Industry news

3) Management need to be kept aware and take responsibility:

‘Buck passing’ is a frequent past-time in many organisations, especially if someone isn’t willing to stand up and take responsibility – or feel that they can. All too often the security team does not feel empowered to bring information to the management’s attention, or no mechanism exists to inform the CIO of risks that might affect the business. On the other hand CIOs are frequently more concerned about not spending money, and keeping the board happy, than giving their “troops” the support and resources they need. If this sounds familiar then perhaps it’s time it didn’t.

4) Pay Attention and Act on New Clues – Regardless of the Source:

In the IT industry there is not a day that goes by when we are not being alerted about yet another risk. However it is questionable how seriously organisations take alerts that may relate to Iranian nuclear facilities, or breaches of databases in Japan, etc.

Just because you may not have used Diginotar certificates, or Digicert Malaysia was not on your list of preferred suppliers, does not mean that you’re not the next victim. Every single Windows device has been affected by Flame and no one saw that coming!

5) Denial and Retribution:

Bottom line is somebody has to pay, and when your business’ reputation and earnings are affected by severe failure in your IT infrastructure, then someone will pay. Corporate senior management expect that those who are paid to fulfil a specialist role can do so effectively. There are not many CSOs or IT Security Directors who can expect to survive a digital certificate compromise or a certificate authority (CA) compromise on the basis of “there were no warning signs”!

6) You Never Know When It will Hit You:

Just like a boy scout – you need to be prepared. If you wake up tomorrow and discover that your internal and/or external CA had been completely compromised, would you have a clear action plan. Likely not, and I’m sure that should you get the opportunity to be in a similar position in your next organisation that you’d be better prepared the next time around!

7) Get Serious About The Risk:

Your infrastructure security is under attack, and your keys, certificates and CAs are a primary target. Those attacking you understand that you have ignored this area, and that enterprise key and certificate management has generally been forgotten about. Your enemy is exploiting your ignorance, and unless you get control of your CAs, they will get you.

What many organisations are still ignoring is that keys and certificates are the very foundation of secure systems — therefore a CA compromise will have dramatic effects. The reason these dramatic effects have taken place is because hackers have woken up to how they can use compromise certificates, from badly run CAs, to carry out major data breaches. The litany of recent attacks such as Flame, Stuxnet and Duqu have surely displayed that CA compromises are now a strategic tool in the hackers swag bag. There is no point securing the perimeter of your defences if the hacker can use a stolen certificate to swoop through them, gaining access to all of your organisation's secrets — you need to understand the risks, put processes in place and educate all of your staff to be prepared for and how to respond to a CA compromise. Otherwise the only noise you will hear is the closing of the door behind you and your organisation decides it cannot risk employing you for any longer.

A new ‘Cyber Security for Business’ programme has been launched, which will include UK businesses receiving advice on how to defend against and reduce risk of cyberattacks

The new programme is expected to be the vanguard of a new governmental policy to play a proactive role in increasing the security of UK businesses against IT risks.

A report released at the start of last year placed the annual cost of cybercrime to the UK economy at £27 billion. There have also been reports of increasing state funded cyber espionage against UK businesses.

The European Union has given the go ahead to a joint venture programme between Vodafone, O2 and Everything Everywhere to provide mobile payments.

The joint venture programme was announced in March in order to develop a mobile payment solution in order to compete competitively against the likes of Google.

The decision comes after an investigation into the effects of the programme on competition.

The EC’s vice-president, Joaquín Almunia, said: “The proposed joint venture is one of several initiatives to develop the sector in Europe.”

The Irish department of environment have signed a contract with Polycom, which will see the deployment of a unified communications service.

The move comes as the department seeks to reduce costs under economic pressures while modernising in preparation for Ireland’s 2013 European Union presidency.

Paul McDonald, principal officer for ICT and communications at the department said: “The increased collaboration has been hugely beneficial as meetings can now be done over a video call.”

Microsoft is preparing to increase its presence in China by bringing in an additional 1,000 staff to the country.

The company is looking to expand research and development (R&D) within the country and has, according to Zhang Ya-Qin, chairman of Microsoft's Asia-Pacific R&D group, increased its (R&D) development budget by 15 percent.

Reuters have reported that Microsoft will also look to increase other areas including sales, marketing and services.

Microsoft is preparing to increase its presence in China by bringing in an additional 1,000 staff to the country.

The company is looking to expand research and development (R&D) within the country and has, according to Zhang Ya-Qin, chairman of Microsoft's Asia-Pacific R&D group, increased its (R&D) development budget by 15 percent.

Reuters have reported that Microsoft will also look to increase other areas including sales, marketing and services.

Mobile giants Telefonica and Deutsche Telekom have both moved to heavily invest in technology start-ups.

Telefonica has created a venture capital fund network of €300 million, known as Amérigo, described by the company as being aimed at “new businesses that are innovating in the digital space”.

Deutsche Telekom have also rearranged there venture capital arm T-Venture, as it moves to increase speed of investments, as well as moving to buy majority stakes in tech start-ups.

The NHS and CSC have reached a new agreement seeing an end to the contract to provide patent record systems to 160 NHS trusts.

The new agreement will save the Department of Health £1 billion, while CSC will receive £68 million, for providing record services under the Lorenzo programme to 10 trusts.

The new agreement announced today will allow the NHS to deploy other care service systems in the future, independent of volume.

CSC stated that the agreement offered, “substantial flexibility to NHS trusts in their choice of electronic care records solutions while affording CSC the opportunity to expand and accelerate its marketing of the Lorenzo solution to NHS trusts across England”.

After receiving heavy criticism from high level individuals and organisations, Salesforce.com has dropped its application to trademark the term ‘social enterprise’.

The company has also stated that it will remove the term from future marketing material. The company received criticism of its use of the term, in describing the use of social media to link businesses with consumers and employees, contrary to the commonly held understanding of ‘social enterprise’ to describe businesses involved in community interest projects, rather than being aimed at maximising profit.

In a Salesforce.com blog in August, the company said: “Salesforce.com does not own or intend to own the trademark rights for the term social enterprise within the nonprofit sector, and is not seeking to restrict descriptive uses of the phrase by others in philanthropy”.

Microsoft and Nokia are preparing to launch the new Windows phone device tomorrow, as analysts predict a make-or-break moment for the device.

The timing of the release is close to the expected launch time of the new iPhone of September 12th, which could threaten to steal the limelight away from the Windows phone.

Ben Wood, director of research at CCS Insight, said "If it fails to get that reaction at the time of the announcement that does not bode well for the future of the portfolio."