Banks’ perception of cyber risks increases after several attacks

A quarter of UK banks see operational risk as one of the main threats to UK financial stability and over half of these banks said that cyber attacks are a threat following several attacks, according to the Bank of England. In its Financial Stability Report, November 2013, which looked at the second half of this year the Bank of England revealed that over half of 25% of banks that perceive operational risk as a threat believe cyber attack is a major risk.

This compares to the first half of the year when about 23% of banks saw operational risk as a threat and only 6% cited cyber attacks. The steep increase follows a number of attacks this year. “In the past six months, several UK banks and financial market infrastructures have experienced cyber attacks, some of which have disrupted services.

While losses have been small relative to UK banks’ operational risk capital requirements, they have revealed vulnerabilities.

If these vulnerabilities were exploited to disrupt services, then the cost to the financial system could be significant and borne by a large number of institutions,” said the report. Peter Armstrong, director of cyber security at Thales UK, said the combination of high interconnectedness, reliance on centralised market infrastructure and complex legacy IT systems are leaving our banks vulnerable to cyber attacks.  He said: “A holistic approach that is designed to tightly integrate cyber defences with processes, people and physical measures is crucial to ensure financial organisations are protected against the latest evolution of threat and attack vectors. "Banks must make more effort to retrain or re-skill their employees. Much more emphasis should be placed on retention of soft skills, IP, organisational culture, the evolution of internal security policies and knowledge of legacy systems.  "Greater collaboration on cyber issues should also lead to an improvement in cyber awareness and continuous policy evaluation and adaptation, particularly as external attacks multiply faster than legacy IT security solutions can currently keep up with.” Email Alerts Register now to receive IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from

Google could face Dutch fine over privacy policy

Google could face a fine after the Dutch Data Protection authority found that the firm’s 2012 privacy policy violates Dutch data protection law. The latest version of Google’s privacy policy introduced the practice of combining personal data from Google’s various online services, including YouTube, Gmail and Google Search. But, after a seven-month investigation, the Dutch privacy watchdog has invited Google to attend a meeting to discuss its concerns regarding the firm’s privacy policy. The Dutch Data Protection Authority will then decide whether to take action against Google, which could include a fine. In June, Spain's Data Protection Agency said it had initiated sanction proceedings against Google, which could face a fine of up to $408,000.  A month later, the Information Commissioner’s Office said Google could face sanctions if it did not re-write its privacy policy, which raised serious questions about its compliance with the UK Data Protection Act. However, fines by data protection authorities are minimal in comparison with Google’s capacity to generate revenues of more than $545,000 every five minutes, according to the Guardian. Dutch investigators said it is "almost impossible" for internet users not to interact with Google, but the company does not properly inform users what personal data it collects and combines. They said Google also does not properly inform users of the purpose of collecting their personal data, and that proper user permission cannot be obtained by accepting general terms of service. Responding to the findings, Google said it provided users of its services with sufficiently specific information about the way it processed their personal data. "Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the Dutch Data Protection Authority throughout this process and will continue to do so going forward," the company said in a statement. The Netherlands is one of six European countries, including the UK, that are investigating Google’s privacy policy because of concerns about personal data being stored in foreign jurisdictions. Privacy groups are concerned that personal data is being stored in the US, reducing the control that European citizens have over their personal information. These concerns have increased in the wake of claims by whistleblower Edward Snowden that US intelligence services have access to material stored in US-based cloud services. Email Alerts Register now to receive IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from

US admits pirating military software

The US government has agreed to pay a $50m copyright infringement settlement after a software firm found thousands of unlicensed copies of its logistics programs on US military servers and devices. Texas-based Apptricity has provided logistics software to the US Army since 2004 and claims the US government unlawfully installed the software on 93 servers and approximately 9,000 devices. That means the US government got off extremely lightly with a $50m settlement when the licence fee for each server should cost $1.35m and $5,000 for each device, according to Ubergizmo. In a statement, Apptriciity said the settlement figure represents a fraction of the software’s negotiated contract value.

Apptricity had asked for $224m to cover costs, according to the BBC. However, the software supplier appears happy to continue its relationship with the US military and would use the settlement to expand the company. “Now that this process is behind us, it is envisioned the Apptricity and Army relationship will continue to grow exponentially,” said Tim McHale, an Apptricity senior advisor and retired major general. The Dallas Morning News reported that the US Department of Justice has confirmed the settlement, but would not comment. The revelation will come as an embarrassment to the US government, which has been leading a campaign against software piracy since 2010. According to Apptricity, its software allows troop movements to be tracked in real time across multiple time zones. “Tracking is granular to the level of an item’s location in a specific compartment on a particular ground or air transport vehicle or at its destination,” the company said. Apptricity said the US Army has used its integrated transportation logistics and asset management software across the Middle East and other theaters of operation. The Army has also used the software to coordinate emergency management initiatives, including efforts following the January 2010 earthquake in Haiti, the company said. Email Alerts Register now to receive IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from

Global real estate firm gets edge with cloud and mobile upgrade

Global commercial real estate brokerage Cushman & Wakefield has pursued cloud and mobile technologies to gain a competitive edge in the property sales market. The firm wanted to give its 15,000 employees around the world access to corporate information anytime, anywhere. The company eventually embraced cloud computing because it wanted to avoid capital investment in new infrastructure, said John McKeown, chief information officer in Europe for Cushman & Wakefield. “We do not want to own and maintain the infrastructure required to make it happen,” he told the IDC Consumerisation of IT Conference 2013 in London. Corporate email has been switched to Office 365, customer relationship management is through, storage is through’s enterprise offering, HR uses Oracle’s on-demand offering and service desk is through As part of the “mobile first” strategy, the firm has redesigned its website to ensure it is optimised for use on mobile devices and it has begun developing apps to provide information to clients. But 18 months into the new strategy, McKeown said the firm faced the challenge of migrating employees mainly from Blackberry handsets to others better suited to staff needs. “The driver is not consumerisation per se, but giving employees the ability to use information more effectively, the ability to be more flexible to achieve a better work-life balance, and the ability to access the right information at the right time, which has proven to be a big competitive advantage,” he said. However, this has not been without its challenges. “One of the biggest challenges has been managing the change within IT in terms of support, security and cost,” he said. McKeown said organisations should start small and expand as knowledge and experience grows. Cushman & Wakefield started by inviting employees to buy their own devices. It then provided corporate emails to those devices. “At first, we empowered users to choose their own devices, layered in a company data plan, and provided best-endeavour support,” he said. While this approach worked well in the US, McKeown admits that there has been some pushback in the UK and elsewhere in Europe, where employees would prefer the company to provide the devices. In line with the “start small” approach, the company has chosen to support only one version of Android on one device, where employees prefer a company-supplied device. McKeown said organisations should also talk to their mobile service providers about data plans and costs when starting to mobilise the workforce. “There is a lot of competition in the mobile data market, and we found our providers were willing to help us get to our future state, which meant we could migrate 7,800 BlackBerry users to a choose your own device programme at neutral cost,” he said. It is important to ensure security measures do not affect the user experience McKeown also advised organisations to expect to use four to seven times more mobile data than before, and plan for that by building relevant data plans, including roaming, into contracts, and to educate employees on how to use data allocations effectively. He said companies should also expect to “sell the change” because change is not accepted by everyone. “Emphasise why the change is important for the business,” said McKeown. When formulating mobile policies, he said it is important to involve all the business stakeholders such as HR, legal and finance. “But because most users will not read the policies, security and risk are important components in regular employee education programmes,” he said. While security controls should be fit for purpose, McKeown said it is important to ensure security measures do not affect the user experience, otherwise they will go around the controls. As a final point, he said companies should expect a huge increase in the use of company Wi-Fi and should plan accordingly to ensure there is enough Wi-Fi capacity to meet increased demand. “I am not saying what we have done is all working perfectly or that there is not still a lot of work to do, but hopefully our experience will provide some guidelines for other companies facing similar challenges,” said McKeown. Email Alerts Register now to receive IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from

EU calls on US to rebuild trust in post-Snowden era

The European Commission has called on the US to provide guarantees to restore trust in the wake of revelations of mass internet surveillance by whistleblower Edward Snowden. Until now, trust has relied on the Safe Harbor Privacy Principles designed to ensure US companies respect EU citizens’ right to protection of personal data. But in the light of the Snowden revelations this year of spying on EU citizens, companies and leaders, the EC wants further guarantees and processes to rebuild trust. Mass internet surveillance by US and UK intelligence agencies violated European law, according to a study by two academics presented to the European Parliament earlier this month. The academics said MEPs should push EU countries to draft a "professional code for the transnational management of data". They also called for a permanent body to oversee intelligence matters, and new EU laws to protect whistleblowers and prevent internet firms giving data to intelligence agencies. According to EU Justice Commissioner Viviane Reding, citizens need to be reassured that their data is protected, and companies need to know existing agreements are respected and enforced. In the past 13 years, more than 3,200 companies have signed up to Safe Harbor, which limits what they can do with data transferred outside the EU, how long they can hold it, and to whom it can be transferred. The principles also give individuals the right to access personal information about them and ask for it to be corrected or deleted if it is inaccurate. Now the EC wants EU citizens to be given the right to judicial redress if a US company breaks the rules, and it wants to be able to fine companies up to 5% of their worldwide turnover, according to the BBC. In recent weeks, the EC has also raised concerns that some of the US businesses that had self-certified their compliance are not following the rules. The European Parliament also recently passed a resolution calling for the suspension of an EU agreement with the US that allows US authorities to monitor financial transactions on the Society for Worldwide Interbank Financial Telecommunications (Swift) network. MEPs want the Terrorist Finance Tracking Program (TFTP) suspended while Snowden’s allegations that the National Security Agency (NSA) tapped the Swift network are investigated. In the latest move, the EC has called for the introduction of 13 new measures, including that: Self-certified companies must publicly disclose their privacy policies; Self-certified companies must include the privacy conditions in any contract with subcontractors; A still-to-be agreed percentage of the companies should be investigated for compliance regularly; If a company is found to be breaching the rules, it should face a follow-up probe one year later; Companies should alert their customers to the fact that their data might be accessed by overseas authorities, including law enforcement agencies. The commission said it would take a decision on whether the Safe Harbour scheme could continue to operate once it had seen the US response. Email Alerts Register now to receive IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from

NSA planned to discredit Islamist radicals with porn web history

US authorities considered exposing details of visits to online p**n sites to discredit prominent Islamist radicals, according to a new Snowden document published by the Huffington Post. The latest document leaked by former National Security Agency (NSA) contractor Edward Snowden identifies six Muslims as examples of how “personal vulnerabilities” learned through electronic surveillance can be exploited to undermine a target's credibility, reputation and authority. The leaked document, dated October 2012, was distributed by the office of the director of the NSA to other US government officials and is based on information gathered from “Sunni extremist communications”. The information relates to "viewing sexually explicit material online”, using donations to pay personal expenses, charging exorbitant speaking fees, and using questionable sources and contradictory language in public messages. None of the six individuals named in the report are accused of being directly involved in terrorism, but one had been imprisoned for inciting hatred against non-Muslims and another had been involved in promoting al-Qaeda propaganda, the document said. Privacy International spokesman Mike Rispoli said that what is frightening about the NSA's capabilities is that it collects massive amounts of information on everyone, including political beliefs, contacts, relationships and internet histories, according to the BBC. "While these documents suggest this type of personal attack is targeted in nature, do not forget that the NSA is conducting mass surveillance on the entire world and collecting a vast amount of information on nearly everyone,” said Rispoli. The UK’s GCHQ works closely with the NSA, but declined to comment on the Huffington Post report. "All of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that its activities are authorised, necessary and proportionate, and that there is rigorous oversight," a spokeswoman told the BBC. The Huffington Post report comes shortly after a group of United Nations experts adopted a "right to privacy" resolution. The resolution will be passed by the UN's General Assembly before the end of the year, but is largely symbolic because it is not legally binding. The UN's Human Rights Committee said it is "deeply concerned at the negative impact" the interception of data "including extraterritorial surveillance" could have "in particular when carried out on a mass scale". Email Alerts Register now to receive IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from

UK set to announce plans to tackle extremism online

The government plans to order internet service providers (ISPs) to block extremist websites identified by a specialist unit set up to identify content too dangerous for publication online. The plans are part of measures for tackling extremist and terror content online to be announced soon, according to security minister James Brokenshire. The government wants to follow the model used to counter child abuse online where the Internet Watch Foundation identifies illegal child abuse images that ISPs are asked to block, according to the Guardian. Under the anti-terror plans, a specialist unit will be empowered to order ISPs to block websites, but ISPs are likely to oppose the plan because it could compromise freedom of speech, the paper said. ISPs and search engine operators Google and Microsoft recently agreed to block child abuse images, post warnings and provide links to advice sites. From 2014, all customers of the major broadband companies will be asked whether they wish to install filters that block violent or adult content. The filters will be activated automatically for new customers who will have to ask if they want them to be turned off. The Guardian cited unnamed sources as expressing concerns about blocking material that some customers may feel entitled to access. ISPs want the government to introduce a process for testing what content is illegal and a robust appeals process, arguing that political incitement is not as clear cut as child exploitation. The government’s plans signal a shift to a more proactive approach to content deemed to be illegal, with the Internet Watch Foundation piloting methods of actively searching for abusive images. Earlier this month, prime minister David Cameron said UK and US intelligence agencies will help fight child abuse images on the dark web that is inaccessible to search engines. Cameron said he was confident of progress after talking to internet service providers (ISPs) and the National Crime Agency (NCA) team that will work with US counterparts to apply the best expertise. Asked about the potential invasion of privacy that would result from the move, he said: "People understand that a crime is a crime whether it's committed on the street or the internet." On 9 December the UK policing minister and the US assistant attorney general will co-chair the first meeting of the taskforce to combat online child sexual exploitation crimes. More on UK internet crackdown Microsoft launches UK child p**n warning UK to block online p**n by default PM calls meeting to tackle online p**n PM urged to criminalise internet r**e p**n Fight against online child p**n goes overseas Email Alerts Register now to receive IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from

Microsoft Boosts Encryption to Guard Traffic Against NSA Snooping

Following revelations that the spy agency tapped the Internet links of major tech companies, Microsoft is reportedly working to increase encryption of its traffic. Microsoft is taking steps to expand its encryption efforts to safeguard its Internet traffic after classified documents released by ex-National Security Agency contractor Edward Snowden shed light on the NSA's data-collection capabilities. Last month, the disclosure of NSA's Muscular program revealed that the agency had gained access into the private networks of Google and Yahoo by tapping the Web connections that linked their respective data centers. From its vantage point, the surveillance program could intercept raw, unprotected data as it was transferred between data centers. While there is no proof that Muscular also ensnared Microsoft's network, its Hotmail and Windows Live Messenger services were mentioned in connection with the program, The Washington Post reported. So Microsoft isn't taking chances. Suspicions had been building at the company for "several months," according to the report. It finally boiled over in October when it was disclosed that the NSA was tapping Google and Yahoo. Sources with knowledge of Microsoft's plans told the newspaper that the company "is moving toward a major new effort to encrypt its Internet traffic amid fears that the National Security Agency may have broken into its global communications links." Top executives are reportedly involved in the project and will determine how it is implemented. Microsoft General Counsel Brad Smith weighed in, saying that if the NSA targeted the company in the manner it did Google and Yahoo, "it would be 'very disturbing' and a possible constitutional breach if true." The exact nature of the NSA's data-collection capabilities remains cloaked in mystery.

An anonymous U.S. government insider did offer to The Washington Post "that collection can be done at various points and does not necessarily happen on a company’s private fiber-optic links." In an Oct. 31 analysis, eWEEK's Sean Michael Kerner explained, "In the Muscular approach, the NSA has cleverly managed to insert itself at a point where it can intercept all Google and Yahoo traffic. You see, both Google and Yahoo use robust sets of private links between data centers." He cites an earlier Washington Post report stating that the NSA enlisted an "un-named telecom vendor to offer secret access to a cable or switch through which Google and Yahoo traffic passes." In the months following the Snowden leaks and growing concern about NSA's activities, major tech companies have repeatedly requested that the U.S. government provide more transparency over its intelligence programs and how they impact user data. Last month, they stepped up their efforts. In an Oct. 31 letter, AOL, Apple, Facebook, Google, Microsoft and Yahoo voiced their support for the USA Freedom Act, legislation that would curtail the NSA's surveillance activities.

In the letter, addressed to the bill's authors and sponsors in Congress, the companies said they "welcome the debate about how to protect both national security and privacy interests." Further, they "applaud the sponsors of the USA Freedom Act for making an important contribution to this discussion." ${QSComments.incrementNestedCommentsCounter()} {{if QSComments.checkCommentsDepth()}} {{if _childComments}}

Do You Need RFID Protection for Your Real Wallet?

As throngs of shoppers prepare to descend on shopping malls and retail stores during the holiday period, it's important to remember to be safe with your wallet.

In the modern world, keeping safe is now evolving from just keeping an eye on your purchases and your physical wallet to being aware of unseen digital risks too. I recently saw a wallet in a retail store that included a feature I had never before seen: radio frequency identification (RFID) protection. On the side of the wallet's box was a description of what this RFID protection is all about: "This item is made with a special lining that acts as a protective shield for ID and credit cards. It can help to prevent hackers from accessing the information contained on the microchip." Modern passports and credit cards now have RFID chips in them that are used for identification and payment.

At the Black Hat USA security event this past summer, there was an interesting presentation on RFID hacking that demonstrated how easy it is to exploit RFID-enabled cards.

At the time, Francis Brown, managing partner at security firm Bishop Fox, told eWEEK that one of the only ways to be protected against RFID hacking is by using an RFID sleeve that can keep information safe, simply by placing the RFID card into the sleeve, blocking any potential signal theft activities. Brown's presentation was specifically about RFID badges that are used by many companies for secure access to facilities, but the same basic idea likely holds true for credit cards and passports too. I also saw famed security researcher Charlie Miller talk about RFID and Near Field Communications (NFC) hacking at Black Hat USA this past summer. In a humorous presentation, Miller played a video where he tried to steal information from unsuspecting associates by literally bumping into them—as a ploy to steal their information over RFID and NFC. This is the modern world we now live in, so instead of the regular pickpockets that we used to have to be vigilant against who would physically lift the wallets out of our pockets, there is now potentially a new breed of digital pickpocket. To be fair, actually bumping into someone with some kind of device that somehow can steal information from a credit card is not a simple or easy task. I also strongly suspect that normal pickpocket attacks vastly outnumber any type of risk that RFID presents to payment cards. That said, there is a risk. Whether or not that risk is truly material or is simply just theoretical is subject to debate, but it's still there. So if you're wondering what I did after I saw that RFID wallet, here's the answer: I bought it.

As it turns out, I needed a new wallet anyway, and it's no more expensive to buy a wallet with RFID protection than it is to buy one without it. Time will tell whether or not the risk of RFID credit card hacking is real or not, but if the cost for protecting against it is so low, why not get RFID protection and eliminate the risk altogether? Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Google Changing Google Apps Sign-In for Users in 2014

Google is moving all of its Apps sign-in pages to have the same look for consistency and security, which means that users will lose their personalization options. Google Apps users will see some noticeable changes in 2014 when they log in to use their apps, including a consistent look for the sign-in pages for all of the apps. But what they'll also see is something that may not make them as happy—they'll be losing the ability to customize their Google Apps sign-in pages with their logos and other branding information. The coming changes were unveiled in a Nov. 26 post on the Google Apps Updates Blog, where they were touted as a security and simplicity move for users. "Early next year, the sign-in page for all Google Apps customers will be updated to be consistent across all Google Apps services," the post states. "In other words, the sign-in page for Gmail will now be identical to the sign-in page for Google Calendar, Google Drive, or any other Google Apps service.

This change will improve security and make it easier for users to switch between accounts." At the same time, the changes mean the end to the Apps personalization that was used by many organizations, the post states. "The Google Apps sign-in page can no longer be personalized with colors and custom logos. It will now look the same across all Google sign-in pages." In addition, users will no longer be able to log in to the Apps by using just a brief user name. "Users will have to log in with their full email address (example:," the post states. "For SSO domains with a network mask, users will be presented with the new Google sign-in page when they log in from outside the SSO network mask.

This change does not affect SSO domains without a network mask." More details of the coming changes will be arriving in the next few months, according to Google.

The changes will affect users of Google Apps for Business, Education, and Government. Earlier in November, Google Apps announced that it will soon be will ending its support for Apps on Microsoft's Internet Explorer 9 browser as it transitions users to the two latest versions of IE, Versions 10 and 11. That means that Apps users who are still browsing with IE9 will have to upgrade soon to IE10 or 11 to be able to continue to access and work on their files using Google Apps. Those upcoming changes affect users of Google Apps for Business, Education, and Government, according to Google. Google Apps only supports the latest two versions of supported Web browsers. The last time that Google Apps made a similar transition was in September 2012, when IE8 users had to make the same transition to either IE9 or IE10 as Google Apps dropped support for the IE8 version of the browser, according to an earlier eWEEK report. The Google Apps policy of supporting only the latest browsers began in June 2011 as big changes were beginning to arrive from new Web standards, such as HTML5.

Newer, modern browser versions support many new capabilities that are not possible using older, outdated browsers, according to Google. In October, Google unveiled a new feature that allows Google Docs users to share files with others who are not using Google accounts.

The new capability allows guest Docs users who are not signed in using a Google account to be able to view a file, but not make changes or edits, according to Google.

The new feature permits, for the first time, users to share such documents with others who may not have their own Google accounts. Previously, users could only view such files if they were also logged into their Google accounts.

Administrators and Google Docs users who already have file-sharing permissions can change the sharing settings as desired.

The new file-sharing feature is available for users of Google Apps and Google Apps for Business, Education and Government, according to Google. In December 2012, Google dropped its then-free Google Apps for Business services. Google made the move after deciding that most business users were quickly outgrowing it and signing up for paid accounts that offered additional services.

The paid Google Apps for Business accounts started in 2007 when Google began charging $50 per user annually, a fee that provided larger inbox mail storage, access to Google APIs to allow businesses to build custom apps and other extra services. Google also added apps versions specifically aimed at governments, universities and schools. In October 2012, Google added some key benefits—phone and email support—for paying customers of its Google Apps services when they are accessed through Google's Chrome Web browser. That means that Google Apps for Business, Education and Government customers can get direct support on Chrome installation, functionality, security, browser policy settings and Google Apps interoperability for Windows, Mac OS X and Linux. Customers with free Google Apps accounts are not eligible for phone or email support, but can continue to use Google's free online help services and forums.

Microsoft Issues Exchange Server 2013 Update for Buggy Backups

In Exchange Server 2013 Cumulative Update 3, Microsoft alleviates, among other bug fixes, issues that prevent the successful restoration of Exchange data from backups. Organizations that are leery of their Excha...

Drone crew caught attempting to deliver smokes to prison inmates

Georgia sheriff's deputies capture four smugglers and a hexacopter.