Tag Archives: Data Breaches

70% of financial companies suffer cyber security incident in last 12 months

New research conducted by data security company Clearswift reveals that 70% of financial companies have experienced a cyber security incident in the past year, highlighting the serious threat that both data breaches and malicious attacks pose to the UK’s financial sector.

The research, which surveyed senior business decision-makers within enterprise financial organisations in the UK, found that almost half of the incidents reported over the past 12 months originated from employees failing to follow security protocol or data protection policies. This threat was biggest in mid-sized financial companies (with 3,000-4,999 employees) with 52% of respondents citing employee failure to follow corporate data protection policies as their biggest issue.

In addition to this, it was found that further causes of cyber security incidents within the financial sector included the introduction of malware and viruses via third party devices, including USBs and Bring Your Own Device (32%), file and image downloads (25%) and employees sharing data with unintended recipients (24%).

UKFinanceCyber

“The financial sector is the lynchpin of the UK’s economy and a vital part of our nation’s Critical National Infrastructure, so it’s alarming to see such high numbers of security incidents within financial organisations,” said Dr Guy Bunker, CTO at Clearswift. “Unfortunately, in this day and age it’s a case of ‘when’ not ‘if’ a firm is breached so the financial sector needs to shift gears and speed up the innovation and deployment of effective data protection and threat mitigation strategies.”

The numbers associated with security incidents are in stark contrast with further findings from the survey which revealed less than a quarter (23%) of respondents had an adequate level of budget allocated to cyber security within the firm. Unsurprisingly, 73% of respondents would like to see some – if not a significant – increase in their organisation’s cyber security spending.

Bunker added: “Whether it’s an inadvertent mistake, a malicious insider or an external threat actor that causes a security incident, the ramifications of data loss are extremely serious for any organisation. For those organisations who hold citizen data and their financial information, there’s a need for extra vigilance to protect that data no matter where it’s stored, how it’s processed or what digital collaboration channels it flows through. Understanding the latest threats and the potential consequences from next generation attacks will help drive the business case for investment in new technology to mitigate the risks.”

He continued: “Cyber security needs to rapidly evolve and the budgeting process should take this into account. The threat which can bring down a company may not have existed three months ago. Financial organisations need to be able to respond immediately in order to protect their reputation. While many areas of securing a company’s data can be improved by educating employees and developing clear policies and processes, technology plays a key role in mitigating today’s biggest threats through automating and enforcing security protocols. This requires investment. Great information security is a positive business differentiator and a driver of growth.”

Leave a comment

Filed under Risk Xtra

Shred-it proud to join ranks of UK’s Business Superbrands in 2019

Shred-it, the information security company, has been awarded Business Superbrand status for 2019. Shred-it’s protection solutions and services include secure document destruction, media destruction, branded goods and uniforms destruction as well as recycling services. It helps businesses to comply with legislation and ensures that customer, employee and confidential business information is protected at all times.

The Business Superbrands survey has been tracking the perception of a wide-range of business brands in the UK since 2001. This year’s research process, managed by The Centre for Brand Analysis (TCBA) in partnership with Dynata – one of the world’s leading data research companies – evaluated approximately 1,600 brands across 63 categories and involved 2,500 UK business professionals with an expert council comprising 24 senior business-to-business marketing leaders. Only the most highly-regarded brands from each category are awarded Superbrand status.

Unusually for an industry award, brands do not pay or apply to be considered. In order to provide a broad review of the market and identify the strongest brands in each category, all the key players in each sector need to be voted on. All voters were asked to judge brands against the three core factors inherent in a Superbrand, namely quality, reliability and distinction.

Shred-itBusinessSuperbrands2019

Additionally, brand perception and voting by individuals is also influenced by a range of both short and long-term factors, from the brand’s current profile to its latest marketing activities and new product and service developments, in turn affording an holistic picture of how brands are currently perceived.

Stephen Cheliotis, CEO of TCBA and chairman of Superbrands, commented: “In unsettled times, businesses that are well-regarded and possess a positive reputation benefit from competitive advantage over weaker branded rivals, providing greater immunity against short-term market volatility. Being perceived by buyers and influencers as a leading Business Superbrand is a positive business signal, while also recognition of the hard-work and dedication of the employees of each business attaining Superbrands status.”

Secure document and media destruction

Secure document and media destruction are critical in today’s data-driven environment as security compliance and risk management have become a critical part of the business landscape. This is duly reflected in a worldwide market that’s forecast to grow 8.7% to US$124 billion in 2019 (Source: Gartner Inc.). This is being driven by several factors including a greater and broader understanding of security risks and data breaches, privacy concerns and stricter regulation around data loss prevention as well as the need to view sensitive data and related systems as critical infrastructure.

ShreditTruck

Andrew Johnston, marketing and PR director (EMEA) for Shred-it, stated: “In an increasingly competitive market, Shred-it sought a clear point of differentiation to distinguish its offer. The business identified a number of key insights following research of its worldwide customer base which led to the brand’s positioning around the ‘We protect what matters’ strapline. Shred-it protects people, it protects customers, it protects brands and reputations and it protects the environment. This has enabled the brand to better focus its communications around the core idea of protection – the brand’s ‘red thread’ – which is transferable across markets, sectors and channels.”

The business has a one team, one goal motto with a customer first approach to ensure the safeguarding, understanding and management of confidential information. Shred-it’s values around excellence in service provision, depth of experience and sector knowledge, accountability and integrity, together with sustainability and continuous improvement underpin its market position.

*To learn more about Shred-it visit www.shredit.co.uk/superbrands or watch the video

Leave a comment

Filed under Risk Xtra

KnowBe4 study reveals 92% of organisations’ biggest security concern is end users

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released the results of new research. The company’s report examines over 350 organisations globally and reveals the security weaknesses and concerns within them. On average, 81% of organisations had some degree of concern around security issues.

Cyber crime continues to evolve and become more sophisticated. Artificial Intelligence and machine learning are leveraged by many criminal organisations to help them better understand how to improve their attacks and they’re now targeting specific industry verticals, organisations and even individuals.

Increases in the frequency of ransomware, phishing and crypto-jacking attacks have been experienced by businesses of nearly every size, vertical and location.

KnowBe4

When it comes to attack vectors, data breaches are the primary concern, with credential compromise coming a close second. These two issues go hand-in-hand as the misuse of credentials remains the foremost attack tactic in data breaches. That’s according to Verizon’s 2018 Data Breach Investigations Report.

Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively “old” attack vectors.

Other key findings

*92% of organisations rank end users as their primary security concern. At the same time, security awareness training along with phishing testing tops the list of security initiatives that organisations need to implement

*Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate. In terms of attacks, 95% of those organisations surveyed are most concerned with data breaches

*Ensuring security is in place to meet General Data Protection Regulation (GDPR) requirements is still a challenge for 64% of organisations, despite the GDPR’s fine details having been public knowledge for quite some time

*Attackers’ use of compromised credentials is such a common tactic. 93% of organisations are aware of the problem, but still have lots of work to do to stop it

*When it comes to resources, 75% of organisations don’t have an adequate budget

“2018 was a prolific year for successful cyber attacks, with many of them caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start their defence by establishing a security culture. In order to combat the escalation of social engineering, they absolutely have to ensure that users are trained and tested.”

To read the full report visit www.KnowBe4.com

Leave a comment

Filed under Risk Xtra

95% of UK businesses “still struggling” with mobile working as security of data continues to cause concern

Apricorn – the manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives – has unveiled new research results highlighting that 95% of organisations surveyed in the UK recognise problems with mobile and remote working. Worryingly, nearly one-in-five (18%) suggest that their mobile workers don’t care about security.

All (ie 100%) of those IT decision-makers surveyed noted that they had employees who work remotely at least some of the time, with an average of over one third (37%) of staff members who do so. With an increase in the numbers of people working remotely, this means more data moving beyond the confines of the corporate network. Organisations need to ensure that any data – be it at rest or on the move – remains secure.

While many are taking steps to ensure their data is protected, for instance by implementing security policies for mobile working and Bring Your Own Device, just under half of respondents (44%) still agree that their organisation expects their mobile workers to expose them to the risk of a breach. Roughly one third (32%) say that their organisation has already experienced a data loss or breach as a direct result of mobile working, while 30% of respondents from organisations where the General Data Protection Regulation (GDPR) applies are concerned that mobile working is an area that will most likely cause them to be non-compliant.

MobileWorkingSecurity

53% cited that one of their Top Three biggest problems with remote working is due to the complexity and management of the technology that employees need and use. Over half (54%) say that, while their organisation’s mobile workers are willing to comply with requests relating to security measures, employees lack the necessary skills or technologies required to keep data safe. Nearly one third (29%) take the radical approach of physically blocking all removable media, while a further 22% ask employees not to use removable media (although they have no technology means by which to enforce this).

“The number of organisations blocking removable media has increased compared with responses to the same question in 2017, when 18% said they were physically blocking all removable devices,” said Jon Fielding, managing director for the EMEA at Apricorn. “A unilateral ban isn’t the solution and ignores the problem altogether, while also presenting a barrier to effective working. Instead, businesses should identify corporately approved, hardware-encrypted devices that are only provided to staff with a justified business case for having such. The approved devices should then be white-listed on the IT infrastructure, blocking access to all non-approved media.”

Risk of data breaches

Despite strict security policies, mobile working can still leave organisations wide open to the risk of a data breach. Half (50%) of respondents admitted one of the three biggest problems with mobile working is that they cannot be certain their data is adequately secured. Only around half enforce and are completely confident in their encrypted data in transit (52%), in the cloud (52%) and at rest (51%).

“While the new GDPR legislation requires the ‘Pseudonymisation’ and encryption of personal data, encryption isn’t a new concept, and keeping data secure has always been imperative to any organisation handling sensitive information,” added Fielding.

In conclusion, Fielding stated: “Organisations are simply not following security Best Practice. They need to implement and enforce policies and provide employee training to ensure compliance with the GDPR. Failing to put processes in place is putting confidential data at risk. Organisations now face the prospect of being fined even before a breach has occurred.”

Leave a comment

Filed under Risk Xtra

BSIA issues White Paper on Information Destruction and revised guidance on Lone Working

The British Security Industry Association (BSIA) and its Information Destruction Section has announce the publication of a White Paper designed to be used as a guide for public sector agencies and any organisation wishing to benchmark against that sector and provide the correct protocols in the destruction of sensitive items and materials.

The guide references previously published guidance documents from the Cabinet Office and the Centre for the Protection of National Infrastructure (CPNI) in order to promote the required specifications for data destruction and the importance of secure information destruction.

Entitled Information Destruction in the Public Sector, the document specifies which sensitive materials should be securely destroyed. Furthermore, it defines the varying levels of secure information and documents that should be disposed of in the appropriate manner.

Threat profiles are assessed and analysed in tiers of severity, while the White Paper also affords organisations guidance on specifying the desired outcomes that information destruction should produce.

Adam Chandler, chairman of the BSIA’s Information Destruction Section, has expressed how the White Paper might serve private sector companies and the public sector as a whole.

The security of information is an issue of paramount importance in the 21st Century,” asserted Chandler. “Data breaches can be more than costly. They can ruin a Government’s credibility as well as a private sector company’s reputation. British organisations must fortify their infrastructure by ensuring standards are upheld and that data is adequately disposed of. By adhering to the standards set by the Government and referenced by the BSIA in this White Paper; citizens, employees and civil servants will be better protected.”

*Download the guide in full at: http://www.bsia.co.uk/publications/publications-search-results/257-information-destruction-in-the-public-sector.aspx

BSIA publishes revised lone worker guidance documents

The BSIA has also just published revisions to two of its lone worker guides.

The revisions have been made to Form 144: A Guide to Buying a Lone Worker Service and Form 288: Lone Workers – An Employer’s Guide in order to reflect recent changes in the lone worker services market.

Form 144: A Guide to Buying a Lone Worker Service provides end users with advice on how to go about procuring a lone worker service that will be right for their business and what information needs to be prepared before a potential supplier is approached.

Form 288: Lone Workers – An Employer’s Guide provides employers with essential information about their responsibilities towards their lone workers as well as detail around what they should expect from a lone worker device, its supplier, an Alarm Receiving Centre and the response.

Steve Lampett, technical officer at the BSIA, explained: “The BSIA’s Lone Worker Section decided to update these very useful guides to reflect changes within the lone worker services market. While many of these changes are minor routine amendments, educating the marketplace is a key objective of the Association. On that basis, ensuring industry guidance is up to date is of vital importance.”

Amendments to the guides include the following:

Form 144: A Guide to Buying a Lone Worker Service

  • Reflection of the new requirement placed on the supplier highlighting the need to be flexible in terms of alarm escalation contacts (including at different times of the day/week, escalation and prioritisation processes)
  • Inclusion of a greater emphasis on the supplier to provide ongoing training options for the customer

Form 288: Lone Workers – An Employer’s Guide

  • Changes from BS 8484:2009 to BS 8484:2011
  • Addition of the provision for using the services of BS 8591 Category 2 Alarm Receiving Centres
  • Health and Safety Executive guidance updates
  • Reflecting the name change of the Association of Chief Police Officers by replacing it with the National Police Chiefs’ Council

Craig Swallow, chairman of the BSIA’s dedicated Lone Worker Section, stated: “We wanted to ensure that our guidance remains up to date and continues to be useful for end users to refer to when procuring a lone worker service. The Section therefore felt it necessary to update both Form 144 and Form 288. We expect further changes will need to be made to these forms and other BSIA lone worker publications when the current revision of BS 8484 has been completed in 2016.”

*The updated versions of Form 144 and 288 are available to download free of charge from the BSIA’s website: www.bsia.co.uk

Leave a comment

Filed under Risk UK News

UNION tackles unauthorised key duplication in healthcare facilities thanks to keyULTRA solution

UNION – part of ASSA Abloy Security Solutions (a division of ASSA Abloy UK) – is tackling unauthorised key duplication in healthcare facilities with its keyULTRA master key system. 

Last year alone, NHS departments reported 498 data breaches to the Information Commissioner’s Office, in turn showing how data protection has become an increasing concern within hospitals.

Facilities and security managers in healthcare establishments need to safeguard confidential information and expensive medical equipment. On that basis, managing security and access control requirements are critical.

The keyULTRA master key cylinders possess one of the longest patents in the market, expiring in 2028. DuraPIN technology protects both the key and cylinder assembly from illegal duplication and permits access to authorised personnel only.

This system has successfully been installed in a number of healthcare facilities including Arnold Lodge, a medium secure psychiatric unit in Leicester, and Good Hope Hospital in Birmingham.

Craig Birch, category manager for cylinders at ASSA Abloy UK, said: “Unauthorised copies of keys and an unknown number of keys distributed to people, both within and outside organisations, are common problems for hospitals with large numbers of personnel and a high staff turnover. A copied or a lost key is an immediate security threat that could lead to data breaches and costly civil monetary penalties. Investing in keyULTRA is an effective way of ensuring that no unauthorised keys are cut, meaning that facilities and security managers are fully aware of everyone with access to each area of the building. That helps to eliminate the costly problems that could occur from compromised security.”

keyULTRA boasts enhanced features including the highest key-related security, as per BS EN 1303:2005, along with resistance to bumping, drilling, picking and plug extraction. The solution is also approved for use on FD30 and FD60 fire doors in accordance with BS EN 1634-1.

Featuring self-lubricating materials designed to enhance its resistance to wear and tear, UNION’s keyULTRA is ideal for busy environments and can also help to reduce maintenance costs.

The product has been successfully tested to over half a million cycles to guarantee performance. It employs a strong and durable key, with an easy-to-grip, oversized key bow to facilitate product use.

*For further information on keyULTRA visit: http://www.unionkeyultra.co.uk/

Leave a comment

Filed under Uncategorized