Tuesday, 26 October 2010

Fighting malware in your browser

I've mentioned Team Cymru before. Now I want to draw your attention to their Malware Hash Registry (MHR) project and in particular their add on for Firefox. This must be the simplest and most effective way of ensuring your downloads are free of malware - and it's free. Just check it out

Friday, 27 August 2010

Vote for us!

Exciting news for First Base Technologies - we've made the final in the "Security Service Provider of the Year" category of the Computing Security Awards based on volume of on-line nominations.  Voting is now underway.

Please consider voting for us at www.computingsecurityawards.co.uk - use the drop down menu under Security Service Provider of the Year and cast your vote!


Thursday, 5 August 2010

Personal mobile devices

I was recently invited to a roundtable event to discuss the results of some research sponsored by Sourcefire. Part of the survey results concerned the use of personal mobile devices, which seems to be a hot topic with many of our clients. Here's a summary of the findings:
  • 69 percent of UK employees use their own personal devices for work-related purposes, and 71 percent move data on and off the corporate network via these devices, and almost all carry out activities that could put company data at risk. 96 percent of senior managers and directors use personal devices for work tasks.
  • 83 percent of employees admit such actions pose a risk to their organisation’s IT security, but if banned, 1 in 3 would just carry on using them regardless. In fact, 27 percent believe the company should be grateful that they are so conscientious.
  • 63 percent of senior managers / directors use their personal devices to move information off the corporate network and 95 percent of people use their personal devices to carry out activities that could put data at risk – such as Internet shopping and social networking.
  • 98 percent of employees also have a personal email account and during the last 12 months, 1 in 4 employees have used it to achieve work-related tasks. The most common being to send urgent emails when the corporate email has been down (18 percent) whilst 12 percent have used it to receive legitimate work documents that were being blocked by the company firewall.
It looks like we'll all be in the security business for a long time to come!

Tuesday, 1 June 2010

May 2010 ramblings

I see it's been almost two months since my last blog entry. What poor discipline - sorry. Things have been really hectic here at First Base Technologies, which is my only excuse.

This year's Infosecurity Europe was the best for many years - we invested in a new and larger stand and more staff and the results speak for themselves. Lots of visitors with a better appreciation of what penetration testing is all about and how it fits into PCI-DSS. Better informed discussions about penetration testing as part of Governance, Risk and Compliance too.

Today I had an excellent meeting with Claranet who provide secure hosting in a private cloud. Just what we need - a guarantee of where our data resides for compliance with Data Protection coupled with a cast-iron SLA. And they provide secure networking too. Great stuff.

Thursday, 4 March 2010

Hot topics for 2010 - discuss!

I've just been asked for my "hot topics" in infosecurity for 2010, so I thought it would be interesting to throw these out at you and see what you think, so here goes:

1. Security awareness
It's increasingly obvious that technical controls alone are not providing organisations with the security they need. Staff education and awareness, delivered in a creative and imaginative way, is critical to managing information security in 2010.

2. Cloud computing
Few organisations are giving serious consideration to the security risks inherent in the cloud computing model. Whilst day-to-day operations can be outsourced in this way, the responsibility for security cannot. A combination of technical, legal and audit skills are required to ensure the security of data in the cloud.

3. Defense against cybercrime
Organisations continue to underestimate the devious nature of cyber criminals and have little or no commitment to "thinking like a hacker". This mind set is critical in order to apply budget and resources to the areas where criminals are most likely to attack and to counter their methods effectively.

Opinions anyone?

Monday, 18 January 2010

A Happy New Year for data protection?

UK readers may have noticed that the Information Commissioner’s Office (ICO)­ will have new powers to fine organisations responsible for security breaches from 6 April 2010. Fines of up to £500,000 can be imposed for serious breaches of the Data Protection Act. The ICO press release is here.

Jonathan Armstrong of Duane Morris, with whom I've shared several conference platforms, thinks this will make CEOs and other senior people take more notice and should make some IT security budgets less prone to cuts. As he says, "If the ICO can levy some decent fines early on, people may take more notice." His article is here.

We can only hope that tougher UK legislation will start to make a difference to the lackadaisical attitude of some senior people towards security!