Tag Archives: e-crime

ISNow – Future Threats

The following introduction was originally published in the BCS Information Security Now Magazine, Winter 2010 issue (Volume 5, Issue 2), which was on the topic of Future Threats:

“The start of each New Year brings festive cheer and thoughts about what security related treats we might see in the coming year. I think 2011 may bring:

Targeted malware – next generation spear-phishing. The emergence of Stuxnet, which combines traditional malware techniques with a specially crafted targeting mechanism and payload parameters, may signal a new form of deniable attack. Even with the required time and resources required to develop the intelligence and programming that feeds into such software, it could still be a much more cost effective and politically acceptable virtual approach versus physical alternatives. This attack vector is likely to be picked up by other online ne’er- do-goods.

Secrets revealed – exposing truths. Wikileaks, Crytome, The Smoking Gun and others have a track record of exposing the secrets of governments, corporations and individuals. State and court sanctions are unlikely to deter all those seeking to expose unlawful, hypocritical and immoral activities. Once details are released on the internet it is too late, however good your censorship capabilities are and if the traditional press get hold of it too it’s as good as over. As people learn the effectiveness of such exposure we may see more whistleblowers emerge.

Personal intrusions – self-exposure. From airport security officials wishing to either irradiate us or touch our junk; governments wanting to know about our worldwide banking arrangements, health, happiness and online activities; social networks wanting to know where you are, who your friends are and what you’re saying; advertisers wanting to know where you are and what you’re interested in; employers wanting to know if you’re a suitable hire or risk to the business.

Happy New Year – hopefully.”

A PDF version of the magazine is available online at:


Talk on ‘Why the Private Sector is Key to Cyber Defence’ (Slides)

I spoke at the SMi Group Cyber Defence 2010 (National Security in a Borderless World) conference in Tallinn, Estonia, on Monday 17th May 2010. My talk was entitled “Why the Private Sector is Key to Cyber Defence” and the slides are now available:

ISNow – e-Crime

The following introduction was originally published in the BCS Information Security Now Magazine, Spring 2007 issue (Volume 1, Issue 3), which was on the topic of e-Crime:

Infosecurity Europe 2007
April brings the annual pilgrimage to London Olympia for information security professionals from around Europe and beyond. It just gets bigger every year, with over 11,000 visitors expected and around 300 vendors vying for attention in an increasingly crowded marketplace. Apparently, security is big business.

Personally, I’m hoping not to see the same vendors, on the same stand, in the same place, hawking the same solutions for yet another year. However, looking at the floor plan, I do get that familiar feeling and I think I know what’s coming. That said, I’m glad to see that over 10 per cent of the exhibitors are new to the event.

I’d like to see the product space improve, more innovation, integration (not of the Heath Robinson kind as favoured by some building ‘unified suites’). I also feel intuitiveness, ease of use, and intelligence, not just information, is needed, with less focus on niche point products that attempt to fill tiny gaps in the market left by others.

Rather than simply loading up on glossy brochures until your complimentary bag splits, I recommend attending some of the excellent talks on offer. With around 100 keynotes, seminars on subjects such as technical and business strategy, and workshops on offer, there is no excuse not to boost your knowledge, and CPE points.

If you’re bored with trying to lift decent freebies without being spotted by sales and marketing staff, come and visit the BCS stand – D220, close to the Technical Seminar Theatre on the ground floor. Some of the ISSG committee will be in attendance throughout the event.

What the future holds
Recently, I was invited to participate in an Infosecurity Europe Advisory Council meeting. Now, this doesn’t mean I will take any blame if you don’t enjoy it this year, but I hope that I contributed a little to the view that Reed Exhibitions now has the security drivers that attendees consider important.

After an incredibly open, wide-ranging and informative roundtable discussion, the group of senior security professionals agreed on what they considered, the ten security hot topic areas for us in the forthcoming year were. These included, in no particular order:

  • globalisation
  • governance
  • identity management
  • compliance
  • remote working
  • professionalism
  • education
  • budget / cost reduction
  • integration
  • management / managing risk

I noticed immediately that not many of the topics relate to products, or directly to technology. The security profession has finally got to grips with the fact that security is more about people and process than technology, and now it’s time to educate everyone else.”

A PDF version of the magazine is available online at: