‘Big SASIG’ Cyber Security Conference to feature ‘Cyber Resilience in the Real World’

The Security Awareness Special Interest Group (SASIG) has confirmed that the second edition of its one-day cyber security conference dubbed ‘Big SASIG’ will focus on resilience – ie preparing for, responding to and recovering from cyber attacks – in the real world. 

The unique environment of ‘Big SASIG’ explores the challenges facing cyber security professionals across all sectors. This exclusive invitation-only event is taking place on Wednesday 25 May 2022 in the City of London. The concept has proven extremely popular in the cyber security community following the hugely successful first edition, which was held virtually in March 2021. 

The second edition, to be held in an ‘in-person’ scenario, will feature keynote presentations from high-profile industry experts and a series of dedicated workshops covering how businesses should build resilience, how to view cyber security as a trigger rather than a risk.

The second edition of ‘Big SASIG’ is on the horizon

Martin Smith MBE, founder and chair of SASIG, said: “Our community has been through a turbulent period that has seen a renewed focus on cyber security. Protecting data, delivering remote working protocols and ensuring safety and security continue to be top priorities. ‘Big SASIG’ is the latest innovation to help cyber security professionals share experiences and learn from their peers and supporters. This second edition of the conference will see the community join forces once again in person.” 

With all content being reviewed by the SASIG Independent Advisory Board, presentations will focus on highlighting the need for solid IT foundations to cope with fast-moving cyber criminal activity, as well as robust levels of employee security awareness to protect organisations from all angles.

Peer-to-peer engagement 

Mark Walmsley, CISO at Freshfields Bruckhaus Deringer and chair of the SASIG Independent Advisory Board, commented: “At the core of ‘Big SASIG’ is peer-to-peer engagement at a high level. Facilitating informative, educational and thought-provoking debates so that CISOs can share experiences and learn from each other is what it’s all about. Doing business is a critical component of recovery from the pandemic. With this in mind, we’re excited at the prospect of this forum helping to create new opportunities for the upcoming year.” 

The inaugural edition of ‘Big SASIG’ welcomed more than 500 high-level participants, including CISOs and security directors from a cross-section of leading UK businesses and organisations, among them Barclays, the Cabinet Office, GlaxoSmithKline, HSBC, Microsoft, the Ministry of Defence, McLaren, npower and Telefonica UK.

‘Big SASIG’ is supported by (among others) Kaspersky, Verizon, Synack, Schroders, CybSafe, the British Standards Institution, Mandiant, SentinelOne, Tessian, Secrutiny.  

*For more information on the second edition of ‘Big SASIG’ visit www.bigsasig.com 

**To register for the event access https://event.bigsasig.com/event/6d11b7c9-8224-40e6-8005-bef8deb314aa/register

Milestone XProtect VMS update “takes security to next level” with Microsoft encryption

Protecting sensitive data in surveillance systems is key to maintaining video authenticity, personal privacy and adequate cyber security measures. XProtect 2020 R3 from Milestone includes a level of encryption from Microsoft called Cryptography New Generation that adheres to “the highest levels of cyber security and data protection” available on the market today.

XProtect’s new encryption modules include stronger data protection, increased cyber security, evidence authenticity and password-protected configuration. Embedding this encryption also means that XProtect can now be configured to operate in a Federal Information Processing Standards (FIPS) 140-2 compliant mode. FIPS is a US Government computer security standard used in all software solutions deployed in US federal agencies and regulated industries such as healthcare and finance.

Security system operators are the eyes and ears of their organisation. When an incident occurs, they’re expected to provide video evidence immediately. This can sometimes be a challenging task, especially so for installations with thousands of cameras recording 24/7.

XProtect 2020 R3 offers a new multi-category search function that makes finding the specific video evidence easier and faster than ever. Multi-category search allows the operator to combine and search across multiple categories such as people, vehicles and location as well as any search agents developed and integrated into XProtect by third party technology partners.

By way of example, operators can narrow their investigation to only contain video sequences that include blue vehicles and males and exclude those that only meet one of them.

Expanded support for 360-degree cameras

XProtect 2020 R3 also offers expanded support for any 360-degree camera that delivers a complete fish-eye view. Most customers will experience significant installation and camera cost reductions and increased situational awareness when deploying these camera types compared to standard surveillance cameras.

The 2020 R3 release contains many more new and improved features and capabilities such as improved video rendering performance in the XProtect Smart Client, adaptive streaming for XProtect Mobile and direct streaming improvements in XProtect Web Client. On the cameras and devices side, XProtect 2020 R3 includes improvements such as increased security without compromising ease-of-use, more freedom to build installations that suit customers’ needs and new Device Packs.

UK education technology firm takes lead in cyber security training thanks to formation of new partnership

Education technology firm e-Careers Limited has formed an exclusive partnership with EC Council to deliver cyber security training to professionals nationwide. Having trained over 200,000 information security professionals globally – including representatives from the US Army, the FBI, Microsoft and the United Nations – EC Council offers certifications in ethical hacking, security analysis and network defence.

Now, in an exclusive partnership, e-Careers becomes the only authorised partner across the UK and Ireland to deliver the complete range of online EC Council Cyber Security and Ethical Hacking accreditations, including its Certified Ethical Hacker (CEH) and Computer Hacking Forensic Investigator (CHFI) programmes.

Jazz Gandhum, CEO of e-Careers, confirmed: “Cyber security is an advancing threat to businesses and organisations globally. The recent WannaCry and Petya cyber attacks penetrated businesses, banks, airports, Government departments and health services across multiple locations worldwide, not forgetting the UK’s very own National Health Service. This increasing threat has resulted in a growing demand for cyber security professionals, with recent reports revealing the number of roles advertised in the UK is at the third highest worldwide. Considering this advancing skills gap, e-Careers is delighted to bring all EC Council online courses to the UK, and will be working hard to help increase cyber security skill sets, knowledge and understanding.”

Taken over by Jazz Gandhum in 2011, e-Careers is one of the UK’s leading ‘edtech’ firms, providing access to over 600 courses across a range of industry sectors through its innovative e-learning platform.

Having educated more than 400,000 individuals over the past six years alone, the business has formed partnerships with over 75 key organisations, including awarding bodies, colleges and private establishments with a view towards making education affordable and accessible to the masses.

Sanjay Bavisi, CEO and president of the EC Council, added: “We’re delighted to have formed this new partnership with e-Careers and look forward to the opportunity this now presents for professionals right across the UK. Every day, cyber security threats grow with professional hackers advancing their knowledge and making digital inroads at an exponential and alarming rate. The only way in which to combat cyber security threats is through knowledge and education. Thanks to our new partnership with e-Careers, we’re confident that more and more professionals will be able to quell this risk, making the digital world a safer and stronger environment.”

*All EC Council courses offered through e-Careers’ e-learning platform are accessible online, making cyber security training both convenient and cost-effective. For more details visit www.e-careers.com

Unwitting cyber scammers cold call industry expert at C3IA Solutions

Would-be cyber scammers made a megabyte blunder when they cold-called Matt Horan of C3IA Solutions: Horan is one of the country’s top cyber security experts. Realising the crooks were trying to take control of his computer, Horan put the call on speaker phone and asked a colleague to record it, with hilarious consequences.

After stringing out the conversation for 35 minutes – during which time he was passed to more senior ‘helpers’ as he posed as an ignorant computer user – Horan then informed the caller that he had no Internet connection.

This prompted the fraudster to use an expletive before hanging up in anger. An edited video of the call has been amusing people across social media.

Horan is keen that the video is used to help people avoid falling for cyber scams. He told Risk UK: “One of the weakest parts of any business’ cyber security is the staff. They do nothing malicious, but can easily assist fraudsters. Along with ‘phishing’ e-mails, this type of phone scam is common and can cause huge amounts of damage.”

Matt Horan of C3IA Solutions

Horan continued: “The caller purports to be from Microsoft or a similar outfit and informs the person who answered the call that there’s a problem with their computer. They then instruct that person to look at the computer’s ‘systems and events logs’, which is simply a log of every action taken. They tell them that this is evidence of ongoing malicious attacks. After that, they try and entice them to log into TeamViewer or something similar which means they then can gain remote access and control of the target computer.”

In addition, Horan stated: “They then have all the information on a computer or network and can infect the system, read e-mails, steal passwords or encrypt the stored data. They can basically do anything they want. Obviously, this can cause massive harm to a business and may well lead to data loss, the theft of funds and the stealing of intelligence as well as cause acute embarrassment.”

C3IA Solutions trains staff at businesses to be ‘cyber-savvy’ and always to hang up on calls like this. If staff are in doubt they should contact their IT support.

“Firms such as Microsoft don’t make calls like the one I took, but they seem authentic,” explained Horan. “Often, the scammers work in pairs so the initial caller can pass over the call to a ‘senior supervisor’, as they tried with me. This gives an added authenticity. Caution should be the watchword when taking calls like this one.”

*The video can be viewed on YouTube: https://youtu.be/ncIehp0fBT8

Based in Poole, Dorset, C3IA Solutions is one of fewer than 20 companies certified by the Government’s National Cyber Security Centre. In addition to its work with Government agencies including GCHQ, the company operates a commercial section that works with businesses, assisting them with their cyber security.

C3IA (a military term) Solutions was set up in 2006 by Horan and Keith Parsons. It has 84 personnel on contract of whom 33 are employees and 51 are associates. The business operates in the defence and security sectors serving both SMEs and multi-national firms.

C3IA is a leading provider of secure ICT, technical programme management and information security services and solutions.

The company takes its Corporate Social Responsibility seriously, supporting serving and past members of the Armed Services. Indeed, the business sponsors those engaged in personal and team development through arduous sporting and other challenges.

Europol and Microsoft enter new global partnerships in fight against cyber crime

Microsoft Corp has announced three new global partnerships with the Organisation of American States (OAS), Europol and FIS to increase co-operation between international law enforcement and the private sector in combating cyber crime and helping to build a safer Internet.

Microsoft officials signed Memorandums of Understanding with representatives of the three organisations during the company’s first annual Cybercrime Enforcement Summit, which brought together more than 60 leaders and experts from law enforcement, academia and the private sector to share legal and technical solutions aimed at confronting the global spread of cyber crime.

The conference follows on from the opening of the Microsoft Cybercrime Center, a state-of-the-art facility designed specifically to advance the global fight against cyber crime.

The agreements establish a framework for co-operation and are intended to spur collaboration and help Microsoft work with each of the three organisations to pursue criminal enterprises engaged in cyber crime.

Microsoft, the Organisation of American States, Europol and FIS anticipate that the collaboration will enable them to strengthen their forensic and technical analysis of malware and botnets, improve the assessment and investigation of emerging malware threats, enhance enforcement actions against cyber criminals and ultimately dismantle these criminal organisations.

Microsoft Corp has announced three new global partnerships with the Organisation of American States, Europol and FIS

Preying on consumers

“Cyber criminals are increasingly sophisticated in preying on consumers, including children and senior citizens,” said Brad Smith, Microsoft’s executive vice-president and general counsel. “These agreements will help the private and public sectors fight cyber crime more effectively while also protecting our customers’ privacy.”

Microsoft is excited to mark its first collaboration with the Organisation of American States. The OAS was established in part to strengthen collaboration among its member states, which currently includes all 34 independent states of the Americas.

The OAS is committed to developing a ‘culture of cyber security’ by taking effective, preventative measures to anticipate, address and respond to cyber attacks.

“There are no borders when it comes to cyber crime,” said OAS ambassador Adam Blackwell. “The criminals are located worldwide, making it impossible for any single organisation to fight cybercrime alone.”

Blackwell added: “We must harness the power of partnerships to have a greater impact against these criminals and keep the Internet safer for everyone.”

Microsoft often collaborates with law enforcement organisations. One example is the recent partnership with Europol to successfully disrupt the dangerous ZeroAccess botnet, which infected up to 2 million computers and stole millions of dollars from online advertisers.

Europol (which boasts its own European Cybercrime Centre (EC3) based at Europol headquarters in The Hague, Netherlands) has supported numerous major cyber crime operations involving malicious software and online child exploitation. This latest agreement solidifies Europol’s commitment to continue providing targeted and effective approaches to combat cyber crime in Europe.

“The ZeroAccess botnet disruption demonstrated the power of our combined efforts as our co-ordinated approach forced the cyber criminals in this case to walk away from their criminal enterprise,” said Europol’s assistant director Troels Oerting, who’s in charge of EC3.

“This kind of collaboration is the new model needed to attack cyber crime, and that is why we’re committed to working with Microsoft so we can take more aggressive action in the future.”

Financial crime: a serious cyber security threat

Financial crimes in particular pose a serious cyber security threat. As the world’s largest provider of financial technology, FIS is on the front line of the fight to maintain the cyber security of payments and financial transactions worldwide.

By signing this MoU, FIS is taking another step on behalf of its financial institution clients to help protect them against cyber crime.

“This partnership with Microsoft will help FIS to better protect its clients from cyber crime and make global financial transactions safer for our clients and their customers,” said Greg Montana, EVP and chief risk officer at FIS.

“We’re pleased to partner with companies like Microsoft which are taking aggressive action to address cyber crime at every opportunity. We look forward to a long and mutually beneficial relationship with Microsoft.”

More information about Microsoft’s efforts to fight cybercrime and the new Microsoft Cybercrime Center can be found at http://www.microsoft.com/news/presskits/dcu

About the Organisation of American States

The Organisation of American states is the world’s oldest regional organisation, dating back to the First International Conference of American States held in Washington DC from October 1889 to April 1890.

Today, the OAS brings together all 34 independent states of the Americas and constitutes the main political, juridical and social governmental forum in the Hemisphere.

In addition, it has granted permanent observer status to 67 states as well as to the European Union (EU).

About Europol

Europol is the European Union’s law enforcement agency whose main goal is to help achieve a safer Europe for the benefit of all EU citizens.

It does this by assisting the European Union’s Member States in their fight against serious international crime and terrorism.

About FIS

FIS is the world’s largest global provider dedicated to banking and payments technologies. With a long history deeply rooted in the financial services sector, FIS serves more than 14,000 institutions in over 110 countries.

Headquartered in Jacksonville, FIS employs more than 39,000 people worldwide and holds leadership positions in payment processing and banking solutions, providing software, services and outsourcing of the technology that drives financial institutions.

First in financial technology, FIS tops the annual FinTech 100 list, is 434 on the Fortune 500 and a member of Standard & Poor’s 500® Index.

For more information about FIS visit: http://www.fisglobal.com

About Microsoft

Founded in 1975, Microsoft is the worldwide leader in software, services and solutions that help people and businesses realise their full potential.

For more information, news and perspectives from Microsoft visit the Microsoft News Centre at: http://www.microsoft.com/news

Home Office: “Joint action to tackle mobile phone theft”

A Home Office Summit aimed at tackling the growing number of mobile phone thefts has stepped up its work to look at how security features might be used to make handsets less attractive to thieves.

A new online advice service is among options being considered by the Home Office, all the while working with the industry in a bid to tackle mobile phone theft.

The move comes after crime prevention minister Norman Baker met representatives from mobile phone industry leaders including Samsung, Google, Apple, Nokia and BlackBerry to consider new action against the growing problem.

The Government agreed to look at ways in which to support industry efforts, including encouraging the public to make more use of phone security features. This includes looking into launching an online advice service which would give people ideas on how to better protect their phone.

826,000 people in England and Wales have experienced mobile phone theft in the past year. That equates to around 2% of mobile phone owners. This percentage has stayed more or less constant since 2005-2006

The UK is a world leader in responding to mobile phone crime, with the industry and the police having worked together to block stolen phones within 48 hours – stopping them being re-used in this country and making them less valuable.

At the meeting, manufacturers outlined a range of new security features they are adding to phones which will make it harder for criminals to use stolen handsets.

Mobile phones are becoming an increasingly attractive target for thieves, with more than 800,000 stolen in the past year alone across England and Wales.

Handsets can be sold for hundreds of pounds overseas, where the newest models are not yet available.

Increase in theft from the person

“Recorded crime is down by more than 10% under this Government,” said Baker, “but we’re seeing signs of an increase in theft from the person, mainly smartphones. Mobile phone technology is changing all the time, and we need innovative solutions to ensure we stay ahead of the criminals. I want to make mobile phone theft as difficult as possible. This meeting with telecom leaders is an important step forward.”

A spokesperson for Samsung said: “Samsung is pleased to be supporting the UK Government in its goal to reduce the serious issue of mobile phone crime theft. Samsung phones already have features such as ‘Find My Mobile’, which gives people control over how their devices are used if lost or stolen, as well as ‘Reactivation Lock’ on new mobile devices which prevents a reset of the device if it isn’t recovered.”

The spokesperson continued: “Samsung strongly encourages everyone to use the features available on their device to protect it in the event that it is lost or stolen, and we’re continuing to explore new and innovative ways in which to prevent the use of stolen devices.”

A Nokia spokesperson added: “Nokia has a long history of working with Governments, operators and retailers to reduce the theft of mobile phones. It’s good to see this renewed focus on protecting users.”

The following organisations were represented at this latest round of discussions: Apple, BlackBerry, Google (Android), Samsung, Nokia, Microsoft and the Global System for Mobile Communications Association.

According to the Crime Survey, 826,000 people in England and Wales have experienced mobile phone theft in the past year. That equates to around 2% of mobile phone owners. This percentage has stayed more or less constant since 2005-2006.