Monthly Archives: September 2012

Debating the importance of security awareness

It goes without saying that in this open day and age, the importance of good practice when it comes to data and sensitive information, is more pressing than it has ever been.

From emails to tweets, USB sticks to smartphones, big bundles of paper tucked under your arm, printed here and there, remotely, across the digital highway, zip, zip and away, the ubiquity of information out there is pretty amazing.

With this sheer volume of information, transmitted, shared and downloaded on a daily basis, 24/7, all around the world, everyone always on the go, life has never been easier.

Add to that the fact that it is done through multiple devices, where one you’re minute writing a paper on your Blackberry, the next minute loading it to your Apple Macbook Pro, the next sharing it via Dropbox, it is almost inconceivable, that back in the day we relied heavily on transporting things via post.

With these radical changes comes danger. Where a lot of information used to be filed away and archived in a physical sense, under lock and key, today everything is in effect online or stored on a computer, which needn’t these days be access from one spot. You can, after all, check into your home computer remotely.

It can therefore feel as though data, however well protected, is always on the precipice of tumbling into the virtual world, like a £100 pound noted fluttering in the air for everyone to grab.

Which is why it is important for organisations, however big or small, to invest in training their staff in security awareness. A lot of time, effort and money can be saved if employees – employers as well – are informed about the latest happenings in the IT industry, like, for example, recent cyber crime trends.

However, interestingly, even if such training is delivered, is it actually having a positive impact? One line of argument is that the value of such training is negligible and it is constricted by certain limitations.

Take for example the recent study from the British Retail Consortium, which found that retailers were often unaware that a crime had taken place and didn’t think it normal to report every incident they were attentive to.

Or what about the Graeme Batsman’s comments last month, who had found that small businesses were almost lackadaisical when it came to data protection. The director of Datadefender.co.uk said: “Companies see the stories about leaks and hacks quite a lot, but the main thing is people think that it won’t happen to them. We know things will increase and get worse. More people are using computers and they have to wake up.”

At this year’s RSA Conference, whose theme is The Great Cipher Mightier Than The Sword, Acumin, the leading provider of information security recruitment and risk management recruitment services, will be delivering a special debate on the matter.

Showing a commitment to promoting good discourse, Acumin’s RANT (Risk and Network Threat) forum has assembled some of Europe’s leading thinkers in this area to push the debate further.

This includes Javvad Malik, senior security analyst at The 451 Group; Thom Langford, director of the Global Security Office at Sapient; Kai Roer, a freelance author, trainer and security consultant; Rowenna Fielding, information security manager at the Alzheimer’s Society; Geordie Stewart, managing director at Risk Intelligence; and Christian Toon, head of Information Risk at Iron Mountain Europe.

If it is going to be anything, then enlightening, thought-provoking and fascinating are just a few words that come to mind. It is great when we have multiple voices of authority and experience waxing lyrical about their ideas. Here is where great debate happens.

Acumin,  will be on call throughout the entire duration of the conference to discuss any questions pertaining to recruitment. It specialises in, among others information risk management, governance & compliance, penetration testing & forensics and executive management positions.

The RSA Conference at Hilton London Metropole runs from October 9th until 11th. Register here

Advertisements

Online retail crime needs to be addressed

Over the last six months it has rained so much that even a mere glimpse of blue skies or the feeling of sunshine upon our skin has left us elated but nervous. It’s as if we’ve forgotten what that used to feel like, so grey and wet has this year been.

While it may have dampened – literally – our domestic holiday plans, our want to sort the garden shed out, to dine alfresco or spend time watching the world go by in the great outdoors, thankfully, other aspects of our daily lives, have pretty much continued as normal. The digital age has brought everything to our fingertips.

We might have desired to go to the cinema, but streaming videos lets us link up our PCs to our gigantic TVs; a gig might have been called off, but with YouTube, we can watch the band’s music videos; and where we’ve needed to fill up our fridge and not wanted to get blasted with torrential rain, well, with a few clicks, we’ve navigated a virtual supermarket without stepping out of the door.

Everything is possible with the digital life, but while it comes with benefits, there are always downsides. A new report from the British Retail Consortium (BRC) has found that cyber crime, or e-crime as it describes it, represents one of the biggest challenges facing retailers in the 21st century.

In 2011-12 for example, British retailers were hit hard, with breaches to network security costing, in total, £205.4 million. Of this figure, £77.3 million was lost as a direct consequence of fraudulent activity, while the remainder was calculated as projections of business lost as a result of being a victim.

The most popular type of crime was personal identity fraud, followed by card fraud in general, after which came refund fraud. Though this was the bulk of criminal activity, it was by no means exclusive, with phishing also proving to be a growing problem for retailers.

While this in itself is problematic, it doesn’t help that retailers are not approaching such crimes in the same way as they would for non-digital crimes. The study noted that 60 per cent of businesses in this industry were unlikely to report any more than ten per cent of crimes to the authorities.

This indicates that somewhere, along the usual lines of communication, something has gone amiss. Considering that the UK is a leader in online retailing, such losses are harmful to finances and reputation.

“Online retailing has the potential for huge future commercial expansion but government and police need to take e-crime more seriously if the sector is to maximise its contribution to national economic growth,” advised Stephen Robertson, director of the BRC.

“Retailers are investing significantly to protect customers and reduce the costs of e-crime but law makers and enforcers need to show a similarly strong commitment.”

According to the expert, the study shows where efforts need to be directed. Mr Robertson said that the government, along with law enforcement agencies, need to work to develop a “consistent, centralised method for reporting and investigating e-crime”.

We welcome this. If there is, as the BRC calls for, a better, more organised system for getting businesses to consistently report, record and investigate crime, backed up with more support from the authorities, we can get a better, more detailed picture of trends in cyber crime. Knowing this allows us to build up better security measures.

After all, the last thing we want on a rainy day, cooped up in the home, is to lack the confidence to shop online for clothes, food or treats. Technology is about moving forward, it’s about high time retailers stepped up.