Archives for posts with tag: IT Security

So unless you live under a rock you’ve probably heard of the new augmented reality app Pokémon GO, which has attracted huge attention across the world. However, one of the unfortunate lessons we have learned working in cyber security is that if something is popular with consumers, then you can guarantee it’s also going to be a big hit with hackers.

The App was first released in the US, Australia and New Zealand, however people from other countries didn’t want to be left out so found ways of downloading it outside of official app stores.

pikachu

This raised some security concerns which our client, Proofpoint, decided to delve into and research. Upon researching they discovered that a malicious app, pretending to be the official Pokémon GO app, was carrying malware known as DroidJack.  Proofpoint wrote a blog detailing the findings and Eskenzi pitched it out to national press, IT publications and other consumer websites. Quite frankly, the results were far beyond anything we could ever have hoped for.

We picked up an amazing 533 pieces of coverage in the UK, France, Germany and Canada in one week. These include The Independent, The Telegraph, Mirror, Express, The Guardian, Wired, the list goes on and on…and on.

Predicting which news story takes off is out of our control, however, when we align pop culture, global appeal, solid research and strategic media outreach, the chances of success are in our favour.

But more importantly, Pokémon GO has now been released in the UK and is safe to download from trusted sources so knock yourselves out, some of the Eskenzi staff have certainly jumped on the bandwagon.

In November we gained a new client called CertiVox; a Shoreditch-based cyber security company with a big vision to change the whole structure of the internet. In what we thought would be a normal meeting to get to know our new client, we were left gobsmacked at the big ideas and goals that this start-up had. The CertiVox CEO told us that trust on the internet is broken but he has a solution to fix it, as simple as that. It didn’t take us long to realise that this would be a very exciting client to work with, they had clear goals in mind and they wanted our help to achieve them.

CertiVox wanted a makeover and rebranding to become MIRACL. Our job was to take this new name that no one had heard of before and turn it into a well-known and trusted company. As if this wasn’t a mammoth enough job, it had to be done in time for their next round of funding this February.

In the first few days of working with MIRACL, before we had even met them properly, M&S had some technical glitches. So we practically threw the MIRACL CEO into a cab to the ITV News film crew in London to discuss the breach on national television. Not a bad way to kick off work with a new client.

Once we had time to catch our breath after the excitement of ITV news, we sat down and came up with a PR strategy to match MIRACL’s ambitions. We decided on a timeline to issue press releases surrounding MIRACL’s partnerships and work with big companies such as NTT and Experian. What we found particularly interesting was that Experian had selected MIRACL’s M-Pin technology to provide secure authentication for the millions of UK citizens who use the Gov.Verify service to log into any government activity websites such as DVLA and HMRC.

This coincided nicely with the tax return deadline of January 31st which would require anyone filing their tax return online to login using the Gov.Verify service. So we came up with the idea to carry out a survey on scams around tax returns. We then turned this into two press releases which achieved 180 pieces of coverage in publications such as the Metro, Yahoo News and MSN.

While all this was happening, we were also looking out for news stories around certificate authorities on which MIRACL could comment so that their voice can be heard on the issue, and it certainly has been in publications like SC Magazine and TechCrunch. Of course we also provided comment opportunities on big news stories in the industry such as the recent report which found that “123456” was still the most popular password. This achieved 30 pieces of coverage including the Guardian, Mirror and Metro (again!).

There was also the recent HSBC Distributed Denial of Service (DDoS) attack; terrible publicity for HSBC but great exposure for MIRACL’s CEO whose comments were included in publications such as International Business Times and Computer Business Review. On the following Saturday we had a call from a small television channel you may have heard of called BBC, asking for someone to talk about the Lincolnshire county council ransomware incident. We managed to convince the reporter to send a cameraman to Brian’s house for some ‘on the ground’ reporting and before we knew it, MIRACL’s CEO was on the evening news.

With appearance in online and print publications, television and radio and over 300 pieces of coverage for MIRACL since we started work for them in November, I think it is fair to say we have got their name out there loud and clear for the next round of funding and we don’t plan on stopping any time soon.

You may or may not have heard the news last week that a Snapchat HR employee fell for a phishing email in which a cyber criminal impersonated Snapchat’s CEO asking for employee payroll information. Worryingly, the employee was unable to recognise that this was a scam and gave the criminals the payroll information of present and former employees.

As no customer details were disclosed we knew that this wouldn’t be a huge story, yet as Snapchat is one of the most popular and wide spread apps on the market, it was a relatively safe bet to assume this would be written about. So we shared the story with our clients and Jonathan Sander, VP of Product Strategy at Lieberman Software came back with a great comment explaining that “the fact that Snapchat got snagged with this shows that being young, cool, and high tech doesn’t protect you from being a phishing target” and even millennials with their tech savviness will not be putting cybercriminals out of the phishing business.

Snapchat-flashy-features

Jonathan’s interesting comments achieved coverage in the Guardian, Computer Business Review, International Business Times and three other publications. Proofpoint also provided comments on the story which outlined just how sophisticated phishing attacks have become that even with training, people can still be fooled. These achieved coverage in Tech Week Europe and Information Security Buzz.

At Eskenzi we also get tens of phishing emails each day and we also received emails impersonating our CEO asking us to transfer money. Luckily, we were able to spot the scam however if we had fallen for it, it could have been detrimental to our agency. So while the Snapchat story resulted in good coverage for our clients we urge businesses to provide appropriate and ongoing training on how to spot even the most sophisticated attempts and plead everyone to be alert to suspicious emails.

By now, the media has been pretty well saturated with the news that the FBI has asked Apple for help in decrypting data from the iPhone used by one of the San Bernardino shooters under the All Writs Act of 1789.  Under the 227 year old law, the US Federal Court is authorised to issue any writs it sees fit.   Without getting too much into the technicalities (there is some uncertainty about what the FBI is actually asking of Apple – i.e is it really a “backdoor” or is it simply help in unlocking one phone belonging to a terrorist?)

  • applefbi

Apple hit back at the FBI with an open letter to customers saying that it is a “dangerous precedent” to set because “the government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location…” and so forth.  This could be a stretch in this particular instance, but it’s brought to light serious issues with regards to technology manufacturers and national security – issues that have been around for a while now.  Teresa May suggested a bill four years ago (nicknamed the Snoopers’ Charter) that is still being discussed in Parliament and David Cameron even advocated for weakening encryption in order to tackle terrorism and crime something that has had the security professionals raging. 

So here’s the kicker – it’s taken a singular case involving Apple to finally get regular people to sit up and care.  Suddenly it’s real because it’s a big brand, despite the technology industry shouting about it for years.  Friends and family of mine were talking about Tim Cook’s open letter to customers, posting to Facebook – people who have never cared about this kind of stuff before.

Makes you wonder though – did Apple see this as a chance for some publicity?  Ask a pen tester or someone in the know, and they’ll tell you they hack iPhones all the time; it’s not a big deal.  Does the FBI really not have the resources to do it themselves?  I’m sure they could if they wanted to.  So was the request to Apple a mere courtesy that Apple has taken advantage of?  There are lots of questions around this that seem to be unanswered, but the main thing that sticks out is how Apple has managed to capitalise on the situation.

But hey, anything that makes the public consider their data security and privacy ought to be a good thing, right? Or is that spoken like a true PR person? ;0)

IE_Logo_Trash-970x546

So, week two of 2016 here at Eskenzi was most definitely no shrinking violet compared to last week’s phenomenal results!

This week, Microsoft released its final patches for Internet Explorer 8, 9 and 10 along with an “End of Life” notice, to encourage users to switch to Internet Explorer 11 and Microsoft Edge, currently only available on Windows 10.

These changes were originally announced back in August 2014, and it is estimated that these older, legacy browsers could account for more than 20% of web traffic. Computerworld reported that as many as 340 million Internet Explorer users are still using IE 8, 9 or 10! NetMarketShare estimates that Internet Explorer accounts for 57% of the browser market, compared with 25% for Chrome, 12% for Firefox and 5% for Apple’s Safari – That’s a lot of people using browsers that are now potentially unsafe, and can no longer be patched.

This means that Internet Explorer won’t receive any more security updates, or other patches. Those still using the browsers could be vulnerable to security threats and even hacks; depending on what other (if any) security software is installed.

A story of this type throws open the rapid response doors for Eskenzi clients, many of which had sound advice on what users, who still use Internet Explorer 8, 9 or 10, can do to ensure they stay protected, despite this news.

Four Eskenzi clients commented on this story – ESET, Tripwire, AppRiver and Bromium – and one from our sister agency, SmileOnFridays – Tenable, which resulted in over 250 pieces of coverage across National newspapers, business publications and trade press.  The coverage obtained was truly global, with publications in the UK, United States, France, Germany, Kenya, Japan, Ghana and Argentina (and many more!) reporting on the news with commentary from our clients included.

Hits include the BBC, The Metro, Business Reporter (included with The Daily Telegraph), BT, SC Magazine, Dark Reading and Yahoo! News.

Several journalists reached out to Eskenzi for specific commentary, as we are so well known to those who report in the security and technology space, knowing they would get great quotes to use in their stories, as well as sound advice for businesses and consumers alike.

We’re lucky to work with so many amazing clients who can, at the drop of a hat, pull amazing quotes and advice out of the bag. I wonder what week three will deliver.

2016-01-06-image-6

logo-date+slogan(banner)

Just back from my hols and it’s heartening to see that whilst I’ve been away so many great movers and shakers in the IT security world have signed up to get involved in Security Serious Week in October. So many of the CISO community have already committed their time for free to offer seminars and webinars on a host of great subjects including Unilever, BT, Canon, Lloyds Bank, HSBC, GSK, Publicis Groupe, Markit, Willis and The Economist to name but a few!  Our loyal analysts including Ovum, Quocirca and IDC are on board and yesterday I was delighted that the Department for Culture, Media and Sports have agreed to get stuck in with events during the week and rally other Government departments to do so too – way to go!  The week should be incredibly insightful to any organisation wishing to become more security savvy!  So if you’re an IT security specialist or IT security organisation that wishes to impart your pearls of wisdom to other businesses to make them more Security Serious then why not organise a webinar or seminar. We’ll promote it for you on www.itsecurityguru.org and www.securityserious.com.    We’ve also got loads of companies participating in the press photocall at 12 noon on 26th October outside the Tower of London (find out more at www.securityserious.com) – where everyone will have a banner with their logo on it to show the world they’re “Taking Security Seriously”.  By participating in the day not only will you be counted as a company that’s Security Serious but it’ll be a great networking event as we’re all going to meet in the pub after the photocall – CISOs, analysts, press, vendors and other IT security professionals.  Hopefully, by getting together new contacts will be made and we can work together to make UK Plc a safer place to do trade Online! If you want to brainstorm how you can get involved then email me Yvonne@eskenzipr.com!

To mark my three month anniversary working at Eskenzi PR, I thought why not write a blog about my experiences (I was not asked to do this at all)

ISK-ISPC072007 - © - inspirestock

28th of August – As I entered the doors to the open planned and beautifully decorated office I had a good feeling about this place, like the warm feeling you get when you go to a family members on Christmas day. I was immediately drawn to the endless amounts of tea, coffee and biscuits, so what’s not to like? As the new girl in the office, with little experience in IT Security and PR, I was slightly nervous, like a new kid at school. However, I was warmly welcomed and made to feel like part of the family. Most importantly, I did not feel intimidated or ashamed to ask the most basic of questions. Most PR firms have horrid reputations; bitchy colleagues, endless hours and treated worse than intern making tea. Eskenzi couldn’t be any further away from this. Everyone helps one another, gratitude is always present and there’s a continuous array of mcvities biscuits. IT Security is a fast paced and exciting environment, no two days are the same here, I am always learning and all of my clients are very cooperative and informative. I find that I am speaking about the latest hacks and data breaches with my friends who are clearly impressed and confused. I have now been given the responsibility of organising CISO lunches, so no pressure then!  I’m sorry for those of you that have decided to read this expecting me to complain, moan and reveal juicy gossip but I really am enjoying my job. Hopefully my next blog will be similar and I will be telling you what a success the CISO lunch was! I would like to wish the best of luck to Yvonne and Neil who are off to America- not jealous at all.

Me at my desk working extremely hard.

work 2

imagesJCZOUXTJ

OMG – so it’s nearly here – 2 days before our 2 month trip to San Francisco!  It all started a year ago with the dark November nights’ drawing in with our older daughter wondering what she was going to do during her gap year before going to Uni!  Then our youngest daughter piped up and suggested she could also take a gap year after her GCSEs before going on to study her A’levels – that’s when I thought why not go to the US for a couple of months during those deep miserable dark winter months.  That way we could all go off on one merry trip together as a family and Neil and I could look at expanding our business into the States.  By the time Neil had got home from work that night last November, we 3 girls had hatched a plan and amazingly Neil loved it.

So here we are one year later, with our bags packed, off on an adventure that we have no idea where it’s going to take us.  We have a beautiful house rented in the Marina in San Francisco and meetings set up with all our clients who are in the Bay area, plus a few meetings with new potential clients!

Our daughters have both got themselves aged 16 and 18 the most incredible internships at a brilliant media agency in San Francisco called Hub Strategy, with two others eager to talk to them when they land in the US.  With Hub, the lovely CEO said he’d take them under his wing and give them their very own client to work on! So one of their objectives is fulfilled – they’ve even been invited to the Hub Christmas party.

Neil and I have also decided to have our own Eskenzi Christmas party on 18th December where we’ve invited all our clients, friends, analysts and press – hopefully, we won’t end up drinking on our own – and if we do hell we’re in America, it’s San Francisco – the weather has got to be better than here and we’ll still have a ball!

So almost 20 years after setting up Eskenzi PR in the UK we’re ready to try our hand in the US of A!  Push those burgers to one side, we’re ready to walk on the broad walk, eat your tomatoes and start wearing a fanny pack.  I will draw the line with Neil wearing those chinos though!  Bring it on…………………..!

bug picture

So what bugs really bite at CISOs?

  1. Malware bugs
  2. Those Hacker buggers
  3. Their staff
  4. Or lack of staff
  5. State on state bugs

Actually, what really gets their goat is No.2, the staff who continually mess everything up for them, and then No. 3, the lack of trained, skilled staff who know how to stop the stupid people screwing up their systems.

How do I know this? Because once a year Eskenzi PR organises the IT security analyst & CISO forum where we get a room full of very outspoken CISOs who really don’t hold back when it comes to sharing their thoughts, bug-bears and irritations with their peers.  A few select vendors are invited to hear from the community who buy their wares and we also fly in a dozen of the world’s top analysts who learn from these heated and honest exchanges.

Looking in from where I sit, I’d have thought they would be most worried about all the external threats tirelessly trying to get in their networks from every angle.  However, these breaches and bugs are not what get these guys riled up; that’s par the course – something they expect and can almost prepare for.  What they all share is a real frustration in that they can find the technology to prevent the breaches and bugs, but their users turn it all on its head with their stupidity – and it’s a problem that doesn’t seem to want to go away.

One comment I especially liked was “you can’t take the IdioT out of the user” – it’s what they do with the data that’s the biggest problem!  Another observation came from an impressive female CISO who said that 100% of computer crime involves people.  Obvious, but she’s right and it makes you think!

Okay – here’s the lesson: we must learn to respect the data we use on a daily basis. That means wherever it is and whenever we’re using it, we need to consider whether it is valuable and, if it falls into the wrong hands, what harm could it do to ourselves, the customer and of course the company?

However, one eminent venture capitalist who attended our event cited a recent Economist article that stated that stock prices are often unaffected by breaches, which starts to make me really confused – what’s it all about if you can suffer a major breach and then it doesn’t really affect the company –  why bother?  Maybe that’s why CISOs are so relaxed about external threats!

But it does cost money to sort out the mess that users make when they infect a system by opening an infected email or uploading infected data from a contaminated USB.

Apart from being hugely frustrated by their internal staff, which was definitely shared by all concerned, it seems that the second really big pain point is the lack of skilled people in IT security.  There just isn’t the quality or quantity and, when you do find someone, they just don’t know how to communicate to get their message across.  There was a common thread in the discussion, where they felt that when they did find the right people with the right skills they then couldn’t fit in with the culture of the company.  The big question is how do you turn geeks into people’s people in order to get the funds for IT security from the board?  One very smart CISO, (although saying that all the CISOs that attend our event are the smart ones that take a real effort in collaborating and pushing the boundaries) gets a digital agency to help with his messaging and visuals so that when he has that very small window of opportunity to talk to the board, they quickly get it!

They all believe that, in order to get things done in IT security, you’ve got to become a good communicator – which means investing in training to communicate well so you can be compelling and convincing.  You need to talk to the board in the language they understand and that goes for the users themselves.

Another smart suggestion to get skilled people to push the IT security message was from a CISO who had employed the CEO’s PA to come and work for him, as she knew exactly the culture of the company and how to get around everyone to get them to listen. She knew politically who to push and who to ask to get things done.  So employing internally and drawing talent from other parts of the company was definitely a method that had worked for this particular CISO.

Everyone thought that a framework of the right questions that the board should ask the CISOs was a good way to go, and badly needed.

I suppose the conclusion to the day was that no matter what happens out there, the CISO’s biggest concern is to keep their own houses in order; and that means training their staff to respect the data they deal with and getting them the right employees who know how to communicate to help them to do this.

Yvonne Eskenzi Yvonne@eskenzipr.com

 

yvonne blo

 

As I write this blog I can’t quite believe that for every week in the past 8 weeks Eskenzi has won a new client. However, as my mother just told me “I hope you haven’t mentioned this to anyone as you’ll sound ever so boastful!”  Now isn’t that so typically English and why can’t I shout from the roof tops about this achievement , it’s taken almost 20 years to get here and we are in PR after all, so who else is going to blow our trumpet if we don’t do it for ourselves!

It’s a weird old world running a PR business and I suppose for Neil and myself this sudden growth comes down to a change in attitude and circumstance. After 17 years of happily running a small boutique agency from our home, with 8 people trekking through our house every day it was our kids who finally suggested that it was time to move out and “leave home”.  Buying our huge warehouse in Barnet and renovating it before moving in exactly this same week last year I suppose was the turning point for our growth.  It’s given us 2,500sq ft of light, flexible creative space which we’ve been able to fill with the most wonderful people – now our staff can come and go like they never could when we worked from home plus we can employ interns, apprentices and really top notch people who can cut the mustard as we have the space to accommodate them.

Leaving the Infosecurity account was also one of the best things we’ve ever done after 17 long years of managing the PR – gosh that’s been emancipating.  It meant for the first time this year Infosec was a joy – without the burden of trying to get 300 press into the press office and trying to appease 350 exhibitors, not to mention Reed themselves.  Instead we opted to do our own PR around the show including organising 145 press and analyst interviews for our clients, arrange a best practices workshop for the heads of marketing for all our clients, host a speed dating press lunch for 25 press and organise an Eskenzi party for 100 people including analysts, press, CISOs, bloggers and CEOs on the first night! Oh and I almost forgot the IT security guru headed by the wonderful Dan Raywood, also meant taking numerous videos, blogs, write copy and sponsor B-sides all during Infosecurity too!

Reflecting on the last year it’s been the best ever and I really can’t thank the most wonderful team we’ve ever had for making it so. That success is also most definitely down to the type of clients that we have on board all of which are dynamic, fun, innovative and interesting.  PR is very much a two way process so we choose our clients carefully as much as it takes them to choose us – so the 8 most recent clients to Eskenzi we welcome you on board and very much look forward to working with you and building your brands not only in the UK but for many in Germany, France and even in the US – welcome Alert Logic, Bromium, ESET, Pirean, Proofpoint, RedSeal, Sestus, Silent Circle.  So enough trumpet blowing – the reality is it’s time to get down to some real work!