Daily Archives: 06/10/2014

KPMG acquires certain assets of cyber security firm Qubera Solutions

KPMG LLP (US) and KPMG LLP (UK) have acquired certain assets of Qubera Solutions, a leading privately-held cyber security firm that provides identity and access management services to Fortune 500 and Global 2000 companies.

The transaction strengthens the KPMG network’s security transformation capabilities in several service areas, including Cloud Identity Federation, Identity as a Service (IDaaS), Identity Governance and Identity and Access Management (IAM) solutions implementation.

Additionally, the acquisition of certain assets of Qubera Solutions elevates KPMG LLP (US) to become a top deployment partner for SailPoint, the leader in the 2013 Gartner Identity Governance and Administration Magic Quadrant.

“As threats from cyber criminals grow in scale, so companies are facing a tsunami of new legislative, organisational and regulatory requirements they must meet in order to ensure they’re managing and protecting their critical information appropriately,” said John Veihmeyer, global chairman of KPMG and chairman and CEO of KPMG in the US.

“These threats inevitably force companies to re-examine their potential vulnerabilities and seek counsel from experienced global providers. This is where KPMG’s Identity and Access Management solutions teams fit in, working across a multitude of industries to assist clients in conceptualising, designing, implementing, measuring and improving their information security programs.”

Malcolm Marshall: KPMG's global and UK head of information protection and business resilience

Malcolm Marshall: KPMG’s global and UK head of information protection and business resilience

IAM services have become integral to maintaining sustainable operations across many industries, among them financial services, healthcare and life sciences, technology, telecommunications, energy, consumer and retail as well as higher education.

Qubera’s experienced IAM analysis team and deep relationships with leading industry vendors will complement the KPMG network’s global Information Protection and Business Resilience platform, in turn strengthening the firm’s ability to help clients safeguard valuable information.

Building, delivering and supporting technology services

The Qubera management team has extensive experience of building, delivering and supporting technology services for leading organisations worldwide, while its consultants are among the most highly regarded in their specialities.

In addition, the company’s services portfolio leverages leading technical expertise and strategic partnerships to deliver effective results in the areas of enterprise business solutions, portal and content management and service-oriented architecture.

“We’re excited to join KPMG’s efforts in providing clients with the secure information access solutions that can serve as a foundation for their growth and sustainability,” said Prasad Jayaraman, CEO of Qubera Solutions. “Access to the KPMG network’s deep well of resources and diverse set of advisory capabilities will help bolster our ability to provide clients with an unparalleled level of service.”

Mike Nolan – global partner-in-charge for KPMG’s Risk Consulting Services – added: “The ability to provide leading information protection solutions such as identity and access governance, directory services, cloud governance, authentication and authorisation as well as application security services supports KPMG’s mission to help clients align their risk appetite with ongoing business goals.”

Malcolm Marshall, KPMG’s global and UK head of information protection and business resilience, stated that the deal results in continuous growth in capabilities and resources across the local market.

“Our acquisition of certain assets of Qubera means that KPMG is adding exceptional technology talent in the form of individuals able to address increasing client demand for robust identity and access solutions,” said Marshall. “We can stay on pace in becoming a world-leading cyber security practice.”

*Financial terms of the agreement will not be disclosed

Advertisements

Leave a comment

Filed under Risk UK News

Government commitment “crucial” in the continued fight against Cash-in-Transit crime

Despite attack levels reaching an all-time low in 2013, falling victim to violence and robbery remains a very real threat for the security sector’s dedicated Cash-in-Transit couriers. With interim reports for 2014 suggesting crime figures within this sector are in danger of rising, the British Security Industry Association (BSIA) plans to continue its work aimed at reducing the risks faced by couriers as they fulfil this essential public service.

Transporting around £500 billion every year – the equivalent to a staggering £1.4 billion every day, in fact – the UK’s Cash-in-Transit industry performs an essential public service, keeping cash moving around the country and supporting banks, retailers and businesses alike by facilitating millions of transactions on a daily basis.

However, the large amount of money and valuables involved renders Cash-in-Transit couriers particularly vulnerable to attempted robberies and often violent assaults.

In 2013, the number of attacks perpetrated on cash couriers reached a record low, with just 270 attacks taking place. That figure is 30% less than in 2012, in fact, and represents an impressive 75% decrease on the all-time high of 1,060 attacks recorded back in 2009. Despite this reduction, though, couriers remain vulnerable to attack, particularly when carrying cash across the pavement from their secure vehicle to the client’s premises.

Serious injury remains a very real threat. Overall injury rates have decreased since 2012, but almost a quarter of attacks in 2013 (24%) resulted in some kind of physical harm being done to the couriers involved. In addition, the proportion of attacks where firearms were used (or their use was intimated) rose from 10% in 2012 to 14% in 2013.

The Government's ongoing commitment will be crucial in the fight against Cash-in-Transit crime

The Government’s ongoing commitment will be crucial in the fight against Cash-in-Transit crime

Partnership approach involving Government and the police service

Reducing the risks faced by cash couriers remains a key focus of the partnership approach taken by the private security industry – in conjunction with the Home Office and police forces across the country – to tackle Cash-in-Transit crime. With 2014’s figures indicating some slight month-on-month rises in the number of attacks carried out on cash couriers, the commitment of all stakeholders to the continuation of this partnership approach has arguably never been more important.

Steve Hurst, the head of SaferCash, commented: “For couriers going about their daily duties these attack figures can never be far from their minds. It’s for this very reason that we as an industry, along with our colleagues in Government and police forces across the country, cannot afford to rest on our laurels.”

Established in 2007, SaferCash is a security initiative which aims to reduce the number of attacks on cash couriers through the effective sharing of intelligence between members of the Cash-in-Transit industry and police forces nationwide. Operated by the BSIA, SaferCash provides a national framework for information and intelligence sharing between individual police forces and operational security personnel, while also affording essential and immediate support for Cash-in-Transit crew members who may have witnessed a suspicious incident or activity.

Establishing a partnership between industry and the police service has given SaferCash the ability to identify linked offences and spot where organised crime groups are active across force boundaries. In the case of Cash-in-Transit, these groups are operating on an increasingly nationwide basis, impacting on local communities and often using the proceeds of their crimes to fund other criminal enterprises such as drug dealing or human trafficking.

Keeping couriers safe is the key objective of SaferCash. With most robberies and attacks on couriers taking place as they cross the pavement, it’s essential to minimise the distance couriers have to travel between the secure vehicle and the delivery premises. This means that many vehicles are forced to park illegally in order to make safe deliveries.

Couriers remain vulnerable to attack, particularly when carrying cash across the pavement from the secure vehicle to their client’s premises

Couriers remain vulnerable to attack, particularly when carrying cash across the pavement from the secure vehicle to their client’s premises

The impact of robberies in the Cash-in-Transit sector is most keenly felt by those who suffer directly as a result of attacks. It’s the protection of victims and the prevention of future attacks which most vehemently demonstrates the need for all stakeholders to remain committed to reducing the level of Cash-in-Transit crime.

For more information about the BSIA’s Cash and Valuables in Transit Section visit: http://www.bsia.co.uk/cash-and-valuables-in-transit

Leave a comment

Filed under Risk UK News

MITIE awarded facilities management contract by BBC Worldwide

FTSE 250 strategic outsourcing company MITIE has just been awarded the prestigious facilities management (FM) contract with BBC Worldwide. The contract will run for a three-year period with provision for an extension.

MITIE will now deliver the full range of FM services including security, Front of House services, maintenance and repairs, cleaning and catering for BBC Worldwide’s new offices at Television Centre in London’s White City when they open next year.

Speaking about the new contract, Andreas Arnold (director of strategic projects for BBC Worldwide) explained: “MITIE was chosen as our FM partner due to the company’s creative approach, the cultural fit with our own business and the demonstrated use of technology to improve service delivery.”

Indeed, MITIE boasts extensive experience in the media sector, with its clients already including well-known broadcasters Channel 4, Universal Music and Sky.

MITIE has won a prestigious FM contract with the BBC

MITIE has won a prestigious FM contract with the BBC

Peter Mosley, managing director at MITIE’s Technical Facilities Management business, stated: “This is a prestigious contract to win. We’re very proud to be partnering with an organisation which has such an exceptional reputation around the world. This contract really underlines our expertise in the media sector, and is a fantastic example of a contractor and client working closely together to provide the best solution possible.”

The iconic BBC Television Centre is currently undergoing an extensive refurbishment, with the site being redeveloped into a mix of commercial spaces including a new 100,000 sq ft headquarters for BBC Worldwide in addition to private accommodation.

Leave a comment

Filed under Risk UK News

FIA calls for additional fire protection in key-critical community buildings

Isn’t it high time that all businesses were required to carry fire insurance on their buildings? Fire Industry Association (FIA) CEO Graham Ellicott reviews this key issue and explains why the FIA believes designers and building owners should consider the use of additional fire protection in buildings that are critical to local communities.

At a fire seminar that I recently attended, a risk manager from an insurer commented that fire losses continue to increase with those from larger fires leading the way. Currently, these losses stand at approximately £4 million per day. The risk manager went on to state that insurers are now dealing more with buildings on fire rather than fires in buildings.

The rationale of the UK Building Regulations is that ‘in an emergency, the occupants of any part of a building should be able to escape safely without any external assistance’ (Approved Document B to the Building Regulations). However, in many cases the designers of buildings/structures or the owners of an existing building may want to go further and increase the level of fire protection installed in the building so as to give the fire services more time to extinguish any fire that might occur. This could lead to a reduction in the amount of damage caused and, in turn, influence the subsequent insurance claim.

Added fire protection will provide extra comfort for insurers and also fire-fighters who may have to enter a fire-ravaged building after the occupants have escaped. Surely, in buildings that are critical to the community such increases in the amount of fire protection are to be applauded as nobody wants to see a school destroyed or a hospital badly damaged, do they?

Increased levels of fire protection in buildings don’t all have to be red, unwieldy and ugly on the eye. For example, many building users are concerned about excessive use of wiring for alarm systems and unseemly trunking and conduit. They’ve no need to be. Those days are gone as wireless systems with stylish multi-detectors that are easily hidden may be quickly and economically installed.

Graham Ellicott: CEO of the Fire Industry Association

Graham Ellicott: CEO of the Fire Industry Association

Indeed, it’s not just fire detection systems that may be sympathetically incorporated within any design. In general, most modern fire protection products (for example recessed sprinkler heads, flush control panels, bendable fire-resistant partitions and concealed door closers) are designed to blend in with the background.

Fire insurance on buildings

This is all good and sound advice, but isn’t it time all businesses were required to carry fire insurance on their buildings? Even very small companies are required to hold Employers Liability Insurance, so why no requirement for even a basic level of fire insurance, particularly so when many businesses experiencing a major fire cease to trade within a year of its occurrence? Too many buildings key-critical to communities, such as local Government buildings, carry no fire insurance at all.

While it’s all very well specifying an increased level of fire protection for a building, it’s equally necessary to ensure those protection systems are properly installed and maintained. At the end of the relevant phase of construction, the fire protection installer will issue a Certificate of Conformity which will claim that the product has been installed in accordance with the terms of the contract. What does the Certificate of Conformity mean? Is it really worth the paper it’s written upon?

From the FIA’s point of view, the Certificate of Conformity’s worth is greatly enhanced if it’s issued under the auspices of a third party certification scheme. Such schemes mean that competent operatives have correctly installed the specified products and that independent inspectors have randomly inspected the work.

Another good reason to make sure that the fire protection systems in buildings are properly installed and maintained is the Corporate Manslaughter and Corporate Homicide Act 2007. This states that an organisation will be guilty of the offence of corporate manslaughter if the way in which its activities are managed or organised causes a person’s death and amounts to a “gross breach of a relevant duty of care owed by the organisation to the deceased”. An organisation that’s found guilty of corporate manslaughter will be liable for an unlimited fine.

Importantly, the Act also allows the court to call for a publicity order that requires the offending organisation to publicise details of its conviction.

The FIA believes that designers and building owners should consider the use of more fire protection in buildings that are critical to the community, such as public buildings including schools, hospitals and community centres. The value to the country of keeping these buildings operational far outweighs the small additional cost of an extra level of fire protection.

Not just a ‘nice to have’ exercise

Extra fire protection is not just a ‘nice to have’ exercise. It could mean the difference between a community-critical building either surviving or not in the event of a blaze. Third party certification breeds good practice and means worthwhile Certificates of Conformity are issued. This will give confidence to the specifier, client and the enforcer that the job has been carried out to the highest standard.

Should a disaster occur, lawyers will come looking for the person with the biggest pockets. It’s highly likely that the use of a third party certificated company would be seen as the basis for a sound defence in the event of a lawsuit concerning the performance of fire protection systems.

In the worse case scenario wherein somebody is killed in a fire, the possibility of a breach of the Corporate Manslaughter and Corporate Homicide Act becomes real and, again, the use of a third party certificated company could be highly beneficial to the accused organisation defending such an action.

Leave a comment

Filed under Risk UK News

The Security Watchdog launches immigration advisory service to assist companies with legal compliance

Employment screening and vetting specialist The Security Watchdog has launched a corporate immigration advisory service through its Advisory Bureau arm designed to provide comprehensive UK immigration support and advice for those organisations wishing to employ people from outside the EU and the EEA.

The new service is particularly relevant for international company transfers and supports the growing need for organisations to look outside of the EU when it comes to specialist skilled workers.

The Security Watchdog’s team of Level 3-registered OISC immigration consultants is supporting organisations with visa applications and processes around sponsoring individuals while also providing assistance to organisations looking for a sponsor licence.

The Security Watchdog: helping UK businesses comply with the immigration laws

The Security Watchdog: helping UK businesses comply with the immigration laws

With continued tightening of UK immigration rules and repeated changes to the law, businesses must ensure that they remain up-to-date and compliant with the various regulations. This means engaging in the correct preparatory work surrounding the employment of migrant workers, ongoing compliance relating to those workers and extensive record keeping characterised and underpinned by tight controls.

For example, in June over 60 universities, further and higher education colleges and independent schools were either stripped or faced losing their right to sponsor overseas students after being found non-compliant with the law. Such an occurrence can result in severe financial and reputational damage.

Peju Ojemuyiwa, The Advisory Bureau’s senior immigration consultant, explained: “The UK’s immigration landscape is dynamic and ever-changing. Organisations at the top of their sponsor responsibilities must be constantly up-to-date with the UK immigration laws and update their processes accordingly. At The Security Watchdog, we are risk averse and ensure that we work with our clients to identify where these potential risks might lie. We then work together to create solutions that are dynamic and lasting in order to mitigate and remove such risks on a permanent basis.”

Further information on specialist immigration services for businesses can be found on The Security Watchdog’s website. Visit: http://www.securitywatchdog.org.uk/immigration-consultancy

Leave a comment

Filed under Risk UK News

BSIA issues new guidance document on lone worker protection devices

A new guide has been published by the British Security Industry Association (BSIA) to help end users of lone worker devices or smart phone apps understand exactly when to summon help by using their device.

Published on Monday 6 October to coincide with National Personal Safety Day 2014, the two-page guide outlines a number of threat situations and recommends the appropriate action to be taken.

Designed to provide a means to call for help for those individuals working alone or without direct supervision, lone worker devices and smart phone apps provide essential peace of mind for many of the six million individuals across the UK who qualify as lone workers (including those in the healthcare, transport and retail sectors).

Connecting employees with an emergency response system that has direct links to the police, lone worker solutions range from applications on smart phones through to dedicated GPS/GSM devices connected to an Alarm Receiving Centre (ARC) whose operators receive and manage alarm calls and quickly request attendance on scene from the emergency services or summon other forms of response if required.

Two-fold approach to lone worker protection

Patrick Dealtry, chairman of the BSIA’s Lone Worker Section, commented: “Almost by definition, lone working can be both intimidating and at times dangerous. The protection of lone workers involves a two-fold approach, not only to provide safeguards but also to offer reassurances to the individuals involved.”

Dealtry continued: “In order for lone worker devices to operate effectively, it’s important for end users to understand exactly what constitutes an emergency situation and use their devices accordingly. Lone worker devices should only be employed in situations where individuals face a direct threat of assault, or if they’ve suffered an accident. Using these devices to summon help in situations where there’s no direct threat, for example to report an act of shoplifting, theft or threats to other people can actually compromise the emergency response.”

Patrick Dealtry: chairman of the BSIA's Lone Worker Section

Patrick Dealtry: chairman of the BSIA’s Lone Worker Section

Educating employers and employees on the value of using lone worker solutions is the key aim of the BSIA’s Lone Worker Section which recommends the use of devices or smart phone apps certified to British Standard BS 8484 and monitored by an ARC certificated to BS 8484 (Part 6) and BS 5979 (Cat II).

Promoting and ensuring personal safety

The new BSIA guide represents the latest in a series of documents produced by the Trade Association to help both employers and employees understand the role that lone worker solutions can play in protecting vulnerable employees.

Rachel Griffin, director of personal safety charity The Suzy Lamplugh Trust, explained: “Lone worker devices can play an important role in promoting and ensuring the personal safety of employees, but all-too-too often we hear from lone workers that they’re unsure of how best to use their device or what it’s really for. The new guide stresses the importance of such solutions and provides simple instruction on how and when to use them.”

Rachel Griffin of The Suzy Lamplugh Trust

Rachel Griffin of The Suzy Lamplugh Trust

*‘Use of a Lone Worker Device or App’ can be downloaded from the BSIA’s website. For more information on the BSIA’s Lone Worker Section visit: http://www.bsia.co.uk/lone-worker

Leave a comment

Filed under Risk UK News

“Human Resources Departments are key to information security” states SANS Institute

In tandem with European Cyber Security Awareness Month, Lance Spitzner (director at the SANS Institute) suggests that Human Resources Departments have a critical role to play in helping their organisations improve information security procedures.

“Organisations are beginning to realise that they have to secure the human element as technology can only go so far,” explained Spitzner, an internationally recognised leader in the field of cyber threat research and security training and awareness. “As long as individuals store, process or transfer information then they too must be secured. One of the most effective ways in which to secure employees is to change their behaviours through an active, longer term security awareness programme.”

Spitzner (who has spoken to and worked with numerous organisations including the NSA, FIRST, the Pentagon, the FBI Academy, the US President’s Telecommunications Advisory Committee, MS-ISAC, the Navy War College and the CESG in Britain) suggests that, based on the available evidence, it’s extremely likely every large organisation will experience an information security breach at some point in time.

According to the influential Data Breach Investigation Report which has examined over 100,000 security breaches across the last decade, 81% of the incidents charted can be described by just four root causes: miscellaneous errors (27%), insider misuse (19%), crimeware (19%) and physical theft/loss (16%).

The SANS Institute believes that security awareness training must be given more importance as the likelihood of human error leading to a security breach increases

The SANS Institute believes that security awareness training must be given more importance as the likelihood of human error leading to a security breach increases

The main threat comes from human error, such as someone accidentally posting private data to a public site, sending information to the wrong recipients or failing to dispose of documents or assets in a secure manner. However, lack of security awareness also has a part to play in insider misuse, physical theft and incidents of loss.

“In the past,” continued Spitzner, “organisations have orchestrated security awareness programmes, but these were primarily compliance-driven and designed by auditors to ensure the company could ‘check the box’. These programmes consisted of nothing more than a once-a-year PowerPoint presentation or some very basic computer-based training. In recent times, host organisations have begun a fundamental shift in terms of how they approach awareness and training. They’re now building mature security awareness programmes that identify and change high risk human behaviours.”

Spitzner advocates the first task is to gain the support of management and answer the key questions of: ‘Who?’, ‘What?’ and ‘How?’

“Once you have a programme rolled out,” continued Spitzner, “you’ll need the ability to measure it. Measuring provides several things. First, it helps you identify where your greatest risks are and where you need to focus your efforts. Second, it can be used to demonstrate the value of the programme to senior management, in turn gaining you the support you need in order to keep that programme going in the longer term.”

European Cyber Security Awareness Month

European Cyber Security Awareness Month is a European Union advocacy campaign that takes place each October. The overall aim is to promote the subject of cyber security among citizens, change their perception of cyber threats and provide up-to-date security information through education and sharing of good practices.

To further support this initiative in 2014, Spitzner is running a webinar session offering a step-by-step walk through of how to take your security awareness programme to the next level. The session covers key points including how to leverage the Security Awareness Maturity Model, effectively engage people, measure change in behaviours and communicate those results to management.

Registration is available via: https://www.sans.org/webcasts/securing-human-emea-generation-awareness-programs-98857

Leave a comment

Filed under Risk UK News