Gone are the days when it was thought that size of the company matters to the cybercriminals.  The latest PwC Information Security Breaches Survey 2013 shows that there has been a significant rise in the number of small businesses that were attacked by an unauthorized outsider in the last year – up by 22%.  Interestingly large organizations only went up by 5%.  Cybercriminals have moved on to stealing intellectual property or corporate secrets as that’s where the real money is.  Small companies also do not have the resources or budgets Continue Reading

The new CRD IV banking regulation being introduced to bring Europe into line with Basel III regulation is prompting growing debate amongst regulatory authorities and banks alike.  Many aspects remain unclear, so it’s timely that a conference providing deep insight into the new regulatory landscape is taking place on June 17^th at the London Hilton on Park Lane. Continue Reading

I am privileged in my job to meet many people, in different industries and cultures. Despite having being born in Somaliland and traveled widely in Africa, I had never been to Nigeria. I recently remedied this, on an assignment to develop an information management strategy for a major client there.

I suppose it was not surprising that friends and colleagues greeted me with a lot of raised eyebrows and worried looks at news of this trip: “Nigeria! Isn’t that dangerous?” or “You won’t get me going there!”.  I had to explain I was going to the south west (showing Green on the FCO web-site) not the north east (which is showing Red, and always in the news), and that Nigeria is a large country with a population of 160 million; that is, 20% of Africa’s population. Continue Reading

Cyber security has long been a priority for CIOs, CTOs, and others in working in technology. But following a number of high profile attacks, and as IT becomes increasingly integral to everyday life, cyber is becoming a mainstream issue of concern, not just across the across the whole of the c-suite, but also among policy makers and wider society. New research released by the UK government last week found that 87% of small firms and 93% of large enterprises had experienced security breaches last year, with some attacks causing more than £1    million of damage.

Like many other countries, the UK has responded to the increasing cyber threat by developing a comprehensive national cyber security policy programme. The £650million, 4-year agenda includes actions to strengthen Britain’s cyber intelligence, defensive, and offensive capabilities; boost skills; and increase resilience in the private sector.  Continue Reading

Last week Mandiant produced their report entitled ‘Mandiant APT1 report’ you can download a copy here.  The report was covered by media globally and essentially exposes a ring in China responsible for APT attacks.  This in itself should be startling news and there have been many stories pointing the finger at China.

However, on reading the report an interesting statistic about how long APT1 were in organizations stands out. We know from the Verizon Data Breach Report 2012 that breaches lead to compromise Continue Reading

I had a great time at the Barbican on Monday last week, speaking at the RSA Security Summit. Art Coviello and Eddie Schwartz led off the day with their usual flair, giving very interesting and cogent talks on the main theme of the summit: “how big data transforms security”. There were great break-out sessions, like the one by RSA’s Matthew Gardiner on security analytics. And there was time for great conversations during breaks and lunch — like one I had with Phillip Hoyer (of Actividentity, now part of HIDGlobal) about mobile security and PKCS #11.

My own session, in the last segment of the day, was on “Breaking the Kill Chain”. We’ve been thinking a lot at RSA about the attack models that enterprises are confronted with these days, especially targeted, stealthy attacks. The “kill chain” described in a paper published by Lockheed-Martin is a very useful tool for modeling APTs and for understanding how to put in place intelligence-driven defenses.

Continue Reading

In a recent SBIC report one of the recommendations for protecting against Advanced Threats was to ‘participate in information exchange’.  Defending against advanced threats will require new models for information sharing.  Historically organizations have been reluctant to share threat information but it is becoming increasingly vital that organizations share information and Continue Reading

We assembled our key ingredients for Trusted Cloud in Part 1 so let’s look at how to cook them and taste our creation….

How to mix
The formula for building a trusted cloud is to gain control over and visibility into the cloud’s infrastructure, identities and information.

Information can move instantly, often for perfectly legitimate reasons like load balancing, backup, DR. Information mobility is a great resource though it can be a nightmare Continue Reading

Now, where was I……?  Oh yes, I was listing the many benefits of archiving email  when I got yanked off stage!  Hmmm, where did I leave off……?  Ah yes…IT and one of the many benefits….

1. Reduces IT call centre traffic.  How many times in a month does IT receive a call to increase quotas or retrieve deleted email?  As I said in my previous point, quotas become a thing of the past with SourceOne, so no calls Continue Reading

Most of my friends and colleagues know that I like to cook so I will be doing a series of “recipes” in the next few weeks to address some of the key challenges based on conversations I am having with major organizations. So, to get started, here is part 1 on Creating a Trusted Cloud.

Clouds and virtualization offer powerful new ways to manage and use digital information, but they also create complexities for organizations in meeting the fundamental challenge of getting the right information to the right people over a trusted infrastructure. Why? Because clouds and virtualization change the nature of control and visibility. Infrastructure becomes virtual not physical. People access information from devices that are outside of IT’s direct control. Information moves at incredible speeds across networks and the cloud is making it hard to know exactly where sensitive information resides. Organisations must learn new ways to gain visibility into risks, threats and compliance performance.

Security is always cited as an inhibitor for cloud adoption. According to a recent Ovum survey when organizations were asked: “What are the biggest challenges or impediments to using cloud Continue Reading