96% of UK organisations experience at least one business-impacting cyber attack in past 12 months

Tenable Inc, the cyber exposure company, has published the results of a global industry study of business and security executives that reveals the majority of UK organisations (96% of those surveyed, in fact) have experienced a business-impacting cyber attack in the past 12 months.

The data is drawn from ‘The Rise of the Business-Aligned Security Executive’, a commissioned study of more than 800 global business and cyber security leaders, including 103 respondents from the UK. The survey was conducted by Forrester Consulting on behalf of Tenable.

As cyber criminals continue their relentless attacks, 63% of respondents in the UK have witnessed a dramatic increase in the number of business-impacting cyber episodes over the past two years. Unfortunately, these attacks had damaging effects, with organisations reporting loss of employee data (44%), financial loss or theft (36%) and customer attrition (34%). Some 65% of security leaders in the UK say these attacks also involved operational technology.

Business leaders want a clear picture of how at risk they are and how that risk is changing as they plan and execute business strategies. Only four out of every ten local security leaders say they can answer the fundamental question: “How secure, or at risk, are we?” with a high level of confidence, despite the prevalence of business-impacting cyber attacks.

Global respondents

Looking at global respondents, fewer than 50% of security leaders said they are framing cyber security threats within the context of a specific business risk. For example, although 96% of respondents had developed response strategies to the COVID-19 pandemic, 75% of business and security leaders admitted their response strategies were only “somewhat” aligned.

Organisations with security and business leaders who are aligned in measuring and managing cyber security as a strategic business risk deliver demonstrable results. Compared to their siloed peers, business-aligned security leaders are:

*Eight times more likely to be highly confident in their ability to report on their organisations’ level of security or risk

*90% are very or completely confident in their ability to demonstrate that cyber security investments are positively impacting business performance compared with 55% of their siloed counterparts

85% have metrics to track cyber security RoI and impact on business performance versus just 25% of their siloed peers

Business-aligned leaders

Those organisations with business-aligned cyber security leaders are also:

*Three times more likely to ensure cyber security objectives are in lock step with business priorities

*Three times more likely to have an holistic understanding of their organisation’s entire attack surface

Three times more likely to use a combination of asset criticality and vulnerability data when prioritising remediation efforts

“In the future, there will be two kinds of CISO — those who align themselves directly with the business and everyone else,” said Renaud Deraison, CTO and co-founder at Tenable. “The only way to thrive in this era of digital acceleration is to bring cyber into every business question, decision and investment. We firmly believe this particular study shows that forward-leaning organisations view cyber security strategy as essential to innovation and that, when security and the business work hand-in-glove, the results can be transformational.”

Mitie appoints Karen Thomas-Bland as programme integration director to oversee Interserve division merger

Mitie Group plc has announced that Karen Thomas-Bland will take up a newly-created role as programme integration director for Mitie’s merger with Interserve’s Facilities Management division. Thomas-Bland will now join Mitie’s executive leadership team reporting directly to CEO Phil Bentley.

The acquisition, the detail of which was announced on 25 June, is expected to close in the fourth quarter of 2020, subject to shareholder approval. Together, the combined companies will accelerate the delivery of Mitie’s long-term technology-led FM vision, creating the UK’s largest FM company with over 77,500 employees.

Thomas-Bland started her career in strategic consulting before moving to IBM. Over the past ten years, she has led numerous integration projects for large companies including Microsoft, the National Grid, Accenture and, recently, Reed Elsevier/RELX.

Karen Thomas-Bland

On the appointment, Phil Bentley stated: “I’m delighted to welcome Karen to Mitie. The integration of Interserve’s Facilities Management division is an opportunity for us to create a new company with a strong culture. Her wealth of experience will be invaluable at this transformative time. We’re determined to create a true UK FM champion to help Britain back to business in a post-COVID-19 world and Karen’s appointment is a key step forward in achieving that ambition.”

Thomas-Bland responded: “With the opportunity to bring Interserve’s Facilities Management division and Mitie together, I’m very excited to be joining at such a pivotal time. I’m looking forward to leading an integration team which will bring together the best of both Mitie and Interserve to create an unparalleled FM partner to UK business.”

Genetec unveils ‘Innovate Everyday’ webinar series for end users and integrators

Genetec, the developer of unified systems for enhanced security, operations and intelligence, has announced a new series of webinars designed to assist end users and system integrators in navigating these testing times.

The sessions outline ways in which customers from various industries are repurposing their existing physical security systems in order to solve specific pandemic-related issues. In addition, they will cover ways in which Genetec is evolving its own solutions to address critical new requirements.

The details for the upcoming webinars are as follows:

Thursday 16 July

Privacy now and after COVID-19 Amid a public health crisis, the global pandemic is raising questions about privacy. How can technology help?

Tuesday 21 July

Physical security innovations to help during the pandemic In this session, experts will discuss the new reality and how technology is being developed and deployed

Tuesday 4 August

Delivering new innovations Experts from Genetec, Quanergy and HID will discuss collaborative innovations that are supporting end users in the current environment

Tuesday 18 August

Identity as the new perimeter Experts will discuss why identity is now the backbone to infrastructure management and the enforcement of security policies

Wednesday 26 August

Machine Learning: Making sense of data Data scientists will explain the use of machine learning to improve product performance, give users greater insights into their physical security data and enable organisations to more effectively automate their processes

*For more information or to register for any of these webinars visit https://www.genetec.com/innovate-everyday

**Watch the promotional video here: https://www.youtube.com/watch?time_continue=1&v=auYzGXGbxgE&feature=emb_logo

WatchGuard report finds two-thirds of malware to be encrypted

WatchGuard Technologies’ latest Internet Security Report shows that 67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and that 72% of encrypted malware was classified as zero day, so on that basis would have evaded signature-based anti-virus protection.

These findings show that, without HTTPS inspection of encrypted traffic and advanced behaviour-based threat detection and response, organisations are missing up to two-thirds of incoming threats. The report also highlights the finding that the UK was a top target for cyber criminals in Q1, earning a spot in the Top Three countries for the five most widespread network attacks.

“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard. “As malware continues to become more advanced and evasive, the only reliable approach towards defence is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Key findings

Other key findings from WatchGuard’s latest Internet Security Report include:

Monero cryptominers surge in popularity Five of the Top Ten domains distributing malware in Q1 (identified by WatchGuard’s DNS filtering service DNSWatch) either hosted or controlled Monero cryptominers. This sudden jump in cryptominer popularity could simply be due to its utility. Adding a cryptomining module to malware is an easy way for online criminals to generate passive income

Flawed-Ammyy and Cryxos malware variants join top lists The Cryxos trojan was third on WatchGuard’s Top Five encrypted malware list and also third on its Top Five most widespread malware detections list, primarily targeting Hong Kong. It’s delivered as an e-mail attachment disguised as an invoice and will ask the user to enter their e-mail and password which it stores. Flawed-Ammyy is a support scam where the attacker uses the Ammyy Admin support software to gain remote access to the victim’s computer

Three-year-old Adobe vulnerability appears in top network attacks An Adobe Acrobat Reader exploit that was patched in August 2017 appeared in WatchGuard’s top network attacks list for the first time in Q1 of this year. This vulnerability resurfacing several years after being discovered and resolved illustrates the importance of regularly patching and updating systems

Mapp Engage, AT&T and Bet365 targeted with spear phishing campaigns Three new domains hosting phishing campaigns appeared on WatchGuard’s Top Ten list in Q1 2020. They impersonated digital marketing and analytics product Mapp Engage, online betting platform Bet365 (this campaign was in Chinese) and an AT&T login page (this campaign is no longer active at the time of the report’s publication)

COVID-19 impact Q1 2020 was only the start of the massive changes to the cyber threat landscape brought on by the COVID-19 pandemic. Even in the first three months of 2020, WatchGuard still saw a massive rise in remote workers and attacks targeting individuals

Malware hits and network attacks decline Overall, there were 6.9% fewer malware hits and 11.6% fewer network attacks in Q1, despite a 9% increase in the number of Fireboxes contributing data. This could be attributed to fewer potential targets operating within the traditional network perimeter with worldwide work-from-home policies in full force during the COVID-19 pandemic

Anonymised data

The findings in WatchGuard’s Internet Security Reports are drawn from anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the Threat Lab’s research efforts. Over 44,000 appliances worldwide contribute threat intelligence data to the report. In Q1 2020, they blocked over 32,148,519 malware variants in total (730 samples per device) and more than 1,660,000 network attacks (38 attacks per device).

The complete report includes key defensive Best Practices that organisations of all sizes can use to protect themselves in today’s threat landscape and a detailed analysis of how the COVID-19 pandemic and associated shift to working from home affected the cyber security landscape.

*To view the full report visit Internet Security Report for Q1 2020

Trauma awareness training to be highlighted on Armed Forces Day 2020

On Armed Forces Day 2020, which takes place on Saturday 27 June, the mental health charity PTSD Resolution is going to be highlighting the plight of Armed Forces’ veterans who find themselves in the criminal justice system. Many are suffering from military trauma and are not receiving the therapeutic support that they need to become well again and rehabilitated.
 
The specialist charity works with security companies and myriad organisations, among them ASIS UK, in order to provide therapy for staff who have been traumatised, as well as training for line managers.

On Friday 26 June at 1.30 pm, PTSD Resolution is holding a free webinar entitled ‘Trauma Awareness Training for Everyone’. The TATE Programme helps people to recognise the symptoms of trauma in themselves, their colleagues or members of staff whom they manage. It provides valuable information on appropriate support and routes for both referral and treatment.

The charity has also launched a special film that tells the story of a former HMPS prisoner and veteran of the First Gulf War. Entitled ‘The Silent Years’, the film was produced and donated by students of the Ravensbourne University, namely Shakeel Hussain (editor), Louise Corleys (editor and sound), Poppy Louise Carter (director) and Diana Alexandru (producer).

Addiction and breakdown

Government statistics estimate that approximately 4% of those in custody and on community orders are ex-Armed Forces personnel, but external estimates claim that the proportion in the prison population may be as high as 17%.

In addition to criminality, military trauma when left untreated can result in addiction, family breakdown and even suicide.
 
“The Coronavirus lockdown gives us all some idea of the stress of losing our freedom even if we’re not actually in prison,” explained Patrick Rea, campaign director for PTSD Resolution. “Plenty of veterans find themselves in the criminal justice system. In many instances, this is at least in part because of the effects of military trauma they’re still suffering. If they don’t receive the therapy they need in prison to become better, how can we expect them to re-join society responsibly? This is both a justice system and a humanitarian issue.”

Patrick Rea

For its part, PTSD Resolution has provided free mental health therapy to veterans, reservists and their families for eleven years now and taken care of people right across the UK. It’s one of the only providers of specialist help to former Armed Forces personnel while they’re in prison or have alcohol and/or substance abuse problems. Treatment is available through a network of 200 therapists, either online or by telephone during the current lockdown scenario.

Reporting of symptoms

According to research conducted by the British Journal of Psychiatry, among ex-Armed Forces personnel, no less than 17% of those who had been deployed to Iraq and Afghanistan in 2014-2016 reported symptoms suggesting PTSD. Those deployed in a support role such (eg medical, logistics, signals, aircrew) were affected at a rate of 6%, which is 1-2% higher than in the general UK population.
 
Emerging studies are indicating that, following the COVID-19 outbreak, rates of PTSD among those serving as medical key workers or Emergency Services personnel and who have been personally affected by the pandemic are likely to be much higher.

*For further information on PTSD Resolution visit www.ptsdresolution.org

CHAS makes it easy to locate COVID-19 secure contractors

CHAS, the supply chain risk management expert, has added a Statement of Best Practice (COVID-19) to its member-focused packages designed to assist anyone who engages contractors in immediately identifying whether or not they are COVID-19 secure.

Organisations have had to rapidly adapt their working practices to operate safely during the Coronavirus outbreak and CHAS’ Statement of Best Practice (COVID-19) helps to verify that these adjustments have been made in line with latest Government and sector-issued guidelines.

In order for a contractor to qualify as COVID-19 secure they must confirm (and, where appropriate, evidence) that they have taken three key actions which include:

• Producing and putting into place COVID-19 specific risk assessments, method statements and controls 
• Sharing the risk assessment with staff (and online for organisations with over 50 employees)
• Displaying a notice to confirm they have complied with Government guidance

Construction-related businesses must also indicate that they are following COVID-19 Secure Site Operating Procedures as detailed by the Construction Leadership Council.

For contractors to comply, they simply need to login to the contractor portal and upload and submit evidence to show they meet the requirements. Meanwhile, CHAS clients log on to the CHAS Client Portal and they can instantly see whether a contractor has completed the Statement of Best Practice (COVID-19).

For those organisations who are not already CHAS clients, it is quick, easy and completely free to register and includes a range of business benefits, from the ability to easily source compliant contractors by trade and region from a database of over 50 0000 through to the availability of dedicated business services.

CHAS managing director Ian McKinnon informed Security Matters: “We recognise that organisations are looking for reassurance that everyone within their supply chain is operating to the required COVID-19 secure standards, but we also know that it’s extremely difficult for organisations to perform these checks independently, and particularly so while running on skeleton staff. The Statement of Best Practice (COVID-19) makes it easy for CHAS contractors to qualify for work while affording CHAS clients immediate visibility of a contractor’s COVID-19 secure status.”

Comelit takes on The Italian Jog in aid of NHS Heroes

Looking to make a difference for our NHS Heroes is Comelit, with various members of the company committed to run, walk and cycle the equivalent miles from its UK offices in Luton to its Italian headquarters in Lorenzo di Rovetta, Italy. 

Comelit’s challenge, aptly named The Italian Jog, will see members of the security and fire specialist’s team hoping to raise £1,000 for NHS Charities, which is dedicated to supporting NHS staff and volunteers caring for COVID-19 patients.

Francesca Boeris, managing director at Comelit UK, told Security Matters: “When one of the team said in our briefings: “Hang on a minute, I have a great idea” I was instantly ready to support the challenge, and even more so because it’s for our NHS Heroes. This is a big pledge, but one to which we have committed so as to ensure we can make a difference to the critical work being done to protect lives at this uncertain time.”

Comelit is now looking to support workplaces scheduled to return to work, introducing touch screen access control devices with integrated IR scanners for temperature checks as well as thermal camera technology designed to help ensure the safety of returning workers and customers alike.

Boeris added: “In the words of our CEO Edoardo Barzasi, we are taking the necessary measures and offering the right resources to overcome the situation. This is not only in terms of product offerings, but also service requirements. As an industry, we are undoubtedly in this together and will continue to be so. Understanding the new normal and what is being asked of all of us to protect our workers and customers is vital.”

Comelit will be posting regularly on social media platforms with updates on the team’s progress as it travels through virtual destinations and reaches its target.

*To support The Italian Jog visit https://www.gofundme.com/f/the-italian-jog

 

Security & Safety Things “sparks new era” in video surveillance with commercial availability of supported cameras

Security & Safety Things is “set to reshape innovation in video analytics and computer vision” with the commercial availability of a number of new IP security cameras from a variety of vendors that leverage the Security & Safety Things open and secure Internet of Things platform. This new generation of security cameras will employ the free Security & Safety Things camera operating system, which enables the cameras to run multiple Artificial Intelligence-enabled applications in parallel.

The apps automate the analysis of video data to produce valuable operational intelligence for business optimisation as well as provide easy-to-deploy tools that can aid in re-opening measures from the COVID-19 pandemic.

“Organisations of all sizes around the world need flexible and easy-to-deploy solutions that enable compliance with constantly changing pandemic-centric Health and Safety mandates and provide future value to ramp up and optimise their ongoing business operations,” stated Hartmut Schaper, CEO of Security & Safety Things.

He continued: “Companies can now deploy cameras running the Security & Safety Things operating system and use a selection of apps from our Application Store to detect the absence of facial coverings in a retail environment. The next day, that same camera can help the same retailer optimise merchandise placement based on store footfall, in one store or throughout the enterprise, along with further optimisations.”

First camera manufacturer

This month, Qisda/Topview will be the first camera manufacturer to launch a camera running the Security & Safety Things operating system, followed in quick succession by AndroVideo, who will also start shipping its own Security & Safety Things-enabled cameras in Q2.

Bosch is making its INTEOX camera line available as of July followed by Vivotek and BSTsecurity, who plan to ship a bit later in Q3. The first devices from Hanwha Techwin that run the Security & Safety Things operating system are expected to be commercially available in Q4. Security & Safety Things, Hanwha Techwin, Vivotek, Bosch, Qisda/Topview and AndroVideo are all members of the Open Security and Safety Alliance.

The free Security & Safety Things operating system is built on the Android Open Source Project. It leverages the expanding processing and analytic power of modern IP cameras to exponentially increase the amount of operational intelligence that can be mined from traditional IP-based surveillance footage.

The applications that can be installed on these cameras, both in an on-premise as well as a remote setting, are created by highly specialised third party developers and available through the platform’s open Application Store. This already features more than 50 applications from more than 35 developer partners, with more than 30 additional apps expected to be available the store very soon.

Typical use cases

In addition to pandemic applications, use cases include the detection of weapons, behavioural analysis, payment systems for garages, drone threat detection and even identifying objects presented for purchase in a cash register transaction for cashier-free retail environments.

Together with some of its camera and system integration partners, Security & Safety Things is already running projects in a live setting. These projects use, for example, heat mapping and queue analysis in retail stores and automated payment processing and license plate recognition for barrier-free traffic.

These types of applications are running in pilots with the parking management solutions provider Peter Park as well as with the leading mobility provider SIXT.

*More information about the Security & Safety Things platform and how businesses can benefit from the platform can be found at www.securityandsafetythings.com

**For an overview of the Artificial Intelligence video apps currently available for the Security & Safety Things-supported cameras, the Application Store may be viewed at https://store.securityandsafetythings.com

 

2020 edition of Security Essen cancelled by Messe Essen due to ongoing COVID-19 pandemic

The 2020 edition of popular international trade fair Security Essen, which was scheduled to run from 22-25 September, has been cancelled due to the ongoing Coronavirus pandemic. According to Messe Essen, customer expectations and the performance promise of the exhibition cannot be fulfilled under the present circumstances. The decision to cancel was taken by Messe Essen in the wake of close consultations with partner associations. The next Security Essen will now run at Messe Essen from 20-23 September 2022.

As a respected international platform for the security industry, Security Essen is always a showcase highlighting the latest innovations. Numerous market leaders in the security industry had already confirmed their participation for this year.

Security Essen covers everything from cyber security through to innovations in building security and new solutions for the protection of valuables. Every other year, circa 1,000 exhibitors from upwards of 40 countries show their innovations to no less than 36,000 trade visitors from 125 different nations.

“Anticipation around the 2020 edition and the new concept we had put in place for Security Essen was so high among all those involved,” explained Oliver Kuhrt, managing director of Messe Essen, “which made the decision to cancel all the more difficult. The fact is that the current situation, as well as the continuing global travel restrictions, will not allow adequate preparation for the trade fair.”

Careful evaluation

Norbert Schaaf, chairman of the Management Board of the Federal Association of Safety Engineering and chairman of the Security Essen Advisory Board, observed: “The cancellation of Security Essen 2020 is the result of a careful evaluation of the current situation which we have undertaken together. Since the majority of our participants come to Essen from abroad, we had to act with prudence. Due to the unclear worldwide development of the Coronavirus pandemic and the associated uncertain travel planning we were left with no alternative.” 

Dr Christian Endreß, managing director of the Federal Association for Security in Industry and Commerce and a member of the Security Essen Advisory Board, added: “Security Essen as an important international event in the security industry’s calendar and a particular highlight for the Federal Association. The cancellation is hitting the industry and the security associations pretty hard. We regret the decision, but we also fully understand it and look forward to 2022 with confidence.”

Dr Harald Olschok, general manager of the Federal Association of the Security Industry and also a member of the Security Essen Advisory Board, concluded: “From the perspective of our member companies, the decision to cancel Security Essen is fully understandable. Personally, I regret this very much, because it would have been my fifteenth and last Security Essen as CEO of the BDSW and the BDGW. The Coronavirus crisis represents an enormous economic challenge for security solutions providers. I’m sure that the management and the entire team of the BDSW and the BDGW with their affiliated member companies are looking forward to Security Essen 2022 when, hopefully, there will be better economic conditions for all.”

Webeye security specialist’s daughter runs 140 miles in aid of NHS Heroes

Maddie Wall, the daughter of security cloud monitoring specialist Webeye’s global sales director Mark Wall, has committed to running five miles every day for 28 days in aid of NHS Charities Together.

At just 13 years old, Maddie began her challenge on 19 April with the intention of raising £500 for the NHS official charity organisation. By the halfway point, Maddie had smashed her target, raising an impressive £2,725.

A keen fundraiser, Maddie recently completed the ‘Brave the Shave’ challenge, duly raising £1,200 for Macmillan Cancer Support. She’s a keen cyclist, but until now has never attempted to run more than a circuit of the local park.

Mark and Maddie Wall

Proud dad Mark is actively supporting Maddie. He told Security Matters: “Maddie took this challenge upon herself and, before we knew it, had set up a GoFundMe page and was ready for her first run. She’s fully committed and we are really proud of how much she has already raised in support of our incredible NHS staff, enabling them to do so much more to protect lives at this uncertain time.”

NHS Charities Together is a membership organisation representing, supporting and championing the work of the NHS’ official charities. It’s currently focusing on supporting NHS Staff and volunteers caring for COVID-19 patients, raising over £80,000,000 to date.

*To support Maddie’s charity-focused challenge, please visit https://www.gofundme.com/f/to-help-the-heroes-of-2020?