Vormetric release Insider Threat survey

Our Partner, Vormetric, have just released the results of their survey on how companies feel about the Insider Threat. They interviewed 818 leading companies around the world and their finds make very interesting reading.

What is common is every company sees a major threat from within the organisation, whether that be from employees, contractors or partners. One aspect which was highlighted is the issue of system administrators and their abuse of privileges.

See the full presentation: Inside Threat Survey 2015 web version.

Business Today on our Top Tips

Top tips for businesses to battle cyber attacks in 2015.

In 2014 there was a significant increase in reported cyber hacks and related financial losses either due to prosecution, loss of reputation and even job loss due to non reaction to an event.

According to Colin Tankard, managing director at data security specialists Digital Pathways, 2015 will undoubtedly see a further escalation of cyber attacks.

Tankard talked to Business Today about some of the biggest cyber changes predicted for 2015 and provided top tips to help businesses of all sizes tackle the digital challenges in the upcoming year. Read the full article

Logistics Business IT on our Dark Web comments

The news today that the Tech Industry is working with law enforcement agencies under the new Government initiative to crack down on illegal and inappropriate activity on the ‘dark side’ of the web is to be welcomed according to Colin Tankard, Managing Director, Digital Pathways.

To read the full article please follow this link

Info Security Magazine publish our opinion on Tor

A journalist seeking to expose corruption or criminal activity uses Tor to protect their sources and to ensure they are not being monitored. The refugee or activist turns to the dark web to fight against oppression and tyranny, knowing they have a degree of protection from their oppressors.

But so does the drug dealer, the people trafficker, the pedophile, the money launderer and the terrorist seeking to hide their activities. And it seems there isn’t much we can do about it.

An encrypted and closed network like Tor has become a challenging conundrum. Set up with good intentions, it has become a haven for those criminals, hackers and terrorists.

Yet any talk of regulating Tor and the dark web undermines two of the founding principles of the World Wide Web: freedom and privacy. Granted those principles seem far removed from the highly commercial web that has evolved, but they still exist and they remain important.

read more…

Info Security Magazine pick up our call for data classification

All organisations can take a leaf out of the Government’s book and use data classification to safeguard information, says Colin Tankard, MD of Digital Pathways

All organisations handle sensitive and confidential information, providing them with a competitive advantage. The need to secure that information is more pressing than ever, given the growing sophistication of criminals for whom such data is a goldmine and increasingly prescriptive mandates demanding high levels of information protection.

Governments have long demanded that the information held by their agencies be adequately protected and many have laws in place that restrict access to only those individuals with proper authorisation. In some countries, such as the US, data is classified into three levels – top secret, secret and confidential – along with a fourth category, “for official use only.” In the UK, the classification system, known as the “protective marking” system, has long been divided into six classifications.

Tankard goes on to say ‘Information is a premium for any organization and keeping sensitive information secure and adequately protected is a must. Wise organisations will implement a strategy of using protective marking now to reduce the risk that they will become the next data breach headline.’ Read the full article here

European Central Bank (ECB) Hack

Retail Fraud  Magazine investigated this latest attack and interviewed our Managing Director Colin Tankard;

ECB database ‘only partially encrypted’

27/07/2014: The news of The European Central Bank (ECB) being hacked, with the attackers stealing both email addresses and contact data from the organisation’s public website, is the latest data breach in a line of many.

The ECB announced the breach yesterday saying that the details only emerged when the hackers tried to extort money in return for the stolen data on Monday. Around 20,000 email addresses and some addresses and phone numbers were stolen from the public part of the ECB website that dealt with conferences and visits.

According to data security company, Digital Pathways, whilst the ECB says that no market sensitive data was compromised it also said that most of the data – not all – was encrypted.

Colin Tankard of data security company Digital Pathways says, “ As only a part of the database seems to have been encrypted it looks as if they were only encrypting a row or column ‎and were probably using an encryption programme as part of the database offered by the database vendor.

‘Often only data such as credit card numbers are encrypted but this hack shows that this method is not good enough and that the whole database should be encrypted in order to secure all of the personal private data contained within it.

‘Relying on a vendor’s single column encryption is only doing part of the job and is often seen as the easy route as companies think it is the only way to hide data from their database administration people.

‘ However, what is needed is the encryption of the total database which will also protect shadow copy and password files within it. Strong access control should be applied to either user or application access to ensure only authorised people or applications can touch the data. Then, independent logging of the database needs to be implemented so that all ‎access to the data, or changes by database administrators, is held outside of the database administrator’s control. In this way, they have nowhere to hide if they touch the database. A common technique is to switch off auditing in the database while the Hack is being done and then switching it on again thus stopping any alerts.

‘Companies really must separate duties between database administration and security management. This is always the best practice.’

To Read the full article click here

Logistics Business IT Magazine

News of perhaps the largest ever cyber-attack to date with hackers accessing Ebays database of over 233 million customers’ personal data is another in a long line of data losses in recent times.

In this case the hack was a phishing attack on the system administration accounts that were compromised providing access to the database.

Says Colin Tankard, Managing Director of data security company Digital Pathways, ‘ It seems to me that Ebay had encrypted the passwords but all other information was in the clear. Why they only went part way in the protecting the data is not clear. It would have been better if they had encrypted the whole file structure and added better authentication to the system administration accounts as a minimum.’

Read the full article here

Global Security Magazine

End Point Security: Beware use of IPads and Tablets

Our comments on the issue of iPad security and BOYD in general has been picked up by Global Security magazine. The full article is here.