Monthly Archives: June 2016

Dates announced for next Corporate Risk Associates Risk Forum

One of the UK’s leading independent risk management consultancies is inviting risk safety professionals, academics and peers in the industry to its highly acclaimed annual Risk Forum. Corporate Risk Associates (CRA) will be hosting its seventh annual conference entitled ‘To Automate or Not to Automate’ on 5-6 October at the Stratford Manor Hotel in Stratford Upon Avon.

Chaired by Jasbir Sidhu, CEO and founder of CRA, the two-day event will focus on the increasing prevalence of the use of automation in safety critical industries. The company wants to energise interest around whether the reduction of human input with the introduction of increasingly complex automated systems will be either ‘friend or foe’.

With high profile professionals and leading academics due to attend, the event promises to deliver in-depth content that will be both stretching and stimulating. The speakers will also be available for further discussions during the event.

CRAJasbirSidhu

Jasbir Sidhu: CEO and founder of Corporate Risk Associates

Sidhu very much believes that the risk management profession should have a strong voice. He said: “The CRA Risk Forum has evolved year on year as we react to what people in the industry are telling us they would like to know more about. We’re delighted to have provided this platform which creates an opportunity for experts to share Best Practice, while also transferring valuable and insightful knowledge as we all endeavour to be the best we can possibly be in our chosen profession.”

Sidhu added: “We’ve selected extremely high calibre speakers that we know will deliver expert advice in what is such a complex area. It’s going to be extremely interesting to see what the general consensus will be on automation after all of the speakers have delivered their insights with feedback shared in our open discussions.”

No less than 110 delegates attended last year’s event, with people travelling from as far afield as the West Coast of the USA and New Mexico to engage with leaders in the industry.

Sidhu continued: “We’ve always been greatly impressed by the turnout of each event we have hosted. We now run into our seventh year and, with a fantastic programme planned for the two days, we anticipate that this will be our most successful CRA Risk Forum to date both in terms of attendance and knowledge sharing.”

Established 16 years ago, CRA specialises in managing safety, reliability and risk across the nuclear, oil and gas, transportation and defence industries. The business was recently awarded the industry accolade of Risk Management Specialist of the Year by industry body Continuity Insurance and Risk (CIR). CRA is also proud to have been awarded the Institute of Physics’ Best Practice in Professional Development Award.

Leave a comment

Filed under Risk UK News, Uncategorized

“Wireless security skills need to prepare for the IoT age” urges SANS Institute

The proliferation of new wireless communication technologies within consumer electronics and smart devices is overtaking the skills harboured within the information security industry. That’s the considered opinion of Larry Pesce, a leading expert in the field and a SANS Institute instructor.

“There’s a great deal of disparity between the security of the different wireless standards, and particularly so when you compare the 802 family that were predominately built for business use and emerging technologies that came from the consumer landscape such as Bluetooth, Zigbee and Z-Wave,” explained Pesce, who co-authored the books entitled ‘Linksys WRT54G Ultimate Hacking’ and ‘Using Wireshark and Ethereal’.

“For example, Bluetooth has some solid maths around encryption, but many of the security decisions are left in the hands of the users which means things can go horribly wrong. Zigbee has a poor design for how it handles passphrase and replay packets which are highly vulnerable, while security in some of the proprietary formats like Z-Wave offers almost non-existent security.”

blank template 450x450 RGB

Pesce, who also develops real-world challenges for the Mid-Atlantic Collegiate Cyber Defence Challenge, is complementary about newer wireless protocols such as 802.15.4 and Zigbee which uses baseline profiles to help deliver enhanced security, but comments: “The technology is probably ahead of the skill sets out in the field. The problem is also somewhat underestimated.”

Pesce also highlights the privacy issues that wireless-enabled devices are starting to hit against. “If we look forward, a large number of devices in the workplace and the home will be wirelessly enabled and communicating autonomously between each other and back to manufacturers. Unless more consideration is given towards securing both the devices and the communication links, there are likely to be breaches that will burrow into this Internet of Things infrastructure and start to gather private information or act as a staging post for more damaging attacks.”

Wireless Ethical Hacking, Penetration Testing and Defences

Pesce will be teaching the SANS course SEC617: Wireless Ethical Hacking, Penetration Testing and Defences at SANS London in July. The hands-on course takes an in-depth look at the security challenges of many different wireless technologies, exposing students to wireless security threats through the eyes of an attacker.

Using readily available and custom-developed tools, students navigate through the techniques attackers use to exploit Wi-Fi networks, including attacks against WEP, WPA/WPA2, PEAP, TTLS and other systems.

The course also examines the commonly overlooked threats associated with Bluetooth, ZigBee, DECT and proprietary wireless systems.

“We’re at a crossroads from a standards perspective,” concluded Pesce. “The vendors are still mostly obsessed with ‘bigger and faster’, but there’s also increased pressure from a privacy perspective and many are having a hard time figuring it out. For information security professionals, the skills needed to secure these new types of wireless connections are in high demand.”

*More information on SANS London Summer 2016 is available at: http://www.sans.org/london-in-the-summer-2016

Leave a comment

Filed under Risk UK News, Uncategorized

Thames Water extends security contract with Zaun to May 2017

The UK’s largest water and waste company has renewed the appointment of security and perimeter fencing systems manufacturer and specialist solutions designer Zaun on a multi-million pound framework agreement for a further year to May 2017.

Thames Water Utilities retains the option to extend the deal for a further two years to 2019 at the end of the current Asset Management Programme (AMP6).

Thames Water originally selected Zaun as one of four appointed contractors on its framework agreement for the supply and installation of security fencing and gates, and one of three for ongoing maintenance. It hoped to save almost £500,000 with the framework agreement, as well as reaping the benefits of dedicated account management, certified and experienced perimeter protection designers, engineers and technicians, access to new and innovative products and robust management reporting linked to an exacting Service Level Agreement.

Thames Water manages more than 4500 sites, the majority of them unmanned, that require security to protect the water supply for over 14 million people. Accidental pollution, the safety hazards of sewage, the potential for theft and even mindless vandalism all mean that site safety and security is paramount.

ZaunThamesWaterContractRenewal

Zaun first proved its reputation with Thames Water during its multi-billion pound London Tideway improvements to create a cleaner and healthier River Thames. This entailed work on sites of Critical National Infratructure (CNI) near to the London 2012 Olympic Park at Stratford where Zaun also provided security fencing.

For AMP6, Thames Water set about a “complete transformation” of the way in which it delivers capital investment through a ‘super alliance’ including MWH Global as programme manager that expects to carry out between £2 billion and £3 billion of work, with £200 million set aside for security, in turn bringing its estate up to Defra standards and rendering it fully prepared for any security eventualities.

Thames Water has often turned to Zaun to deliver full turnkey security solutions of integrated perimeter fencing, CCTV and access control systems. Indeed, Zaun has installed its most intruder-resistant product, ArmaWeave, around secure compounds.

Chris Plimley, Zaun’s head of sales, stated: “We’re delighted to have our relationship with Thames Water extended for another year and look forward to continuing to help the client upgrade both its estate and overall security regime with the very best integrated perimeter protection systems available on the market.”

Leave a comment

Filed under Risk UK News, Uncategorized

“Faster response times needed to combat cyber threat” finds BCI survey

Two thirds of respondents to a global survey carried out by the Business Continuity Institute report that they had experienced at least one cyber incident during the previous twelve months, while 15% stated they had experienced at least ten incidents during the same period.

The frequency of these cyber incidents demonstrates exactly why it’s so important for organisations to have plans in place to mitigate them or otherwise lessen their impact.

The Cyber Resilience Report, conducted by the BCI and sponsored by Crises Control, found that there was a wide range of response times for cyber incidents. Almost a third of organisations (31%) stated that they responded within one hour. However, one fifth (19%) take a worrying four hours or more in responding to a cyber event, while almost half (44%) take more than two hours to respond. This has clear implications for the time taken to return to business as usual, and the ultimate cost of the incident to the host organisation.

IntelligenceLedSecurity2

Even if businesses wish to respond immediately to a cyber attack, the nature of the attack may render them unable to do so. The research finds that phishing and social engineering are the top causes of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months and 37% attacked by way of spear phishing.

The BCI has discovered that 45% of companies were hit by a malware attack and 24% by a Distributed Denial of Service episode. All these forms of attack will, in different ways, render an organisation’s own network either contaminated or inoperable. Their website may have been taken down and they may well have to switch off their Internet connection until they can secure themselves from further attack.

A detailed study of 369 business continuity and resilience professionals from across the world, the research also reveals that the costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

David James-Brown FBCI, chairman of the BCI, commented: “This piece of research is one of the most timely, insightful and relevant the BCI has ever produced. Cyber attacks tend to target the weakest links of an organisation. That calls for a greater awareness of cyber crime. As the cyber threat evolves, it’s crucial to stay on top of it, building long-term initiatives and regularly updating recovery plans.”

Rickie Sehgal, chairman of Crises Control, added: “Rapid communication with employees, customers and suppliers is vital for any company in terms of responding effectively to a major business disruption event such as a cyber attack. When your business is at risk, even a one-hour delay in responding to an incident can be too long. Taking more than two hours to respond, as almost half of companies appear to do, is simply unacceptable.”

Leave a comment

Filed under Risk UK News, Uncategorized

LOCKEN UK achieves official ‘seal of approval’ with globally recognised ISO 9001 certification

LOCKEN UK has just achieved ISO 9001:2008 certification for its cable-free access control solution and services.

This official ‘seal of approval’ bears testament to the strategy that the company has spearheaded ever since its inception in 2003. Certification demonstrates the LOCKEN Group’s commitment to deliver service excellence and reflects the quality of the solution, while enabling the company to affix a recognised hallmark to its expertise.

“This success is down to the involvement of the entire team,” commented Arnaud Flecchia, the company’s CFO. “Their engagement during the process clearly demonstrates that our ability to offer high-quality services is also driven by the synergies and effective communication in place within the company.”

LOCKENISO9001

The backbone of LOCKEN’s quality policy revolves round four pillars which aim at constantly enhancing customer satisfaction and the effectiveness of its organisational structure, encouraging mutually-beneficial relationships with partners, winning over new markets, gaining competitive advantage through innovation and obtaining superior performance through an entrepreneurial internal mindset.

In conversation with Risk UK, Arnaud added: “We’re very pleased to obtain ISO 9001 certification as it represents an additional strategic element that serves as an official testimony of quality and thereby enables us to better pursue our business development with major multi-site operators and large corporations.”

Stéphane Conreux, LOCKEN’s CTO, stated: “This external recognition symbolises our organisation’s ability to deliver superior performance for our customers and offers a strong guarantee of the excellence of our daily operational work in satisfying their needs.”

Created by the International Organisation for Standardisation, ISO 9001 is the most internationally recognised standard for Quality Management Systems, representing almost 72% of the total number of certificates issued on a global basis. The standard ratifies and guarantees that a given organisation’s products and services are among the best in the world.

SGS – the inspection, verification, testing and certification company – was chosen by LOCKEN to certify the company’s performance as it’s recognised as the global benchmark for quality and integrity.

Leave a comment

Filed under Risk UK News, Uncategorized

Buckinghamshire New University security graduate named Student of the Year at CIR Business Continuity Awards

A Buckinghamshire New University graduate in security and business continuity has been named Student of the Year at the CIR Business Continuity Awards.

Roger Payne studied for an MSc in Business Continuity, Security and Emergency Management, and was duly recognised at the London Marriott Hotel ceremony – where the awards were hosted – for the high quality of his dissertation.

The dissertation was an investigation into the human factors such as ‘Groupthink’, Abilene Paradox, stress, gut feel, cognitive strain and other symptoms that impact how effectively incident management teams respond during crisis periods.

RogerPayneBucksNewUniversity

Roger Payne

Motivating factor

A senior business continuity manager at RBC Capital Markets, Payne told Risk UK: “I was really surprised and overjoyed to be recognised by my peers in the industry. More important for me, however, was the fact that I decided to finally study for my MSc shortly after my father passed away. His passing acted as both a motivation and a catalyst in my life, and my MSc degree is one of the important markers of my progress.”

Speaking about his qualification at Buckinghamshire New University, Payne added: “I believe my understanding of my chosen field of expertise has grown exponentially. Despite being in the arena of business continuity management since 2004, I believe there are always ways in which to improve one’s knowledge. The MSc degree course has enabled me to begin to align previously ‘siloed’ departments and have a more risk-based approach towards organisational resilience in all of its guises.”

On his dissertation, Payne explained: “The study clearly shows that these issues are not exclusive to incident management teams, but are issues confronted by almost all teams across almost all organisations when faced with stressful situations that don’t fit into the normal understanding of business as usual.”

Fantastic achievement

Head of School and course leader Phil Wood stated: “This is a fantastic achievement by a committed and extremely capable student. Roger is a prime example of the type of people who thrive on our Organisational Resilience and postgraduate programmes. Before joining us, he was already highly proficient in his industry and his success on the MSc is both vindication of that proficiency and of the value of education in helping students towards further career goals and success.”

Wood concluded: “Roger is the latest in a series of academic award winners for dissertations in our Master’s degree. The whole team here at Buckinghamshire New University is proud of Roger and of this recognition by a demanding industry sector.”

Leave a comment

Filed under Risk UK News, Uncategorized

Binns focuses Fencing Contractors Association on delivering for its members

The Fencing Contractors Association (FCA) is on a mission to re-engage fully with members and adopt their priorities as its mission guide. That’s the mandate on which incoming chairman Adam Binns believes he has been elected since taking office for his two-year term at the Annual General Meeting (AGM) held on 25 February.

The AGM ratified the appointment of Administration Services Ltd (ASL) – who tabled a report at the meeting on its survey of all 150 members – to replace retiring general secretary Wendy Baker as the FCA’s administration specialist.

In advance of the AGM, Baker said: “After almost 18 years’ service, it will be my pleasure to have the opportunity to say a proper goodbye to the members whom I have been extremely proud to represent during my tenure.”

Adam Binns commented: “The ASL survey gives us an honest and independent insight on what we’re doing at the moment and on what is valued by members so that we can move the FCA forward and really start to deliver what they say is important to them. We’ve cut our running costs by a third, so there’s more money freed up to promote the FCA and its Certified Contractors Scheme.”

AdamBinns

Adam Binns

The Binns Fencing managing director, along with his FCA vice chairman Nick Dybeck (a director of HW Martin), now lead a “rejuvenated Council” which met on 21 April to review strategy and plot a plan for the future.

Promoting the security fencing industry

Rob Oliver of ASL stated: “What came through loud and clear from the survey is that members are very keen for the FCA to continue to promote the fencing industry as professional and for the FCA itself to be the badge of quality within it. Furthermore, given the size and scale of the industry, we ought to be able to grow membership from our current figure of 150.”

Oliver said that other member priorities include training and its promotion, especially given the national focus on apprenticeships and the fact that the industry now has a Trailblazer apprenticeship standard in development.

Members also want better communications, with regular newsletters, e-mails and briefings, more events and reasons to join forces and collaborate on matters of common interest. There’s also a stated desire for the FCA to be the ‘go to’ for guidance and business help with appropriate helplines and experts.

Oliver explained to Risk UK that ASL is looking at how much each of the Helplines is used and will table proposals very soon on which to enhance and which to shelve and how best to harness the expertise in the Council and beyond.

Delivering real value

Adam Binns concluded: “The bottom line is that we have to deliver real value and a reason to belong to the FCA if we’re to grow and strengthen our membership and the services we offer. We’re open to talking to other associations such as the Perimeter Security Suppliers Association (PSSA) and the European Fencing Industry Association (EFIA) to pool resources and strengthen our offer if that’s what works for our industry as a whole.”

The ASL team of Oliver, Robert Osborne and Kim Fitzpatrick boasts many years’ experience of working for Trade Associations, mostly in the construction sector and including the PSSA, which is widely acknowledged as having some overlap with the FCA.

The FCA was established in 1942 to help the buying of timber and other fencing materials to support the war effort. It has four specialist sub-groups: the Association of Safety Fencing Contractors, the Environmental Noise Barrier Association, the Electrical Security Fence Federation and the Gate Automation and Access Barrier Association.

Leave a comment

Filed under Risk UK News, Uncategorized

New report from WhiteHat Security reinforces that organisations must focus on risk

WhiteHat Security has issued its eleventh annual Web Applications Security Statistics Report. Compiled using data collected from tens of thousands of websites, the report reveals that the majority of web applications exhibit, on average, two or more serious vulnerabilities per application for every industry at any given point in time.

The Report’s findings are based on the aggregated vulnerability scanning and remediation data from web applications that use the WhiteHat Sentinel service for application security testing. The research shows that no industry has mastered application security. Of the 12 industries analysed, the IT, education and retail industries suffer the highest number of critical or high-risk vulnerabilities per web application (at 17, 15 and 13 respectively).

The findings also highlight that the IT and retail industries struggle to remediate in a timely manner. It takes approximately 250 days for IT and 205 days for retail businesses to fix their software vulnerabilities.

InternetSecurity2

According to the ‘Window of Exposure’ data contained in the report, another key metric organisations need to pay attention to is the number of days an application has one or more serious vulnerabilities open during a given time period. Across all industries, a substantial number of web applications remain always vulnerable.

A few key highlights of the report include: 

  • Information Technology (IT): 60% of web applications are always vulnerable
  • Retail: Half of all web applications are always vulnerable
  • Banking and financial services: 40% and 41% (respectively) of web applications are always vulnerable
  • Healthcare: 47% of web applications are always vulnerable

“We’ve observed that organisations have hundreds, if not thousands, of consumer-facing web applications, and each of these web apps has anywhere from five to 32 vulnerabilities,” said Tamir Hardof, chief marketing officer at WhiteHat Security. “This means that there are thousands of vulnerabilities across the average organisation’s web applications. While this number is overwhelming, risk ratings can really help security teams prioritise which vulnerabilities they work on fixing first. Unfortunately, what this year’s report tells us once again is that organisations are not really relying on risk levels as a baseline to inform their application security strategies.”

Remediation rates

The report also captures data on vulnerabilities that are fixed once they’re discovered. Generally, the more critical the vulnerability, the more complex they are to understand and remediate.

For nine of the 12 industries analysed, remediation rates are below 50%. In IT, less than 25% of open vulnerabilities are remediated, while vulnerabilities in this industry have an average age of 875 days. The average time-to-fix for vulnerabilities varies by industry, from approximately 15 weeks in the energy industry to 35 weeks in IT.

Key trends from 2013-2015 include the following:

  • Remediation rates declined significantly in IT, which saw a drop from 46% to 24%, and in banking, which dropped from 52% to 42%
  • Financial services and retail saw modest increases in their remediation rates, from 41% to 48% for financial services, and from 42% to 48% for retail
  • The greatest improvement was in the food and beverage industry, where remediation rates quadrupled from 17% to 62%
  • In manufacturing, rates almost doubled from 34% to 66%, while healthcare and insurance increased from 26% to 42%, and from 26% to 44% respectively

“Since 2013, the average time to fix vulnerabilities has trended upward overall, but we’ve seen some great successes with customers who’ve embedded security into the software development process,” said Ryan O’Leary, vice-president of the Threat Research Centre and technical support for WhiteHat Security.

“Discovering vulnerabilities in development is key to reducing vulnerabilities when the application is staged. Introducing source scanning, or SAST, has the potential to eliminate 80%-90% of well-known vulnerabilities. We look forward to seeing how this report will evolve as security and development teams work together more closely around shared security and risk management goals.”

Leave a comment

Filed under Risk UK News, Uncategorized

Protectas SA and Bosch Security Systems partner on new cloud-based monitoring services in Switzerland

Protectas SA and Bosch Security Systems are now partnering to provide remote video monitoring services to Protectas customers in Switzerland, home to two major Protectas Remote Control Centres.

Bosch cloud-based monitoring services enable Protectas to offer a vast portfolio of video monitoring services securely and cost-effectively from a centralised cloud server.

For its small- and medium-size customers, Protectas offers a highly effective ‘live intervention’ service, with IP cameras from Bosch monitoring key areas. Cameras detect suspicious behaviour and notify personnel at the Protectas Remote Control Centre. From this central location, the security operators view video, and can investigate and verify the suspicious behaviour being reported.

SecuritasProtectasBoschMonitoring

Through a remote audio connection, the operator notifies intruders that the police are on the way, preventing further damage.

Other vital monitoring services include video verification for indoor areas, virtual guard tours and virtual assistant, which provides immediate remote video and audio support to employees in distress with just one push of an emergency button.

The system is also designed for easy and inexpensive start-up. With only an IP camera and an Internet connection, end customers can begin using the Site Monitor App immediately for live and remote video monitoring. Benefits also include industry-specific business support services such as customer traffic reports for high-traffic retail facilities.

Fastest possible emergency response

Bosch cloud-based monitoring services and Protectas’ highly-trained operators work in synergy to ensure the fastest possible emergency response. Cloud-based alarm bundling intelligently groups related events together, significantly reducing the operator capacity needed per incident. As soon as the operator on duty initiates the alarm response process, cloud-based monitoring services displays the video operation interface, which renders a clear perspective of the situation to enable a swift and sure emergency response.

Arnaud Ducrot, CTO at Protectas, explained: “At Protectas, we’re really confident that this partnership will serve our remote guarding strategy. Including mature, efficient and cost-effective cloud services in our security solutions, especially on-site and mobile guarding, makes an important difference to our small- and medium-size customers.”

Protectas SA belongs to Securitas AB (which, incidentally, is not affiliated with the Swiss company of the same name, Securitas AG). From a broad range of services of specialised guarding, technology solutions and consulting and investigations, the business customises offerings that are suited to the individual customer’s needs in order to deliver the most effective security solutions.

Leave a comment

Filed under Risk UK News, Uncategorized

Manchester City Centre Crime Prevention Panel to run Charity Golf Day

Manchester City Centre Crime Prevention Panel’s popular Charity Golf Day returns on Tuesday 28 June at Ellesmere Golf Club, Worsley in Manchester.

Supported by Greater Manchester Police Bootle Street Sports and Social Club, this annual event supports Ronald McDonald House Charities which provide free ‘home away from home’ accommodation for families with children in hospital.

CharityGolfDay

A number of prizes will be up for grabs and teams as well as individuals are welcome to attend. The cost for a four-ball team is £325 which includes lunch and dinner.

Individual places are available at £85 per person.

Stu Pizzey MBE, Secretary to the Manchester City Centre Crime Prevention Panel, commented: “This all-inclusive day gives businesses the opportunity to invite customers, suppliers and staff to network in an informal and relaxed atmosphere while at the same time supporting a wonderful and much needed charity.”

*To book individual or team places, or to find out more information, please contact Christine Brooks on 01905 864675

Leave a comment

Filed under Risk UK News, Uncategorized