AN SBL PUBLICATION
Issue #8
Spring 2016
IDE
NTI
TY &
PRIV
AC Y I N A H Y P E R
C TE E N N CO
D
R WO
LD
3
23-26
36-41
C
M
Y
CM
MY
CY
CMY
56-59
8.18.23.52.60
cybertalkmagazine @CyberTalkUK
K
010110110
Certified Product
Certified Product
CAPS
CPA
Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity—keys and certificates—so they can’t be misused by bad guys. Protect your business by securing and managing keys and certificates.
Learn more at Venafi.com.
IBM Security Protect against new, complex security challenges
Optimise security program
Integrate security silos, reduce complexity, & lower costs.
Stop advanced threats
Use analytics and insights for smarter integrated defense.
Protect critical assets
Use contextaware, rolebased controls to help prevent unauthorised access.
Safeguard cloud and mobile
Employ cloud and mobile initiatives to build a new, stronger security posture.
As one of IBM’s largest global technology partners and with over 30 years of partnership, Avnet and IBM have a long standing history of working together to help our Security Partners ‘Accelerate their Success’. For more detail, please contact the IBM Sales Team at Avnet Technology Solutions: +44 (0) 1344 662 122, ibm-enquiries-uk@avnet.com
8
9
� � ..Cl*
I]
(@) -�-��
+ . . +{ :+
*
K •••• 111
DIGITALIZATION: THE GLOBAL TRANSFORMATION
!)
f Forum ·= , . . . . . . . . . . .. .............................................................................................. '
'
(
Shaping the future 2016
Monday 19th & Tuesday 20th September 2016 Evoluon Center, Eindhoven, Netherlands ..........................................................................................................................................
0
-- ;=J """'
THE INTERNATIONAL THINK-TANK ON THE DIGITAL FUTURE
JOIN EXPERTS AND DECISION MAKERS FROM AROUND THE WORLD IN EINDHOVEN FOR THE GF2016 THINK-TANK -THE 25TH ANNIVERSARY EDITION. On September 19 - 20th, the 2016 Global Forum/Shaping the Future will convene key policy makers, decision makers and public/private leaders from around the world to discuss leading-edge topics that are critical to our businesses and communities. Digitalization has a pervasive influence on all areas of our life. Aspects such as collaborative economy trends, the Internet of Things and Industry 4.0, collaborative excellence, intelligent infrastructures, big data and digital health revolutions, but also security concerns and policy and regulatory issues are at the core of the discussion agenda. The GF2016 think-tank will be an inclusive platform to inspire and engage a truly global network of leaders to meet the challenges ahead and enlarge their ecosystem of potential partners. Global Forum/Shaping the Future is a non-profit annual event, internationally recognized as one of the leading events dedicated to the advancement of our Digital Society. The 25th anniversary edition of the Global Forum will be held in Eindhoven, one of the oldest and largest cities of the Netherlands. Eindhoven is a modern, multicultural city which is internationally renowned for its ultra-modern industry and innovative design. For more information on the GF2016, please visit http://globalforum.items-int.com We hope you will join us in September for this important and unique event. For more information, please contact us at globalforum@items-int.eu or +33 1 4642 4876 Global Forum/Shaping the Future Items International
...
ITEMS
INTERNATIONAL
k�,,ira Regus �j\�
Nil Nil EINDHOVEN Nil
Identity-Powered Security Balancing user access with company security - Identity Governance Administration Provide correct access so users can do their job - Access Management and Authentication Stop insider credentials being abused by outsiders - Activity User Monitoring Detect and disrupt misuse of privileged rights 11
Visit www.netiq.com Freephone: 00 800-58102130 Identity, Access and Security Solutions
ADVERTORIAL
7KH 7KH HK7 1XPEHUV 1XPEHUV VUHEPX1
>>@
VHWDUHSR'2%86 RSHUDWHV '2%86 RSHUDWHV 68%2'
@>@
[ [ [ [ [ [ 70
70
07
VHFLYH' HOLER0 0RELOH 'HYLFHV 0RELOH 'HYLFHV WVDO HKW QL GHQRLVLYRUS SURYLVLRQHG LQ WKH ODVW SURYLVLRQHG LQ WKH ODVW VKWQRP PRQWKV PRQWKV
HKW QL GHVLDU VWHNFKHOSGHVN WLFNHWV UDLVHG LQ WKH LW KHOSGHVN WLFNHWV UDLVHG LQ WKH NVHGSOHK VKWQRP WVDO ODVW PRQWKV ODVW PRQWKV
PLQXWHV PLQXWHV VHWXQLP
LV WKH DYHUDJH WLPH LW WDNHV WR LV WKH DYHUDJH WLPH LW WDNHV WR RW VHNDW WL HPLW HJDUHYD HKW VL UHVSRQG WR D KHOSGHVN TXHU\ UHVSRQG WR D KHOSGHVN TXHU\ \UHXT NVHGSOHK D RW GQRSVHU
RI KHOSGHVN TXHULHV DUH UHVROYHG RI KHOSGHVN TXHULHV DUH UHVROYHG GHYORVHU HUD VHLUHXT NVHGSOHK IR ZLWKLQ RXU KRXUV 6/$ ZLWKLQ RXU KRXUV 6/$ $/6 VUXRK UXR QLKWLZ
JQLQLDUW UDOXSRS 2XU PRVW SRSXODU WUDLQLQJ WV2XU PRVW SRSXODU WUDLQLQJ RP UX2 VHVUXRF FRXUVHV FRXUVHV WS\OF( WDVDL9 9LDVDW (FO\SW 9LDVDW (FO\SW \D' QRLWDUWVLQLP $GPLQLVWUDWLRQ 'D\ G $GPLQLVWUDWLRQ 'D\ $ HVUXR& JQLQLDU7 7UDLQLQJ &RXUVH 7UDLQLQJ &RXUVH WQHLO& DLGH0 WS\6%/ %HFU\SW 0HGLD &OLHQW UF6%/ %HFU\SW 0HGLD &OLHQW H% /%6 HVUXR& \D' IOD++DOI 'D\ &RXUVH +DOI 'D\ &RXUVH QDLGRWVX& RWS\U6%/ &U\SWR &XVWRGLDQ & 6%/ &U\SWR &XVWRGLDQ /%6 HVUXR& JQLQLDU7 7UDLQLQJ &RXUVH 7UDLQLQJ &RXUVH
Andy Clark Specialist in Information Security and Forensics
14
Dr. Char Sample Cyber Security Researcher
15
Protecting your digital assets against cyber attacks
Your Cyber Security trusted partner Today, organisations face growing pressure to provide assurance and demonstrate to all stakeholders that their systems are secure and able to detect and respond to cyber-attacks. That is why it is critical that your organisation establish a robust and effective cyber security strategy. Your organisation needs to ensure protection of your digital assets, compliance with statutory requirements, adherence to industry regulations and brand protection. With one of the largest team of cyber security consultants in the UK, Capita IT professional services is perfectly equipped to help your organisation remain secure.
Capita IT Professional Services 17 Rochester Row, London, SW1P 1JB Email: Marketing.itps@capita.co.uk Web: www.capita-itps.co.uk
Joel Porter Lancaster University
Jose M. Such Lancaster University
18
‘Regain control of your social world� is the message the website minds.com offers customers as a way of enticing customers away from existing social network sites.
References 1 Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social phishing. Communications of the ACM, 50(10), 94-100. 2 Bilge, L., Strufe, T., Balzarotti, D., & Kirda, E. (2009, April). All your contacts are belong to us: automated identity theft attacks on social networks. In Proceedings of the18th international conference on World wide web (pp. 551-560). 3 Askoxylakis, I., Brown, I., Dickman, P., Friedewald, M., Irion, K., Kosta, E., Langheinrich, M., McCarthy, P., Osimo, D., Papiotis, S. and Pasic, A., 2011. To log or not to log? Risks and benefits of emerging life-logging applications. 4 Lyndon, A., Bonds-Raacke, J., & Cratty, A. D. (2011). College students’ Facebook stalking of ex- partners. Cyberpsychology, Behavior, and Social Networking, 14(12), 711-716. 5 Ruedy, M. C. (2007). Repercussions of a myspace teen suicide: Should anti-cyberbullying laws be created. NCJL & Tech., 9, 323. 6 Lyon, D., 1994. The Electronic Eye 1st ed., Polity Press. 7 Mayer-Schönberger,V., 2011. Delete: the virtue of forgetting in the digital age. Princeton University Press. 8 Marwick, a. E. & Boyd, D., 2011. I tweet honestly, I tweet passionately: Twitter users, context collapse, and the imagined audience. New Media & Society, 13(1), pp.114–133. 9 Taddicken, M., 2014. The ‘Privacy Paradox’ in the Social Web: The Impact of Privacy Concerns, Individual Characteristics, and the Perceived Social Relevance on Different Forms of Self- Disclosure1. Journal of Computer-Mediated Communication, 19(2), pp.248–273. 10 Stieger, S. et al., 2013. Who commits virtual identity suicide? Differences in privacy concerns, Internet addiction, and personality between Facebook users and quitters. Cyberpsychology, behavior and social networking, 16(9), pp.629–34. 11 Internet.org (2014). A focus on efficiency. http://internet.org/efficiencypaper (last visited January, 2016). 12 Ilia, P., Polakis, I., Athanasopoulos, E., Maggi, F., & Ioannidis, S. (2015, October). Face/Off: preventing privacy leakage from photos in social networks. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). 13 Thomas, K., Grier, C. and Nicol, D.M., 2010, July. unfriendly: Multi-party privacy risks in social networks. In Privacy Enhancing Technologies (pp. 236-252). Springer Berlin Heidelberg. [1] http://www.publications.parliament.uk/pa/cm201415/cmselect/cmsctech/245/24502.htm
The public sector is different. We know. Even the best technology is only of any use if it’s applied with a profound understanding of the challenges, issues and aspirations of the customer. That’s why at Intel Security, recognising that public sector organisations operate in a very different world to commercial organisations, we operate four dedicated public sector teams: Central, Regional, Defence and NHS. It’s because of their experience and understanding, both of public sector needs and our market-leading solutions, that Intel Security holds key contracts with diverse public sector organisations. Do more, better, for less Balance your needs – robust security and efficient use of resources: • Integrate, consolidate and automate your IT security • Deliver superlative digital services to your customers • Maintain robust security against cyber criminals and other adversaries • Realise significant budgetary savings
Upcoming events Stay up to date on public sector IT security matters with our events programme: • Cyber Tech Forum for UK Public Sector, late Spring 2016, North of England / Midlands • Digital Government Security Forum (DGSF), May 2016, London • Cyber Tech Forum for UK Public Sector, Summer 2016, London
Find out more at the Intel Security Public Sector website: www.intel.co.uk Join the conversation: #IntelSecPubSec
Cyber Security Experts PEOPLE WHO KNOW HOW TO PROTECT YOUR BUSINESS QinetiQ is a world leading provider of best-in-class Cyber Security solutions, services and advice. We specialise in providing holistic solutions covering people, processes and technology to help our customers achieve appropriate levels of security and enable them to manage risk, enhance corporate resilience and maintain competitive advantage.
www.QinetiQ.com
Chris Cope CISM, CISSP, MInstISP, CESG Certified Professional
23
when traffic is re-routed or a name request is hijacked the user remains unaware of the activity.
24
25
26
Enterprise Solutions for Security Risk Reduction
Application rationalization and consolidation Mobile application reputation scanning Visibility and control of the IT environment Reduce deployment of unauthorized applications
Learn More At: www.exerasoftware.com Š 2016 Flexera Software LLC. All other brand and product names mentioned herein may be the trademarks and registered trademarks of their respective owners.
Siret Schutting Cybernetica
30
31
References i Beane, Silas; Zohreh Davoudi; Martin J. Savage (4 October 2012). “Constraints on the Universe as a Numerical Simulation”. INT-PUB-12-046 (Cornell University Library). ii Breault,V.; Ouellet, S.; Somers, S.; and Davies, J. 2013. SOILIE: A computational model of 2d visual imagination. In Proceedings of the 12th International Conference on Cognitive Modeling, 95–100 iii Piaget, J. (1967). The child’s conception of the world. (J. & A. Tomlinson, Trans.). London: Routledge & Kegan Paul. BF721 .P5 1967X iv Sparrow, B, J Liu, and D M. Wegner. “Google Effects on Memory: Cognitive Consequences of Having Information at Our Fingertips.” Science. 333.6043 (2011): 776-778. Print. v http://adamant.typepad.com/seitz/2006/10/weighing_the_we.html vi Lorenz, Edward N. (1963). “Deterministic non-periodic flow”. Journal of the Atmospheric Sciences 20 (2): 130–141. vii Rudolf Steiner, Die Philosophie der Freiheit: Grundzuege einer modernen Weltanschauung, (Berlin: Emil Felder, 1894) viii Warren, Samuel D.; Brandeis, Louis D. (1890-01-01). “The Right to Privacy”. Harvard Law Review 4 (5): 193–220. doi:10.2307/1321160.
‘‘
Our business can be
CONFIDENT because our hybrid cloud has security built in.
’’
1/
2/
In Print CyberTalk produce and distribute over 15,000 printed copies each year across the UK, Europe and America
Online
Over 70,000 CyberTalk readers from more than 25 differnt countries access the magazine digitally each year at softbox.co.uk/cybertalk
3/
Social Media
4/
Follow us on Facebook, Twitter, and Pinterest to join the debate
SBL
CyberTalk is published by SBL, a Value Added IT Reseller widely recognised as the market leader in Information Security. SBL offers a comprehensive portfolio of software, hardware, services and training, with an in-house professional services team enabling the delivery of a comprehensive and innovative range of IT solutions
5/
Partnerships
6/
CyberTalk is proud to be supported by The National Museum of Computing, and to have been recognised by the UK Home Office Cyber Streetwise campaign and the US Dept.of Homeland Security
Events CyberTalk was present at over 125 events in 2015 and this number looks set to grow significantly in 2016
7/
CyberTalk Past and Present You can access all previous issues of CyberTalk at softbox.co.uk/cybertalk We’re always looking for new, exciting and innovative content so please contact the team if you’d like the opportunity to feature within CyberTalk at cybertalk@softbox.co.uk
Do you work in Cyber Security or want to? Then join the UK’s largest online job board for cyber security professionals... Register now to receive job alerts tailored to your particular skill set
Upload your CV now and be seen by companies that are hiring right now
Relax sit back and let us do all the hard work for you... CyberSecurityJobsite.com
Colin Williams SBL
Cyber crime is increasing –
Knowledge is your best defense. IT security threats are increasing and it’s not if but when your organisation will be attacked by cyber criminals demanding money or hackers stealing your data. Take steps to substantially reduce your risk of being held to ransom. Watch this short video to find out how.
www.heatsoftware.com/security-threat-landscape
HEAT Software provides software solutions to automate, manage, and secure services and all endpoints, allowing IT to empower users and enable improved business performance.
Visit us online to find out more: www.heatsoftware.com 42 @HEAT_Software
Magnus Wakander Swedish Tinkerer
44
Check Point’s innovative solutions keep businesses one step ahead of hackers, cyber security threats and the competition.
CHECK POINT ONE STEP AHEAD
www.checkpoint.com 0207 628 4211 uk_marketing@checkpoint.com
45
checkpoint.com
46
47
Dr Daniel G. Dresner Consulting Research Analyst (with a respectable academic attached)
49
50
6IWTSRWMFMPMX] ERH EYXLSVMX] JSV G]FIV WIGYVMX]
7XEOILSPHIVW XLVEPP ERH XLI WYTTP] GLEMR
'SRJSVQERGI ERH JSVIRWMG VIEHMRIWW
']FIV WIGYVMX] VMWO QEREKIQIRX WXVEXIK]
%GUYMWMXMSR MQTPIQIRXEXMSR ERH STIVEXMSRW
51
Simon Carroll digi.me
55
55
Secure the Data with Covata ® End-to-End Encryption Share, Store and Protect Your Files
Cyber Defense Magazine Winner
“Covata should attract attention for its ability to secure data in dynamic work environments, whether on mobile devices across geographical locations, or within the organisation as a proactive way to keep sensitive data encrypted.” - Rik Turner, Sr. Analyst, Ovum
info@covata.com | covata.com
Make security training your priority. A single employee can make your whole business vulnerable to a cyber attack. Keep your business safe and secure and call 0345 074 7978 or visit qa.com/cyber.
Ken Munro Senior Partner, Pen Test Partners
56
58
59
Prof. Keith Martin Information Security Group, Royal Holloway, University of London
60
61
62
CyberSecurity15_English_C37189.035_134x190_Mar16_CT8_v1.indd 1
15/03/2016 12:22
Jon Guy SBL
64
65
EVENTS
AofEvents lmanac
APRIL
may
june
oct
NOV 17
Cyber Security Summit QEII Centre, London
66
july
Developing Information Security Professionals • Individuals - Professional development • Government - CESG Certified Professional • Organisations - Corporate Membership • Strategic Alliances - Professional Bodies • Academia - Partner Programme • Training - Course Accreditation For more information contact: membership@iisp.org
www.iisp.org
TREND MICRO DEEP DISCOVERY TM
MOST EFFECTIVE recommended breach detection system
2
YEARS RUNNING
www.trendmicro.co.uk/cyberattacks
cybertalkmagazine
@CyberTalkUK