Latest news
Events that defined the European information security landscape in 2012
Posted on 28 January 2013.
The past 12 months have been, to say the least, an active time for the information security landscape in Europe.
Hacktivism stories dominated mainstream media outlets, the public has been learning more about the privacy implications of their actions, and governments realized the complications that can arise from a cyber conflict.
We've reached out to a number of information security professionals all over Europe and here are some of the comments regarding the past 12 months that we've received.
Ligia Adam, Security Evangelist at Bitdefender
"Privacy was a big topic in 2012. Late last year the European Commission launched a proposal to create a new privacy right (the right to be forgotten) enabling users to control what information about them can be available on the Internet. The law was dismissed, as it was perceived as a limitation to the right of free speech and current business models. Also, the EU Cookie Law addressed the same topic, but it received better public approval.
Sadly, threats are still on the rise. Ranking second after North America in terms of Android malware reports, malware coders targeting European countries with money-stealing malware were more vicious during 2012."
Sean Sullivan, Security Advisor at F-Secure Labs
"I believe the greatest impact on last year's European security landscape was the hype before ITU's World Conference on International Telecommunications. I'm referring to investigations being promoted as tackling advanced threats, when it clearly wasn't the case.
There's also been a lot of pressure from nation states when it comes to protecting the critical infrastructure from cyber war.
Countries are rushing forward to create new jobs for defense contractors, while ignoring simple and smart policy decisions that could have a real practical affect for the majority of Europe’s computer users."
Luis Corrons, PandaLabs Technical Director
"Company data theft has been one of the major events in 2012. The good news is that these cases are making all companies aware of the real risks they are facing as well as the need of taking security measures to avoid becoming a victim.
Last year we've seen the second pan-European cyber exercise, known as “Cyber Europe 2012”. European experts from major financial institutions, telecommunications companies, internet service providers and local and national governments worked in this exercise.
This was the first time that banks and internet companies have been part of an EU-wide cyber-attack exercise. However its main focus was to respond to a simulated distributed denial of service attack. Let’s see if future exercises focus on different attack vectors."
James McDonagh, Technical Services Manager at Titania
"There are a number of reasons why cyber security was in the spotligh during the past year, with hacktivism being the most prominent one.
In the same year that 10 Downing Street’s website came under attack from Anonymous, Julian Assange holed up in the Ecuadorian embassy in London in order to avoid what he claimed was a politically motivated extradition.
This arguably defines the information security landscape in the sense that people are divided on his culpability. Some think he’s a criminal who is putting soldier’s lives at risk, while others think he’s an activist fighting for free speech.
In the same year, there was recognition from NATO of the cyber coalition 2012 war games and the fact that they mentioned they considered Russia as potential cyber aggressors, as well as Iran undertaking their first cyber warfare defence exercise in their war games.
These issues were all discussed in the media, and were taken seriously. For these reasons, among others, I would argue that 2012 was the year cyber security entered the mainstream.
Simon Moffatt, Infosec Consultant and Blogger
"2012 was a fascinating and headline grabbing year from an Infosec perspective. To me, the biggest change seemed to be that cyber security became a discussion point at every opportunity.
US and UK governments announced advanced new cyber security research centers with significant funding, supply chain issues were highlighted with the US report on network provider Huawei, whilst big security data analytics was on everyone's lips. Security seemed to move away from a 'nice to have', but became an essential component of brand protection and effective IT transformation.
Organizations are now attempting to proactively protect themselves from cyber attacks, that help to save or improve their reputation, with the recent ICO fine and clean costs recently revealed by Sony, proving a timely reminder that the attacks in 2012, will develop at a more frequent and advanced rate in 2013."
Hacktivism stories dominated mainstream media outlets, the public has been learning more about the privacy implications of their actions, and governments realized the complications that can arise from a cyber conflict.
We've reached out to a number of information security professionals all over Europe and here are some of the comments regarding the past 12 months that we've received.
Ligia Adam, Security Evangelist at Bitdefender"Privacy was a big topic in 2012. Late last year the European Commission launched a proposal to create a new privacy right (the right to be forgotten) enabling users to control what information about them can be available on the Internet. The law was dismissed, as it was perceived as a limitation to the right of free speech and current business models. Also, the EU Cookie Law addressed the same topic, but it received better public approval.
Sadly, threats are still on the rise. Ranking second after North America in terms of Android malware reports, malware coders targeting European countries with money-stealing malware were more vicious during 2012."
Sean Sullivan, Security Advisor at F-Secure Labs"I believe the greatest impact on last year's European security landscape was the hype before ITU's World Conference on International Telecommunications. I'm referring to investigations being promoted as tackling advanced threats, when it clearly wasn't the case.
There's also been a lot of pressure from nation states when it comes to protecting the critical infrastructure from cyber war.
Countries are rushing forward to create new jobs for defense contractors, while ignoring simple and smart policy decisions that could have a real practical affect for the majority of Europe’s computer users."
Luis Corrons, PandaLabs Technical Director"Company data theft has been one of the major events in 2012. The good news is that these cases are making all companies aware of the real risks they are facing as well as the need of taking security measures to avoid becoming a victim.
Last year we've seen the second pan-European cyber exercise, known as “Cyber Europe 2012”. European experts from major financial institutions, telecommunications companies, internet service providers and local and national governments worked in this exercise.
This was the first time that banks and internet companies have been part of an EU-wide cyber-attack exercise. However its main focus was to respond to a simulated distributed denial of service attack. Let’s see if future exercises focus on different attack vectors."
James McDonagh, Technical Services Manager at Titania"There are a number of reasons why cyber security was in the spotligh during the past year, with hacktivism being the most prominent one.
In the same year that 10 Downing Street’s website came under attack from Anonymous, Julian Assange holed up in the Ecuadorian embassy in London in order to avoid what he claimed was a politically motivated extradition.
This arguably defines the information security landscape in the sense that people are divided on his culpability. Some think he’s a criminal who is putting soldier’s lives at risk, while others think he’s an activist fighting for free speech.
In the same year, there was recognition from NATO of the cyber coalition 2012 war games and the fact that they mentioned they considered Russia as potential cyber aggressors, as well as Iran undertaking their first cyber warfare defence exercise in their war games.
These issues were all discussed in the media, and were taken seriously. For these reasons, among others, I would argue that 2012 was the year cyber security entered the mainstream.
Simon Moffatt, Infosec Consultant and Blogger"2012 was a fascinating and headline grabbing year from an Infosec perspective. To me, the biggest change seemed to be that cyber security became a discussion point at every opportunity.
US and UK governments announced advanced new cyber security research centers with significant funding, supply chain issues were highlighted with the US report on network provider Huawei, whilst big security data analytics was on everyone's lips. Security seemed to move away from a 'nice to have', but became an essential component of brand protection and effective IT transformation.
Organizations are now attempting to proactively protect themselves from cyber attacks, that help to save or improve their reputation, with the recent ICO fine and clean costs recently revealed by Sony, proving a timely reminder that the attacks in 2012, will develop at a more frequent and advanced rate in 2013."
Spotlight
Is it time to professionalize information security?
Posted on 23 May 2013. | The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
