SMEs: The Hacker’s Preferred Route into the Corporate World Richard Henson Worcester Business School February 2012.

Slides:

Advertisements

Similar presentations

FIA Prague Preparation February 6, Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.

Advertisements

Local Authority e-Procurement and SMEs Opportunity or Threat? Martin Scarfe National e-Procurement Project London Borough of Newham.

A UNIDO Strategy to Promote ICT for SMEs Hans Pruim UNITED NATIONS INDUSTRIAL DEVELOPMENT ORGANIZATION 21 April 2004.

DEPARTMENT OF TRADE AND INDUSTRY INCREASING ACCESS TO FINANCE.

Sum it Up and Point the Way Forward Conclusions: Ending on a Strong Note.

Product Stewardship Paradigm Shifts Beth Turner Global Director – Sustainability and Product Stewardship E. I duPont de Nemours and Co, Inc. Asia Pacific.

© 2003 IBM Corporation Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Sub10 Systems Professional Services Presented By John Golding & Frank Pauer.

1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.

Background Picture EBusiness Programme VeRDI  Limited knowledge among SMEs and SME advisers on internet used to improve business performance.  Workshops.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Comments to “the concept of e-government formation in Russia until 2010” Åke Grönlund Örebro University, Sweden

Created by: Tamara Henderson

EMS adding value IEMA regional workshop 07/07/10 Matthew Payne

The European Commission's Approach to Responsible Business: Towards a strategy on Corporate Social Responsibility.

Trends in Corporate Social Responsibility Reporting

In conjunction with Minimising Risk, Maximising Benefit - EAUC 10th Annual Conference NetRegs: Environmental Compliance Help for Universities and Colleges.

ISO Guidance on Social Responsibility Development Status, June 2009 An Industry View Risk of Failure David Felinski, Vice-President IFAN (International.

Community Benefit in Public Procurement April 2010.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

COMP 6125 An Introduction to Electronic Commerce Session 4: E-Commerce In Developing Countries.

and what is its role? What is the LEP? Local Enterprise Partnerships 39 LEPs endorsed by government A partnership between business, local authorities,

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

Banking Security in a Digital Age Trevor LaFleche, IDC Financial Insights.

Ethical sourcing… Shyamain Wickramasinghe

Globalization and The Financing of Small and Medium Sized Enterprises Joseph E. Stiglitz Bologna May 7th, 2003.

Financial Regulation of SMEs PRESENTATIONAT IFAC Small and Medium Practices (SMP) Forum th October 2008 Abuja, Nigeria BY JAPHETH KATTO CEO, CAPITAL.

CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -

Information Sharing Challenges, Trends and Opportunities

All-Russian Non-governmental Organization of Small and Medium-Sized Business OPORA RUSSIA Sergey R. Borisov President of OPORA RUSSIA Zurich, 19 March.

Information Assurance Market Research June Executive Summary Small response rate (n=43) General low awareness of information security controls and.

IFIEC EUROPE – International Federation of Industrial Energy Consumers 1 Climate Change Policy as Today’s Driver for Energy Policy Annette Loske, IFIEC.

SMEs: Why Information Assurance is Important Richard Henson Worcester Business School November 2012.

Dairying in Asia: Strategic opportunities, challenges and the response Vinod Ahuja Livestock Policy Officer Food and Agriculture Organization of the UN.

IRIS - International Railway Industry Standard The Quality Standard for the Railway Industry ACRI Prague, 2nd April 2008 Angela de Heymer Manager Quality.

Strategies for Seniors and Sports Paul Stonebrook Health Improvement and Prevention Department of Health.

Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

European Structural and Investment Funds Breakfast Briefing 4 th February 2015 Simon Nokes – Deputy Chief Executive, New Economy.

Beverly Prohaska V.P. Global Information Technology.

Global Partnership for Enhanced Social Accountability (GPESA) December 19, 2011 World Bank.

ITFG/IPAC Collaboration CMC Supplier Quality Control Technical Team ITFG/IPAC TECHNICAL TEAM: SUPPLIER QUALITY CONTROL (QUALIFICATION) Presented by: Gordon.

Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Company Overview & Strategy Lance McAndrew Product Line Sales Engineer.

What can “Economics of Information Security” do for SMEs Richard Henson, University of Worcester Bruce Hallas, Marmalade Box

Global Digital Security Market WEBSITE Single User License: US$ 2500 No of Pages: 60 Corporate User License: US$ 4000.

Friday 22nd April 2016 DS Chris Greatorex SEROCU

WSBI (World Savings Banks Institute) The Global Voice of Savings and Retail Banking Miami, 22 May 2012 Miami, 22 May ISIC Event Presentation.

V Are we being held back? An exploration of how evidence is used to address complex social problems Professor Kristy Muir Superu Evidence.

WHEN, NOT IF THE CYBER SECURITY CHALLENGES AMONG LOCAL GOVERNMENT UMBC Public Policy Forum Baltimore Maryland April 15, 2016 Gayle B. Guilford CISO Baltimore.

Greater Lincolnshire LEP Water Management Plan Water for Growth Martin Collison Collison and Associates Limited.

Cloud Industry Forum Code of Practice: Differentiate yourself in a crowded market 27 April 2016, 13:00 GMT Presented by Jason Wyatt (Cloud Industry Forum)

Securing Big Data is a business imperative. PROTECT BIG DATA

Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.

ISO Certification Consultancy Information regarding various International management systems and certification consultancy offered by Punyam Management.

Database Encryption Market to Global Analysis and Forecasts by Types, End User and Deployment Type No of Pages: 150 Publishing Date: Jan 2017 Single.

Database Encryption Market to Global Analysis and Forecasts by Types, End User and Deployment Type No of Pages: 150 Publishing Date: Feb 2017 Single.

Identity and Access Management Market to Global Analysis and Forecasts by Industries, Services No of Pages: 150 Publishing Date: Feb 2017 Single.

Private Cloud Market to Global Analysis and Forecasts by Services, Applications No of Pages: 150 Publishing Date: Feb 2017 Single User PDF: US$

Cyber Security – An Existential Threat? (IIC, Singapore)

Comprehensive Security and Compliance at an Affordable Price.

RIGHT ON PRIVACY IN THE REPUBLIC OF SERBIA

KEYNOTE STAGE SPONSOR.

Company Overview & Strategy

Dairying in Asia: Strategic opportunities, challenges and the response

Image courtesy of Crestock.com

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Low Power Wide Area Network.

Dr Manisha Shridhar Regional Advisor WHO-SEARO

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Low Power Wide Area Network.

Presentation transcript:

SMEs: The Hacker’s Preferred Route into the Corporate World Richard Henson Worcester Business School February 2012

The Reality UK critical infrastructure hacker X X Internet… (600 million Gateways!)

An Early Warning! In April 2009, hackers accessed data concerning technical details of a US govt fighter jet via networks with supply chain partners php php Conclusion: “…there needs to be a new-order requirement on companies doing business with the federal government.”

What can be done about it? Education? Laws? More shiny black boxes? The Cloud? An information security budget? but what is the ROI on data

US govt response.. Other 2009 examples: response to “Night Dragon” establish a “trusted source” program for supply chain partners VP of MacAfee offered a strategy to achieve just that: ecurity-guard-questions-and-answers-with- dennis-omanoff/#sidebar1 ecurity-guard-questions-and-answers-with- dennis-omanoff/#sidebar1

Predictions… Imperva, trends for 2012: trends-for html trends-for html It couldn’t happen here?

UK Government Advice CESG provides guidance and advice: best advice appears to be based on “ISO27001 compliance” On the CPNI website now: guidelines include 20 named technical controls to minimize the chance of a data breach… acknowledge no guidance on physical or behavioural controls Is “compliance” with guidelines, standards, and regulations enough?

Will “compliance” stop this? UK critical infrastructure hacker X X Internet… (600 million Gateways!)

Compliance and Certification Not just playing with words! compliance does not require evidence to back up claims that guidelines, etc. being followed certification only achieved through providing evidence in a systematic way to prove that the guidelines etc. are being adhered to in a systematic way

ISO27001 Certification and SMEs An ISMS has to be the way forward… SMEs not shy of certification. Many already have: ISO9001 – QMS ISO14001 – EMS ISO18001 – H&SMS Logical next step to go for ISO27001?

Research Evidence, Combination of academic research… Coles-Kemp, Barlette et al, and corporate research: Verizon, PWC, PGP, Symantec Conclusions: Main interest in ISO27001 in Pacific Rim (!)

SMEs and Information Assurance Few UK SMEs get ISO27001 certified regarded as too time consuming, too expensive… little ROI… “compliance is the English way” UK (2012) still showing little sign of: bring in new laws… educating about information security so why bother!?!?!

There’s a whole world out there to do business with!

The Global Supply Chain Global companies merely seeking “compliance” from partners taking quite a risk… Pacific Rim supply chain leaders/hubs becoming increasingly ISO27001 (not compliance) focused US getting its act together regarding supply chain hubs/partners via dept of homeland security & focus on cybersecurity

Global Enterprises… which SME would you trade with? Information security not the main factor But what if the other factors are roughly equal? which would you choose? certification (evidence…) or “compliance” (talk…) Real danger that UK SMEs could lose out on contracts on information security grounds… may already be losing out!

Asia (Pacific Rim) Led by Japan, Taiwan… Certification is supply chain driven Impressive take up of ISO27001 certification (approx 80% of world’s ISO27001 certificates)

US has got the message… Latest from Omanoff [VP McAfee] (29/10/11): “… an increase in attacks targeted at industrial systems and embedded devices has raised the risk that manufacturing facilities and other supply chain links could be infected.”

UK SME Priorities for 2012 Omanoff quote used on a UK technology reporting website (v3.co.uk) offers-advice-securing-supply-chains offers-advice-securing-supply-chains Same website: survey for businesses: “main priority for the new year?” 98% reducing costs 1% make more use of social media & cloud 1% improve information security

Not all doom and gloom! What if UK SMEs can be convinced that better information security brings about “reducing costs”? Whole academic field based on such matters: “Economics of Information Security” findings rarely get to SMEs… They should!!!

The Future SMEs will find more stringent requirements on security from global supply chain hubs/leaders Evidence of good information security will be a key factor in getting contracts that means education, and certification… UK government needs to use every means possible to directly support SMEs in helping themselves offering funding top-down to agencies and expecting it to filter to SMEs seems naive