On Thursday we gathered together with clients at information security consultants Blackfoot UK’s head office in London to talk about a trending topic in the IT world today.
Data and Cyber Security Matters in a Post Brexit World.
David Silsby our Sales Director welcomed us on this very chilly morning reiterating the Network Utilities ethos of “Identity should be at the heart of everything we do; the identity of the individual and the device is key! Remembering Who is on your network, What they are trying to access and How is critical to ensuring your network remains secure, fast and compliant.”
Next up was Matthew Tyler, CEO of Blackfoot UK and our keynote speaker for the day. Giving us a time hop into the past where we learned some interesting facts. The European Convention on Human Rights (ECHR) came into effect in 1953 and is an international treaty to protect human rights. The definition of privacy as in Article 8 states “A right for one’s ‘private and family life, his home and correspondence’ to be free from unlawful searches”. In the UK human rights are protected by the Human Rights Act 1998. Matthew went on to explain how the internet has changed the economics of data and contributed to the erosion of privacy, he also detailed current privacy laws and how Brexit will change the future. Below you can see the 8 principles of the Data Protection Act, governing the use of personal information which we must comply with, unless an exemption applies, the principles state that data must be:
- Used fairly and lawfully
- Used for limited, specifically stated purposes
- Used in a way that is adequate, relevant and not excessive
- Kept for no longer than is absolutely necessary
- Handled according to people’s data protection rights
- Kept safe and secure
- Not transferred outside the UK without adequate protection
Data is an extremely powerful tool in today’s business world. Knowing your customer well can create a tailor made customer experience. The future of business intelligence is evolving and we will soon start to see new services and businesses arise to help us harness the power of this business intelligence.
Protecting your customer’s data has never been more critical
The cost of a data breach can have a huge impact on you and your business including; bankruptcy, reputational damage, legal implications and of course loss of data. You need to have the appropriate security in place depending on the value of the data you hold i.e. credit card details or email addresses. Do you know the value of your data? Do your staff know what risky looks like? And are they fully trained and aware of the implications of clicking on a malicious links, for example? Research tells us you are only as strong as your weakest link, and that in most cases is your staff.
This brings me onto 5 key questions posed by Matthew around what you need to be asking yourself and your business to truly understand the type of data your business holds.
- Do we know what data we have?
- Do we understand its potential value and the associated risk?
- Do we know who could want our data (for good or bad)?
- Do we understand where our data is and who can access it?
- Do we know what protection our data needs?
The cost of a data breach
* IBM Security 2016 – Cost of a Data Breach Study
If you would like to know more about European regulations and what’s changing in the UK, how to keep your customers data safe and the implications of personal data being lost or misused then you can download Protecting Data and Privacy to get a full overview. Remember you are only as strong as your weakest link!
Will the defenders ever be faster than the attackers?
Our Principal Technology Strategist, Malcolm Orekoya shared his research on the current threat landscape. Did you know that 89% of breaches had a financial or espionage motive?
In order for us to understand cyber security we need to understand the cyber-crime world. These attackers have the same technology advancements that we do and they are always one step ahead. The resources are available for anyone online and you can even pay for “cyber-crime” support. Organised crime is evolving quickly due to underground criminal networks and the so called dark web. The tools are getting smarter and depending on what these criminals are after they will attack in different ways.
“Analysis of known bad malware found that the 91.3% of that malware uses the Domain Name Service (DNS) to carry out campaigns.” Cisco Annual Security Report 2016
There has been an explosion in ransomware and exploit kits are sophisticated. “The Angler exploit kit is one of the largest and most effective exploit kits on the market. It has been linked to several high-profile malvertising (malicious advertising) and ransomware campaigns. And it has been a major factor in the overall explosion of ransomware.” Cisco Annual Security Report 2016
“33% of the malware observed in 2016 research used encryption.” Trustwave Global Security Report 2016
Most legacy platforms cannot see encrypted traffic therefore there is a loss of visibility. Malicious users are aware of this vulnerability and that you don’t have visibility so exploit this lack of visibility to insert their malware into your network. It’s crucial for you to have network visibility in order to be able to effectively apply security policies.
People are your best network defence, but only if they are educated to understand the risks. We advocate creating a data security awareness culture. The one constant factor that exists in all layers of security is the human element. The idea here is to educate people on common threats and their various guises, test their understanding and responses to this education over time, review the results of such tests and then repeat the entire cycle periodically over and over again. You can read Malcolm’s full blog Stop Phishing Attacks – Harness the Power of Your Human Sensor Network – Here.
It’s not if; it’s when!
You need to collaborate to stay ahead of the trends and the cyber security landscape. Think ahead to prevent future attacks. Think of the cost and rewards of investing in your network security vs the risk of not doing so. Ask yourself, can you afford to lose it all when you do get attacked?
SC Magazine recently ran a survey on 900 business and IT decision makers across the UK – EU GDPR – nine out of ten don’t understand it. A staggering 91% of respondents have concerns about their organisation’s ability to comply with GDPR. This regulation will come into effect in 2018 and the penalties will be high, that might seem like a long way away but it’s just around the corner, and you’ll need to be prepared.
Talk to specialists who are confident about compliance and threat prevention. Talk to Network Utilities.
If you were unable to attend our Data and Cyber Security workshop in October then join our webinar on the 14th December to find out more on your obligations and how GDPR will affect you and your organisation with information risk, security and compliance specialists Blackfoot. You can register here.
t: 020 8783 3800 e: firstname.lastname@example.org
About Network Utilities
Identity Centric Networks & Security
Network Utilities (Systems) Ltd have been providing identity centric network and security solutions to organisations ranging from Telecoms and ISPs to large corporates and SMEs for over twenty three years. Partnering closely with both industry leading and niche technology vendors to bring customers the best solutions the industry has to offer. Read more at www.netutils.com.