Exciting news for First Base Technologies - we've made the final in the "Security Service Provider of the Year" category of the Computing Security Awards based on volume of on-line nominations. Voting is now underway.
I was recently invited to a roundtable event to discuss the results of some research sponsored by Sourcefire. Part of the survey results concerned the use of personal mobile devices, which seems to be a hot topic with many of our clients. Here's a summary of the findings:
69 percent of UK employees use their own personal devices for work-related purposes, and 71 percent move data on and off the corporate network via these devices, and almost all carry out activities that could put company data at risk. 96 percent of senior managers and directors use personal devices for work tasks.
83 percent of employees admit such actions pose a risk to their organisation’s IT security, but if banned, 1 in 3 would just carry on using them regardless. In fact, 27 percent believe the company should be grateful that they are so conscientious.
63 percent of senior managers / directors use their personal devices to move information off the corporate network and 95 percent of people use their personal devices to carry out activities that could put data at risk – such as Internet shopping and social networking.
98 percent of employees also have a personal email account and during the last 12 months, 1 in 4 employees have used it to achieve work-related tasks. The most common being to send urgent emails when the corporate email has been down (18 percent) whilst 12 percent have used it to receive legitimate work documents that were being blocked by the company firewall.
It looks like we'll all be in the security business for a long time to come!
I see it's been almost two months since my last blog entry. What poor discipline - sorry. Things have been really hectic here at First Base Technologies, which is my only excuse.
This year's Infosecurity Europe was the best for many years - we invested in a new and larger stand and more staff and the results speak for themselves. Lots of visitors with a better appreciation of what penetration testing is all about and how it fits into PCI-DSS. Better informed discussions about penetration testing as part of Governance, Risk and Compliance too.
I've just been asked for my "hot topics" in infosecurity for 2010, so I thought it would be interesting to throw these out at you and see what you think, so here goes:
1. Security awareness
It's increasingly obvious that technical controls alone are not providing organisations with the security they need. Staff education and awareness, delivered in a creative and imaginative way, is critical to managing information security in 2010.
2. Cloud computing
Few organisations are giving serious consideration to the security risks inherent in the cloud computing model. Whilst day-to-day operations can be outsourced in this way, the responsibility for security cannot. A combination of technical, legal and audit skills are required to ensure the security of data in the cloud.
3. Defense against cybercrime
Organisations continue to underestimate the devious nature of cyber criminals and have little or no commitment to "thinking like a hacker". This mind set is critical in order to apply budget and resources to the areas where criminals are most likely to attack and to counter their methods effectively.
UK readers may have noticed that the Information Commissioner’s Office (ICO) will have new powers to fine organisations responsible for security breaches from 6 April 2010. Fines of up to £500,000 can be imposed for serious breaches of the Data Protection Act. The ICO press release is here.
Jonathan Armstrong of Duane Morris, with whom I've shared several conference platforms, thinks this will make CEOs and other senior people take more notice and should make some IT security budgets less prone to cuts. As he says, "If the ICO can levy some decent fines early on, people may take more notice." His article is here.
We can only hope that tougher UK legislation will start to make a difference to the lackadaisical attitude of some senior people towards security!
My friends take great pleasure in teasing me about my role in promoting our firm through public speaking, TV and radio interviews and so on ... hence calling me 'Famous Pete Wood Security'.
I speak at international IT security conferences and specialist groups, provide commentary on security issues for television and radio, and appeared in the BBC1 documentaries " ID Fraud: They Stole My Life" and "ID Fraud: Outnumbered" with my partner Didi Barnes.
As Chief Executive Officer at First Base Technologies, I specialise in penetration testing corporate networks and performing social engineering exercises. I also chair our IT security user group at white-hats.co.uk