Aug 3 2005 Liverpool Daily Post

Penny Fray looks at how Merseyside businesses are protecting themselves against the new agents of evil

The world in 2005 is a dangerous and uncertain place. Businesses as much as individuals are vulnerable to the twin threats of urban terrorism and high tech fraud. But experts claim that most companies remain hopelessly unprepared for the consequences of a major attack, estimating that as many as nine out of ten SMEs could go out of business within two years of suffering a catastrophe.

A recent Liverpool Chamber of Commerce report claims that most small to medium sized enterprises have neither a written security policy nor a contingency plan to deal with disasters such as fire, severe flooding or a terrorist bombing. Moreover, 80% of those analysed don't even have adequate procedures to deal with IT and utility failures that would otherwise enable them to function effectively during an emergency.

David Chandler of G Security and Surveillance in Prenton, Wirral, isn't surprised but claims the wheels of change are now in motion. "No-one starts the day believing that the physical presence of a business will be gone later that morning, especially here in Merseyside," says the former police detective turned security expert. "But if the terrorist attacks of September 11 have not already altered the way that businesses view security and disaster planning, the terrible events in London will. "Already, we've had a flurry of calls from both private and public sector agencies worried about safety.

Certain schemes involving public buildings have been brought forward and additional security budgets have been made available." One company that has gone to great lengths to ensure that their security system is bang up to date is Living Ventures, the name behind popular celebrity hang-outs such as The Living Room and Est, Est, Est. "People these days need to feel safe," says Richard Tarran, an IT and systems executive for the company. "That's why we've gone to great lengths to ensure that we're one step ahead of the game through installing equipment and making sure that everything is the best it can be." Although several other large companies in the region confirm a similarly heightened emphasis on security, they've all declined to comment for fear of reprisals.

However, the Daily Post discovered that one large retail outlet has just installed a hi-tech visual verification system, recording vehicle number plates - even those moving at up to 100mph in the dark. Iris scanning, hi-tech firewalls and shatter-proof windows have become popular options for those eager to stay abreast of 21st century crime. "Like most companies who provide extra protection against crime, we've seen a sudden rise in the sale of laminated windows," confirms Kay Ruddy, managing director of Bebington Glass.

Continuity Forum Comment

It is great to see that organisations are investing in better security, but that really is more a comment on what hasn't been done in the past, rather than being a positive step forward in resilience and Business Continuity Planning. Integrating the BIA and Risk Assessment phases of Business Continuity Management presents the organisation with far greater overall Resilience against a wider range of events, while enabling greater value to be achieved.

END 

More than half experienced a security breach this year.

As small businesses begin to depend on increasingly sophisticated technologies to run their operations, they are also leaving themselves wide open for security threats, according to a new survey by the Small Business Technology Institute and Symantec Corporation. Small businesses lack sufficient security controls over such basic systems as email (20 percent are not secured) and wireless networks (60 percent are not secured).

Exercise Triton 04 was the first national exercise of its kind and size, It took place in June and July 2004. The scenario covered an extreme event (up to one in 1000 year occurrence) and with extensive flooding affecting nearly half of England and Wales. The exercise tested the nation's ability to work together and deal with extensive flooding. The scenario deliberately tested systems that would not normally be planned for and identified valuable lessons for the Environment Agency and partners in improving: How we work together How we can improve our forecasting The plans and procedures that we use How we communicate The resources at our disposal And in understanding: How the Civil Contingencies Act will change the way we work.

Who took part? Over 60 organisations and agencies took part nationally, regionally and locally. Teams of people based at 35 locations were presented with the emergency scenario and asked to respond as they would if the events were real.

Half of the risk managers who responded to a recent survey believe that the insurance market is softening and that premium rates will reach their lowest point in 2007 and 2008.

Property and casualty rates are anticipated to drop more significantly than D&O and workers compensation, but despite this optimism, only about a third of those surveyed believe that their insurance spending will decrease in 2005 and 2006.

EAST MIDLANDS REGIONAL RESILIENCE FORUM, in conjunction with the Continuity Forum

A FREE ONE DAY SEMINAR

Date and Time

Thursday 7th July 2005
09:00 - 16:00

Location

Derbyshire Constabulary Headquarters
Butterley Hall
Ripley
Derbyshire
DE5 3RS

BUSINESS CONTINUITY MANAGEMENT

Practical Implementation

2004 saw the introduction of the Civil Contingencies Act that placed new responsibilities relating to Business Continuity Management (BCM) on organisations involved in civil contingencies work to ensure that they are able to continue their functions in the event of an emergency. However, BCM is not only essential to meet the legislative requirements under the Act but also reinforces a stable economy for commerce, industry and public services.

The aim of this event is to raise awareness of BCM and to inform organisations on the practical aspects of developing and implementing a business continuity plan.

WHO SHOULD ATTEND?

This seminar is of particular interest to employees or officers of:

Who is the centre for?

The centre is for all those affected by the events of 7th July. In particular it is for relatives and friends of those who have died, or are still missing, and survivors, whether or not physically injured. It has been set up by those responding to the disaster, as a single point of information and assistance. The centre is secure and private.

It is where:

• Information about those who have died, are missing or were injured can be given and received by the authorities
• Updates on the investigation are made available
• Those who have been affected can get access to support services such as financial, legal, emotional

What else is available?

• The opportunity for a personal meeting with a police family liaison officer
• Regular updated information
• Help with accommodation and travel can be arranged
• Assistance in making contact with appropriate agencies and resolving problems
• Multi-faith and multi-cultural contact
• Emotional support
• Internet and telephone facilities
• Refreshments
• Medical care and mobility aids
• Crèche
• Financial help
• Legal advice
• Information leaflets about bereavement and further sources of support

If you are coming to the Family Centre from out of town please note that accommodation can be arranged or made available through Transport for London Incident Care Team, tel 0791 700 6865.

The Family Assistance Centre has now relocated to:

Lindley Hall (Royal Horticultural
Halls and Centre)
80 Vincent Square
SW1P 2PE

Call (24-hours): 0845 054 7444

END

__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Thursday June 23, 08:51 AM

TOKYO (Reuters) - Japanese officials scrambled on Thursday to contain the public relations fallout from reports that confidential information about Japan's nuclear plants had leaked onto the Internet through a virus on a personal computer.

Japan's top government spokesman pledged to take steps to protect information after data on several nuclear plants appeared online, including photographs of their interiors, details of regular inspections and repair work and names of workers.

"Nuclear plants are important facilities in terms of anti-terrorist measures, security and what not, and therefore we would like to take full steps to ensure information management," Chief Cabinet Secretary Hiroyuki Hosoda told reporters.

Mitsubishi Electric Corp. said the information was leaked through a personal computer used by an employee of a Mitsubishi subsidiary that was in charge of inspecting the plants.
Mitsubishi Electric said the leak occurred at one of its subsidiaries and included information from seven Japanese electric power companies and five independent firms.

"We deeply apologise for causing trouble to many people including electric power companies," Mitsubishi Electric said in a statement. "We will do our utmost to prevent the recurrence of such an incident."

A trade ministry official in charge of the investigation said the information that was published was not directly linked to the "core part" of the nuclear plants.

"We believe the information allegedly leaked does not include data directly related to nuclear materials, which are kept under strict control," he said.

Since the September 11, 2001, attacks on the United States, Japanese police and coast guard forces have tightened security around the country's 52 nuclear reactors.

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

MasterCard scandal: 40 million accounts could be compromised...

In what could be the largest data security breach to date, MasterCard International on Friday said information on more than 40 million credit cards may have been stolen.

Of those exposed accounts, about 13.9 million are for MasterCard-branded cards, the company said in a statement. Some 20 million Visa-branded cards may have been affected and the remaining accounts were other brands, including American Express and Discover.
MasterCard and Visa both say they have notified their member banks of the specific accounts involved so the banks can take action to protect cardholders.

James Van Dyke, principal analyst at Javelin Strategy & Research in Pleasanton, California, said: "In sheer numbers, this is probably one of the largest data security breaches."
The breach occurred at CardSystems Solutions in Tucson, Arizona, a third-party processor of payment data, according to a MasterCard statement. An intruder was able to use security vulnerabilities to infiltrate the CardSystems network and access the cardholder data, MasterCard said.

CardSystems is one of several companies that process transactions for banks and merchants. The security breach at the company was discovered using tools that monitor for credit card fraud, MasterCard said.

Though credit card numbers were compromised, the cards themselves do not hold social security numbers or dates of birth, MasterCard said. This information could be used for credit card fraud but not to steal identities.

A spokeswoman for credit card company Discover said the company is aware of the security breach and is working with law enforcement to investigate it. She noted that Discover Card holders would not be liable for any fraudulent transactions, should they occur.
Visa issued a statement saying it knows of the data security breach and is working with authorities and banks to monitor and prevent fraud. As with MasterCard and Discover, Visa noted that card users are not responsible for fraudulent transactions.

American Express could not immediately be reached for comment.

The credit card theft possibly occurred late last month, according to CardSystems. In a statement issued late on Friday, the company said that it identified a "potential security incident" on Sunday, 22 May and called in the FBI the next day. Visa and MasterCard were notified as well, CardSystems said.

Since the breach, CardSystems has undergone a security audit and is changing its security procedures as a result, it said.

The breach follows several high-profile data loss incidents that potentially exposed US consumers to identity theft. Last week, CitiFinancial said tapes containing unencrypted information on 3.9 million customers were lost by the United Parcel Service while in transit to a credit bureau. CitiFinancial is the consumer finance subsidiary of Citigroup.

In past months, data leaks have been reported by Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Friday June 24, 2005

Rail services on the East Coast Mainline have returned to normal after hundreds of passengers were trapped in overheated carriages for hours after a power failure.
Many endured great distress and were forced to break windows to escape as dozens fainted in the heat.

Yesterday, the 3.55pm GNER train from Newcastle to Kings Cross ground to a halt just outside Peterborough at 5.25pm due an overhead power failure.

Kevin Groves, spokesman for Network Rail, said the power failure meant no trains had been able to leave Kings Cross on the main route north since 5pm yesterday.

He said: "We have engineers working to fix the problem and they will work throughout the night in a bid to have trains running again by 6am."

A Cambridgeshire Fire and Rescue spokesman said eight passengers had been taken to hospital suffering from heat-related injuries.

Passengers were advised to check with National Rail on 0845 748 4950 before travelling today.

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Britain's sizzling heatwave is set to come to an end with warnings of thunderstorms and even tornados.The erratic conditions could bring mayhem to parts of the UK as tennis fans flock to Wimbledon and thousands make the annual pilgrimage to the Glastonbury music festival.Storms moved into south Wales and some southern parts of England overnight, with prolonged outbreaks of rain expected throughout Wales and north-western England which could lead to local flash flooding.

PA WeatherCentre assistant manager Paul Knightly said the storms were likely to bring lightning and hailstones up to the size of golf balls.

"Winds in the upper atmosphere will be fairly strong, and this will promote the development of some severe thunderstorms.

"These may bring hailstones up to the size of golf balls, wind gusts up to 65 mph, extremely heavy rainfall leading to local flash flooding, and possibly isolated tornadoes.
"People should remember that with any thunderstorm, the main threat is cloud to ground lightning, and tomorrow's storms are likely to be very electrically active.

"If a storm approaches, try to get indoors quickly, and do not stand under trees."
The Tornado and Storm Research Organisation (TORRO), which is a privately funded group researching extreme weather phenomenon, predicted possible tornados.

The group was founded in 1974 and has been making severe weather forecasts for the last five years.
Britain experiences an average of 35 small scale tornados each year, mostly concentrated in the south and east of England

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

We are sorry that you have cancelled your transaction with us.

If you have experienced any difficulty, or are disatisfied in any way please do let us know directly +44 (0) 208 993 1599.

We take service very seriously indeed and if are in anyway unhappy with our response please mail Russell.price@continuityforum.org and he will get back to you as soon as possible.

The Continuity Forum is launching a series of of 6 bimonthly breakfast sessions aimed at bringing together the thought leaders from our sector. The Continuity Forum is heavily engaged with national and regional governent at the heart of the developing

Our sector is evolving rapidly across a broad range of topics and interests and in order to ensure that the the

The issue of security continues to be a major industry topic and understandably, especially as this is is one area of BCM that tends to have the highest profile . Many of the issues are closely linked to the increasing complexity and interoperability requirements of applications across a wide variety of Platforms. These problems are also compounded by the generally poor practices of many IT departments and internal users who continue to be a very weak link in the security chain.

Below we have assembled research to provide an at glance reminder that there is still a long way to go to 'secure' an organisations IT.

----------------------------

15% - The average increase in IT security spending in 2005, according to a survey of 1,300 CIOs by IT market research firm Gartner. At the same time, the respondents reported that their overall IT budgets would rise only 2.5 percent. Source: Secure Enterprise Magazine

56% - The share of security solution providers who say that it will take over six months for organizations that have deployed identity management products to see a return on the investment, according to a recent survey by IT business publication CRN. Additionally, 52 percent of those polled reported that only six percent or less of their business customers have adopted ID management solutions as part of their overall security strategy. Source: SecurityPipeline.com

10%- The maximum share of overall IT spending that's related to security patch management at an overwhelming majority -- 97 percent -- of companies polled by research firm InsightExpress. The survey, conducted on behalf of SupportSoft Inc., which develops update management software, found that patching takes a week or more to complete at about 25 percent of companies. Source: SecurityPipeline.com

54 - The average number of software vulnerabilities that security vendor Symantec detected per week in the second half of 2004. The company reported in its semi-annual Internet Security Threat Report that it documented 1,403 new vulnerabilities between July 1 and Dec. 31, 2004, and said that 48 percent of those were found in Web applications. Source: IDG News Service

35 - The number of IRS employees, out of 100 called by inspectors pretending to be internal help desk staffers, who gave up their network log-in names and changed their passwords to one suggested by the caller when told that it was necessary due to a network problem. On a positive note, the results of the anti-hacking test were better than in 2001, when 71 percent of the workers called agreed to change their passwords. Source: TechWeb

50% - The rate at which IM and P2P exploits are increasing monthly, according to the IMlogic Threat Center, an organization formed by IMlogic, McAfee, Symantec and Sybari Software to monitor instant messaging hacks. Source: SmallBizPipeline.com

224 - The average number of directory harvest attacks per day in February on enterprise email systems by spammers seeking valid addresses, according to email security services vendor Postini. Each attack brought an average of 166 invalid message delivery attempts, resulting in a total of 37,184 invalid delivery attempts per day. Source: SecurityPipeline.com

180% - The share of mobile phone users worldwide that have received spam, according to a survey of 1,659 mobile users and 154 wireless operators by the University of St. Gallen in Switzerland and emergency communications services vendor Intrado. Source: MobilePipeline.com

47.9%% - The share of email users who believe their employers have been effective at stopping spam, according to a January survey of 241 Internet users. Source: Osterman Research

25% - The expected spyware infection level on corporate PCs within the next 12 months, according to a new report entitled "Spyware Adoption in 2005" from Forrester Research. Source: Networking Pipeline

750 - The number of confirmed cases of identity theft directly linked to the network security breach at credit card data company ChoicePoint, which has acknowledged that hackers culled private data on at least 145,000 people. Source: CNET News.com

69% - The share of 163 companies surveyed by the Ponemon Institute that reported their data security breaches came at the hands of company insiders -- the result of either malicious employee activities or innocent employee mistakes. Source: NetworkingPipeline.com

17,000,000 - The number of American adults that have been spimmed -- sent unsolicited commercial instant messages, or the equivalent of spam in the IM realm, according to a survey conducted January 13 to February 9 by the Pew Internet & American Life Project. Source: InternetNews.com

2560 - The number of unique phishing Web sites reported in January, a 47 percent increase over the number of sites reported in December. Source: Anti-Phishing Working Group

36% - The share of consumers surveyed by Forrester Research who said they had curbed online purchases because of the rise in security breaches at credit card companies, banks and other businesses. Source: CNET News.com

60,442,655 - The total number of Web sites as of March, representing a gain of 1.34 million sites over the previous month, the biggest monthly increase since April 2004. The number of sites has grown each month for 25 consecutive months. Source: Netcraft

Ends

_________________________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Thousands of threatening emails sent to cripple police computers...

A UK police chief has been bombarded with thousands of threatening emails in a denial of service attack aimed at crippling his force's computer systems.

At one point just before the bank holiday weekend, 2,000 emails an hour were being sent to Greater Manchester Police (GMP) chief constable Michael Todd.

The attacker spoofed some of the email addresses to show US president George Bush as the sender, while other emails warned that the attacker knew where Todd and his family lived.

GMP said the attack was an attempt to crash the force's computer systems through the volume of emails being sent. It has launched an investigation.

A statement issued said: "GMP has been subject to a cyber attack using emails in an attempt to disrupt GMP's service to the public. However, safeguards in place were effective and prevented any disruption to the force."

Cambridgeshire Police were subject to a similar denial of service attack almost two years ago when thousands of spam emails told recipients their credit cards were about to be charged for an iPod they had just bought unless they phoned a customer service number.
The customer service number turned out to be the switchboard at Cambridgeshire police, which was deluged by thousands of people who had received the hoax email, although the culprit was eventually tracked down and arrested.

Continuity Forum Note

It is important to stress that under the Civil Contingencies Act Category One Organisations such as the police and other emergency services must verify that sufficient measures are in place to ensure Continuity of Operations.

Whilst the attack on the GMP was managed though a variety of measures, attacks of this type are rising and it is prudent to point out that 'denial of service' attacks such as this one are a serious matter affecting the ability of the organisation to communicate. Whilst not strictly speaking covered by the detailed requirements of the CCA, this instance is a timely reminder of the diligence that is required.

Source Silicon.com

End

_________________________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

IT failure on this project will put lives in danger, says union

The Fire Brigades Union (FBU) is threatening strike action over a £1bn government project to replace 46 local fire service operations rooms with nine new high-tech regional control centres.

The nine regional centres are scheduled to be up and running by the middle of 2008 as part of the FireControl project being run by the Office of the Deputy Prime Minister (ODPM).

The existing local control centres use different technology systems that are currently unable to talk to each other and FireControl aims to create a common system across the new regional centres.

The ODPM says benefits include automatic caller location for control operators and the ability to mobilise the nearest available fire crew more easily. The control centres will also be linked into a new secure digital radio system that is currently in the middle of a separate procurement process.

But the FBU points to the government's track record on high-profile IT projects and claims a similar disaster on FireControl will lead to cuts in fire services, push up council tax and put lives in danger.

FBU general secretary Matt Wrack said in a statement: "The government's track record on large scale technology projects is very poor. Their record suggests this project will be very expensive and fraught with difficulty. It's expensive, risky and won't save a single life."

The FBU said it will oppose the project "by all means possible" and will look at balloting its members on industrial action if ministers press ahead.

A spokeswoman from the ODPM said: "The government hopes to work constructively with the new FBU leadership and other trade unions in taking forward the modernisation of the fire service."

source Silicon.com

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org