Imperva

Okay, so I’m seriously buzzing from the Imperva Israeli Press Tour. Inspirational, energetic, dynamic, humbling and creative are just a few of the adjectives that are swirling around my head when I think back to the trip. I have been surrounded by some of the most brilliant minds in the world – most of whom have come out of the 8200, the elite intelligence division of the Israeli army.

If you can imagine a city of wannapreneurs – a place where it feels like everyone has just jumped out of the starting gates and are in the race to get to the finishing line, and whoever gets their first wins the million-dollar prize money – and that’s not fiction, that’s reality!  Look at the cyber-security companies that have come out of Israel – Checkpoint, Imperva, Cyber-Ark, Trusteer, which was sold to IBM, Tufin, plus many have R&D offices in Israel such as Akamai, IBM Security, Raytheon and RSA.

What happens in Israel is what happens when you throw a stone in a pond and it creates a ripple effect, a chain reaction. For many of those privileged and talented enough to have worked at Imperva, they have gone onto start up their own brilliant innovative cyber-security companies, many of which have been backed by the original founders of Imperva, including the true greats Shlomo Kramer and Amichai Shulman, who have both helped to spawn many successful start-ups.

Amichai, who is definitely one of the loveliest and brightest men I know, took the time to take us down Rothschild Boulevard where all the start-up companies hang-out of the most beautiful restored Bauhaus buildings. Each compete to be funkier and more fun than the next and are jammed packed with eager start-ups bursting with yet another brilliant solution that will hopefully solve the latest cyber-security threat.  The start-ups sit side by side the venture capitalists and angel investors – who incubate, nurture, counsel and invest in the new guys on the block.  It’s what Amichai is now doing after his 15 years building Imperva, now one of the most successful companies in data security and DDoS protection.  He has begun to invest in many incredibly innovative and needed solutions, as well as mentoring and lecturing, which seems to be the way it goes in Israel.  The idea of collaboration and helping one another is key to why Israel is so successful in cyber-security – the older, successful generation go on to help and support the younger generation.

There is an eco-system in Israel where businesses believe in supporting each other. I was told that if you have a new product or idea you’ll never be turned away by a company such as a bank, retailer or pharmaceutical company – their doors are always open as they are happy to trial beta products. It is the Israeli way.

These guys also trust each other emphatically and use their network to build their businesses – most of the founders of the start-ups I met had served alongside each other in the elite 8200 intelligence division of the Israeli army for the super brilliant.  Because they’ve trusted and had each other’s backs in the army, they have grown up like brothers, so it’s natural to continue trusting and working with each other, developing products that they see a need for once they leave the Israeli army.  The same goes for some of the other incredible businesses I met from the OFEK division, which is the intelligence division of the Airforce.  Panorays,a company well worth watching, was one that totally impressed me as they perform automated third party security management – a booming and much needed requirement with GDPR looming.

The education system is very much geared towards encouraging kids to go into cyber-security, too.  I met a friend over dinner whose son at 14 had just started a boarding school that specialises in computing and cyber – can you imagine that here in the UK? He is obsessed with computing, coding and hacking, so now he can do it safely and responsibly in the confines of a centre of excellence.  From these sorts of schools of excellence, they all then are conscripted into the military for a minimum of two years, which is where – if they have the aptitude – they are picked for the 8200 intelligence unit.

Ingeniously, this whole system helps sort out any skills shortage problem they may have because they are encouraging the kids from a young age to consider cyber as their career choice.  Interestingly, it’s only after military service do they then go onto University, and even then they have multiple Universities of excellence for cyber-security for undergraduates to choose from such as Ben Gurion University, Be-er Sheba.

During the press tour, we had six journalists from The Times, the New Statesman, SC magazine, Dark Reading, TechTarget and Bloomberg and were privy to a lunchtime discussion about why Israel is a cyber-security hub. We heard from Ofer Schriber, YL Ventures; David Mimran, the CTO of Ben Gurion University, Be-er Sheba; Nir Lempert, CEO of MER Group and a Deputy Commander of the 8200 Unit; Matan Or-El from Panorays and Roi Yarom Head of Policy Planning for the Israeli National Cyber-Security Bureau – here we saw the real professionalism and passion, the inter-relationships and camaraderie.

From this meeting I learnt, too, that the Government has a huge part to play in promoting and nurturing cyber-security in Israel; they have numerous schemes and initiatives to develop this area, plus they send lots of companies of delegations around the world to form partnerships. In fact, another of our clients IRONSCALES were away for part of the week on a funded trip by the Government on a trade mission to Tokyo, where they returned delighted that they had actually closed real business and made some incredible partnerships.  Another very interesting and worthwhile lesson to learn from the Israelis!

Like the rest of us, they do have their fair share of the cyber-skills shortage, but nothing like we see here in the UK or the US. The issue was more that everyone had a burning desire to stay only for a few years at a start-up and then be the founder of the next cyber-security start-up – so the same old retention issue that we’re all so used to seeing on our own turf.

The other remarkable difference about why I think Israeli companies do so well is the fact that everything is so close. Literally, where we spent most of our week, you could walk to every meeting, pop in to the folks next door, meet in one of the many coffee shops or cute, boho chic bars to catch up. Actually, in Israel I’m beginning to think everyone knows everyone else. Each time I mentioned someone they seemed to know them or were happy to make an introduction – everyone seems to be running in the race together – and if you trip up, or need a helping hand they are truly there for each other, to support, mentor and share where they can. I genuinely got the feeling they were in this fight to beat cyber-security threats together.

If you get the chance to visit Israel, then snap it up. It has a buzz about it which I found incredibly infectious and fun to do business there. Plus, where else can you go in December where it’s 80 degrees and you can eat outside in some of the best restaurants and bars in the world?

 

Advertisements

At Eskenzi PR, we believe PR is more than simply achieving press coverage. It’s about staying current in the industry and shouting about news that really matters. By sharing with the world your company’s voice and achievements around various social networks, we help keep you relevant, topical and in tune with the daily news discussion.

For our client FireMon, we send 3 stories in a twitter format (inclusive of hashtags and @’s) on topics relevant to the cyber security industry, which are then sent out periodically on the day from the company’s twitter channel. These can be tailored specific to the client’s own needs. We have also created a newsletter for FireMon to distribute internally which champions the week’s top coverage and the three top news stories from that week. This again helps increase overall viewership, shares of FireMon content and employee engagement.

In addition, any FireMon coverage obtained will be shared across Twitter and LinkedIn from members of the Eskenzi FireMon team to increase circulation and potential viewership. This helps boost FireMon’s overall Share of Voice which regularly pushes FireMon above their competitors. This is measured by our industry leading PR and social media analytics platform, TrendKite.

FireMon Overall Social Share of Voice comparison against competitors 1st January 2017 – October 31st 2017

Firemon case study

*Facebook, Twitter, Google+, LinkedIn and Pintrest are measured

TV is often considered the holy grail of PR, and one of the best ways for clients to really get noticed in the wider marketplace. As a result, we make great efforts to maintain regular contact and good relationships with TV producers for the various channels, and regularly get our clients interviewed on news programs offering comment about breaking news stories. But getting BBC Click to film and interview a handful of our clients at our offices for a special program about security was a rare highlight. Here’s how it happened…

Last May, as usual, we were busy contacting reporters in advance of the Infosecurity Europe trade show to offer interviews with our clients. We had managed to interest producers in speaking to a couple of clients but, as so often happens with TV, their plans changed at the last minute and we had to cancel. But we stayed in touch, and a few months later, we discovered that BBC Click was planning a special show about security to coincide with the annual DEFCON conference in Las Vegas. So it was a perfect opportunity to try and persuade them again to include some of our clients.

We had lengthy conversations with the producers about what they were looking for, and suggested some of our clients that might complement those storylines. As a result, the BBC Click team descended on the Eskenzi offices for an afternoon and filmed a series of our clients talking in-depth about pressing security issues. AlienVault and Cylance both discussed the growing availability of ransomware on the dark web, and demonstrated just how easy it is to purchase these exploits. Meanwhile, Positive Technologies demonstrated how easily a cash machine can be hacked via the Windows XP operating system that many of them use.

But the icing on the cake was persuading BBC Click to send a reporting team over to Newport, Wales, to film on location at Airbus CyberSecurity’s Security Operations Centre. The footage effectively captured the various services that Airbus CyberSecurity can offer, the types of customers that it works with, and the effectiveness of their SOC team at responding to global threats, like WannaCry. In short, it was a PR’s dream. Even better was the fact that, as a result of seeing the film, Airbus received an important inbound sales lead from a potential customer in the water industry.

The full program – Fear and Coding in Las Vegas – can be viewed here: http://www.bbc.co.uk/programmes/b08zqpm0

TelAvivAs a PR agency, we have one key indicator of our success: Coverage. If we can secure good quality, in-depth, and of course positive coverage for our clients, in relevant publications that complement their business goals, we can rest easy at night.

But how do we do this? All too often in the hyperconnected, globalised world of PR, we rely on sending clients comment opportunities which they then respond to for the media, who publish it. While this approach undoubtedly gets results, there are hundreds of other agencies across the globe playing the same game…So how can Eskenzi PR help their clients to get top quality editorial coverage, focused directly on them and highlighting their numerous successes?

One method which we’ve found success with in the past is to bring the media to the client, not the client to the media, in the form of press trips. This is a method which is particularly useful with an agency like Eskenzi, which has a client base with a global reach; It allows the opportunity to take press from all over the world to see our client’s expertise first hand.

One such trip is currently in the works with one of our clients, Imperva, to their offices in Tel Aviv, Israel. This press trip will be attending by influential tech journalists from all over the world, representing publications such as The Times, Dark Reading, The New Statesman, SC Magazine, The Times of Israel and Bloomberg.

Imperva, aside from being a major name in the global cybersecurity market, are also an invaluable player within the Israeli cybersecurity industry. Described as the ‘cybersecurity capital of the world’, Israel has been extremely proactive harnessing homegrown security talent in recent years, and huge brands like Imperva have provided invaluable support, advice and guidance to start-ups looking to succeed in the industry.

So, this press tour will allow Eskenzi not only to demonstrate Imperva’s expertise within their own company, but will also help to frame them as a force for good in the cybersecurity industry generally, helping to nurture and support the next generation of companies that will be striving to keep our data safe, and will also allow some of our key journalist contacts to enjoy a trip to a fascinating and fun location.

To find out more about Eskenzi PR’s latest press outing, watch this space!

Over 3 years ago, I had a bonkers idea, (yet another), to create a series of activities for Cyber-Security Month in October, the month that traditionally was labelled cyber-security month but nothing ever happened. So during the summer with just 6 weeks to pull it off, together with the awesome Eskenzi staff, a number of wonderful trusting clients and dynamic CISOs somehow we got 100 companies to stand outside the Tower of London with banners all declaring our commitment to security! There began Security Serious Week which comprised of dozens of free awareness webinars, a conference and in the last couple of years an incredible Awards evening for the real heroes in the security industry.

The Security Serious Unsung Heroes Awards this year was not only great fun, but played host to over 100 real heroes who have worked tirelessly behind the scenes for years and years to secure our national infrastructure, kept lorries on the roads, planes in the air and money flowing through the banking system without major disruption. Last year we even crowned Professor Edward Tucker, the Godfather of Security as founder of ISO 27001 alongside many dozens of CISOs proudly collecting their awards, including Steve Wright from John Lewis – who said “I’ve literally never won or been recognised for anything in my life – and this means the world to me – it’s one of my proudest moments of my life”.

The awards really do recognise and reward the people who are the backbone of our industry and shortly we will be going back on the hunt for next year’s unsung heroes. So if you have customers, friends or colleagues who you think should be recognised for an award – let us know! The awards entry takes literally moments and is free to enter and free to attend. Go to www.securityserious.com

Now here comes the part where you can help us! To run the awards we need sponsorship, but not much. For just £3000 you can sponsor an award and you’ll get tons of exposure for your sponsorship.

This is what you will get as part of your sponsorship:

  • Logo on Security Serious Website for a year
  • A webinar which we will host for you during the week on a subject of your choice (as long as it’s not product specific) and you will get all the leads from – on average about 70+
  • Mentions on all the pre-event publicity and press releases
  • Attendance on the night at the Unsung Heroes Awards, with branding on the night
  • Your logo on a canvas at the Awards
  • Your logo on the stage banners
  • Mentions in all mailshots that will be sent out by Eskenzi PR

These are the categories that you can sponsor:

Captain Compliance

This award will go to the person who has mastered legal jargon around compliance – and possibly the challenges of doing so in the Cloud – and has taken bold steps to ensure data protection, working tirelessly to comply with the vast array of regulations that affect their industry sector.

Fraud Fighter You don’t have to tell this person that customer data is some of the most important data held within an organisation.  The Fraud Fighter winner will have implemented a procedure within the organisation to help keep data safe, avert or detect fraud.

Godfather of Security

This award will go to someone who has been around the block and back and contributed greatly to the IT Security industry for more than 25 years.

Cyber-Writer – Sponsored by SE Labs

This award will go to the IT security writer who is completely on the ball and understands cyber security, demonstrating this through thought-provoking, well-written articles and interviews that help educate and inform his/her audience.

Security Avengers Security is not a one man job so this award will recognise the best IT security team and how it averted a security disaster or persevered in the fight to keep the organisations safe from cyber threats.

Best Security Awareness Campaign – GSK

In order to increase education on cyber threats and digital behaviours within the workplace, Security Awareness campaigns are often a vital part of getting the message out. This award will honour the campaign and the individuals who organised the campaign.

Security Leader/Mentor

The winner of this award will be someone in industry who leads a team or mentors individuals, taking the time to show them the ropes and ensure those coming through the ranks are prepared for the future.

Apprentice/Rising Star

Our future cyber welfare depends largely on these rising stars.  Whether in formal education, under employment or doing extraordinary research of their own, the winner of this category will show great promise with his/her technical or practical ability.

Best Educator

This award will go to a professor, lecturer or teacher who leads by example to inspire and motivate the next generation of cyber security professionals.

CISO Supremos

CISOs play an important role in securing all aspects of the business and implementing programmes that increase the security posture of an organisation. It’s a tough job, but someone has to do it – these awards will recognise the best in each of the following sectors:

  • Retail
  • Finance CNI
  • Manufacturing
  • Media & Entertainment
  • Telecoms and ISPs
  • Charity

Categories are available on a first come first served basis, so if you would like to sponsor the awards do let us know asap or if you’d like to come up with your own category give us a call or email beth@eskenzipr.com – Tel: +44 (0)207 1832 832.

 

Hacker Tales

A couple of years ago we published an e-book titled ‘The Hacker Tales: Stories of Hacking, Privacy and Deception’. It was hugely successful being picked up by numerous publications, websites and promoted across multiple social media platforms which resulted in it being downloaded 2000 times.  The idea of the e-book is to be a grown-ups bed-time story book, where through short stories you go off to sleep wondering whether the story you’ve just read could really happen, or was it just fiction, with a moral story running through it!

The short stories can be written by anyone, all you need to do is dream up a scary hacking scenario which could possibly be something that could happen today or not in the near too far distance. They need to be entertaining, riveting, concise and enjoyable with a list of helpful hints and tips to the reader – offering IT security best practices to help readers be more security savvy otherwise there could be consequences.

Would you be interested in sponsoring the next Hacker Tales book for £1,000? Half of the money will be a charitable donation as it will go to the Children’s Charity NSPCC –  http://www.nspcc.org.uk  (which is the charity that the IT security community support through the White Hat Events http://whitehatevents.org.)

In return, your logo will appear in the e-book which will be promoted through the www.itsecurityguru.org and distributed to the entire IT Security Guru database, plus be a main resource to download from http://www.securityserious.com. In addition, Eskenzi will be working hard to promote the e-book through our many media friends and associations which we are hoping will reach over 100,000 people, plus we hope as a sponsor you can promote it through your own channels too. We’ll even provide you with your own digital copy that you can share with your customers.

MOST IMPORTANTLY, we’ll be on the lookout for good stories to include so, if you or any of your colleagues feel inspired to write a chapter of around 1000 words, we’d love you to take a read to consider it for inclusion.

Have a read of the book and let me know if:

  1. Make a charity donation to the book by being a sponsor
  2. You’d like to contribute a short story

The book will be also be available for download via the Security Serious website, other media sponsors, and we will self-publish through Amazon.

If you’re interested in getting involved then please contact dulcie@eskenzipr.com or call 0207 1 832 837.

Eskenzi PR will once again be organising the IT security analyst & CISO Forum on 1st and 2nd May 2018 in London – this year we’ve pulled out all the stops to get some really outstanding analysts to fly in from the US, Germany and the UK to meet with just 10 vendors.  Already 5 places have been snapped up, so now we’re on the scout for another 5 leading edge companies who are going to wow the analyst and CISO communities with new innovative technology and strong ambitious plans to grow and show competitive advantage.

This event has been designed to make it incredibly time and cost effective as it combines three events into one:

  1. Meeting a year’s worth of analysts in one day
  2. A CISO roundtable with between 10-15 of the UKs top CISOs
  3. Lead generation opportunity through exhibiting at the CISO debates for over 50 end-users which takes place on the second afternoon of the event.

The Forum has been going for over a decade and is only available to just 10 vendors, of which there are now just 5 places left.

These are the analysts who have so far agreed to attend:

  • IDC – Duncan Brown (UK)
  • Bloor Research – Fran Howarth (EU)
  • Kuppinger Cole + Partner – Martin Kuppinger (EU)
  • Quocirca – Bob Tarzey (UK)
  • Telesperience – Teresa Cottam (UK)
  • Goode International – Alan Goode (UK)
  • ABI Research – Michela Menting (UK)
  • Ovum –Rik Turner (UK)
  • PAC  – Paul Fisher (UK)
  • Securosis – Mike Rothman (US)
  • 451 Group – Scott Crawford (US)
  • Forrester Research – Heidi Shay (US)
  • Aberdeen Group – Derek Brink (US)
  • NSS Labs – Paula Musich (US)
  • David Monahan – EMA (USA)

End-user companies who will attend include:

Santander, National Grid, Network Rail, GlaxoSmithKline, Virgin Media, BP , HMRC, Commerzbank, BBC, BT,  Foreign Commonwealth Office, John Lewis , NFU Mutual,, Betfair, Channel 4, Lloyds, Unilever, Barclays, The Economist, HSBC, Home Office, Cabinet Office, NHS.

If you have new products and have something refreshing and insightful to impart to the analyst community then you should seriously consider attending this event.

The cost of the event is £13,500 which includes the entire 2 day event, including accommodation for 2 nights in Park Lane’s Intercontinental Hotel, which is absolutely gorgeous, plus dinner for 2 nights and breakfast and lunch over the 2 days.  Any additional delegates attend for £1000 plus VAT.

The event will once again take place at No.4 Hamilton Place, Mayfair, London W1J and we hope you will be able to attend.

If you are interested in reserving a place please call Yvonne on +44 (0)207 1832 832 or email yvonne@eskenzipr.com

The world of social media was rocked last week when Twitter announced that it would allow people to increase the length of their tweets from 140 to 280 characters. The move follows a trial among a small group of users during September, in response to criticism that it was not easy enough to tweet.

During the test period, only 5% of tweets sent were longer than the original length of 140 characters, and only 2% used more than 190 characters. But the social media site revealed that those who did use the longer tweets got more followers, better engagement and spent more time on the site, according to a blog post which detailed the findings.

But soon after the announcement was made, the Twitter backlash began, with newsfeeds quickly clogging up as people tried to experiment with the new format, often using up the characters with meaningless words and jokes. Many pointed out the changes they would rather have seen, such as a crackdown on hate crime, or the introduction of a chronological timeline and edit function.

But how could this change affect those of us working in PR? Twitter is another medium that we use to contact reporters about client news, and when we’re dealing with complex reports, then the additional characters might allow us to include a different angle or additional detail beyond the headline. The change should also be useful for social media analytics, giving us the potential to track influencers’ interaction with brands in a more meaningful way.

But the move could also spell trouble for consumer-facing organisations who deal with customer services on Twitter. Public complaints made in this way could soon become more detailed and potentially damaging for brands, and to diffuse potential crises it will remain key to respond quickly and take any damaging conversations offline where possible.

Any brand communicating with their customers via Twitter would do well to remember the Twitter backlash when the announcement was made. The platform has become popular as a micro-blogging site, and succinct communication is key – so it will be important to avoid any unnecessary words, and make every character count, to retain high levels of engagement.

Twitter currently has 330 million active users, compared to 800 million for Instagram and more than two billion users for Facebook. The change to 280 characters is part of Twitter’s broader plan to attract new users and increase growth.

If you’re in the security game, WannaCry is like celebrity deaths…You always remember where you were! I for one was in the office, frantically getting all the available information over to my clients so we could have a comment written, approved and pitched in a timely fashion.

Such was the same when the NAO announced at the end of October that the NHS could have prevented the WannaCry attack by taking simple cybersecurity recommendations. While this was admittedly terrible news for the NHS, it was great news for our Eskenzi clients! A nationally recognised government office, going on the record about the cybersecurity failings of another globally known, much-loved national institution was almost too good to be true. This is particularly useful for our clients as the report echoes the sentiments that expressed as the time of the original WannaCry outbreak back in May.

At this point, the Eskenzi ‘rapid response’ process ramped up a gear, with Eskenzi employees all over the globe mobilising to capitalise on the news, and allow our clients commentary to become a part of the news agenda around this story. Both the quality of the comments our clients can provide, and the speed and accuracy with which they are pitched to the media are all crucial factors to consider when dealing with a rapidly changing news agenda. Luckily for us, the combination of our excellent PR professionals and our clients’ sector-leading knowledge meant comments were quickly drafted and pitched from across the infosec spectrum. Some of our excellent client commentary on the subject is included below:

Javvad Malik, security advocate at AlienVault:

For many organisations, it’s not a matter of if, but when. Fundamental security controls and hygiene could have prevented, or at least minimised the impact of WannaCry on the attack. But perhaps even more telling is that while the Department of Health had an incident response plan, it was neither communicated nor tested. Without a clearly communicated and tested incident response plan, trying to make one up in the midst of an incident is a recipe for disaster.

It becomes increasingly important for all organisations of all sizes to invest in cyber security. It doesn’t necessarily need to be huge investments, but care should be taken that the fundamental security controls are put in places and validated, as well as testing an incident response plan.

Anton Grashion, managing director-security practice at Cylance:

“While it’s true that organizations could have prevented at least one recent ransomware outbreak through ‘basic IT security,’ such as regular patching, the fact remains that a treasure trove of weapons-grade malware has recently been made available to every variety of threat actor on the Dark Web. It’s easy to say that if recommendations were acted upon the effect would have been less, but there would still have been an effect because the initial malware infection had to be stopped as well – not something the recommendations covered.

“Regular patching is necessary, but not sufficient for preventing highly damaging cyber-attacks on networks. It’s still imperative for security teams to evaluate next-generation anti-malware technologies inside their own organizations to see what works best for their purposes against these increasingly sophisticated new malware types, which are regularly failing to be stopped by traditional security products. Indeed, there is still a large estate of aging operating systems in daily use in both public and private organizations and while it is advisable to migrate to more up to date versions it’s sometimes a decision on what else will be cut to upgrade. Better yet is to protect these platforms in the first place and buy some breathing space in which an orderly upgrade program can be executed when budgets allow.”

Stephanie Weagle, VP at Corero Network Security:

“Organisations operate un-patched legacy systems and no formal mechanism to effectively protect against the evolving landscape of cyber security threats is irresponsible.  Over a third of national critical infrastructure organisations in the UK (39%) have not completed basic cyber security standards issued by the UK government, according to data revealed under the Freedom of Information Act.  In order for the UK to become the safest place to do business, Critical Infrastructure must engage in cyber resiliency best practices, and proper security defenses.  To keep up with the growing sophistication and organisation of well-equipped and well-funded threat actors, it’s essential that organisations maintain comprehensive visibility across their networks, to instantly and automatically detect and block any cyber threat, including DDoS attacks.”

Edgard Capdevielle, CEO of Nozomi Networks:

“The National Audit Office’s report reminds us that cyber security is not optional, it needs to be part of regular operations. Clearly there is a high cost when regular IT system updates aren’t implemented and cyber security recommendations aren’t followed.

“Attackers continue to look for new and inventive ways to infiltrate organisations and infrastructure meaning global outages as Wannacry was able to realise could become increasingly frequent if left unchecked.

“The EU’s NIS Directive due to be implemented into UK law next May, those who fail to adequately protect infrastructure will be penalised financially.

“With ransomware – such as WannaCry, especially given its ability to reinfect connected devices, prevention has to be first and foremost. Applying artificial intelligence and machine learning for real-time detection and response, organizations can monitor for known malware infections and detect anomalous behavior that might indicate new malware variants enabling organization to rapidly discover and act to remove malicious code before harm is done.”

Gavin Millard, technical director at Tenable:

“In theory, Wannacry could have been easily prevented by deploying a freely available patch and restricting or removing a ubiquitous service called SMB from Windows systems that couldn’t be updated. In reality though, due to the complex networks in place, overlapping ownership of devices and systems that can’t be updated due to contractual issues with the suppliers, this was far from trivial to accomplish.

“To be resilient to further attacks of this nature, each of the NHS trusts has to ensure foundational security controls are in place and identify where improvements are needed. The UK government has already defined controls every critical infrastructure should follow with schemes such as Cyber Essentials and NIS. But to implement these guidelines effectively, investment is required into a public sector that is already severely lacking funds.

“As we become more reliant on IT systems for every aspect of our critical infrastructure, including healthcare, the impact of a major vulnerability affecting those systems shouldn’t be underestimated or the risks ignored. Putting in place a robust process for identifying all systems on the network and how vulnerable they are, are foundational security controls for a reason. Without this ability, networks will continue to be easily infected by ransomware like Wannacry”

For other coverage successes at Eskenzi, please go to

http://www.eskenzipr.com/Content/News-1-2/1_38/

By Conor Heslin, Account Executive at Eskenzi PR

Many of us now rely on open source software for almost every aspect of our daily computing needs, from our web browsers (Firefox) to email solutions (Zimbra) and content management systems (WordPress).  These solutions make computing much more accessible and save consumers considerable amounts of money – a 2008 report by the Standish Group states that open-source software has resulted in savings of about £48 billion per year to consumers.  But, what drives the open source revolution? Why do people adopt this software and what does this mean for security?

From a user-experience and performance perspective, open source software works in the same way as proprietary software. However, open source software gives its users the transparency to access its code and the freedom to copy, change or improve it. What this means for security is that more people are looking at and testing the code, so if there is a problem it is more likely to get noticed faster and fixed before it causes any serious harm. Indeed, as the fix will be publicly available, other organizations can adopt it and shield themselves from the same problem. Whereas, in closed sourced software, no one outside the organization knows about the bugs or problems discovered in their code and often, it could even take months for companies to release a patch.

Open source software can be used to help solve cybersecurity problems by enabling individuals to share their knowledge on security issues and collaboratively come up with solutions for them. And because these solutions will be publicly available this means that anyone can reuse or even improve them. A great deal of the cyber security problems we face today have occurred due to bad design or the lack of knowledge about potential security threats. However, by openly sharing existing knowledge about threats, OSS can certainly improve the security landscape.

Indeed, the key elements of open source software are its openness and transparency. And it is precisely the lack of secrecy that create trust in users, developers and the organizations themselves. For example, when it comes to something as simple as the use of encryption software, which helps secure information, email/text messages or any other type of online communication, users are more likely to trust an open sourced solution than one that claims their code is indestructible.

On the other hand, open source software tends to be less “user-friendly” and may require more technical knowledge than proprietary software, because it essentially doesn’t aim at generating money. However, learning about open source software and how both organisations and individuals can benefit from using can be crucial for establishing the security and privacy aspects in information technology. It’s definitely an area worth exploring!

By Elizabeth Nikolova, Account Executive at Eskenzi PR