Event security remains an ever-growing concern. Public events have been the targets in the past, meaning security leaders have tightened event safety procedures. Large events, such the Super Bowl, often require additional security to keep entertainment, staff and guests safe throughout the event. However, large events can also become targets for phishing and other cyberattacks. As security leaders plan and enforce an event’s physical safety measures, an event should prepare an equally thorough cybersecurity plan. 

Rafal Los, Head of Services GTM at ExtraHop, shared his thoughts on stadium cybersecurity ahead of the Super Bowl:

What threats should security leaders watch out for during the Super Bowl?

“As with any big public events, hackers will exploit the event to try and drive users to click on or open malicious links or items. Phishing using Super Bowl themed content will likely be prevalent. Hackers count on people getting caught up in the hype of the sporting event to let their guard down and click on something that looks like it came from a friend or other trusted source, with some tie-in to the event. The inevitable goal is one of the same few — get you to divulge your credentials to something like Office 365 or your bank or install malware or ransomware on your computer.”  

IMMEDIATELY PRIOR to the Christmas recess in Parliament, Oliver Dowden (Chancellor of the Duchy of Lancaster) announced that surveillance equipment “produced by companies subject to the National Intelligence Law of the People’s Republic of China” must no longer be deployed at sensitive Government sites. Civil liberties campaign group Big Brother Watch has subsequently urged the Government to expand this planned safeguarding measure across the board.

Dowden’s statement – also reiterated in the House of Lords by Conservative Life Peer Baroness Lucy Jeanne Neville-Rolfe – begins: “The Government keeps the security of its personnel, information, assets and estate under constant review. In this context, the Government Security Group has undertaken a review of the current and future possible security risks associated with the installation of visual surveillance systems on the Government estate. The review has concluded that, in light of the threat posed to the UK and the increasing capability and connectivity of these systems, additional controls are required.”

The statement continues: “Government Departments have therefore been instructed to cease deployment of such equipment at sensitive sites where it’s produced by companies subject to the National Intelligence Law of the People’s Republic of China. Since security considerations are always paramount around these sites, we are taking action now to prevent any security risks materialising.”

Dowden adds: “Additionally, Government Departments have been advised that no such equipment should be connected to departmental core networks and that they should consider whether they should remove and replace such equipment where it is deployed on sensitive sites rather than awaiting any scheduled upgrades. Departments have also been advised to consider whether there are sites outside the definition of sensitive sites to which they would wish to extend the same risk mitigation.”

In conclusion, the statement reads: “Government will continue to keep this risk under review and will take further steps if and when they become necessary.”

Read the full story here

AN INTERNATIONAL one-stop spoofing shop has been taken down in what is the UK’s biggest-ever counter fraud operation led by the Metropolitan Police Service. More than 200,000 potential victims in this country alone have been directly targeted through the fraud website iSpoof. At one stage, almost 20 people every minute of the day were being contacted by scammers using the site and hiding behind false identities.

The scammers posed as representatives of banks including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, NatWest, Nationwide and TSB. Scotland Yard’s Cyber Crime Unit worked with international law enforcement, including authorities in the US and Ukraine, to dismantle the website. This was a crucial phase in a worldwide operation, which has now been running out of the public eye since June last year in targeting a suspected organised crime group.

iSpoof enabled criminals to appear as if they were calling from banks, tax offices and other official bodies as they attempted to defraud victims. Those victims are believed to have lost tens of millions of pounds, while those behind the site earned almost £3.2 million in one 20-month period.

Detective Superintendent Helen Rance, who leads on cyber crime for the Metropolitan Police Service, explained: “By taking down iSpoof, we have prevented further offences and stopped fraudsters targeting future victims. Our message to criminals who have used this website is that we have your details and are working hard to locate you, regardless of where you are.”

Metropolitan Police Service Commissioner Sir Mark Rowley commented: “The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st Century. Together with the support of partners across UK policing and internationally, we are reinventing the way in which fraud is investigated. The Metropolitan Police Service is targeting the criminals at the centre of these illicit webs that cause misery for thousands.”

Rowley added: “By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows precisely how we are determined to target corrupt individuals intent on exploiting often vulnerable victims.”

BUSINESSES WILL face a historically broad and deep set of risks in 2023, posing interconnected and existential threats across geographies and sectors. That’s according to specialist risk consultancy Control Risks.

Launching its annual Risk Map forecast featuring the foremost for business, Control Risks has pointed to a combination of fractious geopolitics, armed conflict, disrupted energy systems, economic strife and disarray in digital networks during the coming year, with cyber risk at the top of the agenda.

In 2023, we can expect the emergence of a fundamental breakdown of global networks into distinct regional or even national architectures, caused by the ‘weaponisation’ of cyber space and a clash of national interests. The ambition of operating a single, global network will be significantly challenged.

Enabled by an expanded attack surface and a significant increase in automation across the entire spectrum of cyber threats, the cyber arms race will accelerate in 2023. In parallel to this ‘weaponisation’, nation states are looking to exert more control over what some have already defined as their national cyber space. Network and system resilience will be tested like never before.

Fragmenting world order

Nick Allan, CEO at Control Risks CEO, asserted: “In the fragmenting world order, the weapons of choice for many states will be found in the cyber sphere. This will either be through the spread of disinformation, aided by improving deepfake technology, or through cyber attacks or both.”

As a business operating in both the geopolitical and cyber arenas, Control Risks can see very clearly the direct correlation between geopolitical tensions and cyber aggression. “An element of uncertainty and fear provides a level of state-versus-state deterrence,” observed Allan, “but corporates find themselves as easier targets for proxy and real wars. This is made worse by the transfer of military-grade cyber capabilities to criminal or radicalised groups.”

Further, Allan explained: “2023 will see more geopolitical and economic volatility accompanied by operational challenges in energy and digital networks. The increasingly apparent effects of a changing climate will add additional stresses and strains. Resilience, insight and courage will be the watchwords for business in the year ahead.”

Supporting the top risks for 2023 is a new map, the Global Risk Forecast. This shows an holistic business risk rating for the countries of the world that draws on a selection of risks. The composite score includes Control Risks’ political, security, operational, regulatory, cyber and integrity risks and encompasses a range of environmental, social and corporate governance-related risks.

Each rating reflects Control Risks’ outlook for overall risks to business to the end of 2023, taking into account known or anticipated trends and developments that could impact the business environment.

Read The Full Story Here.

THE SECURITY Research Initiative (SRI) has just published its latest report. Entitled ‘The Role of Security in Influencing the Budget’, the aim of this latest research study – sponsored by Axis Communications, Bidvest Noonan, interr, M&S, Mitie, OCS, PricewaterhouseCoopers, the Security Industry Authority and Sodexo – was to explore the extent to which security managers are able to influence the security budget, whether (and why) this matters and how greater influence can be attained.

Results are based on the views of security professionals from both in-house and contract positions (predominantly those currently in a ‘security manager/director’-type role), collected via an online survey in addition to in-depth interviews.

The survey outcomes make for particularly interesting reading. 76% of those security professionals surveyed agreed that being able to influence the budget is key to delivering good security. Influence over the budget was considered important for several reasons. It’s deemed to afford status to security in discussions with other departments, in turn enabling security advice and proposals to commonly be listened to, while also helping to direct the allocation of resources using relevant expertise.

A lack of influence here means that security managers cannot purchase basic and essential resources or plan effectively, duly resulting in security decisions being made by non-security experts.

Levels of influence

Some 51% of respondents in a current security management role had a high level of influence on the budget. 10% were ‘not involved’. 46% of security managers/directors thought that their current budget was ‘insufficient’ (42% thought it was ‘sufficient’). Unsurprisingly, those with the highest levels of influence over the budget were the least likely to view it to be insufficient.

Reasons for the budget being considered less than required included the belief that the budget allocated did not reflect the risks faced and didn’t cover key areas such as training, travel, basic equipment and contingencies. Teams were understaffed, rising costs are not covered and it’s often a case of being asked to provide more for less.

The chances of being allocated an appropriate budget were improved if the security function was seen as being core to business (86% of respondents agreed on this assertion), an organisation understands its security threats and risks (85% agreed) and/or the security team has a high status (83% agreed).

Research participants highlighted a number of ways in which security managers can become influential. For example, they can relate security spend to reducing business risks and improving operations, highlight the dangers and risks in not meeting objectives, ensure the risk owner understands and accepts the implications/risks and use data to underpin the fact that arguments are evidence-based. Further, they can link physical security spend to cyber security (where the latter is is viewed as a greater priority, thereby attracting a bigger budget).

Overall, this latest SRI research underlines the importance of security professionals being able to influence the budget, so too the barriers to them being able to do so effectively.

Read The Full Story Here.