Steven Kenny

Cloud technologies and the IoT have opened up seemingly endless possibilities for the modern retail organisation. Customers have never had as much control over purchasing decisions as they do today, with the ability to make transactions at the touch of a button for goods and services from the comfort of their own homes or on the move. However, the customer data lying at the heart of this frictionless shopping experience presents an ever more attractive commodity to cyber criminals. Attacks are growing in number and it has been reported that in the last 12 months there have been 19 significant data breaches. This presents a major problem for both retailers and customers. Cloud technologies and the IoT have opened up seemingly endless possibilities for the modern retail organisation In addition to the immediate disruption and downtime a breach can cause, the damage to the reputation of a business or brand can be lifelong. With GDPR related fines from the ICO now as much as €20m or 4% of an organisation’s global annual turnover, whichever is higher, the resulting combination of the cost of the breach itself, reputational erosion and any crippling fines can be devastating. It is therefore essential that retailers are aware of the steps and procedures they should be following to ensure full data compliance and to guarantee the integrity of their IT infrastructure. Ensuring full GDPR compliance It’s vital to ensure that everyone understands the security implications and knows how to respond effectively in the event of a breach. Internally, all teams and departments should have the confidence to raise the alert if a breach is suspected. Externally, companies should look to encourage conversations across the entire supply chain to ensure requirements are effectively met and security risks are adequately addressed. It is a requirement of the GDPR that the necessary steps be taken to guard against attack and protect existing software and systems It is a requirement of the GDPR that the necessary steps be taken to guard against attack and protect existing software and systems. Effective cybersecurity lifecycle management of IoT devices, such as network video surveillance cameras, is an example of a measure which should be put in place to help prevent such devices from being compromised, mitigating risk and ultimately maintaining customer trust. Establishing a truly secure retail solution can only be accomplished if security has been analysed at every stage. Evolving physical systems For protection of the physical retail environment, the move away from legacy security solutions such as traditional CCTV, which typically sat outside of a company’s IT operation, to the modern cloud-enabled security technologies we see today, allows retailers to unlock a wealth of business benefits previously impossible with analogue technologies. Today’s systems provide far greater accuracy of detection, vastly improved image quality, even in low light, and an array of business intelligence options to aid operations, such as people counting, queue monitoring and stock control. Protecting the physical security of the retail environment The ability to create live security alerts as well as forensic evidence for later analysis allows security teams to be proactive rather than reactive. In addition, the growing use of edge capabilities to process data within the cameras themselves negates the additional time and potential lag associated with continually passing surveillance information back and forward to servers, streamlining and therefore vastly improving operations. System vulnerabilities equals vulnerable data For network cameras being introduced onto an IT network, it’s essential to ensure that they do not become compromised and used as a backdoor to gain entrance to a business’s innermost workings and most valuable commodity; its data. The importance of guarding against system vulnerabilities cannot be ignored and it is therefore vital to ensure that all installed technologies are Secure by Default; built from the ground up with cybersecurity considerations at the forefront, to strengthen system security. In addition, software updates and firmware upgrades will keep the devices protected in line with the evolving threat landscape. The importance of guarding against system vulnerabilities cannot be ignored Forging and maintaining relationships with stakeholders is key to establishing a healthy supply chain built on mutual trust and respect. Only by following such an approach can the integrity of systems be fully guaranteed, with trusted vendors and installers working together to ensure that ethical practices are followed, and cybersecurity principles are adhered to. Due diligence should be carried out to make sure that all stakeholders involved in the manufacture, supply and installation of security software and systems understand the importance of keeping security best practice at the forefront of everything they do. Addressing the ongoing challenge Retailers must be able to rely on technologies that support their operational requirements and address associated risks, while at the same time, supporting IT security policies. By following procedures around the cybersecurity of IoT devices, and realising the importance of implementing high quality products and services through relationships with trusted vendors and partners, retailers will benefit from connected physical security systems that deliver on the promise of better protection of the business and customer, to effectively mitigate the mounting cyber security threat.

Axis Communications, the provider of network video technology, publishes its latest whitepaper, Cyber security: the biggest threat to retail which highlights the increasing threat posed by cyber-attacks to today’s retail industry. The paper documents the measures that should be understood by data controllers, loss prevention & security personnel through to heads of operations to ensure the highest levels of security and provide the appropriate education and training for all key stakeholders to effectively mitigate the mounting cyber security threat. Modern retail organisation It has been reported that in the last 12 months there have been 19 significant data breaches The growth in and use of IoT devices and cloud technologies have opened up boundless possibilities for the modern retail organisation across physical and digital platforms. However, customer data is at the heart of a frictionless shopping experience and presents an attractive commodity to cyber criminals, with attacks growing in number on those retailers whose systems are inadequately secured. It has been reported that in the last 12 months there have been 19 significant data breaches, which present a major risk for both retailers and customers. In addition to the immediate disruption and downtime a breach can cause, the damage to the reputation of a business or brand can be lifelong. Furthermore, GDPR related fines from the ICO can now be as much as €20m or 4% of global annual turnover, whichever is higher, and demands that necessary steps be taken to guard against attack and protect existing infrastructure. Personally identifiable information Axis’ whitepaper creates awareness of the challenges being faced and looks at how effective cybersecurity lifecycle management of IoT devices will help to better manage security and ultimately maintain customer trust. Collaboration with system vendors, integrators and installers is also hugely important" “Any organisation that generates or manages personally identifiable information (PII), effectively any data that could potentially identify a specific individual, must comply with GDPR. Establishing a truly secure retail solution can only be accomplished if security has been analysed at every stage. The key is to ensure that everyone involved understands the security implications of a breach and how to prevent one.” “Collaboration with system vendors, integrators and installers is also hugely important, and conversations across the supply chain will ensure requirements are met and security risks are adequately addressed,” Steven Kenny, Industry Liaison Architecture and Engineering, Axis Communications. Surveillance camera technology Alongside greater awareness of the need to comply with the GDPR, the Axis whitepaper stresses the importance of looking to guard against system vulnerabilities by working with trusted vendors who can install only those security technologies that are deemed to be Secure by Default. These technologies have been built from the ground up with cybersecurity considerations at the forefront. Technologies that are cyber secure offer peace of mind when connected to a network Technologies that are cyber secure offer peace of mind when connected to a network, and come with assurances that stringent guidelines are followed during the design and manufacturing process. Surveillance camera technology designed and manufactured in this way assures retailers that these security solutions will not be used as a backdoor into the network; such is the risk of introducing non-secured hardware. Addressing cybersecurity risks Key points covered in the retail whitepaper include: Review of cybersecurity challenges – Supply chain attacks, IoT vulnerabilities, the impact of operational downtime GDPR, data protection and privacy – Examining the necessary actions to ensure full compliance with the GDPR and DPA 2018 Video surveillance insights – Understanding how data analysis can inform security and business decisions, and supply chain evaluation Managing security effectively – Processes and tools to help the design, development and testing of systems in accordance with cybersecurity principles Converged security – A collaborative approach to addressing cybersecurity risks Video surveillance systems Many organisations have re-evaluated their entire strategy in order to ensure full GDPR compliance" “The retail industry is deemed the most at risk to cyber threats. It is crucial to find the balance between enhancing the customer experience and maintaining GDPR compliance; providing adequate security whilst not violating customer privacy,” says Graham Swallow, Retail segment lead, Northern Europe, Axis Communications. “While video surveillance systems are a necessity within the retail environment, many organisations have re-evaluated their entire strategy in order to ensure full GDPR compliance. Retailers must be able to rely on technologies that support their operational requirements and address associated risks, while at the same time, supporting IT security policies.” Connected physical security systems This whitepaper provides retailers with expert guidance, highlighting the appropriate policies and procedures around the cybersecurity of IoT devices, and reinforces the importance of selecting trusted vendors and partners. Axis is passionate about using technology to help create a smarter and safer world. This is demonstrated by a commitment to helping retailers understand the benefits of connected physical security systems that deliver on the promise of better protection of the business and customer.

Axis Communications, one of the market pioneers of network video technology, has received two accolades from security authorities in the form of Cyber Essentials Plus, a scheme operated by the National Cyber Security Centre, and Secure by Default self-certification, organised by the Surveillance Camera Commissioner, Tony Porter. The awards demonstrate Axis’ commitment to cyber security and its dedication to mitigating cyber risks within the products and services it provides. The UK Surveillance Camera Commissioner (SCC) launched earlier in 2019, a voluntary set of minimum requirements to ensure that surveillance cameras and components are manufactured in a way that is secure by design and secure by default. This is a key element of UK government policy on technological innovation having announced a £70m investment in making the UK a world leader in eliminating cyber threats to businesses and consumers by developing more resilient IT hardware, with security and protection designed directly into the hardware and chips. Contribution against cyber security attacks Security must be at the heart of our shared ambition for a smarter, safer world" Tony Porter, Surveillance Camera Commissioner for England and Wales said, “Congratulations to Axis Communications in self-certifying their products as ‘secure by default’. It has been an enlightening and positive experience working with manufacturers toward a common goal and it’s a genuine first and further requirements will follow over the next couple of years. The certification mark demonstrates to customers and stakeholders alike that the products listed on my website meet the new minimum requirements I expect in terms of cyber-secure surveillance camera products. This is exactly the leadership I expect from a company like Axis.” Axis’ full range of camera products have been certified including Companion Series, M Series, P Series, Q Series and F Series and will mean that Axis’ products make a significant contribution to improving the UK’s resilience against cyber security attacks via video surveillance systems. The requirements of the scheme are an important step forward for manufacturers, installers and users alike in providing the best possible assurance for stakeholders that products aren’t vulnerable to cyberattacks. Steven Kenny, Industry Liaison, Architecture & Engineering at Axis Communications, commented, "Security must be at the heart of our shared ambition for a smarter, safer world. It is imperative that every project is approached strategically within specific security standards and frameworks, and implemented with a Secure by Default philosophy. Axis played a part in the development of the new security requirement for surveillance cameras and we welcome it, and also look forward to working with the Surveillance Camera Commissioner to take this to the next level in the future.”

Axis Communications, a provider of network video technology, has announced the release of its latest whitepaper, Smart Buildings & Smart Cities Security. Authored in association with Virtually Informed and Unified Security, the whitepaper is the third in a series looking at specific aspects of security and provides an in depth review of the topic, addresses key questions and, importantly, provides recommendations that must be considered if the smart promise is to become a reality. Against the global backdrop of population growth, the strain on limited resources and climate change, there is a growing demand for businesses and governments around the world to deliver significant improvements in the way our cities and the buildings within them are managed. The promise of future cities and buildings built around a smart vision to reduce waste, drive efficiencies and optimise resources is a prodigious one with many inherent challenges, not least, security. Access to important and sensitive data Smart technology enables the collection and analysis of data to create actionable and automated eventsSmart technology enables the collection and analysis of data to create actionable and automated events that will streamline operations. To deliver this at far greater scale means bringing together a large number of very different systems and empowering them to communicate freely with access to important and often sensitive data. Device interoperability will be a crucial component of its success but to have full confidence in the way that these diverse ecosystems operate together, and to ultimately cede important decision-making to them, stakeholders must be fully confident in the security of the systems. The proliferation of IoT devices has witnessed in parallel an exponential increase in the number of threat exposures and attack vectors, which put in jeopardy the systems that our smart cities and buildings will rely on. With an ever-increasing number of cyber breaches and a common acknowledgment that ‘you are only as strong as your weakest link’, it is important that cybersecurity is considered and evaluated throughout the whole supply chain to protect data, maintain privacy and keep risk associated with cyber threats to a minimum. This process should always start by looking at device security and the vendors’ cyber maturity. Identifying vulnerabilities and mitigating damage Managing cybersecurity in environments of this scale involves drawing up thorough risk assessments that go right back through the supply chain. Identifying vulnerabilities and mitigating the potential for damage that they could cause. Axis’ Smart Buildings & Smart Cities Security whitepaper topics include: Smart cities and why we need them - Smart cities are increasingly playing a significant role in meeting today’s resource and population challenges Smart and intelligent technology - Smart devices, systems, buildings and cities defined – questions and issues around existing definitions are addressed Roles and responsibilities - Review stakeholder roles and security risk management to better understand the security issues associated with smart building systems Security challenges - Threat vectors are vast and varied with increasing levels of sophistication; understand the vulnerabilities, technologies and standards to be applied Recommendations - Getting started; security standards and frameworks; product strategy, system and solution security; supply and purchasing; and converged operations. Damages due to cybersecurity breach The associated disruption as a result of a cybersecurity breach of a smart system could be catastrophic. At a minimum, it would cause system downtime and impact its ability to operate. The loss of personal data or IP may also damage reputation, impact a company’s share price or even cause actual physical harm. Ensuring that converged security becomes a vital component of this rapidly changing paradigm is of critical importance; safety and security must be at the heart of the shared ambitions for a smarter environment. At Axis, we are passionate about using technology to help create a smarter and safer world" Steven Kenny, Industry Liaison, Architecture and Engineering at Axis Communications commented: “At Axis, we are passionate about using technology to help create a smarter and safer world. We also believe that technology should be used in an ethical and responsible way. You might say that this whitepaper reflects the very values of our business in that, used responsibly and with security front and centre, smart technology will help us address the big challenges of our time. Increased safety and security for all “Increasing efficiencies is vital in meeting carbon reduction targets and avoiding climate catastrophe. The smart vision provides a strong basis for economic growth and improved quality of life. We greatly admire the work that Virtually Informed and Unified Security are doing to help ensure that the worlds of physical and cyber security are aligned and working together to achieve a common goal of increased safety and security for all.” The whitepaper’s two authors have impressive credentials. James Willison is the founder of Unified Security Ltd and one of IFSEC Global’s top 20 Security thought leaders in the world. Sarb Sembhi is the CTO and CISO at Virtually Informed and has contributed on security projects for the likes of the London Chamber of Commerce and the Internet of Things Security Foundation. Mr. Sembhi also sits on the editorial board of SC magazine.