Monthly Archive April 2015

Why community intelligence modelling is vital when dealing with the ‘digital native’

When it comes to e-safety, schools are faced with a conundrum: the vast majority of today’s school-age children could be termed ‘digital natives’ but those who are tasked with their protection are, almost inevitably, ‘digital immigrants’. First identified by Marc Prensky in 2001, the ‘digital native’ is one who has been born into the digital culture, while the immigrant has only acquired that culture and is therefore never fully immersed in it. In school terms, this means that pupils often have an intuitive understanding of online technology that school e-safety officers can themselves find baffling.

In addition to this, however, is a problem of even greater concern: many of those who carry out cyber- attacks, bullying and threaten online safety are also often ‘digital natives’ and it can be extremely difficult for anyone, especially the digital immigrant, to predict their next move. Enter the ‘digital community intelligence model’ which, by identifying triggers and indicators, provides experts in the field with valuable data to pre-empt threats and keep the school e-safety function a step ahead of potential attackers.

Those growing up today are learning to develop online alongside the need for online protection which previous generations did not have to contend with. So not only are educators tasked with encouraging full engagement with all the advantages that digital technology offers to school children, but they must also equip them to protect themselves now and to develop behaviours that will continue to protect them into the future. This task is made all the more difficult when the environment is constantly evolving at the same time as young people’s relationship to it, and many of the challenges they will face have yet to fully emerge.

SRM’s VE-SO portal has been developed by a team of highly experienced cybercrime experts not only to assist with the development of proactive e-safety strategies but, through the harvesting of intelligence, to identify trends that are still only emergent. Such a rigorous and strategic defence assists schools in establishing guidelines and life strategies for pupils as well as helping them to meet Ofsted’s stringent standards for ‘good’ and ‘outstanding’ e-safety provision.

Five steps for an effective school e-safety policy

The Internet has brought unprecedented access to a world of learning opportunities. Yet, recent reports show that the widespread use of technology in education comes at a price. A third of key stage 3 and 4 students have been subjected to attacks, threats or humiliation via mobile devices or online, according to the Virtual Violence II, Beatbullying. Little wonder that e-safety is now a priority for schools and that it has been elevated to top of the agenda within the Ofsted inspection process.

There is a fine balance when it comes to e-safety, however. A locked-down system, where almost every website has to be unbarred before a pupil can use it, stifles learning and does not encourage pupils to become digitally responsible. There is also the question of where parental responsibility begins and ends and to what extent a school can extend e-safety beyond its own gates. Schools, ultimately, however, have the responsibility to provide an environment in which the inevitable benefits of technology are balanced with a strategy to protect young people from harm. Developing an effective e-safety policy is a vital aspect of this.

Ofsted describes e-safety as a school’s ability to protect and educate pupils and staff in their use of technology as well as having appropriate mechanisms in place to intervene and support any incident where appropriate.
Ofsted is looking for schools to provide a safe learning environment through the effective use of appropriate monitoring and filtering. Yet, it is also looking for an e-safety strategy that extends beyond the school day and helps to provide a degree of protection for young people in their own homes.
Five steps for an effective e-safety policy:

1. Involve students – this creates a sense of ownership and provides the first step in education them about e-safety and acceptable use of technology;
2. Involve parents – they need to read and sign policies and have the opportunity to share feedback. This will highlight the need for e-safety outside school too.
3. Review it – agree a date each year when you seek feedback and review the contents of the policy. If using a Virtual E-Safety Officer such as the VE-SO portal, agility is built in to the system.
4. Embed it – policies are no use if they are simply a tick-box exercise. They need to be part of daily life. You could implement a reward system that recognises students who have shown leadership or responsibility in this area, or appoint e-safety monitors whose role it is to keep e-safety at the front of people’s minds;
5. Own it – all members of staff need to be trained and have responsibility for e-safety, but with a designated e-safety officer function, it is more likely to stay high on the agenda.

With the SRM VE-SO portal, a virtual e-safety officer replaces the need for an individual member of staff. Through the portal, we provide a range of e-safety templates and documents to assist with creating an overall e-safety strategy.

Information Security Breach Report – 01 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Energy companies infected by newly Laziok trojan malware – http://securityaffairs.co/wordpress/35567/cyber-crime/energy-companies-laziok-trojan.html

Hackers attack the energy industry with malware designed for snooping – http://fortune.com/2015/03/31/spies-malware-energy-email/

Data Breach at Westland Middle School Releases Student Locker Combinations – http://www.mymcmedia.org/data-breach-at-westland-middle-school-release-student-locker-combinations/

Fake Pirate Bay site pushes banking Trojan to WordPress users – http://www.theregister.co.uk/2015/04/01/fake_pirate_bay_malware_scam/

Mozilla Patches Critical Vulnerabilities With Release of Firefox 37 – http://www.securityweek.com/mozilla-patches-critical-vulnerabilities-release-firefox-37

Google Says 5% Of Visitors To Its Sites Have Ad Injectors Installed – http://techcrunch.com/2015/03/31/google-says-5-of-web-browsers-have-ad-injectors-installed/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook#XOxgPM:O0u4

Ethiopian Government Uses Cyber-Attacks to Restrict Media Houses – http://www.spamfighter.com/News-19543-Ethiopian-Government-Uses-Cyber-Attacks-to-Restrict-Media-Houses.htm

Indiana Government Website Targeted By Cyber Attacks – http://chicago.cbslocal.com/2015/03/31/indiana-government-website-targeted-by-cyber-attacks/

POODLE vuln dogs Australian consumer modems – http://www.theregister.co.uk/2015/04/01/poodle_dogs_australian_consumer_modems/

More details on the French Lick Resort payment card breach – http://www.oag.state.md.us/idtheft/Breach%20Notices/itu-251181.pdf

China’s CNNIC issues false certificates in serious breach of crypto trust – https://cpj.org/blog/2015/03/chinas-cnnic-breaches-sacred-crypto-trust-endanger.php

Lebanese cyberespionage campaign hits defense, telecom, media firms worldwide – http://www.csoonline.com/article/2904396/data-protection/lebanese-cyberespionage-campaign-hits-defense-telecom-media-firms-worldwide.html#tk.rss_all

Cisco wipes its memory from susceptible-to-Row Hammer list – http://www.theregister.co.uk/2015/03/31/cisco_clears_its_memory_of_row_hammer_vuln/

Cyber Crime: Fake email from the boss is a popular fraud – http://www.theprovince.com/business/Cyber+Crime+Fake+email+from+boss+popular+fraud/10932607/story.html

Syrian Electronic Army hacks hosting companies to fight the IS – http://securityaffairs.co/wordpress/35493/hacking/syrian-electronic-army-vs-terrorists.html

NUI Galway examining possible data breach – http://www.irishtimes.com/news/ireland/irish-news/nui-galway-examining-possible-data-breach-1.2159274

Oregon’s Department of Administrative Services Suffers Data Breach – http://www.hacksurfer.com/posts/oregons-department-of-administrative-services-suffers-data-breach

Cyber attack hits Fairleigh Dickinson; Rutgers works to restore internet service – http://www.nj.com/middlesex/index.ssf/2015/03/cyber_attacks_hit_fairleigh_dickinson_rutgers_work.html

Nite Ize Inc. Submits Data Breach Notification – http://www.hacksurfer.com/posts/nite-ize-inc-submits-data-breach-notification

Colonial Car Wash credit breaches investigated – http://www.timesunion.com/news/article/Colonial-Car-Wash-credit-breaches-investigated-6166614.php

British Airways Executive Club members warned of hacked accounts – https://grahamcluley.com/2015/03/british-airways-executive-club-avios-hack/

 

Miscellaneous Infosec stories:

National Risk Register for Civil Emergencies – 2015 edition – https://www.gov.uk/government/publications/national-risk-register-for-civil-emergencies-2015-edition

Hacked uni’s admins hand ID theft prevention reward to data burglars – http://www.theregister.co.uk/2015/04/01/uni_admins_hand_reward_to_data_burglars/

Would financial incentives stop the rise of cybercrime? – http://www.computerworlduk.com/in-depth/security/3606129/would-financial-incentives-stop-the-rise-of-cybercrime/

Why We Need Holistic Context-based Security Decisions – http://www.securityweek.com/why-we-need-holistic-context-based-security-decisions

mDNS Can Be Used to Amplify DDoS Attacks: Researcher – http://www.securityweek.com/mdns-can-be-used-amplify-ddos-attacks-researcher

FFIEC: New Threats to Banks? – http://www.databreachtoday.com/ffiec-new-threats-to-banks-a-8066

We can’t address cyber threats in isolation”, chief lawyers of top companies agree – http://www.forbes.com/sites/elenakvochko/2015/03/31/we-cant-address-cyber-threats-in-isolation-chief-lawyers-of-top-companies-agree/

30 percent of practitioners say they would pay cyber extortionists to retrieve their data – http://www.scmagazine.com/30-percent-of-practitioners-say-they-would-pay-cyber-extortionists-to-retrieve-their-data/article/406453/

Let’s send an unencrypted thumb drive via mail. What can possibly go wrong, right? – http://www.databreaches.net/lets-send-an-unencrypted-thumb-drive-via-mail-what-can-possibly-go-wrong-right/

The CFO’s Role in Cyber Security – http://ww2.cfo.com/accounting-tax/2015/03/cfos-role-cyber-security/

 

Tools, Tips and How it’s done:

How to stop attackers getting a toehold on the corporate network – http://www.computing.co.uk/ctg/opinion/2402471/how-to-stop-attackers-getting-a-toehold-on-the-corporate-network

Intro to E-Commerce and PCI Compliance – Part I – http://blog.sucuri.net/2015/03/intro-to-e-commerce-and-pci-compliance-part-i.html

Phishing Attacks: Not Sophisticated, but Successful – http://www.esecurityplanet.com/network-security/phishing-attacks-not-sophisticated-but-successful.html

A Fresh Look at Application Security – http://www.inforisktoday.co.uk/fresh-look-at-application-security-a-8062

You Are What You Keep: Data Breach – http://www.natlawreview.com/article/you-are-what-you-keep-data-breach

How to build physical security into a data center – http://www.csoonline.com/article/2112402/physical-security/physical-security-19-ways-to-build-physical-security-into-a-data-center.html#jump

Put those smartphones away: Google adds anti-copying measures to Drive for Work – http://www.theregister.co.uk/2015/03/31/google_drive_business/

Report Spells Out Medical Device Risks – http://www.databreachtoday.com/report-spells-out-medical-device-risks-a-8065

Inception: DMA Attack Against Linux, Windows, and Mac – https://github.com/carmaa/inception

How Would I?… Inside the devious mind of a security professional – http://www.csoonline.com/article/2902970/security0/how-would-i-inside-the-devious-mind-of-a-security-professional.html#tk.rss_all

 

Miscellaneous Privacy stories:

Periscope’s first privacy foul-up – https://grahamcluley.com/2015/03/periscope-privacy-foul-up/

 

Safeguarding Children and School E-Safety stories:

Osgodby Primary School in UK first on cyber-security – http://www.marketrasenmail.co.uk/news/education/education-news/osgodby-primary-school-in-uk-first-on-cyber-security-1-6664596

Record A Teacher Bullying A Student? That’s A Suspension – https://www.techdirt.com/articles/20150331/09321030499/record-teacher-bullying-student-thats-suspension.shtml

Computer whizz kids learn how to stay safe online – http://www.theboltonnews.co.uk/news/12749877.Computer_whizz_kids_learn_how_to_stay_safe_online/

Cyber Awareness: A Teen’s Perspective – http://www.hanscom.af.mil/news/story.asp?id=123443629

Teen cyberbullying victims shun online help, UniSA study finds – http://www.news.com.au/national/south-australia/teen-cyberbullying-victims-shun-online-help-unisa-study-finds/story-fnii5yv4-1227283753869

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM Blog

SRM Blog