We are pleased to announce that Nexor is a sponsor of the East Midlands branch of the Institute of Information Security Professionals (IISP). We arrange events for industry security professionals to create networking and professional development opportunities.
On Wednesday 17th April, IISP East Midlands ran its first quarterly meeting for 2019. 24 security professionals joined to collaborate and discuss the latest news surrounding Cyber Crime and Threat Intelligence.
The agenda for the evening was:
- A talk from Rob Pugh on “Cybercrime – The Police’s View”
- Discussion on Threat Intelligence
- IISP East Midlands: How do we move forward?
5 Key Takeaways
Cybercrime – The Police’s View
Rob Pugh from EMSOU’s Cyber Crime unit presented an on-the-ground view of crimes that are being reported and investigated. The largest area of reported crime is related to Ransomware. In EMSOU’s experience, many businesses they visit have insufficient plans in place to deal with a Ransomware incident. As such, during the crisis when Ransomware hits, mistakes are made that hinder the business’s ability to recover. Businesses should seek professional advice to improve their chances of recovering from an attack.
Report Business Crime to Action Fraud
Action Fraud is the UK’s national reporting centre for fraud and cybercrime. It provides a central point of contact for information about fraud and financially motivated internet crime. They provide an online reporting service that you can use 24/7 to report a fraud or to find help and support. If online support is not your cup of tea, they also provide advice over the phone where you can speak to their cybercrime and fraud specialists on 0300 123 2040.
Good Password Hygiene
Good password hygiene is a crucial step in crime prevention and, in an ideal world, we would have a completely different password for every single account. However, this would be impractical and impossible to remember. Fortunately, there is a plethora of good practice advice from the National Cyber Security Centre when it comes to password management.
At the outset, if there is a well-tested and solid incident management plan in place, the business will be able to effectively recover from a crisis. It is important to ensure that all relevant areas of the business have a role to play within the plan, so should the need arise that the plan must be enacted everyone has a job to do and nobody is asking what they should be doing as they already know.
Securing Remote Desktop
Remote Desktop sessions operate over an encrypted channel, however, there is a vulnerability in the method used to encrypt sessions which are commonly used as a successful attack vector. It is advised that a double check is made to ensure that there are suitable controls in place (or block totally) for any inbound RDP (Port 3389) traffic, to ensure that this cannot be exploited in an attack.
The IISP run quarterly meetings in the East Midlands – contact us to learn more.
Open to all security professionals – members or not!
Author Bio - Colin Robbins
Colin Robbins is Nexor’s Managing Security Consultant. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP) and Security Auditor (Senior CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.
Be the first to know about developments in secure information exchange