Tag Archives: cyber security

BlackBerry Cylance outlines cyber security predictions for 2020

Josh Lemos, vice-president of research and intelligence at BlackBerry Cylance, has put forward some predictions on cyber security trends for 2020 that will impact Governments and companies across a variety of industry sectors.

(1) Uncommon attack techniques will emerge in common software

Steganography, the process of hiding files in a different format, will grow in popularity as online blogs make it possible for threat actors to grasp the technique. Recent research at BlackBerry found malicious payloads residing in WAV audio files, which have been used for decades and categorised as benign.

Businesses will begin to recalibrate how legacy software is defined and treated and effectively invest in operational security around them. Companies will look for ways in which to secure less commonly weaponised file formats, like JPEG, PNG and GIF, etc without hindering users as they navigate the modern computing platforms.

BlackBerryCylance2020Predictions

(2) Changing network topologies challenge traditional assumptions and require new security models

Network-based threats that can compromise the availability and integrity of 5G networks will push Governments and enterprises alike to adopt cyber security strategies as they implement the 5G spectrum. As cities, towns and Government agencies continue to overhaul their networks, sophisticated attackers will begin to tap into software vulnerabilities as the expansion of bandwidth that 5G requires inevitably creates a larger attack surface.

Governments and enterprises will need to retool their network, device and application security. We will see many lean towards a zero-trust approach for identity and authorisation on a 5G network.

Threat detection and threat intelligence will need to be driven by Artificial Intelligence and machine learning to keep up.

(3) 2020 will see more cyber-physical convergence

As all sectors increasingly rely on smart technology to operate and function, the gap between the cyber and the physical will officially converge. This is evident given the recent software bug in an Ohio power plant that affected hospitals, police departments, subway systems and more in both the US and Canada.

Attacks on Internet of Things (IoT) devices will have a domino effect and leaders will be challenged to think of unified cyber-physical security in a hybrid threat landscape.

Cyber security will begin to be built into advanced technologies by design to keep pace with the speed of IoT convergence and the vulnerabilities that come with it. 

(4) State and state-sponsored cyber groups alike are the new proxy for international relations

Cyber espionage has been going on since the introduction of the Internet, with Russia, China, Iran and North Korea seen as major players. In 2020, we will see a new set of countries using the same tactics, techniques and procedures as these superpowers operate against rivals both inside and outside of national borders.

Mobile cyber espionage will also become a more common threat vector as mobile users are a significant attack vector for organisations that allow employees to use personal devices on company networks.

We will see threat actors perform cross-platform campaigns that leverage both mobile and traditional desktop malware. Recent research discovered nation state-based mobile cyber espionage activity across ‘The Big 4’, as well as in Vietnam. There’s likely to be more attacks coming in the future. This will create more complexity for Governments and enterprises as they try to attribute these attacks, with more actors and more endpoints in play at a larger scale.

Leave a comment

Filed under Risk Xtra

Synectics to highlight value of ethical surveillance tools at Global MSC Security Conference 2019

This year’s Global MSC Security Conference and Exhibition, which runs at The Bristol Hotel in Bristol on 11-12 November, will see Synectics explain how advanced technologies and evolving features can support those practitioners tasked with ensuring that public surveillance is undertaken legally and ethically.  

Over 150 delegates from the fields of security, law enforcement, Government and academia are due to attend the two-day event, which will focus on the ethical challenges presented by the growing use of CCTV, ANPR, drones, facial recognition and Artificial Intelligence (AI) within the public realm. Risk Xtra is the Official Media Partner.

Speakers include Tony Porter, the UK’s Surveillance Camera Commissioner, who’ll be joined by senior representatives from police forces, Fire and Rescue Services and other organisations focused on public safety, crime prevention and national security.

SynecticsSynergy3

‘Building Ethical Capacity into Surveillance Technology’

Synectics’ Martin Bonfield joins the event line-up. His detailed seminar will highlight how public concerns regarding surveillance ‒ especially those around the use of emerging technologies such as facial recognition and AI ‒ are shown to be greatly reduced if robust and demonstrable safeguards are in operation.

Those attending the session will gain a clear understanding of the tools available to help ensure that any public surveillance data can be captured, managed and shared in accordance with existing and evolving demands. 

The session will look specifically at solutions designed to support users in four key areas: the use of facial recognition, regulatory compliance (with, for example, the General Data Protection Regulation), data protection (cyber security) and evidence management.

Under the spotlight

To showcase emerging capabilities, Synectics will be demonstrating how its Synergy 3 Command and Control platform supports a wide range of safeguarding and compliance mechanisms, including comprehensive digital audit trails, automated workflows aligned to standard operating procedures and time-limited data storage.

The role played by highly secure, cloud-based evidence lockers ‒ which support secure, real-time authorised access to data ‒ will also be discussed, specifically in the context of inter-agency data-sharing.

MartinBonfieldSynectics

Martin Bonfield

Bonfield informed Risk Xtra: “Synectics has been at the forefront of global surveillance solutions for over 30 years. We work closely with customers to tackle the complex issue of ethics surrounding CCTV use, data capture and monitoring, as well as the robust management of digital evidence. I’m looking forward to showing delegates examples of the smart technology available to ensure surveillance operations are effective, secure and compliant with legal and ethical frameworks – today, and years from now.”

As a premium sponsor, Synectics (exhibiting on Stand 15) will be showcasing its leading-edge technologies. Live demonstrations will run throughout the event to demonstrate how the tools explored in the seminar can be applied within a range of practical evidence management and incident response scenarios.

Leave a comment

Filed under Risk Xtra

IDIS Global Partners Summit highlights developments in analytics and end-to-end solutions for strategic markets

The latest advances in video analytics – including improved classification, accuracy and speed – were unveiled at a Global Partners Summit of international security and video surveillance professionals hosted by IDIS in Seoul, South Korea.

The three-day event, attended by senior executives from leading security distributors from 23 countries, focused on how IDIS is responding to market trends and needs, developing end-to-end solutions (including specialist technologies for a range of vertical markets) and pushing forward with improvements to the IDIS Deep Learning Engine, the technology which powers the company’s ‘AI in the Box’ and IDIS Deep Learning Analytics solutions for end users.

Earlier this year, IDLA Version 3.0 was introduced as a service module for up to 80 channels within the IDIS Solution Suite VMS and it set new performance benchmarks by achieving an accuracy of 97%-98% while dramatically reducing false alarms. Responding to customer demand for easier, more affordable analytics for smaller applications, IDIS also launched its aforementioned DV-2116 ‘AI in the Box’ solution.

IDISGPS2019

Delegates learned of future enhancements in meta-data searching by class, colour and number, plus the ability to search a specific area of interest. People counting, fall detection and the ability to search by the direction of an object’s movement were also previewed and delegates received advanced notice of a new range of AI-ready 5 MP cameras, featuring deep learning on-the-edge analytics, due for release next year.

Technology roadmap for 2020

The Global Partners Summit also previewed IDIS’ ambitious video product and technology roadmap for 2020, further building out the company’s end-to-end solutions for core vertical market sectors.

Innovations in recording and camera technology, and the growing importance of cyber security, extended warranties and the advantages of delivering lower total cost of ownership and lower total cost to serve for systems integrators and installers were among key topics discussed at the event.

IDIS works closely with its partners and hosts the annual Global Partners Summit as an opportunity to exchange market insights and steer its strategies for product development, technical support and marketing.

Partners shared Best Practice implementations and related Case Studies in core vertical markets including retail, education, logistics and distribution and hotels.

Awards for Best Practice

Joon Jun, president of the IDIS Global Business Division, recognised outstanding project implementations and presented special awards for Best Practice to Alarm Automatika from Croatia and BTCO of Chile.

IDISGPSAwards

This collaborative approach, focusing on long-term partnerships, is a key element in the company’s success. It’s a customer-focused model that has seen IDIS grow continuously since 1997 to become Korea’s largest in-country video surveillance manufacturer, with regional operations now expanding across 50-plus countries.

Concluding the Global Partners Summit, special partner awards were presented by YD Kim, CEO of IDIS, recognising outstanding collaboration and sales growth over the last year. These were given to Alarm Automatica of Croatia, CCTV Center from Spain, EPCOM of Mexico, JES CQTEC of Thailand and Japan’s Secure Inc.

JoonJunIDIS

Joon Jun

“The expertise, energy and commitment from all our partners at this year’s Global Partners Summit demonstrates yet again that collaboration is that the best route to success,” said Joon Jun. “Together, we’re giving our customers the most advanced video surveillance solutions, ease-of-use and installation, scaleability and protection against today’s cyber security risks.”

Leave a comment

Filed under Risk Xtra

Milestone Systems introduces centralised Search feature in capability enhancement for XProtect

In the latest product update of Milestone XProtect 2019 R3 VMS, Milestone Systems has introduced several new features and capabilities. These include centralised Search, a new driver framework, adaptive streaming and enhanced device password management.

With this product update, Milestone Systems highlights that the business is continuing to pursue ever-higher performing software to fulfil the market’s rising demands for cost-effective video technology solutions.

One of the main features of the 2019 R3 release is Search. This is a new centralised search platform in XProtect Smart Client that makes it possible for end users to search for everything in one place. Previously, end users performed several standalone searches, depending on what data they were searching for. With the new Search tool, users can search for motion, alarms, events, bookmarks and other types of data in one single place enabling rapid and efficient video investigations.

R3 image

Moreover, the new Search platform also smoothly embeds partner integrations and their powerful analytic capabilities via dedicated filtering options. Through specific plug-ins and devices, search criteria such as line-crossing and object-in-field will be enabled directly in the Search Tab, saving time and increasing efficiency.

Milestone Systems provides customers with support for more than 8,000 cameras and devices. In order to allow XProtect device support to grow exponentially with the number of devices in the market, and to provide support for new types of devices such as the Internet of Things, the company has introduced its Driver Framework. Within the Milestone Integration Platform Software Development Kit, this allows device manufacturers to develop their own drivers and provide faster device compatibility and deeper integration that goes beyond the capabilities of ONVIF.

This new feature will enable end users to receive lower resolution streams from the recording server when a high resolution one isn’t required (for example, when displaying video in the smart client or smart wall in window sizes smaller than a full screen). This will give users smoother viewing and a better user experience, a lower total cost of ownership due to less hardware being needed to decode unnecessary high-resolution video and a better use of bandwidth that can then be employed for other requirements within the organisation.

The new Device Password Management continues XProtect’s focus on ease of use and enhanced cyber security during set-up of new installations, as well as when expanding existing ones. This feature makes it possible for system administrators to manage all devices’ passwords directly from the XProtect Management Client for selected device manufacturers.

In the 2019 R3 update, Milestone Systems has doubled the number of supported device manufacturers and added the option to schedule future password changes according to the cadence in given organisations and their password policies, in turn making device password management fully automatic.

Leave a comment

Filed under Risk Xtra

iProov Study: UK public “overwhelmingly unaware” of deepfake threat

A nationwide study conducted by biometric facial authentication specialist iProov has revealed a sheer lack of awareness and education around deepfake technology among the UK public, with almost three-quarters (72%) of respondents saying they’ve never even heard of a deepfake video.  

Deepfake is a technique for human image synthesis based on Artificial Intelligence. It’s used to combine and superimpose existing images and videos on to source images or videos using a machine learning technique known as generative adversarial network. Due to these capabilities, deepfakes have been used to create fake videos. Deepfakes can also be used to create fake news and malicious hoaxes.

The research polled 2,000 respondents across the UK to reveal their attitudes towards (and understanding of) deepfake technology. The results highlight a need for awareness and education on the impact of deepfakes which, if not addressed, will have huge implications on personal and professional security.

Commenting on the findings, Andrew Bud (founder and CEO at iProov) said: “Awareness is the first defence against any cyber security threat, as we’ve already seen with attacks like phishing and ransomware. Deepfakes, however, represent a whole new kind of danger to businesses and individuals. Technology also has a big role to play in combating the threat, yet if the vast majority of people in the UK have such little awareness of deepfakes right now, they simply cannot begin to prepare themselves as they need to.”

Deepfake

Underlying societal threat 

Until recently, deepfakes were a nascent concept. Today, the technology behind deepfakes is threatening to undermine the notion of trust in moving images and is becoming increasingly accessible – be it through the creation of fake news or spoofing the identity checks required to log into a bank account.

However, the research has revealed members of the public to be largely unaware of the threats. Even once respondents were provided with the definition of a deepfake video, almost a third (28%) said they believed them to be completely harmless. More than two-thirds of respondents (70%) confessed they didn’t believe they would be able to tell the difference between a deepfake and a real video.

Detecting fraudulent identities

Interestingly, once those surveyed were provided with a definition of a deepfake video, they began to recognise the technology’s mounting threat. In fact, just under two-thirds (65%) of people said that their newfound knowledge of the existence of deepfakes undermined their trust in the Internet.

Notably, consumers went on to cite identity theft as the biggest concern (42%) for how they believed deepfake technology could be misused. Almost three-quarters (72%) of respondents also said they would be far more likely to use an online service with preventative measures in place to mitigate the use of deepfakes.

Despite the security implications of the specific concerns raised surrounding identity theft, more than half of all respondents (55%) surprisingly called out social networks as the party most responsible for dealing with deepfake synthetic videos.

Bud added: “Taking the fight to this new wave of fraud means that security measures in this new post-truth era simply have to be as creative, sophisticated and fast-moving as the fraudsters. While the adoption of biometric technology to crack down on deepfakes is growing among financial institutions, Governments and large-scale enterprises, the challenge ahead lies in the effective detection of a genuine human presence. It’s a challenge that should not be underestimated.”

Leave a comment

Filed under Risk Xtra

Enterprise Management Associates research confirms importance of packet capture for cyber defence

One of the significant findings from Enterprise Management Associates’ (EMA) recent report entitled ‘Unlocking High Fidelity Security 2019’ is that organisations using full packet capture are better prepared to battle cyber threats. The report highlights that the visibility and accuracy of packet capture data provides the best source of certainty for threat detection, and also notes that the adoption of full packet capture has accelerated over the past 12 months.

The document concludes: “…it’s clear that those using packet capture as part of their normal tool set…were more confident in the telemetry they received about their environments. They had shorter breach detection and response time and they had more confidence in their workflows and processes,” and “…this creates a very strong story for the use of packet capture as one of the staples in the security program.”

PacketCapture

Other key findings in the report include the following:

*Respondents from enterprises using packet capture rated themselves “wholly comfortable with the current cyber security risk level” in their organisation – nearly one-third more often than those using flows, and 14% more often than those using endpoint or network, app and systems logs

*Respondents using packet capture had the highest confidence that they were detecting viable threats at the reconnaissance stage when evaluating the ability to detect attacks against Lockheed Martin’s Kill Chain model. The report adds: “This is the first stage and least costly when the attack is stopped at that point.”

*Nearly two-thirds (60%) of respondents reported that network data is more valuable for early breach detection than endpoint data (40%)

*Respondents deploying packet capture rated themselves “outstanding” in preventing and quantifying breach scope far more than those using other telemetry methods

“The research in EMA’s report confirms that organisations not only see the value of packet data as a definitive source of evidence, but are more confident when using packet capture to detect, prevent, analyse and respond to data breaches,” said Stuart Wilson, Endace’s CEO. “These findings reflect what we see in the market. Enterprises are increasingly recognising the vital importance of full packet capture in enabling them to correlate security telemetry, keep their networks secure and improve productivity. Packets provide certainty about what’s actually happening on the network, and that enables organisations to respond confidently to threats.”

A summarised report focusing on packet capture is available for download at (https://www.endace.com/esearch-reports/ema-2019-research-report-download.pdf). The full report can be found at: https://www.enterprisemanagement.com/research/asset.php/3773/Unlocking-High-Fidelity-Security-2019

Leave a comment

Filed under Risk Xtra

All MOBOTIX IoT camera solutions integrated in Gentec’s cloud-based Stratocast VMS

MOBOTIX has taken another step towards integrating its technology within partner systems with the news that, after extensive development processes and testing procedures, all MOBOTIX Internet of Things (IoT) camera solutions have now been integrated in Gentec’s cloud-based Stratocast video management system (VMS).

VMS specialist Genetec has been one of MOBOTIX’s most important technology partners for many years now. “The integration of our camera systems in Stratocast, whose high level of cyber security is put to the test in annual stress tests and evaluations, is another milestone in the long-term co-operative relationship that exists between MOBOTIX and Genetec,” explained Hartmut Sprave, CTO at MOBOTIX.

Thomas Dieregsweiler, head of product management for MOBOTIX, added: “When we make our technology available and integrate it with other solutions, it’s paramount to us that we don’t compromise on the cyber security of our systems. Genetec and MOBOTIX speak the same language. We’re one of the world’s first camera manufacturers to successfully integrate with the Stratocast solution.”

The cloud-based Stratocast is designed for SMEs. When using Stratocast, end customers can always rest assured that their company is protected and that seamless operation is ensured. Using a PC, laptop, tablet or smart phone, Stratocast guarantees access to live videos and video recordings that are stored ‘cyber-safe’ in the cloud.

MOBOTIXGenetecIntegration

The end user themselves requires only basic computer expertise, as no computer infrastructure such as additional servers have to be installed. No maintenance or updates will be required. This makes solutions affordable and very transparent for the end user. They only pay by usage.

Stratocast allows the end user to circumvent typical server-based problems such as additional IT infrastructure or employees, lack of storage space, loss of records and unscaleable prices or functionalities.

The scope of functions provided can also be extended by using the Genetec Security Center for central monitoring. This means the cloud-based network can grow and develop according to the end user’s needs.

Successful co-operation

As is the case for MOBOTIX, cyber security and data protection are the highest priority for Genetec. For example, all communication between the on-site system and the cloud is fully-encrypted with Transport Layer Security. Genetec guarantees 99.5% availability (availability and access to video). All data is backed up three-fold in the cloud.

Genetec works exclusively with hardware and software partners who meet the highest quality standards for cyber security and data protection.

“We have integrated our technology into Stratocast’s technology over the last six months,” explained Thomas Lausten, CEO of MOBOTIX. “All test series were completed successfully. The quality of our video solutions combined with a keen focus on cyber security and our global sales network is how we became one of the first camera manufacturers to integrate our technology in the cloud-based Stratocast . It proves once again that the decentralised intelligence of our camera systems makes MOBOTIX one of the most important players on the global market.”

*For further information visit https://www.mobotix.com/en/mobotix-genetec-stratocast

Leave a comment

Filed under Risk Xtra