• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Cyber Risks to Intellectual Property. By Styskin's Solutions
 

Cyber Risks to Intellectual Property. By Styskin's Solutions

on

  • 396 views

Presentation Slides from InfoLab21 and the Intellectual Property Office's event: "Intellectual Property: Value Creation" at Lancaster House Hotel on 14th February 2012.

Presentation Slides from InfoLab21 and the Intellectual Property Office's event: "Intellectual Property: Value Creation" at Lancaster House Hotel on 14th February 2012.

Statistics

Views

Total Views
396
Views on SlideShare
396
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Although overall spam levels are down, focussed cyber attacks are growing and becoming increasingly successful. A recent CSO magazine survey showed that 81% of the companies who responded to the survey had experienced a data breach in 2011 against 60% in 2010. The reason for the increase is that Cyber criminals are becoming more focussed, better organised, increasingly well funded and the attacks they launch are highly sophisticated and significantly more effective. Instead of looking for a new exploit and carpet bombing every organisation to see who hasn’t patched yet, attackers are now finding greater success selecting specific targets of interest, researching them and using a large array of customisable techniques until one of those techniques works. This methodology is known as an Advanced, Persistent Threats or APT. APTs often begin by utilising techniques derived from internet grooming, to target businesses, particularly SMEs, to obtain confidential information that could put an entire company, if not an entire supply chain in jeopardy. The clever guys are no longer interested in credit cards, instead they are going after high-value, intellectual property, sometimes stolen to order. They are looking for information they can sell for a higher price, use for blackmail or monetize. http://www.computerweekly.com/news/1280097295/Tougher-compliance-rules-will-force-data-security-improvements
  • There is still a fair amount of confusion about what Advanced Persistent Threats (APTs) are and how to protect your I.P. against them. APTs really “stack the deck” against the attackers target. This is because, particularly in extended supply chains, perimeter defences, especially those in SMEs are now regarded as quite porous and not considered adequate against Advanced Persistent Threats. So…how does a typical APT work? Well, APT is not one specific tool, method or technique. It's more of an attack doctrine. APTs can take 100s of differing forms depending on the profile of the attackers target. It’s what makes them much more challenging for traditional, top down, command and control, network security solutions to defend against. To better understand the type and level of risk to your I.P. let’s take a look inside the cyber crime community.
  • “ Citadel” is a popular suite of hacking software applications. It works just like “normal” software. You go online (it’s by invitation only), buy a license and get tech support, code updates and bug fixes from the developers. Updates come out about once a week and you can even opt for automated updates. “ Citadel” describes itself as “A Universal Spyware System” it has a wide range of features including a secure social networking platform where users can report programming bugs, suggest and vote on new features, and generally guide the future development of the malware suite. Citadel’s internet based, collaborative approach is fuelling the very rapid growth of, what is in effect, an off-the-shelf, easily customisable Office suite for hackers. Let’s have a closer look.
  • Once you have purchased a license for the software (all major credit cards accepted) users can interact with the developers and with other members of the user community via comments submitted to the Citadel Store. Citadel Store is a front-end interface that is made available to users after they successfully navigate through a surprisingly secure (you are reminded not to reuse insecure passwords) two-step authentication process. Once authenticated into the Citadel Store, users see the main “customer resource management” page, which shows the latest status any proposed new features for the Malware suite. It’s a very active and enthusiastic user community!
  • You can drill down into the details page for each hacking module in the spyware suite. Doing so reveals comments from various users about any suggested new features or where a module needs fixing or could be improved.
  • Citadel is designed as a software-as-a-service (SaaS) spyware development and deployment environment. In addition to the hacking software the developers provide a “management dashboard” so that you can quickly see which automated attacks have worked on which targets and which attacks produce the best results. The latest version, (January 2012) includes full support for grabbing access and authentication credentials from victims using Google Chrome. Also bundled with the January update is a component that records, compresses encrypts and transmits real time videos of the victim’s screen activity. Coming soon (apparently in the March 2012 release) are new subscription service tools to hack into the HDDs of network enabled multi-function printers, to access and capture data from internet enabled whiteboards and to intercept VOIP traffic. The basic Citadel package — hacking suite reporting tools and management dashboard — currently retails for $2,399 plus a $125 monthly support contact. Some of its most up-to-date and innovative features are sold as a la carte add-ons. Among those is a $395 software module that allows users to sign up for a service which automatically updates the malware to evade the very latest antivirus signatures from the major AV vendors. The updates are installed on the Citadel users machine, at least once a day, via a separate secure update system, and each update costs an extra $15.
  • The Citadel Builder module allows a hacker to build a highly targeted, bespoke attack using all the latest components and to rent, by the hour, day, week or month vast, additional computing power in the form of Botnets (groups of compromised computers). The top performing Botnet is the Grum spam botnet which boasts that it can send out 18 Billion emails a day and turns over in excess of US$6 million per year. Citadel can be configured to disguise both the source of the attack and the location of any exfiltrated data or intellectual property. Users can even specify that they don’t want to attack local companies (apparently this is very important if you are in Russia!)
  • This is the user interface for the Blackhole Exploit Kit. Cyber crimeware that makes it simple for just about anyone to build a highly targeted attack. Blackhole users can monitor both their victims activity and the success rate of the attack profile using a browser-based administrative panel. Malware authors don't miss a trick, you can also place targeted advertisements for your new spyware add-in in the administration panel of a Blackhole user. The developers claim that an ad running across the entire Blackhole user base would costs just $700 per month.
  • In addition to advertising your latest malware plug-in you can also advertise for any specialist spyware programming skills you might need in their on-line hacker recruitment pages!
  • For those interested in a life of cyber crime but who might lack the technical knowledge you can sign up for an online training course. Each module is a well designed interactive package. You get a dedicated online tutor, there is a full curriculum and you get a certificate at the end. You can learn how to use all the latest banking Trojans and how to send out spam
  • The end result is that Advanced Persistent Threats are relatively easy to launch and difficult to defend against. There is an entire, cyber crime ecosystem operating almost as a parallel economy. Their focus is using APTs to steal Intellectual Property with supply chain SMEs the vector of choice. As an attack doctrine APTs do have a number of common characteristics.   First APTs start by researching their target organisation. Typically they will start by using social networking sites to identify “suspects” within the target organisation especially those in IT. They might look at how “career opportunities” are worded to infer the targets network architecture or even specific systems and enterprise software. The next stage is to use social engineering and other techniques derived from internet grooming to zero in on any likely, vulnerable employees or areas that they can begin to exploit.
  • Once they have identified a vulnerable target, APTs will often adapt custom malware such as keystroke loggers to make it specific to that target. These will then be attached to an email or embedded inside a document with a plausible sounding name to a highly targeted shortlist of key employees. This is exactly what happened in some of the most notorious, recent APTs. One in particular was an attack on a well know defence electronics company in which a malicious PDF attachment entitled “redundancy program for 2012” was sent to some key employees. The attachment contained an attack and the company suffered a serious data breach. The recently revealed attack on Symantec was an instance of an intrusion via the supply chain (a Symantec reseller) the theft of intellectual property (The source code to a number of their security products) and an attempt (unsuccessful) to extract a ransom for the safe return of the source code.
  • However if the first attack does not work as planned then they will try and try again, working through a menu of automated attacks until they find one which works and which delivers control of a legitimate users PC. And that objective, gaining control of a legitimate users PC, is the first phase of the attack. Being armed with a legitimate users login credentials they are free to probe around, undetected, inside the network of the target organisation, appearing as if they were a perfectly legitimate user and belong there.
  • Installing Keystroke loggers Spear Fishing via social networking sites Looking for manufacturers default passwords Password re-use across multiple accounts Using brute force dictionary attacks Sniffing wireless LANS Eavesdropping   All these techniques are utilised, often in combination, to achieve the objective of stealing legitimate user credentials in order to then move onto the next phase of the attack.
  • Phase Two The second phase of the attack is to escalate their user account privilege until they have domain admin control level.   At that point they have the keys to the Kingdom. They can steal any IP, data or customer account information they require.
  • The question “ Who was responsible?” asked in that video wasn’t answered. In my view the answer is that everyone in the business has to be made responsible for protecting the organisations I.P. and sensitive data. It’s not just IT or HR or Marketing…every employee has to be “deputised” to keep data secure. It’s no longer possible, in such a dynamic and hostile environment, to block the wide and rapidly changing range of threats at the perimeter…wherever that is!   It’s much more practical to protect the data, whether in use or at rest using encryption and deploy strong, multifactor authentication, preventing most current and future attack methods and specifically preventing attacker privilege escalation which is integral to phase two of an APT directed at your intellectual property.
  • Insecure password reuse is a significant problem. Users have multiple work, home and leisure digital identities and accounts that are impossible to manage, so what they end up doing is standardising on a small number (in some cases just one) of easily remembered username and password combinations and using them on multiple accounts.   Corporations can’t effectively control if users are reusing passwords but what they can do in-house is deploy strong, multi-factor authentication and access controls so that only strong, ideally three factor authentication is all that will work to legitimately log someone into company systems.
  • This image is from the FBI. The malware they are warning about the “DNSChanger Trojan,” alters the target computer’s Internet settings preventing victims from visiting anti virus security sites for updates to the virus signatures that could clean up the infections. DNSChanger is integrated into Citadel and other attack tools, meaning that systems infected with this Trojan often also host other, more serious malware.
  • Internet Identity, a Washington based cyber security company found evidence of DNSChanger infections in computers at half of all Fortune 500 firms, and 27 out of 55 major U.S. government agencies. http://www.internetidentity.com
  • So…with large corporates, (including some of the biggest security software vendors!) government and law enforcement agencies succumbing to attacks what currently available technology will help to prevent APTs?   It’s worth remembering that APTs have been developed in an environment where over 95% of organisations have up to date anti-virus protection, firewalls and anti-spam software.   Yet they still get hacked because APTs are really good at getting around these primarily reactive solutions.   In another survey by CSO magazine 61% of respondents said that encryption and multi-factor authentication would be very effective in preventing APTs. The respondent felt that if an attacker finds that user credentials cannot be compromised and/or the data is encrypted anyway then they will not persist with their attack and will focus on easier targets.
  • Whilst SMEs are particularly vulnerable Government, Utilities, Professional Services firms, Academia and large corporates (particularly Aerospace and Defence) are being specifically targeted and sometimes those attacks are state sponsored! This is an excerpt from an interview with Admiral Lord West the former head of CSOC the UKs Cyber Security Operations Centre
  • Not all the threats are purely external in origin Recession induced lay offs also place data and Intellectual Property at risk. Remaining, often overstretched staff, also begin to make security mistakes, putting company reputations on the line. Because we live in a world where everyone, everything, everywhere is connected, data has to flow to wherever it is needed; an organisations actual perimeter is no longer its physical or legal boundary. The security focus is moving away from hardware on the network edge and onto the data user with the spotlight firmly on verifiable encryption as the only workable solution.
  • The reason cyber criminals target SMEs is that small businesses do not have the high-level security of their enterprise counterparts. SMEs are under the same regulatory and contractually imposed data security pressure as their corporate partners. But their needs are different. SMEs need an incremental, tactical, level of protection with greater choice and flexibility for protecting the information that drives their businesses. Although the majority of small or mid-sized businesses have some form of data protection solution in place, these solutions are often time-consuming to operate or are inconsistently used. This causes "workflow friction" and time pressed employees find work-arounds which compromises security. In addition SMEs are often faced with problems like lack of staff time limited in-house skills and expertise, and restricted budgets.
  • Encryption addresses three main business issues from the SMEs point of view. It reduces the risk of data loss. It helps companies comply with legal and professional regulatory requirements and encryption builds trust by demonstrating a company’s commitment to data and I.P. security.
  • Most small businesses will have data security policies already in place ranging from: Acceptable Use Policies, Information Protection Policies, HR Policies and Employment Contracts. Many will also have contractually imposed Information and IP protection safeguards imposed on them by upstream suppliers and which they in turn impose on their downstream customers.
  • However a significant number of information security breaches come about, either directly or indirectly as a result of employees’ failure to comply with existing, well documented, security practices and policies. Many organisations, large and small, have tried to sustainably modify user behavior towards IP protection, data security and encryption. Almost all have found it difficult. Research has shown that a large number of data security breaches are caused by security mechanisms which are either technically complex or have become an impediment to the user completing their work in a timely fashion. (workflow friction) http://gaudior.net/alma/johnny.pdf (Why Johnny Can’t Encrypt)
  • Even technically competent users such as systems administrators and software developers often struggle to keep up with todays sophisticated and tenacious cyber threats. On top of the cyber threats sys admins have to cope with the ever increasing complexity and administrative workload created by Governance Regulation and Compliance, Data Loss Prevention and security and encryption processes. Yee, K P. (2005) User Interaction Design for Secure Systems. In L. Faith Cranor & S. Garfinkel [Eds.]: Security and Usability: Designing secure systems that people can use 2005. pp 13-30. O'Reilly Books.
  • The goal for SMEs has to be to provide “practical security” e.g. the right level of security for the right reasons at the right cost at the right time. By using encryption tools which non technical end users: Can operate correctly with little or no training. Which have minimal impact on existing network infrastructure and working practices. Which work within irregular, unstructured relationships where the ultimate data owner and the current data user probably have dissimilar IT systems. Zurko, M. E. & Simon, R. T. User Centric Security. New Security Paradigms Workshop 1997
  • It’s mainly individuals who compromise IP and cause data loss, it’s individual end user behaviour which has to be sustainably modified and it’s individuals who choose whether to comply or not with the security policies governing their immediate work context. Individuals choose whether or not to comply with security guidelines based on risk and reward or cost and benefit. There is a natural limit to the amount of effort users will expend on compliance unless there is a corresponding benefit to them.
  • Modern digital encryption came out of the US military in the 1970s and 1980s. The inflexible, top-down, command-and-control structure of its original development environment created the encryption structures and landscape we see today. Within a fully integrated public or private organisation, with a standardized IT structure, encryption offers nearly unbreakable information security. Every single legal jurisdiction across the world which has data security legislation in place suggests encryption as the solution of choice.
  • However across extended supply chains, everyday practical issues in the deployment, maintenance and use of encryption technology have limited the business benefits and impaired overall supply chain efficiency. That misapplied encryption increases risk, decreases security, incurs unnecessary costs and reduces efficiency.   Until recently it has been difficult for unrelated organisations, with conflicting IT systems, differing skill sets and inconsistent attitudes to data protection to consistently and securely exchange confidential corporate or personal data. This was especially the case where data was only likely to be exchanged very infrequently or even on a one-off basis. The investment in infrastructure, training and skills outweighed the benefit of deploying compatible encryption technologies, especially across multiple legal jurisdictions.
  • Organisations of all sizes need easy-to-learn-and-use security solutions which deliver the security options they need, when they need it, for only as long as they need it at a price they can afford, with fair, transparent, flexible licensing and without disrupting established work practices or impacting on current network architecture. Modern data security solutions should be designed with these needs and with “newly deputised” non technical data users in mind. Flexible licensing should provide maximum freedom for users to “just get on with the day job” whilst maintaining a high degree of data security whether they are using, sharing, storing, recovering or deleting sensitive corporate information. For more information about protecting your intellectual property from cyber crime please visit: www.safetok.com You can email me at [email_address] Or pick up a leaflet from our display.
  • Styskin's Solutions Limited B1 Business Center, Suite 206, Davyfield Road, Blackburn, Lancashire, BB1 2QY, www.safetok.com [email_address]

Cyber Risks to Intellectual Property. By Styskin's Solutions Cyber Risks to Intellectual Property. By Styskin's Solutions Presentation Transcript

  • Cyber Risks To Intellectual Property How It Happens, Why It Happens, And How To Protect Yourself.
  • Agenda 1. Inside A Hacking Community. 2. The Threat Landscape. 3. SMEs Are The Target Of Choice. 4. A Solution?
  • The Hacking Community “ Citadel” is a popular suite of hacking software applications. It works just like “normal” software. You go online (invitation only), buy a license (all major credit cards accepted) and you get support, updates and regular bug fixes from the developers. Automated updates come out about once a week. New versions appear about every 2 months or so.
  • The Hacking Community “ Citadel” is a popular suite of hacking software tools.
  • The Hacking Community
  • The Hacking Community
  • The Hacking Community
  • The Hacking Community
  • The Hacking Community
  • The Hacking Community
  • The Threat Landscape
    • The end result is that Advanced Persistent Threats are relatively easy to launch and difficult to defend against.
    • There is an entire, cyber crime ecosystem operating almost as a parallel economy.
    • Their focus is using APTs to steal Intellectual Property with supply chain SMEs the vector of choice.
    • As an attack doctrine APTs do have a number of common characteristics.
    •  
    • First APTs start by researching their target organisation.
    • Typically they will start by using social networking sites to identify “suspects” within the target organisation especially those in IT.
    • They might look at how “career opportunities” are worded to infer the targets network architecture or even specific systems and enterprise software.
    • The next stage is to use social engineering and other techniques derived from internet grooming to zero in on any likely, vulnerable employees or areas that they can begin to exploit.
  • The Threat Landscape Once they have identified a vulnerable target, APTs will often adapt custom malware such as keystroke loggers to make it specific to that target. These will then be attached to an email or embedded inside a document with a plausible sounding name to a highly targeted shortlist of key employees. This is exactly what happened in some of the most notorious, recent APTs. One in particular was an attack on a well know defence electronics company in which a malicious PDF attachment entitled “redundancy program for 2012” was sent to some key employees. The attachment contained an attack and the company suffered a serious data breach. The recently revealed attack on Symantec was an instance of an intrusion via the supply chain (a Symantec reseller) the theft of intellectual property (The source code to a number of their security products) and an attempt (unsuccessful) to extract a ransom for the safe return of the source code.
  • The Threat Landscape However if the first attack does not work as planned then they will try and try again, working through a menu of automated attacks until they find one which works and which delivers control of a legitimate users PC. And that objective, gaining control of a legitimate users PC, is the first phase of the attack. Being armed with a legitimate users login credentials they are free to probe around, undetected, inside the network of the target organisation, appearing as if they were a perfectly legitimate user and belong there.
  • The Threat Landscape
    • Installing Keystroke loggers
    • Spear Fishing via social networking sites
    • Looking for manufacturers default passwords
    • Password re-use across multiple accounts
    • Using brute force dictionary attacks
    • Sniffing wireless LANS
    • Eavesdropping
    •  
    • All these techniques are utilised, often in combination, to achieve the objective of stealing legitimate user credentials in order to then move onto the next phase of the attack.
  • The Threat Landscape Phase Two The second phase of the attack is to escalate their user account privilege until they have domain admin control level.   At that point they have the keys to the Kingdom. They can steal any IP, data or customer account information they require. Have a look at this video
  • The Threat Landscape The question “ Who was responsible?” asked in that video wasn’t answered. In my view the answer is that everyone in the business has to be made responsible for protecting the organisations I.P. and sensitive data. It’s not just IT or HR or Marketing…every employee has to be “deputised” to keep data secure. It’s no longer possible, in such a dynamic and hostile environment, to block the wide and rapidly changing range of threats at the perimeter…wherever that is!   It’s much more practical to protect the data, whether in use or at rest using encryption and deploy strong, multifactor authentication, preventing most current and future attack methods and specifically preventing attacker privilege escalation which is integral to phase two of an APT directed at your intellectual property.
  • The Threat Landscape Insecure password reuse is a significant problem. Users have multiple work, home and leisure digital identities and accounts that are impossible to manage, so what they end up doing is standardising on a small number (in some cases just one) of easily remembered username and password combinations and using them on multiple accounts.   Corporations can’t effectively control if users are reusing passwords but what they can do, in-house, is deploy strong, multi-factor authentication and access controls so that only strong, ideally three factor authentication, is all that will work to legitimately log someone into company systems.
  • The Threat Landscape This image is from the FBI. The malware they are warning about the “DNSChanger Trojan,” alters the target computer’s Internet settings preventing victims from visiting anti virus security sites for updates to the virus signatures that could clean up the infections. DNSChanger is integrated into Citadel and other attack tools, meaning that systems infected with this Trojan often also host other, more serious malware.
  • The Threat Landscape Internet Identity, a Washington based cyber security company found evidence of DNSChanger infections in computers at half of all Fortune 500 firms, and 27 out of 55 major U.S. government agencies. http://www.internetidentity.com/
  • The Threat Landscape So…with large corporates, (including some of the biggest security software vendors!) government and law enforcement agencies succumbing to attacks what currently available technology will help to prevent APTs?   It’s worth remembering that APTs have been developed in an environment where over 95% of organisations have up to date anti-virus protection, firewalls and anti-spam software.   Yet they still get hacked because APTs are really good at getting around these primarily reactive solutions.   In another survey by CSO magazine 61% of respondents said that encryption and multi-factor authentication would be very effective in preventing APTs. The respondent felt that if an attacker finds that user credentials cannot be compromised and/or the data is encrypted anyway then they will not persist with their attack and will focus on easier targets.
  • The Threat Landscape Whilst SMEs are particularly vulnerable Government, Utilities, Professional Services firms, Academia and large corporates (particularly Aerospace and Defence) are being specifically targeted and sometimes those attacks are state sponsored! This is an excerpt from an interview with Admiral Lord West the former head of CSOC the UKs Cyber Security Operations Centre.
  • The Threat Landscape Not all the threats are purely external in origin. Recession induced lay offs also place data and Intellectual Property at risk. Remaining, often overstretched staff, begin to make security mistakes, putting company reputations on the line. Because we live in a world where everyone, everything, everywhere is connected, data has to flow to wherever it is needed; an organisations actual perimeter is no longer its physical or legal boundary. The security focus is moving away from hardware on the network edge and onto the data user with the spotlight firmly on verifiable encryption as the only workable solution.
  • The Threat Landscape The reason cyber criminals target SMEs is that small businesses do not have the same high-level security that their enterprise counterparts have deployed. SMEs are under the same regulatory and contractually imposed data security pressure as their corporate partners but their needs are different. SMEs need an incremental, tactical, level of protection with greater choice and maximum flexibility for protecting the information that drives their businesses. Although the majority of small or mid-sized businesses have some form of data protection solution in place, these solutions are often time-consuming to operate or are inconsistently used. This causes "workflow friction" resulting in time pressed employees finding work-arounds which ultimately compromise security. In addition SMEs are often faced with other problems such as lack of staff time, limited in-house skills and expertise, and restricted budgets.
  • Encryption Address Three Issues Text Text
    • Encryption addresses three main business issues from the SMEs point of view.
    • It reduces the risk of intellectual property or data loss.
    • It helps companies comply with legal, supply chain and professional regulatory requirements.
    • Encryption builds trust by demonstrating a company’s commitment to supply chain data and I.P. security.
  • Policies Are Already In Place Text Text
    • Most small businesses will have data security policies already in place ranging from:
    • Acceptable Use Policies,
    • Information Protection Policies,
    • HR Policies and Employment Contracts.
    • Many will also have contractually imposed Information and IP protection safeguards imposed on them by upstream suppliers and which the SME, in turn, impose on their downstream customers.
  • User Behavior Is An Issue Text Text However a significant number of information security breaches come about, either directly or indirectly, as a result of employees’ failure to comply with existing, well documented, security practices and policies. Many organisations, large and small, have tried to sustainably modify their users behavior towards IP protection, data security and encryption. Almost all have found it difficult if not impossible. Research has shown that a large number of data security breaches are caused by security mechanisms which are either technically complex or have become an impediment to the user completing their work in a timely fashion. (workflow friction) http://gaudior.net/alma/johnny.pdf (Why Johnny Can’t Encrypt)
  • Software Usability Is An Issue Text Text Even technically competent users such as systems administrators and software developers often struggle to keep up with todays sophisticated and tenacious and fast moving cyber threats. On top of the cyber threats sys admins have to cope with the ever increasing complexity and administrative workload created by Governance Regulation and Compliance, Data Loss Prevention and security and encryption processes. Yee, K P. (2005) User Interaction Design for Secure Systems. In L. Faith Cranor & S. Garfinkel [Eds.]: Security and Usability: Designing secure systems that people can use 2005. pp 13-30. O'Reilly Books.
  • The Goal Is Practical Security Text Text
    • The goal for SMEs has to be to provide “practical security” e.g.
    • the right level of security
    • for the right reasons
    • at the right cost
    • at the right time.
    • By using encryption tools which non technical end users:
    • Can operate correctly with little or no training.
    • Which have minimal impact on existing network infrastructure and working practices.
    • Which work within irregular, unstructured relationships where the ultimate data owner and the current data user probably have dissimilar IT systems.
    • Zurko, M. E. & Simon, R. T. User Centric Security. New Security Paradigms Workshop 1997
  • It’s Networkers Not Networks Text Text It’s mainly individuals who compromise IP and cause data loss It’s individual end user behaviour which has to be sustainably modified and it’s individuals who choose whether to comply or not with the security policies governing their immediate work context. Individuals choose whether or not to comply with security guidelines based on risk and reward or cost and benefit. There is a natural limit to the amount of effort users will expend on compliance unless there is a corresponding benefit to them.
  • Why It’s The Way It Is Text Text Modern digital encryption came out of the US military in the 1970s and 1980s. The inflexible, top-down, command-and-control structure of its original development environment created the encryption structures and landscape we see today. Within a fully integrated public or private organisation, with a standardized IT structure, encryption offers nearly unbreakable information security. Every single legal jurisdiction across the world which has data security legislation in place advocates encryption as the solution of choice.
  • Ships In The Night? Text Text However across extended supply chains, everyday practical issues in the deployment, maintenance and use of encryption technology have limited the business benefits and impaired overall supply chain efficiency. Misapplied encryption increases risk, decreases security, incurs unnecessary costs and reduces efficiency.   Until recently it has been difficult for unrelated organisations, with conflicting IT systems, differing skill sets and inconsistent attitudes to data protection to consistently and securely exchange confidential corporate or personal data. This was especially the case where data was only likely to be exchanged very infrequently or even on a one-off basis. The investment in infrastructure, training and skills outweighed the benefit of deploying compatible encryption technologies, especially across multiple legal jurisdictions.
  • Summary Text Text Organisations of all sizes need easy-to-learn-and-use security solutions which deliver the security options they need, when they need it, for only as long as they need it at a price they can afford, with fair, transparent, flexible licensing and without disrupting established workflow practices or impacting on current network architecture. Modern data security solutions should be designed with these needs and with “newly deputised” non technical data users in mind. Flexible licensing should provide maximum freedom for users to “just get on with the day job” whilst maintaining a high degree of data security whether they are using, sharing, storing, recovering or deleting sensitive corporate information. For more information about protecting your intellectual property from cyber crime please visit: www.safetok.com You can email me at [email_address] Or pick up a leaflet from our display.
  • Thank You Text Text Styskin's Solutions Limited B1 Business Center, Suite 206, Davyfield Road, Blackburn, Lancashire, BB1 2QY, www.safetok.com [email_address]