BH Consulting – As Seen on TV

Last Monday night the crew from BH Consulting appeared on the Hacked documentary on RTE Television. Our team worked with the producers of the program to create an experiment to minim what criminals could do to people when they use open WiFi networks.

Using the data gathered during the experiment we identified a number of volunteers who we subsequently profiled based on their social media presence. Based on that information we crafted some emails to then social engineer them into revealing sensitive information such as their email passwords. These are the techniques we often use when running security assessments for our clients.

The program is available on RTE Player for viewing;

hacked

If you are interested in us testing the security of your users then contact us for more details.

BH Consulting to Feature in RTÉ TV Documentary about Cybercrime

Security company sets up real-world ‘hacking’ scenario to show how consumers unwittingly put their personal information at risk

Monday, 14 November 2016 — Information security specialist BH Consulting will feature in a documentary about cybercrime which is being broadcast tonight on RTÉ One. Written and presented by Keelin Shanley, the programme is called Hacked and it looks at security threats facing individuals, businesses and critical national infrastructure in today’s digital world.

As part of the programme, the team from BH Consulting and volunteers created a fake Wi-Fi network at a Dublin coffee shop, offering free connectivity to lure unsuspecting customers into giving away their email addresses. Using the data it was able to harvest from several individuals, the BH Consulting team was able to show how cyber criminals could then profile those targets by tracing their activities on social media and using this information to craft highly targeted phishing scams.

By including recognised cues in their emails, the attackers could trick victims into giving up even more sensitive information about themselves. “We wanted to demonstrate the value of people’s personal information to criminals,” commented Brian Honan, founder and CEO of BH Consulting.

Frontline Films produced the documentary in partnership with Science Foundation Ireland, and it is being broadcast to coincide with Science Week. Frontline Films producer Aoife Kavanagh said the aim of the show is to point out the security risks posed by our growing use of digital technology in everyday life. “We are becoming more and more connected, so it’s about how we can make ourselves safer. Brian Honan is well regarded in the cybersecurity world and he helped the programme makers to explain some of the more complex ideas, and give advice about a common-sense approach to being online,” she said.

Hacked airs Monday Night at 9.35pm on RTÉ One.

Public Consultation on the Proposed Approach to EU Cyber Security Directive

In July 2016, the European Union formally adopted a Directive on security of network and information systems (2016/1148).  The Directive is required to be transposed in Ireland by May 2018 and will require regulation of cyber security in the finance, energy, transport, health, water distribution and digital sectors in Ireland.

The Department of Communication has opened a public consultation which seeks views from individuals, businesses and civil society on how best to protect digital assets through the implementation of the NIS Directive.   The document sets out the general approach proposed for implementation of the Directive in Ireland.  Thirteen questions are posed around the development of capabilities by the Irish State, co-operation across borders and regulation of business providing ‘essential services’ and digital services such as cloud computing, online search engines and online/e-commerce marketplaces.  Those responding may also provide general comments.

The deadline for submission of responses is 17:00 on Friday 9th December 2016.

This is an opportunity for those of us in the industry in Ireland to help shape the implementation of this Directive in Ireland and to make the Irish Internet space a more secure place for all.

The public consultation document is available on the Department’s website.

Come Work with Us and Join the BH Consulting Team

pep-talkThanks to our recent growth and exciting plans for the future we are looking to expand our team once more. We have an opening for a Cloud and Cyber Risk Specialist. The role is an integral part of the team and will enable the right candidate to engage in some interesting and challenging projects with our clients both here in Ireland and abroad. We also offer an attractive work environment where the focus is on developing you and enabling you to reach your own personal and professional goals.

The job spec is as follows;

Cloud and Cyber Risk Specialist

The Cloud and Cyber Risk Specialist participates in the delivery of the Information Security Risk and Cybersecurity Advisory services to clients of BH Consulting. The role’s mandate includes working with our clients to develop and enhance their security capabilities.

Responsibilities include:

  • Assessing cyber security capabilities of clients and provide remediation advisory services to address any identified issues
  • Work closely with our clients to report and manage information security risk across both infrastructure and application environments to BH Consulting clients.
  • Assist clients in achieving alignment and/or certification to the ISO/IEC 27001:2013 Information Security Standard
  • Helps facilitate security monitoring, incident response, and vulnerability assessment programs.
  • Manages the implementation and delivery of Information Security Programs, including Enterprise Vulnerability Management, Incident Response, Threat Management and Monitoring, and Risk Researching vulnerabilities and writing technical and non-technical reports for senior management.
  • Assist BH Consulting clients to conduct security assessments and risk analysis when migrating to cloud based environments

The Person

Competencies:

  • University degree in Computer Science, engineering, IT security management, risk management, or comparable professional education/training in a field relevant to IT Security management.
  • Minimum 3-5 years in Information Technology particularly in IT Security.
  • Detail oriented with strong organisational and analytical skills.
  • Knowledge of multiple operating systems and applicable system administration skills (Windows, UNIX, Linux).
  • Good knowledge of ISO/IEC 27001 standard, security policies, cloud platforms, multi-tier web applications, relational databases, firewalls, VPNs, IDPS, SIEM, web content filtering, email spam filtering and enterprise Anti-Virus products.
  • Detailed knowledge of Information Security principles, protocols, practices and industry standards.
  • In-depth knowledge of cloud computing platforms and related information security risks
  • Strong in all areas of communication, able to interface with team members, peers, senior management and clients.
  • Team player, whilst also able to work independently
  • Good technology generalist, with a good understanding of all aspects of IT especially architecture.
  • Excellent project management and leadership skills.
  • Excellent written communication skills and presentation skills.
  • Be willing to travel to engage with BH Consulting’s international clients
  • Socially conscious and supportive of BH Consulting’s strong corporate social responsibility (CSR) strategy

Please send your resume to [email protected] by 18th November 2016, 17:00 (Irish Standard Time).

No recruitment agencies please.

Ransomware: Can we finally start learning from past mistakes?

ransomwareMy latest opinion piece for HelpNet Security Magazine is now available online.  In this article I highlight how ransomware, CEO Fraud, and DDoS attacks are old attacks that we as an industry should be better able to defence against.

The article is below with a link to the complete piece

“There is a phrase I am finding quite relevant lately. It is attributed to the philosopher George Santayana and it goes like this: “Those who cannot remember the past are condemned to repeat it.” The reason it comes to my mind a lot these days is the headlines we are seeing relating to the latest ransomware attacks against companies’,hospitals’ and government departments’ systems.”

Getting Ready for the EU General Data Protection Regulation

cropped-IT.jpg

Information is the lifeblood of today’s business world. With timely and accurate information business decisions can be made quickly and confidently. Thanks to modern technology, today’s business environment is no longer constrained by physical premises or office walls. We can work on laptops, smartphones or tablet computers and with nearly ubiquitous internet connectivity we can work from any location.

This technology evolution allows us to be more productive and work with clients in many different ways. We can engage with them over the internet, visit their homes or offices, or they can come into our offices where their requests can be processed quickly and effectively. While bringing many benefits technology also brings with it many threats. With companies gathering more and more information on their customers to provide them with more services there is the increased risk of damage to those individuals should a company suffer a security breach. This information if improperly exposed could cause a lot of embarrassment to the people affected or, should it fall into the hands of cyber criminals, could have severe financial impact on them.

The European Union’s Data Protection Directive Data Protection is concerned about any information, either by itself or used with other pieces of information, that could identify a living person.  This information could be items such as email addresses, passport numbers, driver’s license numbers, financial details, union membership, medical history or information relating to a person’s sexual, religious or political beliefs.

On the 15th of December 2015 the EU agreed to replace the existing EU Data Protection Directive with the EU General Data Protection Regulation (EU GDPR).

The EU GDPR brings in new obligations to companies that handle information belonging to individuals and this will come into effect over on May 25th 2018. Under the EU GDPR there will be a number of new rules for companies such as companies who process a lot of personal data will be obliged to appoint a Data Protection Officer, companies who suffer from a security breach will be obliged to notify “the supervisory authority” without delay or within 72 hours, and there will be fines for companies who are proven negligent in the case of a security breach, to name but a few.

This new rules will have implications for how businesses handle and secure the personal data entrusted to it by its customers and staff. While it will take time for the EU GDPR to come into full effect, it will also take time for companies to be properly prepared for that eventuality.

The following checklist will help you obtain better assurance regarding how your company is prepared for these new regulations.  An incomplete or negative response to any of the following items means that area of risk needs to be addressed.

Infosecurity Hall of Fame Interview

infosechalloffameI was honoured to be inducted into the Infosecurity Hall of Fame earlier this month. It is an award which I hope to live up to. I was interviewed during the ceremony and I talked about how companies should be better prepared for computer security incidents. The key points of that interview are covered in this article.

I was also interviewed after the ceremony and below is the video of that interview

Many thanks to all who supported me over the years and helped me get to where I am today and also a big thank you to all who passed on their best wishes.

Securing Business Podcast

securingbusinessWe are delighted to announce that a new podcast focusing on the business aspects of information security and cyber security is now available. The Securing Business Podcast is a joint effort with our own Brian Honan, journalist Gordon Smith, and Matt Houlihan from the International Radio Company.  It is available from Soundcloud and iTunes

Every fortnight, Brian Honan and Gordon Smith discuss the latest news in Cybersecurity and Cybercrime and its implications for business.

The first episode has a feature on the challenges in cybercrime and what research the UCD Centre for Cybercrime and Cybersecurity Investigations,

The second episode features Lance Spitzner from Securing the Human and Dr Ciaran  McMahon talk about the human side of cybersecurity and what we should do to improve security from that aspect.

Have a listen and do let us know you thoughts and comments