Tag Archives: Cyber Crime

KnowBe4 study reveals 92% of organisations’ biggest security concern is end users

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released the results of new research. The company’s report examines over 350 organisations globally and reveals the security weaknesses and concerns within them. On average, 81% of organisations had some degree of concern around security issues.

Cyber crime continues to evolve and become more sophisticated. Artificial Intelligence and machine learning are leveraged by many criminal organisations to help them better understand how to improve their attacks and they’re now targeting specific industry verticals, organisations and even individuals.

Increases in the frequency of ransomware, phishing and crypto-jacking attacks have been experienced by businesses of nearly every size, vertical and location.

KnowBe4

When it comes to attack vectors, data breaches are the primary concern, with credential compromise coming a close second. These two issues go hand-in-hand as the misuse of credentials remains the foremost attack tactic in data breaches. That’s according to Verizon’s 2018 Data Breach Investigations Report.

Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively “old” attack vectors.

Other key findings

*92% of organisations rank end users as their primary security concern. At the same time, security awareness training along with phishing testing tops the list of security initiatives that organisations need to implement

*Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate. In terms of attacks, 95% of those organisations surveyed are most concerned with data breaches

*Ensuring security is in place to meet General Data Protection Regulation (GDPR) requirements is still a challenge for 64% of organisations, despite the GDPR’s fine details having been public knowledge for quite some time

*Attackers’ use of compromised credentials is such a common tactic. 93% of organisations are aware of the problem, but still have lots of work to do to stop it

*When it comes to resources, 75% of organisations don’t have an adequate budget

“2018 was a prolific year for successful cyber attacks, with many of them caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start their defence by establishing a security culture. In order to combat the escalation of social engineering, they absolutely have to ensure that users are trained and tested.”

To read the full report visit www.KnowBe4.com

Leave a comment

Filed under Risk Xtra

Dell “reinvents” endpoint security portfolio through strategic collaborations with Secureworks and CrowdStrike

Cyber criminals are continuously shifting their attack techniques to better target endpoints. As more than one-third (39%) of cyber attacks are now non-malware based, adversaries can exploit gaps in traditional anti-malware solutions used in isolation.

Considering that 50% of organisations also have insufficient endpoint or network visibility during incident response engagements, it’s clear many businesses are injecting ineffective security tools into their environments, ultimately adding complexity without directly addressing the problem.

These disconnected solutions require ongoing diligence and expert resources to analyse a multitude of security alerts and identify compromised devices. Yet, with the growing cyber security skills gap, businesses don’t have the resources needed to manage their security infrastructure effectively.

To help organisations in addressing these challenges, Dell is introducing Dell SafeGuard and Response, a portfolio of next generation endpoint security solutions that combines the managed security, incident response expertise and threat behavioural analytics of Secureworks with the unified endpoint protection platform from CrowdStrike.

Dell’s modern and effective approach designed to prevent, detect and respond to the shifting threat landscape makes it easy for organisations to protect their data with the industry’s most secure commercial PCs.

With Artificial Intelligence (AI)-driven and cloud-native endpoint protection powered by CrowdStrike and expert threat intelligence and response management by Secureworks, Dell SafeGuard and Response provides end user customers with the essential capabilities they need to protect their PCs and data. CrowdStrike endpoint security solutions prevent more than 99% of malware and non-malware-based threats, detect 100% of vulnerabilities and respond to sophisticated attacks rapidly.

DellLaptop

Secureworks’ RedCloak behavioural analytics are built into the prevention, detection and response capabilities, so customers benefit from an ever-smarter network effect of protection. When an emerging threat is discovered in one environment, countermeasures are created and deployed to all customers who may be affected. 

Prevent, detect and respond to threats

With Dell SafeGuard and Response, customers no longer need to worry about complex implementation involving numerous agents. Dell’s modern approach to security simplifies the buying process, allowing customers to order these new solutions alongside their new PC. Businesses will receive outstanding prevention combined with the ability to quickly detect compromised devices and remediate cyber incidents.

Customers can select from the following new Dell SafeGuard and Response solutions to meet their unique security needs:

CrowdStrike Falcon Prevent: This next generation anti-virus (NGAV) solution uses AI and machine learning to stop malware and malware-free attacks, offering organisations enhanced protection without requiring signatures and the heavy updates that come with them

CrowdStrike Falcon Prevent and Insight: In addition to the NGAV solution, customers can advance their threat prevention capabilities with Device Control and Falcon Insight, the leading endpoint detection and response solution. This enables full visibility into endpoint threat activity and real-time remediation designed to prevent, detect and investigate incidents and stop threats

Secureworks Managed Endpoint Protection: Combined with CrowdStrike Falcon Prevent and Insight and Device Control, this offer provides customers with 24×7 managed services from Secureworks to monitor the state of endpoints for indications of threat actor activity. Secureworks’ Security Operations Centre and Counter Threat Unit will investigate events to determine severity, accuracy and context to suggest remedial actions, in turn giving organisations peace of mind around the clock

Secureworks Incident Management Retainer: In the event of a serious security incident, Secureworks will deploy its on-demand incident response specialist team who are highly skilled to respond to and mitigate a cyber incident at any time. Now, organisations with and without SOCs can have the support and expertise needed in critical times. This service can also be used to build a proactive response plan for future security incidents.

Devices and data secure 

“Organisations are faced with what may feel like an exponentially expanding threat landscape and a mixed bag of solutions to fix it,” said Brett Hansen, vice-president and general manager of client software and security solutions at Dell. “To meet the evolving needs of our customers and stay ahead of ever-evolving threats, Dell is offering organisations the tools they need to keep their devices and data secure.”

Wendy Thomas, senior vice-president of business and product strategy at Secureworks, added: “Attacker techniques are becoming more sophisticated. Customers need managed solutions that are actively guarding against threat activity. Our modern approach with Dell ensures a co-ordinated defence against cyber threats at the scale and speed required for any customer’s evolving security needs beyond the network.”

Matthew Polly, vice-president of worldwide business development and channels at CrowdStrike, concluded: “Being selected by Dell is a testament to CrowdStrike’s market leadership and the proven value of our platform. Together, we are equipping customers with a unique and compelling solution to deliver an end-to-end approach to endpoint security that effectively stops threats, while also reducing enterprise complexity and modernising threat detection and management.”

*Dell SafeGuard and Response will be available globally in March through Dell and its authorised channel partners. Additionally, the comprehensive CrowdStrike Falcon platform can also be purchased through Dell

Leave a comment

Filed under Risk Xtra, Uncategorized

Major life-threatening cyber attack on UK “in little doubt”

The National Cyber Security Centre (NCSC) has published its second Annual Review, in turn revealing that the organisation has prevented Britain from falling victim to nearly 1,200 attacks in the past two years. The NCSC has also warned of the likelihood of a major life-threatening cyber attack on the UK in the near future.

The NCSC states that the UK is hit by ten serious cyber attacks every week. 70% of these attacks are “undertaken by groups of computer hackers directed, sponsored or tolerated by the Governments of [hostile] countries”.

Commenting on these figures, Mishcon de Reya’s cyber security lead Joe Hancock informed Risk Xtra: “1200 attacks may seem like a large number, but the reality is that this is the tip of the iceberg. The majority of these attacks on business, Government and third sector organisations go unreported and often undetected. Behind these high profile attacks there are the millions of online crimes that affect individuals every day.”

NCSCLogoWeb

Focusing on that last point, Hancock continued: “We routinely deal with the often unreported issues. More needs to be done to back law enforcement in supporting both victims and responders to better detect and recover from cyber episodes. A focus on critical infrastructure is welcomed by everyone, but it doesn’t help the millions of victims of cyber fraud. The recent Facebook breach shows the potential downsides of large-scale data collection and reliance on single points, provided by social media to access a wide variety of services across the Internet which can act as a gateway for attackers to further data and services.”

Further, Hancock observed: “Cyber security practices are not consistent globally and an attack against a weaker link in the supply or data chain can have unanticipated consequences for companies and individuals. More is needed to help protect everyday victims of these crimes, and especially so in the international arena. It’s difficult to see how mass cyber crime can be tackled without an international consensus and consequences for nations that turn a blind eye.”

Also, Hancock outlined: “Many of the cyber incidents we deal with have a financial component, often involving the traditional banking system and not only cryptocurrencies such as Bitcoin. Driving cyber criminals out of the financial system will have an impact on cyber crime levels.”

Actions and behaviours

There are specific actions and behaviours that should be adopted now to aid readiness for inevitable cyber attacks. Steve Mulhearn, director of enhanced technologies for the UK and Ireland and DACH at Fortinet, has listed them as prevention, the harnessing of Artificial Intelligence (AI) and adaptive technology and better visibility across the network.

Prevention

Prevention is easier when all employees in the business, not just the IT Department, take responsibility for the security of the business. For example, breaches like the Bupa or Waymo hacks have raised the appreciation of the number of breaches that occur because employees are targeted. The Fortinet Global Enterprise Security Survey 2017 found that 67% of businesses say they’re planning IT security and awareness training for employees in 2018.

Harness AI and adaptive technology

Harnessing the power of AI to learn from breaches, as well analyse data and automate reactions to shut down breaches when they occur, are vital actions. Threats evolve and adapt over time as applications, technologies, configurations, controls and behaviours change, making security an arms race wherein a static solution simply will not do.

Better visibility across the network

A vital tool in this struggle is visibility. You cannot secure what you cannot see. This means control across the distributed network, including endpoints, the Internet of Things and the cloud. According to the Fortinet 2017 Survey, only a small cohort of respondents feel confident that they have full visibility and control of employee access.

*The National Cyber Security Centre’s Annual Review can be accessed online at https://www.ncsc.gov.uk/news/annual-review-2018

Leave a comment

Filed under Risk Xtra

IFSEC organiser UBM previews ‘The Future of Security’ Seminar Theatre powered by Tavcom Training

In partnership with Tavcom Training, the provider of accredited security systems training courses, IFSEC International organiser UBM has unveiled some of the detail behind ‘The Future of Security’ Seminar Theatre. Sponsored by Panasonic UK, this will deliver a range of essential CPD-accredited presentations on the very latest in security technology design and integration when IFSEC 2018 runs at London’s ExCeL from 19-21 June.

Physical security systems are now heavily dependent on IT-based platforms. This intersection of technologies has opened up significant potential for security installers and engineers to offer even better solutions for their end customers. To reflect this demand, ‘The Future of Security’ Theatre will focus on these opportunities in offering a full set of free seminars. The sessions will expertly target key areas addressing cyber security, IT Best Practice, practical IP networking, integration and system design plus a wide range of additional core areas. All sessions will be delivered by specialist Tavcom trainers.

Delivering insight into the major security challenges, the cyber security sections will look into how robust approaches can strengthen an existing physical security system, providing the end user with even greater resilience to cyber threats.

From an IT security aspect, the sessions will include sessions on understanding firewalls and identifying vulnerabilities which can be inherent in the installation process. In addition, there will be exclusive sessions on the use of drones in security and how this technology is both a benefit and a hazard.

IFSECInternational2018ShowMeHow

‘The Future of Security’ Theatre will be a major element in the new ‘Show Me How’ project at IFSEC International 2018, which will identify education opportunities and exhibiting companies as key destinations where visitors can go to learn about Best Practice and capabilities. Exhibitors will host technical experts on their stands to ensure visitors gain a direct understanding of the products and solutions and making sure they leave fully equipped with the right knowledge.

At the event, all ‘Show Me How’ areas and exhibitors will be clearly signposted to help visitors make the best possible use of their time at IFSEC 2018.

With cyber crime being an ever-present threat exploiting business weaknesses around storing data in multiple locations, Panasonic UK is proactively taking action to thwart such threats by expanding its cyber offerings. In particular at IFSEC International 2018, the business will focus on how integrators and installers can bring additional value to end users by providing ‘cyber safe’ environments.

Paul Tennent, sales director at Tavcom Training, stated: “As a leading training provider for the security and fire installer sectors, Tavcom is excited to be part of the new position IFSEC is taking as a major education provider. Its been interesting to see the insights and research IFSEC has gained over the past year, particularly so in regard to the expectations and direct needs of the installer community. It’s also acutely apparent that growth areas and technologies in and around cyber security are becoming critical, so we’re happy to lend our expertise to the wider IFSEC audience.”

Gerry Dunphy, brand director for IFSEC International, responded: “We’ve been through an extensive research programme over the past 12 months which has provided IFSEC with a clear set of directions, matching the direct needs of our customers. They’ve told us they have a need to understand the future. They need guidance on areas such as how cyber security impacts on physical systems and they need to hear from specialists they can trust. Working with Tavcom Training on ‘The Future of Security’ Theatre is the perfect solution given Tavcom’s history and expertise in these core areas. Our customers have told us what’s keeping them awake at night and it’s IFSEC’s duty to help them rest more comfortably.”

*IFSEC International 2018 is co-located with FIREX International, Safety & Health Expo and The Facilities Show, offering a strategic blend of related business to business events focusing squarely on the protection and management of people, property and assets

Leave a comment

Filed under Risk UK News

AMG Systems to discuss integrated technologies at Global MSC’s Security 2017 event

Network transmission solutions specialist AMG Systems will discuss the latest developments in environmentally robust fibre, analogue, IP/Ethernet, wireless and hybrid communication systems when the company exhibits at the Global MSC Security Conference and Exhibition 2017 in Bristol.

The two-day event is hosted by consultancy Global MSC Security, with this year’s theme being that of ‘Integrating Technologies’. The conference and exhibition is designed to bring together experts from across the security industry, sharing their knowledge with delegates from local authorities, hospitals, universities and both private and blue chip companies. This year’s event looks into the ways that security is changing, integrating with other disciplines and adapting at a rapid pace to meet the demands of what end users now require from their security solutions.

Speakers and topics include:

*Daffydd Llywelyn (Dyfed Pewees Police and Crime Commissioner): Public Space Surveillance initiative

*Professor William Webster (director, Centre for Research into Information, Surveillance and Privacy): Body-Worn Video Research

*Tony Porter (Surveillance Camera Commissioner): National Surveillance Camera Strategy for England and Wales

*Detective Inspector Edward Heath (Avon and Somerset Police): Cyber Crime

*Bernadette Bashford-Payne (estate Control Centre manager, Canary Wharf): ‘Inside a Large Control Room’

*Jim Burgess (associate director, Perform Green): ‘Integrating CCTV in Bristol’s Smart City’

*Mick Neville (ex-Metropolitan Police Service: SeeQuestor Review

Discussion of key security challenges

At the Global MSC Security Conference and Exhibition, AMG Systems is exhibiting on Stand 25. The company’s business development director Sara Fisher said that the organisation is looking forward to meeting delegates and discussing the key security challenges that they face in their day-to-day operations.

SaraBullockAMGSystems

Sara Fisher of AMG Systems

“Our specialist transmission knowledge can provide enormous benefits for integrated projects, saving on infrastructure expenditure, time for install or upgrade and reducing complexity,” said Fisher. “I’m keen to talk to any delegates who’d like to learn more about the way that legacy systems can be transitioned relatively simply to IP and Ethernet, with all the advantages that brings, and to those who’d like to discuss any other aspect of security and data network provision.”

AMG Systems manufactures intelligent, industrial grade, robust edge-of-network transmission solutions which have been used extensively in CCTV and security systems, as well as in sectors as diverse as the oil and gas, Critical National Infrastructure, defence and transport industries.

AMG Systems is the only UK-based IP and Ethernet transmission product manufacturer and solution provider. The company’s degree of in-house control mean that its products are less vulnerable to cyber security attacks than those from other companies, which rely on third party hardware and software.

The Global MSC Security Conference and Exhibition 2017 takes place on Monday 13 and November 14 at the Bristol Hotel on Prince Street in Bristol. For more information and to book a delegate place visit www.globalmsc.net/seminars-2/

Leave a comment

Filed under Risk UK News

New date announced for free-to-attend BSIA/FIA-supported cyber security seminar

A free-to-attend, half-day seminar which aims to help security buyers and installers alike to navigate the complex world of cyber security is being held in Solihull on Thursday 2 November.

Organised by the British Security Industry Association (BSIA) and supported by the Fire Industry Association (FIA), the event will include presentations from a wide range of cyber security experts, with a particular focus on the potential vulnerabilities of ‘connected products’ – meaning any security product that can be accessed or operated remotely via the Internet (eg intruder alarms, video surveillance systems and access control solutions) – and how these vulnerabilities can be combated.

Delegates will be informed about the potential cyber risks facing their business, with presentations from the West Midlands Police’s digital cyber crime team and the Scottish Business Resilience Centre’s team of ‘ethical hackers’.

BSIACyberSecurity

Attendees will also find out how the BSIA’s ongoing work in the field of cyber security is helping the security industry to protect itself and its customers.

Finally, delegates will benefit from a summary of the European Union’s new General Data Protection Regulation, which is set to come into force in May 2018.

The seminar is open to security and fire solutions buyers and installers, or indeed anybody from either industry with an interest in improving their business’ cyber security and data protection policies.

Registration for the event will be open from 9.00 am, with presentations starting at 9.45 am and the event expected to finish at around 1.30 pm.

*A full programme and online booking forms for both delegates and exhibitors are available from the BSIA’s website

Leave a comment

Filed under Risk UK News

MLA issues stark security warning to students and landlords ahead of new university term

Students and their landlords are being urged by the Master Locksmiths Association (MLA) to tighten up security procedures in order to avoid becoming victims of crime when university term starts again.

Students are one of the highest ‘at risk’ groups when it comes to crime, and are often targeted for high value laptops, TVs and entertainment equipment which is all-too-frequently left in plain view and unsecured against intruders.

As letting out a house or flat to students is a thriving business, the MLA is urging landlords to make home security a top priority to ensure that tenants, property and possessions are safe.

Students are also being warned to take simple precautions to prevent their possessions and equipment from being stolen when they move into a new property – or return to their old digs – at the end of September.

Dr Steffan George: development director at the MLA

Dr Steffan George: development director at the MLA

The MLA is encouraging youngsters and their parents to question what locking systems are in place, when they were last replaced and how the copying of keys is controlled.

The organisation advises landlords to consult an MLA-approved locksmith, who will be able to carry out a security assessment on property and recommend suitable locks and fittings, as well as providing input from a safety point of view.

Dr Steffan George, development director at the MLA, said: “Whether they’re going to university for the first time or returning to study for another year, students will often find themselves in new accommodation. It’s important that they’re fully aware of security to keep themselves and their possessions safe as students are often regarded as an easy target by thieves.”

George continued: “By taking simple precautions, landlords and students can avoid many of the risks that can lead to crime and taint the student experience. It’s landlords’ duty to act in a responsible manner and they should install quality locks with patented keys which cannot be copied without proof of ownership or restricted keys that cannot be easily copied due to their unique design.”

The MLA has issued the following guidelines to students and landlords:

  • Ensure good quality locks are installed on both the main door and the bedroom door. For convenience, the locks can be configured so that each individual bedroom key also opens the front door
  • Inspect doors and windows to make sure appropriate locks are fitted, in good condition and meet insurance requirements. If unsure, ask a vetted MLA locksmith for advice and a full security assessment
  • Keep valuable items out of sight, away from doors or windows, and remember to lock rooms and the front door when you go out
  • Don’t hide a key under a doormat or flower pot as criminals are aware of this method, particularly in student areas
  • Don’t leave doors open when outside or if friends are going in and out of the property as a thief can take advantage
  • If a room or property is going to be unoccupied for a number of weeks, students should take all valuables with them or make sure they are out of view
  • When entering the property, ensure that nobody ‘tailgates’ you and gains entry
  • Ensure locks are correctly specified regarding egress in homes of multiple occupancy (exit without the use of a key is required in flats, apartments and shared houses with locks on individual bedroom doors)

Leave a comment

Filed under Risk UK News