This week’s technology news – 20th March 2015

The Windows 10 launch party welcomes all including pirates

Microsoft has announced that Windows 10 will be launching this summer to 190 countries. A new feature of the system called Windows Hello was also demo’d for the first time. It also lets users log in via fingerprint, face recognition or iris recognition.

To get ready for Windows 10’s big launch party, Microsoft has been teaming up with app service providers worldwide including Chinese internet giant Tencent who will bring their hugely popular (over 32 million active players) online game ‘League of Legends’ onto the Windows 10 store and their QQ social app which has over 800 million active users.

Microsoft sees China as a huge opportunity for Windows 10 and getting companies onboard in providing relevant and highly successful apps, games and services to the Windows 10 store will go a long way to securing Chinese users to upgrade to Windows 10 this summer.

The biggest challenge has always been getting users to adopt genuine Windows instead of pirated versions. Currently two-thirds of all PCs in China run pirated versions, not purchased from Microsoft.

In an unprecedented move, Microsoft will be allowing these ‘non-genuine’ versions of Windows to also be upgraded to Windows 10 for free. Those who do upgrade in this fashion will still have non-genuine, non-supported systems, but will have access to the new features of Windows 10 – most importantly for Microsoft, being the new Windows 10 store where Microsoft takes 30% of all profits made.

Microsoft continues to be very aggressive in its push of the upcoming Windows 10.  It’s strategy of allowing pirated system upgrades and free upgrades in general, is tactically cunning, showing that its first goal is to get as many people as possible using the new system, sooner rather than later and gain maximum marketshare.

windows 10

Amicus ITS explores a trio of cyber security stories in this week’s roundup of technology news:

US healthcare provider Premera not so premier following cyber attack

The FBI were recently called in by Premera Blue Cross, a US non-profit health insurance company which posted revenues in 2013 of $7.6 billion, to investigate a cyber attack on their IT systems which occurred over an eight month period without detection from May 2014.  It is not clear yet how the attackers broke in and the company has not identified how the breach was discovered. However, 1.8 million records were illegally accessed, with medical records, personal data and employee data exposed, as well as any company which did business with Premera Blue Cross.   The data penetrated included:  access to names, dates of birth, addresses, telephone numbers, email addresses, Social Security numbers, member identification number, medical claims information and financial information (though no customer credit card information was held).

This comes on top of another huge cyber attack on Blue Cross Shield insurance giant Anthem, which recently had 78.8 million customer records illegally accessed.

The correct professional PR stance of both Premera and Anthem has been to publish a direct response on the front pages of their websites to try and assuage customer concerns by advising of their remedial steps with their security partners, including offering 24 months of free credit monitoring and ID protection services.

Whether either company will fully regain the trust of their clientele only time will tell, but at least the right reactive steps were taken to tackle the issue head on with its customers.

Premera-logo-jpg

Get me insured – I’m under attack!

The US Department of Homeland Security (US DHS) has started a wholesale review of cybersecurity insurance, as it has emerged that security issues have been marginalised and are not forming a core part of an organisation’s enterprise risk management framework.

Cyber insurance is a relatively new aspect for the financial markets and given the rise in cyber attacks and major data breaches worldwide in recent months, it seeks to offer an olive branch to the financial toll companies can face from the fall out of attack.  However, delivering the insurance is another matter as data to evaluate the threat landscape is thin on the ground.

Senior Cybersecurity Strategist at the US DHS Tom Finan comments:  “Perhaps unsurprisingly, companies are not publicly disclosing their own damages from cyber incidents they’re experiencing….. big data about cyber incidents could be a potential treasure trove that would aid their efforts (to get insured) immensely.”

Meanwhile in the UK, HM Government in its November 2014 summit between Government departments, leading UK insurers, trade and industry representatives and GCHQ, agreed a joint statement to commit industry and government to closer working to develop the UK’s cyber insurance market. They also recognised the role insurers can play in driving improvements in cyber security risk management.  The cyber insurance market report will be supplied to the Cabinet Office in April 2015.  In the meantime, practical measures for businesses to undertake include:

• Detailed insurance gap analysis
• Network security survey
• Security policy review and development
• Cyber risk identification and quantification exercise
• Risk financing optimisation.

Plus, evaluation by experts on internet and network exposures, including:

• Liability: privacy and confidentiality
• Copyright, trademark, defamation
• Malicious code and viruses
• Business interruption: network outages, computer failures
• Attacks, unauthorised access, theft, website defacement and cyber extortion
• Technology errors and omissions
• Intellectual property infringement.

Clearly, Finan adds, “CISOs need to be a central part of any business risk management discussion going forwards,” he said. “And until they do so, businesses will miss out on otherwise more extensive cybersecurity insurance offerings than would otherwise be available to them.”

Insurance-desk-services-bus

World Economic Forum publishes cyber threat risk framework

The World Economic Forum (WEF) launched a new framework in collaboration with Deloitte recently based on resiliency, to help companies calculate the risk of cyberattacks. The risk calculation involves three components:

• An assessment of a company’s vulnerabilities and defences
• The potential cost of data breaches and
• A profile of the attacker

Understanding the risk vs cost is still very difficult even amongst expert voices.  However, it should force Boards globally to sit up and work through the problem, identifying risk areas within their organisation as they try to get inside the mind of a potential attacker.

The lack of historical data required to estimate the probability of attacks from particular types of attackers in particular industry sectors is a stumbling block. However, if, as the WEF have proposed, businesses globally start to openly share information about cyberthreats, instead of burying their shame, all businesses will gain.  Mass learning will ensure companies start to deploy better strategies, policies and more resilient tactics including education, training and staff awareness which can only be a good thing.

Amicus ITS is part of the new Government led UK IT Cyber Security Forum.  Any enterprise seeking advice about major infrastructure security concerns is invited to contact JP Norman or one of the Sales team on 02380 429429.
wef-logo

Samsung and Blackberry team up for new secure tablet     

Blackberry has announced a new tablet called SecuTABLET for the public sector and government use.

The SecuTABLET differs greatly from the company’s only previous tablet, the ‘Playbook’, which launched in early 2011. Unlike the Playbook which ran on Blackberry’s own OS and hardware, this new tablet runs on Android for the OS and the hardware is being provided by Samsung.

Samsung is also providing part of the security with its KNOX security layer which helps separate personal and professional apps and data, by having two distinct modes that the user can switch between.

The now Blackberry-owned ‘Secusmart’ is providing encryption, including an inhouse built secured microSD card, equipped with a range of encryption features.

Finally, IBM is providing a software wrapper for secure apps to keep the data of each app separated and protected from others apps and services.

Altogether the SecuTABLET comes with an impressive list of security features, built on-top of a reliable Samsung tablet foundation – but these do come at a cost. The tablet won’t be available for general consumer purchase – and the reported retail price will be $2,380!   This incredibly high price point makes the SecuTABLET very hard to recommend.

Although the amount of security features is impressive, each of the three core security components seem to overlap in actual usage. Blackberry is going to have an uphill battle convincing organisations to go with one of their new tablets instead of, for the same price, three Samsung tablets with KNOX – or even a Microsoft Surface 3.

secusmart-tablet-640x480

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s