Tag Archives: prevention

Bursary winner shares learning from InfoSec 2018 with colleagues and future IT professionals

Haydn Tarr
IT Service Development Manager
The University of Chichester

 

InfoSecurity Europe 2018 Conference

Back in June 2018, I was very fortunate to be offered the UCISA bursary to attend InfoSecurity Europe conference in London. InfoSec as a conference offers attendees insights into the latest trends surrounding information security, and largely focusses on cyber security threat prevention and mitigation.
Attending this conference was refreshing for me in two ways. I was exposed to a number of new and emerging themes and it was great to meet new people with exciting ideas, and a real drive to provide a safe, digital environment for colleagues and customers. I hope that with this blog post, I can give you a sense of my overall experience and share some of the information from the event.
Throughout the years I have supported The University of Chichester’s IT infrastructure journey from being based solely on site, to having a blend of both hosted and on-premise deployments. As Chichester grows both in terms of its IT deployment but also in numbers of students, staff members and other types of users, it is inevitable that our cloud footprint will grow too. With this, my role is focussing more and more on security whilst enabling digital transformation projects, which, by their own nature have implications when it comes to protecting the data of our user-base. One of the things I value most from being able to attend InfoSec was being able to share Chichester’s story with other representatives from both commercial and non-profit organisations and learn that they were too, facing the same challenges.

It’s not a case of ‘if’, but ‘when’….

A common discussion point which came up regularly at InfoSec was prevention and mitigation methods against cyber-attacks. However, vendors and consumers generally agree that total prevention isn’t guaranteed and that it’s only a matter of time until an organisation’s next cyber incident. One session that I attended, had determined the average time taken to expose a breach is 191 days. For some organisations this presents potential cultural challenges as the workforce isn’t always empowered to blow the whistle when a breach is identified. Should a breach be discovered from outside the organisation however, the repercussions could be irreparable. One of my personal takeaways from InfoSec from the sessions was using repositories such as ‘haveibeenpwned.com’ and cross referencing these with our global email address lists to determine if any of email addresses had been leaked. Someone was even so kind as to point me in the direction of the PowerShell script which carries out the comparison, which we’re still using regularly now.

Old tricks are still the most effective

In the sessions and general conversations, email continues to thrive as the primary threat to an organisation’s information security. Email attacks have been at play for over twenty years now and yet commercial, education and non-profit organisations are still struggling to deal with these attacks. It was reassuring to hear that we weren’t alone in this battle.
I took many technical recommendations away with me from the conference, such as providing banners on external emails, identifying cloned addresses and recommendations to use Office 365’s security assessment, which identifies any vulnerabilities in your tenancy and makes the appropriate recommendations.

In light of the above, what was promising to hear is that many organisations are attempting to strike a balance between prevention measures and training. Implementing proactive measures to prevent threats is the immediate go-to action, however, both commercial organisations and HEIs are investing more into providing user training and assessing their security vulnerabilities within the workforce. I came out of InfoSec in high spirits, knowing that in the absence of an unlimited budget for investing in security measures, we are fortunate to have at Chichester an open dialogue with our students and staff with regards to awareness of cyber threats and good digital security practice in a modern University.

Reflections and future prospects

InfoSec really broadened my horizons to information security in a way that I hadn’t been exposed to previously. So much so that it has had an impact on my academic studies where leadership in cyber security forms the main subject area of the final year dissertation for my master’s. Recently I have been invited into teaching sessions to talk with degree apprenticeship students about some of the subject areas covered at InfoSec in the hope that it could have a positive impact in their professional lives.
Lastly, I would like to extend my gratitude once more to UCISA for providing me with the opportunity to visit InfoSec.
Interested in finding out more about a UCISA bursary, then visit UCISA Bursary Scheme.

From the old to the new in tackling information security

Haydn Tarr
IT Service Development Manager
The University of Chichester
Report provided to colleagues at the University of Chichester’s IT, Library and Customer Service departments

InfoSecurity Europe Conference 2018

Overview

UCISA offer a bursary to attend conferences in fields relevant to HEI support staff. I have always held a strong interest in attending InfoSec Europe and the bursary presented a perfect opportunity to attend this year. InfoSec Europe is an annual conference which holds a strong focus on cyber security technology developments. This report will disseminate my findings from the conference and draw relevance to the University of Chichester.
InfoSec was split into two formats:
My visit to InfoSec Europe focussed on the sessions it offered and discussing these topics with other visitors concerned with cyber security. There were a number of themes which were touched on regularly.

Theme 1: Cyber security prevention and training

There are varying techniques used for protecting company data from cyber-attacks. I found at the conference that commercial organisations have mainly focussed on preventative measures, e.g. firewalls, email protection, blocking users, etc. These measures do help to mitigate the risk of data breach and infection, but paradoxically reduces this workforce’s awareness of the type of threats and techniques used by attackers to exfiltrate sensitive data.
Organisations are now becoming increasingly aware that this is no longer enough, and the focus is now on training and building awareness amongst the workforce in a bid to reduce the likelihood of a data breach by exposing potential threats to staff. A general message surfaced from the seminars I attended, which was that the workforce can be the biggest asset in preventing cyber-attacks. Some organisations harness this by raising awareness and sustaining a culture where staff are encouraged to report breaches. From the opposite end of this view, other antiquated strategies are in place to prevent the workforce from even coming into contact with potential viruses and untrusted emails in the first place.
A personal takeaway is that a balance needs to be struck between the two, in which I personally feel that the University has an advantage. I observed in other organisations that training initiatives tend to be a temporary notion. Both prevention and training are a continuous development, which will adapt with emerging security vulnerabilities.

Theme 2: Blockchain

Many tech vendors in attendance at InfoSec Europe are associating themselves with Blockchain, and building this into their research and development plans for future protection technologies. In recent months we have witnessed the rise and fall in media coverage (and value!) of Bitcoin. Blockchain, which Bitcoin transactions operate upon, is a transferrable technology which can be adapted to other types of digital transactions in making them more secure.
One technology I found interesting and could offer some value in the future was the use of Blockchain to provide an improved assurance of personal identity. By using Blockchain as a way of decentralising identity, more control can be put into the hands of the individual in how they share their information with other individuals and organisations. These parties can then have more confidence that the holder of this identity, is who they say they are. This could also offer the individual complete power in what specific information that they share throughout various online services, institutions, government portals, etc.

Theme 3: The old tricks still work

Traditional exploitation techniques such as email phishing, SQL Injection and other attacks have been used for almost two decades and are continuing to grow in adoption by adversaries. The rise of IoT (Internet of Things) is partially to blame for this as the surface area of potential vulnerabilities continues to grow. These vulnerabilities could be considered as older consumer electronics, connected to the internet but using old software and firmware, are unlikely to be updated. This becomes particularly problematic in the critical infrastructure industry where I witnessed a live hack on a maritime GPS navigation system. Bringing this back to the local environment, the necessity to maintain a patching programme across the University estate with a growing number of connected devices, has never been more critical.

The University is protected in every area on the network by various prevention solutions. Despite these, there is still a risk of infection or data loss due to persistent attacks which could circumnavigate these techniques such as email phishing or social engineering. These methods are still the oldest trick in the book, and at the University with a growing number of staff, this problem continues and is generally acknowledged throughout commercial and other organisations.

Theme 4: Artificial Intelligence and Machine Learning

These terminologies are often used to describe the next generation of learning ability in computer software. We are yet to reach the state where artificial intelligence achieves its true meaning. Machine learning, however has a big part to play in some of the advances in cyber security. Vast amounts of logging data is collected on a daily basis at the University and throughout other organisations. This logging data can be used for troubleshooting isolated technical issues and security events. Cyber security vendors are beginning to respond to this accumulation of logging data positively, by investing in machine learning R&D. Future developments could enable security technologies to learn behaviours and trends from the accumulation of collected logging data. This could help an organisation’s security posture to evolve in a more effective way to prevent and mitigate cyber-attacks. Vendors are advising that the sheer volume of data that is collected now, can be useful in the future – however, everyone needs to be mindful of GDPR.
Interviews with the keynote speakers from the conference are available along with presentations from the event.
Interested in finding out more about a UCISA bursary, then visit UCISA Bursary Scheme.