2012: there doesn’t have to be a cyber-apocalypse

The term “cyber security” has been cropping up more and more often, both in the techie and mainstream press. Protecting digital information, customer data and intellectual property from theft, corruption or disaster has become a priority for most organisations – and individuals – as we increasingly conduct our lives and business online.

Stories abound of sensitive data being left on trains, customer credit card details being lifted from databases, and attempts to disrupt infrastructure. The stark facts are that, no matter how robust security systems are, there will always be someone trying to find a weakness.

The ethical hackers spur on the computer security industry to evolve and improve what they do; but cyber criminals seek only to profit, and will stop at nothing to get what they want. On an individual basis, for example with customer credit card data, this can be expensive and inconvenient. On a national basis, it could be a recipe for disaster.

Last summer, it was reported that the Ministry of Defence suffered more than 1,000 cyber-attacks between 2009 and 2010; since then, hackers, hijackers and “cyber-terrorists” have been in the news if not for creating havoc, at least for their potential to do so.

In 2011, it seemed that there was an endless series of assaults involving malware, hacking and phishing that succeeded in damaging large, multinational businesses including RSA and Sony.

So, what can we expect in 2012 when it comes to information security?

Take an in-depth look at some security trends to watch in the coming year – but here’s a quick overview as to why businesses need to get their digital houses in order. There’s even a dedicated cyber security insurance policy available – but it’s far better not to need it at all…

  1. It’s now accepted that security breaches are an inevitable consequence of keeping information in digital format – so rather than focusing on preventing every single instance, it’s vital to put systems in place to detect and remediate attacks when they happen.
  2. Cyber espionage – against governments or companies.
  3. Smartphone malware.
  4. Anti-theft protection for mobile devices.
  5. Spear-phishing attacks (a targeted way of attempting to grab security information like passwords, credit card details, etc.).
  6. Social engineering attacks via social networking – tricking users into entering information into a fake website, such as PayPal.
  7. Requirements for businesses to notify their customers when personal information has been compromised.
  8. Protecting national infrastructure.
  9. Improving the quality of code by external review.
  10. Security implications moving to the cloud.

These are just a few of the issues facing governments, businesses and individuals over the coming months. And technology evolves so quickly, that doubtless there will be many more. It’s vital to be innovative when it comes to cyber security – it’s not enough to deal with attacks when they happen; being proactive can save a lot of headaches in the long run.

Advertisements

Suspected computer misuse – would you know what to do?

46% of large companies have had staff lose or leak confidential data*

People live a large part of their lives through their computers and mobile phones, and these devices can be seen as an extension to the minds of employees – so it stands to reason that the evidence they contain can be pivotal in internal investigations, disciplinaries and tribunals.

A quarter of frauds suffered by business during 2010-2011 were digital crimes

Computer misuse is almost inevitable, no matter how robust your IT security, policies and procedures. When employees have round-the-clock access to company computer systems and smartphones, there will always be those who will misuse equipment or take liberties with sensitive data to which they have legitimate access.

Whatever the scenario, no matter how small, the initial response is crucial to avoid potential legal problems.

What can you do?

No matter how effective your policies and procedures, and IT security, there will always be risks. CCL-Forensics has put together a one-day course providing delegates with techniques to understand and implement best-practice in dealing with digital evidence.

Agenda

  • Computer misuse – why I might need a forensic response
  • Contemporaneous notes – how and why
  • Handling digital evidence – chain of custody
  • Locating the data (evidence)
  • Seizing digital devices – theory and practice
  • Forensic data imaging – the theory
  • Forensic data imaging – practical
    • PC
    • Laptop
    • Flash drive
  • Getting data from a network
  • Home directories
    • Email
    • Custom content image
    • Storing digital evidence

When, where and how to book

Date: February 23

Price: £195 + VAT per delegate

Location: Stratford-upon-Avon

For more information and to book online, please visit our website, email info@ccl-forensics.com or call 01789 261200.