On the anniversary, Eskenzi noted, in a blog published by the agency’s website:

“One of my colleagues just said to me what does it feel like to have been in business for so long? It’s a weird feeling as it’s just flown by and, honestly, I don’t feel that much differently to the day I started.  I still want to please our clients every day and go above and beyond – I want to impress them, make them look good in front of their colleagues and bosses, I want them to know they’re in safe hands, and that we’ll do what we say we’ll do. I want them to know they can leave us alone and we’ll dream up ideas that they wouldn’t have thought of and at the end of the year we can all celebrate together as we’ve worked as a tight knit team and achieved success together.  I want them to think of us a seamless team and a joy to work with, so that if they get sold, we’re still mates and can work together again. We’ve been fortunate enough to build many long-lasting connections like this.”

The agency is behind some of the community’s biggest events including the European Cybersecurity Bloggers Awards, the IT Security Analyst and CISO Forum and the Most Inspiring Women in Cyber Awards and event.

Eskenzi PR also runs the Security Serious Unsung Heroes Awards, which celebrate industry professionals who often don’t get recognised enough. This year’s awards are open for nominations now. To nominate visit: Unsung Heroes Award – Security Serious.

Additionally, in recent years, Eskenzi PR have been recognised with a Queen’s Award and, in 2022, they were recognised by the Exhibition News Marketing Awards as ‘Best PR Campaign’ for their involvement in the Nineteen Group’s International Cyber Expo. The International Cyber Expo 2023 is taking place on the 26th and 27th September at Olympia London.

The key to staying in and enjoying business so long? Yvonne says:

“However, I still wake up on a Monday morning, do my swim, and can’t wait to get into work.  I still get excited about the chance of getting my clients into the papers or onto TV; I’m still excited to hear what the team have achieved every single week on our Friday morning catch-up calls; and I still burst with pride when I see a graduate flourish and build in confidence and literally metamorphosize during the time with us.  And I still cry when they leave us, but I know it’s the nature progression and the way the world works.”

Eskenzi PR have also taken a stance on mental health in cybersecurity, with Yvonne Eskenzi going on to Found wellbeing and productivity app The Zensory.

The post Esteemed Cybersecurity PR Agency Turns 28 appeared first on IT Security Guru.

The UK Government recently issued a national statement that warns organisations about the potential for cyberattacks on CNI. The 2023 Edition of the National Risk Register predicts that, in the next two years, there is a 5 to 25% chance that a devastating attack will target critical infrastructure and cause physical harm. This report is based on an internal National Security Risk assessment, which factored in malicious risks the UK may be exposed to including terrorism and cyber-attacks, as well as non-malicious risks such as severe weather incidents. 

The report focused on several cyber-related risks, such as attacks on gas and energy infrastructure, fuel supply infrastructure, health and social care systems, the transport sector, financial infrastructure and retail banks, then assessed the risk this poses to national security. A majority of these infrastructures are intertwined, meaning an attack on one could have farther reaching consequences – unless important security controls are carefully considered.  

Gas Infrastructure

The UK gas infrastructure is responsible for delivering gas to individual users and businesses across the nation. In the event of a worst-case scenario, a cyberattack could disrupt the gas infrastructure to the extent that the entire system could fail. Under certain circumstances or conditions (i.e. winter) a system failure could lead to loss of life or physical harm to individuals caused by lack of heating, access to necessary medical treatment or a limited ability to safely use gas.  

Electricity Infrastructure

A failure of the electricity infrastructure, due to a cyberattack, could disrupt all other critical systems. Great Britain is known to have one of the most reliable energy systems in the world, and as such, maintaining it efficiently and safely is a top priority. A nationwide loss of power could create a ripple effect, causing disruption to internet telecommunications, water, sewage, fuel and gas supplies. In the worst scenario, such an attack would not only create social turmoil, but again, could lead to loss of life.

Health and Social Care Systems

Unfortunately, the UK has seen several cyberattacks on its healthcare infrastructure – the largest example being the widely-publicised WannaCry ransomware attack in 2017. Ransomware can cause severe disruptions within healthcare, as it can jeopardise sensitive patient health information and interrupt the critical systems that medical facilities need to operate. This directly impacts patient care and can cause physical harm.  In fact, we have already witnessed examples in which a cyber incident has impacted the health and safety of patients.  

Financial Infrastructure

Certain Financial Market Infrastructures (FMIs) are considered CNIs as they enable financial transactions to take place and provide a vital service for the UK economy. FMIs are considered high-profile targets for cybercriminals, and as such, must be resilient to significant cyber incidents. Any attack could take important systems offline, disrupt services, and increase the risk of fraud and operational losses. 

Assessing the Potential

The Government predicted that most serious incidents impacting critical national infrastructure would involve encryption, data theft, destroying data that CNIs rely on, or the disruption of operational systems entirely. The likelihood of such an attack for the next two years, however, has been scaled as a four out of five, which is still considered as ‘highly unlikely’ with a ‘moderate’ impact. Although the likelihood is deemed low, it is imperative that organisations prepare themselves for a worst-case-scenario. 

Findings from the World Economic Forum’s Global Cybersecurity Outlook highlight the issue further. The Report found that 91% of all respondents believe a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years and 43% of business leaders believe that cyberattacks will have a material impact on their organisations. Businesses of all sizes and in all sectors must prepare for the possibility of a breach and take concrete actions now to protect themselves.

Invest in Cybersecurity

Businesses must secure their networks and systems with consistent built-in security that protects all of the technologies they utilise across the company. This should include a secure password manager. Secure accounts and passwords can make a significant difference in keeping an organisation safe from unauthorised intruders or even malicious insiders. This is also important when it comes to supply chain attacks, as bad password practices within third parties could be the gateway into larger organisations.

Organisations should implement a Zero-Trust Architecture (ZTA) and Privileged Access Management (PAM) to prevent unauthorised privilege escalation and ensure user access roles are strongly enforced. Companies should also have security event monitoring in place to detect and block anomalous privilege escalation. Least-access policies help ensure users only have access to the data and resources required to perform their job duties.

Finally, there must be a shift in the mindset that security teams are the only ones responsible for security. C-suite executives must include security leaders in regular business reviews and plans, while organisations must consistently train all employees to recognize and avoid the latest attack vectors.  

The Time To Act Is Now

Cyberattacks against critical infrastructure hold the potential for disaster.  As operational and information technology converge, the opportunities and pathways for cybercriminals to target critical national infrastructure will only continue to grow. Meanwhile, cyberattacks are getting more sophisticated, increasing the risk of threats such as supply chain attacks and ransomware. And critical infrastructure remains an appealing target, because disruption no longer solely affects production and productivity, but could lead to physical damage and harm.  

Ultimately, when used for political purposes, cyberattacks targeting the sectors UK citizens rely on may be part of a larger effort to threaten operations, destabilise the Government or disrupt power grids, transportation networks and financial institutions.  In the digital age, it’s clear that cyber and traditional warfare tactics will continue to converge as threat actors use cyberattacks to both support and supplement physical attacks – with devastating consequences.  

The post Lessons From the 2023 National Risk Register Report   appeared first on IT Security Guru.

Maximus specialises in providing services for the US healthcare industry, specifically Medicaid, Medicare, health care reform, welfare-to-work and student loan servicing.

The company declared the incident to the U.S. Securities and Exchange Commission after becoming aware it had been impacted by the initial MOVEit vulnerability attack that has plagued organisations around the world. At present, it is unclear as to who the victims are or where they are from because Maximus also provides services outside the US, to countries such as Australia, Canada and the UK.

With the Clop ransomware group being attributed with the attack, Maximus joins a seemingly growing list of high-profiled companies that have been affected, which includes: the US Department of Energy, Shell, the BBC, British Airways and the University of Georgia.

We reached out to industry experts to gather their thoughts on this attack:

Elliott Wilkes, chief technology officer at Advanced Cyber Defence Systems:

“If ever there was an example of why you need to closely monitor and continuously evaluate the security of your suppliers and supply chain, look no further than the MOVEit vulnerabilities that were disclosed in June of this year. While the company behind MOVEit file transfer technology has released patches for the two zero-day vulnerabilities that were discovered in June, many large organisations aren’t very nimble when it comes to patching systems, even when critical vulnerabilities are exposed like this. This is perhaps the largest breach of this calendar year, but due to the challenge organisations have with patching their vulnerable systems in a timely manner, this won’t be the last breach due to MOVEit we hear about.

What’s interesting is that the company behind the MOVEit software appears to have all of its compliance-driven security checks and protocols in place, things like PCI-DSS and HIPAA, requirements to manage credit card and health PII, respectively. It is clear that these compliance frameworks are simply the starting point for security posture. Organisations that manage large swaths of customer data and sensitive personal information must perform regular and continuous audits of their systems, checking their configurations and versions for vulnerabilities. It is important to use multiple methods and vendors to perform rigorous security testing of your internal systems as well as the products you deliver to customers. This includes penetration testing but also establishing internal teams to perform continuous validation of your security. These can be enhanced with bug bounty programs that use monetary incentives to get ethical security researchers to test your systems. I’ve seen a fair number of SQL-injection vulnerabilities (like this one in MOVEit file transfer system) caught by ethical hackers working on bug bounties for key systems in the US government and beyond. This class of vulnerability is certainly not beyond the scope of regular programmes and security tools that have emerged in the past decade.”

Erfan Shadabi, cybersecurity expert at comforte AG: 

“A breach in the healthcare sector is highly damaging due to the sensitive nature of the data involved. It exposes some of the most private personal and medical information of an already vulnerable section of the population, leading to identity theft, medical fraud, and financial losses for individuals and organizations. Such incidents erode trust, impact patient safety, and incur heavy legal and regulatory consequences. Organizations, especially in the healthcare sector,  should prioritize data-centric security measures. By adopting robust data-centric security strategies, organizations can protect sensitive information at its core, mitigating the impact of potential breaches. Encrypted data, strict access controls, and continuous monitoring are essential components to safeguard personal and healthcare data effectively.”

Ray Kelly, fellow at the Synopsys Software Integrity Group:

“This massive exploit of the MOVEit vulnerability is yet another demonstration of the importance of securing the software supply chain when it comes to data privacy. The key takeaway for business leaders is clear—just a single vulnerability in one piece of a third-party vendors’ software can lead to the compromise and exposure of personally identifiable information across every organization that vendor services. Organizations should ensure that any third-party vendor performs regular security assessments across their entire portfolio and infrastructure, and also meets compliance policy standards such as GDPR and SOX. Unfortunately, adopting these practices is not a silver bullet and does not ensure your organization’s protection against a future ransomware attack via the software supply chain.”

The post MOVEit latest: US Government services provider Maximus hit appeared first on IT Security Guru.

In today’s digital age, every business, no matter its size, faces increasing cybersecurity threats, including the risk of data loss that can have severe consequences, ranging from financial losses – with annual costs of $10.5 trillion in 2025 – to disrupted operations and reputational damage.

Not only large enterprises but small and medium-sized businesses (SMBs) should realise the threat size, its origin, exogenous or from their inner circle, and the potential impact on their assets. Implementing an effective data loss prevention (DLP) strategy to mitigate these cyber threats and safeguard critical data is imperative.

SMBs are in danger

Data loss refers to the unauthorised or accidental destruction, alteration, or exposure of sensitive information. It can occur through various means, such as hardware failure, human error, negligence, or cybercriminal activities. Understanding the data loss threat and the impact of data loss on SMBs is significant.

The theory that cybercriminals, the sharks, go only for the big fish, the large-sized companies, proved faulty. CyberEdge Group’s ninth annual Cyberthreat Defense Report (CDR) highlighted that ransomware attacks’ main target was mid-sized businesses. This is because such an attack will likely avoid confronting large enterprises’ powerful cybersecurity strongholds or drawing the attention of law enforcement agencies.

On the other hand, small-sized companies are also vulnerable to increasing cybercrime and the rapidly evolving threat landscape since they need more resources to hire security professionals and need more expertise.

Data loss can have severe consequences for SMBs, including financial losses, legal liabilities that can lead to significant regulatory penalties, and loss of customer trust. For SMBs with limited budgets and resources, recovering from data loss incidents can be challenging, if not impossible. Data must be protected against exfiltration and exploitation, and SMBs must prioritise DLP programs to safeguard their data.

DLP strategy for SMBs

DLP refers to various techniques that safeguard information against unauthorised access, disclosure, or loss by threats like accidental data leaks, insider risks, and malicious attacks. Many regulations require businesses to implement a reliable and regulation-compliant DLP strategy, which demands an allocation of adequate resources.

To implement an effective DLP programme, it is essential to have a clear understanding of the types and locations of data an organisation manages. This knowledge helps security experts identify the most valuable and vulnerable data and determine the security measures to protect it.

A robust SMB DLP strategy shall incorporate the following:

• Risk Assessment and Data Classification: SMBs should conduct a thorough risk assessment to identify potential vulnerabilities and understand the value and sensitivity of their data. Businesses can prioritise protection efforts by classifying data based on its importance and regulatory requirements.
• Employee Education and Awareness: Human error remains a leading cause of data breaches. SMBs should invest in comprehensive training programs to educate employees about data security best practices, such as strong password management, recognising phishing attempts, and secure file handling.
• Access Controls and Authentication: Implementing strict access controls and multi-factor authentication (MFA) mechanisms can significantly reduce the risk of unauthorised data access. Limiting user privileges to essential functions and regularly reviewing access rights can enhance security.
• Encryption and Data Backup: Encrypting sensitive data in transit and at rest provides additional protection against unauthorised access. Regularly backing up data to secure off-site locations or cloud storage ensures its availability and recoverability in case of data loss.
• Data security and monitoring: SMBs shall deploy robust firewalls, intrusion detection systems, and antivirus software to safeguard their networks from external threats. Furthermore, SMBs shall implement or outsource effective DLP solutions to monitor data at endpoints, networks, and cloud locations, to control access to data in motion, at rest, and in use, analyse patterns of suspicious behavior that can lead to a data breach, alert security professionals, filter traffic based on DLP policies, and provide forensic data.
• Understanding Applicable Regulations: SMBs should know the data protection regulations that apply to them. Adhering to these regulations safeguards sensitive information and prevents any legal consequences.
• Privacy Policies and Consent Management: Developing and implementing clear privacy policies, including obtaining explicit consent for data collection and processing, establishes transparency and builds customer trust. SMBs should regularly review and update policies to align with evolving regulatory requirements.
• Incident Response and Breach Notification: A well-defined incident response plan enables SMBs to respond effectively to data breaches. Establishing protocols for breach notification, both internally and to affected parties, minimises the impact of data loss incidents.

DLP, a top priority for SMBs

Data leaks pose a threat to every organisation, but SMBs are at a higher risk. This is due to their lack of proper security infrastructure and insufficiently trained staff. Cybercriminals don’t overlook SMEs; they heavily target them because they are more vulnerable to data incidents.

Data loss prevention is paramount for small and medium-sized businesses in today’s cybersecurity landscape. Regardless of their size, SMBs must prioritise and implement a robust DLP programme to protect their sensitive data from unauthorised access, no matter how and where it is, maintain the trust of their customers, reduce financial and reputational risks, and ensure ongoing business operations.

About the Author: Christos Flessas is a Communications and Information Systems Engineer with more than 30 years of experience as an Officer of the Hellenic Air Force (HAF). He is an accredited NATO tactical evaluator in the Communication and Information Systems (CIS) area and the National Representative (NatRep) at Signal Intelligence CIS and at Navigation Warfare (NavWar) Working Groups. Christos holds an MSc in Guided Weapon Systems from Cranfield University, UK. He has also attended numerous online courses such as the Palo Alto Networks Academy Cybersecurity Foundation course. His experience covers a wide range of assignments including radar maintenance engineer, software developer for airborne radars, IT systems manager and Project Manager implementing major armament contracts.

Christos is intrigued by new challenges, open minded, and excited for exploring the impact of cybersecurity on industrial, critical infrastructure, telecommunications, financial, aviation, and maritime sectors. Christos is also a writer for Bora.

The post Data Loss Prevention for Small and Medium-Sized Businesses appeared first on IT Security Guru.

It begs the question; how come we ended up running an award that literally makes no money and takes a huge amount of time to organise for the heroes that work for me – Beth Smith and Nicole Sigrist?

It’s because there have never been any awards for the real people; the ones teaching, the mentors, those doing the seemingly boring stuff like compliance or infrastructure. And what about those amazing admin staff or coders and penetration testers who work way more hours than they should just because they feel duty-bound? Or those in government protecting us from state-sponsored attacks?

The idea of the Security Serious Unsung Heroes Awards came from a survey we did many years ago when we asked a simple question – do you often miss family events because of important work commitments? And would you believe it – an overwhelming 92% said ‘yes’.

It got me thinking – why doesn’t anyone recognise these proper heroes? The ones that literally protect our country, but you don’t know they exist because they quietly go about their jobs. As we all know, cybersecurity is a very modest industry made up of extraordinarily humble, good people.

So now, 8 years down the line, we’ve had almost 1000 nominees and given awards out to over 100 people from right across the country in all disciplines. We’ve enjoyed 8 wonderful evenings where everyone and anyone can join us to network and meet with other people in our fabulous industry.  So why wouldn’t we do it?!!

These awards are totally non-profit and the little money we get from sponsorship goes to pay for the venue, bar bill and the beautiful award trophies themselves. It’s a hoot – literally a piss-up in a brewery with a chance to meet up with friends and colleagues old and new and celebrate the people that make our industry so incredible. From teachers who pique the interest of young kids and lecturers at universities inspiring the next wave of cyber professionals to the people keeping our data safe or raising security awareness in their own organisations and beyond, we uncover these truly worthy award-recipients every year.

Even though budgets are getting tighter and people don’t have money for sponsoring events, we’re still going ahead as we have 3 very kind sponsors sticking their heads out and supporting the event for 2023. These include KnowBe4 – who are always hugely supportive of all our events, Decipher Cyber (winners from last year) and Bora – who all want to see the awards continue.

BUT we do need one more sponsor – so if you fancy being part of these awards and want to give back to the industry, we’d love to hear from you!!!

And if you know anyone who has gone above and beyond the call of duty – be it a graduate, compliance officer, CISO, marketing person, brilliant salesperson or just your favourite client doing great things for fostering diversity and inclusion or wellbeing, all you need to do is tell us why. Even our forms are simple and don’t take long so get thinking – nominations are now open and we’re looking for our heroes!

The post Why I started the Security Serious Unsung Heroes Awards appeared first on IT Security Guru.

The post Centripetal Extends Innovative CleanINTERNET® Technology to the Cloud appeared first on IT Security Guru.

To register for FREE, visit: https://ice-2023.reg.buzz/eskenzi-press-release-launch

Off the back of the inaugural event last year, ICE attracted over 135 exhibitors and more than 4,800 visitors from across the globe. The two-day event was well received and proved to be among the most inclusive, well-rounded, and attended cybersecurity events in the calendar. It caters to industry professionals of all backgrounds, from start-ups to established vendors, software developers to C-Level executives.

With networking a top priority for attendees, guests will have the opportunity to meet senior cybersecurity professionals from household names such as Google, Microsoft, Sainsbury’s, Tesco, Network Rail and Boohoo; as well as government representatives from across various departments, like the Home Office. Highly regarded members of International Cyber Expo’s Advisory Council such as Nick Bell (CEO, National Cyber Resilience Centre Group), Dr Emma Philpott MBE (CEO, IASME), Paul Chichester (Director of Operations, NCSC) and Juliette Wilcox, CMG (Cyber Security Ambassador, Department of International Trade) will also be walking the show floor.

International Cyber Expo 2023 event highlights will include:

• Global Cyber Summit: A combination of roundtable discussions, fireside chats and presentations that will look at real cyber issues impacting us today and in tomorrow’s interconnected world. This year, the Summit will explore themes such as the cyber skills gap, international perspectives surrounding the rise of artificial intelligence including ChatGPT, as well as the recent introduction of significant legislative changes in the industry. Uniquely, this year’s Summit will also look at the Russian cyber attacks on Ukraine and elsewhere, from a Ukrainian perspective with close advisors to the country’s government agencies weighing in. 
• Tech Hub Stage: An opportunity for vendors to launch products/services and talk about real-life applications and case studies of game-changing solutions. 
• Senior-Level Roundtables (by invitation only): An intimate get-together of 8 – 10 Chief Information Security Officers and other senior representatives exploring the latest challenges they are facing, and their insights on emerging trends. 
• Immersive Cyber Demonstrations: Professional actors from Crisis Cast deliver immersive demonstrations on how to prepare for cyber threats, explore vulnerabilities and survive in the new age of information warfare.
• Connect+ Live: A meeting service to connect qualified international buyers with sellers based on their buying needs.
• International Pavilions: A range of International Pavilions expand the market opportunity and international nature of this high-level cybersecurity event.
• Government Zone: With support spanning the Home Office, UKDSE, UK Cyber Council, Joint Security and Resilience Centre (JSaRC) and more, the Government Zone provides a central meeting point for visitors to network and discover the latest projects and plans for the UK’s future with the most senior and influential figures in UK Government departments, organisations and agencies.
• Cyber Griffin Tabletop Exercise: The award-winning tabletop exercise is designed to explore the decisions that people make in real-life scenarios in order to protect their businesses from modern-day threats.

“We are thrilled to be opening registration for International Cyber Expo, our London-based cybersecurity event, in its second consecutive year. We have already received an astounding amount of interest from both exhibitors and visitors alike, and we cannot wait to reconvene in September this year for another great event,” said Rachael Shattock, Group Event Director at Nineteen Group.

To register for FREE, visit: https://ice-2023.reg.buzz/eskenzi-press-release-launch

The post International Cyber Expo 2023 – Registration is now OPEN appeared first on IT Security Guru.

Phishing emails continue to be one of the most common methods to effectively perpetuate malicious attacks on organizations around the globe. Cybercriminals are always refining their strategies to stay one step ahead of end users and organizations by changing phishing email subjects to be more believable. They prey on emotions and aim to cause distress or confusion in order to entice someone to click. Phishing tactics are changing with the increasing trend of cybercriminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.

Holiday phishing email subjects were also utilized this quarter with incentives such as a change in schedule, gift card and spa package giveaway used as bait for unsuspecting end users. Tax-related email subjects became more popular as the U.S. prepared for tax season in Q1.

“Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic,” said Stu Sjouwerman, CEO, KnowBe4. “Emails that are disguised as coming from an internal source such as the IT department are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as skeptical. Building up an organization’s human firewall by fostering a strong security culture is essential to outsmart bad actors.”

To download a copy of the Q1 2023 KnowBe4 Phishing Report infographic, visit here.

The post KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend appeared first on IT Security Guru.

Nominations are open now and the event will take place on the 20th of June 2023 at Tapa Tapa restaurant near London’s Excel from 6pm, after doors close for Infosecurity Europe that day. Previous award winners include renowned blogging and podcast stars such as Troy Hunt, creator of Have I Been Pwned, Smashing Security co-hosts Graham Cluley and Carole Theriault, and Geoff White, creator of the Lazarus Heist.

“Cybersecurity is an immense topic with many different facets. There are some truly exceptional people within the cybersecurity community working to spread awareness, educate the public and discuss the cybersecurity issues that really matter,” said Darren Guccione, CEO and co-founder of Keeper Security. “We’re proud to be sponsoring the European Cybersecurity Blogger Awards that recognise these blogs and podcasts, and the influencers behind them, for all the positive work they do for the industry.”

Awards will be given to worthy recipients with titles such as The Noob for best new blog/vlog/podcast, The Teacher for best educational blog/vlog/podcast, The Tech Whizz for best technical content and the Best Social Media Account to Follow. Finally, The All-Rounder will be awarded to the best overall blog/vlog/podcast.

“I’m pleased to have taken part in these awards in some capacity over the past decade, having won a few myself,” said Javvad Malik, lead security awareness advocate at KnowBe4. “Content is continually evolving and it’s great to see more vlogs and podcasts emerging that keep cybersecurity discussions intriguing and yes, it is possible that they’re often humorous and occasionally fun. I love the idea of taking a subject like cybersecurity that may be thought of as dull initially and turning it into something that is truly insightful, as well as entertaining.”

Nominations will close on Thursday, the 20th of April 2023. A shortlist will then be revealed and opened to the public vote. The results will be tallied and combined with the judges’ – including Keeper’s Darren Guccione, KnowBe4’s Javvad Malik, Yvonne Eskenzi, founder of Eskenzi PR, James Coker, editor at Infosecurity Magazine and Niamh Vianney Muldoon, CISO at Fenergo –  top picks to determine the winners. Finally, the process will culminate with a live, in-person event at Tapa Tapa restaurant, next door to the Excel Conference Centre, on the first evening of Infosecurity Europe (20th June 2023).

To nominate, please visit: https://forms.gle/8H4xPF4YGZzy8EMWA

Register for the event here: https://www.eventbrite.ie/e/european-cybersecurity-blogger-awards-2023-tickets-602699439247

The post Keeper Security and KnowBe4 Sponsor European Cybersecurity Blogger Awards 2023 appeared first on IT Security Guru.

The microscope has been on TikTok in recent months and has come under increased scrutiny due to fear is that user data from the app owned by Beijing-based company ByteDance could end up in the hands of the Chinese government.

The ban is in place with immediate effect following a security review ordered by ministers and is part of a wider range of restrictions brought in for third-party apps on government devices. The strict measures have been brought in to improve cyber hygiene, protect sensitive data that government officials have access to as well to prevent location data harvesting.

In recent months, many countries have brought in law to ban TikTok from government-owned devices including the US, Canada and the European Commission.

When the announcement was made, the cybersecurity community was quick to provide thoughts and insight…

Javvad Malik, lead security awareness advocate at KnowBe4:

It appears as if the UK is following in the steps of the European unions ban on TikTok on government devices. Risk assessments need to be undertaken and any apps which pose a threat to the government should be removed. However, there is a lack of transparency in these efforts and no real indication is given as to the actual data which is collected by TikTok and who it is shared with and for which purposes. If we were to apply this principle to other social media sites, and mobile apps in general, then many of the apps would not pass this bar. If there is a political risk, then this should be stated so that others can make informed risk decisions too, rather than using the blanket term that is being done for cybersecurity reasons – because most apps will collect data and transmit it to third parties. 

Tom Davison, Senior Director Engineering International at Lookout:

Chris Handscomb, EMEA Solutions Engineer at Centripetal: 

Just a decade ago, the notion of corporate managers and government officials possessing smart mobile devices that could instantly access work information was a novelty. Today, these devices are ubiquitous, internet speeds have vastly improved, enabling individuals to consume copious amounts of high-quality content at the click of a finger.However, with this heightened connectivity, communication, and entertainment, there is the possibility of malicious actors exploiting device vulnerabilities and gathering sensitive data. This sometimes very personal data can then be on-sold to the highest bidder creating a risk factor for companies and government agencies where (potentially compromised) individual contributors are handling sensitive trade or state secrets and may now be vulnerable to blackmail.It is therefore imperative that companies and government agencies prioritise their security measures, safeguarding their employees and enterprises from potential threats.

The post TikTok to be banned from UK Government Phones appeared first on IT Security Guru.