Gartner Survey Finds Only 65 Percent of Organizations Have a Cybersecurity Expert

Despite 95 percent of CIOs expecting cyberthreats to increase over the next three years, only 65 percent of their organizations currently have a cybersecurity expert, according to a survey from Gartner, Inc. The survey also reveals that skills challenges continue to plague organizations that undergo digitalization, with digital security staffing shortages considered a top inhibitor to innovation.

Gartner’s 2018 CIO Agenda Survey gathered data from 3,160 CIO respondents in 98 countries and across major industries, representing approximately $13 trillion in revenue/public sector budgets and $277 billion in IT spending.

The survey indicates that cybersecurity remains a source of deep concern for organizations. Many cybercriminals not only operate in ways that organizations struggle to anticipate, but also demonstrate a readiness to adapt to changing environments, according to Rob McMillan, research director at Gartner.

“In a twisted way, many cybercriminals are digital pioneers, finding ways to leverage big data and web-scale techniques to stage attacks and steal data,” said Mr. McMillan. “CIOs can’t protect their organizations from everything, so they need to create a sustainable set of controls that balances their need to protect their business with their need to run it.”

Thirty-five percent of survey respondents indicate that their organization has already invested in and deployed some aspect of digital security, while an additional 36 percent are actively experimenting or planning to implement in the short term. Gartner predicts that 60 percent of security budgets will be in support of detection and response capabilities by 2020.

“Taking a risk-based approach is imperative to set a target level of cybersecurity readiness,” Mr. McMillan said. “Raising budgets alone doesn’t create an improved risk posture. Security investments must be prioritized by business outcomes to ensure the right amount is spent on the right things.”

Business growth introduces new attack vectors

According to the survey, many CIOs consider growth and market share as the top-ranked business priority for 2018. Growth often means more diverse supplier networks; different ways of working, funding models and patterns of technology investing; as well as different products, services and channels to support.

“The bad news is that cybersecurity threats will affect more enterprises in more diverse ways that are difficult to anticipate,” Mr. McMillan said. “While the expectation of a more dangerous environment is hardly news to the informed CIO, these growth factors will introduce new attack vectors and new risks that they’re not accustomed to addressing.”

 Continue to build bench strength

The survey revealed that 93 percent of CIOs at top-performing organizations say that digital business has enabled them to lead IT organizations that are adaptable and open to change. To the benefit of many security practices, this cultural openness broadens the organization’s attitude toward new recruitment and training avenues.

“Cybersecurity is faced with a well-documented skills shortage, which is considered a top inhibitor to innovation,” Mr. McMillan said. “Finding talented, driven people to handle the organization’s cybersecurity responsibilities is an endless function.”

According to Gartner, while most organizations have a role dedicated to cybersecurity expertise, and therefore appreciate its needs, the cybersecurity skills shortagecontinues. Gartner recommends that chief information security officers (CISOs) continue to build bench strength through innovative approaches to developing the security team’s capabilities.

(175)

Share

Dixons Carphone data leak hits ‘mega breach’ proportions – Egress Software CEO Tony Pepper Comments

Egress Software CEO Tony Pepper reacts to Dixons Carphone breach

“This morning Dixons Carphone has admitted that the huge data breach first reported in June was in fact more wide reaching than initially thought. Now reporting that 10 million records with personal data were affected, the data breach clearly enters ‘mega breach’ parameters, (mega breaches range from 1 million to 50 million records lost). Using figures from Ponemon Institute’s ‘Cost of a Data Breach’ study, these types of breaches are projected to cost companies between $40 million and $350 million respectively.

Whilst there is often a lot of speculation about the fine these highly publicised data breaches will receive from regulatory bodies like the ICO, what is often not initially considered are the ‘hidden’ expenses, such as reputational damage, customer turnover, and operational costs.

Although we shouldn’t lose sight of the fact that that Dixons Carphone is reacting yet again in a proactive manner by contacting affected data subjects and advising them on steps that can be taken to minimise the risk of fraud, it cannot be understated how damaging this could be from a brand and reputational standpoint. “

(71)

Share

EC-Council: ASEAN Cybersecurity Summit 2018 to address the vision of the ASEAN leaders affirming the importance of digital literacy and cyber wellness

EC-Council, has announced the agenda for the ASEAN Cybersecurity Summit which includes a dynamic offering of thought-provoking and engaging sessions. The summit will be hosted on Friday, 17 August 2018 at the Singapore Marriott Tang Plaza Hotel, Singapore.
Government officials and security experts in the Asia Pacific Region are emphasizing that cybersecurity has become an international issue – threat actors are deliberately launching their attacks across borders, making international and regional cooperation, as well as private and public-sector collaboration, highly essential. The summit offers a platform for robust discussion and debate on the industry’s most pressing challenges.

Singapore is at the forefront of global cyber solutions in the Asia region. From developments in fintech, critical infrastructure, energy and big data, Asia is leading the way for technological innovation. ASEAN Cybersecurity Summit provides attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The summit will additionally provide attendees with opportunities to network, strengthen alliances and form new connections. ASEAN Cybersecurity Summit also provides an incredible platform for Business to Business interaction.

The summit will feature sessions covering a range of salient topics, curated to engage regional attendees. This year’s agenda will focus on supporting the vision of “Building a resilient and innovative ASEAN”. The summit will focus on topics like  data security and data sharing vulnerabilities, cyber threat intelligence, challenges in building a smart nation and artificial intelligence, policy, government & regulations, global perspectives; threats, analytics & threat actors, eFraud & law enforcement and cloud, end-point security mobile & IoT security.

With every summit, our priority is to bring together the strongest voices from the public sector, private sector and academia, to help attendees navigate digital complexity and safeguard their organizations’ critical assets.”

There will be an international array of speakers at the summit which include:

H.E. Chun Vat, Director General, Ministry of Posts and Telecommunications, Cambodia

Ngo Quang Huy, Deputy Director General, Vietnam Computer Emergency Response team (VNCERT), Ministry of Information and Communications, Vietnam

Dr. Rudi Lumanto, Chairman, Indonesia Security Incident Response Team on Internet Infrastructure, Indonesia

Zurkarnain Mohd Yasin, Chief Officer, Network Security and Enforcement Sector, Malaysia Communications and Multimedia Commission

Josephine Romero, Senior Adviser to the Philippines Presidential Adviser (Minister Level), ASEAN Business Advisory Council

Many More

Additional program highlights include:

ASEAN Stakeholders Panel Discussion

Special Address: Cyber Security-Where we are and what to do next

The CISO Challenges- Bridging the IT OT Gap

Prepare or Perish- Responsible use of AI in the ASEAN

Smart Cities Panel Discussion

Many More

To view the full agenda, please visit: bit.ly/2Nbj7UN

 

For Media Inquiries contact,

Mr. Rakesh Acharya

Marketing Manager- Global Events

Email: rakesh.acharya@eccouncil.org

Hand phone: +91 7977828905

 

(29)

Share

UK Government Issues Cyber Security Professionalism Consultation Document

Dateline – 19th July 2018

As part of its National Cyber Security Strategy published in 2016, the Department for Culture Media and Sport today published its Consultation Document on creating the environment to develop the cyber security profession in the UK. In recognising that the UK has some of the best Cyber Security Professionals in the world the UK Government also recognises that “the need to further develop the right skills, capabilities and professionalism to meet our national needs across the whole economy is increasingly important” and that the “consultation sets out bold and ambitious proposals to implement that. It includes a clear definition of objectives for the profession to achieve and proposes the creation of a new UK Cyber Security Council to coordinate delivery”. The consultation aims are to:

* Summarise the Government’s understanding of the challenges facing the development of the cyber security profession;
* Seek views on objectives for the profession to deliver by 2021 and beyond; and
* Seek views on the creation of a new UK Cyber Security Council to help deliver those objectives.

The consultation period ends on the 31st August 2018 and therefore only provides a short period for the responses to be submitted. Responses may be submitted via an Online Portal by both organisations and individuals.

The current UK cyber security organisations were quick to recognise, that if left alone to plan and decide the future for the profession the outcome may not be desirable to their various members, a single governing body would not be suitable for all the various professional roles that are related to the cyber security profession. A collaborative ‘Cyber Security Alliance’ was therefore formed that includes many of the leading organisations such as the BCS, IET, IAAC, ISSP, to name but a few, of what has become a growing alliance. The ‘Cyber Security Alliance’ issued its own press release regarding the consultation process and its support to the National Cyber Security Strategy.

The aim of creating a Cyber Security Council is a bold move founded on previous experience of such organisations as the ‘General Medical Council’, ‘The Science Council’ and the ‘Engineering Council’. Some of these organisations were created by statute, however this is not the plan for the Cyber Security Council. Yet in this single point is the greatest danger to the future of establishing such a council. The council has to be all things to all the current organisations and potential new alliance members, with no single organisation taking a lead role, for to do so would potentially collapse the Alliance and ultimately the very idea of a Council. For this to work the cyber security council will need to be established from the ground up, be non profit for the benefit of its member organisations and have a plan to become self sufficient in the near future.

This is important for the future of the cyber security profession here in the UK and urge all to respond to the consultation to ensure that the widest possible participation is achieved.

(80)

Share

One in five businesses do not have precautions in place to protect their digital network

The news is saturated with reports on network hackings and all things GDPR, and it’s more important than ever before that businesses start looking at the methods they’re implementing to store, use and obtain their digital data.

New research has been released that asks IT decision makers within UK businesses how they’re handling and securing their data. Nearly all companies (82%) of those surveyed stated they use more than one software solution for managing or transacting digital data within their business.

And a significant percentage are now storing their business-critical active data (95%) as well as their archive data (89%) on cloud-based storage solutions.

When asked what type of digital data they process and store in the cloud, the top five were:

  1. 89% documents

  2. 75% archive data

  3. 71% financial information

  4. 70% personnel information

  5. 66% images

So, this begs the question, with all this important, and often sensitive, information being stored within UK business’ IT software systems, just how valuable is this data to the company holding it? When the respondents were asked to put a monetary value on their digital data, 25% placed a value of over half a million pounds, 14% of which stated their data is worth around £1 million.

With all this data having such a high monetary value, it’s safe to assume that losing or damaging it would have a serious impact on the business. This view is further supported by the impact of the March 2017 WannaCry cyber-attack that infected over 300,000 computers across the globe and took down branches of the NHS. The results stated that 69% of businesses would find the impact of losing their digital data to be very negative.

Whilst the majority claimed their networks were secure, 11% of respondents felt their digital data system was neither secure nor insecure, which is slightly worrying, particularly when it was also unclear about what actual data is being held. Further to this 2% felt their network was insecure!

Should something happen to their network, 25% wouldn’t be able to work at all if they had no access to their digital data. In addition to this, over half (51%) claimed they couldn’t go more than a day should their systems go down due to hardware failure or if their data was breached.

The more worrying statistics from the research came when the survey participants were asked if they had a strategy or precautions in place should something happen. One in five (20%) said they had no plan in place, but they were formulating one. Whereas 2% claimed they had nothing in place and no plans to implement one.

Cindy Phillips, Marketing Manager at OGL, who commissioned the study, says: “It’s interesting to see the results of this survey. As an IT solutions and cyber security company, we know how much of an impact having a digital data breach could have on a business.  We have worked with companies who have experienced both natural disasters which has taken down their critical infrastructure as well as those who have had their systems held to ransom by cyber-criminals.

“What makes it so much more worrying is that one in ten people said they felt neither confident nor unconfident that the company could be up and running again within a reasonable timeframe if their digital data was affected! We invest significant amounts in the security and resilience of our cloud infrastructure as well in proactive cyber-protection to ensure our customers minimise their risk, but also to ensure robust backups and processes are in place to get them back up and running again. Having a well thought out disaster recovery and business continuity plan in place is critical.”

 

For more information, please visit: https://www.ogl.co.uk/it-solutions

(65)

Share

How To Hide Your House From Google Maps [Infographic]

There is something about seeing their house posted on the Internet that gives some people a sense of belonging. For a lot of people, they feel that they somehow belong to an exclusive Internet club when they see their neighborhood and their home on Google Maps. Even though almost everyone is already there, being online means they aren’t outside the grid. And that is a comforting thought.

For others, though, that’s a nightmare. Being online for the world to see can be intrusive to our privacy. It’s one thing to join online discussions and share your pictures on social media; it’s another to broadcast to everyone where you live. People with evil intent could see that as an invitation to barge in your home unexpected.

But with Google Maps adding more and more places and regions to cover, it’s nearly impossible not to be featured online. Your house and the whole of your neighborhood and city are likely already found there.

You can’t have your house’s images deleted from Google Maps, but you can have it hidden. If you want to learn how to do it, check out this amazing infographic presented by MikesGearReviews.

Source: https://www.mikesgearreviews.com/hide-house-from-google-maps/

 

 

(154)

Share

NHS Cyber attacks taught UK a valuable lesson shows latest data

Ransomware is back, (everywhere but the UK, at least) where it seems the devastating Wannacry attacks last year on the NHS have made UK organisations particularly wary of Ransomware. However, the UK has also seen a massive 329% increase in malware attacks, demonstrating a possible change in tactic by those who look to do UK businesses harm.

SonicWall, the trusted security partner protecting more than 1 million networks worldwide, announces record numbers for malware volume, ransomware attacks, encrypted threats and chip-based attacks in the mid-year update of the 2018 SonicWall Cyber Threat Report.

“The cyber arms race is moving faster than ever with bigger consequences for enterprises, government agencies, educational and financial institutions, and organizations in targeted verticals,” said SonicWall CEO Bill Conner. “SonicWall has been using machine learning to collect, analyze and leverage cyber threat data since the ’90s. This commitment to innovation and emerging technology is part of the foundation that helps deliver actionable threat intelligence, security efficacy and automated real-time breach detection and prevention to our global partners and customers.”

SonicWall publishes its monthly cyber threat intelligence via a public-facing resource, Capture Security Center, on the company’s website. The cloud-based tool offers the ultimate in visibility, agility and capacity to govern entire SonicWall security operations and services with greater clarity, precision and speed — all from a single pane of glass.

“Real-time cyber threat intelligence is more critical than ever as cybercriminals continue to find new attack vectors — like encrypted and chip-based attacks,” said Chad Sweet, Chief Executive Officer at The Chertoff Group, a global advisory focused on security risk management. “To stay protected in the cyber arms race, organizations must use every tool in their security toolbox, particularly technology that delivers the necessary visibility to enhance an organization’s security posture.”

Malware Volume Still Climbing from 2017’s Record Highs

The malware boom of 2017 has shown no signs of stopping through the first half of 2018. SonicWall Capture Labs threat researchers recorded 5.99 billion malware attacks during the first two quarters of the year. At this same point in 2017, SonicWall logged 2.97 billion malware attacks.

On a month-to-month basis in 2018, malware volume remained consistent in the first quarter before dropping to less than 1 billion per month across April, May and June. These totals were still more than double that of 2017.

Ransomware Back in Big Way

Published in March’s original report, SonicWall Capture Labs threat researchers found that ransomware attacks dropped significantly — from 645 million to 184 million — between 2016 and 2017.

SonicWall now shows ransomware attacks surging in first six months of 2018. There have been 181.5 million ransomware attacks year to date. This marks a 229 percent increase over this same time frame in 2017.

Encrypted Attacks Ascend to Record Highs

The use of encryption continues to grow for legitimate traffic and malicious cyberattacks alike. In 2017, SonicWall reported that 68 percent of sessions were encrypted by SSL/TLS standards. Through six months of 2018, 69.7 percent of sessions are leveraging encryption.

Cybercriminals are strategically following this trend to help prevent their malicious payloads from being discovered. Encrypted attacks increased 275 percent when compared to this time in 2017.

“Encrypted attacks are a critical challenge in the industry,” said Conner. “Far too few organizations are aware that cybercriminals are using encryption to circumvent traditional networks security controls, and others aren’t activating new mitigation techniques, such Deep Packet Inspection of SSL and TLS traffic (DPI-SSL). We predict encrypted attacks to increase in scale and sophistication until they become the standard for malware delivery. And we’re not that far off.”

SonicWall Now Blocks Spectre Chip-Based Attacks

The SonicWall Real-Time Deep Memory Inspection (RTDMITM) technology now protects customers from Spectre chip-based attacks. SonicWall Capture Labs threat researchers validated RTDMI mitigation against Spectre variants and false positives in production.

“It’s critical for cybersecurity leaders to build innovative solutions that adapt to the changing threat landscape to better protect customers,” said SonicWall CTO John Gmuender. “Cybercriminals increasingly hide weaponized code with more sophisticated obfuscation and advanced custom encryption techniques, then expose, detonate and wipe the weaponized code from memory in real time.”

Since January 2018, RTDMI has identified and blocked more than 12,300 never-before-seen cyberattacks and malware variants.

Included in the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, RTDMI identifies and mitigates even the most insidious cyber threats where weaponry is exposed for less than 100 nanoseconds. RTDMI protects against chip-based attacks like Meltdown and Spectre, as well as attacks leveraging PDFs and Microsoft Office documents.

“Existing industry sandbox solutions do not perform true real-time analysis of malware and, therefore, ‘blink’ and miss detecting sophisticated weaponry, exposing customers to dangerous threats,” said Gmuender. “By never ‘blinking,’ RTDMI provides incredibly powerful technology that advances state-of-the-art threat protection to block sophisticated attack vectors and protect customers in real time.”

The SonicWall Capture Threat Network

Data for the 2018 SonicWall Cyber Threat Report mid-year update was gathered by the SonicWall Capture Threat Network, which sources information from global devices and resources including more than 1 million security sensors in nearly 200 countries and territories; cross?vector, threat?related information shared among SonicWall security systems, including firewalls, email security, endpoint security, honeypots, content-filtering systems; SonicWall Capture Advanced Threat Protection multi?engine sandbox; and SonicWall’s internal malware analysis automation framework.

To download the mid-year update of the 2018 SonicWall Cyber Threat Report, please visit sonicwall.com/ThreatReport.

(59)

Share

Gartner Identifies the Top Six Security and Risk Management Trends

Business leaders are becoming increasingly conscious of the impact cybersecurity can have on business outcomes. Gartner, Inc. said that security leaders should harness this increased support and take advantage of six emerging trends, to improve their organisation’s resilience while elevating their own standing.

Trend No. 1: Senior Business Executives Are Finally Becoming Aware That Cybersecurity Has a Significant Impact on the Ability to Achieve Business Goals and Protect Corporate Reputation

IT security is a board-level topic and an essential part of any solid digital business strategy. Business leaders have not always been receptive to this message, but a recent string of high-profile incidents have changed sentiment.

Prominent examples include an Equifax data breach that cost the CEO, CIO and CSO their jobs; a WannaCry attack that caused worldwide damage estimated at between $1.5 to $4.0 billion, and Verizon’s recent $350 million discount on its purchase of Yahoo! as a result of the latter’s data breach.

“Business leaders and senior stakeholders at last appreciate security as much more than just tactical, technical stuff done by overly serious, unsmiling types in the company basement,” said Peter Firstbrook, research vice president at Gartner. “Security organisations must capitalise on this trend by working closer with business leadership and clearly linking security issues with business initiatives that could be affected.”

Trend No. 2: Legal and Regulatory Mandates on Data Protection Practices Are Impacting Digital Business Plans and Demanding Increased Emphasis on Data Liabilities

Customer data is the lifeblood of ever-expanding digital business services. Incidents such as the recent Cambridge Analytica scandal or the Equifax breach illustrate the extreme business risks inherent to handling this data. Moreover, the regulatory and legal environment is getting ever more complex, with Europe’s GDPR the latest example. At the same time, the potential penalties for failing to protect data properly have increased exponentially.

In the US, the number of organisations that suffered data breaches due to hacking increased from under 100 in 2008 to over 600 in 2016.

“It’s no surprise that, as the value of data has increased, the number of breaches has risen too,” said Mr Firstbrook. “In this new reality, full data management programmes — not just compliance — are essential, as is fully understanding the potential liabilities involved in handling data.”

Trend No. 3: Security Products Are Rapidly Exploiting Cloud Delivery to Provide More-Agile Solutions

New detections technologies, activities and authentication models require vast amounts of data that can quickly overwhelm current on-premises security solutions. This is driving a rapid shift toward cloud-delivered security products. These are more capable of using the data in near real time to provide more-agile and adaptive solutions.

“Avoid making outdated investment decisions,” advised Mr Firstbrook. “Seek out providers that propose cloud-first services, that have solid data management and machine learning (ML) competency, and that can protect your data at least as well as you can.”

Trend No. 4: Machine Learning Is Providing Value in Simple Tasks and Elevating Suspicious Events for Human Analysis

The shift to the cloud creates opportunities to exploit ML to solve multiple security issues, such as adaptive authentication, insider threats, malware and advanced attackers. Gartner predicts that by 2025, ML will be a normal part of security solutions and will offset ever-increasing skills and staffing shortages. But not all ML is of equal value.

“Look at how ML can address narrow and well-defined problem sets, such as classifying executable files, and be careful not to be suckered by hype,” said Mr Firstbrook. “Unless a vendor can explain in clear terms how its ML implementation enables its product to outperform competitors or previous approaches, it’s very difficult to unpack marketing from good ML.”

Trend No. 5: Security Buying Decisions Are Increasingly Based on Geopolitical Factors Along With Traditional Buying Considerations

Increased levels of cyber warfare, cyber political interference, and government demands for backdoor access to software and services have resulted in new geopolitical risks in software and infrastructure buying decisions. Recent government bans against Russian and Chinese firms are obvious examples of this trend.

“It’s vital to account for the geopolitical considerations of partners, suppliers and jurisdictions that are vital to your organisation,” said Mr Firstbrook. “Include supply chain source questions in RFIs, RFPs and contracts.”

Trend No. 6: Dangerous Concentrations of Digital Power Are Driving Decentralisation Efforts at Several Levels in the Ecosystem

The internet is driving a wave of centralisation, one obvious example of which is cloud computing. While there are many benefits (some outlined above), a good security team should be accounting for the risks too.

“Evaluate the security implications of centralisation on the availability, confidentiality and resiliency of digital business plans,” said Mr Firstbrook. “Then, if the risks of centralisation could seriously threaten organisational goals, explore an alternative, decentralised architecture.”

(69)

Share

How to protect tomorrow’s critical infrastructure

Imagine a city the size of London thrown into chaos, as public transport grinds to a halt and traffic lights stop functioning …This is no longer the stuff of nightmares or the scenario of a disaster movie but a prospect that is getting more likely every day. Critical infrastructure facilities, whether power or nuclear plants, national railway and local underground systems or other forms of public transport, are increasingly targeted by cyber attacks. Sophisticated cyber weapons have been developed, including malware designed to disrupt the operation of industrial control systems. The growing use of connected devices in the industrial environment make cyber threats more likely. According to the report Threat Landscape for Industrial Automation Systems, published by cyber security firm Kaspersky Lab, 18 000 different malware modifications to industrial automation systems were detected in the first six months of 2017.

When machines talk to each other…

Machine-to-machine communication is a set of technologies that enables networked devices to interoperate, exchange information or perform actions, often wirelessly and without the manual assistance of humans. Sensors are embedded in a growing number of devices which are utilized to automate and manage process control systems, including transmission and distribution of electricity. While they offer undeniable advantages in terms of cost and maintenance, they are also increasingly vulnerable to hacking.

Cyber security is therefore one of the key concerns for those who manage modern manufacturing plants as well as any form of critical infrastructure. One of the only ways to safeguard these facilities now and in the future is by providing standardized protection measures.

Efficient security processes and procedures cover the whole value chain, from the manufacturers of automation technology to machine and system builders and installers as well as the operators themselves. Protection measures must address and mitigate not only current, but also pre-empt future security vulnerabilities.

Facilities need to understand and mitigate risk as well as install secure technology in order to build cyber resilience. This means implementing a holistic cyber security strategy at the organization, process and technical levels. Such a strategy must include comprehensive and standardized measures, processes and technical means, as well as preparation of people. But alongside all of this, it must also offer the recourse to an internationally recognized certification system.

A fundamental set of Standards for cyber security

The IEC has recently published IEC 62443-4-1-2018, the latest in a series of critical publications, establishing precise cyber security guidelines and specifications applicable to a wide range of industries and critical infrastructure environments. The IEC 62443 series recommends that security should be an integral part of the development process, with security functions already implemented in the machinery and systems.

These horizontal Standards are also used in the transport sector: a set of cyber security guidelines on board ships adopted by the International Maritime Organization (IMO) refer to IEC 62243. TheShift2Rail, an initiative that brings together key European railway stakeholders, is aiming to define how different aspects of cyber security should be applied to the railway sector. It has assessed applicable standards and has selected the IEC 62443 publications. The IEC 62443 Standards are also compatible with the US National Institute of Standards and Technology (NIST) cyber security framework.

Internationally recognized certification is key

Another boon is that the 62443 Standards have their own certification programme. The IEC is the only organization in the world that provides an international and standardized form of certification which deals with cyber security. It is supplied by IECEE, the IEC System for Conformity Assessment Schemes for Electrotechnical Equipment and Components. The IECEE industrial cyber security programme tests and certifies cyber security in the industrial automation sector.

The IEC is also working with the United Nations Economic Commission for Europe (UNECE) to create a common regulatory objectives document focusing on conformity assessment and cyber security. The aim of the document is to provide a methodology for a comprehensive system’s approach to conformity assessment that can be applied to any technical system in the cyber security field.

“Achieving cyber protection in a cost-effective manner results from applying the right protection at the appropriate points in the system to limit the risk and the consequences of a cyber attack. This means modelling the system, conducting a risk analysis, choosing the right security requirements which are part of IEC Standards, and applying the appropriate level of conformity assessment against the requirements, according to the risk analysis. We need to assess the components of the system, the competencies of the people designing, operating and maintaining it, and the processes and procedures used to run it. This holistic approach to conformity assessment is indispensable to protect facilities, especially critical infrastructure, from cyber crime”, explains David Hanlon, Secretary of the IEC Conformity Assessment Board.

In a world where cyber threats are becoming ubiquitous, being able to apply a specific set of International Standards combined with a dedicated and worldwide certification programme, is one of the best ways of ensuring long-term cyber protection of critical infrastructure.

 

(107)

Share

How Multi-Factor Authentication can change a business

According to a recent survey, on average 2 out of 5 people have had their password stolen and 7 out of 10 people no longer trust passwords to protect their accounts. 68% of people say they want companies to provide an extra layer of security and 86% of businesses who use Multi-Factor Authentication feel their data is more secure.

Most people may not have heard of MFA, but chances are they’re probably already using it. Whether they’re signing-in or signing-up we all use passwords, and MFA adds a secondary element to the signing in process, offering an extra layer of protection.

There are three elements that can be used in MFA:

  • What the user knows: A password or pin number

  • What the user has: A mobile device such as a phone or fob

  • The user: A fingerprint or voice / eye recognition

The basic principle of MFA is using a combination of the elements above, not just a singular element. Any one of the three elements have strengths and weakness, but by adding an extra element, it simply compensates for the weakness of the singular element.

Businesses and employees may have got used to simply using a single password, and it can be hard to change the status quo but the fact of the matter is MFA provides a substantially higher level of security. In an attempted security attack, this extra layer can prove to be the difference between being compromised and staying secure.

MFA can also help a business become more compliant. Everyone’s heard of GDPR, and even though there isn’t a single solution that can make a company GDPR compliant overnight, safeguarding data by using MFA is certainly a step in the right direction.

Businesses using MFA can also benefit from being more mobile and not worrying about their security. Over the last decade, with cloud technology, the IT industry has seen a huge shift to working remotely. However, mobility and using your own devices is a serious headache for IT Managers.

Cindy Phillips, Marketing Manager at CyberGuard, says “A recent survey from data security company, Gemalto, suggests that 95% of IT decision makers believe security is the main concern when it comes to introducing mobility to their organisation. So as we know here at CyberGuard, the only answer is: MFA. The same survey also found that to overcome their security challenges around mobility, 90% of IT departments plan to implement MFA.

“With regular ongoing cyber-attacks, it appears MFA is here to stay and will eventually become standard practise in the near future. Large corporations, including social media companies and worldwide financial institutions are using it. What are you waiting for?”

(66)

Share