Tag Archives: cyber security

ONVIF joins IoT Panel discussion at TechSec Solutions 2017

ONVIF, the global standardisation initiative for IP-based physical security products, has announced that it will be presenting at TechSec Solutions 2017 (which runs on 27-28 February at the Delray Beach Marriott Hotel in Palm Beach County, Florida) as part of a Panel discussion on standards, Best Practice, cyber security and the Internet of Things.

Jonathan Lewit, chair of the ONVIF Communication Committee, will be speaking on behalf of ONVIF and is be one of four panellists discussing ‘The Future of IoT: Taming Security’s Wild West’. Other speakers include Neil Lakomiak of Underwriters’ Laboratories, Mitchell Klein of the Z-Wave Alliance and Jim Coleman of Operational Security Systems. The discussion is to be moderated by Paul Ragusa, Editor of Security Systems News.

“Standards are an essential part of the conversation when considering any scenario in which disparate elements must work together to provide actionable intelligence or automation, which the Internet of Things often seeks to do,” said Per Björkdahl, chairman of the ONVIF Steering Committee. “Jonathan will bring an ONVIF perspective to the debate, shedding light on how standardisation and ONVIF specifications can build vital bridges between clients and devices and, indeed, between IP-based systems.”

onviflogo

Lewit, who also serves as director of technology leadership for Pelco by Schneider-Electric, will touch on the array of connected devices and open platforms in the market that use common communication protocols to work together, including smart homes, buildings and cities.

The speakers will examine how standards, the establishment of Best Practice, interoperability, cyber security and other trends are helping to shape the future of the physical security industry.

Lewit will be speaking on Monday 27 February at 9.30 am. For more information visit: www.tecsechsolutions.com

 

Leave a comment

Filed under Risk UK News, Uncategorized

ECA/SELECT Survey finds buildings at heightened risk from cyber attack

The use of cyber attacks is becoming more prevalent as an effective tool to disrupt both business and politics. As a result of this, within industry it’s vital that steps are taken to protect buildings and infrastructure against potential threats.

To find out the current state of play, the Electrical Contractors’ Association (ECA) and Scottish Trade Association SELECT surveyed a range of clients in November and December last year on their approach to cyber security.

The feedback received from the ‘Connected Technology Survey for Clients’ emanated from a range of respondents, including consultants, engineers, end clients, local authorities and facilities managers.

ecacybersurvey

The results show that almost four-in-ten clients (39%) don’t take any steps to protect smart installations in buildings from cyber threats. A further 49% cited the risk of hacking as a barrier to installing connected technology.

Steve Martin, head of specialist groups at the ECA, commented: “Given that ‘connected technology’ covers any technology, such as lighting or HVAC installations, this enables devices to communicate with each other over the Internet and undertake tasks. The risks from hacking are substantial.”

Currently, only 20% of the UK’s commercial buildings are considered to be ‘smart’. However, over the next four years, the global ‘Internet of Things’ market is expected to be worth over £1 trillion annually. “If we’re to keep pace with developments,” concluded Martin, “the issue of cyber security needs to be addressed as a matter of urgency.”

Leave a comment

Filed under Risk UK News, Uncategorized

James Morris MP visits Advent IM to discuss EU’s GDPR and ‘The Future of Cyber Security in the Boardroom’

On Friday 20 January, Advent IM – the holistic security consultancy – played host to a visit from James Morris MP at its Birmingham headquarters.

2018 will see the adoption of the European Union’s General Data Protection Regulation (GDPR) in the UK. Given the GDPR’s increased accountability and level of financial penalty for failure, the implications for UK businesses are clear.

Advent IM has long felt that good data protection and security hygiene starts at the top of an organisation and needs to be handled strategically.

mikegillespieadventimweb

Advent IM’s Mike Gillespie

James Morris MP visited Advent IM’s offices and Training Centre in Halesowen to discuss the GDPR and Advent IM’s new training course for senior Board members and business leaders. The training is designed specifically for director-level individuals with little or no cyber security background. The course is to be delivered by director and cyber security expert, Mike Gillespie.

Having an insight into the convoluted world of cyber security, in addition to a firm grasp of the challenges it presents to senior Board members, Gillespie plans to bring the strategic skills of business leaders to bear on high quality cyber security planning and data protection practices in order to “raise the UK’s game” from the top down.

“James Morris has always taken a keen interest in cyber security and digital development in business and recognises the need for the UK to ensure its security posture is robust,” asserted Gillespie. “With the interconnected nature of business and the digital life of commerce, small and local businesses can be holding extremely valuable information assets. They need adequate protection through their lifecycle.”

Leave a comment

Filed under Risk UK News, Uncategorized

Unwitting cyber scammers cold call industry expert at C3IA Solutions

Would-be cyber scammers made a megabyte blunder when they cold-called Matt Horan of C3IA Solutions: Horan is one of the country’s top cyber security experts. Realising the crooks were trying to take control of his computer, Horan put the call on speaker phone and asked a colleague to record it, with hilarious consequences.

After stringing out the conversation for 35 minutes – during which time he was passed to more senior ‘helpers’ as he posed as an ignorant computer user – Horan then informed the caller that he had no Internet connection.

This prompted the fraudster to use an expletive before hanging up in anger. An edited video of the call has been amusing people across social media.

Horan is keen that the video is used to help people avoid falling for cyber scams. He told Risk UK: “One of the weakest parts of any business’ cyber security is the staff. They do nothing malicious, but can easily assist fraudsters. Along with ‘phishing’ e-mails, this type of phone scam is common and can cause huge amounts of damage.”

Matt Horan, director of C3IA Solutions

Matt Horan of C3IA Solutions

Horan continued: “The caller purports to be from Microsoft or a similar outfit and informs the person who answered the call that there’s a problem with their computer. They then instruct that person to look at the computer’s ‘systems and events logs’, which is simply a log of every action taken. They tell them that this is evidence of ongoing malicious attacks. After that, they try and entice them to log into TeamViewer or something similar which means they then can gain remote access and control of the target computer.”

In addition, Horan stated: “They then have all the information on a computer or network and can infect the system, read e-mails, steal passwords or encrypt the stored data. They can basically do anything they want. Obviously, this can cause massive harm to a business and may well lead to data loss, the theft of funds and the stealing of intelligence as well as cause acute embarrassment.”

C3IA Solutions trains staff at businesses to be ‘cyber-savvy’ and always to hang up on calls like this. If staff are in doubt they should contact their IT support.

“Firms such as Microsoft don’t make calls like the one I took, but they seem authentic,” explained Horan. “Often, the scammers work in pairs so the initial caller can pass over the call to a ‘senior supervisor’, as they tried with me. This gives an added authenticity. Caution should be the watchword when taking calls like this one.”

*The video can be viewed on YouTube: https://youtu.be/ncIehp0fBT8

Based in Poole, Dorset, C3IA Solutions is one of fewer than 20 companies certified by the Government’s National Cyber Security Centre. In addition to its work with Government agencies including GCHQ, the company operates a commercial section that works with businesses, assisting them with their cyber security.

C3IA (a military term) Solutions was set up in 2006 by Horan and Keith Parsons. It has 84 personnel on contract of whom 33 are employees and 51 are associates. The business operates in the defence and security sectors serving both SMEs and multi-national firms.

C3IA is a leading provider of secure ICT, technical programme management and information security services and solutions.

The company takes its Corporate Social Responsibility seriously, supporting serving and past members of the Armed Services. Indeed, the business sponsors those engaged in personal and team development through arduous sporting and other challenges.

Leave a comment

Filed under Risk UK News, Uncategorized

Advent IM outlines detail for ‘Cyber for the C-Suite’ Breakfast Seminar

A breakfast seminar created exclusively for business leaders and senior Board members seeking guidance on the present cyber security threat is to be run by security consultancy Advent IM at the company’s Training Centre near the M5, Birmingham on 7 December.

With many years’ experience in senior level consulting, training and mentoring, the seminar will be delivered by Advent IM’s managing director Mike Gillespie, who’s also director of cyber strategy and research for The Security Institute. As a director, Gillespie understands the place of senior leadership in cyber resilience and risk management.

The seminar is designed to promote and enhance understanding of the organisational threats that Boardrooms need to factor into resilience strategies. Attendees will also have first access to places on the forthcoming training course, again exclusively for senior leaders and the C-Suite, which will start in March 2017.

cybersecuritychallengeuk

Gillespie informed Risk UK: “The cyber threat landscape is high on the agenda of all Boardrooms. Many businesses have felt the impact of cyber attack, either directly or through supply chain partners. No size of business is immune and no kind of service spared the attackers’ attentions, with even hospitals being struck by ransomware.”

He added: “Recent research suggests that 82% of businesses say security is a CEO or Board-level concern, with two-thirds suggesting that they’re increasing cyber security spend. The additional spend is great, but without leadership and solid strategy it may not achieve anything near its potential, and cyber risk may not be reduced. We absolutely have to make sure Boardrooms are well briefed and understand how to go about effective cyber risk management.”

*Details of the seminar and how to book can be found at: http://www.advent-im.co.uk/breakfast-seminar-7th-december-cyber-security-awareness-for-business-leaders/. Alternatively, telephone 0121 559 6699 or 0207 100 1124 or send an e-mail to: bestpractice@advent-im.co.uk

Leave a comment

Filed under Risk UK News, Uncategorized

ONVIF chairman to deliver presentation as part of IoT and standards-focused Memoori webinar

ONVIF, the leading global standardisation initiative for IP-based physical security products, is pleased to announce that Per Björkdahl, chairman of its Steering Committee, will be the featured presenter in the webinar Physical Security, IoT and Open Standards, which runs on 17 August at 4.00 pm BST. The webinar is hosted by Memoori, an independent market research company that studies the physical security, smart buildings and energy management markets.

The webinar will examine how the Internet of Things and cloud computing have already shaped the physical security industry, and will also cover the development of ONVIF’s profiles.

Cyber security from a physical security standards viewpoint will be considered, focusing on how open standards can help secure sensitive communications between devices. ONVIF’s cyber security strategies and future profile developments will also be discussed, and there’ll be a brief interactive Q&A session to close the hour-long presentation.

The Internet of things market connected smart devices tag cloud

“This webinar is for end users, integrators and anyone else who’s interested in how ONVIF can be a valuable tool in IoT and other deployments that require secure communications between multiple devices and clients,” explained Björkdahl.

*To register for the ONVIF webinar visit Memoori’s website. This free, live webinar is sponsored by Tridium

**Further information is also available on ONVIF’s website: www.onvif.org

ONVIF releases Profile Q for advanced security

ONVIF has just released Profile Q, the specification that features quick and easy discovery, set-up and configuration of conformant devices as well as advanced security features.

Profile Q offers out-of-the-box functionality for systems integrators and end users with an easy set-up mechanism and basic device level configuration, streamlining the set-up and connection of systems and devices.

Profile Q also supports Transport Layer Security (TLS), a secure communication protocol that allows ONVIF devices themselves to communicate with clients across a network in a way that protects against tampering and eavesdropping.

Until now, Profile Q has been in release candidate status in order to provide industry review and feedback prior to the final release.

“With the final release of Profile Q, integrators and end users can expect out-of-the-box interoperability between ONVIF conformant cameras and video management systems,” said Steven Dillingham, chairman of ONVIF’s Profile Q Working Group.

“Our development of this Profile is an indication of ONVIF’s response to the market’s request for a more streamlined set-up and deployment process.”

Leave a comment

Filed under Risk UK News, Uncategorized

“Faster response times needed to combat cyber threat” finds BCI survey

Two thirds of respondents to a global survey carried out by the Business Continuity Institute report that they had experienced at least one cyber incident during the previous twelve months, while 15% stated they had experienced at least ten incidents during the same period.

The frequency of these cyber incidents demonstrates exactly why it’s so important for organisations to have plans in place to mitigate them or otherwise lessen their impact.

The Cyber Resilience Report, conducted by the BCI and sponsored by Crises Control, found that there was a wide range of response times for cyber incidents. Almost a third of organisations (31%) stated that they responded within one hour. However, one fifth (19%) take a worrying four hours or more in responding to a cyber event, while almost half (44%) take more than two hours to respond. This has clear implications for the time taken to return to business as usual, and the ultimate cost of the incident to the host organisation.

IntelligenceLedSecurity2

Even if businesses wish to respond immediately to a cyber attack, the nature of the attack may render them unable to do so. The research finds that phishing and social engineering are the top causes of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months and 37% attacked by way of spear phishing.

The BCI has discovered that 45% of companies were hit by a malware attack and 24% by a Distributed Denial of Service episode. All these forms of attack will, in different ways, render an organisation’s own network either contaminated or inoperable. Their website may have been taken down and they may well have to switch off their Internet connection until they can secure themselves from further attack.

A detailed study of 369 business continuity and resilience professionals from across the world, the research also reveals that the costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

David James-Brown FBCI, chairman of the BCI, commented: “This piece of research is one of the most timely, insightful and relevant the BCI has ever produced. Cyber attacks tend to target the weakest links of an organisation. That calls for a greater awareness of cyber crime. As the cyber threat evolves, it’s crucial to stay on top of it, building long-term initiatives and regularly updating recovery plans.”

Rickie Sehgal, chairman of Crises Control, added: “Rapid communication with employees, customers and suppliers is vital for any company in terms of responding effectively to a major business disruption event such as a cyber attack. When your business is at risk, even a one-hour delay in responding to an incident can be too long. Taking more than two hours to respond, as almost half of companies appear to do, is simply unacceptable.”

Leave a comment

Filed under Risk UK News, Uncategorized