Archives For author

hero

Eskenzi PR have once again decided to run Security Serious Week from 3rd TO 7th OCTOBER to encourage UK Plc to take security more seriously. The whole ethos of Security Serious Week is to garner the cyber-security community to give something back and encourage others to take security more seriously in the hope that together we can create a more secure environment to do business and ultimately act as an enabler to make UK PLC a safer place to trade online.

During the inaugural Security Serious Week last year, over 3000 people took advantage of the 45+ webinars and over 100 people came together for a photocall outside the Tower of London to show that they are “Security Serious”.

This year we are introducing two new events to run alongside the Week.  The first is a Security Serious Conference; on the morning of 3rd October the second is the Unsung Heroes Awards on 6th October.

The Conference will be held for free for 80 business influencers and end users at the prestigious Churchill Room at the Department of Culture, Media and at 100 Parliament Street. The theme of the conference will be around security awareness and run 3 key sessions:

  1. Changing the Culture of UK Plc to “Think before you Click” – making security awareness sticky and fun – a number of CISOs will present on how they are managing to do this within their companies, including GSK, Canon UK, Publicis and The Economist
  2. Top 3 things to make the board sit up and take security seriously – including the importance and changing role that GDPR will have on your business
  3. Why you should you hire a hacker – with speakers such as Jennifer Radcliffe, a well known social engineering expert, Ian Glover head of CREST and Pete Wood, an ethical hacker.

If you would be keen to be a speaker or indeed attend, please email saul@eskenzipr.com.

The Security Serious Unsung Heroes Awards

These awards are taking place for the first time this year on October 6th in Spitalfields to celebrate the people, not the products, who work tirelessly securing UK businesses, Government and the national critical infrastructure.  These are the women and men who have on numerous occasions saved our bacon, from companies being brought to their knees by a breach or a continuity disaster.   There will be no fees to enter the awards or indeed if nominees are shortlisted, they won’t have to pay to come to the awards night either. In order to make this financially viable, we have 10 sponsors paying to cover the costs of the event, including Mimecast, Acumin, AlienVault, Netskope, Lastline, whiteCryption, Imperva, CrowdStrike, Publicis Groupe, Varonis, Proofpoint and GSK.

The whole ethos of Security Serious Week is to garner the cyber-security community to give something back and encourage others to take security more seriously in the hope that together we can create a more secure environment to do business and ultimately act as an enabler to make UK PLC a safer place to trade online.

THE DEADLINE FOR THE UNSUNG HEROES AWARDS HAS BEEN EXTENDED TO FRIDAY 22ND JULY SO IF YOU THINK YOU ARE DESERVING OF AN AWARD OR WOULD LIKE TO NOMINATE SOMEONE WHO IS please go to www.securityserious.com.

 

Advertisements

RAINBOW

Do you remember the day when you got your dream car? How much fun you had driving around in it!  Then, slowly, the feeling started to wear off and you wanted something shinier, faster and smarter!  In fact, if you’re in sales, you’ll know that feeling you get when you are chasing the next big deal you get a huge kick when you bag it, but it only lasts a while before you’re after the next deal.

 

Well PR is a bit like that too, where you are constantly striving for, and demanding, the next big piece of coverage – the big national, TV or radio placement!  The pot of gold at the end of the rainbow! No longer are we just happy with getting into the trade publications; we don’t feel like we’ve achieved true greatness unless we get into the nationals.

 

It’s an addiction! An obsession! And we suffer from it here at Eskenzi!  What’s even worse our clients also suffer from it.  It’s totally contagious, chasing the next big story for that fantastic fix. You get it once and you want more and more!

 

The funny thing is that most of our clients come to us very disheartened about PR. They’ve often been let down by their PR agencies, and don’t really believe that they can get great press coverage day in and day out!  So, when they initially start with Eskenzi PR, they are delighted when they get into the likes of SC Magazine, Infosecurity, TechWeek Europe, ComputerWorld and Computer Weekly.  But then they want more! They start loving the idea that they’re seeing hits to their website going up day by day and then peaking when they get a great piece published.  Then they get into the likes of The Register, V3 or TechCrunch and still want more! Their sales teams start congratulating the marketing and PR teams, which we all know is virtually unknown for sales to do, because when they turn up at meetings prospective customers have heard their company name and are happy to talk to them.  They see the power of PR.

 

Then the icing on the cake happens. We get them a hit in the FT – the golden chalice!  Everyone jumps for joy!  They send out emails to the company, their customers and go home feeling proud that they’ve done a great day’s work!  It’s just the best feeling in the world – a buzz that nothing can compare to!  Then they want even more, we want more and so it happens. The next week’s coverage is just ten nice hits in the trades, but they want the nationals,. In fact they want TV.  And we then have to remind them that PR is all about peaks and troughs –good constant regular coverage in the tech press is just as important as the giant, circulation nationals!

 

Thankfully, at Eskenzi we can provide balance at the same time as maintaining our clients need for the big high!  Maybe that’s why our clients stay with us for an average of seven years.

 

This week alone, we got three clients mentioned in the FT, three different ones mentioned in the Guardian and The Times, and ITV are doing a programme with one of our clients next week. That is all on top of 330 pieces of coverage this week in the trades (and we’re talking The Register, Huffington Post, BBC.)

 

This week is no different to any other – I’d actually say it’s been quite a quiet one, as some weeks we can get 120 hits in one day! I hope, though, that we never get tired of the kick we get for our clients, nor should our clients ever get blasé with the coverage – we love it, we’re proud of it and I know they are too!  Who’d have ever thought that IT security PR would be such fun  and keep providing the constant buzz it does?!

Black out's

The first week of 2016 has started AMAZINGLY well for the Eskenzi family of clients.  However, the client who has come out on top and gets a gold star from all of us here has got to be ESET, because they were responsible for uncovering a brilliant piece of research and announcing it just as everyone was turning up at work on Monday morning.  They discovered the BlackEnergy Trojan had been used by hackers to attack the Ukrainian electric power industry and left almost a million people without power over Christmas.  ESET were able to show through their own telemetry that this was not an isolated incident and that BlackEnergy had also been used to target numerous energy companies; however, not all of the targets had successfully been infected by the malware. 

The attack scenario was simple: The target got a spear-phishing e-mail that contained an attachment with a malicious document. The Ukrainian security company CyS Centrum published two screenshots of e-mails used in BlackEnergy campaigns, where the attackers spoofed the sender address to appear to be one belonging to Rada (the Ukrainian parliament). The document itself contained text trying to convince the victim to run the macro in the document. This is an example where social engineering is used instead of exploiting software vulnerabilities. If victims are successfully tricked, they end up infected with BlackEnergy Lite.

So once again something as simple as a phishing attack resulted in hundreds of thousands losing electricity! Crazy eh!

Although this is awful for the people affected and of course the power industry itself is exposed which isn’t good for anyone – it does hopefully mean that the power industry will learn from their mistakes and  take remedial action and make sure they protect their systems with better security in the future.  At the very least you would hope that any companies reading about ESET’s research will take note an ensure their staff are trained to recognise what a phishing email looks like.  See I’ve started the new year all full of hope and optimism!

From our perspective as a PR agency ESET is the perfect client.  They do the research, detection and exposing and we then do our job as their agency to get the story out to all our media contacts.  Research and exposing vulnerabilities makes headlines – it’s still one of the best PR hooks in the book – it’s real, original and newsworthy – it makes headlines!.

As a result ESET have got into almost every national newspaper this week including the FT, Reuters, Forbes, Metro, Telegraph, the Independent, Business Insider, the Register and International Business Times. 

Nice job done – thank you ESET for being a brilliant client – and let’s raise a glass (albeit an empty one, because it’s dry January) to plenty more discoveries from ESET and other clients during 2016.

Looking forward to week two!

 

 

Security Serious Photo Call Official Photo (small jpeg)

Thanks to the support of over 70 of the UK’s top cyber-security experts, the first ever Security Serious Week was able to help over 1000 businesses learn how to become more security savvy and cyber-aware, through the FREE week long webinar programme.

Security Serious Week which ran for the first year was introduced to encourage more companies to take security seriously by learning from those who are already security savvy – with the end game of making the Internet a safer place to trade online. Seventy companies offered their time and expertise for free throughout the week by providing webinars, seminars, Q & As and drop-in events on a wealth of cyber-security subjects.

All the webinars are still available to listen to on demand at http://www.securityserious.com

Yvonne Eskenzi, the driving force behind the campaign, explained, “In this cyber-hostile world, it’s all about joining forces to inspire one another to collectively take security more seriously and become more security savvy. The support that’s been shown for Security Serious Week shows that the IT security community are passionate about working together and passing on their knowledge to others in the battle to keep the hacking community at bay!”

Security Serious attracted a number of high-profile supporters from the UK’s leading businesses, universities, associations and government bodies – including: Unilever, BT, HP Enterprise Data Security, Canon UK, HSBC, Publicis Groupe and GlaxoSmithkline as well as many of the world’s leading IT security vendors.

To find out more about Security Serious, the organisations who supported the campaign visit https://www.securityserious.com

logo-date+slogan(banner)

Just back from my hols and it’s heartening to see that whilst I’ve been away so many great movers and shakers in the IT security world have signed up to get involved in Security Serious Week in October. So many of the CISO community have already committed their time for free to offer seminars and webinars on a host of great subjects including Unilever, BT, Canon, Lloyds Bank, HSBC, GSK, Publicis Groupe, Markit, Willis and The Economist to name but a few!  Our loyal analysts including Ovum, Quocirca and IDC are on board and yesterday I was delighted that the Department for Culture, Media and Sports have agreed to get stuck in with events during the week and rally other Government departments to do so too – way to go!  The week should be incredibly insightful to any organisation wishing to become more security savvy!  So if you’re an IT security specialist or IT security organisation that wishes to impart your pearls of wisdom to other businesses to make them more Security Serious then why not organise a webinar or seminar. We’ll promote it for you on www.itsecurityguru.org and www.securityserious.com.    We’ve also got loads of companies participating in the press photocall at 12 noon on 26th October outside the Tower of London (find out more at www.securityserious.com) – where everyone will have a banner with their logo on it to show the world they’re “Taking Security Seriously”.  By participating in the day not only will you be counted as a company that’s Security Serious but it’ll be a great networking event as we’re all going to meet in the pub after the photocall – CISOs, analysts, press, vendors and other IT security professionals.  Hopefully, by getting together new contacts will be made and we can work together to make UK Plc a safer place to do trade Online! If you want to brainstorm how you can get involved then email me Yvonne@eskenzipr.com!

logo-date+slogan(banner)

Here’s an event that you’re going to want to be involved in because it’s for every company who takes Security Seriously!

The campaign is called SECURITY SERIOUS and we’ve dedicated an entire week to it from 26-30 October.  The campaign will push the message to the business community that – we’re taking Security Seriously and so should you!

We’re hoping to get 50+ best of breed companies who are good at IT security to help other companies become more security savvy through a range of exciting events! We’ll kick off the week with a photocall outside the Tower of London at 12 noon on 26th October.  Everyone will be there with their company logo and huge banner that states that we’re all pulling together to show that “UK PLC is serious about IT security. We’ve arranged for the press to take pictures at the photocall and then we intend to create a social-media frenzy around the whole week!

During the week we have lots of free lectures and events that companies are offering on a first-come first-served basis. These will be on a range of cyber-security topics – it could be “getting the board’s attention”, “how to stop breaches” – “Finding the right tools to securing an SME” etc.

We’ve already got some amazing large companies behind the week doing some really exciting events, BUT we want to get a huge momentum behind and need your help with the following:

  1. Let us know if you want to be involved in the photocall opportunity – if so we’ll get a huge placard with your logo on it.
  2. Can you support this event by offering something positive to other businesses during the week – it could be a webinar, free software, seminar in London, internal seminar to your staff, something inspiration and creative!  We’ll promote it through Eventbrite and Brightalk and on the website with your logo as a supporter of Security Serious.
  3. Who could you invite to get involved apart from your own company?
  4. Add the event and logo to your email signature
  5.      Blog about it.

YOUR INVOLVEMENT AROUND THIS EVENT WILL NOT COST YOU A PENNY – it’s all about the community collaborating as an industry to get best of breed security professionals from great organisations working to help others become more security savvy – that way we can improve the security posture of UK PLC!

So please let us know how you’d like to get involved asap so we can build your event and idea into the website and campaign.

For more details email Yvonne@eskenzipr.com

get-it

It’s a funny one this subject about IT security – it always comes back to the users – without us there wouldn’t be any security issues! And without us we wouldn’t need security experts to keep us in check!  We need them and they need us – right!

Every year we organise the IT Security Analyst & CISO Forum which is a wonderful opportunity to get raw and heartfelt insight into how the CISOs are feeling – what they are seeing, what’s troubling them and what they’re doing to find sensible solutions around the problems they’re facing. I felt hugely buoyant after this year’s gathering of CISOs they really seem on top of what’s going on! They were openly collaborating and helping one another – they understand they’ve got huge security issues – but there’s nothing out there that they can’t cope with.  Calm is afoot.

What hit me the most was the realization that users are useless when it comes to security – we the users just don’t care – if it’s in our way we’ll get around it – so there was a consensus in the room that “we need to move away from a No to a KNOW mentality” – because it just ain’t working! So you can’t try and block users from trying to do their jobs, but find the tools to make sure you are on top of what they’re doing with the information.

Oh dear but then that’s not all that easy is it because the 2 next biggest bug-bears that the CISOs discussed was Shadow IT and privileged user management – that’s top of mind the moment.

Shadow IT was a real first for me, what I mean is the term, (sorry I’m a bit behind with the lingo these days), they were all harping on about this being a really big problem – that’s us people yet again in PR and marketing, sales and management – we keep downloading these wonderful sharing apps that make everything so simple for our wee non IT brains – you just download the app and hey presto we can all share spreadsheets and contacts etc amongst our colleagues quickly and efficiently. Quickly and efficiently was never really in the security programmers DNA which is why we always come to an impasse with the security folks.  The likes of google sharing apps, DropBox, Box etc are causing a real pain in the backside for security – secure data is being shared outside the organisation willy nilly – but the good news is that these bright young CISO are onto us – they know what we’re up to and are now learning how to discover, monitor and remediate us where necessary.  At least with the coolest tools out there – they can keep the auditors happy and show they’re doing their best to meet the demands of the compliance chaps!

So we can keep working away with our apps because the IT security folks realise they’re onto a road to no-where – so instead of fighting it and saying NO they’re moving to a culture of KNOW instead.

So the other problem they really started to sit up and talk passionately about was the thorny problem of managing privileged users. Hmmm, it’s the human factor yet again! The typical scenario went as follows: One person is given access to the sensitive stuff, they then share it with a colleague when they go on holiday, a consultant comes on board they then get given access, the original person is promoted into another department or leaves, they hand over access to another new person but still retains access to the original information even though they no longer need it and so on.  One CISO from a major bank who shared his angst found his sentiments were mirrored by most of the other CISOs around the table – “Companies grow very quickly and you get lots of changes so we try to conduct regular privileged access account reviews, but I have to admit it’s one of the biggest problems we have not yet solved.”

It’s the thorny old problem – if you don’t drill into your staff that the data is a major asset of the company and it needs to be respected and dealt with responsibly then it won’t be respected.

Back to good old user security awareness and best practices then! You train your staff and they’ll be your biggest allies – get their trust, get them to take on a bit of the responsibility for security – and you’ll go along way to solving the problem.  That’s the conclusion I came to after listening to these savvy and very switched on CISOs, the reason they were so chilled was that they’ve learnt that security is a really big problem and it’s us users who are their biggest problem – but these guys have a strong handle on what’s going on they’re getting to grips with user awareness and responsibility!  They all admitted that it helps that over the last year the boards are giving them more air time at least 15 minutes every 6 months!  It means more so than ever they have the ear of the board who are giving them the responsibility, time and money to focus on putting security where it needs to go.  For more on what the CISOs talked about at the Eskenzi IT Security Analyst & CISO Forum read Ron Condon’s blog at http://www.itsecurityguru.org

Steve-Gold-NOV-2012
As I write this memory to Steve I’m smiling, because I knew him for 20 years this year and he always left me smiling, laughing and a feeling a whole lot better.  He was a great confidante and trusted ally to everyone at Eskenzi PR.  Whenever we needed an interview done for a client, Steve would stoically do it, even if there wasn’t really a story to be had, he would find one and turn up no matter what!  Where the hell did he find the energy!  He worked every hour G-d gave him and somehow found a few more, so although he was taken from us decades too early he had probably worked decades harder than most of us and packed in what 5 people do in a lifetime!  Steve did not stop working, he was tirelessly there for everyone, no matter what the time of day.

For ten years Steve worked behind the scenes at Eskenzi. No-one would have had a clue that behind many of our articles and rapid responses was the eloquent hand of Steve and he did that on top of his trillion other gigs (as he would call them)!

I always remember it was Steve who taught me the expression “Yvonne when a client jumps you say how high”!  And at the beginning of every interview with a client he’d introduce himself and say I’ve been a journalist for over 20 years and “shock, horror a journalist whose done their homework!”. Steve, you said it at every single interview!! Hilarious!

We would normally hear from Steve every single day with a request for something and recently during his latest gig at SC he’d request comment from our clients almost daily! boy oh boy was that man a loyal and trusted mate to each and everyone of us at Eskenzi.  Steve was so much a part of our Eskenzi family that he even came to our tiny staff Xmas party in 2013 and boy did we have some fun! I wonder what that clairvoyant told Steve!

Steve wasn’t just a work colleague, our kids knew that they could rely on him for every new film that came out, their wish was his delight, and the next day the postman would deliver a beautifully DVD of the very latest film that would make them the envy of all their friends at school.

It didn’t stop there, when Neil and I had any telecoms related enquiries from rolling out a new office phone system or buying a new mobile, or needing an international SIM card it was Steve we would call on and without doubt he’d have the answer.  Invariable before a trip to some far flung place Steve would also send over a chip or Sim that would mysteriously work wherever we were.

Whenever I was stuck for a fact or needed to brainstorm a new idea I’d phone Steve. Even if he was on deadline he’d always make time for me and since reading what others have said about him, it wasn’t just me he seemed to be able to make time for it was everyone! I also would call Steve when I wanted the inside track on a new client, deciding together whether or not I should work with them and he would always be there if something went wrong with a client cussing and swearing with me to console me if they’d be horrid!

Where oh where did Steve find the time to do so much and be so damn understanding.

I guess it was the nurse in him that never left him!

I marvelled at the time he’d found with Sylvia his wife to do up a house they’d bought and rented in Wales which they turned into the most luxurious holiday rental, and Steve also owned an art/interiors shop which l also couldn’t get my head around, because running a shop must have taken a huge amount of time too!

It seems strange that Steve has slipped so suddenly from our lives and it’s going to be very lonely and empty not to have him with us anymore, he was a dear and much loved colleague that went over and above what was ever expected of him. He was a also a true and loyal friend to me and Neil and during the ten years he worked for us and was truly instrumental behind the scenes in helping to grow our business. Boy oh boy are we all going to miss his humour and his mischievousness, his silly jokes and his just his being there for us at all times. Yes Steve, we’re all going to miss you, oh so very badly as there sure isn’t anyone else out there like another Steve Gold!

imagesJCZOUXTJ

OMG – so it’s nearly here – 2 days before our 2 month trip to San Francisco!  It all started a year ago with the dark November nights’ drawing in with our older daughter wondering what she was going to do during her gap year before going to Uni!  Then our youngest daughter piped up and suggested she could also take a gap year after her GCSEs before going on to study her A’levels – that’s when I thought why not go to the US for a couple of months during those deep miserable dark winter months.  That way we could all go off on one merry trip together as a family and Neil and I could look at expanding our business into the States.  By the time Neil had got home from work that night last November, we 3 girls had hatched a plan and amazingly Neil loved it.

So here we are one year later, with our bags packed, off on an adventure that we have no idea where it’s going to take us.  We have a beautiful house rented in the Marina in San Francisco and meetings set up with all our clients who are in the Bay area, plus a few meetings with new potential clients!

Our daughters have both got themselves aged 16 and 18 the most incredible internships at a brilliant media agency in San Francisco called Hub Strategy, with two others eager to talk to them when they land in the US.  With Hub, the lovely CEO said he’d take them under his wing and give them their very own client to work on! So one of their objectives is fulfilled – they’ve even been invited to the Hub Christmas party.

Neil and I have also decided to have our own Eskenzi Christmas party on 18th December where we’ve invited all our clients, friends, analysts and press – hopefully, we won’t end up drinking on our own – and if we do hell we’re in America, it’s San Francisco – the weather has got to be better than here and we’ll still have a ball!

So almost 20 years after setting up Eskenzi PR in the UK we’re ready to try our hand in the US of A!  Push those burgers to one side, we’re ready to walk on the broad walk, eat your tomatoes and start wearing a fanny pack.  I will draw the line with Neil wearing those chinos though!  Bring it on…………………..!

hacker
That’s a pretty far flung suggestion, but after my conversation with a “grey hacker” (that’s someone that works on the good side and also a little on the bad side) I’m not sure it’s so far-fetched. The truth is, I love talking to hackers. I think it’s becoming a bit of “thing” of mine, all because I’m trying to get my clients and their “hacker mates” to write a short story book made up of fictional hacker tales – based on the semi-truth. So in my quest to get this book written, I’m interviewing lots of hackers to get their thrilling tales from the underground. Well you could knock me over with a feather with what I’m currently hearing – it’s the most exciting venture I’ve undertaken in a long while.

Only last week my grey hacker friend was telling me about a bloke he met down the pub who has a rather interesting way of boosting his yearly income to pay for his wife’s new car or their expensive annual holiday. He manipulates share prices in what could be dubbed rather brilliant.

This is how it goes. He’s a very proficient IT consultant, called into major organisations to sort out all sorts of IT security issues from fire-fighting to unravelling an IT project that’s gone wrong and needs sorting out. He always chooses one year contracts, which gives him plenty of time to get familiar with the company and the company to get familiar with him. As an IT programmer, he has to get the back-door passwords or admin passwords which basically give him access to everything. He doesn’t use these for anything sinister at all for at least the year. He does a great job for the company and gets paid a fair price. Just before the company goes public with their profit announcements, he goes in through the back door and changes the figures. Of course no-one notices and the figures are very poor and surprises everyone – so of course the price drops. He buys a lot of stock but not so much that people notice he’s bought them, maybe just $50-$75k. Once the accountants have noticed that something has gone awry with the balance sheets, they re-issue the profit announcement and tell the world there was a terrible internal mistake and the price shoots up and he makes a very healthy profit.

That’s clever, obviously hugely illegal, immoral and very wrong – but you have to admire the guy and he’s never been caught because he doesn’t brag about it, isn’t greedy and leaves no trace behind him. I’m not saying this has happened in the case of Tesco’s – because when you read between the lines they look like they’ve just been pretty rubbish at “creative accounting” – but then my more paranoid brain says to me just imagine if there was a hacker that had screwed with their figures and now they’re having to make wonderful excuses to cover their tracks!

You see this book really is messing with my head – but I can’t wait to get all my contributions in from the hackers so you can read it and have your imagination run riot too!