“It’s time to bury hardware-based security solutions” argues VoipSec’s CEO

Paul German, CEO at VoipSec, believes now is the time for organisations to “bury” dedicated hardware-based security solutions.

“Recent years have seen a fundamental transformation in IT strategy, with networks being more agile and swiftly deployed and applications now deliverable quickly, in any location and scaled to meet an organisation’s requirements,” said German. “From virtualised hardware to network function virtualisation and software defined networking, the hardware and network infrastructure has become decoupled from the application and the application itself is increasingly located anywhere across the cloud.”

According to German, this decoupled approach itself demands a different approach to security. It can no longer be defined by network controls because those networks are virtual, disparate and remote. “When organisations access applications via an Internet address,” commented German, “the physical location is increasingly unknown. Security, therefore, needs to be elastic and flexible.”

German explained that the hardware-based, dedicated Session Border Controller (SBC) doesn’t fit into this model. As an approach to securing the VoIP network, German feels it’s “fundamentally flawed” on many levels.

Paul German

“It constrains an organisation’s virtualisation strategy. How can a company quickly spin up new cloud-based voice applications, for example? As organisations look to gain the cost, agility and scalability offered by hardware and network virtualisation, the hardware SBC is clearly a problem.”

German added: “Perhaps the most concerning issue is that this approach is flawed from a pure security perspective. Hardware SBCs are considered both one off investments and one off deployments. As every security Best Practice model will attest, with a constantly changing threat landscape any failure to undertake routine updates will leave the organisation vulnerable.”

To be effective, as far as German’s concerned, security solutions must reflect the emerging risk and the current deployment trend.

“A software only model that’s continually updated to mitigate the evolving threat landscape is essential. Software-based SBCs, either on premise or in the cloud, also explore community-led intelligence about threats and risk experiences to rapidly disseminate new threat information and Best Practice. This combination of routine product updates with shared intelligence ensures an attack on a single organisation can be quickly transformed into a patch or update that protects every business from the new risk.”

Despite the widespread adoption of VoIP, the majority of SBC vendors are simply failing to respond and still advise an implement once model. “They fail to update customers on the evolving threat landscape and they cannot support the agile, decoupled infrastructures now required. It begs the question: ‘Just what is the value of the hardware-based SBC?'”

STEM prodigies battle it out in competition to find UK’s next generation of cyber security talent

This year’s CyberCenturion winners are from St Paul’s School, Barnes in London. The school’s two teams scooped both first and second place, with Team B winning the competition and Team A finishing second. The day-long cyber defence competition was led by global security company Northrop Grumman and the Cabinet Office-backed Cyber Security Challenge UK. The national finals follow months of gruelling online qualifiers between over 100 teams from across the UK and overseas territories.

The candidates were tasked with defending a start-up drone-based food delivery service – named ‘Always Food Available’ – using their evolving cyber security skills to identify vulnerabilities in the company’s network and systems, repair the vital issues and maintain the company’s services, while also fending off adversaries.

“Congratulations to our winning team,” said Nigel Harrison, acting COO and co-founder of the Cyber Security Challenge UK. “They emerged victorious after a day of intense competition. The next CyberCenturion is now open for registration and we would like to encourage more young people to consider taking part. With an increasing number of processes and jobs becoming digitally-focused, it’s vital that we find workers to protect our connected world, whether they’re intelligence officers supporting the Government’s hunt for criminals or network engineers protecting the launch systems of spacecraft.”

The winning team received 16 Pi-top CEED kits for their school to help further promote STEM and cyber careers and provide them with a competitive edge for their future careers.

“The enthusiasm of the participants and the high standards among the teams in the finals has been impressive to see,” said Andrew Tyler, CEO at Northrop Grumman Europe. “We congratulate all of the finalists on their accomplishments, wish them success and look forward to the positive impact they can make in addressing the global security challenges of the future.”

Tyler went on to state: “There’s a severe shortage of diverse young people entering careers in STEM subjects, and it’s up to industry leaders like Northrop Grumman to help rectify that situation. Through CyberCenturion, we’re helping to inspire and build a diverse workforce that addresses this global imperative.”

With the backing of founding sponsors like the SANS Institute, the Challenge started out in 2010 to create a series of virtual and face-to-face competitions that would identify talented people for the cyber security industry.

Now in its eighth year, the Challenge is backed by over 50 of the UK’s most prestigious public, private and academic organisations, and hosts a wide programme of activities designed to spread the word about why cyber security is such a fulfilling and varied career while also helping talented people to access their first cyber security jobs.

Working with those at schools and universities and individuals looking to change careers, the Challenge is making a notable difference to the career prospects of people with the talent and aptitude to become cyber security professionals.

*For further information access https://cybersecuritychallenge.org.uk/

BSIA security systems guide published to help education sector officials ‘raise the alarm’

The British Security Industry Association (BSIA) has issued a free guide to aid key decision-makers within the education sector when it comes to understanding the benefits of installing intruder alarms and other security systems in order to safeguard schools.

Schools and other educational establishments face a number of security threats year round, including vandalism, arson attack and trespassers. As such, school officials have a Duty of Care to ensure that staff and student welfare is always a top priority, as well as a requirement to protect high value goods like IT equipment, personal possessions and confidential personal and financial data.

“It’s essential that key decision-makers are taking security seriously and making the necessary arrangements to protect their premises from both internal and external threats,” explained Martin Harvey, chairman of the BSIA’s Security Systems Section. “The installation of high quality intruder alarms and their integration with other security systems, such as access control and CCTV, can provide vital peace of mind that the site is being protected both in and out of school hours. With such a wide variety of products on the market, as a BSIA Section we felt it was necessary to create a helpful and concise guide to inform decision-makers of the benefits of different security systems.”

Earlier this year, the BSIA surveyed members of its Security Systems Section in order to discover their involvement in securing the education sector over the previous year. While 50% of respondents felt that the use of private security measures in the education sector had increased over the previous 12 months, 67% anticipated them increasing over the next 12 months. 67% of respondents also felt that awareness of safety and security among education professionals had remained the same in the previous year.

The new guide endeavours to highlight the benefits of installing intruder alarms and other security systems, showcasing their effectiveness in not only responding to known threats, but also in deterring criminal activity.

Recently, the BSIA also commissioned a White Paper entitled ‘The (Real) Price of Security Solutions’ on the challenges of buying and selling high quality security solutions. The document aims to explore the price versus quality debate from the perspectives of both buyers and sellers of security solutions in order to identify the relative advantages and disadvantages between low-priced and high quality solutions.

The main findings of the White Paper clearly suggest that end users would find it far more beneficial to consider and deploy high quality security solutions. In terms of intruder alarms, a high quality solution would be one that meets with all the necessary requirements to ensure an effective police response.

“There are many standards that intruder alarm systems and their installers must meet in order to ensure that good quality products and services are available for end users,” explained Harvey. “The new guide serves to highlight the essential standards with which systems should comply in order to make them truly ‘fit for purpose’.”

*Copies of the new guide can be downloaded free of charge from the BSIA’s website: http://www.bsia.co.uk/portals/4/publications/331-intruder-alarm-education.pdf

Inner Range to unveil Integriti Encrypted High Security integrated access control and security system at IFSEC International 2017

We live in an era where criminal activity has become more sophisticated and information about system hacking more readily available. With organisations being more vulnerable to attack, access control and security system manufacturer Inner Range is addressing the challenge for the security industry by adding another system to its already strong portfolio: Integriti Encrypted High Security.

Launching at IFSEC International 2017, Inner Range’s Integriti Encrypted High Security is an integrated access control and security system offering the pioneering integrated security and building management functionality of its flagship brand Integriti, but with the added advantage of being end-to-end fully encrypted to 128 bit with Mac authentication. Data encryption ensures secure LAN communications at all times, while continuous monitoring detects any fault or attempted module substation.

Chantel Smith, business development manager at Inner Range Europe, commented: “Integriti Encrypted High Security delivers end-to-end full encryption, which is essential for buildings and facilities that are of critical importance to national infrastructure and for Data Centres and research labs where there’s a heightened security risk.”

Smith continued: “Equally, we’re experiencing an increase in demand for systems from organisations big and small that don’t necessarily need end-to-end encryption to meet regulatory requirements, but understand the importance of adding an extra layer of protection for their buildings.”

The Integriti Encrypted High Security system comprises a suite of products which together offer all the elements necessary to build a fully-integrated high security system that provides complete end-to-end data encryption. The Integriti range of products includes controllers, input expansion modules, end of line modules, keypads, card readers, power supplies and equipment enclosures.

The system’s modular design delivers scope for expansion while also boasting hybrid architecture which supports both high security and standard commercial grade (resistor network) areas at the same facility at the same time. The end result is a single, holistic and affordable security solution for the entire organisation.

Expansion of the Integriti system is achieved by installing additional encrypted modules to the high security controller’s RS-485 LAN or adding additional controllers to the system. The entire platform, including multiple controllers, can be managed from the Integriti Enterprise software.

*Visit Inner Range Europe on Stand E1400 at IFSEC International 2017

Hochiki Europe offers industry and tech insight at FIREX International 2017

Hochiki Europe – the manufacturer of life safety solutions –  will be on Stand D100 at this year’s FIREX International (which runs from 20-22 June at London’s ExCeL), offering expert insight on key industry issues and showcasing an extensive range of its systems.

The company will be giving visitors live product demonstrations and guidance on how to select the right life safety system for specific environments. Visitors will also be introduced to Hochiki Europe’s new water detection system, LEAKalarm, as well as its analogue addressable life safety platform designated L@titude.

L@titude helps customers quickly locate and examine incidents occurring across premises in real time and from any location. The platform enables customers to create a fully customisable life safety system thanks to addressable loop detection circuits, conventional detection circuits, relay cards and additional sounder outputs.

Alongside a new conventional detector and an EN54-23 approved base sounder beacon, the next generation of ESP intelligent sensors will also be on display. These new sensors feature an integral short-circuit isolator (SCI) in the sensor itself, negating the need for SCI mounting bases.

Hochiki Europe’s extensive FIREscape family of emergency lighting solutions will also be showcased with working demonstrations at the event, including the new FIREscape lite stand-alone kits and the combined fire detection and emergency lighting system FIREscape+.

Stand D100 will feature a selection of specialist application equipment including intrinsically safe and SIL2-approved flame detectors, beam detectors and aspirating systems, as well as linear heat detection.

In addition to product displays, Hochiki Europe’s stand will offer a presentation area where educational seminars will take place throughout the show. Topics for discussion will include the recent revisions to emergency lighting legislation, as well as overviews of the latest life safety technologies available and how they can be applied in different environments.

The Hochiki Europe team will be on hand throughout the show to offer guidance on the best use of each technology. Visitors are encouraged to speak with Hochiki Europe’s experts for application advice.

Paul Adams, marketing manager at Hochiki Europe, commented: “FIREX International is an ideal opportunity to meet with industry stakeholders and discuss new ways in which to address key issues occurring in our sector. If you’re looking to hear from life safety experts on the latest trends and technologies, you should certainly visit our stand.”

“EMEA now top source of phishing attacks worldwide” suggests NTT Security’s Global Threat Intelligence Report

Over half (53%) of the world’s most recent phishing attacks have originated in the EMEA region, according to the 2017 Global Threat Intelligence Report (GTIR) published by NTT Security, the specialist security business within the NTT Group.

Analysing global threat trends from 1 October 2015–31 September 2016, the report also shows that, of all phishing attacks worldwide, 38% came from the Netherlands, second only to the US (41%). The data highlights that 73% of all malware globally was delivered to its victims because of a phishing attack.

According to the GTIR, which highlights the latest ransomware, phishing and DDoS attack trends and the impact of these threats against organisations, the UK was the third most common source of attacks against the EMEA behind the US (26%) and France (11%).

In terms of top attack source countries globally, the UK was second only to the US (63%) accounting for 4% of all attacks, just behind China on 3%.

The report reveals some of the biggest regional differences related to brute force attacks, which are commonly used to crack passwords. Of all brute force attacks globally, 45% started in the EMEA, which is more than the Americas (20%) and Asia (7%) combined. In addition, 45% of brute force attacks that deliberately targeted EMEA customers also started in the region.

“While phishing attacks affected organisations everywhere, the EMEA has emerged as the top region for the source of these attacks,” stated Dave Polton, global director of innovation at NTT Security. “These figures, combined with those for brute force attacks, should be of very serious concern for any organisation doing business in the EMEA, especially with the European Union (EU) General Data Protection Regulation just around the corner. Any organisation processing data belonging to EU citizens needs to demonstrate that their information security strategy is robust.”

Polton is calling for more active collaboration between business, Government and law enforcement agencies to tackle global threats and ensure measures are in place that will have a long-lasting and positive impact on global security.

Other key EMEA findings

In the EMEA, over half (54%) of all attacks were targeted at just three industry sectors: finance (20%), manufacturing (17%) and retail (17%). Over 67% of malware detected within the EMEA was some form of Trojan.

Top services used in attacks against the EMEA included file shares (45%), websites (32%) and remote administration (17%).

Frank Brandenburg, COO and regional CEO at NTT Security, said: “We all know that no security plan is guaranteed and that there will always be some level of exposure, but defining an acceptable level of risk is important. Clients are starting to understand that, by default, every employee is part of their organisation’s security team. Businesses are now seeing the value in security awareness training, knowing that educating the end user is directly connected with securing their enterprise.”

Brandenburg added: “Expanding cyber education and ensuring employees adhere to a common methodology, set of practices and mindset are key elements. Clients see that assisting and coaching their employees on the proper use of technology will only enhance the organisation’s overall security presence.”

*Download the NTT Security Global Threat Intelligence Report by accessing the following web address: https://www.nttcomsecurity.com/en/gtir-2017

Institute of Risk Management forges alliance with Chartered Institute of Loan and Risk Management in Nigeria

The Institute of Risk Management (IRM) has signed a group affiliate scheme agreement with Nigeria’s Chartered Institute of Loan and Risk Management (CILRM).

The IRM is the leading global professional body for Enterprise Risk Management and currently has over 600 members across Africa, with active regional groups in Ghana, Kenya and South Africa. The organisation is currently in the process of setting up a group in Nigeria and Zimbabwe.

Legislation dictates that all companies over a certain size must have qualified risk management professionals in place in the region, highlighting the importance of risk management to the success of both organisations and the economy.

The scheme involves the CILRM purchasing 2,500 IRM group affiliate memberships which will then be allocated across the CILRM membership network. This means that the IRM’s counterparts can benefit from demonstrating their commitment to the risk management agenda by being part of a growing global network.

Other membership benefits include events, qualifications, networking and access to online materials.

Dr Ian Livsey, CEO of the IRM, said: “This is an exciting development for both the IRM and the CILRM when it comes to strengthening the risk management profession in Nigeria and for us to work more strategically going forwards.”

Livsey added: “The IRM already had a great footprint in Africa, but this news cements the importance of the developing Nigerian market. We’re keen to progress the risk management profession globally and determined to raise the importance of enterprise risk at Board level.”

Dr Sir Oladipupo A Bailey, president and chairman of the Governing Council of the CILRM, responded: “The signing of the Memorandum of Understanding with the IRM will not only strengthen the working relationship between the two bodies, but will also go a long way towards creating awareness of risk management’s importance for the Nigerian economy, both in the private and public sectors.”

He continued: “This is another milestone achievement for the CILRM and the IRM in terms of growing and developing the profession, especially in the areas of resource enhancement and capacity building.”

*The IRM has recently launched The Big Debate, which is a series of global events, interviews and a survey designed to find out more about the Risk Agenda 2025. Click here https://www.theirm.org/risk-agenda-2025.aspx for details

Social engineering “a top cause of cyber incidents” finds Cyber Resilience Report

Research commissioned by Crises Control from the Business Continuity Institute for its annual Cyber Resilience Report 2016 confirms much of what we already suspected about the changing nature of the cyber threat and the way that cyber criminals have found new ways to defeat corporate perimeter security.

66% of respondents to the survey reported that their companies had been affected by at least one cyber security incident over the last 12 months. The costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack. This is focused on the weakest link in the corporate security chain, which is now human beings rather than technology.

The term ‘social engineering’ describes this attack vector, which relies heavily on human interaction and often involves tricking people into breaking normal security procedures. The BCI research shows clearly that phishing (ie obtaining sensitive data through false representation) and social engineering is now the single top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months.

A further 37% were hit by spear phishing (ie phishing through identity fraud).

The research has also confirmed that, to effectively counter this threat, companies now need behavioural threat detection provided by a cyber security network monitoring solution. These plug-in devices monitor your network for signs of suspicious insider activity and failed attempts to hack into the system.

They can also provide invaluable intelligence to be acted upon proactively to nip a successful hack or insider threat in the bud.

Traditional anti-virus monitoring software is no longer enough. The BCI research shows that 72% of companies have this software in place, but only 26% of real cyber security incidents were actually discovered through this route. Much worse, 18% of incidents came to attention through an external source such as a customer, a supplier or the impact on a public website.

Network monitoring solutions are much more effective than anti-virus software in terms of alerting companies to a cyber breach, with 63% of businesses having network monitoring software in place and 42% of cyber incidents being brought to attention through the work of the IT Department to whom such systems report.

The scale of the cyber threat can feel overwhelming at times, but educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience.

The message is simple… Act now before it’s too late.

GJD publishes all-new product catalogue

GJD, the manufacturer of professional external detector equipment and LED illuminators, has just announced the launch of the company’s new product catalogue featuring the complete GJD product range.

The 96-page publication introduces innovative new products and updates to existing ones, while also being packed full of technical information, product descriptions and part numbers. The catalogue has been designed to provide customers with a valuable resource for all of their perimeter detection and illumination information.

Ana Maria Sagra-Smith, GJD’s sales and marketing director, commented: “We’re so proud to launch the new catalogue and showcase the full spectrum of GJD products. Due to our extensive product range, this is our largest product catalogue ever with products to suit every application. The new catalogue is organised by product categories, which makes it quick and easy to use.”

One of the new product ranges included is GJD’s Clarius PLUS IP Infrared and White Light LED illuminators. The Clarius PLUS IP is an IP-connected illuminator with an integrated web browser interface. The range incorporates the latest dual core surface mount LEDs with enhanced optical output.

The catalogue includes information about models in GJD’s laser range, which offers precise and accurate detection. Also featured is the D-TECT IP motion detectors, which offer versatile solutions for quick and easy installations.

In addition, the catalogue highlights GJD’s commitment to quality and product certifications, as well as its bespoke capabilities such as detailed site assessments to provide tailored presence detection, LED illumination and security lighting systems.

*The catalogue can be downloaded for free from the GJD website at: www.gjd.co.uk

Wavestore expands into North America with focus on customer service and support

Wavestore, the open platform Video Management Software (VMS) developer, has opened a new office – designated Wavestore Americas Inc – in Montreal to service the company’s expanding customer base across the USA and Canada.

In combination with the firm’s headquarters in Uxbridge, the new office space significantly expands Wavestore’s footprint and supports the company’s growth strategy. With a dedicated team of sales and support professionals already in place to promote and drive the highly successful Channel Partner Program, the local office will offer the business’ portfolio of VMS products to customers across the whole of North America.

James Smith, managing director of Wavestore Global, commented: “Wavestore is currently enjoying record sales into its key focus markets, but we know that simply having great products isn’t enough. Our customers tell us that they really appreciate the fact we’re there for them when they need help with things like specification and technical support. By opening an office in North America with a dedicated team to meet local demands, we can ensure we live up to the high expectations that our customers place on our brand.”

James Smith

Mark Cup, director of Wavestore Americas, added: “We’re very proud of the success Wavestore has seen after the release of Version 6. With that success comes a need to scale our efforts, especially in a growing security market like North America. We’re looking forward to signing up customers to our Channel Partner Program. We’ll soon be running our first day-long Systems Integrator training sessions where delegates can be ‘hands on’ with the system.”