Category Archives: Internet Security

How Image Recognition is Shaping the Future of Internet Security … – Fagen wasanni

Exploring the Role of Image Recognition in the Future of Internet Security and Privacy

Image recognition technology, a subset of artificial intelligence (AI), is rapidly transforming the landscape of internet security and privacy. This technology, which enables computers to identify and process images in the same way as human vision, is being harnessed to create more secure, personalized, and user-friendly online experiences.

In the realm of internet security, image recognition is being used to enhance traditional password-based systems. For instance, facial recognition technology is increasingly being adopted as a secure and convenient alternative to passwords. This technology uses algorithms to analyze specific features on a persons face, such as the distance between the eyes or the shape of the cheekbones, to create a unique facial signature. This signature can then be used to verify a persons identity, providing a level of security that is difficult to breach.

Moreover, image recognition technology is also being used to combat online fraud and identity theft. By analyzing images or videos, AI can identify suspicious patterns or anomalies that may indicate fraudulent activity. For instance, banks and financial institutions are using image recognition to verify the authenticity of documents and signatures, helping to prevent fraud and protect customers personal information.

However, while image recognition technology offers significant benefits for internet security, it also raises important questions about privacy. As more and more personal data is collected and analyzed, there is a growing concern about how this information is used and who has access to it.

In response to these concerns, tech companies and researchers are exploring ways to use image recognition technology in a manner that respects privacy. One approach is to use edge computing, which processes data on the device itself, rather than sending it to a central server. This means that personal data, such as facial images, can be analyzed and used for authentication without ever leaving the device, reducing the risk of data breaches.

Another approach is to use differential privacy, a technique that adds noise to data to make it difficult to identify individual users, while still allowing for useful analysis. This can be used in conjunction with image recognition technology to analyze user behavior and detect security threats, without compromising privacy.

In addition, regulations such as the General Data Protection Regulation (GDPR) in Europe are helping to shape the use of image recognition technology. These regulations require companies to obtain explicit consent before collecting personal data, and to provide clear information about how this data will be used. This is encouraging companies to be more transparent and responsible in their use of image recognition technology.

In conclusion, image recognition technology is playing a pivotal role in the future of internet security and privacy. By enhancing security measures and combating fraud, this technology is helping to create a safer online environment. At the same time, the use of techniques such as edge computing and differential privacy, along with regulatory measures, are helping to ensure that this technology is used in a way that respects privacy. As this technology continues to evolve, it will be crucial to strike a balance between harnessing its benefits for security and preserving the privacy of users.

More here:
How Image Recognition is Shaping the Future of Internet Security ... - Fagen wasanni

The Future of Telecommunications and Internet Security in Greater … – Fagen wasanni

Exploring the Future of Telecommunications and Internet Security in Greater China: The Role of Managed Security Services

The future of telecommunications and internet security in Greater China is a topic of increasing importance, as the region continues to experience rapid technological advancement and digital transformation. One of the key elements shaping this future is the role of managed security services, which are poised to play a pivotal role in ensuring the safety and integrity of digital communications.

Managed security services, or MSS, refer to network security services that have been outsourced to a service provider. These services can include everything from managing firewalls and conducting intrusion detection to performing security audits and responding to emergencies. The goal of MSS is to provide a comprehensive, proactive security solution that can protect against a wide range of threats, from cyberattacks to data breaches.

In Greater China, the demand for MSS is growing at an unprecedented rate. This is due in large part to the regions booming digital economy, which is driving the need for more robust and sophisticated security solutions. As businesses and consumers alike become more reliant on digital technologies, the risks associated with cyber threats are also increasing. This has created a pressing need for effective security measures that can safeguard sensitive data and ensure the smooth operation of digital networks.

The rise of MSS in Greater China is also being fueled by the regions regulatory landscape. Governments across Greater China are implementing stricter regulations around data protection and cybersecurity, which is forcing businesses to invest more heavily in security measures. This is where MSS providers come in. By offering a comprehensive suite of security services, these providers can help businesses meet regulatory requirements and protect against potential fines or penalties.

However, the future of MSS in Greater China is not without its challenges. One of the biggest hurdles is the lack of skilled cybersecurity professionals in the region. This skills gap is making it difficult for businesses to implement and manage their own security measures, which is driving the demand for outsourced solutions. To address this issue, MSS providers are investing in training and development programs to build up a skilled workforce.

Another challenge is the rapidly evolving nature of cyber threats. Cybercriminals are constantly developing new tactics and techniques, which means that security measures need to be continually updated and improved. This requires a significant investment in research and development, which can be a barrier for some businesses. However, by outsourcing their security needs to an MSS provider, businesses can leverage the providers expertise and resources to stay ahead of the curve.

In conclusion, the future of telecommunications and internet security in Greater China is closely tied to the growth and development of managed security services. As the region continues to digitize and evolve, the demand for these services is only set to increase. Despite the challenges, the potential benefits of MSS from improved security to regulatory compliance make it a promising solution for businesses and consumers alike. As such, the role of MSS in shaping the future of telecommunications and internet security in Greater China cannot be underestimated.

Read the original here:
The Future of Telecommunications and Internet Security in Greater ... - Fagen wasanni

Internet Security Enhanced: The Rise of Iris Recognition Technology … – Fagen wasanni

Internet Security Enhanced: The Rise of Iris Recognition Technology in European Telecoms

In the rapidly evolving world of technology, the European telecoms industry is taking a significant leap forward in internet security with the rise of iris recognition technology. This innovative biometric technology, which identifies individuals based on unique patterns in the iris, is being increasingly adopted by telecom companies across Europe to enhance security and protect user data.

The adoption of iris recognition technology in the telecom sector is a response to the growing need for robust security measures in the digital age. With the proliferation of online transactions and the increasing amount of sensitive data being shared over the internet, the risk of cyber threats has never been higher. Traditional security measures such as passwords and PINs are no longer sufficient to protect against sophisticated cyber-attacks. Iris recognition technology, with its high level of accuracy and difficulty to replicate, offers a promising solution to these security challenges.

The iris, the coloured part of the eye surrounding the pupil, has a unique pattern that remains stable throughout a persons life. This makes it an ideal biometric identifier. Iris recognition technology uses a camera to capture an image of the iris, which is then converted into a digital template. This template is compared with stored templates to verify an individuals identity. The technology is non-invasive and can be used from a distance, making it convenient for users.

European telecom companies are leveraging this technology to enhance their security protocols. For instance, iris recognition is being used to secure access to sensitive data and systems, preventing unauthorized access. It is also being used to authenticate users for online transactions, reducing the risk of fraud. Moreover, the technology is being integrated into mobile devices, providing an additional layer of security for smartphone users.

The rise of iris recognition technology in European telecoms is not without challenges. Privacy concerns are a significant issue, as the technology involves the collection and storage of biometric data. Telecom companies need to ensure that this data is securely stored and used in compliance with data protection regulations. Additionally, the technology needs to be user-friendly to encourage widespread adoption.

Despite these challenges, the potential benefits of iris recognition technology are significant. It offers a high level of security, reducing the risk of cyber threats. It also improves user experience by providing a convenient and quick method of authentication. As such, the technology is expected to play a crucial role in the future of internet security in the telecom sector.

In conclusion, the rise of iris recognition technology in European telecoms represents a significant advancement in internet security. As cyber threats continue to evolve, the need for robust security measures is more critical than ever. Iris recognition technology, with its unique combination of security and convenience, offers a promising solution to these challenges. As European telecom companies continue to adopt and integrate this technology, we can expect to see a significant enhancement in internet security in the region.

Link:
Internet Security Enhanced: The Rise of Iris Recognition Technology ... - Fagen wasanni

SEC controversial cybersecurity disclosure warning: What … – VentureBeat

Head over to our on-demand library to view sessions from VB Transform 2023. Register Here

The Securities and Exchange Commissions (SEC) has issued a landmark ruling on cybersecurity disclosure for public companies.

Starting as early as December 15, public enterprises will now be required to disclose material incidents within four days and reveal how they detect and address them while describing board oversight.

Not surprisingly, the response has been all over the board, with some calling it a step in the right direction regarding transparency and communication, while others describe it as a rear-view tactic.

Still, others argue that it could open companies up to more risk, not less, and many point out that four days isnt nearly enough time to confirm a breach, understand its impact and coordinate notifications.

VB Transform 2023 On-Demand

Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.

Furthermore, theres umbrage with the vagary of the wording around material incidents.

If the SEC is saying this will be law, they need to be very specific with what they define as material impact, said Tom Guarente, VP of external and government affairs at cybersecurity company Armis. Otherwise, it is open to interpretation.

The ruling is intended to increase visibility into the governance of cybersecurity and put greater pressure on boards and C-suites, according to the SEC. Providing disclosure in a more consistent, comparable and decision-useful way will benefit investors, companies and the markets connecting them, the agency says.

Per the new rules, public companies must:

The final rules will become effective 30 days following publication in the Federal Register and disclosures will be due as soon as December 15.

Going forward, legal teams will need to consider what might be material in all sorts of scenarios, said Alisa Chestler, chair of the data protection, privacy and cybersecurity team at national law firm Baker Donelson.

For example, she pointed out, a breach that impacts the supply chain could be material after one day or three. Or, maybe theft of intellectual property has occurred and while it is material, does it impact national security and therefore merit a delay?

Materiality will be very much based on cyber and operations, she told VentureBeat.

However materiality is defined, the optimal outcome is that notifications will not only protect investors and consumers but inform collective learning namely, that public companies and other entities glean actionable lessons learned, said Maurice Uenuma, VP and GM at data erasure platform Blancco.

If these breach notifications just become more noise for a world becoming numb to the steady drumbeat of breaches, the effort wont yield much benefit, said Uenuma, who is also former VP of Tripwire and The Center for Internet Security.

This isnt just an issue for public companies, experts emphasize.

Its very important to realize that while this law is directed at public companies, its really going to trickle down to all companies of all sizes, said Chestler.

She pointed out that public companies are reliant on many smaller software and supply chain companies, and a cyberattack at any point along that chain could have a material impact.

Contractually, public companies will need to start to think about how they can flow down properly for their own protection. She said this could mean implementing vendor management programs instead of just vendor procurement programs and regular agreements and contract re-evaluations.

This means that private companies should be closely watching developments so they can be prepared for increased scrutiny of their own operations.

The reality is that most companies are currently ill-prepared to meet the requirement of reporting an incident of material impact within four days, said George Gerchow, CSO and SVP of IT at cloud-native SaaS analytics company Sumo Logic.

As such, they will have to address and likely revise how they discover potential vulnerabilities and breaches and reporting mechanisms.That is, he posited, if a security team discovers the breach, how do they report it to the SEC and who does it the CISO, general council, a cybersecurity working group or someone else within the organization?

Finally, having cybersecurity presence on board is critical, and its time for CISOs to begin preparing themselves for board positions and for companies to position qualified CISOs on their boards, he said.

Bridging the divide between CISOs and boards starts with a two-way discussion, emphasized David Homovich, solutions consultant in the office of the CISO at Google Cloud.

Security leaders should regularly brief board members and provide them an opportunity to ask questions that help them understand the security management teams priorities and how those align with business processes, he said.

CISOs would do well to avoid focusing on one specific cybersecurity issue or metric that can often be complex and difficult to understand. Instead, they should engage at a broad enterprise-wide risk management level where cybersecurity risk can be contextualized and cybersecurity challenges can be made more digestible and accessible.

For instance, techniques like scenario planning and incident analysis help place an organizations risks in a real-world context.

Board involvement can be challenging, as board members often do not have the in-depth expertise to closely direct the management of that risk, said Homovich.

Even if a board member has relevant experience as a CIO, CTO or C-suite role, it can still be a struggle because they are not directly involved in day-to-day security operations.

A boards understanding of cybersecurity is more critical than ever, he said, pointing to surges in zero-day vulnerabilities, threat actor groups, supply chain compromises and extortion tactics designed to hurt company reputations.

We predict that boards will play an important role in how organizations respond to these trends and should prepare now for the future, he added.

Homovich pointed out that the majority of large companies particularly those in highly regulated industries will not need to dramatically shift their approach to board oversight. Instead, there will likely be a significant adjustment on the part of small-to-medium-sized public companies.

He advised CISOs to immediately engage their C-Suite counterparts and board members and ask questions such as:

CISOs should revisit their management framework and ensure it addresses five key areas: current threats; an explanation of what cybersecurity leadership is doing to mitigate those threats; examples of how the CISO is testing whether mitigations are working; the consequences if those threats actually happen; and risks that the company is not going to mitigate, but will otherwise accept.

But collaboration isnt just important internally security leaders should be robustly engaging outside experts through such groups as the CISO Executive Network, Chestler said. This can help build camaraderie and share best practices, because they continue to evolve.

Indeed, in todays threat landscape, technology isnt enough, agreed Max Vetter, VP of cyber at training company Immersive Labs. Enterprises must also invest in cyber resilience and peoples preparedness for attacks.

People need to know how to work together to mitigate an attack before one actually occurs, said Vetter. With a people-centric cybersecurity culture and approach, we can make the most of our investments while measurably reducing risk.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

See more here:
SEC controversial cybersecurity disclosure warning: What ... - VentureBeat

Taking Cyber Security to the Next Level with Zero Trust – Enterprise Security

A post-perimeter world requires a holistic approach to network-wide security. Zero Trust is that approach. The wall was seen to protect those on the inside from untrustworthy baddies on the other side. Now, nothing is taken for granted and zero-trust environments require full authentication for everyone and do not allow free access to anyone.

Fremont, CA: An ever-widening void was filled by new holistic approaches as traditional perimeter security was crumbling. It was no longer enough to keep the bad guys out, and it was now necessary to defend yourself from the inside out. It wasn't just basement hackers who were making cyber attacks anymore, but email attachments, login attempts, and containerized communication were also suspect - and subject to cyber subterfuge unimaginable before the digital revolution.

In the security community, Zero Trust is one of the most widely accepted philosophies, and its far-reaching tenants can make it, and the organizations that adopt it, future-proof.

Zero Trust

In essence, zero Trust involves authorizing users and services using multiple points of authentication, assuming guilt before claiming innocence, and requiring each entity to prove itself.

A post-perimeter world requires a holistic approach to network-wide security. Zero Trust is that approach. The wall was seen to protect those on the inside from untrustworthy baddies on the other side. Now, nothing is taken for granted, and zero-trust environments require full authentication for everyone and do not allow free access to anyone.

Due to the unilateral migration to digital assets over the past decade, which has accelerated in the past few years, a scrutinizing security environment has become increasingly necessary. This growth can be attributed in part to the proliferation of three types of technology:

Remote apps

Work-from-anywhere demands are bridging the gap between office environments and new services. As a result of that rush to market, many products were not created with security in mind. Remote services must be protected with VPN-only network access, multifactor authentication, and antivirus and internet security software at home in order to mitigate those built-in vulnerabilities.

Cloud apps

Similarly, cloud apps have overtaken safety in many ways, and security practitioners now bear the burden of ensuring their cloud workloads are secure. The majority of cloud service providers provide security services, but not all. Security is offered in varying degrees by those who do offer it. Due to the interconnected nature of assets and identities in the cloud, achieving zero Trust is particularly challenging. All cloud-hosted asset management solutions must be built on a foundation of full visibility.

IoT devices

Organizations must be particularly vigilant when allowing IoT devices onto their networks because there is no standard for cybersecurity. The smart TV in the break room, as well as BYODs and innocuous smart devices, should be regarded with caution.

Follow this link:
Taking Cyber Security to the Next Level with Zero Trust - Enterprise Security

agriCULTURE exhibit at the Longmont Museum and other events for today – Longmont Times-Call

Devin Reilly helps to set up the installation piece titled The Regeneration Series: Soil Regeneration Model by artist Nicole Barowetz at the Longmont Museum. The piece is part of the BMoCA and the Longmont Museum's new joint exhibit agriCULTURE: Art inspired by the Land. (Matthew Jonas Staff Photographer)

agriCULTURE exhibit at the Longmont Museum: agriCULTURE: Art Inspired by the Land pairs more than 15 local and national artists with farmers throughout Boulder County to create three site-specific, new visual works; 9 a.m. Monday, Longmont Museum, 400 Quail Road, Longmont; $5-$9; longmontmuseum.org.

Life drawing at Firehouse: Draw short poses with fellow local artists of models who are facilitated by Art of Modeling. Bring supplies from home, but newsprint and vine charcoal will be available. Bring an easel if desired; 6 p.m. Monday, Firehouse Art Center, 667 Fourth Ave., Longmont; firehouseart.org.

Spanish chorus group: This group sings classic Mexican songs, while having fun and sharing stories; 1 p.m. Monday, Senior Center, 910 Longs Peak Ave., Longmont; longmontcolorado.gov.

Current events meeting: Meet for an hour or more to review local, national and international events. Share views and analyses from wide-reading and often personal and professional experiences. Many meet a bit earlier to share coffee and conversation. Moderated by Rick Fitzgerald; 10:15 a.m. Tuesday, Senior Center, 910 Longs Peak Ave., Longmont; longmontcolorado.gov.

Open chess night: This informal chess night will have tables and chess sets ready for playing on the second floor of the library. Open to all ages, but those 16 years old and younger must have an adult with them at all times; 6 p.m. Tuesday, Longmont Library, 409 Fourth Ave., Longmont; free; longmontcolorado.gov.

Internet Basics Surfing the Web: In this session, the class will cover the basic fundamentals of internet security, how to establish secure passwords and password storage advice. Participants will also examine anti-spam and anti-phishing security measures and how to avoid viruses, spyware and emails that are dangerous. Finally, look at secure payment solutions for buying and conducting business online; 5 p.m. Tuesday, Longmont Public Library, 409 Fourth Ave., Longmont; free; longmontcolorado.gov.

View post:
agriCULTURE exhibit at the Longmont Museum and other events for today - Longmont Times-Call

How Vietnam is Bolstering its Cyber Security in the Age of Internet … – Fagen wasanni

Exploring Vietnams Strategies for Enhancing Cyber Security in the Era of Internet Dominance

In the age of internet dominance, cyber security has become a critical concern for nations worldwide. Vietnam, in particular, has been making significant strides in bolstering its cyber security infrastructure. The Southeast Asian nation has been implementing a series of strategies to enhance its cyber security, demonstrating a keen understanding of the importance of this issue in the digital era.

Vietnams approach to cyber security is multifaceted, encompassing a range of measures designed to protect both its national security and the digital safety of its citizens. The government has been proactive in establishing a robust legal framework to address cyber threats. The Law on Cyber Security, which came into effect in 2019, is a testament to this commitment. This comprehensive legislation outlines the responsibilities of individuals, organizations, and agencies in ensuring cyber security, and provides a legal basis for the prosecution of cybercrimes.

In addition to legislative measures, Vietnam has been investing heavily in technological solutions to enhance its cyber security. The government has been working closely with international tech giants and local start-ups to develop advanced cyber security technologies. These collaborations have resulted in the creation of sophisticated systems capable of detecting and neutralizing a wide range of cyber threats.

Education and awareness are also key components of Vietnams cyber security strategy. The government has been implementing various programs aimed at raising public awareness about the importance of cyber security and educating citizens on how to protect themselves online. These initiatives range from nationwide campaigns to school-based programs, and they play a crucial role in fostering a culture of cyber security in the country.

Moreover, Vietnam has been actively participating in international cooperation in the field of cyber security. The country has been engaging with other nations and international organizations to share information, exchange best practices, and collaborate on joint initiatives to combat cyber threats. This global approach not only enhances Vietnams own cyber security capabilities but also contributes to the collective effort to maintain global cyber security.

The private sector in Vietnam has also been playing a significant role in enhancing the countrys cyber security. Many Vietnamese companies have been investing in cyber security solutions and adopting best practices to protect their digital assets. The government has been encouraging this trend by providing incentives for businesses that prioritize cyber security.

However, despite these efforts, challenges remain. Cyber threats are constantly evolving, and keeping up with these changes requires continuous vigilance and innovation. Vietnam, like many other countries, faces the challenge of balancing the need for cyber security with the need to maintain an open and free internet. The country also needs to address the issue of cyber security skills shortage, which is a common problem worldwide.

In conclusion, Vietnams efforts to bolster its cyber security in the age of internet dominance are commendable. The countrys comprehensive approach, which combines legislative measures, technological solutions, education, international cooperation, and private sector involvement, is a model that other nations can learn from. However, the journey is far from over. As cyber threats continue to evolve, Vietnam will need to keep innovating and adapting its strategies to ensure the digital safety of its nation and its citizens.

Read the original:
How Vietnam is Bolstering its Cyber Security in the Age of Internet ... - Fagen wasanni

Data Privacy and Security in Europe’s Consumer Internet of Things … – Fagen wasanni

Understanding the Implications of Data Privacy and Security in Europes Consumer Internet of Things Landscape

The landscape of the consumer Internet of Things (IoT) in Europe is rapidly evolving, with an increasing number of devices connecting to the internet and sharing data. This development has significant implications for data privacy and security, which are becoming increasingly important issues for consumers, businesses, and regulators alike.

The IoT refers to the network of physical devices, vehicles, appliances, and other items embedded with sensors, software, and network connectivity, which enables these objects to connect and exchange data. This technology has the potential to revolutionize many aspects of daily life, from home automation to healthcare, transportation, and beyond. However, the proliferation of IoT devices also raises significant concerns about data privacy and security.

In Europe, the General Data Protection Regulation (GDPR) has set a high standard for data privacy, requiring businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The regulation also imposes strict rules on the control and processing of personal data. These rules apply to all companies that process personal data of individuals residing in the EU, regardless of the companys location.

The GDPR has significant implications for the IoT landscape in Europe. For instance, many IoT devices collect vast amounts of personal data, often without the users explicit consent. Under the GDPR, this could potentially lead to hefty fines for non-compliance. Moreover, the regulation requires businesses to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, which could pose significant challenges for IoT device manufacturers and service providers.

In addition to the GDPR, the European Union Agency for Cybersecurity (ENISA) has also published guidelines for securing IoT devices. These guidelines provide practical advice for IoT device manufacturers and service providers on how to ensure the security of their devices and services.

Despite these regulatory efforts, data privacy and security remain significant challenges in Europes IoT landscape. For instance, many IoT devices lack robust security features, making them vulnerable to cyberattacks. Moreover, the sheer volume of data generated by IoT devices makes it difficult to ensure data privacy.

Furthermore, the decentralized nature of the IoT poses additional challenges for data privacy and security. For instance, data from IoT devices can be processed and stored in multiple locations, making it difficult to ensure data privacy and security. Moreover, the interoperability of IoT devices can also pose security risks, as vulnerabilities in one device can potentially affect other devices in the network.

In conclusion, data privacy and security are critical issues in Europes consumer IoT landscape. The GDPR and ENISA guidelines provide a regulatory framework for addressing these issues, but significant challenges remain. As the IoT continues to evolve, it will be crucial for businesses and regulators to continue to prioritize data privacy and security. This will not only protect consumers but also foster trust in the IoT, which is essential for its continued growth and success.

Read the original post:
Data Privacy and Security in Europe's Consumer Internet of Things ... - Fagen wasanni

How Global Network Security Firewalls are Shaping the Future of … – Fagen wasanni

Exploring the Role of Global Network Security Firewalls in Shaping the Future of Internet Safety

In the digital age, the internet has become an integral part of our daily lives. From online banking to social networking, we rely on the internet for a myriad of tasks. However, this dependence also exposes us to a variety of cyber threats. As such, the role of global network security firewalls in shaping the future of internet safety cannot be overstated.

Global network security firewalls serve as the first line of defense against cyber threats. They monitor and control incoming and outgoing network traffic based on predetermined security rules, thereby providing a barrier between a trusted internal network and untrusted external networks. In essence, they act as gatekeepers, deciding which traffic is allowed to pass through and which is not, based on a set of rules.

The advent of advanced technologies such as artificial intelligence (AI) and machine learning (ML) has significantly enhanced the capabilities of these firewalls. AI and ML algorithms can analyze network traffic patterns and detect anomalies that may indicate a cyber threat. This allows for proactive threat detection and response, thereby reducing the potential damage caused by cyber-attacks.

Moreover, the rise of the Internet of Things (IoT) has expanded the attack surface for cybercriminals. With billions of interconnected devices worldwide, the potential for cyber threats has increased exponentially. In this context, global network security firewalls play a crucial role in securing these devices and protecting them from cyber threats.

However, the effectiveness of these firewalls is not solely dependent on their technological capabilities. It also hinges on the implementation of robust security policies and practices. For instance, regular updates and patches are essential to ensure that the firewall can effectively counter the latest cyber threats. Additionally, organizations must also invest in training their employees about the importance of cybersecurity and the role they play in maintaining it.

The future of internet safety is also being shaped by the increasing adoption of cloud-based network security firewalls. These solutions offer several advantages over traditional on-premise firewalls. For one, they provide scalability, allowing organizations to easily adjust their security measures as their network grows. They also offer cost savings, as they eliminate the need for expensive hardware and maintenance.

Furthermore, cloud-based firewalls provide centralized management, making it easier for organizations to monitor and control their network security. They also offer real-time threat intelligence, enabling organizations to respond quickly to emerging threats.

In conclusion, global network security firewalls are playing a pivotal role in shaping the future of internet safety. Their ability to monitor and control network traffic, coupled with the advancements in AI and ML, make them an effective tool against cyber threats. However, their effectiveness is also dependent on the implementation of robust security policies and practices.

As we move further into the digital age, the importance of these firewalls will only continue to grow. Therefore, it is crucial for organizations to invest in these solutions and ensure their proper implementation and management. Only then can we hope to create a safer internet for everyone.

See more here:
How Global Network Security Firewalls are Shaping the Future of ... - Fagen wasanni

Evaluation of the Cyber Security Academic Startup Accelerator – GOV.UK

1. Executive summary

The Cyber Security Academic Start-up Accelerator (CyberASAP) programme is funded by the Department for Digital, Culture, Media and Sport (DCMS) and delivered by the Knowledge Transfer Network (KTN) [footnote 1]. It supports the commercialisation of UK cyber security research and helps academic researchers to turn ideas into fully rolled-out commercial projects by developing the academics entrepreneurial skills. It has two phases as set out in Figure 1:

Figure 1: CyberASAP overview

This evaluation report relates to the CyberASAP programme which was initially piloted in 2017/18 and has been delivered over five years to 2021/22, with one cohort of researchers each year. [footnote 2]

Conclusions and recommendations against each of the core evaluation questions are outlined below.

Was the programme delivered as intended?

The programme has evolved each year and delivery has taken place as intended in the Memorandum of Understanding (MoU) between DCMS and Innovate UK.

What worked well, or less well, for whom and why?

There are several examples of elements of CyberASAP that worked well, including:

There were also several examples of areas for development. This included:

Recommendation 1: we recommend that decisions to fund CyberASAP are communicated at least 9 months in advance (rather than the current timeframe of c. 4 months) to allow sufficient time for programme promotion with potential entrepreneurs from underrepresented groups.

Recommendation 2: we recommend that CyberASAP engages with university Technology Transfer Offices (TTOs) to identify potential candidates for the programme.

What can be learned from the delivery methods used? / Were there any unexpected or unintended issues in the delivery of the intervention? / How did external factors influence the delivery and functioning of the programme?

The majority of survey respondents (98%, n=54) were satisfied or very satisfied with the programme structure.

However, COVID-19 limited face-to-face interaction and qualitative feedback suggested this was detrimental to relationship building between participants and with investors. Other factors that impacted delivery across all years of the programme included that:

How can the existing programme be improved to become more effective?

The existing programme could be improved by:

Recommendation 3: we recommend that SMART outcomes are further developed for CyberASAP and there is detailed reporting on these. KTN to develop based on the CyberASAP ToC metrics and agree with DCMS. Evidence should be collected by KTN for progress against each using both published data and primary research with participants. For example, those noted in the DCMS MoU with KTN for Year 6 and including:

The programme has delivered business impacts. To date 108 projects have been supported by CyberASAP [footnote 6] and of these 12 were categorised as spinouts; 2 were acquired by other firms and 5 developed a patent.

The DCMS funding has leveraged 12,382,895 in additional investment (for example corporate / private investment, acquisition, VC investment, angel investment, and seed funding / equity fundraising).

Programme participants were able to meet with organisations, however it will take time to understand the impacts from these meetings and any relationships.

It has also been successful in developing entrepreneurial skills and confidence, including for participants who did not progress to the proof-of-concept stage however completed part (a) or all of phase 1.

To what extent has the programme been successful in commercialising academic research / accelerated the process to commercialisation?

Overall, 26% (n=12 of 47 tracked participants) have spun out companies successfully [footnote 7], some of whom provided their project outputs as an open-source product and through published articles. In addition, survey respondents reported an increased capability to commercialise their research following participation in the programme as:

Nevertheless, participants still found it difficult to commercialise their research after the programme had finished and felt that further support is required, either from their university and / or by having further support CyberASAP. Specific examples included ensuring that universities and TTO staff maintain commitment to commercialisation throughout and are as committed to the commercialisation of the Intellectual Property (IP) as the investors. Based on the contribution analysis conducted CyberASAP has had:

While 77% (n=41) of the 53 respondents who answered the question had not yet received investment following the programme, some of those will only be at the stage of seeking investment. Therefore, the above contribution analysis is only part of the answer. It will be important to continue tracking progress of the projects after the programme ends to measure longer term impacts.

Recommendation 4: we recommend that the outcomes and impacts from the programme continue to be tracked. It should be a requirement within the delivery partner contract to provide evidence of the capability and business outcomes being achieved for participants at one, two and three years after completing the programme to provide evidence of the longer-term benefits.

We recommend DCMS set up a monitoring template that covers all the outcome and impact measures expected from the programme. This should be completed by the delivery partner for participants when they finish the programme and then at 6, 12 and 24 months after completion.

To what extent does the evidence suggest future funding would be more effective if targeted differently (at less well funded universities, for example)?

The premise of the current CyberASAP model is to attract and identify the most promising commercial opportunities from different parts of the UK academic research base and to make funding opportunities accessible to universities from all regions as well as those outside the Academic Centres of Excellence in Cyber Security Research (ACE-CSR) and Russell Group.

The project has been successful in achieving this as 82 of the 108 (76%) participating universities from non-Russell Group institutions and 84 (77%) outside of London.

Due to the programme both reaching several non-Russell Group universities and there being a lack of notable difference in outcomes between Russell and non-Russell Group universities (as discussed below), a focus on the best commercial opportunities should remain.

To what extent does the success of the programme differ between different cohorts, types of firm/idea, university?

There is no notable difference in outcomes between cohorts, projects or between universities, including Russell Group and non-Russell Group institutions (with one exception). The only notable variations were:

In addition, there is a similar proportion of the 108 Russell Group and non-Russell Group university projects that are in development, licensed and acquired. [footnote 9] However, a higher difference in the amount of spin-outs achieved was identified between the two groups. KTN feedback suggests this is likely to be the result of Russell Group universities typically being better funded and possessing mature and well-established commercialisation capacities. [footnote 10] This is shown by the proportion of Russell and non-Russell group universities that have:

Do participants join other cyber growth programmes after completing CyberASAP?

Evidence obtained from stakeholder interviews indicated that most of the CyberASAP participants who fully completed all phases of the programme did not go on to other cyber growth programmes. Those who did not progress through all stages of CyberASAP tended to either (a) re-apply for CyberASAP; (b) progress to the London Office for Cybersecurity Advancement (LORCA); (c) progress to the Cyber Runway programmes, or (d) access other sources of funding / development programmes. This was in part due to CyberASAP helping them to better understand the schemes available, suggesting the programme plays an important role in the wider cyber growth and innovation ecosystem.

What are the additional or unintended benefits of the programme?

Delivery partner feedback suggests the programme has helped to change the way universities approach commercialisation as some are now more willing to be pragmatic about how much equity they will receive. For example, Royal Holloway University applied a policy which assigned IP to the start-up company in exchange for an under 10% share to make the deal more attractive to investors. [footnote 11] KTN have also suggested the programme is starting to see repeat participation from universities who are beginning to change their approach in this area.

RSM Consulting LLP were commissioned by the Department for Digital, Culture, Media and Sport (DCMS) [footnote 12] to undertake independent evaluations of the CyberASAP, Cyber Runway and UKC3 programmes. The evaluations will help DCMS to understand the impact of these programmes and the findings will be used to inform the development of future interventions.

The CyberASAP programme supports the commercialisation of UK research into cyber security and helps academic researchers to turn ideas into fully rolled-out commercial projects by developing the academics entrepreneurial skills. In doing this, it recognises the barriers that academics face when commercialising research, including the lack of dedicated time available to research the market and to validate potential products.

This evaluation report relates to the CyberASAP programme which was initially piloted in 2017/18 and has been delivered over five years to 2021/22, with one cohort of researchers each year. [footnote 13]

The evaluation incorporates delivery and performance across all years to date.

The evaluation methodology was agreed with DCMS and includes the following stages:

Scoping phase

(1) Project initiation meeting: the project commenced with a project initiation meeting involving the evaluation team and DCMS to: (1) review and agree the evaluation methodology and timetable; (2) discuss access to relevant information and (3) finalise arrangements for project management and progress updates.

(2) Desk research and analysis: a review of the strategic and delivery context for the programme and mapping was conducted to identify other sources of funding available to support the commercialisation of cyber security academic research.

(3) Review of programme documentation setting out rationale for funding measures: review of the programme business case; MoUs between DCMS and Innovate UK; Key Performance Indicators (KPIs) agreed between DCMS, Innovate UK and KTN; and previous research / theories of change relating to the programme to identify the rationale for the intervention and the outputs and impacts expected from it.

(4) Development of ToC: an online workshop was facilitated with DCMS staff involved in the business case for funding and the design and management of the programme to test and refine the draft ToC and associated metrics. The final ToC (see Appendix B Theory of Change) was used to inform the research tools that were developed, specifically the participant survey and guides for the participant, delivery partner and case study interviews. (5) Evaluation plans for each programme: an evaluation plan was developed detailing the design and approach being taken to address the evaluation questions. This was informed by the ToC and outlined how each of the ToC metrics would be measured.

Data collection

(1) Analysis of programme monitoring information / impact information and published data: to inform the assessment of programme performance against its core KPIs (as per the ITT) and those in the agreed ToC.

(2) Surveys and consultations: this involved:

Survey methodology: the survey was designed by RSM UK Consulting in collaboration with DCMS to collect evidence against the key evaluation questions and ToC metrics. As it was not possible for participant details to be shared with RSM UK Consulting without consent, an online survey link was distributed via KTN, with subsequent reminders by email and targeted telephone follow-up to ensure a representative sample across regions and cohorts.

Note: where n= is used during survey analysis, it is referring to the number of respondents responding in a certain way / to a specific answer choice, rather than the entire respondent base. Where applicable, a base number has been provided in figure titles or in text to provide more general information on total number of respondents. This base number will occasionally vary from the overall survey participant number of 55 depending on relevance of the question and if respondents choose not to answer.

Participants survey profile:

Table 1: CyberASAP participants respondents by region (base number = 55)

Table 2: CyberASAP participants respondents by cohort (base number = 55)

(3) Counterfactual: nine interviews were completed with those participants successful in applying to phase 1 of CyberASAP but did not proceed to phase 1(b) or phase 2.

(4) Case studies: four in-depth case studies were developed to provide qualitative insight into the benefits of participating in the programme. These were selected to provide a representative sample across regions, cohorts, and stage of idea development and are shown in Table 3.

Table 3: Case Studies

Analysis and reporting

(1) based on the ToC, 6 contribution statements were developed describing the outcomes CyberASAP intends to achieve and how

(2) based on the data collected in the previous stages the strength of evidence was assessed against each contribution statement, as well as evidence of any other factors that have contributed

The strength of evidence was determined by reviewing:

High strength of evidence includes:

(3) The contribution of CyberASAP to the expected results as described by each contribution statement was assessed as strong, some, or negligible, with:

Reporting: included a progress presentation, interim and final reports, a final presentation, and a closing workshop with DCMS which will act as a learning event.

Limitations

Counterfactual: it was not feasible or appropriate to contact those who were unsuccessful in their application to the CyberASAP programme to form a counterfactual group as their characteristics were too dissimilar to complete a robust regression discontinuity analysis - based on information provided by KTN due to:

The absence of a robust counterfactual means that caution should be applied to over interpreting the results of the impact evaluation, in that it is not possible to rule out the possibility that some of these impacts will have occurred under the counterfactual.

Therefore, it was agreed with DCMS that a qualitative counterfactual approach would be applied by completing interviews with participants who did not complete all phases of the programme in order to identify what they did instead and if / how the programme impacted on this.

This section details the strategy and delivery context, and the rationale for the CyberASAP programme, as well as providing an overview of other programmes in this space.

The CyberASAP programme was expected to contribute, or has the potential to contribute, to several key national strategies, as set out below.

Table 4: Strategic context

National Cyber Strategy 2022 - focuses on strengthening the UK Cyber Ecosystem

While the CyberASAP programme was designed before the National Cyber Strategy 2022 was developed, it contributes to the objective of fostering and sustaining sovereign and allied advantage in the security of cyberspace-critical technologies through ensuring the UK becomes more successful at translating research into innovation and new companies in the areas of technology most vital to our cyber power.

The UK cyber security sector is growing rapidly as outlined in the UK Cyber Security Sectoral Analysis published in 2022. This is shown by:

The UK has a reputation as a global leader in cyber security research, with 19 ACE-CSR, four Engineering and Physical Sciences Research Council National Cyber Security Centre (EPSRC-NCSC) Research Institutes, four Centres for Doctoral Training, the Centre for Security Information Technologies (CSIT) and the PETRAS National Centre of Excellence in Cyber Security of Internet of Things (IoT). he 2022 UK Cyber Security Sectoral Analysis also notes that investment in cyber security firms has increased, with over 1.4 billion being raised in 2021 across 108 deals. In addition, the sector is playing a critical role in responding to emerging cyber threats and challenges, and the rapid proliferation of connectable products.

However, research in 2020 found that long-term investments in other nations, especially the USA, France and Germany, are leading to the development of large clusters of research excellence. This can pose a threat to maintaining the UKs position as a leading nation for research and innovation in cyber security, given a potential brain drain from the UK. It suggests a need for the UK to further invest in cyber security research in various forms, including clusters of research excellence in cyber security; doctoral research funding to train future research and development (R&D) leaders in cyber security; and national research facilities.

The UK Innovation Strategy highlights that UK universities have become more effective at attracting investment and bringing ideas to market in recent years and of the top ten universities ranked by levels of funding raised by spinouts, the UK has five. However, this trend needs to be expanded beyond a small group of research-intensive UK universities, ensuring that technology transfer skills and expertise of a broader range of universities are enhanced to make the sector more accessible for investors.

The challenges within the sector and the innovation landscape include:

CyberASAP is part of a wider ecosystem of cyber security growth and innovation programmes across different stages of the innovation pathway.

Figure 2: Cyber security growth and innovation programmes

CyberASAP is the first stage in the innovation pathway focused on pre-seed and proof of concept ideas. It supports the commercialisation of UK cyber security research into fully rolled-out commercial projects. It is complemented and followed by programmes that support companies at different stages of the business lifecycle to:

These interventions are also complemented by other government and private sector initiatives with a cyber security element, illustrated in the following table.

Table 5: Mapping of other programmes

There are several programmes available to support innovation within the UKs wider cyber security ecosystem. However, there are no other initiatives focused primarily on the pre-seed, concept stage as, while Cyber Runway Launch aims to support the establishment of new companies in the sector, CyberASAPs main focus is on addressing the challenges faced by academics in the commercialisation of research.

The CyberASAP programme was initially set up as a pilot in 2017 based on research by KTN into barriers for the commercialisation of research in cyber security. The programmes development is outlined in the following table.

Table 6: CyberASAP development summary

Source: Information provided by KTN to RSM UK Consulting (February 2022)

The evaluation incorporates delivery and performance across all years to date.

The programme has consisted of two phases based on a similar structure used in the ICURe programme, the proof-of-concept phase was added after the pilot year as it was felt this was missing in the original ICURe model. This included the:

A two-stage selection process is used to both (1) ensure there is a wide selection of ideas and universities involved and not only those most likely to succeed and (2) for industry experts to filter out those that do not have a robust idea / concept that is viable to take forward to phase 2.

Figure 3: CyberASAP overview

The initial ICURe pilot programme had a simple set of KPIs. This included:

From Year 2 these were developed further as KTN introduced a logic model to measure the social and economic impacts of the programme based on Year 2 activities and programme design. Key programme objectives included (based on the 2021/22 delivery year):

Figure 4: CyberASAP Year 5 (2021/22) objectives

This section details the CyberASAP programme governance structure; key stakeholders; the application process; how the programme is delivered; and reporting requirements. It focuses on assessing whether the programme was delivered as intended and what could be improved in delivery.

In Year 1 (2017) the delivery partners were:

The governance structure for the CyberASAP programme in Years 2 5 is outlined below:

Go here to read the rest:
Evaluation of the Cyber Security Academic Startup Accelerator - GOV.UK