Tag Archives: cyber security

“Cyber attack fears delaying business innovation” reveals HackerOne survey

A survey conducted by HackerOne has revealed that IT projects are being stifled due to security concerns. More than 80% of UK CISOs and CTOs who were interviewed revealed software IT projects have been hindered due to concerns over inevitable security issues. 90% also agreed that software vulnerabilities pose a significant risk to their organisation.

“Organisations need to find a balance between driving innovation and keeping data safe,” said Laurie Mercer, security engineer at HackerOne. “It’s not surprising that fear around cyber security is hindering this, but by moving beyond traditional cyber security strategies, businesses can start to feel empowered. When I started writing code, new releases of software would take six months to develop and test. Today, new software is released every hour. This new pace of innovation poses a problem for security teams but, by implementing a strategy that supports continuous security, businesses can ensure they’re on alert for any vulnerabilities that software might have. The key is to ensure that security is constantly evolving.”

CISOCIOCyberAttack

Manpower and budgets are also a key concern for security professionals, with 63% believing security team resources are not able to keep up with the pace of development. Lack of budget and other resources including skill sets were also cited as key barriers to creating a well-rounded cyber security strategy by over a third of respondents.

Despite the significant number of concerns around vulnerabilities and limited resources, the survey highlighted that 62% would rather accept the risk of software vulnerabilities than invite unknown hackers to find them, while 63% say they’re only comfortable accepting bug submissions from vetted hackers.

A HackerOne customer and CISO of an international health and beauty retailer said: “I understand first-hand the nature of remaining cautious. As we all know, though, traditional cyber security methods alone are not sufficient. CISOs find themselves in a tricky position, needing to embrace innovation, but while ultimately remaining responsible for cyber security. The security landscape is ever evolving so we need to approach defensive strategies in the same way. By working with ethical hackers, it gives organisations the freedom to work on new projects, spin-up new applications and try different ways of working, while at the same time there’s peace of mind that continuous and ongoing testing is taking place. With ethical hacking, these vulnerabilities can be fixed immediately.”

The research was conducted by Opinion Matters and included input from 200 UK CISOs and CTOs. The findings revealed what CISOs believe to be the biggest risks to businesses, which areas are hindering growth and what kind of technology respondents are likely to implement in order to overcome these challenges.

Leave a comment

Filed under Risk Xtra

Radware reports increase in companies targeted by nation state hackers

Radware, the provider of cyber security and application delivery solutions, has released its 2019-2020 Global Application and Network Security Report. The report finds that more than one-in-four respondents attribute attacks against their organisation to cyber warfare or nation-state activity. In 2018, 19% of organisations believed they were attacked by a nation state. That figure increased to 27% in 2019. At 36%, companies in North America were more likely to report nation state attribution.

“Nation state intrusions are among the most difficult attacks to thwart because the agencies responsible often have significant resources, knowledge of potential zero day exploits and the patience to plan and execute operations,” said Anna Convery-Pelletier, chief marketing officer at Radware. “These attacks can result in the loss of sensitive trade and technological or other data. Security teams may be at a distinct disadvantage.”

These findings come at a time of heightened anxiety for security managers. Organisations are increasingly turning to microservices, server-less architectures and a mix of multiple cloud environments. Two-in-five managers reported using a hybrid environment that included cloud and on-premises Data Centres. Two-in-five said they relied on more than one public cloud environment. However, only 10% of respondents felt that their data was more secure in public cloud environments.

NationStateHackers

As organisations adapt their network infrastructure to enjoy the benefits of these new paradigms (such as microservices and multi-cloud environments), they increase their attack surface and decrease the overall visibility into their traffic.

For example, 22% of respondents don’t even know if they were attacked, 27% of those who were attacked don’t know the hacker’s motivations, 38% are not sure whether an Internet of Things (IoT) botnet hit their networks and 46% are not sure if they suffered an encrypted DDoS attack.

Convery-Pelletier added: “This report finds that security professionals feel as though the battlefield is shifting under their feet. Companies are increasingly adding and relying upon new paradigms, which means the infrastructure is harder to monitor for attacks. These new technologies force a shift in security implementation into the development teams. Security is often an afterthought as businesses march forward, and there’s a misconception that ‘good enough’ is enough.”

In addition, the report also found the following points of note:

The emergence of 5G networks As the push for 5G grows, there exists an important opportunity to build security into networks at its foundations. Despite the increasing buzz around 5G networks, only 26% of carriers responded that they felt well prepared for 5G deployment, while another 32% stated that they were somewhat prepared

Be careful what you wish for in terms of the IoT 5G promises to advance organisations’ implementation of (and the value they derive from) IoT technologies, but that promise comes with a corresponding increase in the attack surface. When it comes to IoT-connected devices, 44% of respondents said malware propagation was their top concern, while lack of visibility followed at 20% and Denial of Service at 20%

Data loss is top concern About 30% of businesses stated that data theft as a result of a breach was their top concern following an attack, which is down from 35% the previous year, followed by service outages at 23%. Meanwhile, 33% said that financial gain is a leading motivation for attacks

Leave a comment

Filed under Risk Xtra

Hanwha Techwin focuses on Top 5 Video Surveillance Trends for 2020

Hanwha Techwin, the supplier of IP and analogue video surveillance solutions, has put forward its Top 5 key trend predictions for the security industry in 2020. These include Artificial Intelligence end-to-end security solutions, cyber security, cloud-based data insights, privacy protection and vertical specialised solutions.

Artificial Intelligence End-to-End Security Solutions

As Artificial Intelligence becomes more broadly adopted across industries, it’s likely to be more widely incorporated in video surveillance in the upcoming year. Edge-based Artificial Intelligence (which filters and processes data locally on a camera) will be more ubiquitous, enabling end-to-end Artificial Intelligence technology.

Today, most security cameras send the data they collect to servers to be analysed. However, with edge-based Artificial Intelligence, the data is first analysed by the camera and subsequently sent to the server. This reduces the burden of transferring and storing large amounts of data to a server, thereby increasing efficiency, saving time and reducing server costs typically required to analyse data.

HanwhaTechwinSurveillanceTrends2020

In 2020, Hanwha Techwin will introduce edge-based Artificial Intelligence cameras, as well as Artificial Intelligence-powered NVRs and VMS so as to bring to market end-to-end (camera to storage server and VMS) Artificial Intelligence security solutions.

Cyber Security

With Internet of Things (IoT) devices becoming ubiquitous, the importance of cyber security has never been more prominent that it is today. Today’s cyber attacks are more intelligent and advanced than ever before, so building cyber-resilient security systems is no longer an option, but an imperative.

Smart Cities, factories, financial institutions and retailers require scaleable video surveillance solutions which are closely interconnected with other devices and networks, making the importance of cyber security paramount.

Strong cyber security has always been Hanwha Techwin’s priority and the company has been refining its technology to suit ince the beginning. The soon-to-be released Wisenet 7, the newest version of Hanwha Techwin’s own System on Chip, has been designed with the strongest cyber security features including a secure booting function and signed firmware for both software and hardware. Validated by the UL Cyber Security Assurance Program certification, Wisenet 7 ensures that end users have access to the industry’s most advanced cyber security features.

Cloud–Based Data Insight

According to IDC, the provider of IT-focused market intelligence, there will be about 175 zettabytes of data in the world by the year 2025, with much of it stored in the cloud and Data Centres around the world. At the same time, video surveillance solutions will go far beyond functioning as a simple monitoring tool to become an indispensable aid to organisations by providing useful insights that improve business operations.

The importance of accessible cloud-based servers that can easily store and analyse the accumulated data will also increase. Going beyond being an efficient storage repository, sophisticated analytics will use cloud processing to analyse the stored data and provide practical and timely insights. 

In 2020, Hanwha Techwin will introduce cloud-based solutions beginning with the Device Health Monitoring Cloud, which will monitor and manage video surveillance devices in real-time. The company will also introduce Retail Insight Cloud which is designed to facilitate store management.

Privacy Protection

Together with cyber security, Hanwha Techwin believes that the protection of personal data should be integral to the business ethics of a video surveillance company. By its very nature, the video data that’s collected for security purposes almost always contains private information. Therefore, protecting surveillance data is imperative.

Around the world, privacy protection laws are being introduced, such as the General Data Protection Regulation (GDPR) in Europe and the Federal Information Security Management Act in the US. The California Consumer Privacy Act is also set to come into effect in January 2020.

These laws will force the video surveillance industry to follow ‘privacy by design’ Best Practice and renew all efforts designed to protect personal data from misuse and abuse. Organisations are increasingly aware of the dangers of private data breaches and they’re becoming more discerning when choosing security products and solutions.

Hanwha Techwin provides a solution with Video Privacy Management technology and has released its Smart Cover of Privacy line-up to comply with the GDPR globally.

Vertical Specialised Solutions

Vertical markets in the security industry are increasingly requiring more specialised devices and solutions that meet unique requirements. With the emergence of the fourth industrial revolution, the presence of smart verticals will be more prominent and video surveillance companies must be ready to provide solutions for Smart Cities, factories, transportation and retail organisations.

SoonHongAhnHanwhaTechwin

Soon Hong Ahn

Hanwha Techwin already provides products for these verticals and plans to expand its line-up of specialised solutions in the very near future to include asset management solutions with IoT technology.

“Advancement in technologies such as Artificial Intelligence, the IoT and the cloud will support new use cases in conjunction with existing devices and solutions to meet customers’ needs in various verticals, expanding the horizon of our industry,” said Hanwha Techwin’s president and CEO Soon Hong Ahn. “However, we must also be mindful of the social and ethical responsibility related to areas such as cyber security and private data protection. Sustained interest and investment in these areas must be regarded as an obligation to make sure our industry continues to thrive in the midst of rapid technological advancements.”

Leave a comment

Filed under Risk Xtra

BlackBerry Cylance outlines cyber security predictions for 2020

Josh Lemos, vice-president of research and intelligence at BlackBerry Cylance, has put forward some predictions on cyber security trends for 2020 that will impact Governments and companies across a variety of industry sectors.

(1) Uncommon attack techniques will emerge in common software

Steganography, the process of hiding files in a different format, will grow in popularity as online blogs make it possible for threat actors to grasp the technique. Recent research at BlackBerry found malicious payloads residing in WAV audio files, which have been used for decades and categorised as benign.

Businesses will begin to recalibrate how legacy software is defined and treated and effectively invest in operational security around them. Companies will look for ways in which to secure less commonly weaponised file formats, like JPEG, PNG and GIF, etc without hindering users as they navigate the modern computing platforms.

BlackBerryCylance2020Predictions

(2) Changing network topologies challenge traditional assumptions and require new security models

Network-based threats that can compromise the availability and integrity of 5G networks will push Governments and enterprises alike to adopt cyber security strategies as they implement the 5G spectrum. As cities, towns and Government agencies continue to overhaul their networks, sophisticated attackers will begin to tap into software vulnerabilities as the expansion of bandwidth that 5G requires inevitably creates a larger attack surface.

Governments and enterprises will need to retool their network, device and application security. We will see many lean towards a zero-trust approach for identity and authorisation on a 5G network.

Threat detection and threat intelligence will need to be driven by Artificial Intelligence and machine learning to keep up.

(3) 2020 will see more cyber-physical convergence

As all sectors increasingly rely on smart technology to operate and function, the gap between the cyber and the physical will officially converge. This is evident given the recent software bug in an Ohio power plant that affected hospitals, police departments, subway systems and more in both the US and Canada.

Attacks on Internet of Things (IoT) devices will have a domino effect and leaders will be challenged to think of unified cyber-physical security in a hybrid threat landscape.

Cyber security will begin to be built into advanced technologies by design to keep pace with the speed of IoT convergence and the vulnerabilities that come with it. 

(4) State and state-sponsored cyber groups alike are the new proxy for international relations

Cyber espionage has been going on since the introduction of the Internet, with Russia, China, Iran and North Korea seen as major players. In 2020, we will see a new set of countries using the same tactics, techniques and procedures as these superpowers operate against rivals both inside and outside of national borders.

Mobile cyber espionage will also become a more common threat vector as mobile users are a significant attack vector for organisations that allow employees to use personal devices on company networks.

We will see threat actors perform cross-platform campaigns that leverage both mobile and traditional desktop malware. Recent research discovered nation state-based mobile cyber espionage activity across ‘The Big 4’, as well as in Vietnam. There’s likely to be more attacks coming in the future. This will create more complexity for Governments and enterprises as they try to attribute these attacks, with more actors and more endpoints in play at a larger scale.

Leave a comment

Filed under Risk Xtra

Synectics to highlight value of ethical surveillance tools at Global MSC Security Conference 2019

This year’s Global MSC Security Conference and Exhibition, which runs at The Bristol Hotel in Bristol on 11-12 November, will see Synectics explain how advanced technologies and evolving features can support those practitioners tasked with ensuring that public surveillance is undertaken legally and ethically.  

Over 150 delegates from the fields of security, law enforcement, Government and academia are due to attend the two-day event, which will focus on the ethical challenges presented by the growing use of CCTV, ANPR, drones, facial recognition and Artificial Intelligence (AI) within the public realm. Risk Xtra is the Official Media Partner.

Speakers include Tony Porter, the UK’s Surveillance Camera Commissioner, who’ll be joined by senior representatives from police forces, Fire and Rescue Services and other organisations focused on public safety, crime prevention and national security.

SynecticsSynergy3

‘Building Ethical Capacity into Surveillance Technology’

Synectics’ Martin Bonfield joins the event line-up. His detailed seminar will highlight how public concerns regarding surveillance ‒ especially those around the use of emerging technologies such as facial recognition and AI ‒ are shown to be greatly reduced if robust and demonstrable safeguards are in operation.

Those attending the session will gain a clear understanding of the tools available to help ensure that any public surveillance data can be captured, managed and shared in accordance with existing and evolving demands. 

The session will look specifically at solutions designed to support users in four key areas: the use of facial recognition, regulatory compliance (with, for example, the General Data Protection Regulation), data protection (cyber security) and evidence management.

Under the spotlight

To showcase emerging capabilities, Synectics will be demonstrating how its Synergy 3 Command and Control platform supports a wide range of safeguarding and compliance mechanisms, including comprehensive digital audit trails, automated workflows aligned to standard operating procedures and time-limited data storage.

The role played by highly secure, cloud-based evidence lockers ‒ which support secure, real-time authorised access to data ‒ will also be discussed, specifically in the context of inter-agency data-sharing.

MartinBonfieldSynectics

Martin Bonfield

Bonfield informed Risk Xtra: “Synectics has been at the forefront of global surveillance solutions for over 30 years. We work closely with customers to tackle the complex issue of ethics surrounding CCTV use, data capture and monitoring, as well as the robust management of digital evidence. I’m looking forward to showing delegates examples of the smart technology available to ensure surveillance operations are effective, secure and compliant with legal and ethical frameworks – today, and years from now.”

As a premium sponsor, Synectics (exhibiting on Stand 15) will be showcasing its leading-edge technologies. Live demonstrations will run throughout the event to demonstrate how the tools explored in the seminar can be applied within a range of practical evidence management and incident response scenarios.

Leave a comment

Filed under Risk Xtra

IDIS Global Partners Summit highlights developments in analytics and end-to-end solutions for strategic markets

The latest advances in video analytics – including improved classification, accuracy and speed – were unveiled at a Global Partners Summit of international security and video surveillance professionals hosted by IDIS in Seoul, South Korea.

The three-day event, attended by senior executives from leading security distributors from 23 countries, focused on how IDIS is responding to market trends and needs, developing end-to-end solutions (including specialist technologies for a range of vertical markets) and pushing forward with improvements to the IDIS Deep Learning Engine, the technology which powers the company’s ‘AI in the Box’ and IDIS Deep Learning Analytics solutions for end users.

Earlier this year, IDLA Version 3.0 was introduced as a service module for up to 80 channels within the IDIS Solution Suite VMS and it set new performance benchmarks by achieving an accuracy of 97%-98% while dramatically reducing false alarms. Responding to customer demand for easier, more affordable analytics for smaller applications, IDIS also launched its aforementioned DV-2116 ‘AI in the Box’ solution.

IDISGPS2019

Delegates learned of future enhancements in meta-data searching by class, colour and number, plus the ability to search a specific area of interest. People counting, fall detection and the ability to search by the direction of an object’s movement were also previewed and delegates received advanced notice of a new range of AI-ready 5 MP cameras, featuring deep learning on-the-edge analytics, due for release next year.

Technology roadmap for 2020

The Global Partners Summit also previewed IDIS’ ambitious video product and technology roadmap for 2020, further building out the company’s end-to-end solutions for core vertical market sectors.

Innovations in recording and camera technology, and the growing importance of cyber security, extended warranties and the advantages of delivering lower total cost of ownership and lower total cost to serve for systems integrators and installers were among key topics discussed at the event.

IDIS works closely with its partners and hosts the annual Global Partners Summit as an opportunity to exchange market insights and steer its strategies for product development, technical support and marketing.

Partners shared Best Practice implementations and related Case Studies in core vertical markets including retail, education, logistics and distribution and hotels.

Awards for Best Practice

Joon Jun, president of the IDIS Global Business Division, recognised outstanding project implementations and presented special awards for Best Practice to Alarm Automatika from Croatia and BTCO of Chile.

IDISGPSAwards

This collaborative approach, focusing on long-term partnerships, is a key element in the company’s success. It’s a customer-focused model that has seen IDIS grow continuously since 1997 to become Korea’s largest in-country video surveillance manufacturer, with regional operations now expanding across 50-plus countries.

Concluding the Global Partners Summit, special partner awards were presented by YD Kim, CEO of IDIS, recognising outstanding collaboration and sales growth over the last year. These were given to Alarm Automatica of Croatia, CCTV Center from Spain, EPCOM of Mexico, JES CQTEC of Thailand and Japan’s Secure Inc.

JoonJunIDIS

Joon Jun

“The expertise, energy and commitment from all our partners at this year’s Global Partners Summit demonstrates yet again that collaboration is that the best route to success,” said Joon Jun. “Together, we’re giving our customers the most advanced video surveillance solutions, ease-of-use and installation, scaleability and protection against today’s cyber security risks.”

Leave a comment

Filed under Risk Xtra

Milestone Systems introduces centralised Search feature in capability enhancement for XProtect

In the latest product update of Milestone XProtect 2019 R3 VMS, Milestone Systems has introduced several new features and capabilities. These include centralised Search, a new driver framework, adaptive streaming and enhanced device password management.

With this product update, Milestone Systems highlights that the business is continuing to pursue ever-higher performing software to fulfil the market’s rising demands for cost-effective video technology solutions.

One of the main features of the 2019 R3 release is Search. This is a new centralised search platform in XProtect Smart Client that makes it possible for end users to search for everything in one place. Previously, end users performed several standalone searches, depending on what data they were searching for. With the new Search tool, users can search for motion, alarms, events, bookmarks and other types of data in one single place enabling rapid and efficient video investigations.

R3 image

Moreover, the new Search platform also smoothly embeds partner integrations and their powerful analytic capabilities via dedicated filtering options. Through specific plug-ins and devices, search criteria such as line-crossing and object-in-field will be enabled directly in the Search Tab, saving time and increasing efficiency.

Milestone Systems provides customers with support for more than 8,000 cameras and devices. In order to allow XProtect device support to grow exponentially with the number of devices in the market, and to provide support for new types of devices such as the Internet of Things, the company has introduced its Driver Framework. Within the Milestone Integration Platform Software Development Kit, this allows device manufacturers to develop their own drivers and provide faster device compatibility and deeper integration that goes beyond the capabilities of ONVIF.

This new feature will enable end users to receive lower resolution streams from the recording server when a high resolution one isn’t required (for example, when displaying video in the smart client or smart wall in window sizes smaller than a full screen). This will give users smoother viewing and a better user experience, a lower total cost of ownership due to less hardware being needed to decode unnecessary high-resolution video and a better use of bandwidth that can then be employed for other requirements within the organisation.

The new Device Password Management continues XProtect’s focus on ease of use and enhanced cyber security during set-up of new installations, as well as when expanding existing ones. This feature makes it possible for system administrators to manage all devices’ passwords directly from the XProtect Management Client for selected device manufacturers.

In the 2019 R3 update, Milestone Systems has doubled the number of supported device manufacturers and added the option to schedule future password changes according to the cadence in given organisations and their password policies, in turn making device password management fully automatic.

Leave a comment

Filed under Risk Xtra