Speaking from the main stage at DTX + UCX 2023, the Lastminute.com founder headlined a show lineup including ITV journalist Sameena Ali Khan, Meta Group Director Sophie Neary and ‘People Hacker’ Jenny Radcliffe – and issued a challenge to other firms to “do the work” on diversity.

Fox said that despite the availability of 30,000 female software developers in the tech space – statistics show the sector will never achieve parity at current rates of growth.

Of course, the diversity conversation must go beyond only focusing on gender diversity. “10 million adults still don’t use tech effectively or at all – and that’s directly related to socio-economic groups,” she stated.

At the dawn of a new realm of AI and digitisation, Fox said the industry needs “leaders who are intentful and focused” on diversity and environmental matters for true change, and that the opportunity ahead is great.

“The first trillionaire will be in climate tech,” she told her audience.

“The important thing is for new business leaders to make decisions with purpose.

“I don’t see us having a catastrophic relationship with AI, I think we’ll just become more productive. People’s jobs will change in the sense they will be able to do way more [of the important stuff].”

The subsequent panel titled “Twist and Shout” discussed the importance of a diverse talent pool. with Meta’s Sophie Neary emphasising that organisations “always have a choice”.

“Talent is equally distributed – opportunity is not.

“[But] we can make the change happen. Successful companies are the ones who are optimistic.”

On the same panel, PwC’s Cloud & Digital Lead Warren Tucker pointed out that 40% of business owners didn’t believe their current model would be fit for purpose a few years down the line – and that rapid change across the sector is inevitable.

Adaptation for the new realm will extend to cybersecurity and ethics, it was revealed across the event’s dedicated cybersecurity theatres, with speakers in cyber war and cyber resilience sessions urging firms to enhance their defence systems to combat advanced cyberthreats whilst focusing on the responsible use of AI.

Renowned social engineer Jenny Radcliffe added: “I’m yet to see AI replicate what a human social engineer can do – not that AI isn’t as brilliant as it is terrifying. [But] people are the most unpredictable entity you will ever come across. Feeding off experiential learning from a machine is never going to be as intuitive as a human.”

Meanwhile, Kelsey Hightower, former distinguished engineer at Google (just 100 out of 180,000) expressed the need to make open source software sustainable for the long term and less dependent on enterprise needs.

On the hype around AI, he commented: “You can rub AI on a can opener at the moment and you would get funding. If you are asking if AI is going to take your job, what is your job?

“My mantra: Make influence key, be authentic, and share the credit.”

Across 18 stages – including case studies, panel debates and peer-to-peer roundtables on cloud, networks, cybersecurity, DevOps, software engineering, UC, AI and data, DTX + UCX 2023 also served as a stage for sector achievements. Firms marked the event with the kinds of landmark announcements and product launches that mirrored the fast pace of change and exciting developments that visitors heard from the headline speakers.

DTX + UCX Europe 2023 Content Director Dominie Roberts said: “Bringing the best tech talent under one roof is what we do – and this year we have strived to improve the richness and diversity of our programmes which we are very proud of.

“Businesses are trying to keep their culture, infrastructure and operational design up to speed with the fast pace of tech change – and it is through events like these that tech teams learn how to navigate the latest tools and adopt the kinds of scalable, sustainable and inclusive strategies that will ultimately ensure their success as we enter the next realm.”

As speaker Jon Arnold summarised as the first day of DTX + UCX Europe 2023 wound down: “Occasions like this, where we can all come together to talk about the future, are important.

“We need events like this.”

DTX + UCX Europe 2023 continues with a full lineup today (Thursday 5 October) at the London ExCeL. More information is available online here. 

The post ‘No excuses – try harder’: Martha Lane Fox at DTX + UCX Europe challenges tech leaders to double-down on diversity appeared first on IT Security Guru.

Research commissioned by Sharp Europe – a major provider of business technology products and services to SMEs across Europe, found that around one third of the businesses had their operations impacted by a cyber security breach. These breaches included phishing (31%), malware (30%), data loss (30%), and computer virus attack (25%).

In addition, nearly a quarter have been subject to password attacks (24%) and cloud security issues (23%). Yet nearly two thirds (61%) lack confidence in their businesses’ ability to deal with and mitigate security risks. Given this, surprisingly three out of five (60%) of UK small businesses say their IT security budget will not be increased this year.

The pan-European research surveyed 5,770 professionals responsible for purchasing IT in their SMEs, on confidence in IT security capabilities and barriers to IT security investment over the next 12 months. It found that losing money, decreased customer confidence, and negative impact on the brand are the top business concerns when it comes to the impact of an IT security breach.

Colin Blumenthal, Vice President, IT Services at Sharp Europe, comments:

“Businesses operate in a complex digital environment, which poses increasing IT security challenges for companies of all sizes. For smaller businesses, without large IT resources, the risks can feel even more daunting. Threats are constantly changing– and trying to identify and prevent them all can leave those in charge feeling concerned, confused, and frustrated.”

“Every business, regardless of size, should do everything they reasonably can to protect their data and ensure their connectivity, whether through networks or devices, is as secure as possible. Seeking expert advice can help ensure the right IT security decisions are being made, a holistic security view is being taken, and that solutions are always up to date.”

Concern is being amplified by issues such as the rise of hybrid working and employees using their own devices. Worryingly, only 53% of SMEs in UK say they have encryption in place, and nearly two thirds (58%) have a strong password policy.

For more insights and advice on cyber security for SMEs, please visit sharp.co.uk.

The post UK SME cyber threat concerns on the rise in last 12 months as a quarter admit to being breached appeared first on IT Security Guru.

Though businesses recognise the increased threat, less than one in ten (8%) of the organisations who complete cyber risk assessments do these monthly while two in five (40%) conduct them annually. The failure to regularly assess cyber risk leaves organisations vulnerable to attacks and increases the risk of breaches going undetected for prolonged periods.  

A lack of human resource is contributing to businesses not measuring and testing their cyber defences regularly enough. Almost two thirds (62%) of respondents report that their cybersecurity team is understaffed. Of those organisations with unfilled roles in cybersecurity, 39% are looking to fill entry level positions that do not require experience, university degree, or credentials.  Typically, 44% of organisations state that they require a university degree to fill entry level cybersecurity positions when they have them. 

Chris Dimitriadis, Global Chief Strategy Officer at ISACA, said: “Our findings show that businesses are still struggling to find the right people with the right skills to manage cybersecurity. With cyberattacks on the rise, if we do not solve these challenges and address the gaps, businesses, ecosystems of supply chains and public sector bodies could be at threat from a lack of vital protection, detection, response and recovery. Businesses do not exist in isolation from their customers or the other organisations within their network, and a cyberattack on one part of the ecosystem can have consequences for everyone else. This is why holistic training is needed towards creating a safer world.” 

There are some simple steps businesses can take to tackle the cyber skills gap and improve their cyber resilience. Of those who are already making headway, half (50%) of the organisations surveyed are upskilling non-security staff, 46% are increasing the use of contractors or external consultants, and a quarter (27%) are adopting reskilling programmes.  

Cybersecurity professionals believe that hands-on experience in a cybersecurity role (97%), credentials held (88%), and completion of hands-on cybersecurity training courses (83%) are very or somewhat important when determining if a cybersecurity candidate is qualified. 

Chris Cooper, member of ISACA’s Emerging Trends Working Group, said: “If businesses are to maintain their cyber resilience in an ever-evolving threat climate, we must encourage and nurture talent in the cybersecurity industry. Employers are looking for people who already have hands-on experience, but we will only enable people to build that experience by creating more entry-level roles and investing in the right training and development for everyone in the industry, from the ground up.” 

Jon Brandt, ISACA Director, Professionals Practices and Innovation and Martin Van Horenbeeck, Senior Vice President and Chief Security Officer at Adobe will discuss these findings further in a webinar taking place on 3 October at 17:00 BST. To register, visit  

https://store.isaca.org/s/community-event?id=a334w000005hEsVAAU.  

A complimentary copy of the State of Cybersecurity 2023 survey report can be accessed at www.isaca.org/state-of-cybersecurity-2023, along with related resources. Additional cybersecurity resources can be found at www.isaca.org/resources/cybersecurity. 

The post The State of Cybersecurity: Cyber skills gap leaves business vulnerable to attacks, new research reveals appeared first on IT Security Guru.

Researchers found that just over 80 percent of applications developed by EMEA organisations had at least one security flaw detected in their most recent scan over the last 12 months, compared to just under 73 percent of U.S. organisations. In addition, the percentage of applications containing ‘high severity’ flaws was the highest of all regions, at almost 20 percent.

“Our data shows that organisations globally are continuing to deploy a worrying number of applications with a high number of flaws in the CWE Top 25,” said Chris Eng, Chief Research Officer at Veracode. “We did, however, identify interesting regional differences, particularly in terms of third-party or open-source code usage and the ways in which vulnerabilities are introduced across the application lifecycle,” he continued.

Analysis of data collected from more than 27 million scans across 750,000 applications helped to produce Veracode’s latest annual report on the State of Software Security. This new report showcases the EMEA-specific findings from those scans and applications, including results from UK, Germany, France, Italy and across the Middle East and Africa.

Numbers alone don’t convey the consequences of hackers exploiting software vulnerabilities. With organisations across EMEA utilising an ever more complex mix of third-party software to deliver their services, the exploitation of a serious vulnerability can impact thousands of victims at once. Earlier this year, a vulnerability affecting printing software tools PaperCut MF and PaperCut NG was actively abused by threat actors. Up to 70,000 organisations in 200 countries became potential victims, and law enforcement reports found threat actors successfully compromised vulnerable entities in the education sector.

Java and Third-party Code Introduce Significant Security Flaws

The research identified notable regional differences in preferred language usage, with Java revealed to be the preferred language for developers in EMEA. Teams using Java were found to remediate flaws at a slower rate than those using .NET or JavaScript, causing many of these flaws to persist or remain undiscovered for significantly longer. Moreover, as over 95 percent of Java applications are comprised of third-party or open-source code, Java usage is a key factor in the higher percentage of vulnerabilities introduced into applications in the region. This highlights the importance of software composition analysis (SCA), which picks up flaws in open-source code, and the research found a higher proportion of flaws reported by SCA in EMEA than in other regions.

As generative AI continues to gain strong traction in software development, the risk of vulnerabilities from external sources increases. A study, presented at Black Hat in 2022, showed vulnerabilities in 40 percent of code that had been written by large language models trained on vast troves of unrefined data, including millions of public GitHub repositories. It is therefore vital organisations leverage SCA tools to find and fix flaws, empowering developers to take advantage of AI without compromising the security of applications.

Applications Become More Vulnerable Over Time

The research also showed new flaws continue to be introduced into EMEA applications at a far higher rate across the entire application lifecycle than in other regions. While EMEA organisations keep updating applications, there was less of a focus on quality. After a five-year timespan, 50 percent of applications in EMEA continue to introduce new flaws, compared to just over 30 percent for the rest of the world. Overall, the baseline chance that a flaw will be introduced in any given month was 27 percent.

As such, EMEA organisations would benefit from paying more attention to the latter portion of the application lifecycle and scanning applications more regularly. They should also prioritise security training for developers, with the research finding completion of 10 interactive security labs reduces the probability of flaw introduction from 27 percent to about 25 percent in any given month.

“This year’s State of Software Security report shines a light on the importance of security across the entire software lifecycle, as well as the urgent need to address risks posed by third-party and AI-generated code,” Eng added. “Whilst across the board globally we are still seeing a concerning volume of vulnerabilities, these figures are higher in EMEA across almost all measurements. Development teams in this region must take the opportunity to automate software security for regular scanning, and carefully consider their use of AI tools, both to increase security and empower developers.”

The Veracode State of Software Security EMEA 2023 recommends four actions software development teams can take to improve their cybersecurity posture and is available to download here.

The global Veracode State of Software Security 2023 report is available to download.

The post Research reveals 80% of applications developed in EMEA contain security flaws appeared first on IT Security Guru.

In EMEA, insurance is by far the most attacked sub-vertical of financial services with 54.5% of all web attacks, which represents a 68% increase year over year. Insurance companies hold a huge amount of personally identifiable information, which makes them an attractive target for cybercriminals in contrast with other financial services organisations that hold mostly financial data.

The report also finds that as a region, EMEA experienced the most DDoS attack events (63.5% of attacks worldwide), which is nearly double the number in North America, the next top region (32.6%). The United Kingdom tops the list in EMEA at 29.2% of DDoS attack events, followed by Germany at 15.1%. Akamai surmises that the attacks on the European banks that are allies of Ukraine are financially and politically motivated by Russia’s continued war in Ukraine and are the primary reason for the increase in attack events in EMEA.

Other key findings of the report include:

• Between January 2022 and June 2023, DDoS attacks on financial services in EMEA equated to 1,466 of the 2,590 attack events across all verticals in EMEA and resulted in a 40% increase year over year in DDoS attacks when comparing Q2 2022 with Q2 2023
• DDoS attack events against the gambling, commerce, and manufacturing verticals in EMEA each also exceeded all other regions combined
• 24% of the scripts used by financial services organisations in EMEA come from third parties, which is notably lower than in other verticals (36%)

“As cybercriminals continue to follow the money, financial services remains a hugely attractive target. At the same, this is one of the most regulated sectors and hence it is essential for companies to align their security strategy with emerging laws and regulations,” said Richard Meeus, Akamai’s Director of Security Technology and Strategy, EMEA. “The High Stakes of Innovation: Attack Trends in Financial Services aims to provide insights that will equip this sector with the tools needed to improve security for their customers.”

The post Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023 appeared first on IT Security Guru.

Cybersecurity incident reporting falls short 

Keeper’s survey shows a lack of policies for cyber incident reporting, despite the growing risk of cyberthreats. Nearly three-in-four respondents (74%) said they were concerned about a cybersecurity disaster impacting their organisation and 40% of respondents said their organisation has experienced some type of cyber disaster.

Despite these concerns, the study confirmed that reporting breaches to a company’s leadership team and to proper authorities is often avoided.

When it comes to external reporting, 48% of respondents were aware of a cybersecurity attack that their organisation did not report to the appropriate external authorities.

And internally, 41% of cyberattacks were not disclosed to internal leadership.

Incident reporting is low; guilt is high

Of those who admit they’ve failed to report an attack or breach to leadership, 75% said they felt “guilty” for not doing so. Fear, forgetfulness, misunderstanding and poor corporate cyber-culture all contribute to widespread under-reporting of security breaches.

The top three reasons why an attack or breach was not reported to leadership:

• Fear of repercussion (43%)
• Thinking reporting was unnecessary (36%)
• Forgetting to report the incident (32%)

Organisational cultures do not prioritise cybersecurity

Despite the potential for long-term financial and reputational consequences, poor disclosure and transparency practices prevailed. Failure to report was largely based on the fear of short-term harm to the organisation’s reputation (43%) and potential for financial impacts (40%).

Respondents also cited a strong need for senior leadership to demonstrate a vested interest in the organisation’s cyber posture and stand beside their IT and security teams, providing the resources and support they need to report and respond to attacks.

A combined 48% of respondents did not think leadership would care about a cyberattack (25%) nor would respond (23%).

Nearly one-fourth of all respondents (22%) said their organisations had “no system in place” to report breaches to leadership.

“The numbers point to a need for organisations to make significant cultural changes around cybersecurity, which is a shared responsibility,” said Darren Guccione, CEO and co-founder of Keeper Security. “Accountability starts at the top, and leadership must create a corporate culture that prioritises cybersecurity incident reporting, otherwise they will open themselves up to legal liabilities and costly financial penalties, and place employees, customers, stakeholders and partners at risk.”

Best practices 

In the current high-risk security climate it’s critical for enterprises to encourage transparency and honesty in cyber disaster reporting, and to adopt best practices, policies and procedures to safeguard against ongoing threats. Some of the most effective ways to prevent cyber disasters, including password and privileged access management, are the simplest, yet most critical to protecting organisations.

*Methodology

Keeper commissioned an independent research firm to survey 400 IT and security leaders in North America and Europe to gain their insights on cyber disaster incidents, reporting and recovery. An independent research firm conducted the survey in 2023. Keeper characterises ‘cybersecurity disasters’ as any event that severely impacts the confidentiality, integrity or availability of an information system.

The post Keeper Security study shows cultural changes imperative to improve cyber incident reporting appeared first on IT Security Guru.

The way we work, socialise, and consume information has changed exponentially over the last few years. This has been driven owing to global macro and micro events, such as world health emergencies or the continued march of technological innovation. The result is our ability to understand, publish and consume information has changed radically.

Governments and businesses need to keep pace with the changing landscape of how society uses these evolutions and in doing so need to adapt their business models, security efficacy and accessibility for their users.

One such example is the explosion of remote work, coupled with the continued march towards ‘cloud-first’ technology consumption. Resulting in expectations from both internal and external stakeholders that services should always be accessible, fast, and secure. This presents a challenge: How do we secure such a disparate infrastructure where sensitive information is stored in various places, from datacentres to SaaS Services like Microsoft 365 and personal end-user devices?

Securing the user from the endpoint through to the application itself has become a key battleground in the protection of information, detection of data exfiltration, shadow IT, even network and endpoint health for pre-emptive troubleshooting. Typically, organisations need to retro-fit controls, tools, and policies into systems with varying levels of technical debt resulting in a disjointed approach. The culmination of this approach often sees multiple point tools with little-to-no integration being deployed. Ultimately presenting their own set of challenges to the organisation.

Another approach organisations are taking is to centralise security and network within one platform. This is called Secure Access Service Edge or SASE (for those of you wondering, it’s pronounced SASY). Simply put, SASE is a cloud-delivered, centrally managed security solution that encompasses network-level capability in a Software Defined Wide Area Network (SD-WAN). Both Gartner and Forrester have released their respective analysis on who they believe to be the players in SD-WAN and SASE.

Figure 1: SASE Architecture

A SASE architecture has the potential to enable organisations to design flexibility and scalability into their operational model without compromising security or user experience. The integrated nature of the platform means it is a strong launch pad for the adoption of granular Zero-Trust Access (ZTA) controls to organisations’ data and that of their customers.

The effective implementation of a SASE Architecture involves a deep understanding of the network, security, and end-user requirements to be successful. Typically, this means engaging multiple different teams in the organisation to clearly define requirements as well as what is supported. Next, we need to engage operational teams to define what they need to see to be able to support the organisation. For example, Digital Experience Monitoring (DEM), network-level events and logs. This may sound daunting, but doing this early on can mean the organisation can have a clearly defined roadmap for the adoption of a single technology that can cater for a multitude of different use cases from one platform. This drives down the Total Cost of Ownership (TCO) to the organisation using a common set of tools and skills within the respective teams.

Fortinet’s approach to SASE looks to extend far further than the current solutions, coining the term Universal SASE. Imagine an architecture where a single platform can secure and provide actionable intelligence for the network, endpoint, SaaS services, experience monitoring, IoT/OT equipment and even branch switches and access points. “A pipe dream”, I hear you shouting? Well, with Fortinet this is quickly becoming possible through the centralised management ethos and world-class security capabilities from FortiGuard Labs.

Figure 2: Some features and benefits of the Fortinet SASE solution

For a lot of organisations, the move from a traditional siloed network and security ecosystem is not a simple endeavour. Therefore, we need to map out a journey to get organisations to a point where they can utilise this flexible security and network method with ease. This is what a world-class cybersecurity partner can do for you.

Let us recall that proverb: The wise adapt themselves to circumstances. Find out more about how Fortinet is helping guide organisations to adopt a SASE architecture at the International Cyber Expo at Stand P70. Come and listen to my product innovation session at the Tech Hub stage called ‘The Journey to Secure Access Service Edge (SASE)’ at 13:25-13:45 on the 26^th of September.

By Dan Kendal, Senior Systems Engineer, Central Government, Fortinet UK

The post The Journey to Secure Access Service Edge (SASE) appeared first on IT Security Guru.

The annual DSIT study of Cyber security skills in the UK labour market consistently reveals a lack of basic skills, with the 2023 results indicating that 50% of businesses have a basic skills gap in relation to technical cyber security (estimated to equate to approximately 739,000 businesses). The basic skills referred to in this context includes areas such as configuring firewalls, detecting and removing malware, and choosing secure settings. The gap is lower in large businesses (18%), highlighting that smaller organisations face the more pronounced problem. Many SMEs are consequently ill-positioned to attend to their own needs, leaving them both exposed and dependent upon further support in the event of incidents, or when making security-related decisions (including those around technology adoption and procurement).  

More directly highlighting a challenge for smaller businesses, the latest release of the UK Cyber Security Breaches Survey suggests a drop in attention toward a range of basic cyber hygiene related activities, such as use of password policies, use of network firewalls, and timely application of security-related software updates (all of which have declined around 10% in the last two years). The survey observes that the results in large businesses have not changed, and so the difference is attributable to the SME community (and in particular, to the situation within micro businesses). While the decline may be explained by factors such as post-pandemic challenges and financial pressures during an economic downturn, the net result will nonetheless be that organisations are less protected and at greater potential risk from incidents and attackers (which in turn, could have more serious consequences and costs for the affected businesses).  Such factors further highlight the potential for SMEs to be even more exposed and in need of greater support. 

In parallel, SMEs face an increasing expectation to address cyber security and comply with good practice. An example is the increasing requirement for compliance with Cyber Essentials, where SMEs can potentially find themselves obliged to meet standards that they lack the skills to action.  

This backdrop provides the context for a new 2.5 year research project led by the University of Nottingham, in partnership with Queen Mary University of London and the University of Kent.  The aim of the research is to better understand the cyber security support needs of the SMEs (particularly those of smaller businesses), and to pilot a new approach that engages them in further supporting each other.  

The initial phase of the research seeks to establish SMEs’ current understanding and confidence around cyber security, as well as their awareness and perceptions of available support. It will examine the situations in which SMEs may seek advice and support (e.g. what happens when they have concerns, questions, or indeed, incidents), and the extent to which they feel that they achieve effective outcomes. At the same time, consideration will also be given to the existing routes for support, looking at the coverage and consistency of advice, as well as the confidence and capacity of those offering it. 

Based upon the findings from these initial activities, the research will then take a more specific focus by attempting to track and analyse individual ‘support journeys’ from participating SMEs.  The intention is to determine a set of related case studies, looking at the nature and extent of support being sought, and the factors that lead to successful or unsuccessful outcomes.  The ultimate aim of the project is to then use the collective findings to inform the design, implementation and piloting of Cyber Security Communities of Support (CyCOS).  

These will be a basis for local collaboration and cooperation between SMEs and associated advisory sources, with the community offering a basis for SMEs to identify and share their support needs and have contact with advisory sources positioned to help them (which may include peer support from other SMEs). The project aims to trial the operation of the CyCOS via three pilots, enabling a practical evaluation of the approach, with a view towards establishing a repeatable model that can be adopted more widely. 

SMEs that would potentially be interested in being kept updated or contributing to the work are invited to contact the research team via steven.furnell@nottingham.ac.uk.  

Equally, if you would like to learn more from Professor Steven Furnell on how we, as a cyber security community, can better support SMEs, be sure to attend his Global Cyber Summit session at International Cyber Expo (London Olympia) at 5pm on the 26th of September 2023.

He will address the following:

• Recognising the support needs of small businesses, including their current understanding and confidence around cyber security
• The coverage, consistency and accessibility of existing support routes available to SMEs
• The concept of Cyber Security Communities of Support, fostering localised collaboration between SMEs and advisory sources  

To register for FREE as a visitor: https://ice-2023.reg.buzz/eskenzi

The post SME Cyber Security – Time for a New Approach? appeared first on IT Security Guru.

In any environment where data is generated or sent to the cloud, cybersecurity plays a particularly crucial role. This applies to businesses where employees work at different locations and branches, transferring data over the network. Traditional IT security solutions face challenges in being complex, cumbersome, costly to manage, and, most importantly, outdated.

Modern technologies like Secure Access Service Edge (SASE) represent the next generation of network security. Porsche Motorsport recognizes this and employs this technology for its Formula E Team. However, this approach is transferable to any organization where employees work remotely, multiple branches exist, and data flows to and from the cloud.

Why is SASE relevant for Formula E and other technology – and data-driven companies?

It’s quite simple: SASE converges network and security functions onto a global cloud platform. Instead of dealing with multiple manufacturers and products, a central platform is utilized, where all components are harmonized to work seamlessly together.

Additionally, this solution operates precisely where data is generated, network traffic flows, and cybercriminals target – in the cloud. SASE brings security inspection and policy information to the data, rather than routing the data to a data center, which increases latency. Cato can be self-managed, co-managed, or fully managed, which eases the burden on companies that no longer need to operate and maintain their hardware. The solution is tailored to support each company’s specific needs.

Simultaneously, a dedicated team of security experts takes care of the underlying SASE infrastructure. This ensures that protective measures are up-to-date. Furthermore, the team monitors the entire data traffic for potential threats. This makes it challenging for attackers to successfully breach Cato’s customers’ networks. At the same time, this approach relieves the IT department and reduces costs for security components.

The Formula E races on numerous tracks around the globe. From Mexico to Great Britain, the USA, South Africa, Indonesia, Monaco, Spain, Italy, and of course also in Germany. At each of the tracks, the TAG Heuer Porsche Formula E team must quickly establish a stable, secure, and above all, fast data connection. The vehicle data must be provided to the engineers in the pit lane on-site, the cloud applications, and the operations room in Weissach in real-time to make strategically important decisions before and during the race. This results in approximately 400 GB of data being generated at each race weekend, which must be delivered swiftly, securely, and reliably to their respective recipients.

SASE = Security and Network Management

The SASE cloud platform not only serves the purpose of defending against attackers but also ensures the highest possible data transmission quality. The challenge lies in the fact that high-end data lines are not always available to the system. Instead, the data lines at various Formula E race circuits vary greatly in quality.

The Round Trip Time (RTT) for data between the race circuit and the TAG Heuer Porsche Formula E Team headquarters is approximately 80 to 100 milliseconds. A maximum bandwidth of 50 Mbit/s is used, which is identical for all Formula E teams. This demonstrates that the SASE cloud platform is valuable not only for high-end connections but especially in situations with varying qualities.

For example, at the Diriyah race circuit in Saudi Arabia, the jitter was nearly zero to one millisecond, and packet loss during a session was around 2%. The different applications had to cope with bandwidth and cycle times. The Cato SASE Cloud then maintains data volume and transmission stability and performance even under challenging conditions. The racing team often doesn’t know how good the technical infrastructure will be at the next location but relies on having stable, secure, and fast data connections.

Furthermore, latency times vary from location to location. This is where another strength of the Cato SASE Cloud becomes evident. It minimizes latency with its managed global and private backbone, reducing delays and packet losses caused by inefficient internet routing. At the same time, the Cato SASE Cloud maximizes data volume through integrated bandwidth optimization.

Since the system’s implementation, it hardly matters to the racing team whether they are in India, Brazil, Germany, or anywhere else in the world. Of course, the performance of the Cato SASE Cloud depends on local conditions and distances between nodes, but it optimizes the situation wherever possible.

Setting up Service Quality, Prioritization, and Real-Time Connections

The IT team sets up the SASE access node at the race circuit, and the system connects to the Cato SASE Cloud, enabling secure, high-speed data transmission. Here, it is also possible to prioritize data traffic, which is particularly relevant in locations with low bandwidth. For instance, voice calls can remain clear and distinct even when large data volumes are transmitted over the same connection.

Ultimately, the SASE cloud platform helps ensure that the relevant team members receive the right data at optimal speeds. Real-time transmission, comprehensively protected by the platform, is also possible.

The most critical data for transmission includes video streams, timing data, and intercom voice communication. Speed and reliability of transmission play a crucial role here. Large amounts of data are collected at the race circuits, and with the Cato SASE Cloud, the data can be downloaded and processed as needed by the engineers. It’s important that the data is transmitted to the central operations center in Weissach as quickly and efficiently as possible during data processing.

Thanks to the SASE Cloud platform, the TAG Heuer Porsche Formula E Team can rely on consistently stable, fast, and secure internet data connections.

The post Cyber security in Formula E: TAG Heuer Porsche Formula E team relies on support from SASE appeared first on IT Security Guru.

Millions of Brits[2] remain in the dark about the dark web – which among other things is a destination for cybercriminals to buy stolen personal data. While most Brits – 80% of those surveyed – have heard of the dark web, only 31% accurately answered that the dark web is a part of the Internet that can only be accessed using specialist browsers.

The research, conducted among 2,000 UK adults by Censuswide and commissioned by F-Secure,  a global leader in cyber security, found that Brits are unconcerned about the risks of the dark web with less than a quarter (23%) saying they worry about their data going on there, and 4%, the equivalent to two million[3] Brits naively believing they can remove their data from it. However, the reality is that once data is on the dark web, it’s impossible to get it off, leaving victims trapped in a constant cycle of their information being sold.

There is also a misperception that the dark web is monitored and policed for data leaks. A quarter of Britons (27%) would call the police if hacked – however, data being compromised isn’t always a police matter.

The research comes as a report by UK Finance found over £1.2 billion was stolen by criminals through fraud in 2022 – the equivalent to over £2,300 every minute.

While the dark web isn’t all crime and illicit behaviour, security experts at F-Secure are warning that consumers are not taking their data security as seriously as other aspects of everyday life. Many Brits are more likely to check their car’s oil and water (16%) and their boilers (14%), than they are to check if their personal data has been leaked online, despite the fact identity theft has real life consequences.

With increased digital transformation and high-profile data breaches happening with global brands the availability of personal data on the dark web is set to become even greater. F-Secure experts warn that consumer apathy about the dark web and data leaks could lead to financial and online identity difficulties for many if we don’t start checking our data security on a more regular basis.

Tom Gaffney, Principal Consultant at F-Secure, comments: “Data leaks can happen to anyone, leading to identity theft, financial fraud, and other forms of cybercrime. This emphasises the need for individuals to be proactive in safeguarding their data and understanding the steps they can take to mitigate risks. Almost a third of Brits (29%) don’t know what action they can take to mitigate the risks of their data being on the dark web. We must work together to change that.”

The dark web uses technology that allows anonymity. Sites found on the dark web are not indexed by conventional search engines and when a data breach happens, personal details often end up on this part of the internet, where they are sold to criminals.  Once data is in the hands of a cybercriminal it means a heightened risk of identity theft and financial fraud. Often individuals are unaware of this until they are refused credit or a mortgage application, at which point it’s often too late.

To help Brits mitigate the risks, Tom offers three tips:

• Regularly check to see if your data has been compromised using free online tools such as F-Secure’s ID Theft Checker. It takes less than five minutes to check if you’ve been compromised and it doesn’t cost a penny to do so.
• After receiving your report, change the passwords for the sites that may have been compromised. Use a good password manager to create strong individual passwords for each site. Never use the same password for multiple sites.
• Contact the companies where your data has been compromised, especially if it’s your credit or debit card.

To check if your data has been compromised visit F-Secure’s free ID Theft Checker tool here: https://www.f-secure.com/gb-en/identity-theft-checker

[1]. 14.13% of those surveyed is equivalent to 7,680,172 of the UK adult population (54,353, 665)

[2]. 14.28% of those surveyed is equivalent to 7,761,703 of the UK adult population (54,353, 665)

[3]. 4.49% of those surveyed is 2,440,479 of the UK adult population (54,353, 665)

The post Brits Are in the Dark About the Dark Web appeared first on IT Security Guru.