Cyber Security

Computer security, also known as cybersecurity or IT security, is the protection of computer systems from the theft or damage to the hardware, software or the information on them, as well as from disruption or misdirection of the services they provide.

It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

The field is of growing importance due to the increasing reliance on computer systems and the Internet in most societies, wireless networks such as Bluetooth and Wi-Fi – and the growth of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things.

Cyber Essentials Part 2: Cyber Aggress Interview

The second half of Company Connecting's focus on CyberAggress and their Cyber Essentials work: An interview with CyberAggress’ own David Evans.

CC was recently lucky enough to speak to David Evans of Cyber Agress, who've helped many organisations through Cyber Essentials.

Cyber Essentials Part 2: Interview with Cyber Aggress

CC's first Scotland-specific Cyber Security Infographic. Company Connecting data has previously been used to publish Infographics on this topic over a much larger geographical area, and interestingly the results are quite different.

Company Connecting's first Scotland-specific Cyber Security Infographic

Cyber Essentials Part 1: The experience of Managed IT Experts with Cyber Aggress

Part 1 of 2 articles looking at the Cyber Essentials scheme helping businesses get secure.

In Pt1 of 2 articles about Cyber Essentials, we spoke to David Shuster of Managed IT Experts about his experience of going through it with CyberAggress.

The first of two CC articles centred around the Cyber Essentials scheme

Mark Chimley, an Information Assurance Architect and Cyber Security Consultant asks "What are reasonable mobile computing security procedures?"

Working on the Move

I am writing this on a train using mobile computing devices (a netbook and a phone) and I'm fairly happy with the security measures I've put in place and the procedures I'm using to enable mobile computing, but are these appropriate controls for the majority of people? There is always a risk involved in carrying out business practices outside of an office environment but it's pretty obvious that the advantages of the mobile office in its various forms are such that few of us can constrain our work to just occurring within a traditional office.

It seemed apt to write my first post here on a topic which is becoming increasingly important for businesses: the risk of ransomware. Just as a perpetrator may hold a physical person or thing to ransom, the same applies to a company's data assets and information. Documents, images and other files are encrypted by ransomware using a key that is only held by the attacker. A ransom demand is then made for release of the key so that the victim's files can be decrypted. As with many cyber attacks against businesses or individuals, the mechanism used to mount a ransomware attack is usually through infection of the victim's computer systems with some type of malicious software.

Cybersecurity and, more broadly, issues connected with cyberspace, have risen to the rank of strategic, global challenges. On the one hand, over the last few decades we have witnessed unprecedented opportunities for general development: economic, political, social, and individual. On the other, we are now facing completely new categories of threats, with potentially catastrophic consequences. All stakeholders, even the non-governmental ones, who, in the past, had limited or no tools enabling them to effectively influence the world around, now have comparatively easy access to technologies that may potentially impact entire international security systems. The Web has become a tremendous source of influence.

Image of the planetarium building in Poland accompanying the article about the Instytut Kościuszki by Aneta Urban

Cryptography has a saint and sinner profile just now, with companies like Google pushing forward HTTPs, and governments around the world railing against it. While many countries have been close to forcing companies to add backdoors, few have taken the step of ban its operation. Now, a royal edict from the president of the United Arab Emirates (UAE), His Highness Sheikh Khalifa bin Zayed Al Nahyan (Figure 10), has taken this step the massive step by making it illegal to use a secure tunnel, VPN or secure proxy service. Those who are caught will risk jail and fines between 500,000 and 2,000,000 UAE dirham (US$136,130 and $544,521):

Image of people on an escalator accompanying the cyber security article by Professor William Buchanan of Napier Univristy Something to hide: If you hide, you must be committing a crime

Secure tunnels and VPN connections have had a difficult time recently, as law enforcement has railed against their implement. Also with the increase in data loss, too, typically through an insider or from a remote access trojan (RAT), many companies are looking to ban VPN connections, and also to replace the digital certificate from the remote site with their own certificate (and thus be able to read the contents on a tunnel).

Image accompanying the Cyber Security article Something to hide: VPNs and Proxies by Professor Bill Buchanan of Napier University