Daily Archives: 15/11/2013

National Fraud Intelligence Bureau issues warning over Cryptolocker attacks

The National Fraud Intelligence Bureau is warning about the damage being caused by Cryptolocker, a destructive malware that installs itself on computers and effectively holds peoples’ files to ransom.

So far, the National Fraud Intelligence Bureau (NFIB) has received reports from almost 100 victims, with an average loss of £460.

Affected businesses and individuals will also incur losses, such as wasted time, lost revenue and additional IT costs, in addition to further implications for files that are not separately backed up.

The malware is predominantly deployed via zip files in e-mail attachments and web links exploiting legitimate public sector organisations’ branding.

How does the threat get in?

Process
1. An e-mail attachment or Internet link that contains the malware is opened on your computer, which installs the malware, or your computer is already infected with malware (ie a Botnet) and the criminal uses this to further infect your computer with CryptoLocker.
2. The malware runs and installs CrytpoLocker.
3. The malware encrypts all the files it can find including images, documents and spreadsheets.
4. The malware then pops up a page giving you limited time, usually 72 hours, to buy back the private key, typically $300, to regain access to your data.
5. It’s unclear as to whether access is regained after paying the ransom.

How can you reduce the risk of becoming a victim?
1. Do not click on attachments unless you can verify the source, particularly if you are not expecting correspondence from the source.
2. Install and run security software and set to update automatically.
3. Set your computer’s security settings to update automatically.
4. Make regular back-ups, storing them safely and preferably offline.
5. Increase security settings on your browser.

Leave a comment

Filed under IFSECGlobal.com News

IBM: ‘Advancing Cyber Security Education for the Next Generation’

In a world of increasing information security threats, academic initiatives focused on cybersecurity are proliferating and yet there is still the danger of falling short in addressing the long-term threat. Here, IBM argues that only by working in concert can organisations meet today’s demand while educating the next generation to create a more secure future.

The number of cyber security academic programs around the world – whether called information assurance, security engineering or information security – has increased significantly over the past decade. One reason for this growth is the very strong demand from industry and Government for trained professionals as both groups are facing a significant skills gap.

In fact, over half of industry respondents in a recent survey by industry group (ISC)2 said that they had too few information security workers on their staff. A UK Government report suggests that it may take 20 years to address current and future information and communications technology (ICT) and cyber security skills gaps.

To rectify this situation, Governments have launched a number of programs, working with industry and academia, to encourage more professionals to enter the cyber security field.

In the United States, over 160 academic programs have been certified as National Security Agency/Department of Homeland Security National Centers of Academic Excellence in Information Assurance.

Meeting the demands of tomorrow

Only by working in concert can organisations, Governments, industry and the academic community meet today’s demand while preparing a new generation of professionals for future challenges.

The key question is: what needs to be done next?

Bridging the Cyber Security Skills Gap

Academic programs must strive to balance the near-term requirements of industry and Government while educating future faculty members and researchers, developing more internships and fellowships and continuing investments in research.

The following are the key initiatives of prime importance in the development of cyber security education…

1. Increase awareness and expertise
Raise the level of awareness across the academic community. Cyber security is no longer a hidden area embedded in computer science or engineering disciplines. Programs need to graduate more computer scientists and engineers with hands-on training and the ability to design and develop secure systems from the start.

2. Treat security education as a global issue
Cyber security issues know no boundaries. Institutions need to share and collaborate with other programs around the world. Academics from more mature countries should increase their formal collaboration with those in emerging countries to help address the skills gap. Such initiatives could include distance learning programs and the sharing of curriculum and Best Practice among educators.

3. Approach security comprehensively, linking technical to non-technical fields
Adopt a curriculum that has an holistic and interdisciplinary approach. Security education should cover infrastructure, people, data, applications, ethics, policy and legal issues. Business and public policy schools should focus on creating better security policy and governance and training future information security leaders, such as Chief Information Security Officers.

4. Seek innovative ways to fund labs and pursue real-world projects
Resources may always be tough to come by. Industry, Government and academia must come up with novel ways to give students practical experience. Providing internships and design contests are one way to overcome this challenge. Other alternatives include cloud-based or virtualised ranges, simulators and test beds.

5. Advance a ‘Science of Security’
Place emphasis on the creation of a discipline of security science with fundamental concepts and a common vocabulary. This new science should focus on anticipating security problems, not just reacting to attacks. It must include scientific methodologies and incorporate ‘reproducibility’ and proofs in the design of security systems.

Now is the time to act

These recommendations offer ways in which to make cyber security education more effective in the short and the long term. By breaking down barriers and working in concert, it’s possible to better address current and emerging challenges.

The cyber security community must maintain the current level of enthusiasm and effort in the field while keeping an eye on longer-term goals.

The academic community will achieve more by collaborating broadly. Governments must invest in programs that advance the science behind cyber security, along with fundamental education in science, technology, engineering and mathematics.

At the same time, industry must provide technology, opportunity and expertise.

It will take all of us to create a more secure future.

Leave a comment

Filed under IFSECGlobal.com News

IBM helps bridge cyber security skills gap by partnering with over 200 global universities

Today, IBM announced that the company is adding nine schools to supplement more than 200 partnerships already established with universities around the globe, focusing on collaboration that will bring cyber security skills to the classroom.

According to the US Bureau of Labour Statistics, employment in the cyber security field is expected to grow rapidly, increasing by 22% come 2020. As organisations transmit and store more sensitive information on an electronic basis, the need for employees with experience in cyber security will be imperative in order to protect data in the cloud, mobile devices and traditional computing.

As part of IBM’s Academic Initiative, the company is launching new curriculum and programs focusing on cyber security with Fordham University, San Jose State University, Technische Universität Darmstadt (Germany), Temasek Polytechnic (Singapore), Universidad Cenfotec (Costa Rica), Universiti Kebangsaan (Malaysia), the University of South Carolina, the University of Texas at Dallas and Wroclaw University of Economics in Poland.

“As our planet becomes more interconnected though new technology like cloud computing and the proliferation of mobile devices, so interdisciplinary education for cyber security becomes essential,” said Dr Mark Harris, assistant Professor of the Integrated Information Technology Program at the University of South Carolina. “This is a challenge that IBM is proactively addressing, largely by partnering with academic programs and encouraging higher levels of skills development to address these new world challenges.”

DataSecurity

Strong demand from industry and Government

The number of cyber security academic programs around the world has increased significantly over the past decade. One reason for this growth is the very strong demand from industry and Government for trained professionals as both of these market segments are facing a significant skills gap.

In fact, over half of industry respondents in a recent survey by Frost & Sullivan said that they had too few information security-focused employees on their staff. A UK Government report said that it may take 20 years to address the current cyber security skills gaps.

To help rectify this situation, IBM’s Cyber Security Innovation Program is designed to help facilitate collaboration with educators around the globe and teach students the cyber security skills needed to be competitive in a rapidly changing work environment.

With this program, IBM combines its leadership in developing and innovating security products, services and solutions for clients with its long-standing relationship with the academic and research community.

“Developing security intelligence skills for the 21st Century, including the ability to proactively predict, identify and react to potential threats has taken on a new priority in the digital age,” said Marisa Viveros, vice-president of IBM’s Cybersecurity Innovation Program. “Our security skills development programs are designed to address the most urgent areas of security and provide expertise and training to help clients cope with the dire skills shortage.”

As part of the Cyber Security Innovation Program, IBM provides:
• Technology and tools (including access to the IBM software portfolio through the IBM Academic Initiative and donated network scanners for use in research labs to monitor intrusions)
• Course materials (including a Skills Taxonomy with links to appropriate online pages on Academic Initiatives, examples of university programs, security and IT services curriculum, publications and trend reports as well as Case Studies and real world challenges
• Faculty Awards (which are given to faculties with winning proposals about how to incorporate IBM technology into their curriculums and share what they build with other universities worldwide)

Bridging the Cyber Security Skills Gap

Academic institutions joining forces with IBM

Fordham University is collaborating with IBM on a cyber security and information fusion course for the MS in Computer Science degree program. Professor Frank Hsu, Clavius Distinguished Professor of Science, Professor of Computer and Information Science and director of Fordham Laboratory of Informatics and Data Mining received an IBM faculty award for his work on building or enhancing three new courses focused on cyber security at both the undergraduate and graduate levels. In addition, IBM participated in the International Conference on Cyber Security held at Fordham University, which brings together industry, Government and academic leaders who have been teaching, researching and practicing cyber security.

San Jose State University is teaming up with IBM for curriculum consultations with nine new faculty members who have joined 20 veteran instructors to focus on Big Data and cyber security training and research within the following departments and schools: Management Information Systems, Computer Science, Computer Engineering, Library and Information Science and Psychology. Professors will also be able to access big data and cyber security courseware provided by IBM, hosted on the cloud. Additionally, IBM is joining San Jose State University’s new Industry Advisory Council (IAC) for Cybersecurity and Big Data which aims to encourage workforce skills development in the two subjects.

Technische Universität Darmstadt in Germany is establishing a new Security by Design Lab with IBM which will educate students on security issues related to engineering in a state-of-the-art facility focused on industry and research. The current work by Michael Waidner, Professor at TU Darmstadt and Director of the Fraunhofer Institute for Secure Information Technology (SIT), as well as his team will give students hands-on experience with the typical security design and integration problems of Web applications. The new lab will reduce the gap between research and education in security by design, and is of huge practical value for students and their future employers.

Temasek Polytechnic in Singapore and IBM have been collaborators in the area of IT security for several years. This collaboration provides training to students in the most current areas of IT security technologies. It also facilitates opportunities for pioneering the conception, development and deployment of new security solutions using the technologies and services of IBM. The collaboration on the TP-IBM Centre for IT Security comprises several areas such as curriculum development.

Universidad Cenfotec in Costa Rica is aligning with IBM to build a new Master’s Degree in Cyber Security. The university is leveraging materials from IBM that are designed to be reused to create coursework in other universities. For this program, IBM is transferring up-to-date knowledge to university faculty on some core topics of Information Security, including security controls and management, governance models and an introduction to various frameworks. IBM’s partnership with the university is investing in infrastructure and Human Resources that will develop cyber security skills in Costa Rica and build Best Practice to replicate in other locations if needed.

Universiti Kebangsaan in Malaysia is creating a Centre of Excellence to deepen holistic skills in cyber security. IBM’s IT security technology is being embedded into the university’s Cyber Security degree program and is providing software, courseware, training and testing that are needed for the students to gain global cyber security skills.

The University of South Carolina is using IBM threat intelligence research, including the X-Force Trend and Risk Report, to lay a foundation of cyber security skills for students by teaching the latest technology to combat emerging threats. In addition, through a partnership with IBM, faculty and students are able to leverage free access to software solutions such as InfoSphere Guardium for protecting data and IBM Security AppScan for protecting software applications. In the Advanced Networking class, students are introduced to network administration and security to gain hands-on experience of working with IBM Endpoint Manager to securely manage mobile devices, including Bring Your Own Device (BYOD) solutions.

The University of Texas at Dallas is applying IBM resources to develop cyber security courses and curriculum in areas such as cloud computing, mobile computing and cyber operations. Furthermore, Dr Bhavani Thuraisingham, executive director of the Cyber Security Research and Education Institute (CSI) at UT Dallas, is the recipient of a 2013 IBM Faculty Award for establishing new courses, such as secure cloud computing, data mining for malware detection and cyber operations.

Wroclaw University of Economics in Poland is co-operating with IBM on Postgraduate Studies in Cyber Security Management, which is conducted by highly qualified professionals and specialists in the area of information systems security. Many classes enlist the help of IBM on curriculum development from specialists in the field of cyber security management and technology. These classes are designed for students planning a career in cyber security that will take a leading managerial role in an organisation dependent on data and information communication technology. In addition, students can access the new IBM Security Operations Center located in Wroclaw.

Further information about IBM Security

IBM provides the security intelligence to help organisations protect their people, data, applications and infrastructure.

The company operates one of the world’s broadest security R&D organisations. IBM monitors 15 billion security events per day in more than 130 countries and holds more than 3,000 security patents.

For more information on IBM security visit: http://www.ibm.com/security and http://www.securityintelligence.com

Leave a comment

Filed under IFSECGlobal.com News

“UK security exports set to increase in 2014” state BSIA members

As the UK’s Export Week draws to a close, security exporters from the British Security Industry Association’s Export Council have revealed the increasingly important role that exporting plays in helping businesses continue to thrive against the ongoing backdrop of economic austerity.

In an annual survey conducted by the British Security Industry Association (BSIA), members of the Association’s Export Council – a dedicated forum for BSIA member companies focused on extending their business to overseas markets – report their experiences of exporting in the past 12 months and their expectations for the coming year.

In this year’s survey, respondents have revealed that exporting has become even more important to them in 2013 than it was in 2012, with 80% of exporters claiming that exporting has increased in importance during the current economic climate.

The BSIA's Export Council is assisting British companies to export their security products and solutions

The BSIA’s Export Council is assisting British companies to export their security products and solutions

Further increases in overseas trade are expected for 2014, with the security sector’s focus shifting from Western Europe in 2012 to the Middle East in 2013. 90% of respondents cite this as the most important overseas market they will be targeting over the coming year, with the majority also intending to exhibit at January’s Intersec Dubai event.

Accurate picture of emerging trends

“Performing this survey for a second consecutive year has enabled us to build an accurate picture of emerging trends experienced by UK security exporters operating on a global scale,” commented Daren Wood, membership and export services manager at the BSIA.

Wood continued: “Exporting has become a key source of additional revenue for many UK security providers since the economic downturn began. In an increasingly global marketplace, we expect more and more UK-based companies to turn towards overseas markets in the future.”

Daren Wood: the BSIA's membership and export services manager

Daren Wood: the BSIA’s membership and export services manager

Interestingly, the focus on vertical markets has shifted since 2012, with Critical National Infrastructure, the utilities and Government among the most important markets targeted by BSIA members in 2013 (compared to healthcare, retail and transport in 2012).

Wood explained: “The UK enjoys a positive international reputation when it comes to the provision of security products and services, and over half of our members report that the experience and track record offered by UK companies is the biggest factor influencing their success in winning overseas business.”

Following on from this, Wood said: “Despite this, there are still several barriers preventing our industry from making further progress in overseas markets. Primarily, the existence of third party certification schemes in many European countries is a significant barrier, particularly for members of our Security Equipment Manufacturers Section. The requirement for products to be tested to different standards depending on which country they are to be sold in is not only time-consuming but also financially burdensome.”

Positive outlook for 2014

Despite such challenges, members of the BSIA’s Export Council have a positive outlook for 2014, with 90% of respondents to the BSIA’s survey expecting their company’s export business to grow in the coming twelve months.

“Developments in IP and wireless technology look set to drive buying behaviour in overseas markets in 2014,” stated Wood, “and BSIA members will continue to capitalise on this demand by growing their presence at key international trade shows such as Intersec Dubai, Security Essen and MIPS Russia.”

Supporting its members to increase their presence abroad, the BSIA’s Export Council organises UK Pavilions at several overseas trade events, thus playing a vital role in forging productive trade links between UK security companies and overseas buyers from around the world.

To help non-exporters take the first steps towards developing their business abroad, the Export Council produced its ‘Top Ten Tips for Security Exporters’, a useful guide which can be downloaded free-of-charge from the BSIA’s website.

For more information about becoming a member of the BSIA’s Export Council visit: http://www.bsia.co.uk/export-council or e-mail Daren Wood at: d.wood@bsia.co.uk

Leave a comment

Filed under Uncategorized