Tag Archives: Cyber Attacks

IDIS determined to focus on video cyber security at IFSEC International 2019

Network security and the threat of ‘cyber loopholes’ should be a top priority for video surveillance users, IDIS will tell visitors at IFSEC International. Launching a cyber security advisory video ahead of the show, the IDIS team at ExCeL in London from 18-20 June will also be on hand to demonstrate and explain how IDIS technology goes a step further to strengthen the resilience of traditional surveillance network processes.

IDIS will be highlighting the dangers of cyber attacks and the common vulnerabilities found in many surveillance set-ups – as well as showcasing a full range counter-measures – on Stand IF1110.

Users should plan for three specific risks, states the company: data access loopholes, data transmission weaknesses and the integrity of recorded footage.

“IDIS has consistently led the way in addressing cyber security concerns, taking a multi-pronged approach from R&D through to customer installation,” said James Min, managing director of IDIS Europe. “We’ve developed a rich, layered and comprehensive set of technologies and features to ensure maximum protection for end users.”

IDIS IFSEC Stand 2019 (1)

Visitors will see how IDIS DirectIP – the cornerstone of the IDIS Total Solution – closes-up widespread vulnerabilities and serves as a proprietary mutual authentication system for all IDIS IP products. IDIS DirectIP speeds up implementations and streamlines cyber security by eliminating the need for engineers to manage multiple IP addresses and associated passwords during implementation. It therefore mitigates human error and the common malpractice of saving passwords in vulnerable spreadsheets.

Using peer-to-peer technology, IDIS’ ‘For Every Network’ technology also lets engineers deploy and configure secure, multi-site surveillance solutions that use centralised monitoring and control without in-depth knowledge of routing or networking.

IDIS will also highlight the cyber security essentials for transmission and recording together with its own patented and proprietary technologies which prevent activities such as snooping, modification and the destruction of data.

James_Min_IDIS_Europe_MD

James Min

In addition, visitors to Stand IF1110 will learn how IDIS ensures the integrity of video recording, with its advanced ‘Chained Fingerprint’ technology authenticating footage such that it can be submitted to the police and the courts as evidence.

“Combined with these technologies, our industry-leading training programmes are helping installers and integration partners to work knowledgeably with devices and networks to ensure maximum cyber security for our end users,” concluded Min.

Advertisements

Leave a comment

Filed under Risk Xtra

NATO selects BlackBerry’s encrypted voice technology for secure calls

The NATO Communications and Information (NCI) Agency has awarded a contract for BlackBerry’s SecuSUITE for Government to encrypt the conversations of its technology and cyber leaders wherever they communicate – in the workplace, at home or when travelling abroad.

The NCI Agency helps NATO’s 29 Member Nations communicate securely and work together in smarter ways. It acquires, deploys and defends communication systems for NATO’s political decision-makers and Command Centres, working on the front lines against cyber attacks. Due to the classified nature of the information the NCI Agency handles, it’s critical that all communications remain secure, combating any opportunity for a cyber criminal to electronically eavesdrop on conversations.

BlackBerrySecusuite1

“As cyber criminals and state-sponsored actors become increasingly more sophisticated, we needed a highly secure way for our cyber leaders to have phone conversations with people inside and outside of our organisation regardless of where they are in the world,” said Kevin Scheid, general manager of the NCI Agency. “BlackBerry’s voice encryption technology helps solve this challenge and strengthens our elite cyber defence strategy.”

Dr Christoph Erdmann, senior vice-president of BlackBerry SecuSMART at BlackBerry, responded: “Eavesdropping on calls is one of the easiest ways to gain access to private information. We’re extremely proud that the NCI Agency, a world leader in the development and use of technology that keeps NATO nations secure, has put its trust in BlackBerry’s software to secure voice communication. No matter the operating system or ‘thing’ used to communicate, BlackBerry’s arsenal of cyber security technology ensures that our customers’ data remains private.”

BlackBerrySecusuite2

BlackBerry’s SecuSUITE for Government supports Android and iOS smart phones and tablets, and can be can be installed on-premise, in a Data Centre or in the cloud.

Use cases for the solution include: 

*Secure conferencing: Encrypts conversations between a secure conference bridge and a SecuSUITE for Government-enabled devices

*Secure landing: Encrypts mobile devices to a landline within a network

*Break-in: Protects any communication between a mobile or landline on the user’s home network to a SecuSUITE for Government-enabled mobile device

*Break-out: Secures mobile devices to the employee’s home network and from there to external mobile or landlines through PSTN extension

BlackBerryNATO

SecuSUITE for Government has been evaluated and certified to be compliant with the Common Criteria protection profile for VoIP applications and SIP servers. It has also earned a NIAP certification and has been placed on the NSA Commercial Solutions for Classified Program component list of products certified for use on classified systems.

*For more information on BlackBerry’s SecuSUITE for Government visit blackberry.com/government

Leave a comment

Filed under Risk Xtra

Dell “reinvents” endpoint security portfolio through strategic collaborations with Secureworks and CrowdStrike

Cyber criminals are continuously shifting their attack techniques to better target endpoints. As more than one-third (39%) of cyber attacks are now non-malware based, adversaries can exploit gaps in traditional anti-malware solutions used in isolation.

Considering that 50% of organisations also have insufficient endpoint or network visibility during incident response engagements, it’s clear many businesses are injecting ineffective security tools into their environments, ultimately adding complexity without directly addressing the problem.

These disconnected solutions require ongoing diligence and expert resources to analyse a multitude of security alerts and identify compromised devices. Yet, with the growing cyber security skills gap, businesses don’t have the resources needed to manage their security infrastructure effectively.

To help organisations in addressing these challenges, Dell is introducing Dell SafeGuard and Response, a portfolio of next generation endpoint security solutions that combines the managed security, incident response expertise and threat behavioural analytics of Secureworks with the unified endpoint protection platform from CrowdStrike.

Dell’s modern and effective approach designed to prevent, detect and respond to the shifting threat landscape makes it easy for organisations to protect their data with the industry’s most secure commercial PCs.

With Artificial Intelligence (AI)-driven and cloud-native endpoint protection powered by CrowdStrike and expert threat intelligence and response management by Secureworks, Dell SafeGuard and Response provides end user customers with the essential capabilities they need to protect their PCs and data. CrowdStrike endpoint security solutions prevent more than 99% of malware and non-malware-based threats, detect 100% of vulnerabilities and respond to sophisticated attacks rapidly.

DellLaptop

Secureworks’ RedCloak behavioural analytics are built into the prevention, detection and response capabilities, so customers benefit from an ever-smarter network effect of protection. When an emerging threat is discovered in one environment, countermeasures are created and deployed to all customers who may be affected. 

Prevent, detect and respond to threats

With Dell SafeGuard and Response, customers no longer need to worry about complex implementation involving numerous agents. Dell’s modern approach to security simplifies the buying process, allowing customers to order these new solutions alongside their new PC. Businesses will receive outstanding prevention combined with the ability to quickly detect compromised devices and remediate cyber incidents.

Customers can select from the following new Dell SafeGuard and Response solutions to meet their unique security needs:

CrowdStrike Falcon Prevent: This next generation anti-virus (NGAV) solution uses AI and machine learning to stop malware and malware-free attacks, offering organisations enhanced protection without requiring signatures and the heavy updates that come with them

CrowdStrike Falcon Prevent and Insight: In addition to the NGAV solution, customers can advance their threat prevention capabilities with Device Control and Falcon Insight, the leading endpoint detection and response solution. This enables full visibility into endpoint threat activity and real-time remediation designed to prevent, detect and investigate incidents and stop threats

Secureworks Managed Endpoint Protection: Combined with CrowdStrike Falcon Prevent and Insight and Device Control, this offer provides customers with 24×7 managed services from Secureworks to monitor the state of endpoints for indications of threat actor activity. Secureworks’ Security Operations Centre and Counter Threat Unit will investigate events to determine severity, accuracy and context to suggest remedial actions, in turn giving organisations peace of mind around the clock

Secureworks Incident Management Retainer: In the event of a serious security incident, Secureworks will deploy its on-demand incident response specialist team who are highly skilled to respond to and mitigate a cyber incident at any time. Now, organisations with and without SOCs can have the support and expertise needed in critical times. This service can also be used to build a proactive response plan for future security incidents.

Devices and data secure 

“Organisations are faced with what may feel like an exponentially expanding threat landscape and a mixed bag of solutions to fix it,” said Brett Hansen, vice-president and general manager of client software and security solutions at Dell. “To meet the evolving needs of our customers and stay ahead of ever-evolving threats, Dell is offering organisations the tools they need to keep their devices and data secure.”

Wendy Thomas, senior vice-president of business and product strategy at Secureworks, added: “Attacker techniques are becoming more sophisticated. Customers need managed solutions that are actively guarding against threat activity. Our modern approach with Dell ensures a co-ordinated defence against cyber threats at the scale and speed required for any customer’s evolving security needs beyond the network.”

Matthew Polly, vice-president of worldwide business development and channels at CrowdStrike, concluded: “Being selected by Dell is a testament to CrowdStrike’s market leadership and the proven value of our platform. Together, we are equipping customers with a unique and compelling solution to deliver an end-to-end approach to endpoint security that effectively stops threats, while also reducing enterprise complexity and modernising threat detection and management.”

*Dell SafeGuard and Response will be available globally in March through Dell and its authorised channel partners. Additionally, the comprehensive CrowdStrike Falcon platform can also be purchased through Dell

Leave a comment

Filed under Risk Xtra, Uncategorized

Barracuda Networks helps Leeds United FC to tighten up its cyber defence

Cloud-enabled security and data protection solutions specialist Barracuda Networks has been selected by Leeds United Football Club’s management team to help protect it from today’s advanced cyber threats.

Working with Leeds-based IT reseller and club sponsor Altinet, Barracuda Networks is providing Leeds United FC with its Message Archiver in order to make the storage and access of e-mails simpler, quicker and more secure. As well as being easy to set up and manage, the new e-mail archiving solution allows Leeds United FC to combine on-site hardware with cloud-based replication. This ensures that e-mail data is easy to recover in the event of an attack or data loss.

“As a multi-million pound business, we’re dealing with high volumes of important and confidential e-mails on a daily basis so we have to assume that we’re a high-value target for cyber attackers,” said Mark Broadley, head of IT and facilities at Leeds United FC. “Our legacy e-mail solution wasn’t providing a high enough level of protection, and had meant that staff within the HR and legal teams were spending a lot longer finding information than was needed. On the recommendation of Altinet, we were delighted to make Barracuda Networks the first signing of this very important project.”

LeedsUnitedFC

Barracuda Networks’ solution helps Leeds United FC to easily meet regulatory requirements and take complex discovery requests in its stride. This is particularly important given the club’s historical high turnover of personnel, and the need to find and read archived e-mails in minutes rather than hours or days.

Chris Ross, senior vice-president for international business at Barracuda Networks, said: “Being selected by Leeds United FC to improve and modernise the club’s data protection is an important accolade for us. With cyber attackers becoming ever-more sophisticated and data protection rising higher up the corporate agenda, it’s important that organisations replace legacy solutions and keep up-to-date with the latest threats.”

Ross added: “As it increasingly becomes about when you’re going to be attacked rather than if, data protection and recovery should form a key element of every organisation’s cyber security strategy. On top of keeping an eye on Leeds United FC’s cyber defences, we’ll be watching with interest and wishing the club the best of luck as it seeks promotion from the Championship back to the Premier League.”

Leave a comment

Filed under Risk Xtra

Egress Software Technologies CEO responds to ICO’s Data Security Incidents Report for Q2

On Friday 16 November, the Information Commissioner’s Office (ICO) published its Data Security Incidents Report for Q2 2018. Data security incidents, which are breaches of the seventh data protection principle or personal data breaches reported under the Privacy and Electronic Communications Regulations, are a major concern for those affected and a key area of action for the ICO.

On 18 July 2018, the Independent Inquiry into Child Sexual Abuse (IICSA) was fined £200,000 for revealing the identities of abuse victims in a mass e-mail. On 9 August, Lifecycle Marketing (Mother and Baby) Ltd, also known as Emma’s Diary, was fined £140,000 for illegally collecting and selling personal information belonging to more than one million people.

On 20 September, Equifax Ltd was fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017 and, on 28 September, BUPA Insurance Services was fined £175,000 for failing to have effective security measures in place to protect customers’ personal information.

ICOLogoWeb

Tony Pepper, CEO of Egress Software Technologies, commented: “Looking at this report, it’s no surprise that the number of data security incidents filed to the ICO has continued to increase with no signs of plateauing. Overall, there has been a 29% increase in the number of reported data security incidents, from 3,146 between April and June 2018 to 4056 from July to September 2018. This demonstrates a 490% increase compared to the same quarter in 2017.”

Pepper continued: “Similar to the statistics we observed in the ICO’s previous report, this doesn’t necessarily mean that organisations are experiencing more incidents, but it definitely does mean that more are now being reported. The increased awareness for organisations to tread carefully has been fuelled by the General Data Protection Regulation, as well as the significant data breach incidents that recognisable brands have suffered in recent times.”

In terms of the monetary penalties, fewer fines were issued between July and September compared to those issued between April and June, with £875,000 issued under the Data Protection Act in the most recent complete three-month period.

Significant growth in data incidents

Although the report doesn’t summarise the type of incidents reported, it does detail the sectors that have experienced significant growth in these incidents. These include general business, which has experienced an increase of 87%, finance with 49%, insurance and legal with 63%, media with 633% and transport and leisure with 57%, while Government, at both the central and local level, experienced a 14% increase.

“We have also seen an organisation fined for unlawfully selling personal data, while Equifax was fined the highest amount under the Data Protection Act (£500,000) for a cyber attack that exposed the personal information of up to 15 million UK citizens.”

ElizabethDenhamICO

Information Commissioner Elizabeth Denham

Pepper added: “Clearly, there’s not only an issue with external attackers illegally obtaining and hacking an organisation’s systems to obtain data, but also with internal employees – and companies as a whole – misleading the population on why their personal data is being collected and how it will be used. As a result, organisations should be vigilant when it comes to ensuring data security protection is in place, and especially so to combat internal threats.”

Pepper feels that organisations should take a user-centric approach to data security, ensuring that every employee – from C-Suite executives to the average worker – is as security savvy as they need to be. This philosophy has been highlighted in recent Egress research, which revealed that 20% of an organisation’s employees don’t know what kinds of personal information should be protected when sharing data via e-mail.

“By taking a user-centric approach and equipping staff to protect personal data through technology that supports and secures the work they do,” urged Pepper, “as well as more training and awareness of what constitutes the mishandling of personal data, organisations will be able better placed to mitigate the chances of external and internal data security incidents.”

Leave a comment

Filed under Risk Xtra

UK’s SMBs battling average of five cyber attacks per annum

Small and medium-sized businesses (SMBs) in the UK have faced up to an average of five cyber attacks in the last 12 months. That’s according to research commissioned by online encryption specialists Appstractor Corporation that highlights the growing threat such businesses face from online criminals.

A significant number of IT decision-makers in these SMBs believe they’re being put at greater risk of attack because their security software isn’t keeping pace with the sophisticated nature of the attacks with which they’re confronted.

According to the new independent report entitled ‘Under Attack: Assessing the Struggle of UK SMBs Against Cyber Criminals’. some businesses (19%, in fact) faced as many as ten attacks in the last year. IT bosses who took part in the research survey suggested that one of the major causes for concern for SMBs in the UK is that security and encryption software is aimed at individual consumers or large corporations and Governments, meaning that they cannot be deployed effectively in a small business environment.

SMBCyberSecurity

In fact, only 44% of IT decision-makers in SMBs believe that they’re able to properly protect themselves against cyber criminals using current software and systems when compared to the ability of large businesses to protect themselves.

A third believe that the UKs small business community – which makes up 99% of businesses, according to the Federation of Small Businesses – is being “forgotten about” and placed at a higher level of risk when compared to their larger counterparts.

When it comes to the level of threat faced by these smaller companies, Appstractor Corporation’s research found that 17% of companies faced at least one attack in the last year, 28% were attacked two or three times, 32% faced four or five attacks and 19% were attacked between six and ten times.

A small proportion of companies – 2% – said that their company had been targeted up to 20 times in the last 12 months.

Commenting on the report, Paul Rosenthal (CEO and founder of Appstractor Corporation) agreed that current solutions were not up to scratch. but also said that some SMBs were making themselves an easy target for criminals.

“It’s the case that SMBs are at a disadvantage in the cyber security arms race because software and platforms are not being effectively designed for them, so they have to shoehorn consumer or large enterprise-grade solutions into their company which don’t work in small businesses. IT managers and small business owners need to rid themselves of their current ideas that they are too small to be targeted and so don’t have to worry about security and encryption software. The reality is that small businesses are being targeted by criminals more than ever before. Techniques like automated mass targeting are putting them at a serious and present risk of attack.”

*To access the full report click here

Leave a comment

Filed under Risk Xtra

MOBOTIX launches ‘Cactus Concept’ to set focus on cyber security for video surveillance

MOBOTIX has announced a heightened focus on cyber security by implementing the ‘Cactus Concept’. The concept aims to deliver a comprehensive approach towards protecting MOBOTIX products against the threat of cyber attacks along with education and tools to help customers and partners alike in building and maintaining secure video surveillance and access control environments.

The ‘Cactus Concept’ will raise awareness among potential and existing MOBOTIX customers of the importance of data security in network-based video security systems and how organisations can protect themselves through cost-efficient and intelligent solutions. End-to-end encryption with no blind spots is required, from the image source via the data cables and the data storage through to the VMS on the end user’s computer.

Like a cactus, whose every limb is covered in thorns, all of the modules (camera, storage, cables, VMS) in the MOBOTIX system have ‘digital thorns’ that protect them from unauthorised access.

MOBOTIXCactusConcept

“Modern video surveillance and access control technologies help protect people, places and property across the world, but they’re increasingly targeted by criminals aiming to infiltrate, take-over or disable them,” explained Thomas Lausten, CEO of MOBOTIX. “With the Internet of Things trend adding billions of IP-connected devices each year, our industry must lead the way in creating secure platforms that can reduce the risks posed by these damaging attacks.”

MOBOTIX firmly believes in its ‘Cactus Concept’ to protect every element of the design, manufacture and operation of each device along with end-to-end encryption across the entire usage and management cycle.

To ensure the highest levels of security, MOBOTIX uses the services of SySS, a highly regarded and independent third party security testing company that examines the security of both software and hardware elements. SySS customers include Basler Versicherungen, Bundeswehr, CreditPlus Bank AG, Daimler, Deutsche Bank, Deutsche Flugsicherung, Festo, Hewlett Packard, Innenministerium/LKA Niedersachsen, SAP, Schaeffler, Schufa, T-Systems and Union Investment.

Sebastian Schreiber, CEO at SySS, added: “MOBOTIX has a contract with us to provide further penetration testing of its technology elements. The initial platform testing on a current camera model revealed very positive results. We’ll now continue security testing as an ongoing process.”

Thomas Lausten concluded: “Cyber security has been and will continue to be a core focus for us. We look forward to working with our peers in the industry, as well as customers and Government agencies, in order to protect the very technologies and systems that help make society safer for us all.”

*For more information visit www.cactusconcept.com

Leave a comment

Filed under Risk UK News