Tag Archives: Sophos

Companies showcased for London’s Cyber MarketPlace to innovate safely online

Academia, private industry and local business leaders joined forces on Thursday 1 June for the pre-launch presentation of the London Digital Security Centre’s MarketPlace at Mitre Passage in North Greenwich, followed by an ‘Evening with an Identity Thief’ with entertainer James Freedman.

Jointly hosted by the Federation of Small Businesses (FSB), the launch of the Cyber MarketPlace marks a key milestone in the Centre’s work to help small and medium-sized businesses in London operate in a secure digital environment.

The 19 companies chosen by the Centre for the launch of the MarketPlace at www.LondonDSC.co.uk are CensorNet, Clearswift, Cybereason, Cyber Rescue, IASME, ISMS.online, Newable, Panaseer, PAV, Rapid7, Securonix, Sims Recycling, Sophos, Symantec, Symphonic, Titania, TrapX Security, Yoti and ZoneFox.

LondonDigitalSecurityCentre

The MarketPlace presents solutions chosen by the Centre to help London’s businesses stay secure from digital crime. It provides SMEs with access to business resilience products and services supplied by private sector organisations who work in partnership with the Centre to enhance their ability to operate in a secure digital environment.

Matthew Jaffa, senior development manager for the FSB, stated: “What the London Digital Security Centre is offering to SMEs is totally unique. Its offering not only free membership, but a service backed by the Mayor of London, the City of London Police and the Metropolitan Police Service. Finding the right solution to improve a business’ online security can be a challenging task. What the Centre has done is take the hard work away and made it easier for businesses to enhance their security.”

Jaffa added: “The MarketPlace is a very useful resource for SMEs. Business owners should visit the Centre’s website to identify and obtain market-leading services that will help them to stay secure as they grow online.”

The Centre’s ‘Evening With’, sponsored by one of the Centre’s MarketPlace partners (namely Yoti) is just one of the events aimed at members to inform and educate on the world of cyber crime and to help prevent future cyber attacks.

James Freedman is widely considered to be one of the world’s greatest pickpockets. An entertainer and an expert on the subject of stealth crime, Freedman’s the only person to have picked the pockets of the Mayor of London, the Chancellor of the Exchequer and the Governor of the Bank of England!

John Unsworth, CEO of the London Digital Security Centre, commented: “Given recent events, our work could not be more timely or necessary. We’re starting to make a real difference to the digital security of businesses and helping to demonstrate that not only is London open for digital enterprise, but also that London’s businesses are at the forefront of ensuring they’re operating securely in the digital age.”

Unsworth concluded: “With the support of our founders, the Mayor of London, the City of London Police and the Metropolitan Police Service, we’ve identified digital security services that businesses need and put them together in one place.”

*For further information on the London Digital Security Centre visit www.londondsc.co.uk or contact John Unsworth via e-mail at: john.unsworth@londondsc.co.uk

Advertisements

Leave a comment

Filed under Risk UK News

GCHQ and Cyber Security Challenge UK test public’s ability to prevent cyber terror attack

GCHQ is today calling on the UK public to protect a fictitious aerospace technology company threatened by imminent attack from cyber terrorists.

‘Assignment: Astute Explorer’ is the latest game to be devised by the Cyber Security Challenge UK, the Government-backed project designed to run an inspirational series of national competitions aimed at attracting talented people into the profession and informing them about cyber security careers.

The latest process affords members of the public a chance to act like a GCHQ operative, using their cyber security skills to investigate and attempt to fix the vulnerabilities of a global defence company ahead of a forewarned cyber attack.

Earlier this year, the Cyber Security Challenge UK launched its 2014-2015 programme of online and face-to-face cyber games by introducing a new enemy, The Flag Day Associates, via a threat video that warned of future cyber attacks against the UK. The Challenge’s first recurring characters, the investigation and defence against this new nemesis forms the basis of this year’s competitions.

The Cyber Security Challenge UK: testing the public's cyber skills

The Cyber Security Challenge UK: testing the public’s cyber skills

‘Astute Explorer’ follows on from an assignment set by global security software vendor Sophos which, over this past weekend, tasked the public to analyse a hard drive recovered from The Flag Day Associates. The hundreds of candidates who tackled the Sophos-devised competition revealed plans for a future attack on ‘Ebell Technologies’ – described as an aerospace and electrical engineering company who are world leaders in the production of military and civilian aircraft, green energy technologies (such as wind turbines) and a variety of electronics products.

In launching its new game, the Challenge has revealed that Ebell Technologies is understandably concerned about the threat of an imminent attack and has thus approached GCHQ to assess its susceptibility to being compromised. As part of the analysis, GCHQ’s ‘Astute Explorer’ – an automated code scanning tool after which the game is named – has returned various snippets of code that may contain vulnerabilities. Those who take up the challenge will be asked to identify these vulnerabilities, explain why and how they could be exploited and suggest appropriate fixes.

Need for a skilled cyber security workforce

“As the UK’s National Technical Authority for Information Assurance (NTAIA), GCHQ is pleased to have been able to develop an original game for the Cyber Security Challenge UK,” explained Chris Ensor, deputy director for the NTAIA. “We have designed ‘Astute Explorer’ to really test candidates’ cyber security skills. We absolutely recognise the need for a skilled workforce which is why we’re delighted to once again support the Cyber Security Challenge UK and help inspire the next generation of cyber security talent.”

Those who register will be competing to book their place at the Challenge’s first of a series of reconnaissance meet-ups organised as part of ‘Operation: Flag Day’. Here, the most impressive candidates from the virtual assignments will be asked to report for duty in person at secret locations around the UK to carry out investigations face-to-face in teams.

As well as uncovering vital clues on the objectives and identities of The Flag Day Associates, these gatherings will ultimately determine the final line-up of online defenders to take on the cyber terrorist group at next year’s Masterclass final.

“There’s no doubt that ‘Astute Explorer’ is an ingenious game from GCHQ which will not only provide an enjoyable challenge but also test skills that are in high demand by employers in this sector,” said Stephanie Daman, CEO of the Cyber Security Challenge UK. “I would encourage anyone with an interest in how IT systems and the information they hold can be protected to sign up and give it a go.”

Series of national competitions

As stated, the Cyber Security Challenge UK runs a series of national inspirational competitions aimed at attracting talented people into the profession and informing them about cyber security careers and learning opportunities.

Now in its fourth year, the Challenge is running an ambitious programme of competitions and activities designed to spread the word about why cyber security is such a fulfilling and varied career and help talented people obtain their first cyber security job.

The Challenge is sponsored by some of the UK’s most prestigious public, private and academic sector organisations and already making a notable difference to the career prospects of those with the talents and aptitude to become cyber security professionals.

Further detail is available at: https://cybersecuritychallenge.org.uk/

GCHQ is, of course, one of the three UK intelligence agencies. Further information on its work can be found at: http://www.gchq.gov.uk

Leave a comment

Filed under Risk UK News

Sophos tasks UK public to crack virtual terrorist hard drive in new Cyber Security Challenge competition

• The latest competition in the 2014-2015 Cyber Security Challenge sees global cyber security provider Sophos call on the UK public to investigate an encrypted hard drive seized from the Challenge’s new cyber terrorism nemesis – The Flag Day Associates
• Candidates will have to use the information they can glean to access ‘Internet of Things’ devices and learn more about their plans
• Register to test your skills and help protect the UK: https://cybersecuritychallenge.org.uk/registration/

As part of the latest Cyber Security Challenge competition, Sophos is calling on members of the UK public to turn ‘sleuth’ and investigate confiscated crime scene computer systems belonging to a mysterious cyber terrorist group.

‘Assignment Flag Drive’ is the second competition in the 2014-2015 programme of online and face-to-face cyber battles aimed at uncovering the best UK amateur security talent.

This latest round of Challenge competitions sees the introduction of a new nemesis, The Flag Day Associates. They represent the Challenge’s first recurring characters who will feature prominently in a gripping storyline throughout this year’s competition, culminating with the 2015 Masterclass which takes place next March.

The fictitious Flag Day Associates first appeared at the end of the last Masterclass awards ceremony (which ran in March this year) via a threat video featuring three masked individuals warning of a future cyber attack on the UK. The video (http://youtu.be/JTmdm4L4Vjs) was uploaded to YouTube. Further ‘secret’ details embedded within revealed a possible date for the cyber attack as well as a reference to the next solar eclipse observable from the UK.

The Flag Day Associates on YouTube

The Flag Day Associates on YouTube

Last month, over 1,000 amateur cyber defenders signed up to help decipher the first clue in the investigation of the Flags – a suspicious communication e-mail identified by the National Crime Agency and described as potentially having been sent between members of the group.

Using technical skills and curiosity

To mark the launch of ‘Assignment Flag Drive’, the Challenge has revealed that the intercepted e-mail has been traced to an abandoned warehouse in the English countryside. When the authorities arrived any previous occupants had vacated, taking all of their equipment with them. Only an encrypted hard drive was left behind.

In the brand new online competition, founding Challenge sponsor Sophos is calling on members of the UK public to use all of their skills and technical curiosity in a bid to break into the captured system and report on what new information they’re able to ascertain.

“This competition is going to be a lot of fun and include many of the key skills security professionals need in the workplace,” explained James Lyne, global head of security research at Sophos. “It will have forensic aspects to it and be accessible to all levels. Best of all is that part of the game involves a collection of interesting ‘Internet of Things’ devices. I’m looking forward to seeing the creative approaches the players take to try and overcome The Flag Day Associates.”

Cyber Security Challenge CEO Stephanie Daman stated: “Sophos has been a great supporter of the Challenge since its first year, and always provides exciting competitions that bring candidates face-to-face with realistic scenarios and situations that the industry is tackling today. We’re waiting to see what our candidates can learn about The Flag Day Associates from the mysterious drive that’s left behind.”

The highest-ranked entrants from the Sophos competition will automatically qualify for the first of a series of reconnaissance meetings as part of ‘Operation Flag Day’. Here, the most impressive candidates from the virtual assignments will be asked to report for duty in person at secret locations around the UK and carry out investigations face-to-face on a team basis.

As well as uncovering vital clues on the objectives and identities of The Flag Day Associates, these investigations will determine the final line-up of online defenders who’ll then take on The Flag Day Associates at the Masterclass final next year.

Further detail on the UK Cyber Security Challenge

The UK Cyber Security Challenge runs a series of national inspirational competitions aimed at attracting talented people into the profession and informing them about cyber security careers and learning opportunities.

Now in its fourth year, the Challenge is running an ambitious programme of competitions and activities designed to spread the word about why working in the cyber security arena is such a fulfilling and varied career and, importantly, help talented people obtain their first cyber security job.

The Challenge is sponsored by some of the UK’s most prestigious public, private and academic sector organisations and is making a notable difference to the career prospects of those with the talents and aptitudes to become full-time cyber security professionals.

Log on at: https://cybersecuritychallenge.org.uk/ to learn more

Leave a comment

Filed under Risk UK News

UK Government campaign urges citizens to be Cyber Streetwise

A new campaign designed to change the way in which people protect themselves while shopping, banking or socialising online in order to avoid falling victim to cyber criminals has been launched today by the UK Government.

The Cyber Streetwise campaign aims to change the way people view online safety and provide members of the public and businesses alike with the necessary skills and knowledge required for them to take control of their own cyber security.

Building on the National Cyber Security Programme1, the campaign includes a new easy-to-use website and online videos.

With more than 11 million Internet-enabled devices received as gifts during the Christmas period2, Cyber Streetwise will help in the fight against online criminals. People are encouraged to protect themselves and their families online by visiting the website for tips and advice.

The new website, http://www.cyberstreetwise.com, offers a range of interactive resources, tailoring an individual’s visit to provide clear advice on the essentials for enjoying a safe experience online.

Security minister James Brokenshire

Security minister James Brokenshire

Security minister James Brokenshire said: “The Internet has radically changed the way we work and socialise. It has created a wealth of opportunities, but with these opportunities there are also threats. As a Government we are taking the fight to cyber criminals wherever they are in the world.”

Brokenshire continued: “‘However, by taking a few simple steps while online the public can keep cyber criminals out and their information safe. Cyber Streetwise is an innovative new campaign that will provide everyone with the knowledge and confidence to make simple and effective changes to stay safe online.”

National Cyber Security Programme

The launch of the campaign is part of the UK Government’s National Cyber Security Programme1 and comes at a time when an increasing number of people use the web on their laptops, tablets and smart phones.

Findings from the Government’s most recent National Cyber Security Consumer Tracker3 suggest that more than half the population are not taking simple actions to protect themselves online.

While 94% of people believe it’s their personal responsibility to ensure a safe Internet experience, the research highlights the facts that:

• only 44% always install Internet security software on new equipment
• only 37% download updates and patches for personal computers when prompted… a figure which falls even further to a fifth (21%) for smart phones and mobile devices
• less than a third (30%) habitually use complex passwords to protect online accounts
• 57% do not always check websites are secure before making a purchase

The Cyber Streetwise campaign underlines that safety precautions taken in the real world have similar relevance in the virtual world. Research shows that shoppers don’t adopt the same behaviours when shopping online as contrasted with shopping on the High Street. A person wouldn’t walk around with their bag open or wallet on show yet, when shopping online and due to the speed of technology, people can be open to unnecessary risk if they’re not careful when using their credit card.

Five key actions to prevent cyber crime

There are five actions people can take in order to protect themselves and others from cyber crime. The key behaviours the campaign is focusing on changing are:

1. Using strong, memorable passwords
2. Installing anti-virus software on new devices
3. Checking privacy settings on social media
4. Shopping safely online, always ensuring to check online retail sites are secure
5. Downloading software and application patches when prompted

The research shows our biggest concerns when it comes to online safety are identity theft (48%) and losing money (52%). 16% of those surveyed claim to have lost at least £500 as a result of having their card details stolen and used over the Internet (representing a total loss of more than £4 billion).

Almost a third (32%) of those who admit to not installing security software on Internet-enabled devices blame a lack of understanding, while around a fifth (18%) say they did not realise the risk.

With initial funding allocated from the Government’s National Cyber Security Programme, the Cyber Streetwise campaign has been joined by a number of private sector partners who are providing support and investment. Among those involved are Sophos, Facebook, the RBS Group and Financial Fraud Action UK.

References

1. For further information on the National Cyber Security Programme, visit: https://www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace

2. Figure provided by retail experts Conlumino and based on items bought in the five weeks up to and including Christmas Week 2013. Figure includes tablets, smart phones, connected e-readers, laptops, desktops and connected games consoles. Data derived from Christmas tracker which surveyed 22,762 consumers over the run-up to Christmas 2013

3. National Cyber Security Consumer Tracker – Wave 3, October 2013

Figure based on 16% of the adult UK population (8,028,924) Population Estimates for UK, England and Wales, Scotland and Northern Ireland, Mid-2012 Release, Office for National Statistics, 8 August 2013

4. Cyber Streetwise is a cross-Government awareness and behaviour change campaign delivered by the Home Office in conjunction with the Department of Business, Innovation and Skills alongside the National Crime Agency and Action Fraud and supported by the National Cyber Security Programme (Cabinet Office)

5. The campaign has wide support across industry with over 20 organisations providing access to communications channels to reach their customers or providing monetary support. Organisations involved include: Sophos, Facebook, Financial Fraud Action UK, RBS, Trend Micro and Vodafone

6. The Cyber Streetwise campaign launched on Monday 13 January 2014 with outdoor, radio and digital advertising. The advertising campaign has been designed by M&C Saatchi. To view and download assets please visit: http://www.consolpr.com/outbound/JAN/Cyberstreetwisecollateral.zip

7. To view the online videos visit: http://www.youtube.com/user/becyberstreetwise/videos

Leave a comment

Filed under IFSECGlobal.com News

SMBs need help to better understand cyber attack threats

Research by The Ponemon Institute reveals that over half of SMBs globally do not see cyber attacks as a significant risk.

Many small and mid-size businesses (SMBs) are potentially putting their organisations at risk because of uncertainty about the state of their security and threats faced from cyber attacks.

According to the ‘Risk of an Uncertain Security Strategy’ study conducted by The Ponemon Institute, senior management is failing to prioritise cyber security which, in turn, is preventing them from establishing a strong IT security posture.

Of 2,000 respondents surveyed globally, 58% confirmed that management does not see cyber attacks as a significant risk to their business. Despite this, IT infrastructure and asset security incidences, as well as wider security-related disruptions, were found to have cost these SMBs a combined average of $1,608,111 over the past 12 months.

Sponsored by Sophos, the research has also identified that the more senior the position of the decision-maker in the business, the more uncertainty there was surrounding the seriousness of the potential threat.

SMBs need help to better understand cyber attack threats

SMBs need help to better understand cyber attack threats

Three main challenges to strong security

“The scale of cyber attack threats is growing every single day,“ said Gerhard Eschelbeck, CTO for Sophos, “yet this research shows that many SMBs are failing to appreciate the dangers and potential losses they face from not adopting a suitably robust IT security posture.”

According to the research, there are three main challenges preventing the adoption of a strong security posture: failure to prioritise security (44%), insufficient budget (42%) and a lack of in-house expertise (33%).

In many SMBs there’s also no clear owner responsible for cyber security, which often means it falls into the purview of the CIO.

“Today in SMBs, the CIO is often the ‘only information officer’ managing multiple and increasingly complex responsibilities within the business,” said Eschelbeck. “However, these ‘OIOs’ cannot do everything on their own. As employees are demanding access to critical apps, systems and documents from a diverse range of mobile devices, it would appear security is often taking a back seat.”

The study reveals uncertainty around whether Bring Your Own Device (BYOD) policies and the use of the cloud are likely to contribute to the possibility of cyber attacks. Some 77% of respondents said the use of cloud applications and IT infrastructure services will increase or stay the same over the next year, yet a quarter of those surveyed indicated they did not know if this was likely to impact security.

Similarly, 69% said that mobile access to business critical applications would increase in the next year, despite the fact that half believe this will diminish security postures.

“Small and mid-size organisations simply cannot afford to disregard security,” said Larry Ponemon, president of The Ponemon Institute. “Without it there’s more chance that new technology will face cyber attacks, which is likely to cost the business substantial amounts. CIOs are under pressure to implement new technology that informs agile and efficient ways of working, but this should not take precedence over security. The industry needs to recognise the potential dangers of not taking cyber security seriously and create support systems to improve SMB security postures.”

Key findings of the research

The study targeted SMBs in the United States, the United Kingdom, Germany and the Asia-Pacific Region (Australia, India, China and Singapore) to better understand how such organisations are managing security risks and threats.

Key findings of the study include:

• 58% of respondents say management does not see cyber attacks as a significant risk

• One-third of respondents admit they are not certain if a cyber attack has occurred in the past 12 months. 42% of respondents said their organisation had experienced a cyber attack in the past 12 months

• Respondents in more senior positions have the most uncertainty about the threats to their organisations, indicating that the more removed the individual is from dealing on a daily basis with security threats, the less informed they are about the seriousness of the situation and the need to make it a priority

• CISOs and senior management are rarely involved in decisions regarding IT security priorities. While 32% say the CIO is responsible for setting priorities, 31% say no one function is responsible

• 44% of respondents report IT security is not a priority. As evidence, 42% say their budget is not adequate for achieving an effective security posture. Compounding the problem, only 26% of respondents say their IT staff has sufficient expertise

• Respondents estimate that the cost of disruption to normal operations is much higher than the cost of damages or theft of IT assets and infrastructure

• Mobile devices and BYOD are much more of a security concern than the use of cloud applications and IT infrastructure services. However, these concerns are not preventing extensive use and adoption of mobile devices, especially personal devices

• Uncertainty about their organisations’ security strategy and the threats they face varies by industry:
o Respondents in financial services have more confidence, which can probably be attributed to the numerous data protection regulations
o The technology sector is also more security aware, which is probably due to the IT expertise that exists in these organisations
o Retailing, education and research and entertainment and media have the highest level of uncertainty about their organisations’ security strategy and the threats they face

Recommendations emanating from the research findings

• Organisations need to concentrate resources on monitoring their security situation in order to make intelligent decisions. While assessing where they stand on the security continuum, organisations need to focus on monitoring, reporting and proactively detecting threats

• Establish mobile and BYOD security Best Practice. Carefully plan and implement a mobile strategy so that it doesn’t have an impact on the overall security posture

• Organisations should look for ways to bridge the gap created by a shortage of information security professionals. Consider ways to free-up time for in-house resources, including a move to cloud technologies, security consulting and easy-to-manage solutions

• Measure the cost of cyber attacks, including lost productivity caused by downtime. Work with senior management to make cyber security a priority and invest in solutions that restore normal business activity more quickly for a high return on investment

• Organisations in all sectors are regularly breached and regulations are often simply the beginning of properly securing a network. Consider consolidated security management to gain a more accurate picture of threats that will help focus on problem areas

Leave a comment

Filed under IFSECGlobal.com News