do
they want employees to do? What do they
want senior executives and the board to do?
All too often I see organisations assume
that, because they have the technology
in place, it will magically and seamlessly
recover their systems, but they neglect the
fine detail around communications and
reassurance."
He also identifies human risk as a major
factor. "In fact (depending on the sources you
refer to) 75-90% of all cyber incidents are
human initiated. So, it is very important to
focus on having employee security awareness
training in play. Today, employees operate in
a blended environment, moving seamlessly
between work applications and personal
apps. Whereas previously they have been
prevented from sharing company data
outside the network perimeter, in our world
of social media we often overshare, which
leads to a lot of freely available open-source
data, or OSINT.
"Cybercriminals use OSINT for social
engineering purposes. They gather personal
information through social profiles and use
this to customise phishing attacks. The most
recent MGM breach, for example, was a
result of a social engineering attack on an
employee who inadvertently gave hackers
access to MGM's systems. Investing heavily
in training to enable employees to make
smarter security decisions will help them
manage the ongoing problem of social
engineering and clever phishing attacks.
Performance should also be regularly
measured to see how employees are
implementing training in the real world
and there must be KPIs around this that are
ideally discussed at senior management or
board level. It is likely that the MGM attack
could have been averted, if the employee
had been more aware and better trained."
Also, as many breaches utilise a vulnerability
or flaw in operating systems' code,
the patching cadence and criticality need to
be agreed and assessed on a regular basis,
so that the organisation prioritises patches
based on risk to the business, Church adds.
"To put this into context, last year there were
approximately 20,000 new patches created
by software vendors; this year, that figure is
expected to increase to 22,000. This means
that the largest organisations have a
backlog of over 100,000 patches to deploy,
which is an almost impossible task without
clear risk prioritisation."
Managing their third parties and any
extended ecosystem cyber risk is equally
critical for CEOs. "It is very difficult from
an outside view to determine which
third party has strong cyber controls and
which ones are already, or likely to be,
compromised. Standard risk assessment
processes tend to be 'point in time',
involving questionnaires and audits. For
cybersecurity, this is a flawed approach that
usually leads to risk tolerance or acceptance.
Rather than just categorising third parties as
high or low risk, organisations should focus
on the nature of the relationship and their
adherence to the same security policies
and practices implemented by the organisation.
Do they control sensitive data or
have they got access to critical systems?"
Cybercrime is predicted to be worth
a massive $10.5 trillion dollars by the end
of the year, Church points out. "If it were
a country, it would equate to the thirdlargest
country in the world, in terms of
GDP, so it is clearly big business. Having
robust security controls, a solid risk management
plan and dynamic risk policies, as
well as a tried and tested recovery plan,
won't totally remove the threat of a cyberattack,
but it will certainly reduce not only
the probability of a breach, but also the
impact to the business."
24
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

case study
ON YOUR METAL!
WHEN ONE METAL FABRICATION COMPANY SUFFERED SEVERAL MALWARE ATTACKS,
IT REACHED OUT FOR THE RIGHT SOLUTION TO PROTECT ITS OPERATIONS
In the last few years, ARKU
Maschinenbau in Baden-Baden,
Germany, has faced an increasing
number of malware attacks. Working
closely with the Freiburg branch of the
IT systems house NetPlans, it introduced
extensive measures to defend itself.
In its search for reliable and scalable
network protection, quickly became clear
to the metal fabrication company that
macmon NAC was the right option:
NetPlans is a Platinum macmon partner
with certified and continuously trained
macom experts that has provided what
is said to be "first-class support" for its
customers - from the SME sector especially
- with the implementation of a vast
number of projects.
To authenticate endpoints, ARKU uses
macmon's integrated RADIUS server to
make the decisions on
ARKU Maschinenbau runs its worldwide
operations from its base in Baden-Baden,
Germany.
granting access. As the ID or means of
authentication, a number of properties
can generally be used, such as the MAC
address, username/password or certificate.
Since the network is not accessed by the
system until the RADIUS server has confirmed
it, there are no unused or insecure ports,
which increases security significantly. While
granting access, the IT team can define and
specify additional rules for the switch to
implement. If the switch is technically
capable of doing so (layer 3), a specific
VLAN, defined ACLs or almost any other
attributes can be assigned in this way.
An access control list (ACL) limits access to
data and functions. The ACL determines the
extent to which individual users and system
processes have access to certain objects
such as services, files or registry entries.
As IT & digitisation team leader at ARKU,
Felix Pflüger, comments: "We use a variety
of security solutions in our company.
Thanks to macmon NAC, we always have
oversight over our extensive IT infrastructure.
Our switches are administered via
SNMP and RADIUS, meaning macmon sets
the appropriate VLAN on the switch port,
or the port is blocked, if there are unknown
devices. That prevents unauthorised devices
from gaining access via network outlets,
for example."
Frequent visits by customers and suppliers
present companies with the challenge of
preventing these users' end devices from
accessing the company's internal network.
The functions of the 'Guest Service' module
provide an intelligent and flexible management
system for an external device with a
granular guest ticket system for controlling
temporary LAN and WLAN access.
Since the number of external visitors was
manageable during the Coronavirus period,
the IT department was responsible for
deciding whether or not visitors were
granted access. In the future, however,
this task will be delegated to authorised
employees with the macmon guest portal.
Without having to deal with the
macmon NAC administration, they
can generate access data directly in
the portal or confirm visitors who
have registered themselves.
The resources shared and the
duration of access can be defined
while creating the access data,
ensuring each visitor can access only
the specific resources approved for
them. For instance, a service
technician who has to maintain
machine equipment has different
access rights to a customer visiting
the company for a meeting.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security
25

attacks offensive
PHISHING ENTERS DEEP DARK WATERS
THE SOPHISTICATION OF PHISHING ATTACKS IS ALSO SOARING, WITH CYBERCRIMINALS
USING WORRYINGLY POWERFUL NEW TACTICS TO GAIN ACCESS TO DATA AND SYSTEMS
As the attacks landscape continues
to look ever more sinister, how
exactly to keep your organisation
safe, on multiple attack fronts, from bad
actors intent on using every means to
exploit vulnerabilities has become the
vexing question. With each passing
month, the means to find ways to avoid
joining the ranks of the countless victims
who have already been successfully
targeted becomes increasing beset
with obstacles and uncertainties.
The preferred methods of attack are now
familiar, with phishing continuing to be
one of the most common and effective
ways for cybercriminals to gain access
to data and systems. "By targeting
employees, cybercriminals are looking
to take advantage of what is perceived
to be the weakest element in the cyber
defences of an organisation," points out
AJ Thompson, CCO at Northdoor. "As
a result, phishing attacks are on the
increase. A recent report showed that
there was a 47.2% increase in phishing
attacks during 2022, a huge increase and
one that highlights the growing efforts
of the cybercriminal community to take
advantage of employees."
The sophistication of phishing attacks
is also increasing substantially, with
cybercriminals using new tactics to
gain access to data and systems. "By
persuading an employee to click on
a malicious link or to give them direct
access to internal systems, cybercriminals
can quickly get their hands-on data
with little effort on their part," states
Thompson. "The Egress Phishing Threat
Trends Report has identified the most
phished topics so far in 2023 and has also
predicted what the rest of the year has
in store. By connecting to world events,
anniversaries, holidays, as well as the
hopes and fears of ordinary people,
cybercriminals can concoct persuasive
emails and other of forms of
communication, gaining the trust of
employees and getting them to open
the door into internal systems."
The key to successfully defeating
phishing attacks is for the security industry
as a whole to work together. "By identifying
and sharing new threats, everyone
is able to keep an eye out and deal with
them as and when they come through.
The cybersecurity sector has a tendency
to withhold information under the guise
of security, in order to gain a competitive
advantage. In the face such a sophisticated
threat, this is no longer an effective
way for the industry to behave.
Sharing information about what threats
may look like is not effective. Informing
employees about the latest tactics and
giving them the tools to deal with
potential and future threats makes the life
of the cybercriminal harder, keeping your
data and systems safe," he adds.
IMPERSONATION SCAM
In July 2023, Menlo Security HEAT Shield
detected and blocked a novel phishing
attack that involved an open redirection
in the 'indeed.com' website redirecting
victims to a phishing page impersonating
Microsoft. Consequently, this makes an
unsuspecting victim believe the redirection
resulted from a trusted source such as
'indeed.com'. The threat actors were
found to deploy the phishing pages using
the phishing-as-a-service platform named
'EvilProxy'. The service is advertised and
sold on the dark web as a subscriptionbased
offering with the plan validity
ranging between 10 days, 20 days, and
31 days. One of the actors, known by
the handle 'John_Malkovich', plays the
role of an administrator and intermediary
assisting customers who have purchased
the service. The campaign targeted C-suite
employees and other key executives across
organisations based in the United States
across various sectors.
The infection vector was a phishing email
delivered with a link that is deceptively
crafted, in such a way that it comes from
a trusted source, in this case 'indeed.com'.
Upon clicking the link, the victim is then
redirected to a fake Microsoft Online login
page.
It seems that HEAT Shield was able to
detect and prevent this phishing attempt
on the fly, by virtue of its real-time analysis
feature. "It detected the phishing site by
leveraging AI-based detection models
to analyse the rendered web page way
before the URL reputation services and
other security vendors flagged this page
for malicious behaviour," says Menlo
Security. "HEAT Shield also generates the
Zero Hour Phishing Detection alerts in
the process, which help provide greater
visibility to the SOC analysts by providing
them with context of the threat and
enriched data that will adequately support
their research."
26
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

attacks offensive
As ransomware targeting healthcare
organisations increases, more advanced
cybersecurity is needed to protect sensitive
patient data and maintain uninterrupted
operations for the continuous delivery of
life-critical medical services. Hospitals and
healthcare organisations face a unique
security and identity challenge. With
shared workstations among staff, they
must determine how they can distinguish
who is doing what, on which device, and
enforce access control policies and threat
protections based on both the user who
logged in at the time and the device's
posture. They also need to keep track of
all user activity, with logs indicating their
actions for traceability and compliance
requirements.
To that end, Zscaler has teamed up
with CrowdStrike and Imprivata to deliver
a zero trust cybersecurity solution from
device to cloud that's custom-made for
medical institutions, it reports. "The new
Zscaler integration with the Imprivata
Digital Identity Platform will provide
visibility, threat protection and traceability
for end-to-end, multi-user, shared device
access control that are required for organisations
to meet regulatory requirements,
including HIPAA and HITECH," says the
cloud security provider.
With this new integration, users of the
Zscaler Zero Trust Exchange platform,
Imprivata OneSign and the CrowdStrike
Falcon platform will be able to more
effectively adopt a zero trust architecture
that offers granular access management,
threat protection, and traceability
capabilities to better protect against
ransomware.
"Cyberattacks on healthcare organisations
are at an all-time high and
protecting patient data is critical to
maintaining trust," says Dhawal Sharma,
senior vice president and general manager
at Zscaler. "Zscaler's integrations with
Imprivata, in addition to CrowdStrike,
provide much needed help to healthcare
organisations in their journey to a zero
trust architecture. We're aiding workers
and technicians with least privileged
access to the healthcare information they
need to provide care and maintain the
privacy and security of patient data."
LACK OF CONFIDENCE
Employees are behind a widening gap in
the cybersecurity of small and mediumsized
enterprises (SMEs) a new survey has
revealed, as over three-quarters of SMEs'
C-suite and senior managers admit they
have no confidence their teams are
operating their own devices securely.
Employees are not the only contributing
factor to risk either, as the C-suite are
also lacking cyber awareness: the survey -
commissioned by Cowbell, a leading
provider of cyber insurance for SMEs -
found over three quarters of those
operating at the helm of UK SMEs are
unable to confidently identify a cyber
incident at work, while a further 50%
believe that they're unable to identify the
difference between a phishing and real
email.
The UK has seen a drastic change in
workforce lifestyle over the past three
years (as of May 2023, with 85% of
employees currently working from home
wanting a hybrid approach). Cowbell's
findings show that businesses are not
only unwittingly exposing themselves to
risk through lack of awareness of simple
protective measures, but are also putting
too much onus on their employees to
perform safety protocols, such as protecting
devices, updating software and staying
off unsafe networks.
This can leave SMEs with a significantly
heightened exposure to cyber risks, says
Cowbell's Simon Hughes, VP and general
manager (UK): "Business leaders have been
AJ Thompson, Northdoor: the key to
defeating phishing attacks is for the
security industry as a whole to work
together.
Dhawal Sharma, Zscaler: cyberattacks on
healthcare organisations are at an all-time
high and protecting patient data is critical to
maintaining trust.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security
27

attacks offensive
Kennet Harpsoe, Logpoint: internetfacing
systems are especially vulnerable
to zero-days and should always be placed
in a DMZ (Demilitarized Zone).
thrown into an ever-changing and complex
landscape with regards to cyber threats,
alongside having to navigate new business
processes associated with a rapidly
transforming world of work. Many have
stepped up to keep themselves as robustly
protected as possible. However, teamrelated
behaviours and gaps in knowledge
highlighted in our research are leaving
businesses exposed, showing the need
for continual monitoring and action. If
employees aren't regularly made aware of
cybersecurity risks, such as public wifi usage,
businesses can find themselves wide open
at every coffee shop and neighbourhood
their employees work and visit."
THIRD-PARTY DATA BREACH
Another major concern is the revelation by
bank Flagstar of a third-party data breach
when its payment processing and mobile
banking services provider Fiserv suffered a
MOVEit data breach, ultimately leaking the
data of an estimated 800,000 customers.
"The incident involved vulnerabilities
discovered in MOVEit Transfer, a file transfer
software used by our vendor to support
services it provides to Flagstar and its
related institutions," Flagstar Bank told its
customers. With assets worth over $31
billion and annual revenue of over $1.9
billion, the New York Community Bankowned
financial services company is one
of the largest banks in the United States.
Kennet Harpsoe, senior cyber analyst at
Logpoint, comments: "Companies must
be very careful to have inventories of the
software they deploy to be able to track
publications of vulnerabilities in their
software and patch them, if necessary.
Zero-days are, by definition, impossible
to defend directly against. "They are
unknown unknowns and the best strategy
is to always minimise impacts of a potential
breach, adopt an 'assume breached
mindset' and defend your networks in
depth, having multiple layers of defence
and monitoring."
He adds: "Internet-facing systems are
especially vulnerable to zero-days and
such systems should always be placed in
a DMZ (Demilitarized Zone), in line with
the defence-in-depth mindset."
BREACH PUTS POLICE AT RISK
One of the most alarming recent attacks was the data breach that exposed the details of 10,000 police employees - including
undercover police officers - putting the names and personal details of police officers at great risk of exposure.
The National Crime Agency (NCA) launched a criminal investigation into the breach at the Stockport-based firm Digital ID,
which makes identity cards and lanyards for a number of UK organisations, including several NHS trusts and universities.
Digital ID said it notified cyber experts last month when it became aware of the incident.
The breach has provoked serious security concerns and raise deeper questions about data protection in UK policing, coming
as it did just weeks after the surnames and initials of 10,000 Police Service of Northern Ireland employees were published online
after being accidentally included in a response to a freedom of information request.
Paul Holland, CEO of leading secure digital communications organisation Beyond Encryption, says that knowing the identities
of undercover officers are now in the hands of unknown threat actors is "an unacceptable breach of policing staff trust, and
could be dangerous for both them and the citizens they protect". And he adds: "While consumers and businesses alike are often
unaware of the security risks impacting their data, these recent breaches demonstrate how detrimental insufficient security tools
are to digital safety. Organisations must ensure that they have robust safeguarding measures in place to mitigate these attacks in
future or we risk more personal data falling into the wrong hands."
28
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

product review
ENDACE: ENDACEPROBE CLOUD
Cloud computing has revolutionised
business operations globally, but the
'shared responsibility' security model
used by providers presents many challenges
for SecOps and NetOps teams. Providers
look after the security of the infrastructure,
data centres and server hardware, leaving
customers to handle cloud application,
data, operating system and access security.
For teams to respond quickly to cyberattacks
and resolve network or application performance
issues, they must be able to capture,
store, index and analyse accurate records of
all traffic activity. Historically, this has been
a major pain point for cloud services, but
packet capture expert Endace has the perfect
solution, as its well-respected EndaceProbe
appliances can now be hosted in the cloud.
Supporting Amazon Web Services (AWS)
and Microsoft Azure public clouds,
EndaceProbe Cloud delivers the same
excellent packet capture and analysis features
found in Endace's hardware appliances and
places them right where they can provide
deep visibility into cloud environments.
Capable of capturing packets from virtual
packet brokers, VPC mirrors, virtual span
ports, load balancers, firewalls, vSwitches and
virtual machines, EndaceProbe Cloud assures
full security, storing all recorded packet data
within your own VPC or virtual network.
Deployed as a virtual machine, using the
recommended sizing, EndaceProbe Cloud
delivers 4Gbps packet to disk write
performance, millisecond accurate
timestamping, and a maximum native
storage capacity of 250TB per instance.
Endace's software compression and Smart
Application Truncation technology further
boosts packet capture capacity to as much
as 500TB. You can also control cloud
subscription costs by sizing the appliance
up or down to your requirements.
Endace adds extreme flexibility. All
EndaceProbes in globally distributed cloud
and hybrid networks can be centrally
accessed through a single console. Endace's
InvestigationManager - which can be hosted
in the cloud or on-premises - provides
centralised search and data-mining.
Using InvestigationManager's integrated
EndaceVision - a browser-based analysis tool
- analysts can choose data sources from
multiple EndaceProbes, view them
simultaneously and use data visualisation
tools to home in on areas of interest, such
as flows, top talkers, protocols and users.
All search operations are performed locally
on each EndaceProbe and only packets of
interest are passed to InvestigationManager.
Data egress charges are significantly reduced,
as there's no need to download huge pcap
files from the cloud.
Management of all Endace deployments
can also be done centrally using EndaceCMS,
which provides a single pane of glass for all
administrative functions, including health
monitoring, configuration and upgrades.
You can host EndaceCMS either on-premises
or in the cloud, too.
EndaceProbe Cloud integrates seamlessly
with a wide range of security and performance
monitoring tools, including solutions
offered by Cisco, Palo Alto Networks, Plixer,
Splunk and many others. Endace's APIs
integrate directly into the user interfaces
of these products, so teams can analyse
packet data directly from within the tools
they already use, without needing to have
specific knowledge of Endace's appliances.
A good example is Splunk. When Splunk
shows an alert or event, analysts can access
related packets directly from within the
Splunk GUI - so they don't need to change
their existing workflows. They can create,
share and customise investigations, accessing
data from multiple EndaceProbes, view
conversations, extract files from suspicious
communications, generate rich logs for
insight into network activity and decode
packets directly in the hosted Wireshark,
thus avoiding more cloud egress charges.
It's no secret cloud infrastructures are
coming under an ever-increasing barrage of
cyberattacks and, for SecOps and NetOps
teams to do their job, they need total visibility
into AWS and Azure environments, too.
Endace's EndaceProbe Cloud provides an
answer, as this highly scalable unified packet
capture and analysis solution is simple to
deploy and ideally suited to hybrid, multicloud
architectures.
Product: EndaceProbe Cloud
Supplier: Endace
Web site: www.endace.com
Sales: +44 (0)800 088 5008
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security
29

artificial intelligence
FAKING IT WITH AI
STANDING ON THE CUSP OF A NEW FRONTIER IS EXHILARATING, BUT
IT'S ALSO A PRECIPICE WE RISK TUMBLING OVER, WARNS ONE AI EXPERT
Findings from independent research into
AI's impact on cyber security, the risks
and advantages, have highlighted the
mounting concerns tht are spreading over
the use of AI, and deepfakes in particular, as
68% of respondents noted concerns about
cybercriminals using deepfakes to target their
organisations.
Brian Martin, head of product development,
Innovation and Strategy at Integrity360 -
Integrity360, which has released the findings -
comments: "The use of AI for cyber-attacks is
already a threat to businesses, but recognising
the future potential and the impact this can
have is just the start. We've already seen the
potential for deepfake technology with the
video of Volodymyr Zelensky telling Ukrainians
to put down their weapons and spreading
disinformation. This is just one example of the
nefarious means in which it can be used, and
businesses need to be prepared for how to
defend against this and discern what is and
isn't real, to avoid falling victim to an attack."
A significant majority (59%) of respondents
also agree that AI is increasing the number of
cyber security attacks, which aligns with the
change in attacks that have been noticeable
over the past year as 'offensive AI' is being
used in instances such as malware creation.
It's also being used to create more phishing
messages, with content that accurately
mimics the language, tone and design of
legitimate emails.
In line with this, the survey also indicates
that businesses recognise the impact that
AI will have on cyber security, as 46% of
respondents disagreed with the statement
that they do not understand the impact of
AI on cyber security.
However, when breaking down the findings
by specific job roles, the survey suggests that
CIOs appear to have the least understanding
of AI's impact on cyber security, with 42%
indicating disagreement with the statement.
"AI's role in cyber security is not only a matter
of perception, but a tangible reality," adds
Martin "Conventional cyberattacks will
ultimately become obsolete as AI technologies
become increasingly available and more
appealing. and accessible as attackers look to
expand their use for AI-enabled cyberattacks.
As an MSSP. it's essential to ensure businesses
are considering how this can be used against
them and putting processes in place to
protect against these growing threats."
AI SAFETY SUMMIT
As concerns over AI continue to circulate,
an AI Safety Summit at Bletchley Park in
Buckinghamshire had five key objectives that
were up for
discussion by
global experts,
academics,
politicians and
scientists. These
were:
A shared
understanding of the
risks posed by frontier
AI and the need for
action
A forward process
for international
collaboration on
frontier AI safety,
including how best to
support national and
international
frameworks
Appropriate
measures that individual
organisations should take to
increase frontier AI safety
Areas for potential collaboration on AI
safety research, including evaluating model
capabilities and the development of new
standards to support governance
To showcase how ensuring the safe
development of AI will enable AI to be
used for good globally.
Thomas R Weaver, tech entrepreneur,
computer scientist and author of the book,
'Artificial Wisdom' , has been sharing some
of his predictions around those summit
objectives and had this to say about AI: "While
it's exhilarating to stand on the cusp of a new
frontier in AI, that very edge is a precipice we
risk tumbling over, if we don't approach it
with caution. As someone who has delved
30
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

artificial intelligence
deep into the
ethical murk
of future technologies
through
both fiction and
entrepreneurship,
I can't
stress enough
how vital it is
that we develop
a collective understanding
of the
risks involved -
especially when it
comes to employing AI
in tackling monumental
challenges like climate
change. It's not merely
about drafting safety
protocols; it's about
questioning the very
mandate we give to
these technologies."
The latest NCSC
guidance is quite
rightfully
suggesting the
pressing need to 'exercise caution' when
building Large Language Models (LLM),
with the explanation that our understanding
of LLMs is still 'in beta' mode.
Cautions Kev Breen, director of cyber threat
research at Immersive Labs: "As an industry,
we are becoming more accomplished at
using and making the most of the benefits of
LLM, but there is more to learn about them,
their full capabilities, and where their usage
could leave individuals and indeed large
organisations vulnerable to attack."
As organisations rush to embed AI into their
applications, and startups begin to pop up
with new and interesting ways to use this
new form of AI; Language Models, such
as OpenAI's ChatGPT, it is important that
developers understand how these models and
their APIs work before building them, he
points out. "Prompt Injection is currently
the most common form of attack observed
against LLMs, by focusing on defeating
the protections they offer against sharing or
creating information that could be damaging
- for example, instructions on how to create
malicious code.
This is not the only danger, he says, "OpenAI
has introduced ‘function calling’, a method
for the AI to return data in a structured
format that can be used by the application,
making it easier for developers to expand
on the AI's capability or enrich its data with
other sources."
The danger here is that those function
signatures are sent to the AI in the same
context, says Breen, "meaning that, through
prompt injection, attackers can learn the
underlying mechanisms of your application
and in some examples, attackers can manipulate
the AI's response to perform command
injection or SQL injection attacks against the
infrastructure".
To help raise awareness of this issue,
Immersive Labs launched a 'Beat the Bot' AI
prompt injection challenge (available at
'Immersive GPT'). In this challenge, users are
tasked with building the right prompts to
con the AI to give them the password. Of
the 20,000 people that have attempted the
challenge, around 3,000 made it through to
level one, while only 527 made it to level 10,
showing that there is still a lot for people to
learn - "but even with varying levels of control,
it's still easy to find a way to bypass a
prompt", he adds.
By learning prompt injection, even your
average person can trick and manipulate
an AI chatbot. "Real-time, gamified training
becomes essential for not only attempting
to keep up with the efforts of hackers,
but also better understanding the 'practice'
they are putting in themselves around AI
prompt injection."
Author Brian Martin: vital we develop
a collective understanding of the risks
involved with AI.
Thomas R Weaver: tech entrepreneur,
computer scientist and author of the
book, 'Artificial Wisdom'.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security
31

data privacy
WHAT DATA PRIVACY MEANS NOW
IS THE CONSTANT BATTLE TO KEEP DIGITAL PRIVACY
LAWS AND REGULATIONS RELEVANT TO THE DIGITAL
AGE BEING WON?
What exactly is data privacy?
The accepted definition is our
ability to control what, where
and how our personal or confidential
information is collected, stored or
shared. Data privacy was important long
before the digital age, but the internet
and electronic records have changed the
meaning of data privacy, says Dashlane,
a provider of password management
solutions.
"Internet service providers continually
track your online activity and IP address,
even when you use private or incognito
browsing modes. Digital privacy laws
and regulations determine how information
gathered during our browsing
sessions can and can't be used and how
we're informed about the process,"
it points out. "The growth of cloud
computing, e-commerce, telemedicine
and other online services highlights the
importance of personal data privacy
practices to protect our identity and
private information from cybercriminals
and prevent consumer data from being
used unethically."
Personal information includes things
such as your name, address, phone
number and Social Security number that
can be used to identify you. Unlike
online preferences or browsing history,
personal information is also relevant
outside the digital world. Financial data,
medical records and employee files are
some of the many forms of personal
information that must be protected.
"Data privacy and
protection are
important to
businesses in many
ways. Maintaining
the privacy of
company
information [intellectual property],
employee data and information shared
with customers and clients is essential,"
adds Dashlane. "A data privacy policy sets
ground rules for tracking, storing and
sharing customer data collected on the
organisation's website. This policy also
helps businesses establish compliance
with a growing list of privacy laws.
"Data privacy helps you control what
information you choose to keep personal.
All individuals have the right to prevent
their personal information from being
used or shared without their consent,
even if this sharing wouldn't potentially
lead to data theft or other cybercrimes."
Due to the importance of data privacy, a
long list of state, federal and international
laws has been established to protect our
privacy online and elsewhere. Important
data privacy and security laws and
regulations include:
Children's Online Privacy Protection Act
Health Insurance Portability and
Accountability Act
General Data Protection Regulation
California Consumer Privacy Act.
Identity theft is one of the most serious
cybercrimes related to personal data
privacy and security. Armed with just a few
key pieces of personally identifiable information
(PII), like your name, driver's
licence number and Social Security
number, an identity thief can begin
accessing credit lines in your name,
stealing your tax refund or draining your
bank account, warns Dashlane. "Since
many identity theft victims don't realise
what's happened until after the damage
is done, dark web monitoring is a recommended
practice used to scan the
depths of the internet for your personal
information and notify you if something
sensitive is found."
Dashlane says that it is dedicated to
creating software that helps users control
their information online. "We include plain
language summaries that make our data
collection, use and sharing practices easier
to understand in our Dashlane Privacy
Policy."
UK EXTENSION SET UP
In an important development in transatlantic
data policy, the UK and US
governments have formally established
a 'UK Extension' to the EU-US Data Privacy
Framework, which, since 12 October
2023, is allowing businesses in the UK to
32
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

data privacy
transfer personal data to certified US
organisations in the same way as their
European counterparts.
It's a highly significant move, as Edward
Machin a senior lawyer in Ropes & Gray's
Data, Privacy and Cybersecurity team,
acknowledges. "The UK Extension will be
welcomed by British businesses, who will
soon have an additional mechanism to
transfer personal data to the United States
and which will in part reduce the papering
exercises required to ensure that their
transatlantic data flows are conducted
lawfully."
The EU-US framework has already been
legally challenged, he points out, and says
it would be surprising if privacy interest
groups in the UK don't mount their own
challenge to the UK Extension. "We'll then
see whether the English courts can strike
a workable balance between upholding
privacy rights and securing national
security interests - a balance that their
European counterparts arguably didn't
manage when ruling on previous
transatlantic data frameworks.
PATH OF LEAST RESISTANCE
"The UK's post-Brexit policymaking has
revolved around liberalising its data
protection regime without straying too far
from the GDPR and therefore no longer
being considered by the European Union
to offer adequate protection for personal
data," adds Machin. "A key concern in
Brussels has been that the UK wants
a watered-down transfer deal with the
United States - and, left to its own devices,
the government may have taken the path
of least resistance.
The fact that the UK Extension mirrors
the Data Privacy Framework will help to
assuage European concerns, but the UK's
data transfer deals with other countries
will continue to be subject to scrutiny both
at home and abroad."
What does it all mean, in practical,
day-to-day terms? According to the
Information Commissioner's Office (ICO),
the UK government can assess whether
another country, territory or an international
organisation provides an
adequate level of data protection,
compared to the UK. "Some countries
may have a substantially similar level of
data protection to the UK. In these cases,
the government can make UK adequacy
regulations. This allows organisations
to send personal data to that country,
territory or international organisation,
if they wish."
An adequacy assessment may cover
either general processing, or law
enforcement processing, or both.
The government must consider a range
of factors, including that sending personal
data to that country, territory or
international organisation does not
undermine people's protections.
The Information Commissioner's Office
(ICO) supports the government,
undertaking adequacy assessments and
making regulations. This enables personal
data to flow freely in its global digital
economy to trusted partners. "We do this
by providing independent assurance on
the process followed and the factors
that government officials take into
consideration," says the ICO. "This allows
the Secretary of State to make an informed
and reasonable decision. By doing
this work once for everyone, the government
and the ICO are reducing the
burden of compliance on organisations
that would otherwise have to put
alternative measures in place.
"One of our priorities for this year, as
set out in our ICO25 strategic plan, is to
'enable international data flows through
regulatory certainty'. This includes our
work on adequacy assessments. We
provided advice to the government during
its assessment of the UK Extension to
the EU-US Data Privacy Framework (UK
Extension).
"The Commissioner considers that, while
it is reasonable for the Secretary of State
to conclude that the UK Extension
provides an adequate level of data
protection and to lay regulations to that
effect, there are four specific areas that
could pose risks to UK data subjects, if
the protections identified are not properly
applied. The Secretary of State should
monitor these areas closely to ensure
UK data subjects are afforded equivalent
protection in practice and their rights are
not undermined. He also recommends
monitoring the implementation of the UK
Extension generally to ensure it operates
as intended."
FRAMEWORK ESTABLISHED
The UK's data protection laws set out
a framework for the responsible use of
personal data by organisations. People
may lose this protection when organisations
transfer their personal data to
organisations in other countries or to
international organisations. "This is why
the UK General Data Protection Regulation
(UK GDPR) has specific rules on how to
make international transfers of personal
data," adds the ICO. "These rules mean
that organisations must put in place
continuing protections for people's
personal data when transferring it to
another jurisdiction, or one of a limited
number of exemptions must apply."
One way that UK organisations can
transfer personal data to another
jurisdiction is by relying on UK adequacy
regulations made by the Secretary of
State. "The Secretary of State can assess
a country, territory or international
organisation, or a particular sector in
a country or territory, and decide if its
legal framework offers a similar level of
data protection to the UK. Article 45 of
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security
33

data privacy
Edward Machin, Ropes & Gray: it would
be surprising if privacy interest groups in
the UK don't mount their own challenge
to the UK Extension.
Robin Röhm, Apheris: sees the deal between
the US and UK as a positive step for
companies working in both jurisdictions.
the UK GDPR contains a list of criteria the
Secretary of State must consider when
carrying out an adequacy assessment."
If the Secretary of State decides an
adequate level of data protection is
afforded, then that country, territory or
international organisation, or a particular
sector in a country or territory, can make
regulations to give legal effect to their
decision. These adequacy regulations
allow UK organisations to transfer personal
data to a controller or processor located
in a third country or to an international
organisation. The transfer must adhere to
the particular scope of those regulations.
"For criminal offence data, there may be
some risks, even where this is identified as
sensitive, because, as far as we are aware,
there are no equivalent protections to
those set out in the UK's Rehabilitation of
Offenders Act 1974," points out the ICO."
Significantly, the UK Extension does not
contain a substantially similar right to the
UK GDPR in protecting individuals from
being subject to decisions based solely
on automated processing, which would
produce legal effects or be similarly
significant to an individual. "The UK
Extension contains neither a substantially
similar right to the UK GDPR's right to be
forgotten nor an unconditional right to
withdraw consent," states the ICO. "While
the UK Extension gives individuals some
control over their personal data, this is
not as extensive as the control they have
in relation to their personal data when
it is in the UK."
POSITIVE STEP
In response to the UK-US transatlantic
data adequacy agreement, Robin Röhm,
CEO and co-founder of Apheris, sees the
deal between the US and UK as a positive
step for companies working in both
jurisdictions. "But it does not solve the
long-term issues around governance,
security and privacy that prevents true
collaboration between organisations,"
he comments. "Data is one of business's
most important assets, so why would
businesses want to risk transferring
sensitive information and data across
borders? Developing better models to
securely access and collaborate with
sensitive data is the most appropriate
and pressing response to the problem
of working across organisational and
geographical boundaries, particularly in
the fields of machine learning and artificial
intelligence."
Nadia Kadhim, GDPR lawyer and CEO
of global automated compliance platform
Naq Cyber, warns that the defence
industry needs to do more to protect
classified data, as the number of attacks
on this sector has increased by nearly 50%
with an average of 1,661 according to a
global report by Check Point Research.
This increased risk has already led to
growing demand for additional
compliance measures from the defence
industry to ensure their suppliers meet
legal and regulatory compliance
requirements such as Cyber Essentials,
JOSCAR, DART, and MOD Risk Assessments,
she states. "The number of cyberattacks
within the defence sector is
expected to keep rising. While it is crucial
to ensure the MOD's systems are secured,
it is also just as crucial to ensure defence
suppliers have a strong cybersecurity
posture or risk putting the entire defence
supply chain in jeopardy.
"It's a pattern we see in other highly
regulated sectors, such as healthcare,
where attackers use suppliers to access
valuable and sensitive information. To
keep the UK defence sector safe, we must
focus on suppliers and ensure they are
meeting continuous compliance with the
cybersecurity requirements set by the
MOD and their primes."
34
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk

SAVE THE DATE
RDS, Dublin: 22-23 Nov 2023
Infrastructure • Services • Solutions
DataCentres Ireland combines a dedicated exhibition and
multi-streamed conference to address every aspect of planning,
designing and operating your Datacentre, Server/Comms room and
Digital storage solution – Whether internally, outsourced or in the Cloud.
DataCentres Ireland is the largest and most complete event in the country.
It is where you will meet the key decision makers as well as those directly
involved in the day to day operations.
EVENT HIGHLIGHTS INCLUDE:
Multi Stream Conference
25 Hours of Conference Content
International & Local Experts
60+ Speakers & Panellists
100+ Exhibitors
Networking Reception
Entry to ALL aspects of
DataCentres Ireland is FREE
• Market Overview
• Power Sessions
• Connectivity
• Regional Developments
• Open Compute Project
• Heat Networks and the Data Centre
• Renewable Energy
• Standby Generation
• Updating Legacy Data Centres
Meet your market
Lead Conference Sponsor Platinum Sponsor Lanyard Sponsor
Session Sponsors
For the latest information & to register online visit
www.datacentres-ireland.com

Computing
Security
Secure systems, secure data, secure people, secure business
e-newsletter
Are you receiving the Computing Security
monthly e-newsletter?
Computing Security always aims to help its readers as much as possible to do
their increasingly demanding jobs. With this in mind, we've now launched a
Computing Security e-newsletter which is produced every month and is available
free of charge. This will enable us to provide you with more content, more
frequently than ever before.
If you are not already receiving this please send your request to
christina.willis@btc.co.uk and advise her of the best email address for the
newsletter to be sent to.