SureCloud, the provider of cloud-based, Integrated Risk Management solutions and Cyber security and Risk Advisory services, has appointed Paul Zeila as Vice-President of GRC Sales for EMEA. He will be instrumental in driving business growth and developing service lines, as well as having overall responsibility for SureCloud’s suite of GRC products.
Paul brings nearly 20 years of experience working in the GRC space with global organisations such as IBM, ACL, SAP and most recently, Deloitte. Paul has an in-depth understanding of Enterprise Risk, Governance Risk and Compliance, and has an excellent track record of sales and creating go-to-market strategies for clients.
As part of his remit at SureCloud, Paul will be responsible for managing his team based primarily out of the London office, with plans to create new regional offices and grow the sales teams across the UK in the near future. Commenting on his appointment, Zeila said: “SureCloud’s cloud-based solution is intuitive and easy to use, and it represents how people interact with software these days. A lot of the legacy tools don’t have the capabilities of SureCloud’s solutions, which really sets us apart from the competition. I see a huge opportunity and potential to help bring SureCloud’s fantastic products to market, and I can’t wait to get started.”
Richard Hibbert, SureCloud CEO, added: “Paul shows great enthusiasm for our sector and really understands the market. We have no doubt he’ll be instrumental in helping us continually drive our business forward in line with our ambitious goals.”
360 Vision Technology, globally renowned UK-based CCTV manufacturer, has announced that they will showcase their latest range of high-performance surveillance cameras on the Nukleas Integrated Security Solutions booth, Sheikh Saeed 2, G35, at Intersec 2020, 19-21 January, Dubai.
‘TX’ video transmission cameras
For those looking for a reliable 3G/4G/LTE ‘wireless’ camera video solution, 360 Vision will be showing the ultimate performance Predator, Invictus and lightweight VR Dome PTZ wireless ‘TX’ video transmission cameras. Saving installers and end-users money on installation time, the TX Range needs no fixed infrastructure and provides 3G/4G/LTE wireless transmission in difficult environments.
Suitable for rapid or temporary redeployable, or permanent deployment applications, 360 Vision’s TX technology delivers video & PTZ control from just 6 Kbps and Full 1080p HD edge recording, with remote retrieval on demand.
Wireless video transmission systems
Predator Radar scans 360 degrees once every second, to detect and track multiple objects simultaneously
“Unlike traditional off-the-shelf wireless video transmission systems, the new 360 Vision TX Range has been specifically designed to suit low-bandwidth or unreliable network conditions, such as satellite or cellular networks,” says Mark Rees, Managing Director at 360 Vision. “IK10 certified, TX Range cameras include built-in cyber security, local point-to-point Wi-Fi access, and easy Plug & Play set-up, require no fixed infrastructure and can be easily integrated into any leading VMS control systems.”
360 Vision will also be showing their latest Predator Radar compact camera. Perfect for a wide range of electronic surveillance applications, Predator Radar scans 360 degrees once every second, to detect and track multiple objects simultaneously (with 400m coverage) - providing a highly effective surveillance camera solution for wide area security monitoring and intruder detection, such as within borders and compounds.
Advanced SSL & 802.1 encryption protection
Safeguarding against hacking and ransomware attacks, 360 Vision cameras feature advanced SSL & 802.1 encryption protection, and high-performance camera technology designed to deliver secure 24/7 video imaging, reliability and performance within any application.
“We’re delighted to be at the show as part of Nukleas, the Integrated Security Solutions consortium that combines British industry excellence to support customers with complementary solutions designed to offer a refreshingly coordinated approach to all types of security projects,” Mark continues.
Single integrated solution
He further adds, “The Nukleas single integrated solution combines 360 Vision Technology’s robust camera surveillance solutions, along with the consortium members’ command and control systems, secure wireless transmission and networking, integrated communication hubs, incident management, perimeter intrusion detection, video analytics and safety solutions, all tailored and scalable for each unique project requirement.”
Outdated camera firmware and failing to change default passwords present some of the biggest weaknesses in cyber security defense. As the number of interconnected security devices keeps on growing, keeping pace with the latest updates can be tricky and very time-consuming. According to new research conducted by Genetec Inc. (“Genetec”), a technology provider of unified security, public safety, operations, and business intelligence, as many as 68.4%¬—or almost 7 out of 10—cameras are currently running out of date firmware.
Installing the latest firmware is not just about accessing exciting new features, warns Genetec. It ensures the latest cyber security protection measures are implemented as soon as they become available, a crucial step in ensuring an organisation’s resilience against cyber-attacks.
Cyber security vulnerabilities
IP cameras came with default security settings, including admin login information that is often publicly available
“Our primary research data points to the fact that more than half of the cameras with out of date firmware (53.9%) contain known cyber security vulnerabilities. By extrapolating this to an average security network, nearly 4 out of every 10 cameras are vulnerable to a cyber-attack,” said Mathieu Chevalier, Lead Security Architect at Genetec.
The research conducted by Genetec also showed that nearly 1 in 4 organisations (23%) fail to use unique passwords, relying instead on the same password across all cameras from the same manufacturer, leaving an easy point of entry for hackers once only one camera has been compromised. Until recently, IP cameras came with default security settings, including admin login information that is often publicly available on the manufacturers’ websites.
Physical security systems
While most camera manufacturers now request users to set up a new password and admin credentials at installation, businesses, cities and government organisations with older equipment never updated their passwords, potentially compromising the other critical data and systems that reside on their network.
“Unfortunately, our research shows that the “set it and forget it” mentality remains prevalent - putting an entire organisation’s security and people’s privacy at risk. All it takes is one camera with obsolete firmware or a default password to create a foothold for an attacker to compromise the whole network,” added Chevalier. “It is critical that organisations should be as proactive in the update of their physical security systems as they are in updating their IT networks.”
AAEON Atlas helps increase safety, energy efficiency, and cut costs for Smart Cities thanks to the power of Intel Movidius Myriad X.
AAEON, globally renowned provider of Smart City solutions, announces AAEON Atlas, a rugged outdoor edge node built to provide cities with flexible solutions for AI and edge computing. Featuring the Intel Movidius Myriad X, AAEON Atlas offers real-time processing for a range of Smart City applications.
AAEON NanoCOM-APL board
AAEON Atlas is based on the compact AAEON NanoCOM-APL board, featuring the Intel Atom x7
AAEON Atlas is based on the compact AAEON NanoCOM-APL board, featuring the Intel Atom x7, providing efficient computing with low power consumption. Designed with an IP66 rated fanless chassis, it can be installed onto any streetlamp, making it easy to quickly setup and deploy. It also features connectivity with WIFI, Gigabit Ethernet, or even 4G/LTE for flexible communication within an edge network or with a central cloud server. The AAEON Atlas also features built-in cameras and sensors for data collection and analysis.
The key feature of AAEON Atlas is the embedded Intel Movidius Myriad X vision processing unit (VPU). The Intel Movidius Myriad X provides a low-power, high-performance solution for on-device AI inference. AAEON Atlas is compatible with the Intel Distribution of OpenVINO toolkit, which includes built-in features such as model optimisation, hardware acceleration and more designed to maximise the capabilities of the Intel Movidius Myriad X VPU.
License plate recognition AI inference
AAEON Atlas can be deployed in a wide range of edge computing applications. As an edge gateway, AAEON Atlas can connect with up to 200 smart street lights, providing intelligent control. With license plate recognition AI inference, AAEON Atlas can power applications such as Smart Street Parking or detecting traffic violations or accidents. With traffic and congestion monitoring, AAEON Atlas can optimise traffic signals in real time to help improve traffic flow. AAEON Atlas can also anonymously detect pedestrians in crowd control and flow monitoring applications.
AAEON Atlas also comes with the full end-to-end support offered by AAEON. From concept to customisation to setup and deployment, AAEON provides customers with full support to ensure their Smart City solution is ready to go from day one.
“With AAEON quality and expertise, AAEON Atlas is the solution built to carry the weight of Smart City applications,” said Kevin Ting, Senior Product Manager with AAEON’s New Business Development division. “Whether as an IoT/AIoT gateway or providing real time AI analytics, AAEON Atlas uses the latest in Intel Vision Products to provide invaluable edge computing processing for Smart Cities.”
The physical security industry is moving fast. Evolving risks, new technologies and business changes all converged and had a profound impact on the industry in 2019. Looking back at our top articles of the year – as measured by those that received the most “clicks” at our website – provides a decent summary of how the industry evolved this year. Timely and important issues in the security marketplace dominated our list of most-clicked-upon articles in 2019. In the world of digital publishing, it’s easy to know what content resonates with the security market: our readers tell us with their actions; i.e., where they click.
Let’s look back at the Top 10 articles we posted in 2019 that generated the most page views. They are listed in order here with a brief excerpt.
1. Schneider Electric to sell Pelco to private equity firm
Schneider entered exclusive negotiations with Transom Capital Group, a U.S.-based private equity firm, to sell the Pelco business unit. Pelco is a security industry stalwart and global specialist in the design, development, and delivery of end-to-end video surveillance solutions and services including cameras, recording and management systems software.
2. High-tech drones, robots and counter-drone solutions on display
From robots to drones to counter-drone solutions, a range of new technologies [was] displayed at ISC West 2019. The Unmanned Security Expo [included] a dedicated complimentary education theater for attendees offering sessions on a range of topics. Also included [were] demos of the best UAVs (unmanned aerial vehicles), UGVs (unmanned ground robotics and vehicles) and autonomous systems on the market.
3. Hikvision and Dahua banned from buying U.S. exports
In effect, inclusion on the “entities” list restricts the export of equipment to the two companies because of their alleged involvement in “human rights violations and abuses” related to a Chinese government campaign of repression, mass arbitrary detention, and high-technology surveillance against minority groups. Equipment from the two companies is used to provide video surveillance capabilities in the Xinjiang Uighur Autonomous Region (XUAR) of China.
4. The many faces of today's facial recognition technology
Used proportionately and responsibly, facial recognition can and should be a force for good. It has the ability to do a lot more to increase security in the future. From street crime to airport security, all the way through to helping those battling addiction, the technology can take security and operations to new heights.
5. Security industry trends to be led by focus on cyber security In 2019
With a more open, connected environment come cyber-risk and data privacy concerns – which is why, in the Security Industry Association’s 2019 Security Megatrends, cybersecurity’s impact on the physical security industry ranks number one on the list. Cybersecurity is affecting all areas of the industry landscape, from security implementation to attracting top talent to the workforce.
6. Open Supervised Data Protocol (OSDP): the gold standard for access control installations
The Open Supervised Data Protocol (OSDP) is now the industry’s gold standard for physical access control installations. It was designed to offer a higher level of security with more flexible options than the aging, de facto Wiegand wiring standard. OSDP, first introduced in 2011 by the Security Industry Association (SIA), continues to evolve with significant manufacturer input.
7. Honeywell embracing AI, reinvesting in video portfolio
Although uses for artificial intelligence (AI) are still emerging in security, Honeywell sees an important role for AI in building a connected system to ensure the safety and security of a building, and more importantly, its occupants. AI allows end users to go beyond monitoring activity on a surface level to really understand the scene – from who exactly is in the area to what they might be doing.
8. A secured entrance is the first defense against an active shooter
What the majority of venues [of recent active shooter incidents] have in common is they all have a front entrance or chokepoint for anyone entering the facilities, which is why any active-shooter plan must include a strategy to secure that entry point.
9. Debunking the myths of the security of access control systems
One of the areas where we see continued confusion is around access control systems (ACS) that are deployed over networks, particularly in relation to mobile access, smart cards, and electronic locks. These technologies are often perceived as being less secure and therefore more vulnerable to attacks than older ACS systems or devices. In the interest of clearing up any confusion, it is important to provide good, reliable information.
10. At Chubb Fire and Security, ethics is a core concept with practical impact
Ethics discussions begin for employees at Chubb when they join the company; clear instructions about ethics are included as part of employee induction. There are nine modules of ethics training during employee orientation, and a discussion with an Ethics and Compliance Officer is part of the onboarding process.
Two of the most familiar names in the physical security market – Pelco and Panasonic – underwent ownership changes during 2019. Consolidation continued on multiple other fronts. Security service companies, video companies and access control companies were all among the entities involved in merger and acquisition (M&A) activity during the last 12 months. In short, the industry landscape continues to transform in response to a changing market.
Here's a look at the Top 10 M&A stories in 2019:
1. Pelco acquired by private equity firm Transom Capital
Pelco Inc. was acquired in May by Transom Capital Group, a private equity firm, from Schneider Electric. Since the acquisition, Transom Capital has been working with Pelco’s management and employees to define and direct the next chapter of the iconic company. Pelco maintains its headquarters in Fresno, Calif., and has a presence in Fort Collins, Colo., near Denver, and a sales office in the New York area, not to mention many global employees who work remotely.
2. Panasonic spins of security business
Electronics giant Panasonic sold off 80% of its video surveillance business to a private equity firm but is retaining 20%, and the new company will continue to use the well-known Panasonic brand. The move is aimed at reinvigorating a business challenged by competition from Chinese companies and lower video prices. Polaris Capital Group Co. acquired 80% of the outstanding shares of the new security systems business.
3. Qognify acquires OnSSI and SeeTec
2019 began with the acquisition of IP video management software (VMS) company On-Net Surveillance Systems (OnSSI), including SeeTec in Europe. Backed by the global investment firm Battery Ventures, Qognify completed the acquisition in the final days of 2018. With Qognify, OnSSI and SeeTec operating under one umbrella, the company provides VMS, video analytics, PSIM and critical incident management for mid-market and enterprise organizations.
4. Busy year for acquisitions at Allied Universal
Security services company Allied Universal had an active year in acquisitions, beginning in April with the acquisition of integration company Securadyne Systems in Dallas. There was an additional acquisition announced in each of the next four months: Point 2 Point Global Security, Dallas, in May; security services company Cypress Private Security in June, services company Shetler Security Services in July , and Midstate Security in August. Allied Universal announced two more acquisitions in November – low-voltage integrator Advent Systems Inc. in Chicago and Vinson Guard Service in Louisiana. Also in November, Allied announced a transformational merger with SOS Security. In December, Allied Universal acquired APG Security, South Amboy, N.J.
5. Motorola continues video push with VaaS acquisition
Following its acquisition of Avigilon in 2018, Motorola Solutions continued to build its presence in the security market in 2019 with the acquisition of VaaS International Holdings, Inc. (VaaS), a data and image analytics company. Motorola Solutions paid $445 million in a combination of cash and equity for the company, which includes fixed and mobile license plate reader cameras driven by machine learning and artificial intelligence.
6. ACRE acquires access control companies Open Options and RS2
Open Options is an open architecture access control company headquartered in Addison, Texas; and RS2 is an open systems access control provider in Munster, Ind. ACRE, global provider of security systems, wrapped up acquisition of both firms in 2019, after announcing the Open Options deal in the waning days of 2018 and following it up with the RS2 announcement in the spring. ACRE’s portfolio now consists of Vanderbilt, Open Options, RS2 and ComNet.
7. Assa Abloy expands capabilities with LifeSafety Power
Lock and access control giant ASSA ABLOY acquired LifeSafety Power in September, providing a complement to the access control portfolio. The plan is to incorporate LifeSafety Power’s knowledge of power supply and consumption throughout the ASSA ABLOY access control line. LifeSafety Power was established in 2009 and has some 65 employees. The main office is located in Libertyville, Illinois.
8. Distributor Anixter going private and selling to CD&R
Anixter International Inc., a distributor of network and security solutions, electrical and electronic solutions and utility power solutions, entered into a definitive agreement with an affiliate of Clayton, Dubilier & Rice (CD&R) to be acquired in an all cash transaction valued at approximately $3.8 billion. The transaction will result in Anixter becoming a private company and is expected to close by the end of the first quarter of 2020. Under the terms of the merger agreement, CD&R-managed funds will acquire all the outstanding shares of Anixter common stock for $81.00 per share in cash. (It has been reported that a new bidder has also emerged, although Anixter is resisting – stay tuned.)
9. Alarm.com expands commercial offering with OpenEye acquisition
Alarm.com has announced a majority-stake acquisition of OpenEye, a provider of cloud-managed video surveillance solutions for the commercial market. OpenEye is optimised for enterprise-level commercial customers requiring expansive video recording capabilities, in addition to remote viewing, administration and diagnostic reporting. Combined with the Alarm.com for Business offering, service providers partnered with Alarm.com now have solutions to accommodate commercial accounts of any size.
10. ADT makes multiple acquisitions, sells Canadian operation
Another North American security giant, ADT Inc., also had a busy year in mergers and acquisitions. In February, ADT acquired LifeShield, a pioneer in advanced wireless home security systems. In June ADT continued expanding capabilities and geographic reach via Red Hawk Fire & Security, ADT Commercial with the asset purchase agreement of Security Corporation, a commercial security integrator headquartered in Detroit, Mich. In November, ADT Commercial purchased Critical Systems, which specialises in enterprise-class fire alarm, fire suppression, life safety and integrated building security solutions for high-rise properties, healthcare campuses and data, manufacturing and distribution facilities in Atlanta. In October, ADT announced an agreement to sell its Canadian operations to TELUS Corp.
The explosive expansion of IT infrastructure has led to the identity and access management market gaining substantial momentum. As the onslaught of information technology continues, organisations are able to offer users quick and easy access to systems and information from any place, at any time. However the ease of access is inherently associated with the risk of security breach.
Organisations must find a balance between fulfilling user demands and doing so in a manner that is safe enough so that cybercriminals cannot take advantage of the system, thus strengthening identity and access management market trends.
The prominence of IAM solutions in the BFSI sector
In 2016, the world was shocked by the news of the Bangladesh bank heist in which cybercriminals were successful in conducting unauthorised money transfer from Bangladesh Central Bank to banks in Philippines, Sri Lanka and other parts of Asia. In the heist, criminals used Society for Worldwide Interbank Financial Telecommunication (SWIFT) credentials of Bangladesh Bank's employees to carry out more than three dozen fraudulent transactions and extracted $81 million from Bangladesh Central Bank.
More than three dozen fraudulent transactions and extracted $81 million from Bangladesh Central Bank.
More recently in 2018, hackers were able to siphon nearly $20 million from Mexican banks. Analysts point out that targeted bank systems had security holes that made access to internal servers much easier. Lack of strong access controls were also used by hackers to use credentials of a compromised employee to gain considerable mileage in the siphoning.
Identity and access management industry has therefore registered a lot of interest through the financial sector and banks as financial institutions need to prove themselves reliable of customers’ trust. Banks and other financial institutions are rapidly adopting identity and access management solutions capable of providing strong security starting at authentication level and extending to application and data layers.
IAM solutions make it possible for financial institutions to integrate new applications and deploy to cloud with greater ease and rapidity. With versatile hybrid deployment model provided by leading IAM solutions, connectivity to SaaS applications as well as legacy enterprise web applications happens more quickly as well as securely.
IAM solutions make it possible for financial institutions to integrate new applications and deploy to cloud
The significance of cloud and its impact on IAM market outlook
Just as the banking sector is facing the challenge of identity authentication as customers around the world are demanding any time access, the proliferation of IoT and cloud technologies is changing the very essense of society in multiple ways. With advancement in IoT technologies, the advent of smart cities has gathered considerable traction.
While sensors have been installed in New York that can detect gunshots and alert police, the city of Boston has developed a mobile app to help citizens report civic problems such as burnt out streetlights and potholes. Cities like Paris, Oslo and Hong Kong have large internet-connected statues that are filled with moss to absorb air pollution and notify operators about malfunctions.
The network of connected devices continues to expand and the rise of 5G connectivity is anticipated to connect traffic signals, air quality sensors, police patrol cars, etc., over the coming years. Reportedly there would be billions of connected devices around the world by 2020 which will naturally create immense opportunities for identity and access management industry players. This is because new security threats will continue to surface, as without efficient security all connected devices are at the risk of being hacked.
The evolution of the smart era – how will it impact IAM market dynamics?
Connected devices that constitute the very fabric of smart cities are essentially IoT devices that would be in the field for the next ten fifteen years and therefore identity and access management must be built into the system from the beginning. As identities, keys and tokens have to be managed every time new devices are added, or old ones are removed and the cloud ecosystem is updated, the security components within devices have to be managed well to extend their lifecycle.
Identity and access management must be built into the system from the beginning
Not only cities but factories are also getting smarter. The term Industry 4.0 came to be first used when the German government used it to define the country’s strategy towards increased digitization in manufacturing. As technologies like IoT and cloud computing continued to expand, they came to be included in the term, and Industry 4.0 came to represent the ecosystem of Internet-connected machines with streamlined and automated workforce and reduced production costs.
As the ecosystem continued to expand, trust and identity became important issues in order to ensure the integrity of a smart factory.
Healthcare is rapidly becoming a fully digital environment
IAM solutions – Influencing the coveted medical domain
Other fields like healthcare have also not been impervious to the effects of technological transition. Healthcare is rapidly becoming a fully digital environment that has reaped the benefits of sophisticated IT tools in delivery of care. This has however exposed sensitive healthcare data to cybercriminals who had attempted to hold critical systems and patient records of hospitals to ransom.
Healthcare is rapidly becoming a fully digital environment
In recent years more than 80% of healthcare institutions have reported that they registered some degree of cyberattacks. Providers and users are increasingly operating from multiple locations, many of which are outside the hospital premises. With users demanding to access systems through a variety of devices, identity and access management has come to witness greater traction from healthcare providers.
Over the coming years, the world will be rapidly adopting 5G networks. Though 5G promises much more speedy services for users and business ecosystems, the technology is also expected to impose greater responsibilities on confidentiality of user data and integrity of applications. Identity and access management industry players had been investing in expansive R&D as cyber threats continue to evolve and introduction of new technologies and advent of IoT drastically changes the relationship that users have with their devices.
Identity and access management is expected to be useful when much more than personal information is at stake. When cyber criminals have the power to hold hospitals or traffic signals to ransom and disrupt daily lives, health and safety become a priority for authorities and security measures have to be tightened.
For instance, after the bank heists in Mexico, the Mexican bank authorities have come to recognize the inevitability for the need of greater control and security of banking networks. Mexican banks have invested heavily over the last year in strengthening their defenses. As such measures against cyberattacks become the norm, identity and access management market is expected to register massive gains over the ensuing years.
Most customers interface with their financial institutions using automated teller machines (ATMs), which have security issues. However, there are solutions available to combat all current security threats, and the cost of protection is coming down. The ATM industry is therefore in a position to minimise losses, while ensuring consumers continue to get the vital cash they need to lead their daily lives. It is important for the ATM industry to constantly innovate to meet new security challenges. So what innovations are we going to see in the next five years?
Contactless technology will be a great help against ATM skimming, in which criminals steal personal information at ATM machines. Contactless is already being used in some European countries, and the number is increasing. Not having to insert a card into the ATM removes the opportunity to trap cards and also gets around the problem of “foreign” devices installed to read cards. So contactless technology, which some saw as the end of cash, can help make ATMs and cash more secure.
Data capture form to appear here!
Not having to insert a card into the ATM removes the opportunity to trap cards
Biometrics are certain to be used increasingly to bolster ATM security. Finger, palm, vein, iris and facial recognition all have potential in this respect. Any of these may in the future be used with or without cards, PINs and one-time codes. Speed of operation in relation to biometrics could ultimately govern their use at ATMs. There may also be privacy issues that need to be addressed.
The ATM vestibule environment must add security with proper security and surveillance equipment. ATM vestibules, or lobbies, are installed for many good reasons. For one, more convenient, 24/7 locations equals better customer retention for a bank, offering comfort and convenience. 24/7 access to ATMs, night drops, coin counters, online banking kiosks, and other self-service solutions are very much in demand. Second, ATM vestibules protect customers from inclement weather and provide a more comfortable banking environment (however, vagrancy can be an issue; therefore ATM vestibules should require card access). Security and surveillance solutions can’t just be for show.
ATMs and crime
A new crime wave is hitting automated teller machines (ATMs); the common banking appliances are being rigged to spit out their entire cash supplies into a criminal’s waiting hands.
The common banking appliances are being rigged to spit out their entire cash supplies into a criminal’s waiting hands
The crime is called “ATM jackpotting” and has targeted banking machines located in grocery shops, pharmacies and other locations in Taiwan, Europe, Latin America and the United States. Rough estimates place the total amount of global losses at up to $60 million.
The protection of ATMs
ATMs in supermarkets and pharmacies tend to be targeted because they may not be as well-protected, and store personnel likely would not know who is authorised to work on the ATM. In contrast, anyone approaching an ATM at a bank location would be more likely to be challenged.
ATM jackpotting originated back in 2010 when Barnaby Jack, a New Zealand hacker and computer expert, demonstrated how he could exploit two ATMs and make them dispense cash on the stage at the Black Hat computer security conference in Las Vegas. Since then, malware has been created and made available on the “Dark Web” that can instruct an ATM to dispense all its cash on demand.
ATM jackpotting is a combination of a physical crime and a cyberattack
ATM jackpotting is a combination of a physical crime and a cyberattack. Typically, a criminal with a fake ID enters a grocery shop or pharmacy posing as an ATM technician, then uses a crowbar to open the top of the ATM – the “top hat” – to gain access to the personal computer that operates the machine.
Once he or she has access to the PC, they remove the hard drive, disable any anti-virus software, install a malware program, replace the hard drive and then reboot the computer. The whole operation takes about 30 seconds. The malware then enables the thief to remotely control the ATM and direct it to dispense all its cash on command.
If a legitimate customer approaches the machine in the meantime, it can operate as usual until activated otherwise by the malware.
Catch up on part one and part two of our banking security mini series.
It is an exciting time at German intelligent video company MOBOTIX, which has launched a next-generation platform that builds on their legacy of video at the edge while opening up the system to third-party partners that can build even more capabilities.
MOBOTIX unveiled the new M7 platform and M73 camera at the MOBOTIX Global Partner Conference in Mainz, Germany, in October. MOBOTIX M7 is a powerful, decentralised and secure modular IoT-video system based on deep learning modules. The feedback has been “overwhelming,” says MOBOTIX CEO Thomas Lausten. The new technology will also be featured in the United States at the 2020 MOBOTIX Partner Summit in Hollywood, Fla., in January.
A different video surveillance
"What you see is a different way of doing video surveillance,” says Lausten. “Our focus on the edge is the difference between us and other companies.”
The new MOBOTIX 7 open solution provides an “edge platform” that can be used for a variety of applications, which are provided as “apps” that leverage the platform’s hardware for specific uses, from object detection to face detection to people counting. The new M75 high-end camera incorporates the new platform.
The MOBOTIX application programming interface (API) makes it possible for hundreds more apps to be developed over time
Currently there are 19 apps available to empower various applications, and availability of the MOBOTIX application programming interface (API) makes it possible for hundreds more apps to be developed over time. If a MOBOTIX partner creates a new app for a specific project, “now he can use it not just for one project but can put it in the app store and sell it all over the world,” says MOBOTIX CTO Hartmut Sprave.
Field Programmable Gate Array
The new MOBOTIX platform uses Field Programmable Gate Array (FPGA) integrated circuits that provide flexibility and versatility to be adapted to a variety of needs, from deep learning, to higher resolution, or to use with a variety of sensors, such as color, black-and-white or night vision cameras, temperature sensors or microphones. “We can literally include any sensor requested by the market,” says Lausten.
The new camera can also be used for age analysis, crowd management or traffic analysis. It can even be used for fire or biohazard detection, incorporating thermal sensors and deep learning.
MOBOTIX have added to their legacy of video with a next generation platform
MOBOTIX developed its new platform in conjunction with Konica Minolta, which owns a majority share of the German manufacturer. The combined knowledge of the two companies created the new platform, with most of the engineering done in Germany. Konica Minolta provided an object detection algorithm, for example, and deep learning capabilities that are being used with the cameras. The two companies are also developing the business together. “They are rolling out our technology on their website throughout the world,” says Lausten. “We are basically part of a global development organisation.”
MOBOTIX developed its new platform in conjunction with Konica Minolta
The new platform is also completely compatible with legacy MOBOTIX systems: “We have added what we need to what we have,” says Lausten.
Cybersecurity is a top priority for MOBOTIX. “With our camera, everything is under our control, every single line of code, and we do all the penetration testing and everything is safe,” says Sprave. In fact, MOBOTIX won the French "Trophée de la Sécurité 2019" Gold Award in the cybersecurity category for the MOBOTIX Cactus Concept, which refers to the fact that all the modules in the MOBOTIX system have “digital thorns” that protect them from unauthorized access. End-to-end encryption is used with no blind spots.
Driven by cybersecurity
Stronger cybersecurity and a focus on edge devices makes MOBOTIX inherently more cybersecure than a system of networked low-cost cameras, each of which could present a possible cyber-vulnerability.
Stronger cybersecurity and a focus on edge devices makes MOBOTIX inherently more cybersecure
The flexibility of the MOBOTIX platform expands its utility beyond security to include broader business functions. For example, the same camera that can detect criminals with face recognition can track where people are moving in a retail store, and even analyse age or demographics of customers to track buying patterns.
“Cameras are required to think and process at the edge, and that is where we see a lot of focus going, driven by cybersecurity,” Lausten says.
Lausten sees opportunity for even faster growth in the U.S. market, where they already have 30 or 40 partners. In the near term, there will be large opportunities provided by the U.S. trend toward “Chinese skepticism,” and cybersecurity concerns that have plagued the lower-cost Chinese imports. MOBOTIX products are proudly “Made in Germany.”
We live in an age when private customer data is constantly under attack from hackers. Cyber-threats have taken a front seat in the line-up of primary risks facing banks and financial institutions.
The fact that cyber-attacks are becoming more prevalent isn't the only issue; they're also becoming more complex and therefore harder to address. And although the convenient interconnectivity of the Internet of Things (IoT) creates many advantages for financial institutions, there is also an increased risk to dangerous threats.
Data capture form to appear here!
The impact of cyber heists
Money taken in cyber heists, both in banking and elsewhere, was estimated at $3 trillion
According to Cybersecurity Ventures, the amount of money taken in cyber heists, both in banking and elsewhere, was estimated at $3 trillion overall for 2015, and this substantial amount is expected to double by 2021.
In today’s environment, banks, credit unions, and financial organisations of all types are primary targets for hackers. But it’s not just the monetary loss that these businesses need to be concerned about — there is also a threat to the brand, customer trust, and employee safety.
Banking choices are influenced by how secure consumers feel when conducting transactions, either in their local branch, at an ATM or online. In one survey, a vast majority of consumers (98%) felt most secure when conducting transactions at their local banking branch, compared with 92% when conducting transactions online and 85% using a mobile phone app.
Further, 90% of consumers said they feel safer when they can see video surveillance cameras in their bank or credit union and would choose a financial institution with surveillance over one without, all other things being equal.
Here are some other key findings from the survey:
Half of consumers have walked away from an ATM without conducting their intended transaction because someone was loitering in the vestibule
60% of consumers noticed a fraudulent transaction before their financial institution, leaving plenty of opportunity for banks and credit unions to be more proactive when it comes to identifying and notifying customers about potential fraud
“Banks and credit unions recognise that today’s consumers want a mix of in-person and online banking service options and have very high expectations when it comes to security and customer service,” said Peter Strom, President and CEO, March Networks, which provides security systems for banks.
To increase security, biometric solutions are replacing PINs at physical ATMs
To increase security, biometric solutions are replacing PINs at physical ATMs and providing a more fool-proof form of identification for banking security.
Ways to increase banking security
Popular use cases include a) PIN replacement at physical ATMs; b) proof-of-presence (such as pension benefit distribution) that requires liveness detection; c) more easily authenticating multiple transactions during a single ATM session; d) incorporating biometric information directly into a smart device; and e) the ability to leverage investments in biometric enrolment databases across multiple applications.
An example of the latter is when fingerprint authentication on mobile devices used for payments and secure mobile banking is also used in conjunction with enrolled information for authentication at an ATM. The availability of interoperable authentication devices would permit cross-bank usage and pave the way for many new applications in the future.
By enrolling a citizen’s fingerprints and then creating an ecosystem in which these transactions are strongly tied to that individual’s biometrics, the potential for fraud and identity theft approaches zero, and the process is simple and convenient for users.
Read part two and part three of our banking security mini series.
Device and application security solutions provider, Trustonic has announced that OPTOLANE has selected Trustonic Secured Platform (TSP) to bring security and trust to the company’s new connected medical diagnostic device. The product is primarily used at the point-of-care for early diagnosis and preventative healthcare, particularly for diagnosing cancer, infectious diseases and congenital abnormalities.
Healthcare devices have become top targets for cybercriminals due to their critical nature, the valuable intellectual property they employ and the sensitive personal information that they collect and store. Research shows that there were 8.2 attempted cyber-attacks per connected healthcare endpoint in each month of 2018.
Smart diagnostic platform
OPTOLANE’s simple, fast and smart diagnostic platform is based on Nexell’s system on chip (SoC) platform
To ensure security, privacy and high performance, OPTOLANE’s simple, fast and smart diagnostic platform is based on Nexell’s system on chip (SoC) platform, which integrates Trustonic’s Trusted Execution Environment (TEE). OPTOLANE’s in vitro diagnostic (IVD) platform, called LOAA (Lab on an Array) Analyser, examines blood and tissue samples for multiple targets, including DNA, RNA, proteins and metabolites, in real-time. It was developed to satisfy market demand for ‘sample to answer’ IVD tools and enables sample extraction through to analysis with a single cartridge.
“Investment in connected healthtech is increasing and IVD is an important segment in the global diagnostics industry,” comments Ben Cade, CEO of Trustonic. “These solutions add significant value to diagnosis and treatment, enhancing the well-being of the general public while increasing productivity and reducing costs. But, where personal data this sensitive is being captured, processed, and transmitted, the appropriate steps must be taken to protect it from malicious actors.”
Trustonic security platform
Trustonic’s hardware-backed security platform, TSP, enables secure and private data extraction, processing, storage and transmission. The technology:
Enables a secure image processing channel from the sensor to the application processor;
Provides cryptographic tools to protect individuals’ sensitive medical data;
Ensures data integrity;
Creates a secure environment to run algorithms analysing raw data from the sensor;
Encrypts sensitive data when being shared with the cloud.
Do Young Lee, CEO of OPTOLANE, says “There is clear demand for innovative new diagnostics solutions that go from ‘sample-to-answer’ in real-time. Importantly, though, we fully understand our responsibility to protect patient data."
Enhanced data security
To deliver connectivity while protecting the sensitive personal data collected by diagnostic devices, we needed a proven hardware-backed security foundation. Trustonic’s experience protecting smartphones, wearables and IoT hardware, and securing critical mobile applications in the financial and automotive sectors, is assurance that our devices and patient data are secured to the highest standard.”
OPTOLANE expects to receive FDA certification for the new device in the first quarter of 2020. Once certification is achieved the product will be available to clinicians in healthcare facilities around the world.
Bluebird House is a specialist UK inpatient facility, providing treatment and care for young people with complex mental health problems which mean they pose a risk to themselves or others. Run by Southern Health NHS Foundation Trust, the centre also houses adolescents detained under the Mental Health Act, so the highest standards of care, protection and security are required.
As part of a wider review of security and safety across the trust, Bluebird House was earmarked for a comprehensive video surveillance upgrade and IDIS technology was chosen as the best-fit for this major project.
Providing comprehensive coverage
All IDIS equipment uses true plug-and-play set up, which minimises disruption and disturbance to patients
Galeco engineers installed 110 IDIS 12MP Super Fisheye cameras in communal and therapeutic areas inside the facility and over 40 bullets and 13 PTZ cameras cover the exterior. All the cameras are connected to six 32-channel NVRs and managed via IDIS Center video management software (VMS).
All IDIS equipment uses true plug-and-play set up, which minimises disruption and disturbance to patients, while protection against gaps in footage is provided by IDIS Smart Failover ensuring 24/7 continued recording even during network instability or drop-out. Implemented across three secure wards and two high care units, the 12MP IR Super Fisheyes provide comprehensive coverage much more affordably than two or more fixed lens cameras. Advanced IDIS video capture technology delivers complete high-definition scene coverage in all lighting conditions and allows staff to de-warp in live view as well as playback.
Automatic object detection
The 5MP bullet cameras, deployed around the building exteriors provide coverage of gardens, courtyards and car parks. IR LED that allows night-time image capture at distances up to 30m and includes intelligent functions such as active tampering alarms and trip zones and will notify the security team to any breach.
Each camera is set to perform virtual guard tours at specific times throughout the day and night
IDIS 31x Zoom IR PTZ cameras are installed along the perimeter to provide clear night-time image capture at distances up to 200m. Each camera is set to perform virtual guard tours at specific times throughout the day and night. Featuring automatic object detection, the cameras recognise and automatically track objects, people or cars capturing useful footage and alert operators of any suspicious activity. To meet patient privacy requirements, access to live and recorded footage, is limited to staff according to their ward and role.
Access to advanced features and functionality
Staff can only view and review footage from their area of responsibility at designated monitoring stations using specialist IDIS monitors designed for high-performance surveillance operations. To meet future requirements, the new IDIS solution can be linked to the trust’s local area networks (LANs) without increasing cyber- security concerns, thanks to IDIS’s use of proprietary software which is inherently resilient.
The totally cost-free IDIS Center video management software (VMS) gives security managers and senior staff a complete overview of the entire site from a 24/7 manned and centralised control room. Using the intuitive IDIS Center interface, operators have complete command and control of each camera and access to advanced features and functionality to ensure the secure and smooth day-to-day running of the site.
Authorised monitoring and access of footage
IDIS technology made this easy, and it was also the quickest and least disruptive to install
Video surveillance is a key resource for clinicians, Sr. managers and security staff at Bluebird House as they need to work closely together to deal with incidents and reduce risks of harm. Improved video coverage was needed as it would allow ongoing review of care standards and full investigation of any alleged incidents.
Patient privacy is also of paramount importance, so specialist integrator Galeco Communications was selected to implement a solution that would allow authorised monitoring and access of footage for specific rooms and wards. IDIS technology made this easy, and it was also the quickest and least disruptive to install, the most secure against cyber-attacks - in compliance with NHS requirements – and yet would deliver the lowest total cost of ownership (TCO).
Ensuring better safety and security
Replacing the centre’s ageing camera system, the IDIS solution would give complete coverage of corridors, wards and other high-risk areas in all lighting conditions. The IDIS solution has improved security, safety and care at Bluebird House by providing a complete video record of events.
Exterior cameras ensure better safety and security in outdoor communal areas
Footage from the 12MP Super Fisheye cameras give a full 360 view without any blind spots with a choice of 6 view modes and crucially provides staff with the ability to de-warp footage retrospectively. Now, if incidents need to be investigated it’s a simple task to retrieve video and provide any high-definition evidence required. Exterior cameras ensure better safety and security in outdoor communal areas, while security operators can quickly detect and respond to any suspicious activity on the perimeter.
Access and review recordings
"A key benefit for us is that this new system is so easy to use, and particularly for our clinical staff who can now access and review recordings to help them improve patient care. This video technology gives us extra confidence that our patients and staff are safe and protected” said Tracey Edwards, Head of Security at Southern Health NHS Trust.
With minimal disruption, and working in this sensitive location, Galeco engineers were able to replace an outdated system with an affordable, high-performance, cybersecure solution that is easy to maintain and operate without any ongoing license fees.
Pulse Secure advances remote access to web applications such as Microsoft Office 365 and network resources to help 3,000 staff enjoy a better work-life balance leveraging Pulse Secure. Pulse Secure, a provider of software-defined Secure Access solutions, has announced the delivery of a successful project at one of Italy’s largest media organisations designed to help foster mobile workforce productivity while ensuring protected, compliant access to cloud and data centre applications.
RCS MediaGroup is one of the leading multimedia publishing groups, active mainly in Italy and Spain across all publishing fields, spanning from newspapers to magazines, from digital to books, from TV to new media, and to training. It is also one of the top players in the advertising market and in the organisation of iconic events and major sporting formats, such as the Giro d’Italia.
Protecting against cyber-attack
We maintain several security controls across our network, as well as regularly cyber-security training"
The RCS Group publishes the daily newspapers Corriere della Sera, La Gazzetta dello Sport, El Mundo, Marca and Expansion, as well as numerous magazines, the most popular including Oggi, Amica, Io Donna, 7, YO Dona and Telva. Like many other popular enterprises, being an integral part region’s culture and communications has made RCS Group a target for cyber threat actors. “Protecting our systems against cyber-attack is a critical requirement as is ensuring our staff and journalists have easy, flexible and secure access to their work,” says Monica Venanzetti, Network Manager for RCS MediaGroup in Milan.
“To meet this need, we maintain several security controls across our network, as well as regularly conduct cyber-security training. We deployed our first VPN solution in 2006 to enable secure access to our systems and it was time to progress our capabilities.”
New cloud services
RCS MediaGroup employs over 3,000 staff including 700 journalists and as Giandomenico Oldano, Director of IT operations for RCS MediaGroup, explains, “As a group, we have an ongoing strategy to help our staff embrace smart working. This is part of an initiative to improve the work-life balance of our employees and reduce their traveling time, which in a busy city like Milan can be very time consuming.”
As part of this work-life balance strategy, RCS MediaGroup has invested in more remote, mobile and cloud technologies and recently moved its staff onto Microsoft Office 365 to encourage this transition. “To meet this need and as part of our commitment to ensuring best practice secure access, we decided to upgrade our legacy VPN to provide more capacity and to better integrate with new cloud services such as Office 365,” says Venanzetti.
Cloud single-sign on
The simplified management interface allows RCS MediaGroup to set up enterprise-wide policies"
“We examined several options and Pulse Secure provided us a modernised platform with more advanced features including endpoint compliance and cloud single-sign on. We found the tool comparatively simpler to administer, very interoperable and with a broader feature-set.” The upgrade process was straightforward, and the simplified management interface allows RCS MediaGroup to set up enterprise-wide policies that make it easy for its remote users to connect to its critical publishing systems.
The solution also incorporates client checking technology that ensures that its users’ devices, both corporate and personally owned endpoints, are running the right system and security patches before they can attach to the corporate network. “One of the most important features was deep support for our users’ devices including tablets, laptops and PCs across both Apple and Microsoft environments,” says Oldano.
“Our upgrade has been a success and provides a lot of potential for future projects that will allow us to offer secure access for more cloud-based applications. Pulse Secure has been with us throughout this process and its technology is helping us to deliver on our commitment towards smarter working for all our staff.” Pulse Secure enables enterprises to centrally manage Zero Trust Secure Access to applications, resources and services that are delivered on-premise, in private cloud and public cloud environments.
The Pulse Access Suite delivers protected connectivity, operational intelligence and threat response across mobile, network and multi-cloud environments in order to provide easy, compliant access for end users and single-pane-of-glass management for administrators. “Enterprises are fortifying capabilities to accelerate mobile workforce productivity and take advantage of cloud computing.”
Comprehensive and integrated
Pulse Secure offers a proven, comprehensive and integrated suite that works with an enterprises hybrid IT infrastructure to enable a simpler, more manageable and scalable approach to secure access,” said Paul Donovan, vice president of EMEA sales at Pulse Secure.
“We are pleased to have been selected by RCS MediaGroup, a prominent and progressive market leader in multimedia publishing and look forward to supporting their on-going digital transformation initiatives.”
Located in Eastern China, Hangzhou is the capital and most populous city of Zhejiang Province. It has registered population of 9,800,000, with total area of 16,596 km². Jianggan District is one of the five main urban areas of Hangzhou.
With a floating population of about 1.06 million, Jianggan District ranks first among Hangzhou's main urban areas. As the new administrative center of Hangzhou, it boasts the most important CBD and the largest train station and car hub in Hangzhou, bringing together various traffic elements such as highway junctions and bridges across the river.
The entire Jianggan District is promoting vital transformation in urban areas
Intelligent surveillance system
Covering 8 streets, 141 communities and 4 villages, the entire Jianggan District is promoting vital transformation in urban areas. Nevertheless, the non-registered population, accounted for about 40% of the total population, makes it hard for the local government to improve urban management in the district.
Every policeman needs to manage 1,700 citizens on average. The shortage of police force affected their work precision and led to difficulties in providing timely police response. In addition, insufficient surveillance coverage and limited intelligence system in the area resulted in inactive security measures, making it difficult for the police to achieve their goals
Integrating DoT, IoT and the internet
Based on the Dahua Heart of City (HOC) architecture supported by "Full Sensing, Full Intelligence, Full Computing and Full Ecosystem (4 Full) capabilities, Dahua Technology firmly focused on the construction needs of the area and built the overall plan of establishing an ‘online police’.
Integrating the Internet, DoT and IoT, Dahua Technology has successfully assisted the Hangzhou Jianggan Public Security in building a multi-dimensional network that targets customer value, and combines AI, big data, and cloud computing in order to obtain accurate real-time data and strengthen the current technology of “online police” operations.
Sensors and monitoring products
Dahua Technology deployed 19 sensors, hundreds of monitoring products and a sophisticated network
Moreover, Dahua Technology deployed 19 sensors, hundreds of monitoring products and a sophisticated network. It also set up 46 actual police investigation models to provide accurate instructions for Jianggan police, including property crimes analysis, situation analysis, vehicle management, people management, psychiatric control, online apprehension of violators, as well as missing person search, etc.
Compared with traditional police operation, Dahua HOC Safe City Solution has built an “Online Police” mechanism to obtain the most authentic real-time data through information technology, and carry out accurate computer applications for a more scientific service deployment, efficient police force and powerful security control.
Dahua HOC Safe City Solution
It ensures that the Jianggan police can perform properly at a given time. It also promotes the transformation of police affairs from passive to active, from extensive to subtle, from imprecise to accurate, and from offline to online, gradually carrying out the prediction, early-warning, and prevention measures of police operations.
Since 2016, the Dahua HOC Safe City Solution has helped Jianggan Public Security achieve outstanding results including enhanced police intelligence, reduced crime cases, increase in case closure rate and efficiency, improvement in public service, and speedy recovery of missing individuals, opening a new chapter for intelligent police operations.
Video storage is an important – and expensive – aspect of almost any surveillance system. Higher camera counts equate to a need for more storage. New analytics systems make it easier for operators to manage video, but that video must be dependably stored and easy to access if and when it is needed. To keep up to date on the latest developments, we asked this week’s Expert Panel Roundtable: What’s new in video storage solutions?
Securing large campus environments can be particularly demanding and requires a range of technology solutions. In effect, a campus may represent a dozen or more individual facilities to be secured, in addition to protecting the overall environment. Seeking more insight into the number and variety of needs of securing a campus, we asked this week’s Expert Panel Roundtable: What are the security challenges of protecting large campus environments?
While unpacking our bags from a trade show, it is interesting to consider the dominant themes and trends we heard and saw at the show. So it is with the recently concluded Global Security Exchange (GSX) show in Chicago, presented by ASIS International. Amid all the product promotion, training sessions, networking and tired feet at the show, what really stood out? We asked this week’s Expert Panel Roundtable: What was the big news at the GSX 2019 trade show in Chicago?