This year's Infosec seemed to have a healthy buzz about it. I managed to go on the first day of the show and there was plenty of foot traffic with the vendors I spoke to reporting a better level of interest than last year. Maybe this recession thing really is finally coming to an end. Or is it that companies can only afford to cut spending on security for so long?
I went to the show with strong expectations that cloud and mobile would be the two key themes. Ironically, after the massive cloud-burst from last year there were very few firms that were banging on about cloud. I think the marketing men have had their fun and those in the tech industry have moved on. Cloud just IS, it doesn't need hyperbole now that it's a commodity.
Mobile, on the other hand, did make an appearance but it took a bit of digging. A wide selection of companies had mobile products, to handle phones when they are out on manoeuvers or BYOD security problems, but they weren't shouting about it. Maybe this just goes to show the level of ubiquity that mobile has these days. There's no need to alarm people with scare stories about mobile devices any more. CTOs know that it's something they need to deal with. Statistics from Proofpoint suggest that around one fifth of all clicks happen off-network, outside of the traditional protection offered by the company network. There's no point having a secure internal network if employees just bring something in that they caught at their local, tax-avoiding coffee shop.
Telefonica and AirWatch announced that they were partnering to bring a web-based platform that promises end-to-end management of mobile devices along with tools to define, enforce, and monitor the security policies for those devices across your whole organisation. They weren't alone either. Exclusive Networks also unveiled its Mobile Enterprise Eco-System (MEE) offering an end-to-end solution which aims to give IT teams visibility, control, management, and compliance of devices, apps, and access methods for mobile devices.
Not only did we have Bring Your Own Device mentioned but also Bring Your Own App. With ForeScout offering a mobile plugin for its CounterACT network access control platform, the firm aims to alleviate network managers' headaches for both of BYOD and BYOA by logging and identifying devices which access the network. Phones and tablets can then be monitored or blocked whilst providing information such as whether the device has been jailbroken, whether it's password protected, and what range of software is running on it - including whether it has anti-virus installed.
Phones aren't always the security problem, however. Sometimes they are the solution. SecurEnvoy was on hand to show off not only a fancy stand which looked like a pub bar, just with less beer, but also its range of token authentication solutions. Users could be made to authenticate using SMS codes sent to their mobile, or a soft token could be installed which could generate a new code every 30 seconds - ideal for situations where a mobile signal can't be guaranteed.
Everyone loves a good statistic, 9 out of 10 cats would agree. But should we allow headlines like this in our world of beautiful equality? "YouGov survey finds women are more likely to reveal security passwords than men." Allegedly women are 26% more likely to write down their passwords so that they don't forget them, 40% more likely to share their password with friends and family, and 42% more likely to share passwords with a colleague. Now I've had some slow parties but I've never ended up playing spin-the-password. But the overall finding is that both men and women share passwords in ways that might open their firm's security wide open. It sounds like we really do need something better than just passwords to protect our hardware. Any guesses how many IT workers have "Gandalf" for their password?
Too much is...too much. Here's proof that you can overdo your security. A survey from Voltage Security says that 40% of those questioned said that their inability to get at the information that they needed resulted in a lost sales opportunity. Worse still it seems as though 46% circumvented security controls in order to close an opportunity. It's looking like firms aren't necessarily getting it right in the battle to keep things safe whilst still enabling the firm to function.
But if you believe this next interesting number from Check Point's 2013 Security Report then it doesn't look like organisations are getting it right, even a little bit. Apparently 63% of firms were infected with bots, and more than half were infected with new malware at least once a day. We need to raise our game everyone, and there's no time to waste.
FireEye's Advanced Threat Report gathered over 89 million malware events to come to the conclusion that on average enterprises experience a malware event up to once every three minutes. Blimey, that barely leaves time for a cup of tea between each one. Although if you work in the area of technology the news is even worse, you could be having up to one event per minute.
However, this is not a problem. Me and my other ostrich friends agree. Don't believe me? Figures from Varonis show that 91% of respondents assume businesses protect their personal data and online identities. This is despite reported data breaches for 93% of large organisations and 87% of small businesses in 2013. I think the best chance we've got is that so much data has been stolen that the odds against you being one of the people that has their data abused isn't really that high. They've got about a billion other people to scam first.
It's not all high tech thefts that provide juicy data though. Sometimes it can be stolen by simply looking over someone's shoulder. But lucky for us we have 3M and their privacy-protecting display filters. They tested their product by having the survey participants enter their answers on a computer, either with or without the filter. They were given the chance to start filling in the questionnaire a bit early, but with a researcher (presumably suitably shifty-looking) sitting in close proximity. Apparently those with the filter used 44% of this "wait time" whilst the others used just 22%. The Ponemon Institute, which carried out the research, then predict that such a finding could mean a loss in productivity of around £360 a year per employee. On the other hand I've been on the train where men in suits who should know better are reeling off their credit card numbers to anyone in earshot just so they can use every spare second. Try and put a filter on that.
Heavens to Betsy! What's happened to the world? Surely in the world of business we can't have to deal with subjects like child sexual abuse material? Yup, sadly so and after all the media attention focusing on certain celebrities that managed to get away with pretty much everything short of actual murder it appears that it's something we not only can talk about, but should talk about. I ran into a great guy from TDI Security, called Derek James in case you'd like to hunt him down and find out more, who surprised me with a worrying statistic of how many work machines are used to distribute child pornography. The fact that this number isn't zero is shocking. Surely in this day and age everyone must work on the principle that their work machine can, and will, be frisked to make sure there's nothing illegal on it. Derek was there to push NetClean as the solution to this problem. NetClean's product comes as either a software or hardware solution which promises to stop this kind of filth from clogging up your business or indeed getting your good name dragged through the papers. Ultimately when the news hits the papers it'll be your company's name up in lights.
Phew! I'm glad that's out of the way. Oh, hang on. SpectorSoft seems to be suggesting that any parent's summer checklist should be: beach, BBQs, and paedophiles? The firm has announced its association with a new website (http://www.parentingtodayskids.com) which is designed to help parents and children understand the dangers of today's digital world. With lots of free time over the summer it's important that children remain safe on sites such as Facebook and Twitter. I guess there's only so much technology can do to solve the problem. Just like any business, security will always come down to educating people on how to keep safe, whether that's against people wearing too much jewellery and dodgy tracksuits or people trying to make off with your database of credit card numbers.
Dear Santa, I saw this really nice USB key-shaped device which can help you encrypt voice calls, send emails with protected attachments, pretty much encrypt any data you might send into the cloud, and most impressively (to me at least) a pass-through port so you can encrypt any external hard drive you might have. It's called IndependenceKey and I saw that Origin Storage Solutions was selling it. Given the mix-up with the bike I never got, I pretty much reckon you owe me one of these Santa old boy.