This page contains a Flash digital edition of a book.
@InfosecurityMag


NEWS FEATURE


all concerned stakeholders, including governments, businesses, and end users. “Given that internet attacks have such a wide mix of sources and impact, the solution is not simple”, Kroes observed. “Internet security cannot be left to the traditional instruments of national security”, she said, adding that Europe’s cybersecurity strategy needs “a comprehensive response” that can deliver, what Kroes described, as an “internet that is safe and secure for everyone”.


tv CH1


Watch the video http://bit.ly/Lcwqx2


MP Joins Up with PwC


Pricewaterhouse Coopers (PwC) unveiled the most recent version of the Infosecurity Europe biannual report on security breaches, introduced by the Rt Hon David Willetts, the UK’s Minister of State for Universities and Science. Willetts’ message was clear: to reap the economic and social benefi ts of the internet to their fullest, we must fi rst tackle the issue of cybersecurity. He identifi ed key challenges the UK faces in battling cybercrime, but noted that the nation does posses “some strengths” to get the job done. “Cybersecurity is not just a government issue”, Willetts said, adding that the task of combating it should not just fall upon, for example, the military, and should enlist universities and researchers. The MP for Havant also added that cybercrime costs the nation billions, but there would be no “perfect security” solutions that the government could implement. From a business perspective, however, Willetts did say that security was a growth area for UK businesses. Willetts was followed by representatives from PwC, including Chris Potter, a partner at the fi rm. He detailed the signifi cant fi ndings from Infosecurity Europe’s ‘Information Security Breaches Survey’ of British businesses, which his fi rm analyzed. It showed that the overwhelming majority of organizations experienced a security breach over the past year – 76% of small organizations and 93% of larger ones. The number of outsider attack breaches deemed


as ‘signifi cant’ also skyrocketed since the last survey in 2010, totaling 54 (or more than one per week) – which turned out to be more than double the number of signifi cant attacks found in the previous survey. With such dismal numbers to refl ect on, Potter found it even more concerning that 26% of larger organizations spent less than one percent of IT budgets on security. The problem many businesses face, Potter noted, is that security does not often demonstrate a return on investment. “If security is doing its job it goes unnoticed, and it’s hard to measure the business benefi ts”, the PwC partner commented, adding that action is usually taken only after a breach has occurred.


tv CH1


Watch our interview with Mr Willetts http://bit.ly/JP43Iv


A Softer, Gentler ICO Christopher Graham, the UK’s Information Commissioner, graced the keynote theatre and was intent on conveying that his offi ce’s mission includes more than just handing down fi nes to cash-strapped public sector organizations. (Yes, NHS and local councils, I’m talking about you.) The Information Commissioner’s Offi ce (ICO) is responsible for data protection enforcement, he acknowledged, but the role also encompasses empowerment, education,


enablement, and engagement. “We prefer not to simply


The ICO was intent on conveying that his office’s mission includes more than just handing down fines to cash-strapped public sector organizations


say ‘no’; we prefer to say ‘yes, if…”, Graham jokingly told the audience. The ICO declined to comment on the UK’s newly proposed communications monitoring bill, preferring instead to take a “let’s wait and see” approach. Graham also said his offi ce recently bought 200 recycled devices from online auction sites and re-sellers, to see if they contained any data. “The good news”, Graham declared, “is that about half of them had been damaged or wiped. The bad news is that half of them had not.” Among the drives still containing information, Graham said his offi ce “found 34,000 fi les with personal or corporate confi dential data” – more than enough to perpetrate identity or fi nancial fraud.


tv CH1


Watch our interview with Mr Graham http://bit.ly/LooyrI


Smart Security for Smartphones? One of the most topical keynotes was a panel on BYOD chaired by Nigel Stanley of Bloor Research. Panelist Robert Cockerill, head of IT infrastructure and security at Thames River Capital, said “BYOD was more or less forced on us from above, when the Board bought itself iPads”.


For some organizations, BYOD comes more easily. That was the case for Paul Hyland, group information security offi cer for packaging business Ardagh Group. He said his executive workforce is mobile and international, so company-wide BYOD policies were simply an extension of this business reality.


“Think of the years it has taken us to educate users about PC security – and now we have to start again”, said Tony Doyle, head of ICT services for Blackpool Council. “Users tend to automatically accept the default device settings, and that’s not usually good enough.”


All of the panelists agreed that jailbroken mobile devices should be blocked from accessing enterprise networks. I asked Stanley if the panel was able to answer the question: Is the industry


www.infosecurity-magazine.com /// 7


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52