360 Vision Technology, a UK CCTV manufacturing company, has announced that with effect of 15th January 2020, Sales Director Ashley Knowles has retired from the company, and the Security Industry. “Ashley has been a founding director of the business since 2003, having previously worked at Video Controls Ltd, and has thoroughly enjoyed being part of the 360 Vision team,” says Mark Rees, 360 Vision’s Managing Director. “Over the years he has contributed to make the co...
Sophos, a globally renowned provider of next-generation cyber security solutions, has announced introducing Sophos Intercept X for Mobile with new security capabilities for Chrome OS devices and improved mobile threat defence for Android and iOS devices. Fleeceware applications Sophos has also published research, Fleeceware Apps Persist on the Play Store, which details new findings on Fleeceware applications that overcharge unsuspecting consumers for functionality widely available in other fre...
Genea has announced that it has acquired cloud-based physical access control company, Sequr, Inc., thereby further expanding its portfolio of commercial real estate technology solutions. Submeter billing software solutions “Sequr is an ideal fit for us,” said Michael Wong, CEO of Genea. He stated, “Almost all of our customers who use our OTHVAC and/or submeter billing software solutions have been searching for help with access control. Similar to our other offerings, Sequr&rs...
Synology Inc. has announced the availability of the SA3600 storage system, the latest device in the SA family of high-performance and versatile, petabyte-capable network attached storage servers. Built to tackle both existing and future data storage requirements, SA3600 provides businesses with access to faster and larger on-premises storage in a cost-effective package. "In response to the rising demand for on-premises data storage, we built the SA series to help businesses reach petabyte-scale...
360 Vision Technology, the UK CCTV manufacturing company, is delighted to announce that it has appointed Sara Fisher to the role of Business Development Director. Formerly Sales and Marketing director at AMG Systems, with full responsibility for driving sales and marketing activities, Sara’s new role will be geared to supporting end users, systems integrators and consultants in the ITS, local authority and Oil & Gas sectors in the UK and international regions. High-performance camera...
Back in the 1960s a lead engineer working in conjunction with the United States Navy for Lockheed’s Skunk Works team coined the acronym KISS, which translated to the design principle ‘keep it simple stupid’. The KISS principle embraces the concept of simplicity, stating that most systems work best if they are kept simple rather than geared up to be more complicated. When it comes to physical security systems, this concept can also play a key element in its overall succes...
The Boring Labs has announced that it has achieved the designation of Gold Technology Partner by Milestone Systems. The Boring Toolbox is a series of functional tools that help enterprises and integrators more efficiently manage medium-to-large distributed video surveillance/security networks using Milestone Systems XProtect Express+, Pro+, Expert and Corporate. Managing large, complex systems In March of this year, The Boring Toolbox received accolades from Milestone as the Solution Partner of the Year, North America for being a as a key community member that allows systems integrators and self-maintaining end-users to more efficiently and effectively manage large and complex Milestone installations. “In just over a year, the Boring Lab has been integrated in to key Milestone installations all over the world. Customers include both large enterprise installation and key Milestone Channel Partners who have been able to simplify tedious camera management and reporting that previously took hours out of a system administrator’s time,” said Ronen Isaac, CEO of The Boring Lab. “Our Gold Technology Partner relationship validates our integration and ensures that our customers will get the best possible solutions that have been built and verified to Milestone’s strict standards.” Boring Toolbox, Windows-based application The Boring Toolbox is a Windows-based application that delivers more efficient password, device group, device naming and reporting functions, saving administrators of medium to large scale Milestone Systems and Siemens Building deployments hundreds of hours every year.
Steel fencing manufacturer Zaun Ltd has appointed Mat White from Highway Care Security Solutions. Zaun boasts a long-standing working relationship with White extending back over many years. For the past five years, he has been at Highway Care, initially as project manager on security and major highways contracts, and more recently as commercial manager and director for H2S2, a joint venture business between Highway Care and Hill & Smith business Hardstaff Barriers. White said, “I’m really excited to be joining the Zaun team and can’t wait to get my teeth stuck into my new role, while strengthening long term customer relationships and opening new doors to help create a sustainable future for the business. Zaun is picking up momentum thanks to the high-quality products it manufactures, and the dedicated and enthusiastic team that represent the business.” White project managed the design, program and deployment of security measures utilising the National Barrier Asset (NBA) Deployment of security measures Prior to Highway Care, White spent 12 years at Hardstaff, starting out as a plant operator and quickly progressing through the ranks to site supervisor and then operations manager overseeing highways and security projects. As the UK terrorist threat increased, he project managed the design, program and deployment of security measures utilising the National Barrier Asset (NBA) for high-profile events including the Nuclear Security Summit in Holland, Champions League Final, G8 and NATO conferences. High security environment Zaun sales and marketing director Chris Plimley said, “Mat brings a wealth of experience to Zaun in the high security environment, having previously worked alongside us on various high profile critical projects over the years. His product and design experience is exceptional, as is his ability to communicate at all levels from the teams on the ground to the end client means, building confidence that the project gets over the line. I’m delighted to welcome Mat into the team.” White joins four other recent recruits at Zaun. Andy Holloway has joined as internal sales manager, alongside sales estimator father and son Dave and Tommy Calvin together with design and production engineer Shane Rowton. Plimley concluded, “These appointments put the Zaun sales team on a stronger footing than ever and are key to driving forward our plans for continued growth coupled with ever improved customer service.”
Ping Identity, a pioneer in Intelligent Identity solutions, has announced significant updates to the Ping Intelligent Identity platform, including improved support for DevOps, multi-cloud automated deployment, as well as secure user authentication experiences that are designed to safely eliminate the use of passwords. These new capabilities broaden Ping Identity’s solution reach across enterprise digital transformation efforts with cloud options spanning public cloud, private cloud or a multi-tenant Identity-as-a-Service. Recent platform enhancements include: Ping Intelligent Identity platform Docker Images and Kubernetes Orchestrations: Solutions within the Ping Intelligent Identity platform are now available as Docker images and Kubernetes orchestrations, allowing customers to quickly deploy multiple Ping solutions as pre-configured bundles. The automated deployments of these solutions support DevOps workflows and multi-cloud deployment across the growing list of cloud providers that support Docker and Kubernetes. These new deployment options provide extremely fast time-to-value for IT teams tasked with infrastructure management, and can enhance security and reliability by reducing the risk and cost of inconsistent configurations. PingCloud Private Tenant solution Dedicated Cloud Environment: As enterprises progress on their cloud transformation journeys, some are choosing to outsource IAM infrastructure management to improve efficiencies and lower costs. PingCloud Private Tenant provides just that through highly configurable authentication and directory tools, combined with concierge support options in a Private Cloud solution hosted and managed by Ping Identity. PingCloud Private Tenant provides customisable security and control in a Private Cloud, including data isolation to help ensure global organisations remain compliant and a step ahead of regulatory requirements. Identity-as-a-Service Cloud Service Customisation: PingOne for Enterprise provides a multi-tenant cloud solution that is fast and easy to setup and manage, and now provides additional branding and customisation options to present a more seamless user experience. Expanded Global Reach: As demand for PingOne for Customers grows, Ping has responded by expanding its deployment to its data center in the Asia-Pacific region to improve performance and address regional data compliance needs. Passwordless Authentication with FIDO2 Passwordless with FIDO2: Ping Identity expanded use cases for passwordless authentication with the additional support of the FIDO2 standard. FIDO2 support within the Ping Intelligent Identity platform enables passwordless authentication with Windows Hello, enhancing end user experience and reducing the chances of security attacks or passwords being compromised. “Enterprises today find themselves at various stages of digital transformation, which require flexible and agile identity solutions that satisfy cloud your way,” said Loren Russon, vice president, product management, Ping Identity. “At Ping, we’re dedicated to providing our enterprise customers the customisable cloud solutions they need to achieve their modernisation initiatives.”
Hanwha Techwin, a global supplier of IP and analog video surveillance solutions, has announced its top 5 key trend predictions for the security industry in 2020. They include AI end-to-end security solutions, cybersecurity, cloud-based data insights, privacy protection and vertical specialised solutions. AI End-to-End Security Solutions As AI becomes more broadly adopted across industries, it is likely to be more widely incorporated in video surveillance in the upcoming year. Edge-based AI (which filters and processes data locally on a camera), will be more ubiquitous, enabling end-to-end AI technology. Today, most security cameras send the data they collect to servers to be analysed. Edge-based AI (which filters and processes data on a camera) will be more ubiquitous, enabling end-to-end AI technology However, with edge-based AI, the data is analysed by the camera first and subsequently sent to the server. This reduces the burden of transferring and storing large amounts of data to a server, thereby increasing efficiency, saving time, and reducing server costs typically required analysing data. In 2020, Hanwha Techwin will introduce edge-based AI cameras, as well as AI-powered NVRs and VMSs, to introduce end-to-end (camera to storage server and VMS) AI security solutions. Cybersecurity Solutions With IoT devices becoming ubiquitous, the importance of cybersecurity has never been more important. Today’s cyber-attacks are more intelligent and advanced than ever, so building cyber-resilient security systems is no longer an option, but an imperative. Smart cities, factories, financial institutions and retailers today require scalable video surveillance solutions which are closely interconnected with other devices and networks, making the importance of cybersecurity paramount. Strong cybersecurity has always been Hanwha Techwin’s priority and the company has been refining the technology since the beginning. The soon-to-be released Wisenet 7, the newest version of Hanwha Techwin’s own SoC (System on Chip), has been designed with the strongest cybersecurity features including a secure booting function and signed firmware for both software and hardware. Validated by the UL Cybersecurity Assurance Program (CAP) certification, Wisenet 7 ensures that users have access to the industry’s most advanced cybersecurity features. Cloud–based Data Insight According to IDC, a provider of information technology market intelligence, there will be about 175 zettabytes of data in the world by the year 2025, with much of it stored in the cloud and data centres around the world. At the same time, video surveillance solutions will go far beyond functioning as a simple monitoring tool to become an indispensable aid to organisations by providing useful insights that improve business operations. The importance of accessible cloud-based servers that can easily store and analyse the accumulated data, will also increase. Going beyond being an efficient storage repository, sophisticated analytics will use cloud processing to analyse the stored data and provide useful insights. In 2020, Hanwha Techwin will introduce cloud-based solutions beginning with the Device Health Monitoring Cloud, which will monitor and manage video surveillance devices in real time. The company will also introduce Retail Insight Cloud designed to facilitate store management. Privacy Protection By its very nature, the video data that is collected for security purposes almost always contains private information Together with cybersecurity, Hanwha Techwin believes that the protection of personal data should be integral to the business ethics of a video surveillance company. By its very nature, the video data that is collected for security purposes almost always contains private information. Therefore, protecting surveillance data is imperative. Around the world, privacy protection laws are being introduced, such as the General Data Protection Regulation (GDPR) in Europe, and the Federal Information Security Management Act (FISMA) in the US. The California Consumer Privacy Act (CCPA), is also set to come into effect in January 2020. These laws will force the video surveillance industry to follow “privacy by design” best practices and renew their efforts to protect personal data from misuse and abuse. Organisations are increasingly aware of the dangers of private data breaches and they are becoming more discerning when choosing security products and solutions. Domestically, Hanwha Techwin provides a solution with VPM (Video Privacy Management) technology and has released its S-COP (Smart Cover of Privacy) lineup to comply with GDPR globally. Vertical Specialised Solutions Vertical markets in the security industry are increasingly requiring more specialised devices and solutions to meet their unique requirements. With the emergence of the 4th industrial revolution, the presence of smart verticals will be more prominent, and video surveillance companies must be ready to provide solutions for smart cities, factories, transportation, and retail organisations. Hanwha Techwin already provides products for these verticals and plans to expand its lineup of specialised solutions in the near future, to include asset management solutions with IoT technology. Advancement in technologies such as AI, IoT and cloud will support new use cases in conjunction with existing devices" “Advancement in technologies such as AI, IoT and cloud, will support new use cases in conjunction with existing devices and solutions to meet customers’ needs in various verticals, expanding the horizon of our industry. However, we must also be mindful of the social and ethical responsibility related to areas such as cybersecurity and private data protection. Sustained interest and investment in these areas must be regarded as an obligation to make sure our industry continues to thrive in the midst of rapid technological advancements,” said Hanwha Techwin’s President & CEO Soonhong Ahn. Total Security Solution Hanwha Techwin is a subsidiary of Hanwha Corporation, a South Korean based company. Hanwha Techwin offers total security solution which encompass network and cameras, recording solutions, video management software and compression technology. Hanwha Techwin has consolidated its leadership position in security solutions by building self-developed SoC chipsets, along with the optical, manufacturing and image-processing technology accumulated over 30 years. Hanwha Techwin is now preparing for the future by continuing to invest in AI technology and cyber security in order to provide intelligent and secure solutions to customers. Under its Wisenet brand, Hanwha Techwin will strive to deliver security solutions which customers can trust.
ONVIF, global standardisation initiative for IP-based physical security products, has announced that it will be at Intersec 2020, which is slated to take place from January 19 - 21 in Dubai, United Arab Emirates, along with participating member companies to demonstrate interoperability between products using ONVIF profiles. Intersec 2020 At booth #SA-L17, attendees will be able to see demonstrations of interoperability between different manufacturers’ products using various ONVIF profiles. ONVIF executives are also participating in a number of presentations describing the standardised approach to security as part of the Intersec Future Security Summit 2020 held in the Al Multaqua Ballroom, Dubai International Convention and Exhibition Center, in conjunction with the exhibition. ‘Enterprise Security: Challenges for New Age Security Managers’ Focus on developing, implementing and maintaining resilient programs in complex operating environments Per Björkdahl, chair of the ONVIF Steering Committee, will participate in a panel discussion titled ‘Enterprise Security: Challenges for New Age Security Managers’, on Monday, January 20, 2020 at Intersec Arena. This discussion will focus on developing, implementing and maintaining resilient programs in complex operating environments, and will also touch upon the need for flexible, simple and modular integrated systems. Also participating in the panel will be Joule Sullivan, director of international security operations for Abbott and David K. Young, chief executive officer for Oxford Analytica. Interoperability between disparate devices and systems “Interoperability between disparate devices and systems will continue to fuel innovation and provide valuable intelligence for sophisticated, enterprise environments,” Björkdahl said. “ONVIF is focused on continuing to provide new and innovative interoperability solutions to the industry to help it advance.” Also on January 20, Stuart Rawling, head of segment marketing at Pelco and ONVIF Steering Committee member, will present on the topic, “Converging systems into one operational interface to improve the security, intelligence and oversight of shopping malls and retail parks.” Attendees will learn how using a standardised interface for security systems will mitigate risk, provide scalability and aid in capitalising on business opportunities. IP-based security solutions expert Founded in 2008, ONVIF is a globally well-recognised industry forum, driving interoperability for IP-based physical security products. The organisation has a global member base of established camera, video management system and access control companies and more than 13,000 profile conformant products. ONVIF offers Profile S for streaming video; Profile G for recording and storage; Profile C for physical access control; Profile Q for improved out-of-the-box functionality, Profile A for broader access control configuration and Profile T for advanced streaming. ONVIF continues to work with its members to expand the number of IP interoperability solutions ONVIF conformant products can provide.
Iberdrola, major Spanish power and energy utility, has now joined the European Network for Cyber Security (ENCS). The company becomes the latest member of ENCS’ work to strengthen the energy sector’s cyber defences. With a key focus on becoming the ‘Utility of the Future’, Iberdrola supplies electricity to over 100 million consumers and is at the forefront of the energy transition. In recent years, significant investment into digitalisation and smart grids has made cyber security a priority for Iberdrola and ENCS membership was the logical next step. Cyber Security, a priority for global energy sector ENCS have been taking a proactive approach to cyber security in our industry" Jose Corera, in charge of Cybersecurity at Iberdrola Networks said, “ENCS have been taking a proactive approach to cyber security in our industry. As we continue to embrace digitalisation and the evolution of smart grids, it’s in our best interests to participate in an organisation which anticipates the threats this progress brings. This membership will enable us to benefit from ENCS’ knowledge base and training activities while we contribute our own expertise to enhance protection of our shared critical infrastructure”. ENCS already works with a wide variety of utilities across Europe, sharing knowledge and expertise, collaborating on research projects and conducting training. Over the course of next year, the organisation will continue to expand on its security policy, architecture and operations. Expanding security policy and architecture “Iberdrola is not only a company of great calibre, but it has a proven track-record as an innovator in the energy sector” says Anjos Nijk, Managing Director, ENCS. “With such a strong history and wide reach within Europe, it’s exciting to see that we’ll be able to harmonise efforts to strengthen the resilience of our systems in the coming years.”
With so many high-end professional security companies in attendance, a security trade show is perhaps the least likely environment for criminal activity. Would criminals really choose to mess with the leaders in global security? While it may seem counter-intuitive, personal and corporate security needs to be a priority for every attendee – no matter how secure you may feel. If you are attending a security trade show where you will be surrounded by security experts, you should still not let your guard down. Use your security expertise to remain alert and vigilant to your surroundings. Use your security expertise to remain alert and vigilant to your surroundings Personal safety When it comes to security, there are two main areas where you need to focus on: your personal and your corporate security. Personal safety is self-explanatory: how you keep your person safe from physical attacks. When attending a trade show of any type, it is important that you are willing to speak to people and allow them to approach your personal space. However, it is equally important to set guidelines in order to keep your personal safety. Any location where large amounts of people are in attendance is a potential target for both individual criminal assault and terrorist attacks. Constant vigilance is your best defence here. Below are just a few examples of personal safety standards you should adhere to while attending any type of trade show: Always have a way out: as soon as you are provided a map of the facility hosting the show, commit to memory both the public entrances and exits. As a backup, take notice of the utilitarian transitways used by employees of the facility. Don’t let the most obvious exits become a “choke-point,” where you can be easily become caught in case of a crisis. Stay together: when you leave the venue make sure you do so in your group of colleagues or friends. While you may be anxious to get to your next destination, don’t breach protocol to do so. Keep a buddy system: communicate your known travel destinations with your teammates. If you have a meeting to attend with a client, let someone know when you will be there and when you plan on returning from it. Use tech to your advantage: consider installing a tracking app on the phone of everyone in your group attending the show. An app such as Life360 allows you to easily find your friends in case of an emergency. Drink responsibly: at many trade shows, alcoholic beverages are served. If you decide to partake, make sure that only people you trust are providing those beverages. Furthermore, don’t ever leave drinks unattended – it’s better to grab another than risk a spiked drink. Corporate safety Corporate security is typically a bit broader in that it includes your physical space, the materials or equipment located in your booth, and any proprietary or digital materials shared with clients or visitors. A security trade show will by nature offer a great many products and services that may be proprietary in nature. And so it’s important that everything you bring is accounted for at all times. Here are a few things to keep in mind when thinking about corporate safety: Securing privacy: if you plan on meeting with attendees in your booth, make sure you can provide privacy during your discussions. It is essential to be able to provide a safe place to discuss things. Make sure that prying eyes or sensitive ears can’t pierce your veil of confidentiality. Secure your assets: petty theft is a problem at any venue. To avoid the unexpected loss of your items, you should make sure all laptops, briefcases, backpacks, purses and anything else of value are “cabled” to hardpoints such as heavy tables to keep them from being carried off. Never leave anything important unattended. Secure delivery: if the trade show facility requires contracted employees to deliver your equipment or booth materials to your space, make sure that your materials are locked, secured, and properly labeled to mitigate pilfered or misplaced materials. Do not be afraid to take photos of your booth before it is left for the evening to document the shape it is left in. After all, it is a security trade show Keep in mind that you are there to target clients and customers who may need your products or services. Corporate espionage is a billion-dollar industry now. There are agents who attend security trade shows looking to steal the latest and greatest technology. These “professional spies” are solely there to undercut the success of your company at the show. Make their job as difficult as possible by being smart and alert.
The cyber security threat is constant and real. Entire businesses, large enterprises and even whole cities have been vulnerable to these attacks. Growing threat of cyber attacks The threat is not trivial. Recently, two cities in Florida hit by ransom ware attacks – Rivera Beach and Lake City – opted to capitulate and pay ransom totaling more than $1.1 million to hackers. The attacks had disrupted communications for first responders and crippled online payment and traffic-ticketing systems. It was reminiscent of the $4 billion global WannaCry attacks on financial and healthcare companies. A full two years after the WannaCry attack, many of the hundreds of thousands of computers affected remain infected. And hackers are continuously devising new techniques, adapting the latest technology innovations including machine learning and artificial intelligence to devise more destructive forms of attack. Indeed, AI promises to become the next major weapon in the cyber arms race. For enterprises, there is no choice but to recognise the threat and adopt effective countermeasures Enterprise security For enterprises, there is no choice but to recognise the threat and adopt effective countermeasures. Not surprisingly, as the number, scale and sophistication of cyber-attacks has grown, so has the significance of the Chief Information Security Officer, or CISO, who owns the responsibility of sounding the alarm to the C-suite and the board – and recommending the best defense strategies. Consider it a grim irony of the digital economy. As companies have migrated to the cloud to gain scale and efficiency and integrated new channels and touch points to make it easier for their customers and suppliers to do business with them, they have also created more potential points of entry for cyber-attacks. IoT increases threat of cyber-attacks Amplifying that vulnerability is the trend of allowing employees to bring their own laptops, smartphones and other digital devices to the office or use to work remotely. And thanks to the Internet of Things, as more devices connect to enterprise systems – from thermostats to cars – the threat surface or targets of intrusion are multiplying exponentially. According to the McAfee Labs 2019 Threats Predictions Report, hackers will increasingly turn to AI to help them evade detection and automate their target selection. Companies will have no choice but to begin adopting AI defenses to counter these cybercriminals. Importance of cyber security This escalation in the cyber arms race reflects the sheer volume of data and transactions in modern life. In businesses like financial services and healthcare it is not humanly possible to examine every transaction for anomalies that might signal cyber snooping. Even when oddities are glimpsed, simply flagging potential problems can create so-called threat fatigue from endless false alarms. What’s more, attacks like those from Trickbots are specifically designed to go undetected by end users. The fact is, even if throwing more people at the problem were a solution, there aren’t enough skilled cyber security workers in the world. By some estimates, as many as 10 million cyber security jobs now go unfilled. AI is being used to conduct predictive analysis at a scale beyond human means Deploying AI As a result, AI is being deployed on multiple cyber-defense fronts. So far, it is mainly being used to conduct predictive analysis at a scale beyond human means. AI programs can sift through petabytes of data, identifying anomalies and even helping an organisation recognise and diagnose intrusions before they turn into catastrophic attacks. AI can also be used to continually monitor and allocate levels of access to a network’s multitude of legitimate users – whether employees, customers, partners or suppliers – to ensure that all parties have the access they need, but only the access they need. Countering cyber security threats To harden defenses, some AI programs can be configured to perform simulated war games To harden defenses, some AI programs can be configured to perform simulated war games. Because cyber attackers have stealth on their side, organisations might need dozens of experts to counter only a handful of attackers. AI can help even the odds, scoping out the potential permutations of vulnerabilities. As CISOs – and the CIOs they typically report to – advise C-suites and boards on their growing cybersecurity risk, they can also help those leaders recognize an enduring truth: AI programs cannot replace experienced cybersecurity professionals. But the technology can make staff smarter, more vigilant and more nimbly responsive. AI-based cyber security tools Financial and healthcare companies are leading this charge because of the sheer volume and variety of transactions they handle and because of the value and sensitivity of the data. Organisations like the U.S. Department of Defense and the space agency NASA, as well as governments around the world are also implementing AI-based tools to address the cyber threat. For businesses of all types, the threat stretches from the back office to the supply chain to the store front. That is why recognising and countering that threat must involve everyone from the CISO to the CEO to the Chairman of the Board. The AI arms race is underway in security. To delay joining it is to risk letting your enterprise become one of the grim statistics.
Edward Snowden’s name entered the cultural lexicon in 2013, after he leaked thousands of classified National Security Agency documents to journalists. He’s been variously called a traitor, a patriot, a revolutionary, a dissident and a whistleblower, but however you personally feel about him, there’s one way to categorise him that no one can dispute: He’s a thief. There’s no doubt about it: Snowden’s information didn’t belong to him, and the scary truth is that he is neither the first nor the last employee to attempt to smuggle secrets out of a building – and we need to learn from his success to try to prevent it from happening again. Since the dawn of the digital age, we’ve fought cyber pirates with tools like firewalls, encryption, strong passwords, antivirus software and white-hat hackers. But with so much attention on protecting against cyber risks, we sometimes forget about the other side of the coin: the risk that data will be physically removed from the building. Douglas Miorandi, director of federal programs, counter-terrorism and physical data security for Metrasens, recently discussed the major risks to physical data security with SourceSecurity.com. Q: What do you believe are the main physical threats to data? The biggest threats I have seen in the physical data security space have varied over the years, but there are four specific risks that remain the same across the board for any organisation, which are: Every organisation is at risk of having data walk out the building with that employee The Insider Threat The Outsider Threat The Seemingly Innocent Personal Item Poor or Nonexistent Screening To beginning with, every company or government agency has at least one disgruntled employee working for them, whether they know it or not, and that means every organisation is at risk of having data walk out the building with that employee. That is what security experts call the insider threat. Q: What do you think influences employees to steal data from their own organisation? People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially – meaning they don’t even need to be disgruntled; they might just want a quick way to make a buck. Financial data, too, is attractive, both for insider trading and selling to the competition. People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially This can happen to both private companies as well as government agencies. Take Natalie Mayflower Sours Edwards for example, a Treasury Department employee who was caught in the act just last month, when she disclosed sensitive government information about figures connected to the Russia investigation to a reporter. She didn’t hack the system, she simply used a flash drive. And let’s not forget that Snowden was a contractor working for the NSA. Q: Many of us think of security threats coming from an outsider, do companies still face these type of threats? Yes. Unfortunately, organisations do not only need to worry about their own employees – companies and government agencies need to be wary of threats from outsiders. COTS devices include SD cards, external hard drives, audio recorders and even smart phones They can come in the form of the corporate spy – someone specifically hired to pose as a legitimate employee or private contractor in order to extract information – or the opportunistic thief – a contractor hired to work on a server or in sensitive areas who sees an opening and seizes it. Either one is equally damaging to sensitive data because of the physical access they have. Q: Whether it be an insider threat or an outsider threat, what are ways these individuals can steal sensitive data? There are two types of personal items that can be used to steal data: the commercially available off-the-shelf (COTS) variety, and the intentionally disguised variety. This is considered risk number three – the seemingly innocent personal item. COTS devices include SD cards, external hard drives, audio recorders and even smart phones, any of which can be used to transport audio, video and computer data in and out of a building. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom Q: What is the difference between COTS and disguised devices? The difference between COTS and disguised devices is that if someone gets caught with a COTS device, security will know what it is and can confiscate it. The disguised device looks like a security-approved item anyone could be carrying into the workplace, making it especially devious. Sometimes these devices don’t just function to bring information out of a building; they are used to damage a server or hard drive once it’s plugged in to a computer or the network. Some are both – a recording device that extracts data and then destroys the hard drive. Companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening peopleQ: With these types of discrete items, can security personnel still catch individuals in the act? For example, through security screenings? Poor or nonexistent screening is the most substantial security threat to any organisation when it comes to sensitive data. Whether it’s an employee, an outside contractor or a device, the physical security risks are real, and everyone and everything entering and leaving a building needs to be screened. Unfortunately, screening often isn’t occurring at all, or is ineffective or inconsistent when it does occur. Even companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening people and stopping them from stealing data through recording devices. Q: It’s surprising that so many organisations would neglect physical security when protecting their data. It’s a huge mistake, and the consequences can be dire. They range from loss of customer trust, exorbitant lawsuits and tanking stock prices in the private sector; and risks to national security in the public sector. Costs and resource allocation increase as well during efforts to reactively fix or mitigate the effects of physically stolen data. For both the private and public sectors, the risk for data to be physically removed from a building has never been greater. Years ago, it was much harder for the average Joe to figure out where they could sell stolen data. Now, with the Deep Web, anyone with Tor can access forums requesting specific information from competing spy agencies, with instructions on how to deliver it, greatly reducing the risk of getting caught – and increasing the likelihood people will try it. Although it’s getting easier to sell data, the good news is that all of these threats are avoidable with the right measures. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack Q: So how can an organisation protect against these risks? There are a number of ways – and the first one requires a change of mindset. Not long ago, the building/physical security department and the IT/cybersecurity department were considered two different entities within an organisation, with little overlap or communication. Organisations now are realising that, because of the level of risk they face from both internal and external threats, they must take a holistic approach to data security. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack. Q: How can companies and government agencies combine both physical data security and cybersecurity initiatives? Physical security managers can advise cybersecurity managers on ways to reinforce their protocols – perhaps by implementing the newest surveillance cameras in sensitive areas, or removing ports on servers so that external drives cannot be used. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try In turn, the cybersecurity team can let the physical security team know that they have outside contractors coming in to work on the server, and the physical security team can escort the contractors in and stand guard as they work. Constant communication and a symbiotic relationship between the two departments are crucial to creating an effective holistic security protocol and, once you’ve got the momentum going, don’t let it slow down. Sometimes efforts start off strong and then peter out if priorities change. When guards are down, it’s an excellent time for a malicious actor to strike. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try. It’s not just about the mentality, though. Using the right technology is just as important. Q: What type of technology can you use to protect physical data? Many problems can be avoided by simply using the right technology to detect devices that bring threats in and carry proprietary information out. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them. Using a ferromagnetic detection system (FMDS) as people enter and exit a building or restricted area means that anything down to a small microSD card triggers an alert, allowing confiscation or further action as needed. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them Q: How does FMDS work? In the most basic terms, FMDS uses passive sensors that evaluate disturbances in the earth’s magnetic field made by something magnetic moving through its detection zone. Nothing can be used to shield the threat, because FMDS doesn’t detect metallic mass; it detects the magnetic signature, down to a millionth of the earth’s magnetic field. FMDS is the most reliable method of finding small electronics items and should be part of the “trust, but verify” model Although it is a passive technology, it is more effective and reliable than using hand wands or the walk-through metal detectors typically seen in an airport, which cannot detect very small ferrous metal objects. FMDS can see through body tissue and liquids, so items cannot be concealed anywhere on a person or with their belongings. Whether or not the items are turned on doesn’t matter; FMDS doesn’t work by detecting a signal, but rather by spotting the magnetic signature that electronics contain. This is ideal, because most recording devices do not emit any signal whatsoever. In my experience, FMDS is the most reliable method of finding small electronics items (as well as other ferrous metal objects, like weapons), and should be part of the “trust, but verify” model, in which companies assume the best of their employees and anyone else entering the building, but still take necessary precautions. Q: What are the key takeaways for organisations looking to enhance data security? The toughest challenge in the security sector – whether it’s cyber or physical – is remembering that the bad guys are constantly looking for ways to slip in through the cracks, and security departments need to stay one step ahead to ward off both internal and external threats. Recognising the existing threats, putting together a holistic security strategy, and using the right technology to detect illicit devices comprises an effective three-pronged approach to protecting an organisation’s data. Organisations cannot afford to be passive about security and assume employees won’t steal data and spies won’t sneak in. Strong countermeasures are necessary because data loss can come from both inside and outside, in both private and public sectors, from places not everyone thinks of – and with technology like FMDS acting as a backup to the human element, organisations can lock down their data and keep the wolves in sheep’s clothing from getting through the door.
There is a growing trend towards more outsourcing of the monitoring function among security companies. Technology developments are accelerating and increasing the need for monitoring companies to invest. The barriers to entry are higher than ever. These are some of the trends covered in a discussion at Securing New Ground 2019 titled ‘Monitoring: New Models and New Monetisation Strategies’. A panel of monitoring company executives addressed topics centered on how the industry is changing and evolving. New entrants in the monitoring space New entrants in the monitoring space face barriers to entry, in particular the need for more investment"“New entrants in the monitoring space face barriers to entry, in particular the need for more investment in infrastructure and expertise,” said Spencer Moore, Vice President of Sales and Marketing, Rapid Response Monitoring. ”Because of the expense of new technologies, more full-service monitoring companies are outsourcing the monitoring function to existing wholesale monitoring companies.” “The cost of entry has gone up, and companies are trying to preserve capital,” agreed Jim McMullen, President/COO at COPS Monitoring. “Larger companies are realising wholesale monitoring does a better job from a customer service viewpoint. We are more focused on monitoring and the quality of service. It takes a lot of money to keep up with the cyber world,” added McMullen. Wholesale monitoring companies Wholesale monitoring companies are finding that they need petabytes of storage space, among other expensive requirements. “The trend is toward technology evolving quicker, and that often requires investment and training in a monitoring center,” said Daniel Oppenheim, CEO of Affiliated Monitoring. “Because trying out new technology is so important, wholesale monitoring centers often find that they serve as a ‘laboratory’ to experiment with newer technologies. Limited trials often expand later to broader outsourcing of a company’s monitoring services”, said Oppenheim. Automated Secure Alarm Protocol “What people miss out on is that monitoring is quite complex, and there are specialised services and skillsets, and barriers to entry from a regulatory perspective,” said Moore. Adding value to the monitoring function is The Monitoring Association’s ASAP-to-PSAP service Adding value to the monitoring function is The Monitoring Association’s ASAP-to-PSAP service. The national service saves time, improves accuracy and increases efficiency in communications between monitoring centers and public safety answering points (PSAPs). The service uses the Automated Secure Alarm Protocol (ASAP). Public Safety Answering Points Up to 60 PSAPS have joined the programme, although the low number is misleading, given that a single PSAP could represent the ‘City of Houston’. (There are an estimated 6,000 total PSAPs nationwide). It has taken six to eight years to develop the program from its genesis to where it is today, when more participation is finally creating a critical mass. Technology is fundamentally changing monitoring companies. “We used to be a services company powered by a little bit of technology, but we’re now moving toward a technology services company,” said Moore. Critical ‘filtering service’ Monitoring provides a critical ‘filtering service’ between public requests for emergency service and those tasked with providing the services. In effect, monitoring centers work with manufacturers to make them more resilient to false alarms. Monitoring companies also provide a human touch in a time of need, and emotional empathy. Today, emergency information is being transmitted to PSAPs electronically, which saves time and money. The current low-taxation environment means there are fewer resources for municipal governments, so cost savings make a difference. Monitoring, a specialised skillset Increasingly, monitoring is becoming a business that requires a more specialised skillset Increasingly, monitoring is becoming a business that requires a more specialised skillset. Regulation, and the need for increasing investment, is driving consolidation. “With a decreasing number of monitoring companies, there are fewer customers for software developers and other tools. Less outside innovation makes it more likely monitoring centers will have to ‘go it alone’ and develop software and other tools internally,” said Oppenheim. Importance of monitoring systems “In effect, consolidation will serve to limit technology choices, and to increase the need to in-source a lot of expertise”, agrees Moore. Tying monitoring systems into other software systems is another continuing challenge. “People want our system tied into their system,” said McMullen. “I have two people who focus full time to tie our systems into other systems. There will be more computers talking to computers.”
A larger proportion of cyberattacks in the first half of 2019 can be attributed to electronic criminals (eCrime adversaries) compared to state-sponsored or unidentified attacks. CrowdStrike, a cybersecurity company that provides the CrowdStrike Falcon endpoint protection platform, observes that 61% of targeted cybersecurity campaigns in the first half of 2019 were sourced from eCrime adversaries, compared to 39% from other sources. Technology was the top vertical market targeted by cyber-attacks in the first half of the year CrowdStrike Falcon Overwatch platform The eCrime portion more than doubled since 2018, reflecting an escalation of criminal players in search of more and larger payouts. The trend is among the information presented in CrowdStrike’s Overwatch 2019 Mid-Year Report: Observations from the Front Lines of Threat Hunting. Falcon OverWatch is the CrowdStrike-managed threat hunting service built on the CrowdStrike Falcon platform. Technology was the top vertical market targeted by cyber-attacks in the first half of the year, followed by telecommunications and non-governmental organisations (including think tanks). Other targets (in decreasing order) were retail, financial, manufacturing, transportation and logistics, gaming, entertainment and engineering. Hospitality disappeared from the list so far this year, although Crowdstrike expects an increase in intrusions aimed at the hospitality industry to put it back in the top 10 by the end of the year. Intrusion adversaries In terms of intrusion adversaries, the top players so far in 2019 are Spiders (eCrime) and Pandas (China). Regarding initial access techniques, the most common remain, in order of prevalence, valid accounts, spear-phishing and exploitation of public-facing applications. 2009 is proving to be an active year with a significant increase in eCrime and the inter-relationships occurring across different groups as they strengthen their organisations, forge alliances and expand their footprint. Need for a proactive security posture Basic hygiene form the foundation for a strong cybersecurity program Many of the techniques used by eCrime actors are easily defensible through strong security products and a proactive security posture, says CrowdStrike, which recommends the following measures to help maintain strong defense in 2019: Be attentive to basic hygiene such as user awareness, asset and vulnerability management, and secure configurations, which form the foundation for a strong cybersecurity program. User awareness programs can combat the continued threat of phishing and related social engineering techniques. Asset management and software inventory ensures that an organisation understands it footprint and exposure. Vulnerability and patch management can verify that known vulnerabilities and insecure configurations are identified, prioritised and remediated. Multifactor authentication (MFA) should be established for all users because today's attackers are adept at accessing and using valid credentials. A robust privilege access management process will limit the damage adversaries can do if they get in and reduce the likelihood of later movement. Implementing password protection prevents disabling or uninstalling endpoint protection that provides critical prevention and visibility for defenders. Countering sophisticated cyber attacks As sophisticated attacks continue to evolve, enterprises face more than a "malware problem" As sophisticated attacks continue to evolve, enterprises face more than a "malware problem." Defenders should look for early warning signs that an attack may be underway, such as code execution, persistence, stealth, command control and lateral movement within a network. Contextual and behavioral analysis, when delivered in real time via machine learning and artificial intelligence, effectively detects and prevents attacks that conventional "defense-in-depth" technologies cannot address. "1-10-60 rule" in combating advanced cyber threats CrowdStrike recommends that organisations pursue a "1-10-60 rule" in order to effectively combat sophisticated cyberthreats. That is, they should seek to detect intrusions in under one minute; to perform a full investigation in under 10 minutes, and to eradicate the adversary from the environment in under 60 minutes. A source at CrowdStrike said "Meeting this challenge requires investment in deep visibility, as well as automated analysis and remediation tools across the enterprise, reducing friction and enabling responders to understand threats and take fast, decisive action."
Private video systems are offering new sources of evidence for police investigations. Growing popularity of private camera registration schemes are facilitating police department access to video captured by cameras in homes and businesses for use in their investigations. Camera registration programmes are organised locally by individual police departments but have common features and operation. By registering their camera systems, citizens and business people provide information to a confidential database listing any cameras police can quickly access in the event of a crime. Knowing which cameras may be near a crime scene avoids police having to go door-to-door in search of possible video footage. Because perpetrators are more careful and aware of possible video coverage in and around a crime scene, video to solve a crime may also come from a camera several blocks away. The best evidence may not be of the crime scene itself but video of nearby pathways and streets. Today’s camera systems also provide information such as location, date and time that can help an investigation Ability to record and retain video Access to cameras can also provide additional viewing angles to provide police new leads such as type of car, clothing, etc. Another benefit is possible use of a camera’s view to help locate lost children, elderly or disabled persons. In addition to actual video, today’s camera systems also provide information such as location, date and time that can help an investigation or be used as evidence in court. Basic requirements for participating video systems are exterior-facing cameras and the ability to record and retain video. It is important to note that registering a camera system with a local police department does not provide active surveillance or a “live feed” of video. Video is only shared after a crime has been committed and when the police request specific video as possible evidence. Registration of camera systems is voluntary Registration merely enables a police department to know where accessible cameras are located. Police then arrange viewing of video footage after the fact by communicating with the camera owners; if a police visit to a residence might pose an additional risk for any reason, camera video today can often be accessed remotely. Registration of camera systems is voluntary; a state-wide proposal in New Jersey in 2015 calling for mandatory camera registration faced privacy backlash and was later amended to make registration voluntary. Collected information is typically the name of the camera owner, contact information, an address where the cameras are located; how many cameras are at the location, the area recorded by the cameras and how the footage is saved. Police arrange viewing of video footage by communicating with the camera owners Residential security camera Portland, Oregon, launched its CrimeReports camera registration programme in 2017, part of its wider effort to get residents involved in fighting crime. In Philadelphia, the police department has been registering cameras since 2011 under its SafeCam programme. The Philadelphia Department of Commerce offers a payment, up to $3,000, to reimburse business owners who install cameras and register them with the police. Camera registration is yielding results. Baltimore’s Citiwatch camera registration system has had a direct impact on criminal apprehension. The San Luis Obispo, California, Police Department reports a high success rate identifying suspects in cases where additional video evidence exists because of the camera registration programme. In Fort Worth, Texas, last May, a residential security camera played a role in capturing a kidnapping suspect. Privacy concerns and community feedback Many of the camera registration schemes have localised branding or acronyms, such as the S.C.R.A.M. (Security Camera Registration and Mapping) programme of Milton, Georgia; the C.A.P.T.U.R.E. (Community and Police Team Up to Record Evidence) programme of New Braunfels, Texas; or the RockView programme of Rockville, Maryland. The idea is based on willing participation of public citizens in helping law enforcement do their jobs Privacy concerns and community feedback prompted Vancouver, Washington, to suspend a camera registration programme for weeks until it could be re-launched earlier this year. Although cities seek to protect information about the locations of cameras, it might be subject to disclosure because of public records laws. Law enforcement and crime prevention Registration of cameras is another aspect of involving the community in law enforcement and crime prevention, not unlike the commonplace Neighbourhood Watch programmes. The idea is based on willing participation of public citizens in helping law enforcement do their jobs. Making video footage available provides important evidence in much the same way a witness to a crime would hopefully testify if asked. By multiplying the availability of cameras that could view elements of a possible crime, the idea is also akin to the modern concept of “crowdsourcing” – the practice of obtaining information or input by enlisting a large number of people. Local jurisdictions stipulate that registrants in the programme should not be construed as agents and/or employees of the police department. There is also a crime prevention element to the programmes, in addition to helping police do their jobs better and more efficiently. Some camera registration programmes provide stickers or yard signs to let the neighbourhood know that their security cameras are helping to fight local crime.
HID Global, global provider of trusted identity solutions, has enabled BigWise, a global provider of wise solutions worldwide, to bring the security and convenience of biometrics to its retail and restaurant customers. BigWise went from concept to a pilot of its new biometric-enabled Stellar POS platform at a major customer within 30 days using the HID DigitalPersona fingerprint biometric solution. HID DigitalPersona fingerprint biometric solution HID’s fingerprint biometric solution significantly shortened our path for secure fingerprint biometric authentication" “HID’s fingerprint biometric solution significantly shortened our path for adding secure fingerprint biometric authentication services to our Stellar POS platform,” said Jose Rivas, founder and CEO, BigWise Corporation. He adds, “We were able to move very quickly to give our customers valuable new capabilities for stopping internal theft and fraud while simplifying employee access to the Point of Sale (POS) terminal. We expect our lead customer to roll out this new biometric-enabled Stellar POS solution in their operations in the very near future and are excited about the product’s broader market opportunities for us.” EikonTouch fingerprint biometric readers Taking advantage of DigitalPersona’s intuitive biometric software development tools, BigWise added fingerprint biometrics to their POS offering in a matter of weeks. The new solution allows customers the flexibility of choosing the HID Fingerprint biometric reader that meets their requirements, including the DigitalPersona 4500 and EikonTouch fingerprint readers. With the addition of fingerprint biometrics, Stellar POS gives organisations not only a more convenient way to login to their POS terminals but also allows them an effective way to stop labor hour fraud as well as POS theft due to unauthorised manager overrides and approvals. Stellar POS end-to-end solution “We are pleased to have helped BigWise complete this biometric authentication pilot and shorten time to market for its exciting new offering,” said Wladimir Alvarez, senior director of Sales LAM, Extended Access Technology Business Unit with HID Global. “In addition to securing their POS systems DigitalPersona fingerprint biometrics finally allows Bigwise customers to eliminate their dependence on insecure and costly passwords and swipe cards.” Stellar POS provides an end-to-end solution from the store floor or restaurant counter Stellar POS provides an end-to-end solution from the store floor or restaurant counterStellar POS provides an end-to-end solution from the store floor or restaurant counter through the full range of inventory, logistics and production processes and makes it easier to manage offers and promotions, loyalty programs, and accounting and treasury operations. BigWise sells the Stellar POS solution primarily in Colombia, Chile, Argentina and Peru. Identity management HID DigitalPersona biometric readers along with the DigitalPersona software development kit (SDK) solves security and identity management challenges for hundreds of millions of users around the world. To get developers off to a quick start, HID’s DigitalPersona developer kit includes hardware samples, downloadable royalty-free SDKs, sample code, documentation and membership in HID Global’s Crossmatch Developer WebPortal.
Following a competitive tender process Corps Security has been awarded a three-year contract to provide security services to Registers of Scotland at Meadowbank House, in Edinburgh. A team of 10 officers will provide guarding services with a focus on front-of-house, customer service, CCTV monitoring and patrols. Like-minded organisation Registers of Scotland is the public body responsible for compiling and maintaining registers relating to property and other legal documents in Scotland. Mike Bullock, Chief Executive of Corps Security, said: “We are delighted to be working with such a like-minded organisation. Corps Security is a trust which was set up to provide employment for ex-servicemen returning from the Crimea. We share values with Registers of Scotland and look forward to working closely together.”
Delfina Chain, Sr Associate Customer Engagement & Development at Flashpoint, discusses what resources defenders must access to in order to keep a finger on the pulse of the cybercriminal underground. Artificial intelligence (AI) is already being applied to diverse use cases, from consumer-oriented devices - such as voice-controlled personal assistants and self-directed vacuum cleaners - to ground-breaking business applications that optimise everything from drug discovery to financial portfolio management. So naturally, there is growing interest within the information security community around how we can leverage AI - which encompasses the concepts of machine learning (ML) and deep learning (DL) - to combat cyber threats. AI-enhanced cyber security The effectiveness and scalability of cybersecurity-related tasks has already been enhanced by AI The effectiveness and scalability of cybersecurity-related tasks, such as malware and spam detection, has already been enhanced by AI, and many expect ongoing AI innovations to have a transformative impact on cyber defence capabilities. However, security practitioners must also recognise that the rise of AI presents a potent opportunity for cybercriminals to optimise their malicious activities. Much like the rise of cybercrime-as-a-service offerings in the underground economy, threat-actor adoption of AI technology is expected to lower barriers to entry for lower-skilled actors seeking to conduct advanced malicious operations. A report from the Future of Humanity Institute emphasises the potential for AI to be used toward beneficial and harmful ends within the cyber realm, which is amplified by its efficiency, scalability, diffusibility, and potential to exceed human capabilities. Encrypted chat services Potential uses of AI among cybercriminals could include the development of highly evasive malware, the ability for automated systems to exhibit human-like behaviour during denial-of-service attacks, and the optimisation of activities such as vulnerability discovery and target prioritisation. Fortunately, defenders have a leg up over adversaries in this arms race to harness the power of AI technology, largely due to the time- and resource-intensive nature of deploying AI at its current stage in development. The purpose of intelligence is to inform a course of action. For defenders, this course of action should be guided by the level of risk (likelihood x potential impact) posed by a threat. The best way to evaluate how likely a threat is to manifest is by monitoring threat-actor activity on the deep-and-dark-web (DDW) forums, underground marketplaces, and encrypted chat services on which they exchange resources and discuss their tactics, techniques, and procedures (TTPs). Cobalt Strike threat-emulation software Flashpoint analysts often observe cybercriminals abusing legitimate technologies in a number of way Cybercriminal abuse of technology is nothing new, and by gaining visibility into adversaries’ ongoing efforts to develop more advanced TTPs, defenders can better anticipate and defend against evolving attack methods. Flashpoint analysts often observe cybercriminals abusing legitimate technologies in a number of ways, ranging from the use of pirated versions of the Cobalt Strike threat-emulation software to elude server fingerprinting to the use of tools designed to aid visually impaired or dyslexic individuals to bypass CAPTCHA in order to deliver automated spam. EMV-chip technology Flashpoint analysts also observe adversaries adapting their TTPs in response to evolving security technologies, such as the rise of ATM shimmers in response to EMV-chip technology. In all of these instances, Flashpoint analysts provided customers with the technical and contextual details needed take proactive action in defending their networks against these TTPs. When adversaries’ abuse of AI technology begins to escalate, their activity within DDW and encrypted channels will be one of the earliest and most telling indicators. So by establishing access to the resources needed to keep a finger on the pulse of the cybercriminal underground, defenders can rest easy knowing they’re laying the groundwork needed to be among the first to know when threat actors develop new ways of abusing AI and other emerging technologies.
Amthal Fire & Security has installed a bespoke designed Keyzapp management system at its head offices, to ensure the safekeeping and accountability of client keys at all times. Electronic Fire and security company Amthal required a system to improve key management processes, especially as the business has seen significant growth with an increased number of customer keys being kept on site for property protection, maintenance and monitoring services. Audit control capability for key transactions Keyzapp was selected due to its flexible design. This enabled Amthal to create a system that was easy for authorised engineers to operate, whilst management could rely on audit control capability for all key transactions, without the need for a dedicated member of staff 24/7 manually issuing and recording them. It’s really automated our complete process and has proven to save the engineering team valuable time and resource" Says Simon Kendall, Amthal Supply Chain Leader: “Amthal has a growing network of dedicated engineers that work across the country, with varying access requirements for customer’s keys that are all kept at Amthal offices. Completing manual audits for keys taken had become increasingly time consuming to ensure awareness of allocations and traceability. “The implementation of Keyzapp’s system has made such a difference. It’s really automated our complete process and has proven to save the engineering team valuable time and resource, which they can dedicate to better serving our customers. It runs itself in the background and if there is an issue, it can be resolved quickly and efficiently.” Control to key access with smart credentials Keyzapp’s simple management solutions are designed using latest technology to decrease downtime and improve work efficiencies. The ability to further add control to key access with smart credentials and audit capability ensures full visibility of keys at any time. Tim Hill, Keyzapp Director added: “What Amthal demonstrates is the importance of attention to key control. We worked with the team to tailor our system around the business requirements for asset management, including allowing 24 / 7 access with no need for dedicated staff issuing keys. “The management side has also been scaled around ensuring instant traceability to ensure growing number of keys held on site are accounted for at all times. It’s great to see it’s made such a positive impact on a leading fire and security specialist, who prides itself on ‘protecting what’s precious,’ which includes its key customer assets!” Traceability and visibility for valuable equipment Our engineers find it simple to use, and we’ve even recorded improved site attendance times" So impressed with Keyzapp, Amthal is now working on a bespoke system to manage the specialist loan equipment being booked in and out of its office stores and warehouse, to reflect the same level of traceability and visibility for valuable equipment. Jamie Allam, Commercial Director Amthal Fire & Security concluded: “Keyzapp had an instant impact on the whole team, with improved time and operational savings. Our engineers find it simple to use, and we’ve even recorded improved site attendance times. Plus the management capability is great from our perspective to help towards the efficient, operational running of our business.” User needs for security safety and convenience Independently owned, Amthal Fire & Security is dedicated to satisfying end user needs for security safety and convenience offering design, installation, service and remote monitoring of advanced electronic fire & security solutions, including intruder, Fire, Access and CCTV systems. Amthal Fire & Security is accredited by the Security Systems and Alarm Inspection Board (SSAIB) United Kingdom Accreditation Services (UKAS) and British Approvals for Fire Equipment (BAFE.)
Traka has launched a new downloadable white paper to open a discussion on the changing nature of retail banking in the UK, using latest case examples to consider branch management and shifting customer expectations. The white paper, titled ‘Shaping the retail banking industry’ looks at several factors influencing the sector, including the increasing expectations and values of customers demanding a more personalised branch experience. Key and equipment management Incorporating analysis from globally renowned financial services, including PwC, Accenture and Deloitte, the paper highlights the opportunities for innovation, together with collaboration and adoption of new operational processes. This incorporates key and equipment management to enable retail banks to deliver on top quality service. The future for retail banking could arguably also be cited as bleak and in a state of industry disruption" Says Mike Hills, Traka UK Market Development Manager and Author of the white paper: “Against a backdrop of negative press concerning the state of UK high streets, the future for retail banking could arguably also be cited as bleak and in a state of industry disruption, as customers move towards a more mobile-connected lifestyle.” Staff and customer security “However, our research in putting together this white paper tells a different story. That actually, the sector has a real chance to embrace the changes occurring and entice their customers, meeting demands for personal service. We found that brands riding the storm are taking small yet significant steps to tailor their services and make operational differences that are proving key to their success.” The white paper focusses on Traka’s experience with Nationwide Building Society to demonstrate how supporting operational efficiency can benefit banking staff and ensure they can focus on serving their customers, without compromising on security. Retail Banking security Mike concluded, “We have brought this white paper together using the latest research and intrinsic market reports, together with case evidence on the future of the retail banking industry and the issues faced by the sector to ensure long term success.” “Within this, we wish to stimulate debate and encourage views and contributions from as many different voices as possible. We look forward to your opinion, experience or comment on this matter of growing importance so together, we can look to support and shape the future of retail banking.”
Crossword Cybersecurity plc, has announced that Stevenage Borough Council, Peterborough City Council and East Hertfordshire District Council (‘the Councils’), will use Rizikon Assurance to manage compliance with the GDPR (General Data Protection Regulation) with their suppliers and for wider information governance. GDPR compliance GDPR makes many requirements of organisations, including taking adequate steps to ensure data is both encrypted and anonymised, so that in the event of a breach, the data cannot be exploited. Infringements under GDPR can lead to fines of €20 million, or 4% of annual global turnover for an organisation. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack With a combined residential population of over 430,000, the Councils have a duty to ensure that the personal information of all residents is adequately protected against the risk of data breach, either by the Councils themselves or the third-party suppliers and agencies with which they work. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack. GDPR risk exposure Using Rizikon Assurance, the Councils will improve the process and accuracy of securing third party assurance. This will support compliance with GDPR, and establish a way to manage on-going assurance checks when needed at regular intervals. Additionally, the Councils will be in a position to identify GDPR risk exposure across their supplier portfolio, so that remedial action can be taken to improve the protection of citizen data. Jake Holloway, Director responsible for Rizikon Assurance, commented, “The role of every public service organisation is to serve its citizens, often holding personal information about them on many sensitive topics such as health, benefits and education. With that comes the responsibility of ensuring that information is protected, especially when it needs to be shared with partner organisations.” Rizikon Assurance Jake adds, “Rizikon Assurance will help any organisation dramatically improve the speed and reliability of its third-party assurance processes, covering areas such as GDPR, health & safety, the Modern Slavery Act and any other requirements that they may have. It moves third party assurance from a siloed and reactive activity, to a connected, proactive continuous process that delivers a complete view of third-party risk.”
Round table discussion
Statistically speaking, incidents of terrorism are unlikely to impact most businesses and institutions. However, the mere possibility of worst-case-scenario attacks is enough to keep security professionals awake at night. Compounding the collective anxiety is the minute-by-minute media coverage when an attack does occur. The immediacy of the shared experience of global tragedy impacts us all – including security system decision-makers. We asked this week’s Expert Panel Roundtable: How is the rise in terrorism impacting the physical security market?
Employee turnover is a problem for many companies, especially among younger employees who have not developed the philosophy of employer loyalty that was common in previous generations. Nowadays, changing jobs is the norm. The idea of spending decades working for a single employer seems almost quaint in today’s economy. However, excessive employee turnover can be expensive for employers, who are looking for ways to keep their brightest and best employees happily toiling away as long as possible. We asked this week’s Expert Panel Roundtable: How can the physical security market promote better employee retention in a competitive employment environment?
In today’s global economy, goods are manufactured all over the world and shipped to customers thousands of miles away. Where goods are manufactured thus becomes a mere detail. However, in the case of “Made in China”, the location of a manufacturer has become more high-profile and possibly more urgent. The U.S. government recently banned the use in government installations of video system components from two Chinese manufacturers, presumably because of cybersecurity concerns. A simmering trade war between China and the United States also emphasises other concerns related to Chinese manufacturing. We asked this week’s Expert Panel Roundtable: Should "Made in China" be seen as a negative in the video surveillance marketplace? Why or why not?