Wednesday 30 October 2013

Big Data Intelligence Driven Security at RSAC

A constant theme from this year’s RSA Conference Europe, is the idea of security intelligence collaboration, namely the capture, sharing and data mining of “Big Data’, to detect and prevent security incidents and attacks, but will it ever take off?
The concept of gathering and using big data is nothing new, from Google to your supermarket loyalty card; big data mining has been very successfully used commercially for at least a decade, not to mention the alleged big data mining said to be conducted by the NSA.

This collaborative led intelligence approach has potential and I believe it could be effective if conceived and built smartly, however I fear the issue will be with the data sharing. Most of the existing big data models in use are covert, and organisations aren’t collaborating, so they do not share their big data analytics. This is a fairly obvious approach, as the whole idea of mining big data in their case is for commercial advantage and gain. So I imagine there aren’t many examples of big data collating and sharing models for the security sector to build a system upon.

Who are we going to trust to manage the security big data? A vendor, a government department? Who has access to the data? Can that body use the data for their own commercial gain?  Trust is a huge real issue in building any security big data model.

Within Europe the potential of sharing any personal data under a security umbrella cause will be highly unpalatable, especially to an EU parliament seemly bent on an online privacy revolution. Then there is a growing number of EU citizens, who in the backwash of the Snowden and Wikileaks, are increasingly becoming apathetic about what they are seeing as an Owellenian big brother online society. We’ll see what plays out, as usual this is my two (euro) cents.

Tuesday 29 October 2013

RSA Conference: Anonymity is the Enemy of Privacy

‘Anonymity is the Enemy of Privacy’ was a point stressed by Art Coviello, the Executive Chairman of RSA, in the opening keynote of the RSA Conference Europe 2013.  This point is controversial to say the least, especially to a European audience, with mainly Europeans still rocking in the wake of the massive NSA covert internet surveillance allegations against European leaders, and millions of EU citizens.

Many privacy advocates hold a polar opposite view to Art, believing anonymity online is a fundamental ingredient for online privacy. Art's perspective also highlights the difference in attitudes towards privacy harboured between the United States and Europe. The European Union was built on its citizen rights, including the right to privacy, a right the EU wishes to see exercised online, whereas the US view tends to be 'privacy is dead', believing the right to online privacy has been given up and the privacy fight lost.

Monday 28 October 2013

Identity Theft & How to Protect Yourself from ID Theft

HotSpot Shield have created an Identity Theft InfoGraphic which I'm happy to share. InfoGraphic explains the malicious actors behind ID theft, some of the techniques they use and how to protect yourself.  

Sunday 13 October 2013

RSA Conference Europe 2013 Preview

The keynote speaker at this year's RSA Conference Europe is certainly of interest. Sir Seb Coe was widely applauded as delivering an outstanding Olympic Games in London last year.  The security of the games was always a great concern from the day after it was announced London was to receive the games back in 2007, but it is the cyber security aspect of the games which interests me. The games were subjected to cyber threats, including a specific cyber threat aimed at taking down power supplies to the games stadiums, so it will be fascinating to learn more about the planning, preparation and the testing of the London 2012 cyber defence.

I always recommend the RSA Europe Conference to fellow UK security professionals, especially those new to our busy and complex sector.  It’s a great event to learn about the emerging threats, defences and the latest security thinking, with plenty of quality sessions to choose from. The conference is also a great place to network with fellow security professionals from around the world, including the speakers at the event, who I have always found to be an approachable and an amicable bunch of fellows.