David Rowe, CISSP, member of the Infosecurity Europe Advisory Council and Head of Business Services for Reed Exhibitions – the organisers of the Infosecurity Europe Show, which will be held this April in London – explains why the latest Internet security report makes this event a must-attend entry in any financial security professional’s diary…
One of the biggest security headaches for any IT professional working in the banking and financial industry is how to ensure that their Internet-facing computer systems – which are often accessible for transactional and other purposes by public Internet users – remain accessible at all times.
Unfortunately, as the last 18 months or so have shown, the arrival of so-called `hacktivist’ groups like Anonymous has brought with it a problem known as a distributed denial of service (DDoS) attack.
Put simply, a DDoS attack is a bit like organising a major rally in the city of London and then telling everyone to enter the nearest office block using the revolving doors – the end result is a gridlock situation with no one able to enter or leave the building.
DDoS attacks are nothing new in the world of hacker attacks, but with increasingly sophisticated and organised `hacktivist’ groups such as Anonymous now operational, they pose a serious threat for any operator of a business Web site.
In a DDoS attack – with several hundred Internet sessions all trying to access a given Web site at once – we are replacing the people in our rally (as detailed above) with data packets, and with similar grid locked results.
According to a recent report from Internet infrastructure specialist Arbor Networks, in fact, DDoS attacks – whilst they are not new in the field of cyber terrorism – are now a major headache for a much wider audience, especially now that the motivations for the attacks have extended beyond the criminal domain into the field of political activism.
The analysis – Arbor’s 7th annual Infrastructure Security Report (http://bit.ly/yUVoQh) – notes that changing motivations behind DDoS attacks will require many organisations to re-assess their risk assessment models.
Here at the organiser’s office for the Infosecurity Europe 2012 show, we think that this calls for better education on the latest security defences, as hardly a week goes by without one or more organisation’s Web portals being downed by this type of attack.
The Arbor report, however, lays out exactly what is happening in bare statistics, with more than 46 per cent of respondents reporting between 1 and 10 DDoS attacks each month – and a further 44 per cent reporting 10 or more attacks.
Against this backdrop, it is clear that there is a need for a reworking of security strategies in many organisations – as well as a better understanding of the risks and solutions available to counter those risks.
And, as we have observed in the 17 years since the annual Infosecurity Europe was first held in London, good IT security education is now central to any form of planning and remediation strategies for the complex DDoS attack types identified in the Arbor report. This is why, of course, why we continue to invest heavily in our free education programme.
And with the Arbor report identifying increasing volume and complexity of DDoS attacks, with multi-vector DDoS attacks more commonplace – this year’s IT security education programme is certain to be a success.
According a recent IDC report (http://bit.ly/yYSMdU), DDoS attacks are not the only security headache that banking and financial service IT professionals have to contend with, as there is a growing threat from mobile malware..
Amongst the answers to this, the Akamai-sponsored report – entitled `New Threats Demand Innovative Responses’ – suggests IT security teams become more knowledgeable about the threat of mobile malware and banks continue to educate customers on how to recognise phishing attacks.
And this is why we invest heavily in a free IT security education programme that is unrivalled in the industry, allowing analysts, vendors and other security professionals to discuss – and impart – the latest technologies and trends with the business professionals that attend the three-day show.
One education seminar that is likely to attract a lot of interest at the show is a governance discussion entitled `The rising role of the CISO’ in which the panel will look at what makes a modern CISO/CSO and the communication skills that this vital business strategy role requires.
The video keynote at the show will be from Neelie Kroes, vice president of the European Commission and European digital agenda commissioner, who will be outlining the current and planned state of play regarding EU data privacy legislation.
Ms Kroes’ keynote will be eagerly awaited by many in the banking and financial services industry, especially now that the European Commission is planning new legislation on data privacy issues, with penalties of up to two per cent of an organisation’s global turnover in the event of a data breach taking place.
The keynote programme also features a timely session entitled `Defining risk management & what it means in the context of information security’ with a diverse panel that includes senior officers from Barclays Bank, G4S Secure Solutions, Steria UK and the Skipton Building Society.
The big topic at this year’s show will be the rising problem of advanced evasive threats (AETs) and advanced persistent threats (APTs) – which were used in last spring’s serious attack on the servers of RSA Security and which cost parent company EMC Group an astonishing $66 million to remediate during its second quarter alone.
The answers to the questions raised by this new and potentially serious attack vector will be discussed in the keynote theatre session entitled `AET & APT: is it really the next generation of attack?’ in which a panel of professionals from Electronic Arts, Lafarge and Visa Europe will be examining the topic with the benefit of hindsight.
When we first introduced the APT debate to Infosecurity Europe at the 2011 event, the panel reviewed the various types of attacks seen in the preceding twelve months. The big question this year – and one the panel will be keen to discuss – is how the defend against an AET/APT attack, which will almost certainly make this session standing room only.
And with other keynotes theatre sessions covering topics that include cloud security issues, the hacktivism issue, insider threats and staff trust, and a variety of risk plus governance topics, this year’s Infosecurity Europe show will be a must-attend entry in any banking and financial professional’s diary.
Our observations suggest that today’s IT security professionals need all the help they can get when it comes to better understanding the latest threats – such as the rise of mobile malware and DDoS attacks that threaten the integrity of their IT platform.
And with two-thirds of respondents to the Arbor report having deployed IPv6 technology on their networks – and the first IPv6 attacks already having been observed in the wild – we know that the Infosecurity Europe 2012 education programme will be sure to assist attendees as they develop their strategies to counter the latest threats that cybercriminals now pose.
Infosecurity Europe runs from the 24th – 26th April 2012, in Earls Court, London. To register free or for further information please visit www.infosec.co.uk -we look forward to you joining us for what promises to be an informative and educational event!
For more information on the show: http://www.infosec.co.uk
About the show:
Infosecurity Europe, celebrating 17 years at the heart of the industry in 2012, is Europe’s number one Information Security event. Featuring over 300 exhibitors, the most diverse range of new products and services, an unrivalled education programme and visitors from every segment of the industry, it is the most important date in the calendar for Information Security professionals across Europe.
Organised by Reed Exhibitions, the world’s largest tradeshow organiser, Infosecurity Europe is one of four Infosecurity events around the world with events also running in Belgium, Netherlands and Russia.