Information Security

ICO tells UK businesses to sort out data protection right now

The ICO has told UK businesses to sort out data protection right now, even though the new European Data Protection is only scheduled to come into force by 2017 at the earliest.

“There is a lot going on in data protection that UK firms should be aware of besides the new EU data protection rules,” deputy information commissioner David Smith told a Westminster eForum in London. […]

Information Security

Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkey

Original release date: March 20, 2015 | Last revised: March 23, 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 36.0.4 Firefox ESR 31.5.3 SeaMonkey 2.33.1 Users Read more about Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkey[…]

TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

Original release date: February 20, 2015 | Last revised: February 24, 2015 Systems Affected Lenovo consumer PCs that have Superfish VisualDiscovery installed. Overview Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic. Description Starting in September 2014, Lenovo pre-installed Superfish VisualDiscovery Read more about TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing[…]

Information Security

Benefiting from Cyber Essentials

(This is a copy of an article we wrote that was published in the Cyber Security supplement of the New Statesman 12-16 Feb 2015)

Cyber security starts with addressing what you can predict, and anticipating what you cannot

Cyber security risks are perceived to be unpredictable, a perception fed by media coverage of the latest major cyber attacks affecting large companies. However, if these attacks are examined more closely, more often than not the root cause of a successful attack was that cyber defences did not cover all vulnerabilities in the affected company’s IT systems. Many cyber attackers opportunistically exploit commonly known vulnerabilities in weak IT systems. That means some incidents could have been predicted and avoided, had the organisations in question taken steps to identify and address them. […]

Securing your on-line doors and windows

Most homes and businesses have physical security controls including strong locks on doors and windows, a security alarm and CCTV that will deter a thief from attempting to break-in, make a robbery attempt fail or subsequent arrest inevitable. In the UK if a criminal is caught committing a robbery the sentence is from 12 months to life depending on the circumstances.

Theft of customer information, personal details and trade secrets are just three of the key areas in which cyber-crime is increasing, and in many cases, the crime will go unnoticed until the information is used to commit a real-world crime. […]

Information Security

Is it Security Awareness or Training

Earlier today someone suggested that security awareness training should be delivered in a similar manner to the green cross code as the desired outcome for both activities is the same.

As a child I was a proud member of the tufty club, which taught kids from the 1960’s and early 1970’s the dangers of playing near and crossing roads. In the mid 70’s the first version of the Green Cross code was published consisting of a step by step procedure to assist pedestrians cross the road safely. Rather than squirrel and other woodland creatures the code had a superhero called the Green Cross Code man who appeared in adverts from 1975 until until 1990. […]

Evaluating the potential cost of a cyber-attack

Organisations are becoming much more aware of the threat of cyber crime, but many are still finding it difficult to translate this threat into real business terms.  The potential impact of a successful cyber-attack on your business’s bottom line is not that easy to define, because attacks could range from a “drive-by” denial of service attack through to the targeted theft of intellectual property.  […]

The Threat Within

Christmas is an expensive time of the year and with the recession and lack of pay rises in many companies, a lot of people are starting to feel the pinch. This presents a potential security threat to a company as people who are struggling may be tempted to look for other ways to raise extra money. Company data may become at risk of disclosure, such as a call centre worker selling customer information to a competitor to give them a competitive advantage or knowledge of when a re-occurring contract may come to an end. Malicious damage could be caused to systems and data or a delay could be caused to a project, which would benefit a competitor. Alternatively an employee may become frustrated with their situation and blame the company which may also lead to malicious damage being caused. The last consideration is that it may not be a sole employee who is looking to steal or cause malicious damage but there may be multiple people involved. […]

How Cyber Essentials helps against attacks and vulnerabilities

Whilst many companies, and in particular SMEs, have historically not recognised the requirement for investment in maintaining robust IT security measures, the following statistics make worrying reading:

  • Earlier this year, the PwC Information Security Breaches Survey 2014 highlighted the fact that the cost of a breach to an organisation has almost doubled since the previous year. The average cost to a large organisation for the worst level of security breach is between £600k and £1.15m (up from £450 to £850k a year ago). The average cost to a small business for its worst security breach is between £65k and £115k (up from £35 to £65k a year ago)
  • During the last year significant global brands have been impacted by Information security attacks. These include Ebay, Target, Sony, Evernote and WordPress; and
  • According to the RSA monthly fraud reports the UK is the 4th most attacked country by volume after the United States, China and the Netherlands.

In response to this growing threat, the UK Government, in consultation with industry, launched the Cyber Essentials IT security standard in June 2014. […]