Over half of UK businesses list security concerns as biggest barrier to public cloud adoption

No less than 58% of UK business decision-makers have admitted that security remains the biggest barrier to public cloud adoption in their organisations. That’s according to new research recently commissioned by Centrify, the provider of privileged access management solutions.

The research, conducted by independent polling agency Censuswide via a survey of 200 business decision-makers in large and medium-sized enterprises in the UK, also reveals that over one-third (35%) of those organisations who’ve adopted cloud are less than 80% confident that it’s completely secure.

When questioned about security weaknesses in their companies, 45% of decision-makers agree that it’s the increasing amount of machine identities and service accounts, such as those used by servers and applications, that are becoming the largest exposure point for their organisation.

Interestingly, the study findings also reveals that more than one-in-four (28%) of those companies questioned during the survey have already been targeted by a cloud hacking attempt since the start of the COVID-19 pandemic in the early part of last year.

Most worryingly, despite continued requirements on enterprises for digital transformation and rapid innovation, almost one-third (31%) of business decision-makers admitted that their development teams are more interested in circumventing security rather than building it into the DevOps pipeline. This poses a potentially grim cyber security outlook for 2021.

Adapting to the pandemic

Kamel Heus, vice-president for the EMEA region at Centrify, commented: “Adapting to the COVID-19 pandemic has been a bumpy ride for many businesses and, in most cases, companies have necessarily had to adopt the public cloud in at least some capacity due to the level of scalability, availability and efficiency it provides for distributed workforces.”

Heus continued: “While the common misconception is that cloud security is quite different to that of on-premises infrastructure, it’s by no means less secure if common security protocols are followed, and security controls are applied.”

In conclusion, Heus observed: “One core challenge posed by digital transformation is accurately verifying human and machine identities before granting access to systems, applications and other high-value targets. Therefore, adopting cloud-ready privileged access management software is essential in protecting access to workloads in the public cloud by dint of granting access only when a requestor’s identity has been properly authenticated.”

Leave a comment

Filed under Security Matters

Hanwha Techwin launches temperature detection thermal camera

The dual-purpose Wisenet TNM-3620TDY camera from Hanwha Techwin is equipped with QVGA thermal imaging and HD capabilities designed to help businesses operate safely during the COVID-19 era.

The TNM-3620TDY is a bi-spectrum, multi-channel device which incorporates a QVGA-class thermal imaging camera and a 2 MP video surveillance camera. As such, it can detect heat and measure temperature with a very high degree of accuracy, while providing visual verification of people within its field of view.

In body temperature mode, the QVGA-class thermal imaging camera is able to estimate a person’s temperature within a range of 30⁰-45°C, with +/-0.5⁰C accuracy. When supported by black body technology, the accuracy increases to +/-0.3⁰C, allowing the TNM-3620TDY to provide a strong indication that a person may have a fever.

Offering support for deep learning AI-based face detection functionality, the TNM-3620TDY can measure the temperatures of up to ten individuals in real-time at a distance of up to 3 metres, with operators able to choose to view either the captured thermal images or standard HD video images.

IEC 60601 certification

The TNM-3620TDY is compliant with a series of device technical standards for the safety and essential performance of medical electrical equipment published by the International Electrotechnical Commission (IEC).

In addition, Hanwha Techwin has completed the FDA facility registration process and device registration for the TNM-3620TDY in respect of FDA 510(k) clearance which is in progress.

In normal radiometric mode and with a high degree of accuracy, the thermal imaging camera detects and measures changes in temperature within the -20⁰C to 130°C range. End users are able to set up detection zones to cover specific areas of interest within the camera’s field of view. This provides a powerful tool which generates alerts when there’s a threat of fire in recycling, waste management and landfill-type facilities where spontaneous combustion may occur. A detected change in temperature may also be a warning that machinery in factories, processing plants, cold stores or utilities is faulty.

In addition, a spot detection feature enables operators, via a web viewer, to click on any pixel within an image and obtain a measurement of the temperature of the area covered by that pixel.

WiseStream II technology

The TNM-3620TDY supports H.265, H.264 and MJPEG compression formats, as well as WiseStream II, a complementary compression technology which dynamically controls encoding, balancing quality and compression according to movement in the image.

Bandwidth efficiency is improved by up to 75% when compared to current H.264 technology when WiseStream, which is unique to Wisenet cameras, is combined with H.265 compression.

The 2 MP video surveillance camera features a set of Intelligent Video Analytics which include directional detection, motion detection, enter/exit, virtual line, audio detection and camera tampering detection.

The TNM-3620TDY has a Micro SD/SDHC/SDXC slot which allows up to 256 GB of video or data to be stored at the edge should there be any disruption to the network. Video evidence, which potentially might have been lost, can therefore be retrieved when the network connection has been restored.

Capability to deliver

“Regretfully, some so-called ‘fever screening’ solutions devised by other manufacturers have attracted negative publicity,” said Uri Guterman, head of product and marketing for Hanwha Techwin Europe. “In my view, this is because they’ve been oversold in terms of what they’re capable of delivering.”

He continued: “Although we’ve often been the first to market with new product developments and technologies, in this instance we’ve taken the time to develop the TNM-3620TDY and ensure that it’s fit for purpose. We highly value the trust our customers and business partners have in our ability to provide solutions which do not compromise on performance and quality. In this respect, they can be confident that this camera will meet, if not exceed, their expectations.”

In conclusion, Guterman stated: “The TNM-3620TDY is a great addition to our suite of COVID-related solutions, which includes face mask detection, occupancy monitoring and AI deep learning-based social distance measuring applications.”

Leave a comment

Filed under Security Matters

Incentive FM moves into Top 3% of Approved Contractor Scheme-registered security companies

Incentive FM, the specialist facilities management company, has recently completed the latest Security Industry Authority Approved Contractor Scheme (ACS) audit process and has achieved an excellent score.

Following the rigorous audit procedure, Incentive FM achieved a score of 129 points out of a possible 145 which now moves the business into the Top 3% of around 650 companies who hold ACS registration with the regulator.

Andrew Robbins, associate director of security and risk at Incentive FM, told Security Matters: “This achievement has been gained through the delivery of our clear strategy over the past three years, as well as the sheer hard work and dedication of our senior management and site-based teams who’ve demonstrated a clear commitment to delivering a premium security service to our clients through focus and continuous improvement.”

Robbins added: “We’re extremely proud of all our staff members who’ve helped the business to achieve ACS status for the fourteenth year in succession. The last 12 months has realised many challenges due to the new scoring mechanism adopted by the SIA’s auditors and, of course, the global pandemic, but we’ve persevered and passed with flying colours.”

Leave a comment

Filed under Security Matters

Security solutions provider Corps Security achieves ‘carbon neutral’ status

Corps Security, the specialist security services business and a Living Wage Recognised Service Provider, has been awarded carbon neutral status after working hard to reduce its carbon footprint and offset unavoidable carbon.

‘Carbon neutral’ is a term used to describe the state of an entity, such as a company, service, product or event, where the carbon emissions realised have been balanced out by funding an equivalent amount of carbon savings elsewhere in the world.

In the past year, Corps Security has cut its carbon usage through a range of measures including reducing its diesel fleet, reducing air travel and cutting back on the use of paper in its offices, particularly so for tender documents.

At the same time, the organisation has funded several projects to offset the 477 tons of carbon it produced in the prior year, among them a wind-based power generation project in India. The project in Maharashtra is helping the country to reduce its reliance on coal, while also creating jobs as wind power is labour intensive. The project was recommended by Carbon Footprint, which provided Corps Security with its carbon neutral certification.

Corps Security is also working towards rolling out more electric vehicles and installing electric charging points at its London and Glasgow offices.

The move to ‘carbon neutral’ status was part of Corps Security’s drive to ensure that the company meets the requirements of the Streamlined Energy and Carbon Reporting Scheme.

“We wanted to go one step further and demonstrate that we’re a carbon neutral business,” said Mike Bullock, CEO at Corps Security. “As a company with a 160-year history, we take a long-term view. It’s hugely important to us to ensure that our world is around for a long time for future generations to enjoy.”

Leave a comment

Filed under Security Matters

Finbarr Solutions launches free face-to-face video consultation service

Finbarr Solutions, the global security and risk management consultancy, has announced the launch of free face-to-face video consultations with Ciaran Barry CSyP, the company’s managing director and a certified member of the Register of Chartered Security Professionals. The service is available to any organisation that would benefit from expert independent advice regarding their security requirements and systems, staffing levels and/or security posture. 

The Register of Chartered Security Professionals was established under a Royal Charter issued to The Worshipful Company of Security Professionals here in the UK and launched back in 2011. It’s widely recognised as the ‘Gold Standard’ of competence in the private security industry. Barry was admitted to the Register in 2019.

Commenting on the news of this new service, Barry stated: “January is often an ideal time to assess security provision for the year ahead, whether the focus is on reviewing the performance and ongoing suitability of existing systems, preparing tenders for new services and solutions or assessing skills and training requirements.”

The 30-minute free consultations can also be guided by a specific issue or topic such as handling sensitive workplace investigations, legal requirements for employees working from home or dealing with cyber crime. Barry cites specific guidance that every organisation can benefit from, in terms of preparedness and agility, to face the uncertainty of the year ahead.

“Last year,” he observed, “many business continuity and crisis management plans were conceived and initiated on the fly. It’s important to frequently take stock of what’s working, what needs to improve and how to go about making the right decisions. Many smaller organisations struggle as they don’t have either easy or affordable access to expertise. It’s for this very reason that Finbarr Solutions is launching these free consultations.”

Ciaran Barry CSyP

Security management knowledge

In addition to being a Chartered Security Professional, Barry holds a diploma in Security Management (with distinction), a BA Honours degree in Business Studies and also the ASIS Certified Protection Professional qualification.

In days gone by, he spent a decade serving in the British Army and eight years with the Hertfordshire Constabulary as a detective.

*To book a free 30-minute consultation simply click on the following link https://finbarrsolutions.youcanbook.me and pick a convenient time slot or otherwise visit www.finbarrsolutions.com and go to ‘Book a consultation’ in the drop-down menu

Finbarr Solutions was created out of a desire to modernise and simplify the security and risk management services sector. Specialising in corporate risk management, the company views its role as being a business enabler and a trusted advisor. Its services are a mechanism designed to assist organisations to protect themselves and their people, function efficiently and effectively and assist them to grow and develop within today’s global and complex world.

Open source intelligence

Finbarr Solutions supports organisations globally within the majority of industry sectors. Its open source intelligence and threat reporting empowers clients to enter new markets, make informed decisions and, ultimately, achieve their strategic aims.

By understanding and mitigating risk, its small and specialised team of security professionals, investigators and intelligence analysts is able to add value throughout an organisation. From identifying new markets, selecting trustworthy and like-minded global partners and identifying key community leaders right through to conducting due diligence, investigating competitor or supplier claims or internal misconduct, the team at Finbarr Solutions is on hand to support, advise and protect its clients, enabling businesses to make the right decisions at the right times.

*For more information visit www.finbarrsolutions.com

Leave a comment

Filed under Security Matters

360 Vision Technology joins Zitko Talent training programme to impart surveillance-focused expertise

360 Vision Technology – the UK manufacturer of rugged HD, radar and thermal imaging PTZ cameras – has now entered into an enhanced partnership with Zitko and its Talent Programme (a growing alliance of tech providers, educators and manufacturers, all of whom are dedicated to attracting and developing the next generation of fire and security engineers).

With regard to developing and deploying CCTV technologies for the most demanding security requirements and physical conditions, Zitko Talent’s course content will draw on 360 Vision Technology’s expertise in the field of surveillance camera and detection technology.

360 Vision Technology will be running generic course modules on CCTV theory, applications and system design considerations, as well as providing certified product training to Zitko Talent trainee engineers working with their products.

The partnership is active immediately and comes as Zitko Talent welcomes its first quarterly intake of trainees. These include graduates, career changers and experienced engineers entering from other industries.

Developing new talent 

“I’ve worked with Zitko to resource engineering positions for several years now and we’re very pleased to be supporting its new Talent initiative,” enthused Sara Fisher, sales director at 360 Vision Technology. “Developing new talent is the only way in which to solve the looming technical skills shortage and we’re determined to give trainees the strongest possible grounding in CCTV. We’re really looking forward to working with our colleagues across the industry with a view towards making the programme a resounding success.”

George Zitko, managing director at Zitko Consulting, responded: “Manufacturers can play an immense role in developing the next generation of fire and security engineers and it’s terrific to have 360 Vision Technology on board. I cannot think of a better and more innovative company to lead on the subject of CCTV education. The business has a formidable technical team and an outstanding track record having delivered some of the most challenging CCTV solutions seen anywhere in the world. Welcoming them to the initiative is another major milestone for Zitko Talent.”

*For more details about the Zitko Talent Programme visit https://www.zitko.co.uk/divisions/talent

Leave a comment

Filed under Security Matters

“IP address key in countering brute force cyber attacks” asserts Verizon

Verizon’s 2020 Data Breach Investigations Report shows that 80% of the breaches caused by hacking involve brute force tactics or the use of lost or stolen credentials. Content Management Systems (CMS) are the usual targets of brute force attacks as over 39% of all websites run on WordPress, the most popular CMS of all.

Cyber criminals choose to attack pages built on CMS because they usually have the same admin page URL across websites and the default login credentials are identical, making these pages a vulnerable target. However, developers and admins can mitigate the risk by reducing IP access to the admin site login page. 

A brute force attack (sometimes referred to as brute force ‘cracking’) is a method of trying various possible passwords until the right one is found. Despite being old, the method is still widely used by hackers who attempt to gain access to a valid account. It allows bad actors to compromise the whole website and use it as a part of their network.

With more people now working remotely amid the ongoing Coronavirus pandemic, the number of brute force attacks against remote desktops via Windows’ Remote Desktop Protocol (RDP) has soared. Indeed, that number reached nigh on 100,000 attacks each day during last April and May.

In the worse case scenario, criminals can steal important data, such as passwords, pass phrases, e-mail addresses or PINs. They also use compromised websites for various fraud schemes, whereas pages themselves can be included in Google’s #blacklist’ and, as such, become invisible in search results.

Failed authentications

“Developers and admins can indicate an ongoing brute force attack by looking at failed authentications,” explained Juta Gurinaviciute, CTO at NordVPN Teams. “If the same IP address unsuccessfully tries to login to various accounts or different IP addresses are attempting to access one account in a short period of time, this is a clear sign of a data breach attempt.”

As the IP address is one of the indicators of a cyber attack, it can also be a cure. On that basis, it’s wise for companies to reduce the ‘surface area’ available for attack and limit access to the login page. This can be done by making use of IP allowlist, blocklist and fixed IP techniques.

Previously known as whitelist, IP allowlist is a set of IP addresses that have access to a specific website. The developer can specify which IP addresses are allowed to reach an admin login page and perform actions there. It’s also possible to indicate a range of IP addresses that can obtain authorised access. The latter solution is useful within bigger organizations or if numerous people require access to the website. 

However, Internet Service Providers may be changing IP addresses frequently and, as a result, the allowlist might constantly become outdated. This solution only works, then, if there’s a pool of limited IP addresses in use or the changes take place within the specific range.

Intrusion prevention frameworks

Also known as blacklist, IP blocklist is the exact opposite of the previously mentioned IP address directory as it blocks access to websites from the specified IP addresses. As this is difficult to do on a manual basis, admins and developers may employ intrusion prevention frameworks such as Fail2Ban. The framework automatically blocks IP addresses after a few unsuccessful authorisation attempts.

On the other hand, website owners can block the particular IP addresses as well as the whole IP address range. If a company notices that suspicious attacks from specific IP addresses persist, the management team should consider adding them to the blocklist.

Further, IP blocklist can also be used for geo-blocking as the IP address carries the information about where the request was sent from in the first instance. 

The third solution for minimising unauthorised access is the fixed IP method. As already mentioned, developers can limit availability of the login page to a set of trusted IP addresses. With fixed IP, they reduce the risk of IP sharing when a number of devices use the same IP address. This often leads to the ‘bad neighbour effect’ as, due to the deeds of other users, IP addresses end up in various blocked or spam lists.

The fixed IP method can be offered by Internet Service Providers and VPN services alike, but the latter ensures browsing privacy as an additional benefit.

Leave a comment

Filed under Security Matters

Quanika-Anixter global distribution deal set to streamline Axis Communications and Milestone integrations

What’s being described as a “landmark” global distribution deal signed between Anixter and Quanika opens up a ‘one-stop shop’-style supply route for major integration projects, making it easy to incorporate Best-in-Class Axis and Milestone video technology with Quanika’s access control and visitor management software. The deal enables off-the-shelf integration with a wide range of third party systems. 

The global distribution deal with Anixter streamlines delivery of major integration projects across both the private and public sector markets. ICT and security systems integrators can now purchase Quanika software direct from Anixter to integrate a full choice of vendor technologies, ensuring efficient procurement and giving them everything they need for project delivery.

Quanika software meets the security, safety and operational demands of companies ranging from SMEs through to corporate enterprise, Government and multi-site applications, duly enabling off-the-shelf integration with a wide range of vendor technologies and systems.

“The addition of Quanika software to Anixter’s global product portfolio provides compelling options for systems integrator customers to deliver end-to-end security and safety integrated solutions,” explained Phil Campbell, European sales director at Quanika. “With Quanika Enterprise, users are no longer constrained by having only a limited number of cameras and devices from which to choose. For the first time, Quanika allows integrators to scale-up AXIS Camera Station VMS to manage larger and multiple sites from a single user interface, while adopting powerful Milestone XProtect functionality for facilities and specific channels where it’s needed the most.”

Quanika’s solutions have been deployed and developed at high-profile sites across Europe, and the company has gained a growing reputation for being able to adapt its off-the-shelf software quickly, adding new integrations to meet site-specific challenges.

Campbell added that the agreement with Anixter will also help integrators and their customers to adapt to the challenges now facing all organisations. 

“Operational efficiency is now more important than ever, while our straightforward approach towards corporate-wide systems allows people to work more safely, flexibly and securely in today’s challenging environments,” he observed. “We now look forward to working with Anixter’s customers to deliver seamless solutions on major projects around the world.”

*For more information on Quanika’s solutions visit quanika.com or email info@quanika.com

Leave a comment

Filed under Security Matters

Kings Secure Technologies awarded security guarding services contract by international courier Hermes

Security services and solutions provider Kings Secure Technologies has been awarded a contract by courier business Hermes for the provision of security guarding services across its entire UK property estate. 

Throughout an intensive tendering process, Kings Secure Technologies demonstrated its ability to deliver first-class security teams covering all of Hermes’ sites, in turn affording the client complete confidence in service delivery and management. As part of the mix, Kings Secure Technologies will be realising its commitment to continued innovation and improvement.

Commenting on the contract win, Carrie Eastwood (director of security personnel at Kings Secure Technologies) explained to Security Matters: “Hermes UK is an internationally-recognised company and we’re delighted to have been selected to work with them. We now look forward to building a strategic partnership with Hermes and delivering first class security services for the benefit of the company’s operations, personnel and assets.”

John Ferguson, head of loss prevention at Hermes, responded: “This contract award demonstrates that Kings Secure Technologies is continuing to strengthen its positioning the UK security services market. We’re pleased to work with a leading company that values safety and security and continually invests to protect its resources and people.”

Headquartered in West Yorkshire with satellite offices in Scotland, the Midlands, London and the South East, Kings Secure Technologies focuses on delivering cutting-edge innovative solutions that ensure a full end-to-end risk management approach for its clients. 

The company’s Technology Monitoring Centres work in tandem with the DYMENSION data and incident trend app to provide clients with round-the-clock monitoring and intelligence-led analysis and reporting, actively preventing criminal activity at myriad locations across the UK.

Disrupting child exploitation

In parallel, Kings Secure Technologies has recently joined forces with leading children’s charity Barnardo’s to help disrupt child exploitation in the city of Bradford’s night-time economy.

Child exploitation occurs where an individual or group takes advantage of an imbalance of power to coerce, manipulate or otherwise deceive a child or a young person under the age of 18 into sexual or criminal activity. Offenders target children and use emotional, financial or physical power over the child in an effort to abuse them.

Given its extensive network of security officers operating across the UK, Kings Secure Technologies recognised that it could help to prevent child exploitation in Bradford and, on that basis, has linked with Barnardo’s to work the latter’s Trusted Relationship Group Work Programme.

The team from the Trusted Relationship Group Work Programme will be operating alongside Kings Secure Technologies’ security officers, initially in the West Yorkshire region, and teaching them how to look out for the signs of child exploitation, speak out on the matter and adopt a zero tolerance approach.

Kings Security Technologies’ Security Personnel division provides security guarding services on a 24/7/365 basis. Each of its security officers is Security Industry Authority-licensed and trained. They’re often the ‘eyes and ears’ on the ground, with an increased presence during the hours of darkness. It follows that developing the Kings Secure Technologies guarding team member to be fully aware of chiled exploitation is key to the company’s safeguarding efforts.

Tackling the issue

Marianne Wadsworth, who leads on the Trusted Relationship Group Work Programme for Barnardo’s, stated: “Exploitation is occurring. It’s an issue that we can all help to tackle just by opening our eyes and allowing ourselves to really see what’s happening before us and speaking up. The victims of exploitation often don’t recognise they’re being exploited so we should all know the signs to look out for and feel confident to report any concerns.”

Barnardo’s is the UK’s largest children’s charity. Established by Dr Thomas Barnardo, the charity celebrated its 150th Anniversary in 2016. Each day, the organisation works to transform the lives of the UK’s most vulnerable children and, every year, helps thousands of families to build a better future.

Last year, more than 300,000 children, young people and families were supported by Barnardo’s through upwards of 1,000 services across the UK.

The charity works with young carers, care leavers, young people at risk of child sexual exploitation, disabled young people, foster carers and adoptive parents and provides training, skills and parenting classes.

Bob Forsyth, CEO at Kings Secure Technologies, concluded: “Our partnership with Barnardo’s is an exciting development and demonstrates how, as a business working within the night-time economy, we can play an active role in safeguarding children and young people. The training provided by Trusted Relationship Group Work Programme initiates advice, support and guidance on how to spot the signs of child sexual exploitation, child criminal exploitation, county lines, modern slavery and human trafficking. It’s absolutely vital.”

*Further information on the work of Kings Secure Technologies and the breadth of services provided by the company can be found online at www.kingsltd.co.uk

Leave a comment

Filed under Security Matters

Magenta Security’s leader warns of modern day slavery “hiding in plain sight”

Abbey Petkar, the managing director of security guarding solutions provider Magenta Security, is advising businesses of all shapes and sizes that they might unwittingly be supporting modern day slavery through their use of low-cost security providers.

The Magenta Security team has recently lost tenders against low-cost security providers that charge workers out at less than £10 per hour, which Magenta believes is a commercially unsustainable position. When legally required taxes, pensions and other statutory requirements (such as holidays) are added to the National Minimum Wage, it’s then impossible to charge such low rates, yet some continue to do so.

By hiring these low-cost security providers, businesses are often unwittingly going against their own Corporate Social Responsibility and anti-slavery policies, while at the same time allowing “criminal” levels of pay to continue.

Abbey Petkar

Magenta is strongly advising business owners and directors alike to pay special attention to workers’ pay and check their own systems and processes thoroughly to ensure they’re not part of the problem by condoning this practice.

“There are any number of perfectly innocent reasons why this is happening, and people might genuinely be receiving a good deal,” commented Petkar. “Perhaps workers on the ground making decisions have seen a good price and not considered the consequences. Perhaps the security firm is providing officers as a loss leader for other services. However, in most cases low-cost traders are at fault, abusing their workforce, paying below the National Minimum Wage and getting away with it because the officers are desperate for work.”

In conversation with Security Matters, Petkar concluded: “Owners, directors and managers of companies need to be made aware of what’s going on within their businesses and they need to react accordingly. While the actual criminal behaviour in this scenario might lie at the door of the security provider, I think we can all agree that it’s morally criminal for organisations to knowingly use cheap solution providers who, in turn, violate the basic rights of their workers and are therefore complicit in modern day slavery.”

Leave a comment

Filed under Security Matters