Chatback Security - A Blog About Protective Security

Counter Terrorism: Potential Indicators of Terrorist Activities or It's Probably Nothing, But....

2012-03-04T14:58:00.004Z

'It's probably nothing' but your call could save lives - that's the message of a Metropolitan Police Service (MPS) counter-terrorism publicity campaign which seems to get reincarnated each year. It's supported by radio, poster and 1.4m leaflet drop to households in London.

Overall its actually a good campaign and asks the public to question the norm - just in case it's something much more.

This however compares to the recently publicised FBI campaign which includes these actions as deemed 'suspicious':

Using multiple mobile sim cards
Pays with cash
Communicates using VOIP
Uses encryption
Trying to shield your computer screen from others

Sound familiar? Some of these are basic security measures which I and people I know do, but are we terrorists - I think not! The full details of the 25 FBI campaigns can be viewed here.

So its MPS 1 - FBI 0

In the UK call the confidential

Anti-Terrorist Hotline

At a glance, the story so far at TECH:TOUCHSTONE Information Security Summit

2012-02-28T15:44:00.001Z

Today I attended day one of the Information Security Executive Summit delivered by Tech:Touchstone at the Richmond Hill Hotel. This is a summit where practitioners and end users meet in a speed presentation dating environment. An environment I think works quite well if you are considering purchases in the InfoSec application arena.

The day started with the usual introductions and housekeeping by the event Director Russ Morrow @russmorrow then straight into an Opening Keynote on Data Leakage by the Global Head of Information Security at UBS, who may have been lost in translation a little by basically he was saying that although good any Data Leakage tool on their own are useless. It's more about policy, processes, procedures, people, culture, very refreshing. Then we moved onto the PCeU and DI responsible for Industry Liaison who shared with us the background of enforcement input combatting cybercrime.

When attending an event similar to this you have to undertake a number of networking and 1-2-1 sessions with sponsors, which is certainly a fair trade for attending and participating. There is always a constant supply of coffee and it's never the hard sell, so I think most people are happy to trade.

After a break it was the turn of the Information Commissioners Office (ICO) and their principle policy advisor, who and you probably won't be surprised certainly got the attention of those attending supported by a lively discussion.

You can always measure a summit or conference by the facilities, presenters and food provided and so far Tech: Touchstone haven't disappointed. Mini Fish and Chips on offer, I might be easily pleased but that gets my vote straight away.

Coming up in the afternoon session are speakers from The BIG Lottery Fund talking mobile working and closing with the Head of Information Security from Oxfam. More to follow, but so far very impressed on day one, day two can go either way but that's down to me as I'm presenting in the afternoon on security risk, assurance and what type of things affect me from a very noon technological int of view.

Of course before any of that is drinks, more networking And a gala dinner as organised and prepared by the renowned chef Brian Turner who retweeted one of my earlier tweets saying I was looking forward to dinner tonight and that was about 10am in the morning.

More to follow but for now if you want to follow proceedings at the summit search and follow #techtouch on twitter.

Catch up soon. Richard

Posted using BlogPress from my iPad

Signcraft are Gloucestershire's oldest
and most respected sign makers

Press Release - Tech:Touchstone: Information Security Executive Summit 2012

2012-02-20T20:12:00.000Z

I am attending and presenting at the following Information Security Summit. The organisers contacted me today and asked if I could share today's Press Release. Please see below the composed release for the Information Security Summit that I will no doubt talk more about before, during and after.

Tech:Touchstone announces its 3rd Annual Information Security Executive Summit from the 28th - 29th February at the Richmond Hill Hotel. The 3rd Annual Information Security Executive Summit will cover the critical issues and considerations that Information Technology and Information Security leaders need to be mindful of when planning their IT strategy for 2012 and beyond.

Speakers at the event include: Tony Hird, Chief Technologist at British Airways Plc, Christophe Gabioud, Global Head of IS at UBS Investment Bank, and Michael Paisley, Head of IS, DP & Business Resilience at Santander UK Group. Each speaker will bring their unique take on how their business implements Information Security Strategy and Technology on a daily basis, as well as the major trends to look out for in 2012.

The summit brings together the most decision ready Senior IT Executives, the foremost Analysts and Vendors in the Information Security Technology Community to network, discuss and learn about the latest developments in Information Security. It has proved crucial for many businesses to assess their current technological standing and build new relationships and alliances in markets which rely more and more heavily on technology for day to day business process.

“We are excited to host such a high level group of thought leaders in the Information Security space representing some the UK’s largest organisations” said Simeon Turner Managing Director of Tech:Touchstone, “The new threats created by increased workforce mobility and the move to cloud infrastructures is forcing constant reassessment of key strategies. We look forward to facilitating an engaging debate!”

The Information Security Executive Summit 2012 will look to build upon previous year’s success of bringing the best in business together to formulate and build new partnerships. Sponsors of the event include: Symantec, TrendMicro, Imperva, Caretower, Netwrix, FoxT and Loghythm

About Tech:TouchStone

Tech:Touchstone creates business-to-business events, with its latest event being the Information Security Executive Summit on the 28th-29th February, for the IT sector where face-to-face communication is paramount to fully understand complex issues, solutions and value propositions.

The company's portfolio of events focuses on areas of strategic industry debate and growth market sectors, with the aim of creating a collaborative learning environment for time-poor IT executives and to facilitate high value, quality interactions between all participants.

If you’re interested in attending this event or any other please contact the Tech:Touchstone team on 0208 166 4390 and follow them on Twitter @TechTouchstone

Job Opportunity: Head of Security - Olympic Park Legacy Company

2012-02-01T21:10:00.000Z

Head of Security

Comprehensive Benefits Package + Local Government Pension Scheme

Salary: £68,058 per annum

2 Year Fixed Term Contract

Role based in East London

Harnessing the energy and investment from the London 2012 Olympic and Paralympics Games, the Olympic Park Legacy Company will oversee the transformation of the Olympic Park into a thriving new community over the next three decades.

In order to achieve our vision, we are now looking to recruit an exceptional and dynamic Head of Security within our Park Operations and Venues directorate.

The Head of Security will be responsible for the development and implementation of robust security strategies, programmes and arrangements across the Queen Elizabeth Olympic Park, including interaction with venues and events. This is a key role in creating and maintaining a new destination for London, with a quality park, incorporating world-class venues and events at its heart.

You will develop and maintain strong relationships with the Metropolitan Police on a London-wide basis and at a local borough level. You will work closely with key stakeholders and be aware at all times of any security threats or matters that may affect the Park, its infrastructure and venues.

You will have an appropriate security background and understanding, and possess first class communication skills to engage with all security personnel working across the Park with various operators and working within the agreed Company strategy in an appropriate and collaborative manner.

To apply for this position please download an application pack below and email your completed application to:humanresources@legacycompany.co.uk

Aternatively, you can post it to us at our address as detailed on our Contact Us page. Please state ‘FAO: Human Resources’ on the envelope. Please note CVs will not be accepted.

Interviews are anticipated on 23^rd February 2012.

The closing date for this position is 5pm on 15^th February 2012.

More details can be found on the Olympic Park Legacy Companies website

Resources

Job Description

Application form

Equal Opportunities form

Chatback Security's Word Cloud - Physical Security, Personnel Security and Information Security

2012-01-30T22:21:00.001Z

Security Threat Report 2012 - Hacktivism, Cybercriminals and Malware

2012-01-30T18:07:00.000Z

Foreword by Gerhard Eschelbeck, CTO, Sophos

Over the past year we in the IT security industry have seen a growing awareness of the work we do.

In 2011, a number of highly visible cyberattacks made news headlines around the world, but the underlying problem affects us all. It seems that the cybercriminals are getting bolder in their attacks as the availability of commercial tools makes mass generation of new malicious code campaigns and exploits easier. The net result has been significant growth in volume of malware and infections.

And for 2012, I anticipate growing sophistication in web-borne attacks, even broader use of mobile and smart devices, and rapid adoption of cloud computing bringing new security challenges.

The web will undoubtedly continue to be the most prominent vector of attack. Cybercriminals tend to focus where the weak spots are and use a technique until it becomes far less effective. We saw this with spam email, which is still present but less popular with cybercriminals as people deploy highly effective gateways. The web remains the dominant source of distribution for malware —in particular malware using social engineering, or targeting the browser and associated applications with exploits. Social media platforms and similar web applications have become hugely popular with the bad guys, a trend that is only set to continue.

Click above image to read
full the report

The rapid inflow of consumer-owned smartphones and tablets is causing significant security challenges for many organizations. IT departments are being asked to connect devices to corporate networks and secure data on these devices, which they have very little control over. Due to the high degree of mobility, security requirements are plentiful, including enforcement of use policies, corporate data encryption, access to corporate networks, productivity/content filtering, and of course malware protection. The unique nature of modern form factors (in terms of processing power, memory, battery life) requires rethinking of security and defense mechanisms.

Cloud computing is one of the most significant revolutions in delivering software applications to users, and can significantly improve the effectiveness and manageability of security solutions—web security, data protection, or even endpoint and mobile security managed via the cloud are great examples. The service model takes the burden of managing applications away from the user, but introduces new issues of security and privacy for data at rest and in transit.

Protecting data in a world where systems are changing rapidly and information flows freely introduces a whole new set of people, process and technology challenges, reinforced by enhanced scrutiny by compliance and regulatory bodies. As we all radically reform the way we communicate and share data, we can expect cybercriminals to hook themselves into these systems to tout their nasty malicious code.

With this edition of the Sophos Security Threat Report, we want to share our latest research on hacktivism, online threats, mobile malware, cloud computing, and social network security. And we offer a look ahead to the coming year.

Best wishes,

Gerhard Eschelbeck

CTO, Sophos

What do you do when your twitter account has been compromised.

2012-01-28T21:12:00.001Z

Like most out there I have received lots of DM's from twitter followers recently that would either not usually contact me or that are not following me. Now, I don't believe my account has been compromised and up until yesterday I didn't do anything about others that had contacted me. On Friday though I received a couple of DM's from a family relation telling me I should see what others have been writing about me on twitter, this caused me alarm as I know they would not be bothered what was said about me, but I spoke to them and advised them they should change their password and check to see if their twitter account had been used to authorise other applications as a bit of a starter for 10. But, today I received a mail-shot from and saw the Naked Security twitter feed giving the best information I have seen so far. So I thought i'd share it, thanks to all at Naked Security as always very helpful and relevant information.

Best Regards Richard

@securityspeak

Orginal Source: Naked Security : Many Naked Security readers email our tips email account every day asking for help when their online accounts are compromised.

I thought it might be a good idea to provide a step-by-step guide to recover from some common attacks people fall victim to, beginning with Twitter.

There are two primary methods for your Twitter account to become compromised. Either you authorized a malicious application to connect to your account, or your password was guessed/stolen.

The first thing to do as soon as you notice a problem is to scan your system with an up to date anti-virus product to be sure your machine isn’t infected and doesn’t have a keylogger installed. Next you need to set a new password. As always we recommend selecting a strong password that is unique for each website.

If mixing numbers, letters, punctuation and case is too complicated (because you aren’t using a password manager) then the most important thing to remember is that size *does* matter. Going long is better than something short with a number on the end.

Then you should review the applications you have granted access to your Twitter account. To view the list log in to Twitter, select your account in the upper-right corner and choose settings, then click on the Applications tab.

You’ll notice this account has a rogue application installed, Your Profile Views, that has already been suspended by Twitter.

You could just revoke access to any applications you don’t trust, but I recommend starting over and revoking all of them. You can simply reauthorize any applications you are actually using as you need them.

The last step is to tweet out an apology to your friends and be sure to alert the Twitter team by sending a message to @safety.

To stay aware of the latest scams and warnings, it is a good idea to follow @safety as well as @NakedSecurity, and even @spam if you wish to stay abreast of the latest spammer activity.

Often corporate accounts can fall victim to hackers, most often from insecure choice of passwords and the need for multiple people to be able to tweet from the accounts to maintain 24/7 coverage.

There are some great solutions that can help you ensure the shared account has a good password without needing to share it.

Services like GroupTweet and HootSuite allow you to delegate tweeting to other user accounts and even moderate tweets before they are posted (in the paid versions).

This won’t prevent your employees from choosing a poor password for their own account, but with the moderation feature you can prevent any damage to your brand by accepting a bit of management overhead.

I hope this is helpful to those of you who need to recover your Twitter accounts and for those of us who have to help bail out our friends when they are in trouble.

I will continue to update this article with any additional insights posted in the comments and keep it as a living post.

Mobile Phone Hacking and How To Prevent It

2012-01-24T09:53:00.000Z

Mobile phone hacking isn't a new phenomenon it has been taking place for years, it normally occurs via two methods:

Voicemail hacking – somebody remotely listening to your phone’s voicemail messages

Data hacking – somebody viewing or stealing information stored on your phone (or a PC based backup), such as phone numbers, bank account details and emails.

Celebrities have been the main targets for the mobile phone hacks because that apparently sells newspapers but fraudsters will also target us 'normal' people to obtain our sensitive data so as they can commit fraud or to sell the data on.

Voicemail hacking is an invasion of privacy but what information can really be obtained from a left message (?), well really that depends on the person leaving it I suppose....

Hackers can get away with such simple access thanks to a massive flaw, namely that public voicemail systems don't record the numbers from which the service is being accessed, only the time of access. This alone would make simple voicemail hacks harder to execute by leaving a trail of evidence of access.

Some simple preventive measures are:

Voicemail hacking normally takes place via the system that allows you to listen to your messages when you don't have your mobile with you or your away from home. This is normally via a land line number (or your own land line number if its a home based answer phone system) and then you enter a security pin to listen to your messages however most people never change their pin from the default which is normally 1234 or 0000. If you don’t change this pin code then a phone hacker could potentially listen to your voicemails by entering one of the default pins. Assuming your new pin is four digits, that allows up to 10,000 possible combinations for a hacker to guess, not completely secure but a reasonable start.

Click the image to read some of
the recent news stories

Data hacking is a significant risk as most of us now walk around with the same amount of data storage in our mobiles as our PCs are capable of holding at home. To minimise the risk of your mobile data falling into the wrong hands you could try the following:

Be careful where you store sensitive information - for example don't use a non secure 'notes' type app to store your credit card, bank account or pin codes in. Use a secure (password/pin protected) app or better still don't store this type of information anywhere!
Avoid public wi-fi – Avoid checking emails, logging into mobile banking sites and accessing private information when your phone is connected to public wi-fi such as those in coffee shops – as these are often insecure.
Set a phone password – If your phone’s lost or stolen then a password could stop a data hacker in their tracks.
Turn off Bluetooth – When you’re not using Bluetooth always turn it off as hackers could use the wireless connection to gain remote access to your phone.
Turn off auto-complete – Some phones save user names and passwords automatically to help you log-in faster next time, but this could also help a hacker access your personal data. Check your phone’s “Settings” menu to see if it is automatically storing information.
Delete your browsing history – Not seeing a list of which websites you’ve recently visited and the information you’ve accessed might be a little inconvenient, but clearing your mobile phone’s Internet browser history, cookies and cache will make it harder for a hacker to get your data.
Remote locate, lock or wipe - sign up to a 'mobileme - find my iphone' type service that allows you via another authorised device or web page to locate, lock, wipe or send an alert to your lost (or stolen) device. There has been a few good media stories on these services.

The recent stories in the media are not good news for the people who have experienced the hacks but this is only the tip of the iceberg for sure. Accessing people's voicemails has for a longtime been a 'tool' that law enforcement and investigators have utilised to gain intel but thanks to this recent media coverage fraudsters will now jump on the band wagon. You have been warned!

- Posted using BlogPress from my iPhone - which is password protected ;-)

Survey: Crime has risen by 4%, public more satisfied with police and councils

2012-01-23T21:53:00.000Z

Original news source: Security News Desk

Crime in the UK rose by 4%, with violent crime up 9%, according to the latest British Crime Survey data.

In the 12 months to September 2011, the period covered by today’s report, crime reported by the survey rose by 4%. This was broken down by:

Vandalism – down 7%
Burglary – up 5%
Vehicle-related theft – up 7%
Bicycle theft – down 8%
Other household theft – up 4%
Theft from the person – up 12%
other theft of personal property – up 14%
All violence – up 9%
All BCS crime – up 4%

British Crime Survey

The survey covers August 2011 when there were significant disturbances in cities across England.

Editor’s view: Let’s help business tackle street crime with CCTV

During the same period of time, the police reported a 4% decrease across all categories of crime. The BCS survey complements data collected from the police and often contradicts police figures. This is because BCS data is based on interviews with individuals and includes incidents which are not reported to the police.

The survey notes an 11% increase in personal crime in the period, but discounts this as a blip and points to data since 2004/05 to claim that crime levels have remained relatively unchanged.

The 9% increase in violent crime was said to be not statistically significant and there is no upward trend in violence, especially in light of an 8% fall in violent crime recorded by police last year and a five-year downward trend.

Meanwhile, robberies of businesses has fallen while personal robbery (street robbery for phones, bags and cash) has risen by 4% according to police figures, supporting the 12% rise noted in the BCS survey. 50% of all street robbery takes place in London where there has been a 13% increase.

And police and councils are getting the credit for beating crime, with 57% of those questioned saying they were doing a good job compared to just over half last year.

Trevor Elliott, director of manpower and membership services, BSIA

Trevor Elliott, director of manpower and membership services of the British Security Industry Association (BSIA), said, ”The quoted reduction in robberies of businesses is certainly encouraging and a testament to the work carried out by the police, the business sector and the private security industry to diminish the incidence of this type of crime. However, commercial crime is still an unwelcome reality and in order to continue reducing its effects on businesses it is essential for all parties to continue working together effectively.

“Businesses should check that their security measures are reliable and up-to-date. CCTV equipment, manned guarding and access control systems such as item tags have time and again proven invaluable in deterring criminals and responding more effectively to offences, but to get the most out of these systems they must be properly installed and monitored and provided by expert and professional security companies.

“The improved effectiveness of the security systems in place will in fact not only deter criminals, but also ensure immediate police response and facilitate the conviction of offenders.”

Links

British Crime Survey

British Security Industry Association (BSIA)

Original news source: Security News Desk

The Cyber Security Challenge - King of The Hill

2012-01-21T22:39:00.001Z

I attended one of the 3 stream finals of the Cyber Security Challenge (CSC) ‘King of the Hill’ today. I was kindly invited some months ago as an influential blogger in the security industry which was nice, although Ellie (part of the CSC team), did tell me today that there are not many of us about, but still it was nice all the same!

Today’s event was sponsored by PWC and SAIC, there were proper journalists present from Wired, BBC (Adam Shaw) and City AM.

I was a little apprehensive going into today as Cyber Security is a little out of my area of expertise although the boundaries across security specialisms are constantly becoming blended and we now have to be experts in all disciplines (and HR and Legal and Audit and Risk Management etc etc). By the way the location was perfect with two of the most iconic landmarks in London, the Tower of London and Tower Bridge literally on the door step.

The morning kicked off with a brief presentation about the CSC and then we went straight into a very comprehensive demonstration of the exercise that the candidates would experience later in the day during their competition.

My Cyber expert and ‘ethical hacker’ was Jonathan of PWC, who’s knowledge was impressive, although he had only been in security for a couple of years! He gave me a whirl wind tour of the tools of his trade and I was surprised to hear that the penetration software is easily available and for free apparently! He went on to demonstrate how easy (for him) to compromise and potentially control a series of targets. He also showed me how a ‘password list’ is utilised by a hacker to automatically search for the specific password required to gain access to the chosen target (which I have read about but never seen done in front of me). Our password list contained 1.5m examples of commonly used passwords!

I was also shown how easy it is to hack a SMTP (Simple Mail Transfer Protocol…get me) which ultimately enables the hacker to send emails containing the actual companies domain name. These would appear to be official emails by the person receiving them but may for example contain a piece of Malware or inappropriate images (the implications may be far reaching as experienced by STARTFOR at the end of 2011). It certainly demonstrated to me the importance of simple preventive measures like choosing good passwords and ensuring regular security patching.

During the day I met a number of candidates, some first timers and others who attended last week’s event at Sophos. Most of the candidates I met are current university students with an interest in computers and/or cyber security but with little practical experience. It was good to see people who are in the early stages of their careers and actually have a hunger and eagerness to progress into this industry.

I also had the opportunity to speak to some of sponsors who are security professionals in their right and it was good to exchange ideas and to share best practice (which is exactly why I blog).

I actually came away with more knowledge then I walked in with, however I was truly shocked at just how easy 'hacking' is (with a few free tools and some technical know how of course). As I type this article there are thousands of people all over the world using these tools looking for opportunities and their next potential target.

I even found out what this type of art is called……

Ascii Art!

What I like about the CSC is that it's nurturing talent and raising the profile of a profession which is apparently struggling to attract new talent - but at least they are doing something about it! Will the CSC attract more talent into the industry? Will it uncover new talent? Do we need to continue to protect our national infrastructure and business interests? I think it’s a resounding yes to all of these points and lets hope that the CSC continues to run for many years.

The final takes place in March and the prize list is impressive.

I look forward to watching the BBC programme (and of course if I am in it) and a special thank you goes to Ellie for the kind invitation and your hospitality on the day.

If you want to learn more about the challenge please click on this.

Olympics counter-terrorism training offered to London burger vendors

2012-01-19T21:05:00.000Z

Police want licensed mobile traders to help spot suspects who may be looking at potential targets for 2012 Games.

Burger van workers and other licensed mobile traders are being offered free counter-terrorism training to help them spot suspects who might be reconnoitring potential targets in the runup to the Olympics and Paralympics.

The on-street presence of people selling food and drink in London – from ice-cream to baguettes, pizzas and hot dogs – means they are well placed to "contribute to effective surveillance", according to environmental health experts.

The training is being offered by the Metropolitan police and Westminster council and builds on an existing scheme in which business representatives attend courses to get tips on "hostile reconnaissance", what to do in case of an attack – including the 'dos and don'ts of bombs' – and understanding police communications and cordons.

But not all traders will find themselves on the right side of the law. Many will be subject to spot checks to establish that they are operating legally and safely, with those suspected of breaches having their names, dates of birth and nationalities passed to police and the UK Border Agency(UKBA) for investigation of possible criminal links and their immigration status.

Source: The Guardian - click on the link to read more

Comments from Chatback........the total number of people involved in the security operation is apparently around 45,000ish (including 20,000 security guards - an increase from an original figure of 10,000, and 13,000 military personnel, and 12,000+ Police officers (in London)). Not forgetting that these numbers are directly linked to the Olympics and it does not include the additional numbers of security staff that businesses, retailers, offices will automatically add during this busy time. I don't think we should forget that securing the Olympics is costing over £1bn (originally £600m) and with all these big numbers why on earth do we need to train 'burger van workers' in Hostile Recon??

All I can say is that this years IFSEC will not be 'the largest annual security event in the UK' the 2012 Olympics games will be!!

What is the Cyber Security Challenge UK?

2012-01-18T11:00:00.000Z

At the start of 2012, the Cyber Security Challenge UK will launch a social media and press stream of its hugely popular competitions. It’s an opportunity for those who regularly write, blog or tweet about major cyber-attacks to gain first-hand experience of what these looks like on the ground and how the professionals deal with them, using ultra-realistic simulations developed by leading UK cyber experts. As well as learning a huge amount about the industry, the competition provides an opportunity to demonstrate your coolness under pressure, leadership and teamwork skills against your fellow journalists and bloggers.

The Competitions

The competition consists of three different challenges taking place over three separate days at the beginning of next year (see dates below). Contestants will be placed into teams of up to five individuals supported by a technical expert from the company running that competition. Their role is to implement the decisions made by the team in the face of, or in preparation of, a major cyber-attack, and relay the impact of those decisions back to the group. As a result, the competitions are not a test of technical knowledge and open to people of all abilities.

Each competition will take a maximum of one hour to complete and will be run on the same day as the full version for candidates to ensure you also have an opportunity to watch candidates compete, interview them before and after, and talk to the cyber security leaders who have designed these challenges.

Whilst we encourage competitors to try and attend all three competitions, individual participants can change to accommodate those who cannot. A prize for the most successful team will be awarded at the Challenge Awards Ceremony in March.

Dates

Competition 1 - Sophos Malware Hunt, 14th January, Sophos HQ, Abbingdon
Competition 2 - SAIC’s King of the Hill, 21st January, PwC HQ, London
Competition 3 - QinetiQ Network Defence, 10th February, QinetiQ HQ, Malvern

If you are interested in taking part in all or some of these competitions, please get in contact with the Challenge at the following address: media@cybersecuritychallenge.org.uk or you can register here.

On the below YouTube video candidates talk about their experiences of competing in the Cyber Security Challenge UK and the imapct it has on them, at a debate on cyber security careers.

Physical Security - Thieves Dig 100ft Tunnel to Reach Cash Machine

2012-01-14T16:40:00.001Z

Thieves spent "months" digging an 100 foot long tunnel beneath a car park and video shop in an elaborate robbery on a cash machine but got away with just a few thousand pounds.

Detectives believe the gang may have spent up to six months digging the passageway, which extended from a railway embankment, under a car park and beneath a shop where the cash machine was located.

The tunnel, which was around 100 feet in length and 4 feet tall, had been fitted with lighting and roof supports.

In a heist similar to that seen in films such as the Bank Job, where thieves tunnel beneath a bank to get to a vault, the gang had to cut through more than 15 inches of concrete to reach the cash machine.

Thieves dug a 100ft tunnel under a building to get at the cash machine
at Blockbuster in Fallowfield Shopping Precinct in Manchester

Police believe the theft occurred some time between 5.30pm on Monday January 2 and Tuesday January 3 at the Blockbuster in Fallowfield shopping precinct in Levenshulme, Manchester. They refused to reveal how much money had been taken, but said the gang only got away with "limited funds". The cash machine can hold up to £20,000 but it is believed the gang got away with just £6,000.

It comes four years after an identical lot was foiled at the same location after workmen discovered a 40ft tunnel running from the railway embankment towards the Blockbuster shop. The original tunnel was filled in with concrete to prevent it being used again.

Detective Sergeant Ian Shore, from Longsight CID, said: ''In all my years of service, I have never seen anything quite as elaborate as this. These people had obviously spent a long time plotting this crime and I doubt they would have been able to keep their plans secret for all that time, without telling others about their scheme. 'They must also have spent a lot of time in the area over the past few months, which people may have noticed. 'The financial detriment to the victim could have been a lot worse, and the offenders did not get away with as much money as I believe they may have originally hoped. The machine had limited funds available.''

The tunnel was dug directly underneath the cash machine, where the offenders then used machinery to cut through the concrete above to steal money from the ATM. The thieves then made their getaway back down the tunnel.

DS Shore added: "I would ask that anyone who may have noticed anything unusual around this Blockbuster store, or who may have seen or heard anything they think might help us with our investigation, to get in touch."

Original Source: The Telegraph

Anyone with information is asked to call police on 0161 856 4245 or contact Crimestoppers anonymously on 0800 555 111

How's that for a return on investment!
All for an estimated £6k! Sounds like a lot of
work for not much money!

Public Service Review: A matter of national security

2012-01-09T22:03:00.001Z

The Coalition's handling of the spending cuts to the economy is impacting security differently across departments, argues ADS Security Policy Adviser Hugo Rosemont

How the current state of the economy impacts national security remains an important question due to the surprising lack of attention given to it. However, it is a crucial consideration, and the Coalition Government believes that 'an economic deficit is also a security deficit'.

Contrary to some perceptions, there have been significant levels of new investment in the UK security market during the current period of deficit reduction. For example, in a survey published in October 2011, ADS revealed that its members completed £1.8bn worth of security business in the UK during 2010. In addition, there has been significant growth in the global security market; it is currently worth about £260bn per annum and is estimated to grow to £337bn by 2015.

It is worth remembering, however, that the UK security market comprises purchasers from both public and private sectors. Public sector customers account for a large proportion of sales, and the effect that the economic conditions are having on UK government departments' abilities to invest in national security capabilities, especially in the context of deficit reduction, must be examined.

To continue reading this article, click here.

Source: ADS Group 09/01/12

Mike O'Neill Interview: SIA, CPO Licensing, London Olympics Security

2012-01-05T19:06:00.001Z

You can download the
interview here

David Rubens latest column in Combat & Survival is a double-page interview with Mike O'Neill, Chairman of the Close Protection division of the BSIA, and a well-known figure throughout the UK security industry through his activities with Greyman's and, more recently, Optimal Risk.

Mike talks about topics of interest such as the latest news on SIA licensing, the future role of CPO's in the UK security sector, the London Olympics and a few thoughts on the future of top-end security providers in an economic recession.

David is a well known figure within the security industry and his bio is shown below:

David Rubens Associates founding director, holds an MSc in Security and Risk Management from Scarman Centre, Leicester University, is a Visiting Lecturer on their Global Security and Policing MSc programme, and is currently a Visiting Fellow at the Security and Resilience Department, Cranfield University at the UK Defence Academy, specialising in Terrorism & Public Policy and Strategic Management & Leadership. David is widely experienced at developing, delivering and managing large-scale strategic security development programmes, and has worked with government agencies and academic institutions in Asia, Africa, Middle East, Caribbean and Eastern Europe.

Updated 4/1/12 - The MPS launches first ever dedicated unit to tackle metal theft

2012-01-04T19:29:00.000Z

Update 4/1/12 - Church metal theft cases reach record high in 2011 via the BBC

Update 23/12/11 - News article in the Telegraph "Insurers urge radical security rethink following metal sculpture theft".

The MPS is launching its first ever dedicated unit to tackle metal theft - a spiralling problem which is costing the economy an estimated £700 million a year and causing the deaths of two offenders a month in the UK, according to the most recent research.

The new multi-agency Waste and Metal Theft Taskforce, whose team includes experts from BT and the local authority's environmental crime unit, is based in Bexley, one of the boroughs most severely affected by metal theft due to its high number of scrap metal yards.

In the first two weeks of December officers across the Met carried out a total of 275 inspections and searches of scrap metal dealer yards, arrested 15 people for offences ranging from burglary to transporting waste metal illegally without a licence, and seized 16 vehicles.

Whilst the task force is a good idea, why do we always have to rely on law enforcement? Shouldn't we be making it more difficult for stolen goods to be sold to 'dodgy scrap yards', or stopping cash sales or even asking for proof of ID from sellers?

The new task force will be busy...this is the recently
stolen Barbara Hepworth sculpture (worth £500k)

Looking Back, Looking Forward - The Security Highs and Lows of 2011

2012-01-03T13:05:00.001Z

So what happened last year? Well apart from it flying past, for us at Chatback Security it has been a great 2011. We successfully continued our efforts to offer opinions on security risks and threats and have now built up a steady readership and loyal following.

January was kicked off with a promise for us to be more active on the blog and introduce Fraud and other topics. This proved succesful in 2012:

7000 blog readers (55% up on 2010)

3500 unique visitors

4000 tweets via @securityspeak and @chatbacksy

2500 twitter followers

Readers from over over 50 countries

February saw scam awareness month and we also received a couple of emails asking for us to claim our lottery winnings, all we had to do was supply our bank details apparently?! It’s amazing how email addresses get identified by scammers for this type of contact (its even more amazing that people fall for these scams).

The MPS kicked off a new counter terror publicity campaign asking for people to look out for unusual activity or behaviours that might strike people as not quite right and out of place in their normal day to day. Just one piece of information could be vital in helping to disrupt terrorist planning and, in turn, save lives. If you see it, report it.

March saw us talk about the HOSDB INSTINCT exhibition which considering this exhibition is designed largely for law enforcement and government agencies was actually quite interesting and food for thought when considering the future applications that could find there way in to our airports and hopefully other environments.

The ‘Insider Threat’ came all too true with a British Airways software engineer being sent down for 30 years after being convicted for plotting to blow up a plane. This particular topic is close to our hearts and seems to have fallen off organisations radars a bit and it's not being discussed as much as it should be.

April was the month that the Centre for Protection National Infrastructure (CPNI) released a 'Public Realm Integration' document which although it looked like it had been designed by Saatchi & Saatchi it still offers some very good information about when and what you should consider when deploying any Hostile Vehicle Mitigation in the public realm.

May brought us our 1 year celebration of the blog and the introduction of the Stuxnet, the Future of Malware posting.

Paul celebrated our first year with a posting on Insider Threats.

June saw me and Paul enter and successfully complete the 26 mile London Bikeathon in support of a charity close to both our hearts ‘Leukaemia and Lymphoma Research'. We were very kindly supported and sponsored by our new friend in the US Brad Apitz (please follow him at @BradCHSV) who helped us raise over £500 in sponsorship. Thanks again Brad.

I presented at The 8^th Annual CISO Summit in Rome which was attended by a very experienced audience. I must have done ok because the organisers invited me to speak and chair a panel on social mediasecurity risks at the CSO later in the year. I have a lot of time for MIS Training and will be sharing more news, events and speaking opportunities throughout the forth coming year, so keep an eye on our events page.

Towards the end of June we both attended The Security Institute’s Annual Conference.

June also saw the introduction of The National Security Workers Union (NSWU) in the UK.

July saw a couple of guest bloggers posts and the Home Secretary Theresa May announced the terror threat level for the UK has been reduced from severe to substantial. However, a terrorist attack still remains a strong possibility and may well occur without further warning, she went on to warn. Mrs May said: "The change in the threat level to substantial does not mean the overall threat has gone away - there remains a real and serious threat against the United Kingdom and I would ask the public to remain vigilant." January 2012 we remain at ‘substantial’.

August we took leave and you do not want to know where or what we did because that is boring.

September saw us post a summary of the GMB report on From Workplace Watch To Social Spy: Surveillance In (and by) The Workplace.

October brought us National Identity Fraud Prevention Week (NIDFPW), which over the last seven years has helped consumers and businesses alike to fight identity fraud. NIDFPW brings together partners from both the public and private sector to contribute their resources and experiences to help UK businesses and consumers protect themselves against identity fraud. Research commissioned by Fellowes for the campaign has shown that consumer confidence is at an all time low, with 96% of people concerned that the organisations they deal with aren’t treating their data responsibly.

November saw the UK government announce The New Cyber Security Strategy, I attended the Chief Security Officer (CSO) Summit in London where I presented on Security Assurance and chaired a panel session on social media security risks and it was also Get Safe Online Week 2011 (7th - 11th November 2011) What is Get Safe Online Week? Well if you missed it, it’s an annual event to raise awareness of internet safety issues. They reach out to consumers and small businesses through competitions, events and communications activity and to businesses and organisations through their annual Get Safe Online Summit to find out the latest updates or join us and follow them on Twitter @GetSafeOnline for all the latest news. Finally Chatback Security was approached after being recognised as known and influential security bloggers (get us) to participate in the Cyber security Challenge UK 2012 as journalists. Watch this space we will be talking all about it.

December saw the MPS launch a dedicated police unit to tackle Metal theft, Anonymous were at play again, attacking Stratfor (the website is still offline) and my son’s first published photos to support the 4x4 crime prevention posting by Paul. Our recent posting by Infosec Island was posted at the end of December and still worth a read on security risk management and it’s not all about assessment.

Happy New Year.... 2012 is here so what does it hold for us personally and professionally. Well firstly, more of the same but different, if that makes sense. The year starts with us attending the first round of the Cyber Security Challenge UK. The first 5 months see me being invited to speak at the Information Security Executive Summit in Richmond, UK, Counter Terror Expo in London, CISO Summit 2012 in Prague and the Fraud Corruption Africa Summit in Zanzibar and then of course is the Olympics, London 2012.

Some of the threats and risks on the horizon that are going to require some effort in combating are:

Continued trend in metal theft (cabling, ornate statues, church roofs etc), hopefully some change in legislation also around the selling/buying of scrap metal
Protection of our critical infrastructure (in paricular SCADA systems)
Hackivism
Insider threats
Olympics (surprise surprise)
Under valuing physical security measures (?too much focus on cyber threats maybe)
Large scale scams and frauds
Recruitment of the right security people at the right time

We seek to enhance our relationships with @GetSafeOnline and London Fraud Forum (LFF) and Paul will continue with his work in the Security Institute whilst I intend to work closer with London First who kindly invited us to seminars and events on the Olympics and Cyber Crime.

We are always looking for new areas of interest and guest bloggers or supporters, if you feel we (or you) can contribute to your ideas please let us know via chatbacksecurity@gmail.com or contact either of us direct via LinkedIn (Richard or Paul).

In the meantime we wish you a very safe, secure and prosperous Olympic new year and look forward to staying in contact with all our friends and supporters.

Thanks and enjoy. Richard

Security Risk Management – More Than Just Risk Assessment

2011-12-30T20:49:00.000Z

Thursday, December 22, 2011

Source: Infosec Island

In an article in the December edition of the ACC Docket, entitled “Disciplined and Practical Risk Management”, Jim Jackson, General Counsel of Medair, discussed risk management in the non-profit arena, focusing on his experiences on this issue during his tenure at Medair.

Medair is an entity which “brings life-saving relief and rehabilitation in disasters, conflict arenas and other crisis by working alongside the most vulnerable in Africa, Asia and other areas with extraordinary need.”

This relief and rehabilitation includes the areas of “health, nutrition, water, sanitation, hygiene and shelter.” After becoming involved with the non-profit in 2010, he instituted a risk management system which included a risk assessment program and linking of this risk assessment “into what we do and to manage that effectively.”

His approach is one that can be used for any risk portfolio which a company may carry, including an anti-corruption risk based upon the Foreign Corrupt Practices Act (FCPA).

Risk Assessment

Jackson believes that many risks are similar across different organizations, both for-profit and non-governmental organizations (NGOs), like Medair. Therefore, by reviewing other risk assessment programs, it was possible for him to create a measurement of risk for his client.

The risks for Medair include “revenue stream, portfolio fulfillment, staff security, attracting and retaining staff, fraud and business continuity.” To determine the specific risks for each, Jackson led a series of interviews. He cautioned that it must be the “right people in the room.”

That is, the ones with the experience who can answer the questions related to risks the entity faces. After feedback from the interviewees, Jackson pared the initial list into a “more specific set of causes of risk and the precise areas to monitor and track.”

From this exercise, Jackson developed “probability and impact definitions and then labeled and described the specific risk.” They are as follows:

PROBABILITY

Probability Rating Assessment
Greater than 10% Very Likely
Less than 10% Possible
Less than 5% Unlikely
Less than 1% Rare

IMPACT

Priority Rating Impact Rating
1 Critical
2 Significant
3 Moderate
4 Insignificant

Risk Management

However, the risk assessment and ranking is only the first step. Jackson said that “ongoing communication is key to the effectiveness of risk mitigation.” For Medair, this communication begins when it charts its risk assessments using the above metrics at the quarterly meeting of the Executive Leadership Team (ELT), where risk “mitigation strategies are also analyzed for effectiveness.”

These strategies include “making sure that resources are allocated to mitigation actions”, and the all parts of the organization are in communication with each other regarding these actions. All of this is then reviewed at the next quarterly ELT meeting.

However, for Jackson the primary key is that risk management must be linked to the organization’s purpose and goals. Your company must to be disciplined; it cannot simply develop a risk assessment and then not use it to look at risk generally. As important as systems are, they must be “practical and linked” to what your company does.

The Medair risk management system provides an excellent example of the tools available to the compliance practitioner. The Department of Justice identifies a risk assessments and its use in a minimum best practices program.

Further your risk assessment should inform your compliance program and not vice-versa. The Medair method of assessing risk and then managing from that assessment provide an example of an ongoing process for an overall risk management process for a company under the requirements of the FCPA.

Cross-posted from Tom Fox Law

Drug Dealer's 4X4 Becomes Crime Prevention Weapon

2011-12-29T17:44:00.002Z

Date: Thursday, December 29, 2011
Source: Cliff Caswell - Security Oracle

A deluxe 4X4 seized from the proceeds of a convicted drug dealer is being used by Kent Police vehicle to deter other would-be criminals, it has emerged.

The Range Rover Sport – reclaimed under the Proceeds of Crime Act – has been branded with anti-crime messages and is being parked up where warrants are being executed. And after the previous owner was sent to prison for 18 months, officers said that the luxury car would make other offenders realise how much they too could lose.

As well as being used to highlight where warrants are being executed, the vehicle has also been involved in a tour of prisons in the Force area and parked at other high-profile locations.

According to Kent Police, some £3.7 million was ordered for seizure from convicted criminals through Confiscation Orders between April and November 2011.

DI Mark Fairhurst of the Kent and Essex Serious Crime Directorate emphasised that reclaiming the spoils of criminality remained a priority for officers.

He added: "Criminals may believe they are becoming smarter at hiding assets but investigators will bring them before the courts to recover the proceeds from their criminal behaviour.

"Not only does POCA take the money out of criminals' pockets and stop them using it to commit offences, it is put back into policing to reinvest in initiatives to reduce crime."

Under POCA proceedings, offenders are given a set time to pay orders. Forces work closely with the Court Enforcement Unit to ensure offenders are held to account within the time given.

Around £9m was recovered by Kent Police through the Act last year and £1.6 was handed to Kent Police under the Home Office's Asset Recovery Incentivisation Scheme.

This was the second highest figure in the UK and the highest ever for Kent.

Cliff Caswell - Security Oracle

Update by Paul

There are two cars outside New Scotland Yard which were uninsured and seized by the Met Police

Photographs by Master B Bell

Cyber Security - Hacked Stratfor Security Think-Tank Keeps Site Offline

2011-12-29T14:54:00.000Z

Date: 29 December 2011

Source: BBC News

Hackers have posted credit card details, email addresses, phone numbers and encrypted passwords which they said were taken during the attack.

Participants in the hacktivist group Anonymous are

using Twitter to provide more detail

about the attack

Stratfor has said it will pay for a credit card fraud protection service for members whose payment details might have been compromised by the breach.

Tweets posted on accounts linked to the hacktivist group Anonymous said that the US Department of Defense, the defence firm Lockheed Martin and Bank of America were among Stratfor's clients.

A recent message posted by @YourAnonNews added that other parties affected by the hack included Google, American Express, Coca-Cola, Boeing, Sony, Microsoft and the mining group BHP Billiton.

Protection
An email from Stratfor to its subscribers said: "At our expense, we have taken measures to provide our members whose credit card information may have been compromised with access to CSID, a leading provider of global identity protection and fraud detection solutions and technologies.

"We have arranged to provide one year of CSID's coverage to such members at no cost.

"As part of our ongoing investigation, we have also decided to delay the launching of our website until a thorough review and adjustment by outside experts can be completed."

The identity theft prevention service Identity Finder has carried out its own analysis of details posted online about hacked clients whose names fell between A and M. It suggested that the attack netted:

9,651 unexpired credit card numbers
47,680 unique email addresses
25,680 unique telephone numbers
44,188 encrypted passwords of which roughly half could be "easily cracked"

This list is expected to grow if the hackers publish details of the N to Z list.

Donations

A tweet posted to the account @AnonymousIRC on 25 December claimed that $1m (£650,000) had been taken from the hacked accounts and had been given to charity.

Participants in Anonymous have subsequently posted screenshots which allegedly show money being transferred to the charities Red Cross, Save the Children and Care.

The organisations will have to return the money if credit card owners report the charges as being unauthorised. Some supporters of the Anonymous movement have also expressed concern that the charities could theoretically be charged a fee for the return of the transactions.

Anonymous Twitter accounts have also hinted that the hackers planned to release details of emails harvested in the breach, adding that "Stratfor is not the 'harmless company' it tries to paint itself as.

Stratfor could not be reached for comment. However a video posted by Fred Burton, its vice president of intelligence, to YouTube promised to provide updates "as more details become available" and offered details about the credit card protection scheme.

BBC News

Press Release: Security Research Initative Survey Launched

2011-12-20T20:10:00.000Z

A major study of the UK security sector has been announced today. It is supported by the UK's leading security associations and is being undertaken by researchers at Perpetuity.

Those working in the security sector are being invited to complete an on-line questionnaire that addresses the state of the security sector and specifically the potential impact of both changes to regulation and the recession.

Three groups are being invited to compete the survey, they are:

Directors and Managers of a company providing security goods and/or services

Buyers of security goods and/or services (e.g. Security Managers/Directors of corporations and public/voluntary bodies, Facilities Managers and Procurement specialists).

Security officers or supervisors of security officers who undertake security guarding duties. This covers static and patrolling duties protecting company assets, Cash and Valuables in Transit work, Close Protection, Door Supervision, Public Space Surveillance (CCTV), Immobilisation, restriction and removal of vehicles and Key Holding.

The survey should take no more than 20 minutes to complete. It can be accessed at:

https://www.surveymonkey.com/s/SRI-Security-Survey

The deadline for responses is the end of January 2012.

Professor Martin Gill, who is head of Perpetuity Research, which is leading this study as part of the 'Security Research Initiative' stated:

'This could be the largest survey of the security sector ever undertaken, and we would encourage individuals to take part. This is a rare opportunity to gain insights into what people are really doing, and what they really think about what is happening in security. The survey is anonymous, no names of individuals or companies are recorded. The findings will be made available free of charge, so do please complete it.'

Questions and queries should be addressed to:

Professor Martin Gill

0116 222 5555
prci@perpetuitygroup.com

Further information on the Security Research Initiative can be found on our website: http://www.perpetuityresearch.com/sri.htmlhttp://www.perpetuityresearch.com/sri.html

National Day of Protest UK Uncut Christmas Special, Information for Businesses From the Met Police

2011-12-16T19:16:00.000Z

UK Uncut has recently announced an event entitled ‘Christmas Special’, which is being promoted to take place on Saturday, 17 December 2011 between 1300 hours and 1700 hours. The stated aims of this protest are to highlight the government austerity measures and non payment of tax. It is their intention to target high street retail business premises. Recent events have shown that this has predominately taken place in Central London. We would advise all retail sectors within Greater London to consider the following guidance, which is by no means exhaustive.

The Metropolitan Police Service is fully aware of the potential impact of any major event on the local business community and is well equipped to deal with events like this. We have an appropriate and proportionate policing plan in place and are working closely with our strategic business partners to ensure that any disruption is kept to a minimum whilst at the same time aiming to police and facilitate peaceful protest.

The following guidance has been produced to help businesses to prepare for any incidents which may arise as a result of this activity in the Metropolitan Police Area.

Keep up to date with latest information

For live updates on the progress of this event you can also subscribe to the official free police community

messaging system at www.neighbourhoodlink.met.police.uk

Follow the MPS updates on the day on Twitter @CO11metpolice

Contact numbers

In the event of an emergency call the emergency number 999.

In the event of a situation that does not require an emergency response, please call 101 (calls to 101 from landlines and mobiles cost 15 pence per call, no matter what time of day you call or how long your call lasts).

If you have information about crime, you can also call Crimestoppers anonymously on 0800 555 111 .

Security Advice

Ensure that all staff are fully briefed. Security officers, where possible, should have a visible presence at premises. It would be advisable that a senior manager make himself/herself identifiable to police in the event of an incursion into your business premises. Ensure that your exit/entry points are monitored and that you are able to lock and secure any points of entry if required to do so.

Be alert to large groups forming outside of business points of entry and ensure staff remain vigilant and report any suspicious activity to security and/or police. Check that your emergency equipment supplies and radio communications systems are stocked and fully operational at all times.

Crime

If you identify any unusual markings on your building please report immediately to police. If crime is committed or an incursion takes place in your premises consider the preservation of evidence, where possible, on the advice of police.

Ensure CCTV coverage is fully operational and can provide the highest possible recorded resolution.

What you can expect to see

You may notice officers outside some premises this is because during recent protests some buildings have been targeted and damaged. The officers are there to protect these buildings and to assist those inside to go about their daily business and to deal with any incidents of crime and disorder. All officer will be uniquely identifiable by a series of numbers, letters or both which will be visible on their outer clothing.

Update - Your chance to win a iPad 2: Cybersecurity Conference & Expo – Washington, DC (10% discount via Chatback Security)

2011-12-03T17:22:00.000Z

3rd December Update:

We wanted to give you an exciting new update about a new promotion where people can receive a 10% discount off their Cybersecurity Conference registration. Plus- if registrants attend the event on Thursday, Dec. 8, they'll be entered to win an iPad 2! Click here for more information http://on.fb.me/GovCyberiPad

Previous Message:

The Cybersecurity Conference and Expo is coming up on December 8-9 in Washington, DC - delivering in-depth training for government practitioners and essential networking opportunities with government and industry leaders at the forefront of cybersecurity initiatives.

It will bring together government and private industry to learn about advanced technologies and strategies addressing global information security threats.

The 2-day conference will offer insights and education on topics including:

The latest threats and solutions, risk mitigation, cyber espionage and the pillaging of American technology

The business aspects of cyber - calculating ROI, cybersecurity investment strategy, education and training

The full brochure is available here.

A great list of industry experts -
click to expand (then you might be able to read it!)

Are you prepared to tackle the evolving cyber threats? The Cybersecurity Expo provides unique solutions for government agencies to manage cybersecurity programs and mitigate the risks of cyber attacks.

This looks like a fantastic opportunity to meet industry experts and to keep upto date on the latest technology and threats in the cybersecurity arena.

It's too far for me to travel unfortunately but if you are interested in attending you can receive a 10% discount via here.

GCHQ attracts wannabe spies with viral cryptography

2011-12-01T21:05:00.000Z

The GCHQ -- Britain's secretive agency of intelligence experts wants to find new spies. To make sure it has a candidate who's up to scratch, the agency is inviting hobbyist cryptanalysts to try and break a code online.

A website called "can you crack it" is being spread via a viral campaign around social networks like Twitter and Facebook. The site shows a seemingly-senseless jumble of 160 pairs of numbers and letters, and a box to enter some kind of answer.

By: Mark Brown, Edited by: Duncan Geere

The New Cyber Security Strategy

2011-11-25T19:41:00.001Z

The government has announced new measures to fight cyber crime, to promote economic growth and to protect our nation’s security and our way of life.

To specifically tackle the increased risk the UK electronic communications network faces from other countries' intelligence agencies and hackers.

These latest measures are part of a £650 million (over 4 years, so dont get too excited) drive to deal with cyber threats and develop responses to intrusions and attacks.

The intelligence agency GCHQ is to receive around £385m of the total budget to develop its ability to detect, defend and fight back online.

The government says there are more than 20,000 malicious emails sent to its networks each month, 1,000 of which are deliberately targeted.

A new police Cyber Crime Unit will be formed alongside a team at GCHQ which will fine-tune the country's military online capabilities, and a joint initiative between the public and private sector will also be launched to deal with cyber threats.

Individuals will be given more help to protect themselves, amid a warning from GCHQ that 80% of successful attacks could be thwarted by following simple steps like updating anti-virus software regularly.

Will it make a difference or is it just another excuse for a 'team of professionals' who do little and achieve even less....well let's wait and see in a years time when government will report on their progress?

If you have the time the new cyber security strategy documents can be read via the below Cabinet Office links.

A vision for UK cyber security in 2015