Riots, protests and inclement weather are just some of the recent business risks we’ve all faced, on top of the usual concerns about fire, flood, theft and employee malfeasance. If you don’t put appropriate protections in place, your business is at real risk. Did you know:

• 93% of companies that lost their data centre for 10 days or more due to a disaster, filed for bankruptcy within one year of the disaster. 50% of businesses that found themselves without data management for this same time period filed for bankruptcy immediately. (National Archives & Records Administration in Washington)
• 94% of companies suffering from a catastrophic data loss do not survive – 43% never reopen and 51% close within two years. (University of Texas)
• 30% of all businesses that have a major fire go out of business within a year and 70% fail within five years. (Home Office Computing Magazine)
• 7 out of 10 small firms that experience a major data loss go out of business within a year. (DTI/Price waterhouse Coopers)

You may think that having a backup solution addresses this risk. However:

• 77% of those companies who do test their tape backups found back-up failures. (Boston Computing Network, Data Loss Statistics)
• 50% of all tape backups fail to restore. (Gartner)

Backup is only the beginning of a proper business continuity plan; and then only if its working and tested properly.

The Seminar

Managed Networks invites you to a free seminar covering:

• the difference between business continuity, disaster recovery and backup
• how to assess your requirements and weigh up your risks
• how to design and implement a business continuity plan that’s appropriate and affordable
• how to balance cost, risk and responsibility – including where the Cloud fits in

The Presenter

The seminar will be run by Ben Rapp FBCS CITP CISSP. Ben is a seasoned technology veteran with many years of experience advising clients on IT matters including business continuity and disaster recovery issues. He is CEO of a business in the SME sector and a board member of Intellect, the UK technology trade body.

Date and location

14^th December 2011; 3pm- 5.30pm

Intellect Offices
Russell Square House
10-12 Russell Square
London WC1B 5EE

To reserve your place at the seminar email enquiries[at]mn.co.uk
As places are limited, we advise you to respond as early as possible.

The Second Worldwide Cybersecurity Summit, taking place today and tomorrow in London raises a very important issue of the security of the world’s digital infrastructure. Facing the increased number of cybercrimes, governments and businesses realise the importance of online security and look to develop the effective strategy to protect the cyberspace.

The Second Worldwide Security Summit is organised by EastWest Institute and brings together leaders of governments, businesses and civil society from around the world. The event is taking place in London on 1-2 June 2011 and is a continuation of the first summit in Dallas in May 2010. There is a growing urge to establish diplomacy for cybersecurity as the leading corporations put a great pressure on governments to secure the cyberspace in order to protect the interests of the private sector. The EastWest Institute believes that moving government and private sector together, nationally and internationally could be a first step in building a safer cyberspace. The Summit’s three main goals are:

1. To mobilize new commitments by leading businesses and governments of Cyber 40 countries to address cross-border cybersecurity challenges.

2. To set in place new models for private sector leadership in addressing high priority vulnerabilities and threats associated with global internet connectivity and Information and Communication Technologies development.

3. To make advances on the most pressing issues in global management of critical information infrastructure with collaborative international breakthroughs.

In the past year we have witnessed a number of occurrences like Sony data breach, publication of confidential documents by Wikileaks or the discovery of Stuxnet that exposed the lack of consistent legal jurisdictions against cybercrimes.

Greg Austin, vice-president of the EastWest Institute’s Worldwide Security Initiative believes that: “Through the summit process, the EWI has been able to demonstrate that cybersecurity issues are more urgent than people think and that there are relatively easy solutions out there, but to get to those solutions we have to start talking to each other in more meaningful ways, more frequently and across more borders.”

Most businesses collect information about their clients on each website visit and store it using a piece of text (commonly known as “cookie”) stored on user’s computer by their web browser. On the average, websites have 10 to 20 cookies but some of the big corporations with multiple websites may even have thousands of cookies in use. Now, the companies operating within European Union need to comply with a new internet privacy law stating that internet users must give their consent before cookies store their web surfing activities.

Cookies can track the websites that the customer visits or the products that he or she buys online and then pass this valuable information on to advertising companies and other third parties. Internet companies, such as Google, Amazon or Facebook, and advertisers are worried that the new regulations could seriously affect their business model that use targeted adverts.

The EU privacy law affects all the companies that do business online. Penalties up to £500.000 can be imposed on the firms that fail to comply. However, the UK government has decided to give businesses one year to comply as they want the law to be phased in rather than implemented on deadline. Christopher Graham, information commissioner at Information Commissioner’s Office (ICO) warned: “Those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules.”

The new legislation aims at improving the control individuals hold over their personal data so they can use the internet with confidence. Government is currently in talks with web browser providers such as Google and Mozilla about their default browser settings which enable users to block cookies. Ben Rapp, CEO at Managed Networks commented: “This marks the third significant direct regulation of websites since 2002, yet most websites still fail to comply with the 2002 EC e-commerce directive and the 2007 Companies Act. These regulations are easy to ignore but have real teeth, including significant possible fines. B2C businesses in particular should use this latest deadline to drive a proper check of their website and email compliance.”

Internet companies will not keen on loosing the very valuable customer’s information that drives their revenue. There is a possibility that some companies will host their websites outside the UK and European Union to avoid new law enforcing stricter cookie rules. Time will reveal whether ne EU regulations are going to change anything and secure customer’s privacy.

Just a week after Sony revealed that the PlayStation Network had been hacked and the details of 77milion customers had been accessed by the hackers, the company suspended the Sony Online Entertainment service and informed that the details of another 25 million users may be at risk. The question is whether the online service suppliers are able to provide their customers with the right protection? How Sony is going to deal with the problem to rebuild their clients trust?

 More that 100 million users have been potentially exposed to fraud as a result of PlayStation Network and Sony Online Entertainment Service hacking and it is believed to be one of the biggest data breaches in history. The stolen information includes users’ names, addresses, email addresses, passwords and possibly even their credit cards details. Ross Brewer, Vice President and Managing Director of International Market at LogRhythm said: “An incident this size is sure to have significant repercussions for Sony.” He also stressed that the relation with the existing customers have been damaged and the ability to attract new ones significantly reduced.

All the online service providers should ensure their users’ data is properly protected. If they fail to do so, their business will face very negative repercussions. However, if the data breach has already occurred, the companies need to act quickly, sensibly and effectively. The organisations need to re-evaluate their security controls to reduce or eliminate the risks.

In order to provide additional security to usernames and passwords, organisations can take a one-time password (OTP), using smartcard devices and tokens. Some gaming firms already require clients to use OTP devices to access their accounts or to make transactions. “OTP devices can easily be integrated into most gaming consoles, securing access to the gaming environment, account holder information and to ensure customer data does not fall into the wrong hands,” says Peter Regent, director of online authentication firm Gemalto.

Companies should continually monitor their IT infrastructure and the IT security industry to be hands-on with threats and new approaches to managing threats. There is no individual or organisation immune to hackers’ attack but implementing multi-layer authentication into security processes increases the fraud protection. Acorrding to Randy Abrams, director of technical education at security firm ESET, online service providers cannot prove that customer data is safe. There is no 100% security, there is only risk management.

Organisations need to make sure that their employers are aware of the security issues and provide them with the relevant training. Data breaches will occur but the mission is to reduce their frequency and impact. “In a complex, dynamic IT environment, only those organisations that create the right security policies and processes, and then enforce policy with the right automated controls to increase visibility of suspicious activity, can reduce attack and better safeguard the business,” says Rob Warmack, EMEA director for Tripwire.

Sony data breach is yet another proof that the hackers are more active, focused and resourceful than ever. Organisations need to work even harder to secure their networks and they need to assume that hacktivists’ groups keep on finding new ways around existing defences. To increase the effectiveness the security industry and users organisations need to work together to identify and tackle new threats.

Sony revealed it is initiating several measures to increase all aspects of PlayStation Network’s security and user’s personal data. It will include moving network infrastructure and datacentre to more secure location. The company also announced that it will not restore services until the security improvement systems are fully implemented. The company is said to handle the crisis situation well and is doing everything to win back the trust of their clients. However, many would ask why did it take a huge data breach to push the organisation to action. It would be so much easier (and cheaper) to prevent than to treat.

Sony’s online PlayStation network has been hacked leading to the theft of personal data and possibly credit card details from 77 million user accounts. The company admitted yesterday that it had been hit by hackers attack, six days after the data breach occurred and few hours after launching its new tablet in Japan. Why Sony waited so long to inform its customers about the threat? The data breach also raises an important question about our online security.

Sony admitted that it learned of the breach in its PlayStation network on 19 April and shut it down immediately. Since then the firm wasn’t rushing to give explanation to its confused customers, it only asked for “a little more patience”. Sony spokesman said it took several days of forensic investigation before the company learned their customers’ data had been compromised. No surprise that this announcement sparked fury among PlayStation users. One client commented: “The fact that you’ve waited this long to divulge this information to your customers is deplorable. Shame on you.”

Alan Paller, research director of the SANS Institute, thinks that Sony did not pay enough attention to security when it was developing the software running the network. Sony was mostly focused on launching innovative product ahead of the competitors and as a result the security suffered. “New software has errors in it. So they expose code with errors in it to large numbers of people, which is a catastrophe in the making” Paller added. He also suspects that hackers took over the PC of a system administrator who had rights to access to sensitive information about networks’ customers. They achieved so by sending the administrator an email containing malicious software that got downloaded on admin’s PC

Obviously, the data breach is a major setback for Sony. But the biggest issue is how the hackers are going to use the stolen information. The Japanese electronics maker said that there is no evidence that credit card details were stolen, but does not rule out such possibility. The firm hired “outside recognised security firm” to investigate the case.

The PlayStation data breach raises an important question about network and database security. How can we be sure that our data is properly protected if a major technology company like Sony cannot prevent the hackers attack?

Since it launched on November 11, 2006 the PlayStation network has had over 1.4bilion downloads. Sony said it would restore some of the network services within a week.

Virtualisation is being rapidly adopted by many companies for various reasons. Primarily, it brings significant money, time and labour savings. Businesses embrace virtualisation also because it improves business continuity as the disaster recovery becomes much easier once the enterprise has virtualised. Another reason to praise virtualisation is that it blocks malware attacks. Martyn Croft, CIO at Salvation Army UK says that thin-client virtualisation has helped to protect the business from scammers.

Two years ago Salvation Army replaced 1000 PCs with thin-client virtualisation. Recently, an employee from Salvation Army got a phone call from a scammer who was pretending to be from charity’s IT department. It’s quite a popular practice for scammers to impersonate IT department workers asking whether the computer is running slow etc. They usually get the users to download a Trojan virus, disguised as IT support file.

“The guy [scammer] got frustrated because he had not figured out there was not a PC in front of the user. Everything the scammer asked the user to do was thwarted by all the controls put in place,” Croft revealed.

Thin-client is hard to compromise as control filtering prevents users to be directed to malicious websites. The data and the desktop are secured at the datacentre, which also improves the security. However, it is essential to keep in mind that virtualization technologies connect to network infrastructure and storage networks. It requires a very careful planning with regard to access controls, user permissions, and traditional security controls.

Latest research carried out by Information System Audit and Control Association (ISACA) revealed that the regulatory compliance will be the top issue affecting organisations’ IT in the next 12 to 18 months.

The survey of more than 2,400 IT security professionals indicates that new technologies (such as cloud computing), increase in regulations, data breach and the rise of personal technology in the workplace are accelerating complexity and risk.

The global economy is more and more challenging; enterprises need to manage their growth whilst complying with a growing number of regulations and standards. The top-ranked technology concern was segregation of duties and privileged access monitoring (chosen by 53 per cent of respondents).

“Occurrences such as WikiLeaks, the Zeus botnet and an overall rise in identity theft show in 2010 that the variety and volume of threats is on the upswing. Security is everyone’s business, not just IT‘s. This area will continue to be a losing battle if organisations do not get top-down commitment,” said Greg Grocholski, CISA, director at ISACA.

Information Technology needs to be carefully managed in accordance with growing number of government regulations to consumer privacy and hackers attacks.

If you feel like your business is not protected enough, give Managed Networks at 0800 783 6170 or request a callback. We will try to find the best possible solution for you.

Small and medium enterprises are putting themselves at risk by not implementing sufficient IT security practices. Nearly 40% of SMEs have been hit by a malware attack, yet many of them don’t do anything to prevent subsequent threats.

A survey by internet services company Eclipse on 1,000 SMEs revealed that 71% of users do not have any IT security software on their computers at work. Some 58% of respondents admitted to use the same password for every website and online service they use, 46% share their passwords with friends and family. What is more, around three-quarters of employees would not be able to spot a rouge link.

The lack of security awareness can result in huge financial implications to SMEs. Clodagh Murphy, director of Eclipse said: “In today’s uncertain economic world, it is understandable why SMEs may think twice before investing more in IT security. However, no investment at all could prove to be catastrophic to their bottom line.”

SMEs need to be mindful about the impact of threats on their daily operations and work closely with their internet service and security providers to develop transparent guidelines to protect their business.