Who could forget that historic HMRC security breach in November 2007 which saw the bank details of 25 million people go missing? The surprising answer to that question is around 20% of companies, it would seem.

At the time, the Conservative Party told the BBC that the breach was “a catastrophic failure” and then Chancellor Alistair Darling admitted it was an “extremely serious failure on the part of HMRC to protect sensitive personal data entrusted to it in breach of its own guidelines”.

In June 2008 the Poynter Review into the shameful affair identified major institutional deficiencies and recommended a number of security principles to prevent any reoccurrence. Now a survey by Cyber Ark suggests that companies are still choosing to ignore some of these core recommendations, including 19% which continue to use external couriers to transfer sensitive data files.

The Poynter Review clearly recommended that transfers of digital data involving physical media should be phased out completely, yet this new survey shows this method is on the up rather than being phased out. In 2008 when questioned on this, 4% of respondents used the postal system to transfer large files, however that figure has now jumped to 11%.

It’s not all bad news though, as the survey also revealed that 82% of companies do have some system in place for the transferring data, and the use of email for this has declined from 35% in 2008 to 16% now. Unfortunately, 67% have moved to FTP for sensitive data transfer and 28% using web based services.

Mark Fullbrook, UK Director for Cyber-Ark, says “With FTP, and even encrypted FTP sessions, the problem arises after data has moved while it sits on the FTP or SFTP server in plain text. The nature of the beast means the service is directly connected to the internet leaving it open to violation, and as there is no audit trail, no record of who accessed the files. More alarmingly is those organisations that are using a web based offering – they may just as well stand on a street corner and give away their information as these services just weren’t designed with sensitive corporate data in mind”.

A new index of average global broadband speeds makes for pretty depressing reading if you happen to be Ed Vaizey, the newly appointed Minister for Broadband in the coalition government. Hotfoot from listening to Her Madge The Queen bigging up support for the broadband nation at the state opening of Parliament earlier in the week, Vaizey will have been brought back down to Earth with a very real world bump as the Ookla Netindex places the UK at, erm, well, 33rd in the global broadband download speed charts.

To put that into some perspective, Europe as a whole can muster an average broadband speed of 10.03 Mbps according to the index but good old Britain manages a meagre 7.69 Mbps. So while we may expect to find ourselves behind the Gods of Broadband, South Korea on a massive average speed of 34.19 Mbps, ending up way behind the likes of Latvia (24.30 Mbps), The Aland Islands (18.80 Mbps), Romania (18.56 Mbps), Bulgaria (17.55 Mbps), Lithuania (16.70 Mbps), Andorra (16.24 Mbps) and even flipping Belgium (11.24 Mbps) for crying out loud.

Even if Ed Vaizey tried to shift the focus by looking at the upload speed charts instead, he would have found no reasons to be cheerful. In that list the UK sits at number 66 in the world with a truly poor 0.91 Mbps. Heck, even the Republic of Moldova can manage to find an average upload broadband speed of 7.17 Mbps although once again South Korea makes me wince with that 18.45 Mbps chart topping number.

Geoff Bennett, Director of Strategy at Infinera UK, reckons that “the roll out of superfast broadband in the UK continues to lag behind some of our key economic competitors in Europe, and the rest of the world” as these Nsetindex figures would tend to confirm. “We would urge Ed Vaizey to look at investment not just in the last mile but also in the core of the network” Bennett continues, concluding “There are new technologies that have been widely deployed elsewhere that increase the capacity of the network while reducing capital and operating costs and a leap forward to wide deployment of these technologies would be beneficial for education, health care, business, and consumers.” Technologies such as Photonic integration, for example, which has been deployed to good effect by operators in the UK such as Carphone Warehouse…

I’m sad to say that I’m way below average here in my country pad, with an average download speed of 3.5 Mbps and uploads maxing out at 0.75 Mbps.

How fast is your broadband? Now is the time to let us know if size really does matter…

Who better to fight cybercrime than the Silver Surfer? According to Marvel this superhero has the power cosmic and can absorb and manipulate ambient cosmic energies from the universe to fight off any foe. But forget the Fantastic Four where Silver Surfer first appeared over forty years ago, this time we have Prime Minister Cameron and Sidekick Clegg to thank.

To thank, that is, for bringing the crime fighting superheroine to our attention. Ah yes, did I mention that the silver surfer in question is not the Marvel Comics cartoon character but rather a 70 year old woman?

The new security minister with responsibility for online security, the so called cybersecurity czar, is Baroness Pauline Neville-Jones. Sitting in on meetings of the National Security Council, the former diplomat and member of Government defence spin-off outfit Qinetiq which provides technology-based services and solutions to the defence and security markets, Baroness Neville-Jones has plenty of experience in the national security area although her hands-on knowledge of matters cybersecurity are less clear. Indeed, a quick look at the make up of the National Security Council, which Baroness Neville-Jones helped to create, reveals a distinct lack of cybersecurity expertise and a tipping of the balance of power very much in the direction of the physical aspects of military security instead.

Still, it’s undeniably cool to be able to lay claim (albeit a little tenuously) to having the Silver Surfer fighting online crime all the same…

Just how much does the average Brit hate Europe? Ask them about data security in the cloud and you’ll find out.

Size does matter, and the bigger it gets the harder it becomes to remember where you put it. I’m talking about data storage and the data stored within it, in case you wondered. The findings of a poll published by the Business Software Alliance (BSA) on its third European Cyber Security Awareness Day in Brussels reveal that the majority of European citizens not only don’t know where their online data is being stored but they are less than certain whose job it is to protect that data, wherever it may be.

I kind of know the feeling. I have plenty of network attached storage, so much that only a few years ago I would have had to have been Bill Gates to afford it. I even have my own personal cloud thing going on courtesy of the rather nifty Pogoplug which I like to think of as my little bit of pink Linux data fluffiness. However, the fact that I have huge amounts of data stuffed onto huge amounts of storage doesn’t mean I know where it is. Indeed, if it were not for some seriously smart local search software I’d never remember exactly where I put anything, especially if I had put it there a few years ago. Documents are not a problem, I know where they are as I keep a copy of everything I write on a heavily encrypted USB stick which I carry with me at all times, with a further encrypted back up stick stored away for good measure.

Luckily, I also know where the buck stops when it comes to securing all the data: that would be with me. I run my own business, it’s my responsibility to look after the data it generates and do so in a secure fashion. But what about data generated about you by someone else, and stored ‘in the cloud’ as everyone, including my elderly mother, likes to say these days? back to that BSA survey, and 60 percent of those asked didn’t actually know what ‘in the cloud’ means, including my mother had she been asked, funnily enough. What’s more, 1 in 5 were unaware if their personal data was being held there or not.

What two thirds did know, or at least agree upon,was that responsibility for securing data held ‘in the cloud’ lay outside the businesses that actually use the data. Most agreed that there was a need for some kind of international handling of cyber security rather than an individual national approach to the problem. Spain on 77 percent and Poland on 74 percent were most enthusiastic about an international approach to data security, with most other Europeans being broadly in agreement with the concept. Apart, that is, from us Brits. Despite recent calls by the House of Lords for just such greater involvement by the EU and increased cooperation with NATO on matters of cyber security, only 46 percent of us increasingly isolated islanders thought it was a good approach.

The BSA is preparing a global cyber security policy framework to guide this notion of international cooperation to secure the online environment, and its senior director of government relations, Francisco Mingorance, insists “most Europeans are looking for global leadership and collaboration to protect their personal information from hackers and cyber criminals”. I guess that most Brits just don’t consider themselves to be European, at least when it comes to online data security matters. Either that or the BSA just happened to be questioning a bunch of UKIP supporters.

Now that the so-called broadband tax has been scrapped (along with the controversial Budget announced tax hike on cider) as Parliament gets ready to dissolve itself in the run up to a General Election, are those of us who follow the politics of technology meant to breathe a sigh of relief and go about our business? I don’t think so.

The Tories were against the 50p per month tax on everyone with a telephone landline, and indeed had said they would scrap it if it were voted in and then Labour was voted out. But for Labour it was a core element worth around £170 million a year towards the funding of that much publicised promise to get super-fast broadband to everyone. Has the broadband tax gone away for good then? The answer to that one would appear to depend on how the country votes on May 6th it would seem, with the Tories having no plans to bring it back while Labour would almost certainly seek to do so as a matter of some urgency.

So why was it scrapped, seeing as the Government could have rushed it through as part of the bundles of laws that are being bullied and hurried through Parliament so as to make the statute books before it dissolves? Now that’s an interesting one, and I suspect the answer can be summed up in three words: Digital Economy Bill. OK, some might suggest it was more to do with getting the Budget passed nice and quick, but I can’t help but wonder if there was an element of distraction involved, a tidbit to feed the geeks and take their mind off the Digital Economy Bill. If it was meant to be a distraction, it didn’t work. Indeed, only MPs appeared to get distracted and do something else other than attend the important second reading of the thing.

After a rather drawn out and tediously lightweight ‘debate’ in the House of Commons last night, the Digital Economy Bill has now passed a second reading and is due to be voted upon this week to determine if it becomes law or not. The debate, and I use that word with a lack of enthusiasm that can only be matched by the lack of enthusiasm shown by the Commons, was nothing short of a shambles. At one point there were only 15 MPs in the chamber, and at the peak of the thing no more than 40, while thousands of people who understand the technology and the impact that this duff bill will have on ordinary users and Internet businesses alike took part in a much more informed and reasoned debate online on Twitter for example.

You might have thought that, post the expenses scandal, MPs would start listening to the electorate and at least look like they give a damn about our opinions.

You might have thought that, with an election just around the corner, the views of the voters would take on a new sense of urgency.

You might have thought that the draconian measures being introduced to supposedly crack down on piracy would be exposed as a sledgehammer to a nut or, to put it in the perspective of other ill-judged knee jerk legislation rushed through Parliament, the erosion of our personal freedoms in order to calm irrational fears about domestic terrorism.

But, alas, no. It was the same old, same old. With very few, and as it turned out rather honourable mentions (Tom Watson MP take a bow) MPs just took the opportunity to stand up and rant about something they know precious little, and in some cases apparently absolutely bugger all, about. Even those such as Jeremy Hunt, Shadow Culture Secretary, who appeared to understand that the Bill was flawed stood and declared it should be passed anyway. WTF?

No wonder MPs are despised more than traffic wardens and tax inspectors these days…

Could tomorrow’s Budget be the most broadband friendly in history? The odds are looking good for some pre-Election bribery in the form of Super-Fast Broadband for All it would seem. Gordon Brown has already announced plans for every citizen to get a government services web page of their very own, accessed by super-fast broadband which the PM refers to as the electricity of the digital age.

Of course, there’s the small matter of how you pay for all of this. Which is where the Budget on Wednesday comes in. It looks likely that there will be an element of taxation in the form of a land line levy of around £6 for every land line, which is already being referred to as the broadband tax. It’s also expected that the Chancellor of the Exchequer, Alistair ‘eyebrows’ Darling, will announce that savings of billions made by closing down existing government offices will contribute to the funding purse, along with the creation of some 250,000 new jobs over the next 10 years as a result of the speedy web access.

But how do the main political parties in England view the Digital Britain road map, and how their plans to deliver that digital economy vary? Thinkbroadband has been analysing the different approaches and come up with the following:

Labour

A ‘Universal Service Commitment’ of 2Mbps by 2012 to virtually everyone in UK funded by surplus money from the Digital Switchover fund.

Next Generation Broadband available to 90 percent of UK by 2017 funded by 50p +VAT per month levy on fixed phone lines which is expected to raise £1bn over seven years. This will fund next gen broadband to the final third where the market is unlikely to deliver a service without some intervention.

In his speech, Gordon Brown said that proposals for online delivery of government services “depend on reaching 100 per cent” coverage of next generation broadband and that by 2020 he expects “to make Britain the leading superfast broadband digital power creating 100 per cent access to every home”.

Conservative

Supports the 2 Mbps universal access by 2012 funded by surplus from that Digital Switchover fund.

Next Generation Broadband of 100Mbps to majority of homes by 2017 funded possibly by using a proportion of BBC license fee at any point beyond 2012. Funds would be used as loans or on a matched funding basis.

Thinks that BT should open up access to underground ducts and overground telegraph poles so competitors can lay their own fibre like they do in France and Singapore for example.

Wants a change to the rating system for fibre networks to remove all current disadvantages suffered by new operators.

Believes intervention may be necessary in due course for next-generation broadband, but market should be given a chance first.

Liberal Democrats

Supportive of government USC plans for 2Mbps by 2012 funded by digital switch over surplus, essential to have a minimum standard of service but 2Mbps is an unambitious target.

Thinks universal service funding should be combined with a project for rollout of next generation broadband, so those who can’t get broadband would get next generation broadband sooner.

Thinks that mobile broadband could have a role to play in hard-to-reach areas. Effective use of spectrum is important.

Would like to see vast majority of the country being able to access 40Mbps+ by 2017.

Wants immediate intervention to target areas unlikely to be reached by next generation broadband by the market, the final third. Would adopt an outside in approach (start funding the most rural of areas first) but admits “it won’t be possible for absolutely everyone to receive next generation access” immediately.

Opposes the Conservative policy to top-slice the BBC license fee.

Supports 50p/month levy “if applied properly and with exemptions for the least well off”

Welcomes BT decision to open up ducts.

Sees a need to encourage more services that make use of high speed broadband, including national and local government services, to drive demand.

Thinkbroadband, however, believes therefore that the key question will be what percentage of homes and businesses will have access to 100Mbps by 2017? The challenging target will be in the 80-100 per cent range. “The main political parties all accept the importance of securing a strong digital future with super-fast broadband, but each has made vague promises, leaving out some crucial factors that would allow us to hold them to account if they form part of the next government” says Sebastien Lahtinen, co-founder of Thinkbroadband, concluding “we see some differences in the plans for how next generation broadband will be funded, in particular the level and timing of government intervention, but we don’t have clarity from any party on both the question of what ‘next generation’ broadband means in terms of speeds, and how universal will access to this high speed broadband be? In other words, will they guarantee that every single household will get it?”

With a general election just weeks away now, I’ve been wondering just what part Twitter will play in electing the next government? A new poll by Lewis Communications has revealed that 24 percent of the 1000 people consulted thought that Twitter was an essential communication tool in a democracy such as ours. That said, only 27 percent said they might be encouraged to vote for an MP who contacted them through their social networking service compared to 48 percent who would not be so minded. Mind you, one in six of those asked also thought that the barman in The Simpsons, Moe Szyslak, was a political blogger so maybe we shouldn’t take these figures too seriously.

A couple of numbers that did jump out at me from that survey though were related to online voting and political websites: 77 percent wanted to vote online this year, and 56 percent had visited a political website already in the run up to the General Election. Eb Adeyeri, Digital PR Director at LEWIS Communications, reckons that many people believe this will be “the UK’s first “Internet election” with politicians exploiting channels such as Facebook and Twitter to convey their message” but warns that a “badly-focused social media campaign could do more harm than good as Gordon Brown discovered with his infamous YouTube appearance”.

The Labour Party is taking Twitter seriously enough to have appointed a ‘Twitter Tsar’ in Kerry McCarthy MP, while Tory leader David Cameron famously dismissed Twitter users on a radio show by saying that “too many twits make a twat”.

Certainly there are more MPs, and would be MPs, using Facebook and Twitter than ever before it seems to me. Of course, the cynical side of me does accept that the rise of the micro-blogging and socially networked MP and the forthcoming election may be linked. There’s even less doubting that Twitter has become politicised to a degree, and loosely organised Tweet campaigns can be more effective as a lobbying tool than many other avenues when it comes to getting massive media attention in the shortest timescale. We’ve already seen many such groundswell campaigns on Twitter, and as the election draws ever closer I expect we will see many more. Of course, with that election looming we’ll have to expect less of these campaigns to be true feelings of the people events and more of them to have the hand of The Party pushing them.

But how can you track and analyse party political activity on Twitter? Sense Internet reckons it has the answer with the newly released the Tweetlection tool which
claims to track comments about political parties on Twitter, providing a picture of those politically motivated keywords that are most active at any given time.

“While all parties engage in tweeting, until now it has been hard to get a real-time picture of what is being said on key issues, and by whom,” says Sense MD Aidan Cook. “Previously it was difficult to get an accurate view of just how much excitement or interest a specific event or issue was generating”. Cook reckons that users will be able to get at a glance overviews of “the frequency of tweets over time for each party and the common themes in those tweets” which could help political parties modify existing themes and messages, or even create new ones.

Have hackers now become industrialised, to the extent that they now represent an exponentially increased threat to not only individuals and business, but Government and worryingly the education sector as well?

That’s the striking conclusion of a new report from data security specialists Imperva. It even goes as far as comparing the emerging industrialization of hacking to the way in which the 19th century Industrial Revolution advanced methods and accelerated assembly from single to mass production. “The result” Imperva warns “is that today’s cybercrime industry has transformed and automated itself to improve efficiency, scalability and profitability”.

The ‘Industrialization of Hacking’ report has uncovered a plot to infect educational servers worldwide with Viagra ads that download malware to the victim when they visit the infected pages, hosted on otherwise legitimate educational sites.

This is just one example of the increasingly industrialised methodology being implemented by hackers to automate an as yet unreported search engine manipulation scheme which has already infected hundreds, and quite possibly thousands, of .edu and .ac.uk servers with these infected Viagra ads.

“This attack on academic institutions highlights how hacking has become industrialized infecting servers from major institutions including UC Berkeley, Ohio State, University of Oxford and more” explained Imperva CTO Amichai Shulman, who continued “ironically, this technique is the most prevalent method used to create havoc in cyberspace, yet remains virtually unknown to the general public”.

It would appear that over the years there has emerged a clear definition of roles and responsibilities within the hacking community. Think of these as developing to the point where they provide a supply chain resembling, in many ways, a drug cartel.

Indeed, you can see a division of labour within this highly industrialised hacking community that encompasses researchers, farmers and dealers. The researcher looks for vulnerabilities in applications and frameworks, selling what they discover to criminal groups and turning a profit in the process. Farmers, on the other hand, are primarily responsible for maintaining and increasing a botnet presence through the medium of mass infection, again looking to carve a profit and often working on a per infected zombie basis. Which just leaves the dealers who, just like their drug cartel counterparts, are tasked with the distribution of the end product, in this case a malicious payload, and who also earn their keep on a commission only basis. Everyone makes some money, the criminals running the gangs make a big one of course.

If these guys are, indeed, making educational servers a target now then it’s a worrying move and one which is likely to cause a headache for network admins across campus on a global basis.

Let us know here at IT Pro if you have seen an increase in malicious activity within your academic domain, and what you have been doing to combat it.

So Alistair Darling, the chancellor with the funny eyebrows who looks a lot like Parker from Thunderbirds, has dropped the strongest of hints that he might cancel the NHS IT system this coming week. Speaking on the BBC One Andrew Marr show, Darling admitted that the Electronic Patient Record Scheme has been “quite expensive” so far. Quite expensive? Look, I know this is the chap who thinks nothing of doling out taxpayer money to bankers like it was going out of fashion, but to call a scheme that has so far cost an estimated £12 billion “quite expensive” is missing the point by a country mile even for the Chancellor.

And talking of missing the point, while I have not exactly been holding back in my own criticisms of the proposed system (mainly on security and privacy fronts) over the years, to scrap it this far down the road and with so much public money already spent would be something of a false economy surely?

Yet many are taking the comments that Darling made on the Andrew Marr show to say just that, and point to Wednesday’s pre-Budget report as the most likely time such an announcement would be made. Comments such as calling it something “I do not think we need to go ahead with just now” do rather suggest they could be right.

Of course, Darling is not alone in reaching this conclusion as both leaders of the Conservative and Liberal Democrat parties have been saying the same for some time, and more loudly with a General Election looming at the tail end of a recession. While I am in no doubt that it has been a terrible money drain, following an all too familiar pattern of public sector IT procurement going wring and wasting money without delivery much to show for it, that does not mean it should be stopped now.

What it means is that it should be done properly, that the procurement and delivery process be revised and revamped and the people who have failed so dismally made to face the music. But just to say ‘oh dear, we screwed that one up didn’t we’ and wave goodbye to £12 billion worth of work is sheer folly.

I’d be interested to hear what those health professionals who read IT Pro think: should it be scrapped or simply done properly and with tighter cost controls? If your answer is scrapped, then what if anything do you propose should take its place?