>Looking Back, Looking Forward – The Security Highs and Lows of 2011
Sowhat happened last year? Well apart from it flying past, for us at Chatback Security it has been a great2011. We successfully continued our efforts to offer opinions on security risks and threats and have now built up a steady readership and loyal following.
January was kicked off witha promise for us to be more active on the blog and introduce Fraud and othertopics. This proved succesful in 2012:
7000 blog readers (55% up on 2010)
3500 unique visitors
2500 twitter followers
Readers from over over 50 countries
February saw scam awareness monthand we also received acouple of emails asking for us to claim our lottery winnings, all we had to do was supply our bank details apparently?! It’s amazing how email addressesget identified by scammers for this type of contact (its even more amazing that people fall for these scams).
The MPS kicked off a new counter terrorpublicity campaign asking for people to look out for unusual activity or behaviours that might strike peopleas not quite right and out of place in their normal day to day. Just one piece ofinformation could be vital in helping to disrupt terrorist planning and, in turn,save lives. If you see it, report it.
March saw us talk aboutthe HOSDB INSTINCT exhibition whichconsidering this exhibition is designed largely for law enforcement and government agencies was actually quite interesting and food for thought when consideringthe future applications that could find there way in to our airports andhopefully other environments.
The ‘Insider Threat’ came all too true with a British Airways software engineer being sent down for 30 yearsafter being convicted for plotting to blow up a plane. This particular topic isclose to our hearts and seems to have fallen off organisations radars a bit and it’s not being discussedas much as it should be.
April was the monththat the Centre for ProtectionNational Infrastructure (CPNI) released a ‘Public Realm Integration’ documentwhich although it looked like it had been designed by Saatchi & Saatchi it stilloffers some very good information about when and what you should consider whendeploying any Hostile Vehicle Mitigation in the public realm.
May brought us our 1year celebration of the blog and the introduction of the Stuxnet, the Future ofMalware posting.
June saw me and Paulenter and successfully complete the 26 mile London Bikeathon in support of acharity close to both our hearts ‘Leukaemia and LymphomaResearch‘.We werevery kindly supported and sponsored by our new friend in the US Brad Apitz(please follow him at @BradCHSV) who helped us raise over £500 in sponsorship.Thanks again Brad.
I presented at The 8thAnnual CISO Summit in Rome which was attended by a very experienced audience. I must have done okbecause the organisers invited me to speak and chair a panel on social mediasecurity risks at the CSO later in the year. I have a lot of time for MISTraining and willbe sharing more news, events and speaking opportunities throughout the forthcoming year, so keep an eye on our events page.
Towards the end of June we bothattended The Security Institute’s Annual Conference.
July saw a couple ofguest bloggers posts and the Home Secretary Theresa May announced the terror threat level for the UKhas been reduced from severe to substantial. However, a terrorist attack stillremains a strong possibility and may well occur without further warning, shewent on to warn. Mrs May said: “The change in the threat level tosubstantial does not mean the overall threat has gone away – there remains areal and serious threat against the United Kingdom and I would ask the publicto remain vigilant.” January 2012 we remain at ‘substantial’.
August we took leave andyou do not want to know where or what we did because that is boring.
September saw us post asummary of the GMB report on From Workplace Watch To Social Spy: Surveillance In (and by) The Workplace.
October brought us National Identity Fraud Prevention Week (NIDFPW), which over the lastseven years has helped consumers and businesses alike to fight identity fraud.NIDFPW brings together partners from both the public and private sector tocontribute their resources and experiences to help UK businesses and consumersprotect themselves against identity fraud. Research commissioned by Fellowesfor the campaign has shown that consumer confidence is at an all time low, with96% of people concerned that the organisations they deal with aren’t treatingtheir data responsibly.
November saw the UK government announce The New Cyber SecurityStrategy, I attended the Chief Security Officer (CSO) Summit inLondon where I presented on Security Assurance and chaired a panel session onsocial media security risks and it was also Get Safe Online Week 2011 (7th – 11th November 2011) What is GetSafe Online Week? Well if you missed it, it’s an annual event to raiseawareness of internet safety issues. They reach out to consumers and smallbusinesses through competitions, events and communications activity and tobusinesses and organisations through their annual Get Safe Online Summit tofind out the latest updates or join us and follow them on Twitter@GetSafeOnline for all the latest news. Finally Chatback Security wasapproached after being recognised as known and
influential security bloggers (get us) to participate in the Cyber security Challenge UK 2012as journalists. Watch this space we willbe talking all about it.
December sawthe MPS launch a dedicated police unit to tackle Metal theft, Anonymous were atplay again, attacking Stratfor (the website is still offline) and my son’s first published photos to supportthe 4×4 crime prevention posting by Paul. Our recent posting by Infosec Island was posted at the end of December and still worth a read onsecurity risk management and it’s not all about assessment.
Happy New Year…. 2012 is here so whatdoes it hold for us personally and professionally. Well firstly, more of thesame but different, if that makes sense. Theyear starts with us attending the first round of the Cyber Security ChallengeUK. The first 5 months see me being invited to speak at the Information SecurityExecutive Summit in Richmond,UK, Counter Terror Expo in London, CISOSummit 2012 in Prague and the Fraud Corruption Africa Summit in Zanzibar and then of course is the Olympics, London2012.
Some of the threats and risks onthe horizon that are going to require some effort in combating are:
- Continued trend in metal theft (cabling, ornate statues, church roofs etc), hopefully some change in legislation also around the selling/buying of scrap metal
- Protection of our critical infrastructure (in paricular SCADA systems)
- Insider threats
- Olympics (surprise surprise)
- Under valuing physical security measures (?too much focus on cyber threats maybe)
- Large scale scams and frauds
- Recruitment of the right security people at the right time
Weseek to enhance our relationships with @GetSafeOnline and London Fraud Forum (LFF) and Paul will continuewith his work in the Security Institute whilst I intend towork closer with London First who kindly invitedus to seminars and events on the Olympics and Cyber Crime.
We are alwayslooking for new areas of interest and guest bloggers or supporters, if you feelwe (or you) can contribute to your ideas please let us know via firstname.lastname@example.org or contact either ofus direct via LinkedIn (Richard or Paul).
Inthe meantime we wish you a very safe, secure and prosperous Olympic new yearand look forward to staying in contact with all our friends and supporters.
Thanks and enjoy. Richard