Posts Tagged ‘CyberTerror’

Europe’s cyber Achilles heel

May 2nd, 2013 by

The Dutch hacker believed to be responsible for the world’s largest DDoS attack a few weeks ago has been arrested. Apparently he was caught 35km north of Barcelona in an orange van that doubled as a mobile computing office, (in my mind it’s like a  malicious Mystery Machine) remotely controlling his ‘cyber bunker’.

Anyone outside of the cyber security industry would be forgiven for thinking that this kind of event was a one-off. In reality, these kinds of events are taking place 24 hours a day, 365 days a year. Eighteen cybercrimes PER SECOND according to one Symantec report.

Admittedly it is quite unusual to find a Dutchman declaring cyber war from a van in Spain, but cybercrime is a real problem across Europe, and one that is widely under-reported by the media.

Seth Berman, a digital risk management expert based in London, told CNBC in March that this under reporting could actually be damaging Europe’s ability to face the cyber threats posed in 2013. A lack of mandatory reporting regulations and a history of organisations being shamed for breaches have led to companies hiding their problems from customers and even staff.

Until the regulation catches up and forces organisations to be more open about their problems, cyber security will continue to be Europe’s Achilles heel, data breaches will continue to happen and organisations will fail to live up to their responsibilities.

In the meantime there some simple steps you can take to keep your information safe:

 

UK anti-cyber threat centre to be announced today

March 27th, 2013 by

The Government will today announce a new Anti-cyber threat centre following a successful pilot in 2012. The intiative will include experts from government communications body GCHQ, MI5, police and businesses with the aim of sharing information on cyber threats including the technical details of an attack, methods used in planning it and how to mitigate and deal with an attack.

The new London based centre will contain around 12-15 analysts to monitor attacks and provide details in real-time of who is being targeted.

Businesses are by far the biggest victims in terms of industrial espionage and intellectual property theft

Cabinet Office minister Francis Maude said: “We know cyber attacks are happening on an industrial scale and businesses are by far the biggest victims in terms of industrial espionage and intellectual property theft, with losses to the UK economy running into the billions of pounds annually.”

“This innovative partnership is breaking new ground through a truly collaborative partnership for sharing information on threats and to protect UK interests in cyberspace.”

How can businesses mitigate the threat of industrial espionage and intellectual property theft?

Companies are always nervous of revealing publicly when they have been attacked because of the potential impact on reputation and share price if they are seen as having lost valuable intellectual property or other information.

Rather than burying their head in sand or keeping this information secret, the Anti-cyber threat centre, I’m sure, will depend on organisations willingly sharing this information. The biggest problem though, is that many organisations don’t even know when they have been hacked, or even what their risk of attack actually is.

A penetration test or ‘pen test’ is the easiest, most effective way, to demonstrate that exploitable vulnerabilities in your Internet-facing resources are adequately patched, and that you have appropriate technical security controls in place to help protect against cyber-intrusions.

By utilising the services of an ‘ethical hacker’, organisations will be able to:

  1. To find weaknesses in their information security system before someone else does, identifying vulnerabilities and quantifying their impact and likelihood of being exploited;
  2. Produce evidence in the form of reports that their security measures are adequate and working, demonstrating that their IT spend is appropriate and cost-effective;
  3. Ensure compliance with critical standards such as PCI DSS and ISO27001, the requirements of the Data Protection Act and other relevant privacy legislation/regulations;
  4. Provide assurance to customers, both in a B2C and B2B context, that their data is being protected and that the organisation is not a weak link in their information security chain.

To provide your business with a complete solution, please see the IT Governance Penetration Testing Packages for further details.

To book your Penetration Testing service, or to discuss your requirements, – please call us now on 0845 070 1750 or email us.

US companies warned to end dealings with Huawei and ZTE – is this the start of a ‘Cyber Cold War’?

October 11th, 2012 by

US companies have been warned against using Chinese technology giants, Huawei and ZTE, in fear of leaving the country open to espionage and cyberattack.

The US House Intelligence Committee’s report concluded that “Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems”.

In response to these allegations, both Huawei and ZTE have come back fighting, suggesting the findings of the report were politically motivated.

But with a growing number of cyberattacks being traced back to China, there is increasing suspicions about its companies, feulling the build up to what many cybersecurity experts have named as the ‘Cyber Cold War’.

Currently the UK has kept quiet about this report, but with Huawei and ZTE operating in the UK too - investing millions of pounds and creating hundreds of jobs – the focus will soon be on whether the UK will take advice from the US.

Brian Honan, author of ISO27001 in a Windows® Environment and information security consultant told the BBC that Huawei should be ‘closely monitored’.

“One of the challenges we face these days with globalisation is that it’s very hard to verify the supply chain,” Brian said.

For more information on the Chinese cyber threat, take a look at William Hagestad’s latest book, titled 21st Century Chinese Cyberwarfare. William believes that China uses state sponsored 21st Century hacking technology to carry out campaigns of targeting and collecting intelligence against their chosen cyber targets, supporting the information necessary to become the next superpower. This book touches heavily on Huawei and ZTE.

Find out more >>

Source: BBC

UK Government warn UK board members and CEOs about cyber crime threat.

September 5th, 2012 by

Today, the Government is issuing advice to British business leaders on how to protect themselves from cyber threats. Ministers and officials from communications intelligence agency, GCHQ will stress the importance of a more security-conscious culture for UK companies.

Iain Lobban, the head of GCHQ, will tell business leaders that any confidence they may have in their cyberdefences is likely to be misplaced, with potentially major implications. He will ask board members and chief executives whether they are aware of the impact on a company’s reputation, share price or even existence if sensitive information is stolen.

Read more about the conference on the BBC News website.

Effective cyber security depends on coordinated, integrated preparations for rebuffing, responding to and recovering from, a range of possible cyber attacks. In an Internet environment where a substantial number of initial attacks are automated, and any assault on critical national infrastructure (‘CNI’) is likely to be widespread, all organisations urgently need to take steps to adequately prepare themselves.

The IT Governance website is the No 1 corporate destination for anti-cybercrime products and solutions

www.itgovernance.co.uk contains everything that organisations need for tackling the cyber crime threat. Start by downloading our free White Paper: Cyber Security: a Critical Business Risk which sets out a Seven-Step Cyber Security Strategy that every organisation should adopt.

IT Governance books and pocket guides offer unique insights and advice for dealing with the challenging and ever-changing cyber security and information security landscape.

Cyber Security Self Assessment Tool (Download) Cyber Security Self Assessment Tool (Download)

Enables any organisation to quickly assess and demonstrate which areas of its operations are up to scratch and which require more attention.

Learn more

Buy Now

International best practice and standards for Cyber security and resilience

ISO 27001 is the internationally recognised best-practice framework for addressing the entire range of cyber risks. ISO 22301 is the international standard for business continuity management, which is also essential to cyber resilience.

IT Governance consultancy and public training courses provide practical, leading-edge support for organisations that are turning to ISO27001 for an independently validated information security management system.

Other essential products and services include:

Maximise the next four months with our single source offering

September 3rd, 2012 by

As the holiday season draws to a close we are now entering the longest period of the year with no major ‘known’ disruptions. Staffing levels will be at their peak and a return to normality will be a relief to many. Get the most out of the next four months and make a real difference through the rest of 2012.

Governance, Risk Management, Compliance and IT Best Practice, are critical to all organisations and we can help you meet your obligations though our comprehensive one-stop-shop.

Our single source offering is unique. No matter what stage of a project you’re at we can help you to succeed. From purchasing Standards and implementation guides, documentation toolkits and software, training (in-house or public courses), to full consultancy support, we have the widest range of products and services available at your disposal.

All GRC and IT Best Practice Products and Services

Publications
Corporate governance
IT Governance
Information Security
Compliance
Leadership & Mngmnt
Other Languages
Tools & Toolkits
ISO27001 Toolkits
Risk Assessment
IT Governance
IT Service Mngmnt
PCI Compliance
BCM & ISO 22301
Training Courses
ISO27001 Courses
ITG Training Courses
ITIL Courses
PRINCE2 Courses
Distance Learning
Staff Awareness Training
Consultancy
ISO27001
DPA Consultancy
BCM Consultancy
FastTrack 27001
Public Sector
International

We make it easy for you to buy essential books and tools, book onto training courses or use our consultancy services.

Some of our most popular solutions include:

No 3 Comprehensive ISO 27001 ISO27001 ISMS Toolkit
No 3 Comprehensive ISO 27001 ISO27001 ISMS Toolkit

Learn more

Buy Now

ISO22301 BCMS Lead Implementer Training Course
ISO22301 BCMS Lead Implementer Training Course

Learn more

Buy Now

ITSM, ITIL & ISO/IEC 20000 Implementation Toolkit
ITSM, ITIL® & ISO/IEC 20000 Implementation Toolkit

Learn more

Buy Now

Our mission is to engage and support Boards and business executives of both public and private sector organisations so that they are better able to properly manage their information technology strategies to achieve strategic goals, protect and secure their intellectual capital and the company’s whole market value and meet relevant corporate governance and regulatory compliance objectives.

See for yourself how our single source offering is unique and will deliver value to your organisation >>

MI5 Warning Elevates Cyber Security to the Boardroom

June 26th, 2012 by

According to a BBC News report published this morning, MI5 are working to counter ‘astonishing’ levels of cyber-attacks on UK industry. Jonathan Evans, MI5 chief, spoke of MI5′s efforts to tackle “‘industrial-scale processes involving many thousands of people lying behind both state sponsored cyber espionage and organised cyber crime”.

This is a threat to the integrity, confidentiality and availability of government information but also to business and to academic institutions,” Mr Evans said. “What is at stake is not just our government secrets but also the safety and security of our infrastructure, the intellectual property that underpins our future prosperity and… commercially sensitive information“.

How can you mitigate the threat to the Confidentiality, Integrity & Availability (CIA) of your information assets?

The best way to do this is to align your information security management system to ISO 27001 – the world’s only recognised cyber security management system. ISO 27001 is the international cyber security standard which, through a risk based approach, addresses the three interdependent principles of the CIA triad.

Our specially developed ISO27001 Cyber Security Toolkit provides all the tools and resources you need to implement your own cyber security project and align your business with ISO 27001. This week only we are giving 3 additional resources away free …

Title ISO27001 Cyber Security Toolkit
3 extra resources Free during June:

Learn more

Buy Now

     

Risk assessment is critical to effective deployment of an ISO/IEC 27001 Information Security Management System, and this toolkit enables you to demonstrate that you have a repeatable risk assessment process and appropriate documentation.

Your focus need to be on protecting your business from cyber attack.

Protect your business and kick start your cyber security project with this toolkit today!

Tackle the Flame with this eBook for the weekend

May 31st, 2012 by

A vicious piece of malware (known as Flame) was uncovered this week and is believed to have infected over 600 targets, be 20 times larger than Stuxnet and to have been backed by state sponsorship.

Realise the underground economy of hacking and crimeware with this handy pocket guide. It will provide you with a valuable list of up-to-date, authoritative sources of information, so you can stay abreast of new developments and safeguard your business.

Available in a format suitable for any eReader, you should buy today and read this weekend:

An Introduction to Hacking & Crimeware: A Pocket Guide (eBook) An Introduction to Hacking & Crimeware: A Pocket Guide (eBook)

RRP: £14.95
Price: £12.95
You Save: £2.00

Learn more

Buy Now

     

More to explore:

21st Century Chinese Cyberwarfare
21st Century Chinese Cyberwarfare

Learn more

Buy Now

CyberWar, CyberTerror, CyberCrime
CyberWar, CyberTerror, CyberCrime

Learn more

Buy Now

Cyber Risks for Business Professionals: A Management Guide
Cyber Risks for Business Professionals: A Management Guide

Learn more

Buy Now

Cybersecurity is a critical business issue. Avoid becoming the next Sony

May 17th, 2012 by

Cybersecurity is a critical business issue that is climbing the agenda in boardrooms everywhere.

This is no surprise considering the high profile media storm that has been building since the Sony hacking scandal. A year has now passed since Sony shut its Playstation Network.

The attacks reflect an approach to information security that was at best easy-going and at worst downright negligent. As a result, Sony’s reputation for software excellence was shredded as personal data relating to millions of its customers was stolen. Its online revenue strategy was imperilled, and its share price tumbled.

CEO’s should be looking at ISO 27001 to mitigate the risk of becoming the next Sony.

ISO 27001 is recognised as the international Cybersecurity standard and together with the Code of Practice, ISO27002, provide an internationally recognised best-practice framework for addressing the entire range of risks.

No 3 ISO27001 Comprehensive ISMS Toolkit No 3 ISO27001 Comprehensive ISMS Toolkit
All the tools you need to do-it-yourself.

Use this unique toolkit to accelerate your ISO 27001 project and develop an ISO27001-compliant Information Security Management System (ISMS).

Learn more

Buy Now

     

The No 3 ISO27001 Comprehensive ISMS Toolkit really does contain everything you need to implement ISO 27001 yourself. Our consultants use it and so should you.

Don’t just take our word for it …

IT Governance Ltd “gets it”. Their toolkits are all you really need to produce documentation that upholds the integrity of ISO and puts you in an audit-ready position for SOX and PCI compliance…They deliver toolkits with easy to follow instructions and pre-written templates to help you produce documentation for your Information Security Manual
Tim Moreton, President, Moreton & Co., airlinetechnology.net

Buy this toolkit before May 25th and receive the Olympics 2012 Continuity & Security Policy and Checklist free.

Find out more today and begin your route to becoming Cyber Secure!

Uncover the Chinese Cyberwarfare Threat

April 17th, 2012 by

With China having the world’s second largest economy (after the U.S), it is no wonder that the western world sees China as a threat when it comes to cyber warfare. With reason to believe, William T. Hagestad II pulls together a strong argument for the allegation of Chinese Cyberwarfare in his latest title; 21st Century Chinese Cyberwarfare.

Inside, readers will uncover the truth of Chinese Cyberwarfare and the involvement of its own government behind these claims. Hagestad answers these questions:

  • Who is behind Chinese cyberwarfare?
  • Is it state sponsored?
  • What is the Chinese Government promoting and what are their initiatives and motives?
  • And much more

Uncover the Chinese Cyberwarfare threat with 21st Century Chinese Cyberwarfare; an intereting, gripping and eye-opening read…

Read more >>>

21st Century Chinese Cyber Warfare 21st Century Chinese Cyberwarfare

RRP: $150
Price: $90
You save: $60

Learn more

Buy Now

     

Buy 21st Century Chinese Cyberwarfare today >>>

About the author

William is an internationally recognized subject matter expert on the Chinese People’s Liberation Army and Government Information Warfare. William served in the Marine Corps for 27 years and also holds Master’s degrees in Science in Security technolgies and Science in the management of technology.

Read more about 21st Century Chinese Cyberwarfare >>>

Act now: become cyber secure – and win contracts!

April 16th, 2012 by

Cyber-attacks cost UK business £21 billion in 2011. Is your company really secure? How would you know?

Cybercrime is a problem TODAY. Adopting the ISO27001 Information Security standard – as the government and market leaders are currently doing – is the solution.

Why act now? Sir Winston Churchill would attach to the top of any urgent order a bright red label on which was written:

“Action This Day”

Churchill loathed passivity or delays and insisted his Chiefs of Staff and other colleagues be getting on with things rigorously, always with the utmost urgency. Are you the same?

Real security takes time – act today, and you could be secure within three months.

Call NOW: 0845 070 1750

If you need more information about why now is the right time to act, download our free advice pack. Read the case studies to learn how you can implement ISO27001.

It really pays to be ISO27001 compliant. Here are 5 good reasons to start today:

  1. Confidentiality, integrity and availability of information is essential to maintain competitive edge, cash-flow, profitability and commercial image.
  2. Through a proper risk assessment, threats to assets are identified, vulnerability to and likelihood of occurrence is evaluated and potential impact is estimated, so that your investment is allocated only where it is necessary – and never wasted.
  3. Compliance with legal, statutory, regulatory and contractual requirements is a ‘must do’ in your business planning and operations – don’t get caught out!
  4. Better cyber security leads to improved corporate governance and assurance to all your stakeholders, including shareholders, suppliers, consumers and clients.
  5. In tender documents, large firms and public/government organisations require that you demonstrate compliance to ISO27001. Certification is the best way.

120+ IT Governance clients KNOW they are cybersecure and have an ISO27001 certificate to prove it to everyone else… thanks to help from our experts.

Download our free Standards Compliance Advice Pack, or call our advisers on:

0845 070 1750

We look forward to helping you act today on cyber security.


%d bloggers like this: