Category Archives: cyber security consultants

TalkTalk advised not to talktalk about their breach?

According the International Business Times, the Metropolitan Police advised TalkTalk not to discuss their breach. (you can read the article here)

Here, in conversation on the topic , is Advent IM Directors, Julia McCarron and Mike Gillespie and Security Consultant, Chris Cope.

Chris Cope small headshot

Chris Cope

“This is interesting as it shows the 2 different priorities at work.  For the police, the key aim is to catch the perpetrator.  This often means allowing an attacker to continue so they can be monitored on the network and their activities logged and traced without causing them to suspect that they are being monitored in such a way.  The Cuckoos Egg details how the Lawrence Berkeley Lab famously did just this in response to a hack of their system.  However, TalkTalk have a duty of care to their customers.  If personal information could be used to steal money, then they must weigh up the advice from the police, along with the potential impact of not publicising this attack on ordinary people. Its easy to see how a CEO can be caught in between trying to help the police, but also attempting to limit the damage to their customers.  Ultimately it’s a difficult decision, but one that could be made easier with correct forensic planning, i.e. working out how to preserve evidence of an attack, which can be provided to the police, whilst ensuring that normal services continue and customers are warned.  Making these decisions during an actual incident will only make a stressful time even more so; far better to plan ahead.”

Julia McCarron

Julia McCarron

“Totally agree … something to add…

This is a classic case of being stuck between a rock and a hard place. As Chris quite rightly says two different objectives were at play here and each had its merits. Ultimately it was a difficult decision to make but you can’t knock TalkTalk for once, as it appears to have been an informed one.

Whilst I also agree with Chris on the forensics front, experience has shown us that staff need to be aware of what to do ‘forensically’ in the event of an incident and this is often where the process falls down. Because such incidents are usually rare, the chain of evidence is often corrupted unintentionally because no-one knows what to do, or it’s no longer available due to the time lag in occurrence and detection.

Intrusion detection systems along with other technological measures will be an asset in reducing that time lag but key to success is scenario training. In the same way as we are seeing Phishing tests becoming the norm, especially in customer facing organisations like TalkTalk, is there a place for forensic readiness testing to ensure staff know what to do when a security attack occurs? Then vital evidence is at hand when hacks like this occur and the force awakens.”

Mike Gillespie_headshot

Mike Gillespie

“Totally agree, Chris. It’s a tough balance but the protection of the consumer should always come first in my opinion.

Forensic readiness planning is key and continues to be a weak area for many organisations – linking this with an effective communication plan is vital – and as with any plan it needs to be properly tested and exercised…….as do all aspects of cyber response…..using appropriate scenario based exercises.

All of this should be designed to drive continual improvement and to ensure our cyber response evolves to meet emerging threats.”

If you would like support for Cyber Essentials and completing your questionnaire, you can find details here

Advertisements

Are you still operating XP or Windows 2003? – A guest post from Julia McCarron, Advent IM Director

Whilst Microsoft’s utopia may be for us all to automatically upgrade every time there is a newAdvent IM Cyber Security Experts version of Windows, for many organisations this isn’t always an option. With some still coping with life after the recession the cost of upgrading to new platforms can be restrictive, especially if XP and Windows 2003 still works perfectly well and provides you with effective tools to operate business as usual. For others with large technical infrastructures, again the cost of upgrading can be a massive drain on time, resources and money and needs careful budgeting a planning over a period of time.

But with the withdrawal of support on Windows platforms and applications comes risk. Security patches no longer get issued, and as cyber security threats continue to be developed exponentially so these platforms become vulnerable to attacks.

Advent IM HMG accreditation concepts training

pics via digitalphotos.net

The obvious choice is upgrade as soon as possible. But if this is not an option you need to assess the risk of operating in a non-supported environment as part of your corporate risk strategy, and where required identify activities that can help you minimise risk. These could be more frequent external penetration tests, stricter acceptable usage policies, updates in security awareness programs or additional monitoring software. There are risk mediated options available but only if you go through the proper process of analysing the threats and impacts of not upgrading to your business.

But upgrade when you can …

Julia.

Cyber Security Solution suppliers to HM Government..

**PRESS RELEASE**

Advent IM Recognised as Cyber Security Solution Supplier to HM Government

HMGov_660_DIGI_AW

Media Contact: Ellie Hurst

 +44 (0) 121 559 6699,

bestpractice@advent-im.co.uk

Date :13.01.15

Holistic Security Consultancy and member of the Malvern Cyber Security Cluster, Advent IM Ltd, have today announced their confirmed status as Cyber Security Solution suppliers to HM Government.

Advent IM today announced their confirmed status as Cyber Security Solution providers to HM Government, following their longstanding and successful supplier relationships with several government departments. The scheme is administrated by the Department for Business, Innovation & Skills and enables certified cyber security suppliers to Government to be able to publicise the fact. This offers a distinct advantage to those businesses, enables the Government’s plan to work with more SME’s and also supports the export of UK cyber security expertise.

Advent IM Director, Julia McCarron said, “The supply of specialist IA consultancy services to the UK Government is the foundation upon which Advent IM was built and remains a very important sector for us. As an SME we value the relationships we have with HM Government departments and agencies and being awarded this status is important for our continued partnership development in this area. Therefore we are delighted that we have been recognised as an official Cyber Security Solution Provider.”

 

Advent IM joins other members of the Malvern Cyber Security Cluster who have been recognised for their contribution to HM Government cyber security by joining this scheme.

 

 

Issued:  130115                 Ends                                                    Ref: HMGCyber130115 – Advent –

 NOTES TO EDITORS

 

About Advent IM

Advent IM is an independent specialist consultancy, focusing on holistic security management solutions for information, people and physical assets, across both the public and private sectors. Established in 2002, Advent IM is a centre of excellence for security services, promoting the benefits of best practice guidelines and standards and the need to address risk management to protect against potential threats.

 
From its offices in the Midlands and London, its Consultants work nationwide and are members of the CESG Listed Advisor Scheme (CLAS), Institute of Information Security Professionals (IISP), The Security Institute (SyI), Business Continuity Institute and British Computer Society.

Consultants are also Lead Auditors for the International standard for information security management (ISO 27001) and business continuity management (ISO 22301), Practitioners of PRINCE2, a recognised project management methodology widely used within the public sector, CISSP qualified and Home Office trained physical security assessors.