Cyber Crime and Ireland

Posted on May 21, 2013 by brian

As many of you know I am passionate about how we as a country secure the systems, networks and the critical elements of our national infrastructure that we all depend on. I was recently interviewed by the Irish Examiner for an article Cyber Crime: The New Battleground, they ran on the threat posed to Ireland by criminals and others with malicious intent.

The article is available online here and my previous thoughts and comments on this area are available, and still applicable four years later, in this old blog post “Securing Ireland’s Digital Future“.

Source Conference Coming To Dublin

Posted on May 19, 2013 by brian

This week will prove to be very exciting for all of us involved in the information security scene. The excellent Source Conference is coming to Dublin. Source already hosts conferences in Boston, Seattle, Barcelona and now Dublin.

Having spoken at the Source Conference in Barcelona I can attest that it is one of the better conferences available. It is unique in that it offers an opportunity for those with a technical background to mix with those from the non-technical side of information security.

There is a great lineup for the first Source Dublin Conference. If you want the chance to hear some top rate speakers and a place where everyone can mingle and chat then come along. You can register for the conference here.

I will be speaking at the conference and I hope to see you there.

Analyst Update at Infosecurity Europe 2013

Posted on May 9, 2013 by brian

I recently attended the Infosecurity Europe 2013 show in London. As part of that trip I took part in an analyst panel hosted by Infosecurity Magazine on what we thought about the current and future landscape regarding information security.

The panel discussion was recorded and is available below;

Brian Honan – SC Magazine Information Security Person of the Year 2013

Posted on May 2, 2013 by brian

The SC Magazine Awards are held each year during the Infosec conference in London. It is one of the most prestigious events in the information security field and the awards are one of the most coveted. Having been selected as one of the finalists for the award last year, I was honoured when I first heard I had been selected again as a finalist this year.

On the night of the event I was delighted and honoured to hear the announcement that I was selected as the Information Security Person of the Year for 2013. Below is a picture of the moment itself;

I would like to thank all my family, friends, colleagues, and clients who have supported me over the years and helped make the above award possible. I see the award as a reflection as to how the information security field is growing here in Ireland. We have many excellent indigenous security companies growing here, a large number of industry giants in the security field have selected Ireland for their European HQs, and we have many skilled professional supporting the financial and pharmaceutical sectors. On top of that Irish people have been involved in security in various forms for centuries, so you could say security is part of our heritage. Hopefully we can build on all this and make Ireland a recognised centre of excellence for information security.

More highlights of the night are available in this video,

Winner of Best Educational Blog !!

Posted on April 29, 2013 by brian

Last week was the annual trek to London for Infosec to which I’ve gone for more years than I care to remember. This year saw the second European Security Bloggers meetup which was organised by both Jack Daniel and myself. It was also the first year for the EU Security Blogger Awards.

Alan Shimel has been running the Security Blogger Awards for the past few years as part of RSA in the US. However, many of those nominated were US based so we decided this year to set up a similar event here in Europe to shine a light on some of the excellent European focused blogs.

Thanks to Tenable Network Security and Qualys we managed to host the event on Tuesday evening. It was a very enjoyable event with many turning out.

I was delighted when the winners of the various categories were announced to hear that this blog had won the Best Educational Blog.

Thanks to all who supported and voted for the blog, it is very much appreciated.

The full list of winners is as follows;

The Best Corporate Security Blog – Sophos Naked Security Blog
Best Security Podcast – Eurotrash Security Podcast
Best Security Video Blog – InfosecCynic
Best Personal Security Blog- Thom Langford
Most Entertaining Blog – InfosecCynic
Most Educational Blog – SecurityWatch
Best New Security Blog – Dave Waterson on Security
Best EU Security Tweeter – @rik_ferguson
Grand Prix Prize for the Best Overall Security Blog – Sophos Naked Security Blog

Congratulations to all who were nominated and especially those who won. A big thank you to Tenable Network Security and Qualys for hosting the night and the awards. Do take some time to visit the above blogs, you won’t be disappointed.

A Call to Arms for Infosec Pros

Posted on April 11, 2013 by brian

My latest article for Help Net Security magazine is now online. In this piece I highlight how the lack fo leadership in the information security industry will cause us a lot of problems and ask that we all do what we can to address this problem.

You can read the piece here.

First Impressions RSA Conference

Posted on February 27, 2013 by brian

Well yesterday was a big day for me. It was my first time attending RSA Conference in the US. I have attended RSA Europe many times and was looking forward to seeing how different the US conference is to the European one.

All I can say is that everything is BIG, and when I say big I really mean big. Firstly the Moscone centre is absolutely huge, I have got lost a number of times going from talk to talk. Then the number of delegates is astounding. At RSA Europe there is normally between 1,000 to 2,000 delegates. Here there are approximately 15,000 delegates. The social element of RSA US is astounding too, nearly every vendor is hosting a party of some kind.

Speaking of vendors the exhibition hall is huge. I went onto the floor at 11:30 to simply walk from stand to stand to see if there was anything that was cool or innovative and it was not until 2:15 that I finished my exploration. Unfortunately I did not see anything too cool or innovative. In fact I found it telling that the most exciting technology that I came across was an original Enigma machine displayed on the at Thales stand. To think that a technology that is now over seventy years old creates more excitement and buzz than many modern solutions is a sad indictment of where we are in the security industry today.

Finally the theme for the event is BIG and by that I mean it seems most vendors and talks are all focusing on Big Data and its implications for security. I would say though that big data is not what we need to focus on but rather big information. Data without context is just that, data, and is something we cannot act or work with. Data with context is information and that is something that we need to identify threats, incidents and trends so we can better secure our systems.

So far RSA Conference has been very enjoyable with the chance to meet many people I know online in real life and to meet and talk with vendors directly. I am looking forward to seeing what the next few days bring.

Brian Honan Finalist in SC Magazine Awards 2013

Posted on February 12, 2013 by brian

The year 2013 is of to a great start. Not only has this blog been shortlisted in the finals of the RSA Security Blogger Awards under the category of Most Educational Blog, I found out last week that I have been selected as a finalist in the SC Magazine Awards for Information Security Person of the year 2013.

Last year I was also nominated for this award and it is a great honour to be selected for the final again this year. As well as being a finalist last year for Information Security Person of the year, BH Consulting received an award in the finals of Information Security Consultancy of the year.

I am looking forward to another excellent night at the awards dinner which will be held during the Infosec Europe exhibition in April and fingers crossed I could be coming back from London again this year with an award.

Today Is Safer Internet Day

Posted on February 5, 2013 by brian

Today marks the 10th anniversary of Safer Internet Day. BH Consulting has long been a big supporter of this initiative. Here are some resources that you can use to help make children and younger adults safely enjoy their online world.

Webwise has a raft of resources for parents, teachers and guardians
Microsoft has a blog post specific for Safer Internet Day
IBM provide some good material on how to control your identity online and how to deal
with cyber-bullying
CEOP (the UK Child Exploitation & Online Protection Centre) also has some excellent resources for parents.

Spunout, an independent youth charity has this excellent video on encouraging young people not to stand by while others are being bullied online.

Finally, in the event that you or someone you know suffers from being harassed or bullied online here are some useful steps to follow;

Record every incident. Ideally do so in a bound notepad (not the type you can tear a page from) and note every event with date and time of each incident, plus details of the incident.
Print out all emails, messages, screen shots etc. Relating to every incident. Date them and link it back to the record in the notebook.
Report it to the website, social media network or forum that the abuse happens on.
If you believe the abuse is related to school or college report it to them and ask them to follow their policy for online bullying.
If the abuse is aggressive report the issue to the police.Guards, they may not be able to do anything but at least it will be reported to them and they will have a record to go back on if it becomes serious. The notebook and printed evidence can help with initial report
and any subsequent reports.
Make sure your privacy settings on your online accounts are set accordingly

The Internet can be a great resource, lets make sure we can enable our children and young adults to use it in a safe and secure manner. Remember though that we should be always looking to stay safe online and not just for one day each year.

Telephone Scams

Posted on February 1, 2013 by brian

I recently appeared on the Morning Show on TV3 to discuss the issue of Irish mobile phone subscribers being targeted by a phone scam. It appears that those behind the scam would place a call to a victim’s phone but hang up before they could answer thereby creating a missed call on the person’s phone. The prefix for the missed call number is 386 which if you look at quickly looks to be the prefix for the 086 Irish mobile phone number. However, the number 386 is actually the international dialing prefix for the country Slovenia. Anyone dialing the number, curious to see who they missed the call from, would end up facing a hefty charge as the number actually turned out to be a premium rate number. Some people actually reported the number went to a sex line. Comreg are investigating the case and have reportedly stated that anyone impacted by the scam should not have to pay any incurred charges.

I was invited onto the Morning Show to discuss this scam and indeed to cover other common scams. The show is available online on the TV3 Player my interview starts about 14 minutes and 50 seconds into the show.

Here are some of the other typical type of scams that are out there;

Winner !!

You Have Won a Prize Text or Email Message You receive a text message claiming that you have won a prize, either cash or some high value item. To receive your prize you have to pay a shipping fee for it to be sent to you. However after spending your money you never receive the prize.

Give Me Your Bank Account Details

You may receive an SMS message telling you that there is a problem with your bank account and you need to log into your account straight away to rectify the problem. There will be a link in the SMS message that claims to take you to your bank account. This is an attempt by criminals to get you to log into a website they have set up to look like your bank’s website and steal your login credentials to your account. Once you enter your details the criminals will then take those details and log into your account and take your money.

SMS Competitions

This scam is where you can enter a competition by answering questions via text messages. However what they omit to tell you is that the number you text is a premium number and you end up paying a lot of money – the more questions you answer they claim will increase your chances of winning the prize but will also cost you a lot of money.

Ring Tone Scams

You may be offered access to a free or cheap ring tone to install on your phone. However, what you may not realise by accepting the offer is that you are subscribing to an expensive service.

How to Identify a Scam

You receive a call or text from a number you do not recognise or know
There are no clear indications in the message as to what company or organisation you are dealing with
There are no mention of costs in relation to services offered by the text message
There are no clear instructions on how to stop receiving these text messages.
Numbers given in messages are premium rate numbers.

How To Protect Yourself

Read the messages clearly and try to identify if it is a scam
Your bank or financial institution will never ask for your login details via email or text If in doubt do not ring back
If you did not enter a competition then consider how could you win it?
Read terms and conditions of any offers very carefully
Do not give your financial details (e.g. credit card information) to anyone you have not verified
Be careful of messages that just contain a link. This could be a link to an infected website and the scammer is hoping you will click on the link out of curiosity

Remember, if it sounds too good to be true then it probably is !!

SecurityWatch

BH Consulting's Security Watch Blog

Category Archives: InfoSec