WE HAVE MOVED - CHECK OUT OUR NEW HOME!

Please hold the line........the caller knows you are waiting and we are trying to connect you........

Monday 30 January 2012

Chatback Security's Word Cloud - Physical Security, Personnel Security and Information Security


Security Threat Report 2012 - Hacktivism, Cybercriminals and Malware


Foreword by Gerhard Eschelbeck, CTO, Sophos

Over the past year we in the IT security industry have seen a growing awareness of the work we do.
In 2011, a number of highly visible cyberattacks made news headlines around the world, but the underlying problem affects us all. It seems that the cybercriminals are getting bolder in their attacks as the availability of commercial tools makes mass generation of new malicious code campaigns and exploits easier. The net result has been significant growth in volume of malware and infections.
And for 2012, I anticipate growing sophistication in web-borne attacks, even broader use of mobile and smart devices, and rapid adoption of cloud computing bringing new security challenges.
The web will undoubtedly continue to be the most prominent vector of attack. Cybercriminals tend to focus where the weak spots are and use a technique until it becomes far less effective. We saw this with spam email, which is still present but less popular with cybercriminals as people deploy highly effective gateways. The web remains the dominant source of distribution for malware —in particular malware using social engineering, or targeting the browser and associated applications with exploits. Social media platforms and similar web applications have become hugely popular with the bad guys, a trend that is only set to continue.
Click above image to read
full the report
The rapid inflow of consumer-owned smartphones and tablets is causing significant security challenges for many organizations. IT departments are being asked to connect devices to corporate networks and secure data on these devices, which they have very little control over. Due to the high degree of mobility, security requirements are plentiful, including enforcement of use policies, corporate data encryption, access to corporate networks, productivity/content filtering, and of course malware protection. The unique nature of modern form factors (in terms of processing power, memory, battery life) requires rethinking of security and defense mechanisms.
Cloud computing is one of the most significant revolutions in delivering software applications to users, and can significantly improve the effectiveness and manageability of security solutions—web security, data protection, or even endpoint and mobile security managed via the cloud are great examples. The service model takes the burden of managing applications away from the user, but introduces new issues of security and privacy for data at rest and in transit.
Protecting data in a world where systems are changing rapidly and information flows freely introduces a whole new set of people, process and technology challenges, reinforced by enhanced scrutiny by compliance and regulatory bodies. As we all radically reform the way we communicate and share data, we can expect cybercriminals to hook themselves into these systems to tout their nasty malicious code.
With this edition of the Sophos Security Threat Report, we want to share our latest research on hacktivism, online threats, mobile malware, cloud computing, and social network security. And we offer a look ahead to the coming year.
Best wishes,
Gerhard Eschelbeck
CTO, Sophos

Saturday 28 January 2012

What do you do when your twitter account has been compromised.

Like most out there I have received lots of DM's from twitter followers recently that would either not usually contact me or that are not following me. Now, I don't believe my account has been compromised and up until yesterday I didn't do anything about others that had contacted me. On Friday though I received a couple of DM's from a family relation telling me I should see what others have been writing about me on twitter, this caused me alarm as I know they would not be bothered what was said about me, but I spoke to them and advised them they should change their password and check to see if their twitter account had been used to authorise other applications as a bit of a starter for 10. But, today I received a mail-shot from and saw the Naked Security twitter feed giving the best information I have seen so far. So I thought i'd share it, thanks to all at Naked Security as always very helpful and relevant information.

Best Regards Richard
@securityspeak

Orginal Source: Naked Security : Many Naked Security readers email our tips email account every day asking for help when their online accounts are compromised.
I thought it might be a good idea to provide a step-by-step guide to recover from some common attacks people fall victim to, beginning with Twitter.
There are two primary methods for your Twitter account to become compromised. Either you authorized a malicious application to connect to your account, or your password was guessed/stolen.

The first thing to do as soon as you notice a problem is to scan your system with an up to date anti-virus product to be sure your machine isn’t infected and doesn’t have a keylogger installed. Next you need to set a new password. As always we recommend selecting a strong password that is unique for each website.
If mixing numbers, letters, punctuation and case is too complicated (because you aren’t using a password manager) then the most important thing to remember is that size *does* matter. Going long is better than something short with a number on the end.

Then you should review the applications you have granted access to your Twitter account. To view the list log in to Twitter, select your account in the upper-right corner and choose settings, then click on the Applications tab.

You’ll notice this account has a rogue application installed, Your Profile Views, that has already been suspended by Twitter.

You could just revoke access to any applications you don’t trust, but I recommend starting over and revoking all of them. You can simply reauthorize any applications you are actually using as you need them.

The last step is to tweet out an apology to your friends and be sure to alert the Twitter team by sending a message to @safety.


To stay aware of the latest scams and warnings, it is a good idea to follow @safety as well as @NakedSecurity, and even @spam if you wish to stay abreast of the latest spammer activity.

Often corporate accounts can fall victim to hackers, most often from insecure choice of passwords and the need for multiple people to be able to tweet from the accounts to maintain 24/7 coverage.

There are some great solutions that can help you ensure the shared account has a good password without needing to share it.

Services like GroupTweet and HootSuite allow you to delegate tweeting to other user accounts and even moderate tweets before they are posted (in the paid versions).
This won’t prevent your employees from choosing a poor password for their own account, but with the moderation feature you can prevent any damage to your brand by accepting a bit of management overhead.

I hope this is helpful to those of you who need to recover your Twitter accounts and for those of us who have to help bail out our friends when they are in trouble.

I will continue to update this article with any additional insights posted in the comments and keep it as a living post.

Tuesday 24 January 2012

Mobile Phone Hacking and How To Prevent It

Mobile phone hacking isn't a new phenomenon it has been taking place for years, it normally occurs via two methods:

Voicemail hacking – somebody remotely listening to your phone’s voicemail messages

Data hacking – somebody viewing or stealing information stored on your phone (or a PC based backup), such as phone numbers, bank account details and emails.


Celebrities have been the main targets for the mobile phone hacks because that apparently sells newspapers but fraudsters will also target us 'normal' people to obtain our sensitive data so as they can commit fraud or to sell the data on.

Voicemail hacking is an invasion of privacy but what information can really be obtained  from a left message (?), well really that depends on the person leaving it I suppose....

Hackers can get away with such simple access thanks to a massive flaw, namely that public voicemail systems don't record the numbers from which the service is being accessed, only the time of access. This alone would make simple voicemail hacks harder to execute by leaving a trail of evidence of access.

Some simple preventive measures are:

Voicemail hacking normally takes place via the system that allows you to listen to your messages when you don't have your mobile with you or your away from home. This is normally via a land line number (or your own land line number if its a home based answer phone system) and then you enter a security pin to listen to your messages however most people never change their pin from the default which is normally 1234 or 0000. If you don’t change this pin code then a phone hacker could potentially listen to your voicemails by entering one of the default pins. Assuming your new pin is four digits, that allows up to 10,000 possible combinations for a hacker to guess, not completely secure but a reasonable start.

Click the image to read some of
the recent news stories
Data hacking is a significant risk as most of us now walk around with the same amount of data storage in our mobiles as our PCs are capable of holding at home. To minimise the risk of your mobile data falling into the wrong hands you could try the following:
  • Be careful where you store sensitive information - for example don't use a non secure 'notes' type app to store your credit card, bank account or pin codes in. Use a secure (password/pin protected) app or better still don't store this type of information anywhere!
  • Avoid public wi-fi – Avoid checking emails, logging into mobile banking sites and accessing private information when your phone is connected to public wi-fi such as those in coffee shops – as these are often insecure.
  • Set a phone password – If your phone’s lost or stolen then a password could stop a data hacker in their tracks.
  • Turn off Bluetooth – When you’re not using Bluetooth always turn it off as hackers could use the wireless connection to gain remote access to your phone.
  • Turn off auto-complete – Some phones save user names and passwords automatically to help you log-in faster next time, but this could also help a hacker access your personal data. Check your phone’s “Settings” menu to see if it is automatically storing information.
  • Delete your browsing history – Not seeing a list of which websites you’ve recently visited and the information you’ve accessed might be a little inconvenient, but clearing your mobile phone’s Internet browser history, cookies and cache will make it harder for a hacker to get your data.
  • Remote locate, lock or wipe - sign up to a 'mobileme - find my iphone' type service that allows you via another authorised device or web page to locate, lock, wipe or send an alert to your lost (or stolen) device. There has been a few good media stories on these services.
The recent stories in the media are not good news for the people who have experienced the hacks but this is only the tip of the iceberg for sure. Accessing people's voicemails has for a longtime been a 'tool' that law enforcement and investigators have utilised to gain intel but thanks to this recent media coverage fraudsters will now jump on the band wagon. You have been warned!

 
- Posted using BlogPress from my iPhone  - which is password protected ;-)

Monday 23 January 2012

Survey: Crime has risen by 4%, public more satisfied with police and councils

Original news source: Security News Desk 


Crime in the UK rose by 4%, with violent crime up 9%, according to the latest British Crime Survey data.
In the 12 months to September 2011, the period covered by today’s report, crime reported by the survey rose by 4%. This was broken down by:

  • Vandalism – down 7%
  • Burglary – up 5%
  • Vehicle-related theft – up 7%
  • Bicycle theft – down 8%
  • Other household theft – up 4%
  • Theft from the person – up 12%
  • other theft of personal property – up 14%
  • All violence – up 9%
  • All BCS crime – up 4%
British Crime Survey
The survey covers August 2011 when there were significant disturbances in cities across England.
Editor’s view: Let’s help business tackle street crime with CCTV
During the same period of time, the police reported a 4% decrease across all categories of crime. The BCS survey complements data collected from the police and often contradicts police figures. This is because BCS data is based on interviews with individuals and includes incidents which are not reported to the police.
The survey notes an 11% increase in personal crime in the period, but discounts this as a blip and points to data since 2004/05 to claim that crime levels have remained relatively unchanged.
The 9% increase in violent crime was said to be not statistically significant and there is no upward trend in violence, especially in light of an 8% fall in violent crime recorded by police last year and a five-year downward trend.
Meanwhile, robberies of businesses has fallen while personal robbery (street robbery for phones, bags and cash) has risen by 4% according to police figures, supporting the 12% rise noted in the BCS survey. 50% of all street robbery takes place in London where there has been a 13% increase.
And police and councils are getting the credit for beating crime, with 57% of those questioned saying they were doing a good job compared to just over half last year.
BSIA-Trevor-Elliott
Trevor Elliott, director of manpower and membership services, BSIA
Trevor Elliott, director of manpower and membership services of the British Security Industry Association (BSIA), said, ”The quoted reduction in robberies of businesses is certainly encouraging and a testament to the work carried out by the police, the business sector and the private security industry to diminish the incidence of this type of crime. However, commercial crime is still an unwelcome reality and in order to continue reducing its effects on businesses it is essential for all parties to continue working together effectively.
“Businesses should check that their security measures are reliable and up-to-date. CCTV equipment, manned guarding and access control systems such as item tags have time and again proven invaluable in deterring criminals and responding more effectively to offences, but to get the most out of these systems they must be properly installed and monitored and provided by expert and professional security companies.
“The improved effectiveness of the security systems in place will in fact not only deter criminals, but also ensure immediate police response and facilitate the conviction of offenders.”
Links




Original news source: Security News Desk 

Saturday 21 January 2012

The Cyber Security Challenge - King of The Hill


I attended one of the 3 stream finals of the Cyber Security Challenge (CSC) ‘King of the Hill’ today. I was kindly invited some months ago as an influential blogger in the security industry which was nice, although Ellie (part of the CSC team), did tell me today that there are not many of us about, but still it was nice all the same!

Today’s event was sponsored by PWC and SAIC, there were proper journalists present from Wired, BBC (Adam Shaw) and City AM. 

I was a little apprehensive going into today as Cyber Security is a little out of my area of expertise although the boundaries across security specialisms are constantly becoming blended and we now have to be experts in all disciplines (and HR and Legal and Audit and Risk Management etc etc). By the way the location was perfect with two of the most iconic landmarks in London, the Tower of London and Tower Bridge literally on the door step. 

The morning kicked off with a brief presentation about the CSC and then we went straight into a very comprehensive demonstration of the exercise that the candidates would experience later in the day during their competition. 
My Cyber expert and ‘ethical hacker’ was Jonathan of PWC, who’s knowledge was impressive, although he had only been in security for a couple of years! He gave me a whirl wind tour of the tools of his trade and I was surprised to hear that the penetration software is easily available and for free apparently! He went on to demonstrate how easy (for him) to compromise and potentially control a series of targets. He also showed me how a ‘password list’ is utilised by a hacker to automatically search for the specific password required to gain access to the chosen target (which I have read about but never seen done in front of me). Our password list contained 1.5m examples of commonly used passwords! 

I was also shown how easy it is to hack a SMTP (Simple Mail Transfer Protocol…get me) which ultimately enables the hacker to send emails containing the actual companies domain name. These would appear to be official emails by the person receiving them but may for example contain a piece of Malware or inappropriate images (the implications may be far reaching as experienced by STARTFOR at the end of 2011). It certainly demonstrated to me the importance of simple preventive measures like choosing good passwords and ensuring regular security patching.

During the day I met a number of candidates, some first timers and others who attended last week’s event at Sophos. Most of the candidates I met are current university students with an interest in computers and/or cyber security but with little practical experience. It was good to see people who are in the early stages of their careers and actually have a hunger and eagerness to progress into this industry.
I also had the opportunity to speak to some of sponsors who are security professionals in their right and it was good to exchange ideas and to share best practice (which is exactly why I blog). 

I actually came away with more knowledge then I walked in with, however I was truly shocked at just how easy 'hacking' is (with a few free tools and some technical know how of course). As I type this article there are thousands of people all over the world using these tools looking for opportunities and their next potential target.

I even found out what this type of art is called……

Ascii Art!
What I like about the CSC is that it's nurturing talent and raising the profile of a profession which is apparently struggling to attract new talent - but at least they are doing something about it! Will the CSC attract more talent into the industry? Will it uncover new talent? Do we need to continue to protect our national infrastructure and business interests? I think it’s a resounding yes to all of these points and lets hope that the CSC continues to run for many years. 

The final takes place in March and the prize list is impressive.

I look forward to watching the BBC programme (and of course if I am in it) and a special thank you goes to Ellie for the kind invitation and your hospitality on the day.

If you want to learn more about the challenge please click on this.

Thursday 19 January 2012

Olympics counter-terrorism training offered to London burger vendors


Police want licensed mobile traders to help spot suspects who may be looking at potential targets for 2012 Games.
Burger van workers and other licensed mobile traders are being offered free counter-terrorism training to help them spot suspects who might be reconnoitring potential targets in the runup to the Olympics and Paralympics.
The on-street presence of people selling food and drink in London – from ice-cream to baguettes, pizzas and hot dogs – means they are well placed to "contribute to effective surveillance", according to environmental health experts.
The training is being offered by the Metropolitan police and Westminster council and builds on an existing scheme in which business representatives attend courses to get tips on "hostile reconnaissance", what to do in case of an attack – including the 'dos and don'ts of bombs' – and understanding police communications and cordons.
But not all traders will find themselves on the right side of the law. Many will be subject to spot checks to establish that they are operating legally and safely, with those suspected of breaches having their names, dates of birth and nationalities passed to police and the UK Border Agency(UKBA) for investigation of possible criminal links and their immigration status.
Source: The Guardian - click on the link to read more
Comments from Chatback........the total number of people involved in the security operation is apparently around 45,000ish (including 20,000 security guards - an increase from an original figure of 10,000, and 13,000 military personnel, and 12,000+ Police officers (in London)). Not forgetting that these numbers are directly linked to the Olympics and it does not include the additional numbers of security staff that businesses, retailers, offices will automatically add during this busy time. I don't think we should forget that securing the Olympics is costing over £1bn (originally £600m) and with all these big numbers why on earth do we need to train 'burger van workers' in Hostile Recon??
All I can say is that this years IFSEC will not be 'the largest annual security event in the UK' the 2012 Olympics games will be!! 

Wednesday 18 January 2012

What is the Cyber Security Challenge UK?


At the start of 2012, the Cyber Security Challenge UK will launch a social media and press stream of its hugely popular competitions. It’s an opportunity for those who regularly write, blog or tweet about major cyber-attacks to gain first-hand experience of what these looks like on the ground and how the professionals deal with them, using ultra-realistic simulations developed by leading UK cyber experts. As well as learning a huge amount about the industry, the competition provides an opportunity to demonstrate your coolness under pressure, leadership and teamwork skills against your fellow journalists and bloggers.

The Competitions


The competition consists of three different challenges taking place over three separate days at the beginning of next year (see dates below). Contestants will be placed into teams of up to five individuals supported by a technical expert from the company running that competition. Their role is to implement the decisions made by the team in the face of, or in preparation of, a major cyber-attack, and relay the impact of those decisions back to the group. As a result, the competitions are not a test of technical knowledge and open to people of all abilities.

Each competition will take a maximum of one hour to complete and will be run on the same day as the full version for candidates to ensure you also have an opportunity to watch candidates compete, interview them before and after, and talk to the cyber security leaders who have designed these challenges.

Whilst we encourage competitors to try and attend all three competitions, individual participants can change to accommodate those who cannot. A prize for the most successful team will be awarded at the Challenge Awards Ceremony in March.


Dates

  • Competition 1 - Sophos Malware Hunt, 14th January, Sophos HQ, Abbingdon
  • Competition 2 - SAIC’s King of the Hill, 21st January, PwC HQ, London
  • Competition 3 - QinetiQ Network Defence, 10th February, QinetiQ HQ, Malvern

If you are interested in taking part in all or some of these competitions, please get in contact with the Challenge at the following address: media@cybersecuritychallenge.org.uk or you can register here.


On the below YouTube video candidates talk about their experiences of competing in the Cyber Security Challenge UK and the imapct it has on them, at a debate on cyber security careers.

Saturday 14 January 2012

Physical Security - Thieves Dig 100ft Tunnel to Reach Cash Machine

Thieves spent "months" digging an 100 foot long tunnel beneath a car park and video shop in an elaborate robbery on a cash machine but got away with just a few thousand pounds.
Detectives believe the gang may have spent up to six months digging the passageway, which extended from a railway embankment, under a car park and beneath a shop where the cash machine was located.
The tunnel, which was around 100 feet in length and 4 feet tall, had been fitted with lighting and roof supports.

In a heist similar to that seen in films such as the Bank Job, where thieves tunnel beneath a bank to get to a vault, the gang had to cut through more than 15 inches of concrete to reach the cash machine.


Thieves dug a 100ft tunnel under a building to get at the cash machine
 at Blockbuster in Fallowfield Shopping Precinct in Manchester


Police believe the theft occurred some time between 5.30pm on Monday January 2 and Tuesday January 3 at the Blockbuster in Fallowfield shopping precinct in Levenshulme, Manchester. They refused to reveal how much money had been taken, but said the gang only got away with "limited funds". The cash machine can hold up to £20,000 but it is believed the gang got away with just £6,000.

It comes four years after an identical lot was foiled at the same location after workmen discovered a 40ft tunnel running from the railway embankment towards the Blockbuster shop. The original tunnel was filled in with concrete to prevent it being used again.

Detective Sergeant Ian Shore, from Longsight CID, said: ''In all my years of service, I have never seen anything quite as elaborate as this. These people had obviously spent a long time plotting this crime and I doubt they would have been able to keep their plans secret for all that time, without telling others about their scheme. 'They must also have spent a lot of time in the area over the past few months, which people may have noticed. 'The financial detriment to the victim could have been a lot worse, and the offenders did not get away with as much money as I believe they may have originally hoped. The machine had limited funds available.''

The tunnel was dug directly underneath the cash machine, where the offenders then used machinery to cut through the concrete above to steal money from the ATM. The thieves then made their getaway back down the tunnel.
DS Shore added: "I would ask that anyone who may have noticed anything unusual around this Blockbuster store, or who may have seen or heard anything they think might help us with our investigation, to get in touch."
Original Source: The Telegraph

Anyone with information is asked to call police on 0161 856 4245  or contact Crimestoppers anonymously on 0800 555 111
How's that for a return on investment!
 All for an estimated £6k! Sounds like a lot of
work for not much money!

Monday 9 January 2012

Public Service Review: A matter of national security


The Coalition's handling of the spending cuts to the economy is impacting security differently across departments, argues ADS Security Policy Adviser Hugo Rosemont
How the current state of the economy impacts national security remains an important question due to the surprising lack of attention given to it. However, it is a crucial consideration, and the Coalition Government believes that 'an economic deficit is also a security deficit'.
Contrary to some perceptions, there have been significant levels of new investment in the UK security market during the current period of deficit reduction. For example, in a survey published in October 2011, ADS revealed that its members completed £1.8bn worth of security business in the UK during 2010. In addition, there has been significant growth in the global security market; it is currently worth about £260bn per annum and is estimated to grow to £337bn by 2015.
It is worth remembering, however, that the UK security market comprises purchasers from both public and private sectors. Public sector customers account for a large proportion of sales, and the effect that the economic conditions are having on UK government departments' abilities to invest in national security capabilities, especially in the context of deficit reduction, must be examined.
To continue reading this article, click here.

Thursday 5 January 2012

Mike O'Neill Interview: SIA, CPO Licensing, London Olympics Security


You can download the
 interview here

David Rubens latest column in Combat & Survival is a double-page interview with Mike O'Neill, Chairman of the Close Protection division of the BSIA, and a well-known figure throughout the UK security industry through his activities with Greyman's and, more recently, Optimal Risk. 


Mike talks about topics of interest such as the latest news on SIA licensing, the future role of CPO's in the UK security sector, the London Olympics and a few thoughts on the future of top-end security providers in an economic recession. 




David is a well known figure within the security industry and his bio is shown below:

David Rubens Associates founding director, holds an MSc in Security and Risk Management from Scarman Centre, Leicester University, is a Visiting Lecturer on their Global Security and Policing MSc programme, and is currently a Visiting Fellow at the Security and Resilience Department, Cranfield University at the UK Defence Academy, specialising in Terrorism & Public Policy and Strategic Management & Leadership. David is widely experienced at developing, delivering and managing large-scale strategic security development programmes, and has worked with government agencies and academic institutions in Asia, Africa, Middle East, Caribbean and Eastern Europe.

Wednesday 4 January 2012

Updated 4/1/12 - The MPS launches first ever dedicated unit to tackle metal theft

Update 4/1/12 - Church metal theft cases reach record high in 2011 via the BBC


Update 23/12/11 - News article in the Telegraph "Insurers urge radical security rethink following metal sculpture theft"

The MPS is launching its first ever dedicated unit to tackle metal theft - a spiralling problem which is costing the economy an estimated £700 million a year and causing the deaths of two offenders a month in the UK, according to the most recent research.
The new multi-agency Waste and Metal Theft Taskforce, whose team includes experts from BT and the local authority's environmental crime unit, is based in Bexley, one of the boroughs most severely affected by metal theft due to its high number of scrap metal yards.
In the first two weeks of December officers across the Met carried out a total of 275 inspections and searches of scrap metal dealer yards, arrested 15 people for offences ranging from burglary to transporting waste metal illegally without a licence, and seized 16 vehicles.

Whilst the task force is a good idea, why do we always have to rely on law enforcement? Shouldn't we be making it more difficult for stolen goods to be sold to 'dodgy scrap yards', or stopping cash sales or even asking for proof of ID from sellers? 
The new task force will be busy...this is the recently 
stolen Barbara Hepworth sculpture (worth £500k)


Tuesday 3 January 2012

Looking Back, Looking Forward - The Security Highs and Lows of 2011

So what happened last year? Well apart from it flying past, for us at Chatback Security it has been a great 2011. We successfully continued our efforts to offer opinions on security risks and threats and have now built up a steady readership and loyal following.


January was kicked off with a promise for us to be more active on the blog and introduce Fraud and other topics. This proved succesful in 2012:

7000 blog readers (55% up on 2010)
3500 unique visitors
4000 tweets via @securityspeak and @chatbacksy
2500 twitter followers
Readers from over over 50 countries

February saw scam awareness month and we also received a couple of emails asking for us to claim our lottery winnings, all we had to do was supply our bank details apparently?! It’s amazing how email addresses get identified by scammers for this type of contact (its even more amazing that people fall for these scams). 
The MPS kicked off a new counter terror publicity campaign asking for people to look out for unusual activity or behaviours that might strike people as not quite right and out of place in their normal day to day. Just one piece of information could be vital in helping to disrupt terrorist planning and, in turn, save lives. If you see it, report it.

March saw us talk about the HOSDB INSTINCT exhibition which considering this exhibition is designed largely for law enforcement and government agencies was actually quite interesting and food for thought when considering the future applications that could find there way in to our airports and hopefully other environments. 
The ‘Insider Threat’ came all too true with a British Airways software engineer being sent down for 30 years after being convicted for plotting to blow up a plane. This particular topic is close to our hearts and seems to have fallen off organisations radars a bit and it's not being discussed as much as it should be. 

April was the month that the Centre for Protection National Infrastructure (CPNI) released a 'Public Realm Integration' document which although it looked like it had been designed by Saatchi & Saatchi it still offers some very good information about when and what you should consider when deploying any Hostile Vehicle Mitigation in the public realm.


May brought us our 1 year celebration of the blog and the introduction of the Stuxnet, the Future of Malware posting.
Paul celebrated our first year with a posting on Insider Threats.


June saw me and Paul enter and successfully complete the 26 mile London Bikeathon in support of a charity close to both our hearts ‘Leukaemia and Lymphoma Research'. We were very kindly supported and sponsored by our new friend in the US Brad Apitz (please follow him at @BradCHSV) who helped us raise over £500 in sponsorship. Thanks again Brad. 
I presented at The 8th Annual CISO Summit in Rome which was attended by a very experienced audience. I must have done ok because the organisers invited me to speak and chair a panel on social mediasecurity risks at the CSO later in the year. I have a lot of time for MIS Training and will be sharing more news, events and speaking opportunities throughout the forth coming year, so keep an eye on our events page. 
Towards the end of June we both attended The Security Institute’s Annual Conference.  
June also saw the introduction of The National Security Workers Union (NSWU) in the UK.

July saw a couple of guest bloggers posts and the Home Secretary Theresa May announced the terror threat level for the UK has been reduced from severe to substantial. However, a terrorist attack still remains a strong possibility and may well occur without further warning, she went on to warn. Mrs May said: "The change in the threat level to substantial does not mean the overall threat has gone away - there remains a real and serious threat against the United Kingdom and I would ask the public to remain vigilant." January 2012 we remain at ‘substantial’.

August we took leave and you do not want to know where or what we did because that is boring.

September saw us post a summary of the GMB report on From Workplace Watch To Social Spy: Surveillance In (and by) The Workplace.

October brought us National Identity Fraud Prevention Week (NIDFPW), which over the last seven years has helped consumers and businesses alike to fight identity fraud. NIDFPW brings together partners from both the public and private sector to contribute their resources and experiences to help UK businesses and consumers protect themselves against identity fraud. Research commissioned by Fellowes for the campaign has shown that consumer confidence is at an all time low, with 96% of people concerned that the organisations they deal with aren’t treating their data responsibly.

November saw the UK government announce The New Cyber Security Strategy, I attended the Chief Security Officer (CSO) Summit in London where I presented on Security Assurance and chaired a panel session on social media security risks and it was also Get Safe Online Week 2011 (7th - 11th November 2011) What is Get Safe Online Week? Well if you missed it, it’s an annual event to raise awareness of internet safety issues. They reach out to consumers and small businesses through competitions, events and communications activity and to businesses and organisations through their annual Get Safe Online Summit to find out the latest updates or join us and follow them on Twitter @GetSafeOnline for all the latest news. Finally Chatback Security was approached after being recognised as known and influential security bloggers (get us) to participate in the Cyber security Challenge UK 2012 as journalists.  Watch this space we will be talking all about it.


December saw the MPS launch a dedicated police unit to tackle Metal theft, Anonymous were at play again, attacking Stratfor (the website is still offline) and my son’s first published photos to support the 4x4 crime prevention posting by Paul. Our recent posting by Infosec Island was posted at the end of December and still worth a read on security risk management and it’s not all about assessment.

Happy New Year.... 2012 is here so what does it hold for us personally and professionally. Well firstly, more of the same but different, if that makes sense. The year starts with us attending the first round of the Cyber Security Challenge UK. The first 5 months see me being invited to speak at the Information Security Executive Summit in Richmond, UK, Counter Terror Expo in London, CISO Summit 2012 in Prague and the Fraud Corruption Africa Summit in Zanzibar and then of course is the Olympics, London 2012.  


Some of the threats and risks on the horizon that are going to require some effort in combating are:
  • Continued trend in metal theft (cabling, ornate statues, church roofs etc), hopefully some change in legislation also around the selling/buying of scrap metal
  • Protection of our critical infrastructure (in paricular SCADA systems)
  • Hackivism 
  • Insider threats
  • Olympics (surprise surprise) 
  • Under valuing physical security measures (?too much focus on cyber threats maybe)
  • Large scale scams and frauds 
  • Recruitment of the right security people at the right time
We seek to enhance our relationships with @GetSafeOnline and London Fraud Forum (LFF) and Paul will continue with his work in the Security Institute whilst I intend to work closer with London First who kindly invited us to seminars and events on the Olympics and Cyber Crime.

We are always looking for new areas of interest and guest bloggers or supporters, if you feel we (or you) can contribute to your ideas please let us know via chatbacksecurity@gmail.com or contact either of us direct via LinkedIn (Richard or Paul).  

In the meantime we wish you a very safe, secure and prosperous Olympic new year and look forward to staying in contact with all our friends and supporters. 

Thanks and enjoy. Richard