Press Room

Vormetric release Insider Threat survey

Our Partner, Vormetric, have just released the results of their survey on how companies feel about the Insider Threat. They interviewed 818 leading companies around the world and their finds make very interesting reading.

What is common is every company sees a major threat from within the organisation, whether that be from employees, contractors or partners. One aspect which was highlighted is the issue of system administrators and their abuse of privileges.

Business Today on our Top Tips

Top tips for businesses to battle cyber attacks in 2015.

In 2014 there was a significant increase in reported cyber hacks and related financial losses either due to prosecution, loss of reputation and even job loss due to non reaction to an event.

According to Colin Tankard, managing director at data security specialists Digital Pathways, 2015 will undoubtedly see a further escalation of cyber attacks.

Tankard talked to Business Today about some of the biggest cyber changes predicted for 2015 and provided top tips to help businesses of all sizes tackle the digital challenges in the upcoming year. Read the full article

Info Security Magazine pick up our call for data classification

All organisations can take a leaf out of the Government’s book and use data classification to safeguard information, says Colin Tankard, MD of Digital Pathways.

All organisations handle sensitive and confidential information, providing them with a competitive advantage. The need to secure that information is more pressing than ever, given the growing sophistication of criminals for whom such data is a goldmine and increasingly prescriptive mandates demanding high levels of information protection.

Governments have long demanded that the information held by their agencies be adequately protected and many have laws in place that restrict access to only those individuals with proper authorisation. In some countries, such as the US, data is classified into three levels – top secret, secret and confidential – along with a fourth category, “for official use only.” In the UK, the classification system, known as the “protective marking” system, has long been divided into six classifications.

Tankard goes on to say ‘Information is a premium for any organization and keeping sensitive information secure and adequately protected is a must. Wise organisations will implement a strategy of using protective marking now to reduce the risk that they will become the next data breach headline.’ Read the full article here

European Central Bank (ECB) Hack

Retail Fraud  Magazine investigated this latest attack and interviewed our Managing Director Colin Tankard;

ECB database ‘only partially encrypted’

27/07/2014: The news of The European Central Bank (ECB) being hacked, with the attackers stealing both email addresses and contact data from the organisation’s public website, is the latest data breach in a line of many.

The ECB announced the breach yesterday saying that the details only emerged when the hackers tried to extort money in return for the stolen data on Monday. Around 20,000 email addresses and some addresses and phone numbers were stolen from the public part of the ECB website that dealt with conferences and visits.

According to data security company, Digital Pathways, whilst the ECB says that no market sensitive data was compromised it also said that most of the data – not all – was encrypted.

Colin Tankard of data security company Digital Pathways says, “ As only a part of the database seems to have been encrypted it looks as if they were only encrypting a row or column ‎and were probably using an encryption programme as part of the database offered by the database vendor.

‘Often only data such as credit card numbers are encrypted but this hack shows that this method is not good enough and that the whole database should be encrypted in order to secure all of the personal private data contained within it.

‘Relying on a vendor’s single column encryption is only doing part of the job and is often seen as the easy route as companies think it is the only way to hide data from their database administration people.

‘ However, what is needed is the encryption of the total database which will also protect shadow copy and password files within it. Strong access control should be applied to either user or application access to ensure only authorised people or applications can touch the data. Then, independent logging of the database needs to be implemented so that all ‎access to the data, or changes by database administrators, is held outside of the database administrator’s control. In this way, they have nowhere to hide if they touch the database. A common technique is to switch off auditing in the database while the Hack is being done and then switching it on again thus stopping any alerts.

‘Companies really must separate duties between database administration and security management. This is always the best practice.’

Logistics Business IT Magazine

News of perhaps the largest ever cyber-attack to date with hackers accessing Ebays database of over 233 million customers’ personal data is another in a long line of data losses in recent times.

In this case, the hack was a phishing attack on the system administration accounts that were compromised providing access to the database.

Says Colin Tankard, Managing Director of data security company Digital Pathways, ‘ It seems to me that eBay had encrypted the passwords, but all other information was in the clear. Why they only went part way in the protecting the data is not clear. It would have been better if they had encrypted the whole file structure and added better authentication to the system administration accounts as a minimum.’

 

global security mag logo

Global Security Magazine

End Point Security: Beware use of IPads and Tablets

Our comments on the issue of iPad security and BOYD in general has been picked up by Global Security magazine. The full article is here.

Barclays Data Loss

Our release on the Barclays data loss is now in Info Security Magazine, to read the article click here

Also  Global Security Magazine picked us up. Read the article here

Sunday Times

The Sunday Times published an article titled Banks Bid To Foil The Fraudsters on 2nd February 2014.

We were referenced in regard to using strong passwords and ways to stop a Man-in-the-middle attack. Have a look at the article at http://raconteur.net/technology/banks-bid-to-foil-the-fraudsters