Presentation is loading. Please wait.

Presentation is loading. Please wait.

SMEs: The Hacker’s Preferred Route into the Corporate World Richard Henson Worcester Business School February 2012.

Published bySusan Kennedy Modified over 9 years ago

Similar presentations

Presentation on theme: "SMEs: The Hacker’s Preferred Route into the Corporate World Richard Henson Worcester Business School February 2012."— Presentation transcript:

1 SMEs: The Hacker’s Preferred Route into the Corporate World Richard Henson Worcester Business School r.henson@worc.ac.uk info@iasme.co.uk February 2012

2 The Reality UK critical infrastructure hacker X X Internet… (600 million Gateways!)

3 An Early Warning! In April 2009, hackers accessed data concerning technical details of a US govt fighter jet via networks with supply chain partners http://www.nextgov.com/nextgov/ng_20090421_4305. php http://www.nextgov.com/nextgov/ng_20090421_4305. php Conclusion: “…there needs to be a new-order requirement on companies doing business with the federal government.”

4 What can be done about it? Education? Laws? More shiny black boxes? The Cloud? An information security budget? but what is the ROI on data

5 US govt response.. Other 2009 examples: response to “Night Dragon” establish a “trusted source” program for supply chain partners VP of MacAfee offered a strategy to achieve just that: http://www.inboundlogistics.com/cms/article/s ecurity-guard-questions-and-answers-with- dennis-omanoff/#sidebar1 http://www.inboundlogistics.com/cms/article/s ecurity-guard-questions-and-answers-with- dennis-omanoff/#sidebar1

6 Predictions… Imperva, trends for 2012: http://blog.imperva.com/2011/12/top-cyber-security- trends-for-2012-1.html http://blog.imperva.com/2011/12/top-cyber-security- trends-for-2012-1.html It couldn’t happen here?

7 UK Government Advice CESG provides guidance and advice: best advice appears to be based on “ISO27001 compliance” On the CPNI website now: guidelines include 20 named technical controls to minimize the chance of a data breach… acknowledge no guidance on physical or behavioural controls Is “compliance” with guidelines, standards, and regulations enough?

8 Will “compliance” stop this? UK critical infrastructure hacker X X Internet… (600 million Gateways!)

9 Compliance and Certification Not just playing with words! compliance does not require evidence to back up claims that guidelines, etc. being followed certification only achieved through providing evidence in a systematic way to prove that the guidelines etc. are being adhered to in a systematic way

10 ISO27001 Certification and SMEs An ISMS has to be the way forward… SMEs not shy of certification. Many already have: ISO9001 – QMS ISO14001 – EMS ISO18001 – H&SMS Logical next step to go for ISO27001?

11 Research Evidence, 2008-10 Combination of academic research… Coles-Kemp, Barlette et al, and corporate research: Verizon, PWC, PGP, Symantec Conclusions: Main interest in ISO27001 in Pacific Rim (!)

12 SMEs and Information Assurance Few UK SMEs get ISO27001 certified regarded as too time consuming, too expensive… little ROI… “compliance is the English way” UK (2012) still showing little sign of: bring in new laws… educating about information security so why bother!?!?!

13 There’s a whole world out there to do business with!

14 The Global Supply Chain Global companies merely seeking “compliance” from partners taking quite a risk… Pacific Rim supply chain leaders/hubs becoming increasingly ISO27001 (not compliance) focused US getting its act together regarding supply chain hubs/partners via dept of homeland security & focus on cybersecurity

15 Global Enterprises… which SME would you trade with? Information security not the main factor But what if the other factors are roughly equal? which would you choose? certification (evidence…) or “compliance” (talk…) Real danger that UK SMEs could lose out on contracts on information security grounds… may already be losing out!

16 Asia (Pacific Rim) Led by Japan, Taiwan… Certification is supply chain driven Impressive take up of ISO27001 certification (approx 80% of world’s ISO27001 certificates)

17 US has got the message… Latest from Omanoff [VP McAfee] (29/10/11): “… an increase in attacks targeted at industrial systems and embedded devices has raised the risk that manufacturing facilities and other supply chain links could be infected.”

18 UK SME Priorities for 2012 Omanoff quote used on a UK technology reporting website (v3.co.uk) http://www.v3.co.uk/v3-uk/news/2121005/mcafee- offers-advice-securing-supply-chains http://www.v3.co.uk/v3-uk/news/2121005/mcafee- offers-advice-securing-supply-chains Same website: survey for businesses: “main priority for the new year?” 98% reducing costs 1% make more use of social media & cloud 1% improve information security

19 Not all doom and gloom! What if UK SMEs can be convinced that better information security brings about “reducing costs”? Whole academic field based on such matters: “Economics of Information Security” findings rarely get to SMEs… They should!!!

20 The Future SMEs will find more stringent requirements on security from global supply chain hubs/leaders Evidence of good information security will be a key factor in getting contracts that means education, and certification… UK government needs to use every means possible to directly support SMEs in helping themselves offering funding top-down to agencies and expecting it to filter to SMEs seems naive

Download ppt "SMEs: The Hacker’s Preferred Route into the Corporate World Richard Henson Worcester Business School February 2012."

Similar presentations

FIA Prague Preparation February 6, 2008. Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.

FIA Prague Preparation February 6, Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.
Local Authority e-Procurement and SMEs Opportunity or Threat? Martin Scarfe National e-Procurement Project London Borough of Newham.

Local Authority e-Procurement and SMEs Opportunity or Threat? Martin Scarfe National e-Procurement Project London Borough of Newham.
A UNIDO Strategy to Promote ICT for SMEs Hans Pruim UNITED NATIONS INDUSTRIAL DEVELOPMENT ORGANIZATION 21 April 2004.

A UNIDO Strategy to Promote ICT for SMEs Hans Pruim UNITED NATIONS INDUSTRIAL DEVELOPMENT ORGANIZATION 21 April 2004.
DEPARTMENT OF TRADE AND INDUSTRY INCREASING ACCESS TO FINANCE.

DEPARTMENT OF TRADE AND INDUSTRY INCREASING ACCESS TO FINANCE.
Sum it Up and Point the Way Forward Conclusions: Ending on a Strong Note.

Sum it Up and Point the Way Forward Conclusions: Ending on a Strong Note.
Product Stewardship Paradigm Shifts Beth Turner Global Director – Sustainability and Product Stewardship E. I duPont de Nemours and Co, Inc. Asia Pacific.

Product Stewardship Paradigm Shifts Beth Turner Global Director – Sustainability and Product Stewardship E. I duPont de Nemours and Co, Inc. Asia Pacific.
© 2003 IBM Corporation www.ibm.com/security/privacy Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.

© 2003 IBM Corporation Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Sub10 Systems Professional Services Presented By John Golding & Frank Pauer.

Sub10 Systems Professional Services Presented By John Golding & Frank Pauer.
1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.

1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.
Background Picture EBusiness Programme VeRDI  Limited knowledge among SMEs and SME advisers on internet used to improve business performance.  Workshops.

Background Picture EBusiness Programme VeRDI  Limited knowledge among SMEs and SME advisers on internet used to improve business performance.  Workshops.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Comments to “the concept of e-government formation in Russia until 2010” Åke Grönlund Örebro University, Sweden

Comments to “the concept of e-government formation in Russia until 2010” Åke Grönlund Örebro University, Sweden
Created by: Tamara Henderson

Created by: Tamara Henderson
EMS adding value IEMA regional workshop 07/07/10 Matthew Payne

EMS adding value IEMA regional workshop 07/07/10 Matthew Payne
The European Commission's Approach to Responsible Business: Towards a 2016-2020 strategy on Corporate Social Responsibility.

The European Commission's Approach to Responsible Business: Towards a strategy on Corporate Social Responsibility.
Trends in Corporate Social Responsibility Reporting

Trends in Corporate Social Responsibility Reporting
In conjunction with Minimising Risk, Maximising Benefit - EAUC 10th Annual Conference NetRegs: Environmental Compliance Help for Universities and Colleges.

In conjunction with Minimising Risk, Maximising Benefit - EAUC 10th Annual Conference NetRegs: Environmental Compliance Help for Universities and Colleges.
Consultancy.

Consultancy.
ISO 26000 Guidance on Social Responsibility Development Status, June 2009 An Industry View Risk of Failure David Felinski, Vice-President IFAN (International.

ISO Guidance on Social Responsibility Development Status, June 2009 An Industry View Risk of Failure David Felinski, Vice-President IFAN (International.

Similar presentations

Ads by Google