Defend at all costs!

Legal sector must ‘step up a gear’ in Cyber technology.

Hackers view the legal sector, which tends to store and process critical and invaluable information, as a potential weak point in the cyber security chain and are constantly pursuing different ways to access legal organisations, both large and small. It is high time that the business of law makes cyber security its absolute priority to ensure its present and future is well – protected from the ruthless criminals out there ready to attack at every given opportunity. It is time the legal industry brought these cyber criminals to justice.

Read the full article in Intercontinental Finance & Law here on Page 21

 

How to keep a hacker out of your computer: The security of your data is vital – use our guide to stay safe

In the wake of the meltdown at TSB and the harvesting of personal information from Facebook, people are increasingly nervous about managing their finances online.

Here, The Mail on Sunday looks at how safe our data is and what we can do to protect ourselves from scams and fraudsters.

ACT ON NEW DATA PROTECTION LAW

A shake-up of data protection rules is being introduced this month aimed at changing the way companies handle personal information given to them.

Under a new ‘general data protection regulation’, it should be easier to control how our details are shared. This includes financial facts – such as where we bank, our account numbers and sort codes.

To read the full article in the Mail on Sunday

Cyber Security Company of the Year – Digital Pathways: Securing your data

Business and Industry Today is extremely proud to present Digital Pathways with our Cyber Security Solutions Company of the Year Award.
Established in 1996 by Managing Director, Colin Tankard, Digital Pathways is reputable for their award-winning and ground-breaking data security solutions that help businesses improve and protect their digital assets. Grounded in Harlow, Essex, Digital Pathways has over 20 years in the cybersecurity arena and work with some of the largest blue chip names across Europe. They specialise in encryption which is the foundation technology across all legislation, regulations and good
security practice.
Read the full article on page 32 here

Network security in the age of the internet of things

Wireless devices and smart technologies are increasingly being brought into the workplace, and pose a growing risk to company data

The internet of things (IoT) is a comparatively recent invention. Ten years ago, we only worried about protecting our computers, and it was only five years ago when we needed to protect our smartphones. Now we need to consider protecting our fridges, heating systems and industrial machines in order to safeguard company networks.

The IoT is growing quickly. Researchers estimate that by 2020 the number of active wireless-connected devices will exceed 40 billion. These devices are becoming an increasingly attractive target for criminals, as more connected devices mean more attack vectors and possible vulnerabilities.The IoT is growing quickly. Researchers estimate that by 2020 the number of active wireless-connected devices will exceed 40 billion. These devices are becoming an increasingly attractive target for criminals, as more connected devices mean more attack vectors and possible vulnerabilities.

Read more

Sharing a Data Protection Officer

The General Data Protection Regulations, which comes into force shortly, requires the need for a Data Protection Officer…

As we all know by now, the General Data Protection Regulations, the process by which the European Parliament intends to strengthen and unify data protection for all individuals within the European Union (EU), as well as addressing the export of personal data outside of the EU, comes into force on May 25th of this year.

One of the many requirements of the legislation is the need for a Data Protection Officer (DPO). This person assumes the role of data protection expert and deals with any data protection queries. It is a high-level position requiring grounding in both national and European data protection law and practice, as well as a thorough understanding of GDPR. Read more

The Threat of Fileless Trojans

The growth in the use of fileless or zero-footprint attacks is alarming. And while they seem to have been targeted at corporate networks so far, they will spread wider.

Fileless attacks do not rely on installing new software but use legitimate applications in the OS. An advanced volatile threat (AVT) does not write itself onto the hard drive but stays in the memory and is deleted once the system is reset. And it can be paired with other malware types to deliver multiple payloads.

All this means that regular anti-virus tools are less likely to become more successful. So what can be done to mitigate the likelihood of becoming a victim to a fileless attack? Read more

UK Councils Must Get Their Cyber Security ‘Act Together’

UK councils must get their cyber security ‘act together’ according to Colin Tankard, Managing Director of data security company, Digital Pathways

Human beings are always the weakest link in the cyber security arena and the only way to stop this is by providing excellent training and awareness programmes, according to Tankard.

He says, “My experience of working with these organisations is that, more often than not, the data owners or managers of departments do not consider who has access to their data and they leave the decisions to the IT Department expecting them to know who can access the data and what they can do with it. Then, when things so wrong, it is the IT staff that get the blame. This is wholly inadequate and short-sited.”

Read more

Tackling Push Payment Scams

The Payment Systems Regulator (PSR) has announced an industry-wide action plan to tackle push payment scams. A push payment is where a bank or other payment service provider (PSP) is instructed to transfer money from a customer’s account to another account. When a customer gives consent for a transaction to be processed, it becomes an authorised push payment.

Push payment scams are the second biggest cause of payment fraud in the UK, claiming £100m from 19,000 people between January and June 2017 alone. Authorised push payment scams occur when customers are tricked into authorising payments to an account that doesn’t belong to their intended payee.

From a digital security perspective, authorised push payments scams are a type of man-in-the-middle attack. These attacks happen when digital communications between two systems are intercepted by an outsider. There are several forms of man-in-the-middle attack, but two are especially common. Read more

Cybersecurity Predictions for 2018 – Part Two

 

In the first part of our overall look at 2018 predictions, we determined six of the top 11 trends that were predicted for this year. In this second installment we will look at the remaining five overall topics that are expected to shake cybersecurity in 2018.

IoT Legislation
The Internet of Things (IoT) may be the most affected sector by the Meltdown and Spectre bugs, but it’s the legislation that many determine will be the biggest game changer. Gary Hayslip, chief information security officer of Webroot, said: “Legislation will require IoT manufacturers to be responsible for producing products without known defects.”

It is also predicted that the power of IoT will be felt by businesses in a repeat of the Mirai botnet activity. Paul Barnes, senior director product strategy at Webroot, predicted a mass IoT breach spanning consumers and businesses, but this time with little ability to remediate based on the attack disabling hardware and demanding a ransom payment. Read more

Cybersecurity Predictions for 2018 – Part One

Over the course of December and into the New Year, my inbox fills up with predictions for what 2018 will bring cybersecurity.

At the end of 2016 we assessed a whole host of industry predictions and determined 12 topics that would dictate 2017: skills gap, ransomware, poor routine IT practices, political disruption, CIO activities, social media attacks, AI, advanced cyber-criminals, GDPR, a cloud vendor compromise and better security collaboration.

Most of that came true, although the predictions on ransomware came nowhere close to the impact that WannaCry and NotPetya would come to have. So with an inbox bursting with predictions for 2018, I triaged all of the comments into 11 themes. In no particular order, here are the first six:

Ransomware
It is no surprise that this features so highly after 2017’s headlines. In terms of evolution, it was predicted that after the mass distribution we would see more targeted attempts, with Eric Klonowski, senior advanced threat research analyst at Webroot, predicting the first health-related ransomware targeting devices like pacemakers. “Instead of ransom to get your data back, it will be ransom to save your life.” Read more