Security & Policing Event 2014 - What to Expect?

What is Security & Policing?

Source: Security & Policing2014
Exhibitor Brochure

For those who missed Security & Policing this year, make sure to book a place for next year's edition. Meanwhile, here is an overview of the event and what makes it so appealing to the security community.

The Home Office Security & Policing exhibition at the FIVE expo site in Farnborough, Hampshire UK is an essential trade show for the industry of defence, security and governmental bodies attracting global audiences and providing opportunities to showcase sensitive products in a safe environment. 

Delivered in partnership with the ADS (UK Aerospace, Defence, Security & Space) Group and UKTI DSO (UK Trade & Investment Defence & Security Organisation), the event has been running for 30 years, with the aim of providing the UK government with a platform of engagement with world leading security providers and professionals.  

In order for the show to be secure and comfortable, given the sensitive nature of the information and the profile of the attending audience, there are strict criteria for visitors. Please read the guidelines, in order to avoid disappointment.

What to expect?

The showcase is only one aspect of the event. Security & Policing also opens the conversation on national security aspects in the government and industry briefing sessions. Aside from being free to attend, these sessions bring solutions from governmental officials, as well as the opinions of security experts with long-standing experience in their field.  

Source: Security & Policing2014
Exhibitor Brochure

Discussions, this year, are fueled by the possibilities opened by the world of digital and what the latest technological contributions bring to the defence industry. The conference briefings include talks on the use of social media in crime-fighting (Simon Imbert, I-Risc), cooperation in terms of threat-sharing (John Atherton, Surevine), protecting the critical national infrastructure, from the perspective of the telecoms provider (James Todd, BT), innovation for the US cyber defence community from a UK SME (Andy Williams, Titania) and “real-time” intelligence solutions on the frontline (Nichola Bates, Repknight). There is a strong emphasis on cybercrime, information security and technological progress to the benefit of the defence forces.

Other initiatives?

The other noteworthy event brought by Security & Policing is the International Security & Policing Summit; a conference setup in association with CityForum. Last year’s agenda looked at future planning and strategies that would incorporate technology with security and policing, and security measures for major events (lessons learnt from the 2012 Olympic Games).

For the 2014 session, the theme is Safer Cities - combining people, technology and security. The agenda facilitates a dialogue between UK policy makers, businesses and intelligence chiefs and international government and agency representatives. Predictions for 2020 and changes anticipated in the cybercrime landscape also feature on the agenda.

The Security Innovation Awards

The Security Innovation Awards are a way of recompensing UK businesses for any developments which bring significant improvements to crime prevention and the defence sector. All the while it rewards any partnership efforts between defence operatives and pioneering developers of technology. 

Altogether the Security & Policing trade show is a great way of attracting new business, the best way to keep up to date with the latest trends in terms of defence and policing advancements and a chance to listen to opinion leaders discussing risks and opportunities ahead. 

2014’s Cyber Threat Predictions

1. BYOD makes two of the prolific lists for cyber threats released for the year ahead. Grouped with Cloud services, this new technological development poses more and more of a risk to information security.

Experts recommend: If you can’t eliminate BYOD or Cloud, make sure to implement them early, correctly and where possible with clear boundaries to distinguish between personal and professional data.

Image ID: 913723 via www.sxc.hu 

2. Reputational damage is largely dependent on how efficient your incident-response plan is. Time and time again we hear that companies are more than likely to have already suffered an attack and not even know it. Not a day goes by without a hacking story surfacing in the news.  Improving the security defences are of course recommended but for companies that want to stay ahead there is some more advice:

Experts recommend: Once the damage is done, a good response time can make the difference between a company’s survival and its failure. Plus it’s not only the IT department that must take all the heat. Correlated efforts throughout the entire organization are necessary to mitigate the issues. Just look at the #RBSglitch or the BA promoted tweet incidents to see the damage that can be done.  

      3. Privacy and regulation mainly on the issue of data management. Companies storing and processing third party data is common practice, but under sub-contractors the safety of this data is not entirely clear until a breach occurs. Sadly, their security standards may not always be at the same level as yours.

     Experts recommend: A closer inspection of the subcontractors and clear guidelines on responsibility, obligations and legal roles in case of a breach.

       4. Cybercrime – This is quite a broad spectrum. Fast tech developments, isolated and under-invested IT departments, increased online hacktivism and regulatory frameworks that simply do not update fast enough, provide the perfect recipe for cybercrime.

    

     Experts recommend: Rapid progress does not only occur in the criminal world. The past 12 months have showed a great increase in sophisticated tools, cyber forensics, prevention mechanisms and improvements in response-protocols, which looks promising in terms of preventing and protecting against online attacks. So use these tools and evaluate and update your systems and defences to make the best use of these technological developments.

      5. The IoT (Internet of Things) is becoming quite visible in the media lately. Especially since Symantec reported a new worm targeting specifically IoT.  The Internet of Things is a concept which assigns physical objects virtual representations that would enable interaction without human interference.  The threats on PCs have plenty of negative implications that can affect life, work, play and finances, but the IoT takes it a step further and connects the virtual world with the real one.

   

     Experts recommend: Future concerns regarding the protection of these devices, and more research allocated into the development of IoT. As attackers test against different architectures, proving the intent for more targeted attacks, the physical harm potential looms closer.

      6. Malicious insider – predictions say that for 2014, companies should expect a significant number of data breaches to come from inside. Such attacks can go undetected and if discovered will rarely be heard of outside the organisation

      Experts recommend: Naming and shaming the attackers may be a good deterrent, but also knowing the data breach regulations and accountability rules is strongly recommended so that organisations that have fallen prey to intellectual theft property know how to proceed.

      7. Corporate auditing committee results can be costly if you haven’t carried out a proper risk assessment and implemented a cyber policy. This is because these committees not only consider the financial welfare of the organisation, but the connection between cyber security standards and the financial welfare of the company. The legal and reputational implications arising from that can involve protection against lawsuits questioning the level of cyber security that can be deemed “commercially reasonable”.

   

     Expert recommend: That the corporate board auditing committees need to decide who determines what “reasonable” cyber security standards is, who enforces it and what response procedure should be implemented.

Most of the forecasts for 2014 are not new. They’ve been reported in the media so much over the past year that cyber risks are not only keeping the InfoSec community up at night, but have now entered into the sphere of general public concern. What these predictions are however, are an exercise in learning from past mistakes, and considering the pace technology is developing, individuals and organizations need to learn fast.