Category Archives: Security Matters

96% of UK organisations experience at least one business-impacting cyber attack in past 12 months

Tenable Inc, the cyber exposure company, has published the results of a global industry study of business and security executives that reveals the majority of UK organisations (96% of those surveyed, in fact) have experienced a business-impacting cyber attack in the past 12 months.

The data is drawn from ‘The Rise of the Business-Aligned Security Executive’, a commissioned study of more than 800 global business and cyber security leaders, including 103 respondents from the UK. The survey was conducted by Forrester Consulting on behalf of Tenable.

As cyber criminals continue their relentless attacks, 63% of respondents in the UK have witnessed a dramatic increase in the number of business-impacting cyber episodes over the past two years. Unfortunately, these attacks had damaging effects, with organisations reporting loss of employee data (44%), financial loss or theft (36%) and customer attrition (34%). Some 65% of security leaders in the UK say these attacks also involved operational technology.

Business leaders want a clear picture of how at risk they are and how that risk is changing as they plan and execute business strategies. Only four out of every ten local security leaders say they can answer the fundamental question: “How secure, or at risk, are we?” with a high level of confidence, despite the prevalence of business-impacting cyber attacks.

CyberAttack

Global respondents

Looking at global respondents, fewer than 50% of security leaders said they are framing cyber security threats within the context of a specific business risk. For example, although 96% of respondents had developed response strategies to the COVID-19 pandemic, 75% of business and security leaders admitted their response strategies were only “somewhat” aligned.

Organisations with security and business leaders who are aligned in measuring and managing cyber security as a strategic business risk deliver demonstrable results. Compared to their siloed peers, business-aligned security leaders are:

*Eight times more likely to be highly confident in their ability to report on their organisations’ level of security or risk

*90% are very or completely confident in their ability to demonstrate that cyber security investments are positively impacting business performance compared with 55% of their siloed counterparts

85% have metrics to track cyber security RoI and impact on business performance versus just 25% of their siloed peers

Business-aligned leaders

Those organisations with business-aligned cyber security leaders are also:

*Three times more likely to ensure cyber security objectives are in lock step with business priorities

*Three times more likely to have an holistic understanding of their organisation’s entire attack surface

Three times more likely to use a combination of asset criticality and vulnerability data when prioritising remediation efforts

“In the future, there will be two kinds of CISO — those who align themselves directly with the business and everyone else,” said Renaud Deraison, CTO and co-founder at Tenable. “The only way to thrive in this era of digital acceleration is to bring cyber into every business question, decision and investment. We firmly believe this particular study shows that forward-leaning organisations view cyber security strategy as essential to innovation and that, when security and the business work hand-in-glove, the results can be transformational.”

Leave a comment

Filed under Security Matters

Mitie appoints Karen Thomas-Bland as programme integration director to oversee Interserve division merger

Mitie Group plc has announced that Karen Thomas-Bland will take up a newly-created role as programme integration director for Mitie’s merger with Interserve’s Facilities Management division. Thomas-Bland will now join Mitie’s executive leadership team reporting directly to CEO Phil Bentley.

The acquisition, the detail of which was announced on 25 June, is expected to close in the fourth quarter of 2020, subject to shareholder approval. Together, the combined companies will accelerate the delivery of Mitie’s long-term technology-led FM vision, creating the UK’s largest FM company with over 77,500 employees.

Thomas-Bland started her career in strategic consulting before moving to IBM. Over the past ten years, she has led numerous integration projects for large companies including Microsoft, the National Grid, Accenture and, recently, Reed Elsevier/RELX.

Karen Thomas-Bland

Karen Thomas-Bland

On the appointment, Phil Bentley stated: “I’m delighted to welcome Karen to Mitie. The integration of Interserve’s Facilities Management division is an opportunity for us to create a new company with a strong culture. Her wealth of experience will be invaluable at this transformative time. We’re determined to create a true UK FM champion to help Britain back to business in a post-COVID-19 world and Karen’s appointment is a key step forward in achieving that ambition.”

Thomas-Bland responded: “With the opportunity to bring Interserve’s Facilities Management division and Mitie together, I’m very excited to be joining at such a pivotal time. I’m looking forward to leading an integration team which will bring together the best of both Mitie and Interserve to create an unparalleled FM partner to UK business.”

Leave a comment

Filed under Security Matters

Magenta Security celebrates 25 years of service to dedicated client base

Security company Magenta Security is celebrating 25 years of business. The firm’s commitment to providing security services and its constant advocation for positive changes to be made across the industry has helped the business to prominence.

Magenta Security has grown from a small security team in Hounslow to become a nationwide, award-winning company. Over the years, Magenta Security has expanded its offer to provide a range of services from security guarding and access control through to international private security. The business very much hopes to continue its expansion in the years to come.

The security company has demonstrated its dedication to green initiatives by becoming a zero-carbon business and being the first security company in Europe to achieve ISO 14001, which sets out the criteria for Environmental Management Systems.

AbbeyPetkar

Abbey Petkar

Magenta Security’s offices run on renewable energy sources, including solar panels, and the business is focusing on phasing out low efficiency vehicles such that they can be replaced with hybrid or electric models, while at the same time educating all staff on the principles of reduce, re-use and recycle. By making these conscious efforts, Magenta Security has become increasingly successful and something of a greener alternative to other security companies.

Abbey Petkar, managing director of Magenta Security, stated: “I am extremely proud to be celebrating our 25th Anniversary after the hard work and dedication we have put into the company for so many years. We believe our success is due to our commitment to improve the security industry and providing top quality customer service, while still managing to be very eco-conscious. My priority from the day I started this business was to never say no and find a solution for any client request. Continuing that philosophy has meant that we have substantially expanded our offer and are able to cater for all of a given client’s needs. I am really happy to see how far we’ve come as a business and I look forward to seeing us progress and succeed for another 25 years.”

Leave a comment

Filed under Security Matters

Winsted welcomes Paul Brady as new business development manager

Winsted, the Control Room consoles specialist, has announced the appointment of Paul Brady as business development manager for the UK.

Brady brings with him a wealth of experience gained across the security industry having served in roles at Morse Watchmans. Speaking about his appointment, Brady stated: “I see tremendous potential within the UK market with upcoming opportunities. I’m looking forward to working with our partners and customers and taking on the challenges that the role will bring.”

PaulBradyWinsted

Paul Brady

Terry Shough, Winsted’s general manager, commented: “On behalf of Winsted, I’m delighted to welcome Paul to the business. He’s highly regarded within his field and will be a huge asset to the team, giving us the ability to better service our customers. We’re thrilled to have him on board and wish him every success in his new role.”

Since its inception back in 1963, Winsted has consistently pioneered console design and development. The company’s product concept and design is driven by industry needs and demands, with many equipped ideas suggested by customers and developed with their input.

A dominant force in the US market for 55 years, Winsted expanded into overseas markets in 1975, primarily in England. In 1976, the business also began concentrating its efforts to establish distribution channels in the Middle East.

Winsted’s international distribution was firmly established in 1984 with the formation of Winsted Ltd in the UK. Since then, Winsted Ltd has become a design and manufacturing facility serving the European, Middle East and African markets.

Leave a comment

Filed under Security Matters

Genetec unveils ‘Innovate Everyday’ webinar series for end users and integrators

Genetec, the developer of unified systems for enhanced security, operations and intelligence, has announced a new series of webinars designed to assist end users and system integrators in navigating these testing times.

The sessions outline ways in which customers from various industries are repurposing their existing physical security systems in order to solve specific pandemic-related issues. In addition, they will cover ways in which Genetec is evolving its own solutions to address critical new requirements.

GenetecWebinar

The details for the upcoming webinars are as follows:

Thursday 16 July

Privacy now and after COVID-19 Amid a public health crisis, the global pandemic is raising questions about privacy. How can technology help?

Tuesday 21 July

Physical security innovations to help during the pandemic In this session, experts will discuss the new reality and how technology is being developed and deployed

Tuesday 4 August

Delivering new innovations Experts from Genetec, Quanergy and HID will discuss collaborative innovations that are supporting end users in the current environment

Tuesday 18 August

Identity as the new perimeter Experts will discuss why identity is now the backbone to infrastructure management and the enforcement of security policies

Wednesday 26 August

Machine Learning: Making sense of data Data scientists will explain the use of machine learning to improve product performance, give users greater insights into their physical security data and enable organisations to more effectively automate their processes

*For more information or to register for any of these webinars visit https://www.genetec.com/innovate-everyday

**Watch the promotional video here: https://www.youtube.com/watch?time_continue=1&v=auYzGXGbxgE&feature=emb_logo

Leave a comment

Filed under Security Matters

SALTO Systems launches Neo Cylinder access control solution for end users

SALTO Systems, the manufacturer of electronic access control solutions, has released the SALTO Neo Cylinder – a new electronic cylinder that, according to the company, “offers more features and better functionality” for end users than any other cylinder currently on the market.

The compact SALTO Neo Cylinder is designed for doors where fitting an electronic escutcheon is not possible or required. In fact, it can be installed on standard doors, server racks, gates, cabinets, electric switches and sliding doors.

The SALTO Neo Cylinder provides an effective and convenient way of securing a building or assets. The clutch system is energy efficient, dropping power consumption to impressively low levels resulting in 100,000/130,000 operations from just one set of batteries. Standby power consumption is also reduced, further extending battery life.

The IP66-rated SALTO Neo Cylinder is weather-resistant, rendering it suitable for outdoor use, even in the harshest of environments. Inside the Neo Cylinder is the latest in electronic lock technology. Certified to the highest security standards, and “incorporating ever-higher quality and reliability”, the SALTO Neo Cylinder “offers value far beyond security”. It also provides greater control over the door by offering end users access to audit trails, reports and alerts.

Thanks to smart keys and mobile technology, the SALTO Neo Cylinder enables users to manage access rights quickly and on a keyless basis (which, states the company, is more secure than using mechanical keys). Additional flexibility, convenience and operational efficiency are provided by the Neo Cylinder’s wireless technology.

SALTONeoCylinder

Keyless access

“SALTO’s new Neo Cylinder technology provides customers, systems operators and installers alike with new features and the ability to connect keyless access where we couldn’t have justified wiring a door before,” said Marc Handels, chief technology innovation officer at SALTO Systems.

Handels added: “We’ve seen for years now that electronic locking technology is an ecosystem subject to continuous change and growth. We have had to consider how to best anticipate customers’ needs and develop smart locking solutions that are easy to adopt and install. The SALTO Neo Cylinder has more functionality and performance capability than any other cylinder on the market, allowing businesses to connect to their on-premises network via advanced SVN technology or the cloud with the SALTO KS cloud-based access management platform.”

As the SALTO Neo Cylinder is compatible with SALTO SVN, SALTO BLUEnet Wireless and the SALTO KS (Keys-as-a-Service) cloud-based technology, it can be switched to any of SALTO’s technology platforms at any time without changing hardware. It also includes SALTO SVN-Flex technology, which increases the capability, efficiency and reliability of SALTO SVN, in turn yielding better security, control and convenience for end users and their installations. This allows businesses to decide which technology fits better with their day-to-day security, operational and IT needs.

SALTO JustIN Mobile technology is also on-board every cylinder. This gives users and system administrators the capability to send or receive a mobile key to open any door or gate fitted with a SALTO Neo Cylinder via their iOS or Android Bluetooth or NFC-enabled smart phone. This adds “incredible convenience and efficiency” for end users. JustIN mobile app capability also complements the use of SALTO’s other management platforms, specifically the SALTO SPACE data-on-card management software or the aforementioned SALTO KS cloud solution.

Available from the beginning of this month, the SALTO Neo Cylinder delivers an easy-to-use electronic locking platform that integrates all physical security needs through smart, wireless and battery-operated smart cylinders, affording the host organisation all of the latest user access information for virtually any doors in their facility.

*Watch the new SALTO Neo Cylinder in action: https://www.youtube.com/playlist?list=PLc2MQEOljREut7MA-JY7MAIWDVpVPhSec

 

Leave a comment

Filed under Security Matters

CHAS makes three key appointments designed to strengthen operations

Supply chain risk management expert CHAS (the Contractors Health and Safety Assessment Scheme) has appointed Alex Minett as head of products and markets and Elaine Bailey and Peter Hepworth, both of whom become non-executive directors at the trusted Health and Safety compliance advisor.

CHASLogo

Alex Minett brings in-depth knowledge of the SHEQ sector in the UK and internationally from a contracting and consulting perspective having established SHEQ strategies for multiple businesses (including blue chip companies) across diverse sectors.

He also has extensive knowledge of construction Best Practice and compliance having worked for 20 years in the construction sector, including on iconic projects such as the London 2012 Olympic and Paralympic Games and the Battersea Power Station where he advised on safety measures for the demolition and re-erection of the four iconic chimneys.

In addition, Minett was responsible for establishing the initial SHEQ strategy for Transport for Wales and supported the procurement team within the wider provision of the multi-billion pound franchise with pre-qualification of the bids.

AlexMinettCHAS (1)

Alex Minett

Further afield, Minett worked closely with the World Bank and other funders on one of the world’s largest solar farms in Benban and initiated a zero harm approach to safety at the Facebook Data Centre in Lulea. He was also responsible for embedding safe working practices for the construction and delivery of the Saudi Aramco Petroleum Polytechnic in Saudi Arabia.

Now, Minett has overall responsibility for all of the CHAS products both current and new and is closely involved in the strategic position of CHAS within the marketplace and identifying opportunities for growth.

CHAS managing director Ian McKinnon stated: “Alex is an excellent addition to the CHAS team and we’re delighted to have him on board. His insight and experience will be invaluable as we continue to expand our service offer.”

Minett himself commented: “I’m excited to be joining CHAS at a time of marked growth for the organisation. As the founder of contractor prequalification, CHAS enjoys a first class reputation and I’m looking forward to helping build on this as the business evolves and grows.”

Extensive experience

Elaine Bailey became a non-executive director at CHAS with effect from Wednesday 1 July. Bailey has worked extensively across the construction, criminal justice, Government services and housing sectors in the private, public and not for profit sectors and brings 15 years of executive Board experience to the role.

From 2014 to 2019, Bailey served as CEO of London-based Housing Association The Hyde Group where, as well as significantly improving financial and operating performance, she drove a major change programme designed to simplify, automate and improve service delivery.

Bailey also sits on the Industry Safety Steering Group chaired by Dame Judith Hackitt which is charged with scrutinising proposals and progress towards culture change within the construction industry following the tragic Grenfell Tower fire.

ElaineBaileyCHAS

Elaine Bailey

Previously, Bailey held senior positions at FTSE 250 outsourcer Serco and is a trustee of Catch 22 and the Greenslade Family Foundation, as well as a Board member of the Andium Housing Association.

Speaking about Bailey’s appointment, Ian McKinnon stated: “Elaine’s successes at The Hyde Group, along with her knowledge and experience of good governance, make her an excellent addition to the CHAS Board. We also welcome Elaine’s commitment to driving cultural change within the construction industry following the Grenfell Tower tragedy through her work as part of Dame Judith Hackitt’s Steering Group.”

Bailey responded: “I’m delighted to be joining an organisation which plays a key role in improving occupational Health and Safety performance in UK workplaces. I’m looking forward to working with CHAS to continue to raise Health and Safety standards right across the UK.”

Digital transformation

Peter Hepworth formerly oversaw a portfolio of businesses while serving as executive officer of the Professional Services division at Capita plc, where his achievements included rationalising 14 separate learning businesses into one organisation and executing the digital transformations of Constructionline and Parking Eye.

He simultaneously served as CEO of AXELOS.com, a joint venture between Capita and the Cabinet Office and the publisher of global Best Practice guidance for IT, project and risk management. In fact, Hepworth was responsible for founding the operation in 2013. He grew the business internationally, expanding the product range and launching a cyber resilience portfolio while regularly liaising at ministerial level. Hepworth also transitioned AXELOS to become a Content-as-a-Service subscription model.

Previously, Hepworth served as managing director of Activision Blizzard UK where he was responsible for transitioning the business to meet the digital future. He has also held senior positions at L’Oréal, Sara Lee and BDO Stoy Hayward. His additional board experience includes having served as a non-executive director of The Fire Service College, Fera Science and eve Sleep. Hepworth is a Chartered Accountant by background.

PeterHepworthCHAS

Peter Hepworth

“We’re very happy to welcome Peter to the CHAS Board,” enthused Ian McKinnon. “He brings a wealth of experience in digital transformation which will prove invaluable as we continue to navigate the challenges and opportunities of the digital age.”

Hepworth informed Security Matters: “I’m excited to be joining the Board of CHAS as it continues its strong growth trajectory. The company has an excellent reputation with an impressive portfolio of digital products and services that can help businesses transform their risk management processes. I’m delighted to have this opportunity to support the further success of both CHAS and its extensive customer base.”

Leave a comment

Filed under Security Matters

British Land awards Shopping Centre security contracts to Incentive FM

British Land, which is one of the largest property development and investment companies in the UK, has awarded Incentive FM three new Shopping Centre contracts and renewed a further two agreements.

Incentive FM has been awarded contracts to provide a range of soft facilities services for Ealing Broadway in London, the Beaumont Shopping Centre in Leicester and the Crown Wharf Retail Park in Walsall. 

British Land has also renewed Incentive FM’s existing contracts to provide similar services at the Whiteley Shopping Centre in Hampshire and at the Old Market in Hereford.

EalingBroadwaySC

Under the Terms and Conditions of the three-year deals for each site, Incentive FM will be responsible for ensuring the Shopping Centres are secure, safe and clean as well as providing Front of House and customer service solutions in addition to looking after car parking at the busy locations.

Over 110 members of staff will be mobilised across all five sites where the teams will be using the latest equipment, technology and other systems coupled with Best-in-Class development training to enhance the quality of service delivery. 

Richard Nield, head of retail operations at British Land, informed Security Matters: “The successful relationship we have built up with Incentive FM at the Whiteley and Old Market Shopping Centres, along with other retail locations, made it an obvious choice for us to award more contracts. The business is undoubtedly our preferred partner of choice for these sites.”

Glenn Wilson, operations director at Incentive FM, responded: “We look forward to continuing to support British Land with our added value and partnership approach. Our portfolio of Shopping Centres and retail parks now stretches the length and breadth of the country, from Inverness Shopping Park in Scotland right down to Drakes Circus in Plymouth. We are now operational at over 40 such sites in the UK.”

Leave a comment

Filed under Security Matters

WatchGuard report finds two-thirds of malware to be encrypted

WatchGuard Technologies’ latest Internet Security Report shows that 67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and that 72% of encrypted malware was classified as zero day, so on that basis would have evaded signature-based anti-virus protection.

These findings show that, without HTTPS inspection of encrypted traffic and advanced behaviour-based threat detection and response, organisations are missing up to two-thirds of incoming threats. The report also highlights the finding that the UK was a top target for cyber criminals in Q1, earning a spot in the Top Three countries for the five most widespread network attacks.

“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard. “As malware continues to become more advanced and evasive, the only reliable approach towards defence is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Malware

Key findings

Other key findings from WatchGuard’s latest Internet Security Report include:

Monero cryptominers surge in popularity Five of the Top Ten domains distributing malware in Q1 (identified by WatchGuard’s DNS filtering service DNSWatch) either hosted or controlled Monero cryptominers. This sudden jump in cryptominer popularity could simply be due to its utility. Adding a cryptomining module to malware is an easy way for online criminals to generate passive income

Flawed-Ammyy and Cryxos malware variants join top lists The Cryxos trojan was third on WatchGuard’s Top Five encrypted malware list and also third on its Top Five most widespread malware detections list, primarily targeting Hong Kong. It’s delivered as an e-mail attachment disguised as an invoice and will ask the user to enter their e-mail and password which it stores. Flawed-Ammyy is a support scam where the attacker uses the Ammyy Admin support software to gain remote access to the victim’s computer

Three-year-old Adobe vulnerability appears in top network attacks An Adobe Acrobat Reader exploit that was patched in August 2017 appeared in WatchGuard’s top network attacks list for the first time in Q1 of this year. This vulnerability resurfacing several years after being discovered and resolved illustrates the importance of regularly patching and updating systems

Mapp Engage, AT&T and Bet365 targeted with spear phishing campaigns Three new domains hosting phishing campaigns appeared on WatchGuard’s Top Ten list in Q1 2020. They impersonated digital marketing and analytics product Mapp Engage, online betting platform Bet365 (this campaign was in Chinese) and an AT&T login page (this campaign is no longer active at the time of the report’s publication)

COVID-19 impact Q1 2020 was only the start of the massive changes to the cyber threat landscape brought on by the COVID-19 pandemic. Even in the first three months of 2020, WatchGuard still saw a massive rise in remote workers and attacks targeting individuals

Malware hits and network attacks decline Overall, there were 6.9% fewer malware hits and 11.6% fewer network attacks in Q1, despite a 9% increase in the number of Fireboxes contributing data. This could be attributed to fewer potential targets operating within the traditional network perimeter with worldwide work-from-home policies in full force during the COVID-19 pandemic

Malware2

Anonymised data

The findings in WatchGuard’s Internet Security Reports are drawn from anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the Threat Lab’s research efforts. Over 44,000 appliances worldwide contribute threat intelligence data to the report. In Q1 2020, they blocked over 32,148,519 malware variants in total (730 samples per device) and more than 1,660,000 network attacks (38 attacks per device).

The complete report includes key defensive Best Practices that organisations of all sizes can use to protect themselves in today’s threat landscape and a detailed analysis of how the COVID-19 pandemic and associated shift to working from home affected the cyber security landscape.

*To view the full report visit Internet Security Report for Q1 2020

Leave a comment

Filed under Security Matters

Spring Bank Holiday security patrol team in Southend save man’s life

The Spring Bank Holiday on Monday 25 May witnessed a security patrol team from Approved Contractor Scheme-registered Stambridge Security Services save a middle-aged man who was suffering from a potentially life-threatening heart attack at Southend-on-Sea Pleasure Beach.

Security Industry Authority (SIA)-licensed door supervisors Jamie Spiers and Patrick Bourke were on patrol at the Pleasure Beach when they received a call from a colleague at around 2.00 pm stating that there was a male in distress.

It was a busy and hot day. Spiers and Bourke found the unconscious man lying on the beach fully dressed and breathing erratically. He was having a cardiac arrest. Both officers are qualified First Aid trainers and immediately called the Emergency Services who advised that they should start cardiopulmonary resuscitation (ie CPR).

Spiers started chest compressions while Bourke alerted Southend-based Stambridge Security Services’ Control Room staff to ensure that CCTV was capturing everything. The two door supervisors also took it in turns to administer rescue breaths.

SIALogo

Air Ambulance on scene

Spiers said: “Thankfully we were in the right place at the right time. We took turns in helping the man to breathe because it was so tiring. It took about 15 minutes for the paramedics to arrive. We were relentless, consistent and we did not stop. When the Emergency Services arrived they took over and used a defibrillator. The Air Ambulance also came to the scene.”

Once Spiers and Bourke had handed the man over to the Emergency Services, they cordoned off the busy Pleasure Beach. As it was a Bank Holiday, the traffic was very heavy so they directed cars away from the scene to enable the Emergency Services to transport their patient to Southend Hospital.

Three days later, a security operative at Southend Hospital called Spiers such that he could chat to the man whom he and Bourke had saved. He was very thankful.

On that note, Spiers stated: “I’ve been a door supervisor for 12 years and I was born and bred in Southend. Patrick and I have worked together in crowd control and always focus on making sure we can create a safe environment. I’m just glad we could help. Who would have thought that Patrick and I would save a man’s life?”

Critical and key workers

There are upwards of 400,000 licensed security operatives in the UK and, like Spiers and Bourke, many continue to work as critical and key workers in safeguarding and protecting hospitals and sheltered accommodation, supporting social distancing in supermarkets and transacting other essential operations.

Ian Todd, CEO at the SIA, said: “It’s important to remember that many individuals in the security industry are working as critical and key workers during this emergency period. The scenario in which Jamie and Patrick were involved is testament to the fact that, despite the challenges, many operatives and businesses are going the extra mile to serve their communities.”  

The SIA is actively promoting the industry’s dedication and commitment through the #SIAHeroes campaign. The Regulator is sharing inspiring stories of security operatives who are keeping the public safe and secure at this critical time.

*Read all of the #SIAHeroes stories online here

Leave a comment

Filed under Security Matters