Information Security Breaches 2012 - Questionnarie

Research is currently being undertaken to identify information security breaches for 2012. Below is a link to a questionnaire, this is being conducted by infosecurity - Europe, in association with the department for Business, Innovation and Skills (BIS) and PricewaterhouseCoopers LLP.

Questionnaire Link - Click here

Last year I went to the infosecurity EUROPE conference and exhibition and I have to say the presentation and format of the exhibition is very good and was probably the best large scale exhibition I visited. It's on the same time as Counter Terror Expo 2012 and although very different is well worth going along if you like security technologies of a differing sort.

  

Security Threat Report 2012 - Hacktivism, Cybercriminals and Malware

Foreword by Gerhard Eschelbeck, CTO, Sophos

Over the past year we in the IT security industry have seen a growing awareness of the work we do.

In 2011, a number of highly visible cyberattacks made news headlines around the world, but the underlying problem affects us all. It seems that the cybercriminals are getting bolder in their attacks as the availability of commercial tools makes mass generation of new malicious code campaigns and exploits easier. The net result has been significant growth in volume of malware and infections.

And for 2012, I anticipate growing sophistication in web-borne attacks, even broader use of mobile and smart devices, and rapid adoption of cloud computing bringing new security challenges.

The web will undoubtedly continue to be the most prominent vector of attack. Cybercriminals tend to focus where the weak spots are and use a technique until it becomes far less effective. We saw this with spam email, which is still present but less popular with cybercriminals as people deploy highly effective gateways. The web remains the dominant source of distribution for malware —in particular malware using social engineering, or targeting the browser and associated applications with exploits. Social media platforms and similar web applications have become hugely popular with the bad guys, a trend that is only set to continue.

Click above image to read
full the report

The rapid inflow of consumer-owned smartphones and tablets is causing significant security challenges for many organizations. IT departments are being asked to connect devices to corporate networks and secure data on these devices, which they have very little control over. Due to the high degree of mobility, security requirements are plentiful, including enforcement of use policies, corporate data encryption, access to corporate networks, productivity/content filtering, and of course malware protection. The unique nature of modern form factors (in terms of processing power, memory, battery life) requires rethinking of security and defense mechanisms.

Cloud computing is one of the most significant revolutions in delivering software applications to users, and can significantly improve the effectiveness and manageability of security solutions—web security, data protection, or even endpoint and mobile security managed via the cloud are great examples. The service model takes the burden of managing applications away from the user, but introduces new issues of security and privacy for data at rest and in transit.

Protecting data in a world where systems are changing rapidly and information flows freely introduces a whole new set of people, process and technology challenges, reinforced by enhanced scrutiny by compliance and regulatory bodies. As we all radically reform the way we communicate and share data, we can expect cybercriminals to hook themselves into these systems to tout their nasty malicious code.

With this edition of the Sophos Security Threat Report, we want to share our latest research on hacktivism, online threats, mobile malware, cloud computing, and social network security. And we offer a look ahead to the coming year.

Best wishes,

Gerhard Eschelbeck

CTO, Sophos

Looking Back, Looking Forward - The Security Highs and Lows of 2011

So what happened last year? Well apart from it flying past, for us at Chatback Security it has been a great 2011. We successfully continued our efforts to offer opinions on security risks and threats and have now built up a steady readership and loyal following.

January was kicked off with a promise for us to be more active on the blog and introduce Fraud and other topics. This proved succesful in 2012:

7000 blog readers (55% up on 2010)

3500 unique visitors

4000 tweets via @securityspeak and @chatbacksy

2500 twitter followers

Readers from over over 50 countries

February saw scam awareness month and we also received a couple of emails asking for us to claim our lottery winnings, all we had to do was supply our bank details apparently?! It’s amazing how email addresses get identified by scammers for this type of contact (its even more amazing that people fall for these scams). 

The MPS kicked off a new counter terror publicity campaign asking for people to look out for unusual activity or behaviours that might strike people as not quite right and out of place in their normal day to day. Just one piece of information could be vital in helping to disrupt terrorist planning and, in turn, save lives. If you see it, report it.

March saw us talk about the HOSDB INSTINCT exhibition which considering this exhibition is designed largely for law enforcement and government agencies was actually quite interesting and food for thought when considering the future applications that could find there way in to our airports and hopefully other environments. 

The ‘Insider Threat’ came all too true with a British Airways software engineer being sent down for 30 years after being convicted for plotting to blow up a plane. This particular topic is close to our hearts and seems to have fallen off organisations radars a bit and it's not being discussed as much as it should be. 

April was the month that the Centre for Protection National Infrastructure (CPNI) released a 'Public Realm Integration' document which although it looked like it had been designed by Saatchi & Saatchi it still offers some very good information about when and what you should consider when deploying any Hostile Vehicle Mitigation in the public realm.


May brought us our 1 year celebration of the blog and the introduction of the Stuxnet, the Future of Malware posting.

Paul celebrated our first year with a posting on Insider Threats.

June saw me and Paul enter and successfully complete the 26 mile London Bikeathon in support of a charity close to both our hearts ‘Leukaemia and Lymphoma Research'. We were very kindly supported and sponsored by our new friend in the US Brad Apitz (please follow him at @BradCHSV) who helped us raise over £500 in sponsorship. Thanks again Brad. 

I presented at The 8^th Annual CISO Summit in Rome which was attended by a very experienced audience. I must have done ok because the organisers invited me to speak and chair a panel on social mediasecurity risks at the CSO later in the year. I have a lot of time for MIS Training and will be sharing more news, events and speaking opportunities throughout the forth coming year, so keep an eye on our events page. 

Towards the end of June we both attended The Security Institute’s Annual Conference.  

June also saw the introduction of The National Security Workers Union (NSWU) in the UK.

July saw a couple of guest bloggers posts and the Home Secretary Theresa May announced the terror threat level for the UK has been reduced from severe to substantial. However, a terrorist attack still remains a strong possibility and may well occur without further warning, she went on to warn. Mrs May said: "The change in the threat level to substantial does not mean the overall threat has gone away - there remains a real and serious threat against the United Kingdom and I would ask the public to remain vigilant." January 2012 we remain at ‘substantial’.

August we took leave and you do not want to know where or what we did because that is boring.

September saw us post a summary of the GMB report on From Workplace Watch To Social Spy: Surveillance In (and by) The Workplace.

October brought us National Identity Fraud Prevention Week (NIDFPW), which over the last seven years has helped consumers and businesses alike to fight identity fraud. NIDFPW brings together partners from both the public and private sector to contribute their resources and experiences to help UK businesses and consumers protect themselves against identity fraud. Research commissioned by Fellowes for the campaign has shown that consumer confidence is at an all time low, with 96% of people concerned that the organisations they deal with aren’t treating their data responsibly.

November saw the UK government announce The New Cyber Security Strategy, I attended the Chief Security Officer (CSO) Summit in London where I presented on Security Assurance and chaired a panel session on social media security risks and it was also Get Safe Online Week 2011 (7th - 11th November 2011) What is Get Safe Online Week? Well if you missed it, it’s an annual event to raise awareness of internet safety issues. They reach out to consumers and small businesses through competitions, events and communications activity and to businesses and organisations through their annual Get Safe Online Summit to find out the latest updates or join us and follow them on Twitter @GetSafeOnline for all the latest news. Finally Chatback Security was approached after being recognised as known and influential security bloggers (get us) to participate in the Cyber security Challenge UK 2012 as journalists.  Watch this space we will be talking all about it.

December saw the MPS launch a dedicated police unit to tackle Metal theft, Anonymous were at play again, attacking Stratfor (the website is still offline) and my son’s first published photos to support the 4x4 crime prevention posting by Paul. Our recent posting by Infosec Island was posted at the end of December and still worth a read on security risk management and it’s not all about assessment.

Happy New Year.... 2012 is here so what does it hold for us personally and professionally. Well firstly, more of the same but different, if that makes sense. The year starts with us attending the first round of the Cyber Security Challenge UK. The first 5 months see me being invited to speak at the Information Security Executive Summit in Richmond, UK, Counter Terror Expo in London, CISO Summit 2012 in Prague and the Fraud Corruption Africa Summit in Zanzibar and then of course is the Olympics, London 2012.  


Some of the threats and risks on the horizon that are going to require some effort in combating are:

• Continued trend in metal theft (cabling, ornate statues, church roofs etc), hopefully some change in legislation also around the selling/buying of scrap metal
• Protection of our critical infrastructure (in paricular SCADA systems)
• Hackivism 
• Insider threats
• Olympics (surprise surprise) 
• Under valuing physical security measures (?too much focus on cyber threats maybe)
• Large scale scams and frauds 
• Recruitment of the right security people at the right time

We seek to enhance our relationships with @GetSafeOnline and London Fraud Forum (LFF) and Paul will continue with his work in the Security Institute whilst I intend to work closer with London First who kindly invited us to seminars and events on the Olympics and Cyber Crime.

We are always looking for new areas of interest and guest bloggers or supporters, if you feel we (or you) can contribute to your ideas please let us know via chatbacksecurity@gmail.com or contact either of us direct via LinkedIn (Richard or Paul).  

In the meantime we wish you a very safe, secure and prosperous Olympic new year and look forward to staying in contact with all our friends and supporters. 

Thanks and enjoy. Richard 

Cyber Security - Hacked Stratfor Security Think-Tank Keeps Site Offline

Date: 29 December 2011 

Source: BBC News

Hacked US security firm Stratfor has told its subscribers that it may take a week or even longer to restore its website. The site went offline on 24 December.

Hackers have posted credit card details, email addresses, phone numbers and encrypted passwords which they said were taken during the attack.

Participants in the hacktivist group Anonymous are

 using Twitter to provide more detail 

about the attack

Stratfor has said it will pay for a credit card fraud protection service for members whose payment details might have been compromised by the breach.

Tweets posted on accounts linked to the hacktivist group Anonymous said that the US Department of Defense, the defence firm Lockheed Martin and Bank of America were among Stratfor's clients.

A recent message posted by @YourAnonNews added that other parties affected by the hack included Google, American Express, Coca-Cola, Boeing, Sony, Microsoft and the mining group BHP Billiton.

Protection
An email from Stratfor to its subscribers said: "At our expense, we have taken measures to provide our members whose credit card information may have been compromised with access to CSID, a leading provider of global identity protection and fraud detection solutions and technologies.

"We have arranged to provide one year of CSID's coverage to such members at no cost.

"As part of our ongoing investigation, we have also decided to delay the launching of our website until a thorough review and adjustment by outside experts can be completed."

The identity theft prevention service Identity Finder has carried out its own analysis of details posted online about hacked clients whose names fell between A and M. It suggested that the attack netted:

• 9,651 unexpired credit card numbers
• 47,680 unique email addresses
• 25,680 unique telephone numbers
• 44,188 encrypted passwords of which roughly half could be "easily cracked"

This list is expected to grow if the hackers publish details of the N to Z list.


Donations

A tweet posted to the account @AnonymousIRC on 25 December claimed that $1m (£650,000) had been taken from the hacked accounts and had been given to charity.

Participants in Anonymous have subsequently posted screenshots which allegedly show money being transferred to the charities Red Cross, Save the Children and Care.

The organisations will have to return the money if credit card owners report the charges as being unauthorised. Some supporters of the Anonymous movement have also expressed concern that the charities could theoretically be charged a fee for the return of the transactions.

Anonymous Twitter accounts have also hinted that the hackers planned to release details of emails harvested in the breach, adding that "Stratfor is not the 'harmless company' it tries to paint itself as.

Stratfor could not be reached for comment. However a video posted by Fred Burton, its vice president of intelligence, to YouTube promised to provide updates "as more details become available" and offered details about the credit card protection scheme.

BBC News

Update - Your chance to win a iPad 2: Cybersecurity Conference & Expo – Washington, DC (10% discount via Chatback Security)

3rd December Update:

We wanted to give you an exciting new update about a new promotion where people can receive a 10% discount off their Cybersecurity Conference registration. Plus- if registrants attend the event on Thursday, Dec. 8, they'll be entered to win an iPad 2! Click here for more information http://on.fb.me/GovCyberiPad

Previous Message:

The Cybersecurity Conference and Expo is coming up on December 8-9 in Washington, DC - delivering in-depth training for government practitioners and essential networking opportunities with government and industry leaders at the forefront of cybersecurity initiatives.

It will bring together government and private industry to learn about advanced technologies and strategies addressing global information security threats.

The 2-day conference will offer insights and education on topics including: 

• The latest threats and solutions, risk mitigation, cyber espionage and the pillaging of American technology
• The business aspects of cyber - calculating ROI, cybersecurity investment strategy, education and training

The full brochure is available here.

A great list of industry experts -
click to expand (then you might be able to read it!)

Are you prepared to tackle the evolving cyber threats? The Cybersecurity Expo provides unique solutions for government agencies to manage cybersecurity programs and mitigate the risks of cyber attacks.

This looks like a fantastic opportunity to meet industry experts and to keep upto date on the latest technology and threats in the cybersecurity arena.

It's too far for me to travel unfortunately but if you are interested in attending you can receive a 10% discount via here.

GCHQ attracts wannabe spies with viral cryptography

The GCHQ -- Britain's secretive agency of intelligence experts wants to find new spies. To make sure it has a candidate who's up to scratch, the agency is inviting hobbyist cryptanalysts to try and break a code online.

A website called "can you crack it" is being spread via a viral campaign around social networks like Twitter and Facebook. The site shows a seemingly-senseless jumble of 160 pairs of numbers and letters, and a box to enter some kind of answer.

By: Mark Brown, Edited by: Duncan Geere

Continue reading...

The New Cyber Security Strategy

The government has announced new measures to fight cyber crime, to promote economic growth and to protect our nation’s security and our way of life.


To specifically tackle the increased risk the UK electronic communications network faces from other countries' intelligence agencies and hackers.

These latest measures are part of a £650 million (over 4 years, so dont get too excited) drive to deal with cyber threats and develop responses to intrusions and attacks.

The intelligence agency GCHQ is to receive around £385m of the total budget to develop its ability to detect, defend and fight back online.

The government says there are more than 20,000 malicious emails sent to its networks each month, 1,000 of which are deliberately targeted.

A new police Cyber Crime Unit will be formed alongside a team at GCHQ which will fine-tune the country's military online capabilities, and a joint initiative between the public and private sector will also be launched to deal with cyber threats.

Individuals will be given more help to protect themselves, amid a warning from GCHQ that 80% of successful attacks could be thwarted by following simple steps like updating anti-virus software regularly.

Will it make a difference or is it just another excuse for a 'team of professionals' who do little and achieve even less....well let's wait and see in a years time when government will report on their progress?

If you have the time the new cyber security strategy documents can be read via the below Cabinet Office links.

• The UK Cyber Security Strategy (pdf, 1.1mb)
• The UK Cyber Security Strategy - Written Ministerial Statement (pdf, 50kb)

A vision for UK cyber security in 2015

FBI’s Robert Mueller Reflects On The Escalation Of Insider Threats

This is a really interesting account from the Director of the FBI. It demonstrates his top priorities, details some recently publicised incidents and explains how the threats from terrorism, espionage and cyber attacks are evolving.

I think we sometimes forget the excellent work that law enforcement and intelligence agencies carryout on a daily basis to protect us all, and this applies both at home and abroad.

It's quite lengthy (but well worth a read) so I have included a link to the source document, click here.

8th Annual CISO Summit Rome 2011

Day One - Cyber Crime Risk

Following the Cloud Summit day one of the 8th Annual CISO Summit and Roundtable starts with Detective Superintendent Charlie McMurdie, Head of the Police Central e-crime Unit (PCeU). Providing an overview of the National approach to cyber crime programme. 'National harm, national impact' and briefly shares some limited details on several success stories on arrest operations.

Don Randall, Chairman of the 'Sister Banks' gives his opinion on some of the threats as he sees it and some opportunities to engage with all levels of staff.

Mike Maddison and Sir David Pepper from Deloitte raise the level with Cyber risk should be at board level.

A very interesting and dynamic presentation by Michael Colao, Head of Information Security at Beazley on Insuring against cyber security risks.

And now for the break and expresso.

Back from a break and now it's Don Randall MBE, Master of The Worshipful Company of Security Professionals who announced yesterday (7th June 2011) the first ten Registrants have been admitted to the new Register of Chartered Security Professionals who is chairing the panel on 'Advanced persistent cyber threats and critical infrastructure protection'.

Amongst the panelist are Charlie McMurdie, Jim Reavis of Cloud Security Alliance, Eddie Schwartz newly appointed Head of Security at RSA who got a big laugh at his introduction of company. So far we talked about Olympics, 7/7, cyber crime and data loss but obvisouly no public comments on the current RSA issues, to soon me thinks.

Very informative discussion from the panel and nicely rounds off the first part of the days proceedings. A final presentation from one of the sponsors Courion then it's lunch and more expresso.

Now back from lunch, which incidentally was good I especially love the fact wine was on the table. You've got to admire the Italians approach to eating.

Next up is the turn of Dr Simon Singh on 'The science of secrecy' which was fascinating and inspired by that presentation I've decided to leave and concentrate on my own presentation for tomorrow on Combating and Managing Security Risk through Security Assurance.

I have been very impresses with the quality of the presenters and MIS Training who organised the event no it's off to sponsored drinks and dinner in the centre of Rome somewhere. More tomorrow and my turn in front of this very experienced audience.

Day Two - Security Governance

The second day starts for me with a presentation on Beyond the Cloud by the very entertaining Ray Stanton of British Telecom and there was some funny moments between him and the chair Marcus Alldrick CISO Lloyds.

Next up Dr John Meakin from BP discussing BP's approach to information security.

Lunch and wine complete now back with a presentation by Nils Puhlmann co-founder and CSO of Zynga who created Mafia Wars and other similar games and apps talking about security innovation - are we keeping up.

Next the Technology challenge of identity and access intelligence by my new friends and tour guides at Whitebox Security. Shlomi Wexter discusses. Very passionate and interesting talk.

CISO 'Think Tank' up next. Time for me to prepare for my presentation on Security Risk and Assurance.

Presentation delivered, off for a quick meeting about planning the Round Table slot, drink then dinner.

Final full day for me tomorrow, will be busy with the Round Table section of proceedings, then travelling home so will hopefully will post a wash up in the next couple of days.

Day Three - Round Table

This is the part of the event that more and different people that haven't been at the summit turn up especially for this discussion. This is the opportunity for any and all to be involved in the questioning and challenging today's issues through a series of pre prepared and supplied questions by the audience. This is also the first time I have been invited to do something like this so I am very much looking forward to assisting in facilitating the day.

Unfortunately I cannot say too much about the content as we all promised up front to be discreet ('Chatham House Rule' apply) or more simpler, The first rule of the Round Table is you do not talk about the Round Table, the second rule of the Round Table is ...... well you can see where I am going with that so I'll stop there. Nothing further to report only that I have been very surprised by the fact I've actually learnt a few new things and met some interesting people which I intend to keep in touch with and as conferences go that doesn't happen very often, of course the food and wine was typically Italian . Ciao per ora. Richard


Posted by Richard using BlogPress from my iPhone

"Stuxnet – The Future of Malware"

Click on the above to view
Stephan's presentation

Stephan Freeman is Information Security Manager at the London School of Economics and he recently presented on this subject at the Information Systems Security Association (ISSA) in Dublin.

For further details on Stephan please checkout his very informative blog or follow him on twitter @stephanfreeman



Scam - HMRC Tax Refund Phishing Email

A friend of mine recently received the phishing email below. The hypelinks at the bottom all go back to the main www.hmrc.gov.uk website, however the link that says 'Click Here' actually goes to http://al-dammas.com/tmp/awstats/hmrc/hmrc/refundportal.htm this website has now been suspended but be cautious if you receive an email advising you that you are due a refund!

Further examples of HMRC phishing emails can be found here

Guest Blogger: Cyberwar Meeting in European Parliament with NATO's Jamie Shea

This post was written by Reza Rafati - CEO Cyberwarzone.com and he has given us his permission to post it on Chatback Security. Reza recently responded to our request for guest bloggers and what a prefect way to kick things off as Cyber Security is a specialism that we do not profess to know much about!

Cyber Security is now recognized as a high risk priority by governments across the globe. This is supported by the fact that the UK Government’s Strategic Defence Spending Review which diverted key funds away from traditional areas of spending to the protection of the UK’s critical national infrastructure from the cyber threat.

There is no winner in Cyber warfare

The importance of this shift to a greater focus on Cyber Security was given highlighted by the discovery of STUXNET, the first example of a ‘cyber weapon’ designed to attack an aspect of a nation’s critical national infrastructure.

The Meeting

The Cyber Security meeting was a great success. At the start of the meeting there were some technical issues with the microphones, but who cares? We want to discuss Cyber warfare! And so we did.

Strategies

The discussion started with the NATO strategies issue, it was about which options does a country have when it is under attack by a force?

This was a very delicate issue because what is Cyber warfare is? Well we speak of Cyber warfare at the moment that a country has declared war to the country. So when a country or a force attacks another country without a declaration of warfare it is not Cyber warfare.

The act of attacking without a declaration of war is classified as Cybercrime. This makes it hard to retaliate because there is no war declared. The next issue that comes along is the fact that even if we do reply with an attack, we could take down an hospital and then we are speaking of collateral damage. Because the aggressor used the hospital network to attack, we retaliate against the hospital.

We will need a global understanding & perspective about the Cyber war attacks.

Cybercrime is like a paradox. There is no hierarchical system

Nightmare of all problems

After an attack (Stuxnet) there are certain points that need to be checked and controlled. You will have to look after :

 - How did they penetrate the systems

 - You will have to clean the systems

 - The disruption it caused

 - Exploits ?

 - The mental stress it causes.

Regulate

The cyberspace needs to be regulated, but how do you want to regulate the internet while it can't be regulated by a single regulator. Because when we look to the internet we see it as no man’s land (law of the sea), but in fact it is somebody's property, it could be from the government, companies or from civilians.

Transparency

So the world has to agree for transparency. If we need help or information regarding Cyber security the countries should provide them.

But at the moment there is no transparency, think of the Estonia and Russian conflict.

A Finnish expert, told the Helsingin Sanomat newspaper that it would be difficult to prove the Russian state's responsibility, and that the Kremlin could inflict much more serious cyber-damage if it chose to. source

Open issues

 - The internet traffic regarding Cybercrime has increased rapidly.

 - How can a behaviour code be created to use the internet legitimate.

 - If there is an attack going on, and you want to retaliate how will you get the attribution of proof?
 - How can we make retaliation possible?

 - Who is responsible ?

 - What can we do against sponsored cyber attacks?

 - How can we prevent extremists from recruiting people from the internet?

 - At a certain point defence will catch up with offensive behaviour

 - Creating a global cyber war response team

If I would shutdown a honey pot because there is a "cyber war" going on, it could affect over 500 servers. And that is the reason why you can't retaliate, because you don't know were the bodies will show up.

Author: Reza Rafati

Twitter name: @cyberwarzonecom

Website: http://www.cyberwarzone.com/

Insider Threat Most Costly for Organisations

This article was originally posted by 'The New New Internet - The Cyber Frontier' and can be found here. There is also a powerpoint presentation summary of the survey results.

A new cybersecurity survey found that cyber attacks perpetrated by so-called “insiders” — those with inside knowledge or authorised access — are viewed as the most costly and damaging to an organization. 

The 2011 CyberSecurity Watch Survey conducted by CSO magazine and sponsored by Deloitte found that 33 percent viewed inside attacks as more costly, an increase of 8 percent over last year. The survey reports that while more attacks are caused by outsiders (58 percent), the insider threat is becoming increasingly sophisticated.

The use of rootkits and other hacker tools by insiders jumped from 9 percent last year to 22 percent this year.

Aside from the monetary losses, the insider threat could tar an organization’s reputation, disclose confidential or proprietary information or disrupt critical systems — all of which can be “difficult to quantify and recoup,” the survey finds.

And, even with insider threats likely only to grow, the public is often left in the dark. That’s because about 70 percent of insider attacks are handled by the organizations with no official legal action taken.

“Technical defenses against external attacks and leakage of well-formatted data like social security numbers and credit card numbers have become much more effective in recent years,” said Dawn Cappelli, technical manager of the Insider Threat Center at CERT, the federal agency tasked with monitoring cyber threats. “It is a much more challenging problem to defend against insiders stealing classified information or trade secrets to which they have authorised access or against technically sophisticated users who want to disrupt operations.”

The report also found that, overall, cyber attacks are on the rise. Twenty-eight percent of respondents said have seen an increase in the number of events, according to the study.

But, while attacks are increasing, they are not as financially damaging as in previous years, likely because of strategic and proactive steps that organisations are taking.

Get Safe Online - If you do nothing else, read this!

Beginner's guide

The internet is great. People like to email, chat and have fun online. We also use it to buy and sell things, do our taxes or bank online. The problem is online criminals. To make money, they want to hijack your PC, rip you off and steal your identity.

Prevention is better than cure and GetSafeOnline.org can help. This is just a high-level overview, but the site has detailed advice that will explain it all.

Protect your PC

•  Get anti-virus software, anti-spyware software and a firewall
• Keep your computer up to date
• Block spam emails
• Use an up to date web browser
• Make regular backups
• Encrypt your wireless network

Avoid online rip-offs

• When you’re shopping online, look for clear signs that you’re buying from a reputable company
• On an online auction site, learn how it works and learn to pick good sellers
• Use safe ways to pay, such as PayPal or credit and debit cards
• Use your common sense to avoid scams – if it sounds too good to be true, it probably is

Take care of your identity and privacy

• Avoid identity theft by using an up to date web browser and blocking bogus emails with a spam filter
• Always use strong passwords
• Don’t give away too much personal information on blogs and social networking sites

Get Safe Online Week 15th to 19th November

A joint initiative between the Government, law enforcement, leading businesses and the public sector. Thier aim is to provide computer users and small businesses with free, independent, user-friendly advice that will allow them to use the internet confidently, safely and securely.

Securing Britain in an Age of Uncertainty: The Strategic Defence and Security Review

The Government has published its Strategic Defence and Security Review: Securing Britain in an Age of Uncertainty [PDF, 800KB] which sets out how it will deliver the priorities identified in the National Security Strategy [PDF, 375KB]. It describes how HMG will equip our armed forces, our police and intelligence agencies to tackle the threats we face today and in the future.

National security is the first duty of Government. Britain as a country continues to have global responsibilities and global ambitions. We will remain a first rate military power.

National security depends upon economic security, and vice versa. Bringing the defence programme back into balance has required some tough decisions but is a vital part of both how we tackle the deficit and how we protect our national security.

Faced with these challenges, the Government has been determined to make the right decisions for the long term defence and prosperity of the country.

This Review will equip the UK with modern defences: Armed Forces and equipment fit for the 21st century; strong security and intelligence agencies; and diplomats and development aid which can help us prevent threats before they become a reality. We will double the amount of aid we spend in conflict countries, tackling threats at their source.

We will continue to invest in our security and intelligence agencies. And we will establish a transformative national programme to protect ourselves in cyberspace, backed by £650m of new funds.

Counter Terror Conference 7-8 December, Russell Square, London UK

On the 7th & 8th December 2010 at Hotel Russell in London, Richard is attending and presenting.

Counter Terrorism is delighted to welcome the following keynote speakers: 

• Detective Chief Superintendent Liam O’Brien, ACPO TAM Interoperability Lead
• Adrian Dwyer, Counter Terrorism Risk Advisor, British Transport Police
• Mike Downing, Deputy Chief, Counter Terrorism and Criminal Intelligence Bureau, LAPD
• Andrew Huddart, Program Manager, National & Local London Resilience Team
• Rob Bartlett, Programme Manager Operations, Government Olympic Executive 2012
• Sue O’Sullivan, Deputy Chief of Police, Former President of the Counter Terrorism Alumni Association, Ottawa Police Service
• Col Tony Abati, US Army Special Forces Chief of Current Operations Deputy Director for Special Operations (J37) 3000 The Joint Staff, The Pentegon
• Detective Chief Inspector Chris Philips GCGI, FSyl, National Counter Terrorism Security Office (NaCTSO)
• Superintendent Alan King, CBRNe Co-ordinator, Metropolitan Police
• Joris De Baerdemeaker, Bio Terrorism Prevention Program Manager, INTERPOL General Secretariat
• Chief Inspector Tim Marjason, Strategic Business Continuity Manager, CO3 Emergency Preparedness OCU, Metropolitan Police Services
• and Me, Richard Bell, Security Audit Manager, Transport for London

This Counter Terrorism 2010 Conference, is being billed as an essential event for all counter terrorism stake holders wishing to hear the latest on the following:

• Expanding the use of scanning devices outside of airport security
• Operational command and control
• Overcoming communication challenges to improve response times
• Operational feedback from anti terror CCTV
• Future requirements for surveillance technology
• Combating the emerging threat of cyber terrorism
• Latest developments in biometric identification