Tag Archives: cyber

Cyber Security Solution suppliers to HM Government..

**PRESS RELEASE**

Advent IM Recognised as Cyber Security Solution Supplier to HM Government

HMGov_660_DIGI_AW

Media Contact: Ellie Hurst

 +44 (0) 121 559 6699,

bestpractice@advent-im.co.uk

Date :13.01.15

Holistic Security Consultancy and member of the Malvern Cyber Security Cluster, Advent IM Ltd, have today announced their confirmed status as Cyber Security Solution suppliers to HM Government.

Advent IM today announced their confirmed status as Cyber Security Solution providers to HM Government, following their longstanding and successful supplier relationships with several government departments. The scheme is administrated by the Department for Business, Innovation & Skills and enables certified cyber security suppliers to Government to be able to publicise the fact. This offers a distinct advantage to those businesses, enables the Government’s plan to work with more SME’s and also supports the export of UK cyber security expertise.

Advent IM Director, Julia McCarron said, “The supply of specialist IA consultancy services to the UK Government is the foundation upon which Advent IM was built and remains a very important sector for us. As an SME we value the relationships we have with HM Government departments and agencies and being awarded this status is important for our continued partnership development in this area. Therefore we are delighted that we have been recognised as an official Cyber Security Solution Provider.”

 

Advent IM joins other members of the Malvern Cyber Security Cluster who have been recognised for their contribution to HM Government cyber security by joining this scheme.

 

 

Issued:  130115                 Ends                                                    Ref: HMGCyber130115 – Advent –

 NOTES TO EDITORS

 

About Advent IM

Advent IM is an independent specialist consultancy, focusing on holistic security management solutions for information, people and physical assets, across both the public and private sectors. Established in 2002, Advent IM is a centre of excellence for security services, promoting the benefits of best practice guidelines and standards and the need to address risk management to protect against potential threats.

 
From its offices in the Midlands and London, its Consultants work nationwide and are members of the CESG Listed Advisor Scheme (CLAS), Institute of Information Security Professionals (IISP), The Security Institute (SyI), Business Continuity Institute and British Computer Society.

Consultants are also Lead Auditors for the International standard for information security management (ISO 27001) and business continuity management (ISO 22301), Practitioners of PRINCE2, a recognised project management methodology widely used within the public sector, CISSP qualified and Home Office trained physical security assessors.

 

Advertisements

Sunday Times – Mike Gillespie on SME Cyber Security

Excerpt from The Sunday Times dated 16th February 2014

Small firms can be targeted for their clients’ data as well, said Mike Gillespie, director
of cyber research at the Security Institute, the industry body. “Look at the number of
small businesses that are suppliers or subcontractors to government and big business,”
he said.

 

Read the article in full here

Hacking Pacemakers, Traffic Systems and Drones – Cyber and Physical Worlds Collide

The Telegraph today ran a piece on a subject close to our hearts here at Advent IM, namely the cyber threat to our physical world. You can read it here

Regular readers will know we have expressed concern before that language can create barriers or false realities that can leave vulnerabilities and the prevalence of the use of the word ‘cyber’ is a good example of this. Cyber to most people conjures up the ethereal world of the hacker – that strange and dangerous electronic hinterland that few really grasp. Of course, this is dangerously inaccurate as many systems that control our physical world are networked and can therefore be hacked.

The late Barnaby Jack showed the world how he could hack into an insulin delivery system in a patient to effectively overdose that patient, he also managed to hack into an ATM system which then dispensed cash like a waterfall. The two worlds are converging quicker than our security awareness is growing.

Bringing the threat to our critical national infrastructure to the attention of the public at large is in one way unnerving but also very necessary.

Please have a look at our presentation on the topic, you will need sound…

Advent IM, Cyber Threat to Built Estate

Presentation with voice over from Mike Gillespie

Size Really Doesn’t Matter in Cyberspace

iStock_000015672441MediumSomething we have all long since suspected, today confirmed by Allianz – the insurance giant. Size does not matter. At least not when it comes to being a target of a malicious cyber attack.

According to Allianz, attackers are targeting large corporations by attacking their supply chains – smaller companies and SME’s that potentially offer more easily accessible ‘routes in’. Of course it is not always going to be the case but an SME perception of not being a viable target may be just that, a perception. Understanding what the real threat and therefore risk of an attack is, is vital. If you don’t fully understand what risk is posed to you and you potentially pose then you may be open to an incursion, even if you are not the prime target. You may not even know your systems have been used in this malicious manner.

So the question is, how robust is your security? Well, many large corporations are starting to demand evidence of stringent security as a matter of course. They understand some of the very real risks posed by their suppliers. According to an article in City AM today-

“Companies employing fewer than 250 employees are now almost twice as likely to be the subject of a targeted computer attack compared to 2011. By contrast, large organisations employing over 2,500 people have seen no increase in attacks over the same period”

A thorough independent and comprehensive Risk Assessment would be strongly advised in these circumstances. Being able to evidence your security posture is a positive enabler for many organisations, as it can open greater commercial opportunities up to work with larger corporations and Public bodies, however as the risk of these “piggy-back” attacks grows, these corporations are more and more likely to require evidence of the supply chain partners’ security.

Breakfast Seminar Sept 26th 2013

 

Please email breakfastbriefings@corpssecurity  to reserve a place. If you could copy us in ellie.hurst@advent-im.co.uk that would be really helpful.

Advent IM, Corps Security Seminar

Mike Gillespie Speaking on Cyber Security and Business

Cyber Attack and Hack – Is Our Use of Language Creating Security Vulnerabilities in Our Thinking?

Hacking and Cyber attacks have hardly been off our media front pages for a long time. But are businesses and organisations misleading themselves by referring to these incidents as ‘hacks’ or as ‘cyber attacks’? Are businesses actually limiting their thinking and thereby creating vulnerabilities by mislabelling these important events? There is a strong indication this might sometimes be the case.

When we talk about hacking we think about a variety of activities, from the lone, disruptive back-room coder, to the determined and resource-laden gurus of cyberspace who can 

cube

apparently enter our systems at will and remove whatever data they want – maybe government funded but definitely expert and dangerous. Of course, both of these exist but if recent surveys give us any indication of how much these remote threats actually affect our businesses and organisations on a daily basis, it would appear an important part of the threat puzzle is missing. 

According to the Verizon Data Breach Report 2013, more than three quarters of breaches utilised weak or stolen credentials. So either the malfeasant has taken a solid guess that the password will be ‘password’ or has potentially stolen a passcard to a server room or a myriad of other activities which are not hacking but are breach enablers. So the myth of the remote hacker is revealed, at least in the majority of cases to be just that, a myth. With 35% involving some kind of interaction in the physical world, such as card-skimming or theft it underlines the need to move the security focus away from solely cyber.

The same report showed that in larger organisations, ex employees were the same level of threat as existing managers. If we refer to the previous stat then a proportion of those stolen credentials could actually come from ex employees using their old credentials or credentials they had access to, in order to access company networks as happened in the ‘Hacker Mum’ story

Nearly a third of breaches involved some kind of Social aspect, this could be coercion of an existing employee, a phishing campaign or simply walking into a building and charming a staff member such as a receptionist (mines of information that they are) on a regular basis to get information on staff comings and goings etc. It could also involve surveillance of a business over an extended period, including its staff, visitors and contractors.

So the actual ‘hack’ or ‘cyber attack’ is quite an extensive way down the line in this kind of breach. It could have been in planning for months. On one hand this is worrying because our language has encouraged us to focus our attention on only one part of the process. It enables the already prevalent, ‘IT deals with security’ mindset, we have discussed in previous posts.  But in enabling this narrowed view, we are creating a vulnerability and ignoring the opportunities we will have had along the route of this breach to have halted it before anyone even logged on to anything.

A comprehensive program of Security Awareness training in-built into everyone’s role and that training being regular and refreshed, is one helping hand in preventing the attack reaching the actual hack stage. Simple things like ensuring everyone knows not to click on uninvited or suspicious looking links in emails for instance. Being aware of unfamiliar faces  in a building, regardless of whether they are wearing a high vis jacket or lab coat for instance. Social engineers love to hide in plain sight. 

So use of language has ruled out these elements being considered by all staff members, they hear the words ‘cyber’ and ‘hack’ and think it is IT’s responsibility and then carry on as normal. There are many points at which the hack could have been prevented by basic security hygiene or good practice.

It underlines to us that threat to our businesses and infrastructure are holistic and so should the response to that threat be. Yes, there is a threat from the faceless hacker, the determined and well funded professional as well as the random and opportunistic ‘back-bedroom warrior’. But many businesses and organisations are facing a people based threat first.  An old vulnerability being enabled in a new way – language.

Advent IM Cyber Threat and security consultants

Advent IM Security Cyber Security experts

 Advent IM cyber security experts

Advent IM at INFOSEC Europe and Counter Terror Expo 2013

The Security Insititute, Mike Gillespie, Advent IM Director

Mike Gillespie – Advent IM MD, newly elected Director for The Security Institute, is speaking at CTX

It is that time of year again and the great and good of the world of security will be gathering in our nation’s capital for two of our industry’s key events. This year is an exciting one for Advent IM as Mike Gillespie our Director will be speaking at Counter Terror Expo. More further on…


Advent IM will be around at both events and if you are hoping to meet up then there are a couple of options. If you are at Infosec on 23rd (day 1), we will be represented on the Malvern Cyber Security Cluster stand  – K84 as we are a member of this group. Or you can live tweet us and arrange a meet up @Advent_IM using the hashtag #AdventInfosecinfosec logo

Advent IM CTX Counter Terror ExpoIf you are attending Counter Terror Expo, you may be interested to know that Mike will be speaking at the Cyber Security and Electronic Terrorism Conference on the 24th at 9.30am. His subject will be The Cyber Threat to the Built Estate. Click here for details. If you want to meet up with one of the team you can live tweet us @Advent_IM using the hashtag #AdventCTX

If you are a Security blogger then you might be interested in the Security Bloggers Meet-Up on the evening of the 23rd April. You can sign up here and don’t forget you can also vote for your favorite Security blogs. The results will be revealed at the Meet-Up. 

If you are a member of The Security Institute then you will also be able to find us at the reception on the evening of the 24th. Again if you want to arrange to meet up via Twitter then you can tweet us @Advent_IM using the hashtag #AdventSyI

We look forward to meeting you and hope you enjoy these events.

MP900216025