Month: February 2018

Cyber security will be at the top of the agenda as a flagship trade exhibition takes place on 27^th March 2018.

The Defence Procurement, Research, Technology & Exportability (DPRTE) 2018 exhibition will be held on 27 March 2018 Cardiff’s Motorpoint Arena and is considered one of the UK’s leading annual defence procurement and supply chain event.

Held across a single day, DPRTE 2018 offers a unique opportunity to showcase goods and services, as well as the chance to engage directly with both the key personnel and organisations responsible for setting strategy and operationally delivering an annual budget of over £19 billion.

With the focus on tech and cyber security at this year’s event, attendees at the exhibition will be able to access a series of training sessions at the Technology & Innovation Knowledge Transfer Zone which will provide participants with an insight into the latest developments and opportunities in this crucial area.

By encouraging collaboration across industry, academia and allies the aim is to boost the competitive advantage of UK defence and find swift answers to the most pressing national security questions from across sectors.  The zone will also host a techUK session tackling the topic of ‘Defining the True Value of Information and Digital Capabilities in Defence’.

The event offers businesses a chance to capitalise on the UK government’s target that 25 percent of defence procurement spending goes to SMEs, and will host a Buyer Engagement Village, offering delegates the chance to meet buyers and suppliers, network with colleagues and make new contacts and connections.

The event’s speakers include Andrew Forzani, Chief Commercial Officer of the UK Ministry of Defence; Gary Aitkenhead, Chief Executive of the Defence Science and Technology Laboratory, Les Mosco, Former Commercial Director of the Ministry of Defence, Jacqueline Rock, Commercial Director at DIO and Jeegar Kakkad, Chief Economist and Director of Policy at ADS.

Speaking about the opportunities for any businesses or organisations wanting to benefit from defence sector, former Commercial Director of the Ministry of Defence and the Chair of DPRTE, Les Mosco, said: “It’s important that all businesses understand that, regardless of their size, an opportunity exists to expand into the defence and security marketplaces.

“There are real opportunities for opportunities for companies operating in multiple sectors, ranging from, cyber security companies, developers of innovative technology platforms, pioneers in healthcare, advanced manufacturing and engineering, and suppliers of everyday goods to feed into the MOD’s extensive supply chains.”

With MOD spending plans outlining £178 billion of investment in new technology and equipment between 2016 and 2026 and a commitment to meet NATO’s target of spending 2 percent of national income on defence every year until 2020, the majority of DPRTE attendees are SMEs seeking to grow their businesses by tapping into the varied supply chain requirements of the modern defence sector.

Mr Mosco, continued: “It’s vital that any business looking to break into or expand in that market are able to ensure their products and services are visible to key audiences. DPRTE gives them an open forum to do that while also discovering how they may need to alter their offering in the future.”

Exhibitors and official event partners this year include MOD Defence and Security Accelerator, Crown Commercial Service, and Cyber Protection Partnership as well as a host of other high-profile organisations in the defence sector supply chain.

Attendees at the exhibition will be also able to access a series of training sessions at the Technology & Innovation Knowledge Transfer Zone which will provide participants with an insight into the latest developments and opportunities in this crucial area.

By encouraging collaboration across industry, academia and allies the aim is to boost the competitive advantage of UK defence and find swift answers to the most pressing national security questions from across sectors.  The zone will also host a techUK session tackling the topic of ‘Defining the True Value of Information and Digital Capabilities in Defence’.

Simon Burges, CEO of BiP Solutions, the organiser of DPRTE, explained: “With over 1500 key decision makers from across the defence sector, DPRTE 2018 is a must-attend event for existing and aspiring defence suppliers of all sizes looking for business growth”.

(66)

On May 25th 2018, Europe’s General Data Protection Regulation (GDPR) will become implemented into legislation and this means that for all those within the IT and data management industry, life in the workplace is about to drastically change.

The UK’s leading managed IT service provider, Nasstar, has looked into how exactly this will affect workplaces within the UK.

Europe’s General Data Protection Regulation (GDPR) is a new legislative law that will help reinforce and strengthen data protection and provide heightened security to both individuals and companies across the EU. Although the UK currently has the Data Protection Act 1998 implemented into legislation, the GDPR will override and tighten these pre existing laws and ensure that all of Europe is united and subject to these new data protection laws.

Any company that provides services or offers goods to European data subjects that either manage, hold or process data of those living with the EU will be affected as a result.

According to Article 4 of the GDPR, a processor is ‘a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.’ whilst a controller is ‘the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.’

If your role falls under ‘processor’ then you are subject to a significant number of restrictions under the controller. For example, processors can’t engage another data processor without the express permission of the controller. In contrast to this, the controllers are responsible for handling personal data, and as such are tasked with taking charge of ensuring that the GRPR is upheld and complied with. However it is worth noting that both processors and controllers are subject to fines if the legislation of the GDPR is not upheld, and could face a minimum whopping 20 million euros fine.

Although there are many changes that the General Data Protection Regulation will bring to the role of data management, there are some changes that are more notable than others.

Primarily it’s important to know that as of March 25th 2019, all data breach notifications have to be handed to the relevant supervisory authority within 72 hours of a data breach where it is likely to “result in a risk to the rights and freedoms” of individuals. This new limited time frame is a massive change to the system and needs to be kept on top of to avoid breaching the GDPR.

It’s also worth noting that data subjects now have significantly more rights to their own personal data, as they now have the opportunity to both access and erase it. If a data subject so wishes, they are now able to find out where and why their data is being processed, and have the rights to be given a free electronic copy of this data. They may even erase this data under the ‘right to be forgotten’ but this must be taken under consideration following a ruling based on the public’s interest.

Mark Hodgkinson, Head of Professional Services at Nasstar says: “As part of the new legislation, companies must also appoint data protection officers, whose job it will be to advise and monitor both the processors and controllers; ensuring that the GDPR is being implemented effectively. Although not every company will be obligated to appoint a GDPR, almost all businesses, including us at Nasstar, will have to have one, as well as private companies who either regularly monitor subjects or who process conviction information.

“By ensuring that you understand these upcoming GDPR legislative laws and prepare yourself for these changes, you will be ready to implement the regulations from the get go, meaning that you and your organization will be straight off the starting blocks and powering ahead of the data management game.”

For more information on Nasstar please visit: http://www.nasstar.com/

(380)

Attitudes towards security continue to harden – with terrorism, geopolitical uncertainty and cyber threats now joining over-regulation in the top four threats to business growth prospects in PwC’s 2018 CEO survey. This shift is reflected by the language now used publicly – by government and business leaders alike – as highlighted by the UK Defence Minister recently confirming that sponsored cyber-attacks on the UK’s infrastructure could cause economic chaos. But after endemic under-investment in skills development for over a decade, Paul German, CEO, Certes Networks, explains it is time for a significant change in approach to safeguard business.

Supply versus Demand

Organisations now recognise the need to invest heavily in security. Yet when day rates for cyber security experts hit £1,400, the industry clearly has a massive problem regarding supply and demand. And while it is fair to say that the escalation in cyber threats has created an unprecedented need for individuals with skills, talent and experience, it is chronic under-investment in training and education that is at the heart of the skills shortage problem.

The UK used to lead the world in cyber security expertise. Now, Government representatives are travelling to countries across the globe – including some that are flagged as ‘questionable’ by our security services – in the hope of attracting essential start up expertise and skills. And with the proposed National College of Cyber Security sited at Bletchley Park now not likely to open before 2019, home grown talent is simply not being developed.

So what has gone wrong? The ramifications of the massive spike in outsourcing a decade ago are now being felt. When huge swathes of technical experts were ‘TUPE’d’ across from public sector to private sector organisations, a history of training, education and skills development was lost. These individuals are now leaving the industry in swathes and their skills have never been replaced. The result is escalating demand and a pool of resources that continues to shrink by the day.

Rethinking Education

There are so many flaws in the current model. The industry is frankly appalling at selling itself; at inspiring the next generation by demonstrating that IT can be an exciting and financially rewarding career. In addition, training has over the past decade become almost exclusively product focused – with vendor ‘academies’ teaching individuals about specific product sets, rather than security framework requirements, a move that has further weakened the depth of expertise offered by any one individual.

This approach is simply not sustainable – for IT providers or organisations desperate to access essential cyber security skills. Right now, the small pool of talent is being touted around at ever higher rates by recruitment firms, making essential cyber security unaffordable for all but the largest and most successful businesses.

The only way organisations will be able to address the huge demand for cyber security skills will be to take control and invest. And that means shifting away from outsourcing and a reliance upon expensive contractors towards re-insourcing key services, including security: the onus is now on companies to build up their own expertise in-house.

At the same time, the IT industry needs to step up and invest in training – true, agnostic training, not product specific, ersatz sales education. If the next generation of cyber security individuals are going to be able to make the right decisions, they need an excellent grounding in security – from compliance to standards, including GDPR, PCI and ISO 27001. It is only with that in-depth understanding of end to end security issues that individuals will be able to create a robust security infrastructure supported by the right product choices.

From vendor agnostic training to a commitment to inspiring the next generation to join the industry in the first place, everyone demanding a solution to cyber security skills shortages today needs to step up and become part of the solution – not the problem.

(286)

Over 130 competitors from 18 of the UK’s leading cyber security universities will pit their skills against one another in a two-day cyber security competition organised by the University of Cambridge. Now in its third year, the Inter-ACE is supported by GCHQ’s National Cyber Security Centre to attract the best young minds into careers in the sector.

Up for grabs is £10,000 in cash prizes and the opportunity to compete against the best of the USA in ‘Cambridge2Cambridge’, a transatlantic contest to be held later this year.

The 130 competitors, organised into 34 teams from 18 UK universities, will face over 20 challenges set by experts from the University of Cambridge and sponsors including Context IS and Palo Alto Networks. The two-day event, taking place at the University of Cambridge on the 16^th and 17^th March 2018, will culminate in a ceremony dinner at Trinity College, Cambridge.

Inter-ACE will simulate a number of scenarios, including working to prevent a cyber-attack on the infrastructure of a fictional city and the results of a successful tap on an undersea data cable. Competitors will develop and hone penetrative testing skills. These skills include the binary reverse engineering of malware, breaking into a web application such as an online payment system, decoding secure communications and piecing together intercepted data.

Professor Frank Stajano of the University of Cambridge, the founder of Inter-ACE, said “Protecting IT and infrastructure means understanding how it can be attacked. The head of the National Cyber Security Centre, Ciaran Martin, is absolutely right in that a major cyber-attack on the UK is a now matter of “when, not if” and we must recognise that the UK faces an urgent skills shortage.

“Inter-ACE gives future cyber security professionals the opportunity to test their skills against the best and meet others in their field and future employers. This is about engaging with the next generation of cyber security talent, and raising awareness of this vital, interesting and exciting career choice.

“It’s also about making the good work of cyber security professionals much more visible. Like other initiatives such as NCSC’s CyberFirst programme, the interesting experiences of the University students taking part in this year’s event will help to inspire those currently at school to consider a rewarding career in this field.”

Chris Ensor, Deputy Director for Skills and Growth at the NCSC, said: “The InterACE competition is a fantastic way to encourage bright young minds to hone their cyber knowledge further and meet like minded people.

“The cyber threat is growing, and so making sure that young people have the cyber security skills to help protect us has never been more important. We at the NCSC hope the entrants will be inspired – and can perhaps inspire others – into starting a thrilling career defending the UK and helping make it the safest place to live and work online.”

Established through the UK’s National Cyber Security Strategy and supported by GCHQ’s National Cyber Security Centre, the competition is sponsored by Microsoft, BT, Palo Alto and Context IS.

The 18 universities sending teams to Inter-ACE are Queen’s University Belfast, the University of Birmingham, the University of Cambridge, Cardiff University, De Montfort University, the University of Edinburgh, Edinburgh Napier University, Imperial College London, the University of Kent, Lancaster University,  Newcastle University, the University of Oxford, Royal Holloway University of London, the University of Southampton, the University of Surrey, University College London, the University of Warwick and the University of York.

(162)

Security and Risk Management Leaders Need to Take a Balanced Approach to Tackling a New Class of Vulnerabilities

Security and risk management leaders must take a pragmatic and risk-based approach to the ongoing threats posed by an entirely new class of vulnerabilities, according to Gartner, Inc. “Spectre” and “Meltdown” are the code names given to different strains of a new class of attacks that target an underlying exploitable design implementation inside the majority of computer chips manufactured over the last 20 years.

Security researchers revealed three major variants of attacks in January 2018. The first two are referred to as Spectre, the third as Meltdown, and all three variants involve speculative execution of code to read what should have been protected memory and the use of subsequent side-channel-based attacks to infer the memory contents.

“Not all processors and software are vulnerable to the three variants in the same way, and the risk will vary based on the system’s exposure to running unknown and untrusted code,” said Neil MacDonald, vice president, distinguished analyst and Gartner fellow emeritus. “The risk is real, but with a clear and pragmatic risk-based remediation plan, security and risk management leaders can provide business leaders with confidence that the marginal risk to the enterprise is manageable and is being addressed.”

Gartner has identified seven steps security leaders can take to mitigate risk:

1)     Acknowledge the Risk, but Don’t Panic

Modern operating systems (OSs) and hypervisors depend on structured, layered permission models to deliver security isolation and separation. Because this exploitable design implementation is in hardware — below the OS and the hypervisor — all software layers above are affected and vulnerable. However, memory can only be read, but not altered. Exploitation of the flaw requires untrusted code to be introduced and executed on the target system, which should be extremely difficult on a well-managed server or appliance such as a network or storage appliance. There is also an advantage in not rushing to “panic patch.” Early patches created conflicts with some antivirus offerings and locked up Windows desktops. Some conflicted with the use of AMD microprocessors, so that the systems would not boot. Other early patches had performance impacts that have been improved by subsequent patches.

2)     Start With a Detailed Inventory

Nearly every modern IT system will be affected to some extent. Not since Y2K has a vulnerability affected so many systems — desktops, mobile devices, servers, virtual machines, network and storage appliances, operation technology and the Internet of Things devices — required a deliberate, phased plan of action for remediation efforts. The starting point for security leaders must be an inventory of affected systems. In some cases, the risk-appropriate decision will be not to patch. However, in all cases, the roadmap for security leaders will be the inventory. For each system, a detailed database or spreadsheet is needed to track the device or workload, the version of its microprocessor, firmware version and OS.

3)     Develop a Risk-Prioritised Remediation Plan

The vulnerabilities are not directly remotely exploitable. A successful attack requires the attacker to execute code on the system. As such, application control and whitelisting on all systems greatly reduce the risk of unknown code execution. However,shared infrastructure as a service infrastructure is particularly vulnerable until the cloud providers update their underlying firmware and hypervisor layer (which the leading providers have done). Strong separation of duties and privileged account management reduce the risk of the introduction of untrusted code.

4)     Prioritise Your Remediation Efforts

When devising a remediation strategy, Gartner recommends breaking the strategy into prioritized phases, because the risk, performance implications and potential hardware upgrades required will vary greatly among use cases. Start with systems that represent the most risk — desktops, virtual desktop infrastructure, smartphones and externally facing servers.

5)     Acknowledge That Sometimes the Appropriate, Risk-Based Decision Is Not to Patch

Information security leaders need to be prepared for scenarios in which the appropriate decision is not to patch. In some cases, this will be due to lack of patches on older systems. In other cases, the impact on performance is not offset by the reduction in risk, so patches will not be applied. Even for some well-managed servers, the decision may be made to forgo patches to protect performance until future patches have demonstrably acceptable impacts. However, for server workloads, when the performance characteristics allow, Gartner recommends patching and firmware upgrades.

6)     Implement Strong System Operational Hygiene and Mitigating Controls

For systems that are not patched or only partially patched, multiple mitigating controls can reduce risk. The single most important issue to address is restricting the ability to place unknown or untrusted code onto the device. By reducing this, risks are significantly lowered, because attacks require local code execution. For all systems, this means taking a “default deny” approach, and application control and whitelisting greatly reduce the risk. To the extent that public attacks become known, traditional endpoint protection platforms and network-based intrusion prevention systems also mitigate the risk.

7)     Plan for Further Mitigation Efforts Through the Next Few Years

Spectre and Meltdown represent an entirely new class of vulnerabilities, and this is just the beginning. The underlying exploitable implementation will remain for years to come.

“Ultimately, the complete elimination of the exploitable implementation will require new hardware not yet available and not expected for 12 to 24 months. This is why the inventory of systems will serve as a critical roadmap for future mitigation efforts,” said Mr MacDonald. “To lessen the risk of future attacks against vulnerabilities of all types, we have long advocated the use of application control and whitelisting on servers. If you haven’t done so already, now is the time to apply a default deny mindset to server workload protection — whether those workloads are physical, virtual, public cloud or container-based. This should become a standard practice and a priority for all security and risk management leaders in 2018.”

Gartner clients can read more in the report “Security Leaders Need to Do Seven Things to Deal With Spectre/Meltdown.”

(75)

The Higher Organising Committee of the International Exhibition for National Security and Resilience (ISNR Abu Dhabi 2018) confirmed that the upcoming three-day event will explore the role of disruptive technologies in national security.

The exhibition will highlight the latest developments in artificial intelligence, connected vehicles, smart wearable technologies, unmanned solutions and robotics, virtual and augmented reality, digital forensics, crowd management, and safe city control centres. Key themes of the event will include innovation, thought leadership, career development, edutainment and public awareness, as well as business.

ISNR Abu Dhabi 2018 is jointly organised by the UAE Ministry of Interior and Reed Exhibitions. UAE-based international cyber security firm DarkMatter will support the event as its strategic partner. In addition, Safe City Group, a homegrown turnkey solutions provider for smart and safe cities, has been named innovation partner, while the Critical Infrastructure and Coastal Protection Agency (CICPA) have assumed the role of associate partners.

In line with the UAE Strategy for Artificial Intelligence, this year’s edition of ISNR Abu Dhabi is poised to demonstrate how artificial intelligence will revolutionise national security, heralding a shift from traditional physical security and law enforcement towards a more transformative and digital future. More than 20 workshops and features, including a 50 exhibitors’ trail to guide the attendees, will be powered by artificial intelligence. Set to redefine the future of policing, the event spotlights artificial intelligence solutions within critical infrastructure protection, major events security, and cyber security.

Meanwhile, the Innovation Awards, held on the first day of the exhibition, will recognise ground-breaking technologies across five categories – artificial intelligence, virtual and augmented reality, unmanned systems and robotics, digital crime management and forensics, as well as smart and connected cities. The organisers will select the best entry in each category out of 15 shortlisted innovations from the UAE, France, the USA, Germany, Switzerland, Belgium, and the UK, and announce the winners during a gala dinner.

In line with the UAE National Innovation Strategy, ISNR Abu Dhabi 2018 will also present CyberX, developed in collaboration with Scenarios4Summits. Making its debut at the event, the interactive roundtable will feature high-impact immersive videos as well as scenario-based policy moderated discussions, introducing new security training techniques for the future.

In another first, the upcoming edition of the event will launch the Safe City Control Centre, an innovative platform powered by Safe City Group that seeks to demonstrate state-of-the-art security technologies in operations. Catering to UAE first responder operators, the simulation will showcase specially designed consoles and control room solutions.

His Excellency Major General Dr Ahmed Nasser Al Raisi, Inspector-General of the Ministry of Interior and Chairman of the Higher Organising Committee of ISNR Abu Dhabi 2018, said: the Exhibition organized by  the Ministry of the Interior in cooperation with Reed Exhibitions Company, is supported by HH Sheikh Saif bin Zayed Al Nahyan, Deputy Prime Minister and Minister of Interior and based on the Ministry’s keenness to keep abreast of modern technologies in various fields of security and in line with the UAE strategy for artificial intelligence

Hosted in partnership with Abu Dhabi Police and Dubai Police, the Future of Policing forum will tackle hot topics in the security industry, including crime prediction, facial recognition, smart police officers, and advanced machine learning solutions.

Ara Fernezian, Group Managing Director for the Middle East at Reed Exhibitions, said: “We attribute the continued success of the ISNR platform to our productive collaboration with our multi-disciplinary homeland safety and security partners, exhibitors, solution providers, decision makers, and thought leaders. With the support of regional and global industry heavyweights, we are confident that the upcoming edition of the event will contribute to enhancing the ever-changing and crucial national security and resilience sector.”

For her part, Meline Eolmezian-Soulie, Group Exhibition Director of the Security and Safety Portfolio at Reed Exhibitions, said: “ISNR Abu Dhabi 2018 will help shape the future of national security through exploring the impact of digital transformation on the industry, introducing disruptive innovations, and bringing together regional leaders, stakeholders, and community members to build a safer connected world.”

She added: “In adding new events – such as the Critical Infrastructure Protection forum, and the Future of Policing forum – as well as bringing back the live demonstration, we have tailored this mega-exhibition to the demands of the current security market. Moreover, we are delighted to host leading innovative companies such as Howe and Howe Technologies, Cognitec, Seyntex, Azur Drones and AXONE that will exhibit cutting-edge security technology and solutions.”

ISNR Abu Dhabi 2018 is set to include the second editions of the exhibition’s two collocated events – Infosecurity Middle East, and Major Events Safety and Security Summit (ME3S), as well as Emergency Response & Disaster Prevention (EmDi).

ISNR Abu Dhabi 2018 will span the entire scope of homeland security sectors, such as digital crime management, forensics, critical infrastructure protection, border control, policing, counterterrorism, disaster management, transformative digital solutions, crime and offender management, and safety and security at major events and crowded places.

The upcoming edition will run from 6 to 8 March 2018 at the Abu Dhabi National Exhibition Centre. Set to host 600 exhibitors from 55 countries in addition to over 200 government buyers and delegates, the mega security event will welcome 25,000 local and international attendees.

(45)

UK-based cyber threat intelligence firm SiO4 offers perspective on Infraud, the large, highly organized online credit card fraud ring believed to have stolen more than $530 million since 2010. The US Department of Justice has just announced it’s just shut Infraud down, has indicted 36, and arrested 13 defendants from the US, Australia, the United Kingdom, France, Italy, Kosovo and Serbia. Infraud was a top global buyer’s and seller’s market for fraudsters whose motto was “In Fraud We Trust.”

In response – Andrew Speakmaster, CTO and Founder, SiO4

“This is a classic example of how the underground economy works and continues to sell stolen data in these Dark Web marketplaces. While some threat actors are prosecuted, most continue to reap huge profits where exfiltrated data is sold and traded. It is imperative for organizations to implement a true threat intelligence strategy that will enable them to gain insight into the deep Dark Web and leverage preemptive intelligence to eliminate or mitigate risk. Much of the intelligence today is reactive rather than proactive and is merely information, not intelligence.”

(320)

Reed Exhibitions, the global event organiser,  confirmed that in line with the UAE leadership’s vision, artificial intelligence (AI) will form an important underlying component of the eighth edition of the International Exhibition for National Security and Resilience (ISNR Abu Dhabi 2018).   

The latest trends in AI and its application in homeland security will be among the key topics of the Critical Infrastructure Protection and Future of Policing forums, as well as the second editions of the exhibition’s two collocated events – Infosecurity Middle East and Major Events Safety and Security Summit (ME3S). 

In line with the UAE Strategy for Artificial Intelligence, ISNR Abu Dhabi 2018, jointly organised by the Ministry of Interior and Reed Exhibitions, is set to host keynote addresses from influential government and private sector experts, hold topical discussions, and welcome Titan the Robot. The event seeks to help shape a safer connected world through exploring the impact of AI on diverse segments of national security, including big data analytics, behavioural patterns in fighting crime, response to potential threats, predictive policing, and patrolling robots.  

Leveraging AI in robotics and unmanned systems, cyber security and protection, and information superiority has boosted the global supply of robots and unmanned aerial vehicles (UAVs), resulting in decreased unit prices. Moreover, the latest innovations in this field are driving the development of new safety and security applications and facilitating unmanned patrolling operations. As for cyber and information security, AI is bolstering machine-learning capabilities, reducing the number of human-operated tasks, and enabling faster and more efficient data collection and analysis. It is also attracting more investments in software, limiting the need for hardware such as sensors, and creating demand for personnel with expertise in AI-based operations.  

Ara Fernezian, Group Managing Director for the Middle East at Reed Exhibitions, said: “Over the years, the UAE leadership has clearly demonstrated its unwavering commitment to advancing technological innovation with a focus on AI. In appointing the world’s first Minister of Artificial Intelligence and introducing a nation-wide AI strategy, the country has taken unprecedented steps towards harnessing the power of this technology to drive sustainable economic growth and enhance homeland security.”   

He added: “With the aim of supporting our government’s objectives and building on the success of the seven previous editions, we are keen for ISNR Abu Dhabi 2018 to feature AI across most segments and highlight its crucial role in the evolution of protective measures in cyber security as well as physical security.”   

For her part, Meline Eolmezian-Soulie, Group Exhibition Director of the Security and Safety Portfolio at Reed Exhibitions, said: “AI has witnessed significant advancements over the past five years. Global trends, research, and policies continue to emphasise the importance of the technology in coping with increasing threats and boosting national resilience. According to the Artificial Intelligence and National Security study by the Belfer Center for Science and International Affairs at Harvard Kennedy School, AI offers the potential to transform national security technology. Its impact extends to spheres such as satellite imagery analysis, cyber defence, biotech, information security, nuclear safety, aerospace, and intelligence operations.” 

She added: “We look forward to seeing leading AI solution providers impart technical expertise on the application of the technology in homeland security at ISNR Abu Dhabi 2018. The Future of Policing forum will dedicate one full day to AI, while the Critical Infrastructure Protection forum, ME3S, and Infosecurity Middle East will feature focus sessions addressing industry queries regarding AI ethics, responsibility and insurance. The eighth edition of the exhibition is well-poised to cement its reputation as the regional go-to event for showcasing the latest national security technologies and best practices, and driving collaboration between governments and the private sector.” 

ISNR Abu Dhabi 2018 will span the entire scope of homeland security sectors, such as digital crime management, forensics, critical infrastructure protection, border control, policing, counterterrorism, disaster management, ICT and digital security, crime and offender management, and safety and security at major events and crowded places. 

ISNR Abu Dhabi 2018 will run from 6 to 8 March 2018 at the Abu Dhabi National Exhibition Centre. Set to host 600 exhibitors from 55 countries in addition to over 200 government buyers and delegates, the mega security event will welcome 23,000 local and international attendees.  

(81)

A current report from Cisco has found that at least two-thirds of companies are losing sales as a result of increasing concern about privacy among consumers. Such concern has caused delays in sales and, in some cases, loss of clients.

It’s an ongoing problem that’s been plaguing large corporations and small businesses alike for years. Some of the most significant data breaches of the century have included a state-sponsored attack that impacted 3 billion user accounts.

Back in 2013, retail giant Target discovered that hackers had gained access to the debit and credit card information of 40 million of their customers, a figure that was later amended after an investigation revealed that up to 110 million were actually affected by the attack.

More than 45 major data breaches at large companies were reported last year. They included Xbox 360 ISO, Arby’s, Verifone, Sabre Hospitality Solutions and UNC Health Care. One of the most disturbing cases was that of Saks Fifth Avenue whose customers’ information was available in plain text on a page of their website where customers could join a wait list for products.

Experts anticipated that the tens of thousands who had their personal data made public were likely to be targeted by malware scams and phishing.

Later in the year, Chipotle posted a Notice of Data Security Incident on its website after unauthorized activity was detected and they suspected that card-based transactions between March and April could have been collected by hackers.

The US Secret Service recently verified that it is investigating a data breach at Sears Holding Corp wherein hackers hijacked customer payment cards at Kmart locations across the country.

In some of these cases, it isn’t immediately apparent whether customers’ information has been compromised, but companies have a responsibility to inform their patrons of the possibility that their information has been exposed to cybercriminals.

Such privacy concerns are leading to substantial sales delays for upwards of 65% of global businesses. The Cisco 2018 Privacy Maturity Benchmark Study is aimed at addressing these concerns and stressing the importance of privacy maturity.

Maturity models are a viable means by which companies can assess their progress against established benchmarks. The study reflects the fact that such a privacy paradigm is linked to smaller losses from cyber-related disruption.

74% of companies without proper cybersecurity measures in place have lost in excess of $500,000 within the last year. All of those losses shared a corollary—data breaches. Only 39% of privacy-mature companies experienced these kinds of losses.

There are many cybersecurity solutions available to businesses and many of them are easy to implement. By utilizing virtual private networks (VPNs) with military-grade encryption, companies can prevent their computer systems from being targeted by malicious software. VPNs can also protect company information from being shared with third party entities since they hide a user’s IP address.

By installing a vendor risk management program, performing internal audits, limiting user access to sensitive materials and keeping an eye on internet statistics and threat trends, companies can fortify their operation and assure their customers that they’re in good hands.

In Europe, Parliament has created GDPR (General Data Protection Regulation) to strengthen and streamline data protection for all persons within the EU (European Union). GDPR is designed to give control back to citizens when it comes to their personal data.

The regulation, which will go into effect in May, mandates that data protection measures are built into the development of business processes for all products and services. It also mandates that companies conduct Data Protection Impact Assessments when specific risks to people’s data occurs.

Under the GDPR, entities will be required to appoint data protection officers to ensure that they are in compliance with the regulation. Prior consent must be obtained before data can be collected and they must be transparent about the purposes for collecting said data.

As mentioned earlier, encryption is called for, in this case a form of cryptography called pseudonymization which transforms personal data so that it is not attributable to the individual without additional info being provided.

Entities will be legally obligated to report data breaches to the Supervisory Authority without any unreasonable delay. This applies to customer/client data as well as business-related data.

Any infringement of the regulation’s provisions will result in a steep penalty with certain provisional infringement being punishable by a fine of as much as 20,000,000 EUR or 4% of an entity’s annual global turnover.

Similar regulations have been made in the United States with New York’s Superintendent of Financial Services enforcing 23 NYCRR Part 500, cybersecurity requirements intended to regulate financial services.

No doubt in response to the tens of millions of dollars that hackers siphoned from the Federal Reserve Bank of New York, 23 NYCRR Part 500 calls for a CISO (Chief Information Security Officer) to oversee information assets and execute risk assessment.

Network monitoring, dedicated encryption, written policies, data governance to disaster recovery planning and environmental controls are among the measures that entities will be expected to take to comply with the regulation. In these ways, and others, NYSFS believes that financial institutions can better preserve the integrity of their customer’s personal details and assets.

While there will probably be some push back from smaller outfits with dwindling budgets, the regulation should be embraced by those who want to keep their clients and their colleagues from going elsewhere.

Given the volatile nature of the cybersecurity climate and the footprint that sophisticated cyber crimes have left on the global economy, it is likely that such regulations or legislation will be adopted by other states and countries in the years to come.

With the rise of firmware, fileless infections, ransomware and skimmers it is high time to shield your business or home PC from the constant onslaught of cyberattacks. Abiding by cybersecurity regulation will not only keep businesses and banking institutions safe and secure but will prove to customers that companies have their best interests in mind.

(116)