Facial recognition “to open new avenues for smart cities” in 2022

In 2022 and beyond, facial recognition technology will play a key role in the future of global urban development and assist in improving the experience of smart citizens. From personal convenience through to enhanced public safety, the range of applications is wide-ranging. That’s the firm belief of facial recognition technology solutions provider Corsight AI.

Using their face as their credit card, members of the public will no longer have to leverage cash for payments or worry about a stolen/lost wallet. A secure biometric system – such as that being pioneered by Amazon Go stores – makes paying for goods or services effortless.  

In terms of security and access, workplaces are beginning to understand the value of the technology as it can enable the seamless flow of people and facilitate the protection of sensitive locations by restricting access to approved visitors only. Spaces such as building sites, maternity wards and Critical National Infrastructure locations can all benefit from this software.

Facial recognition can also be used in smart cities to help identify those at risk. In the case of searching for a missing child or an Alzheimer’s patient, facial recognition technology can significantly speed up the process.

There’s a particular concern right now about the safety of public streets, especially so for women. Facial recognition technology can prove useful for recognising unusual behaviour and identifying and tracking known offenders throughout the city environment. 

Higher standards in 2022

As is the case with any technology, there are potential risks to using facial recognition, such as threats to privacy, violations of rights and potential data theft. These concerns are of significant importance and have even forced the hand of some public and private organisations to limit the use of the technology. This calls for thoughtful Government regulation moving forward and heightened responsibility for facial recognition technology vendors and operators to comply with the rules.

Currently, documents such as the General Data Protection Regulation (GDPR) are in place to set industry standards and provide ways for individuals to protect their personal data – and, by extension, their privacy and other Human Rights – which we’re seeing enforced. 

Although the industry continues to demand greater certainty from lawmakers, it’s evident that Best Practice is emerging from the application of the GDPR and its core principles. The use of Privacy Management Programmes and Data Protection Impact Assessments demonstrates the willingness to protect the data rights of citizens and maintain trust and confidence across our communities. A combination of these policies and their application will continue to ensure facial recognition technology can be used as a force for good. 

Cyber security

As data processing becomes more central to operations in 2022, organisations will need to be more responsive to the evolving cyber threat landscape. For facial recognition technology end users, in particular, securing biometric data will remain a top priority this year.

Cyber criminals are becoming increasingly sophisticated in their methods, and will now typically seek the most sensitive data to hold at ransom. Vendors must therefore implement the most stringent security measures to protect sensitive data and ensure end users are working hard to stay on top of the threat.

Customers will also demand more transparency from organisations about how they’re using their biometric data and how it’s being stored and protected. To garner trust, users of facial recognition technology must be more explicit in its use and set clear measures on individual privacy and data protection.

In 2022 and beyond, Corsight AI expects to see further commitment from policymakers and industry to develop even higher standards that attain levels not seen before. The move towards ‘Trustworthy Artificial Intelligence’, greater regulation and a genuine commitment to Human Rights will support the development of this software such that it can be used as a force for good.

Milestone XProtect VMS update “takes security to next level” with Microsoft encryption

Protecting sensitive data in surveillance systems is key to maintaining video authenticity, personal privacy and adequate cyber security measures. XProtect 2020 R3 from Milestone includes a level of encryption from Microsoft called Cryptography New Generation that adheres to “the highest levels of cyber security and data protection” available on the market today.

XProtect’s new encryption modules include stronger data protection, increased cyber security, evidence authenticity and password-protected configuration. Embedding this encryption also means that XProtect can now be configured to operate in a Federal Information Processing Standards (FIPS) 140-2 compliant mode. FIPS is a US Government computer security standard used in all software solutions deployed in US federal agencies and regulated industries such as healthcare and finance.

Security system operators are the eyes and ears of their organisation. When an incident occurs, they’re expected to provide video evidence immediately. This can sometimes be a challenging task, especially so for installations with thousands of cameras recording 24/7.

XProtect 2020 R3 offers a new multi-category search function that makes finding the specific video evidence easier and faster than ever. Multi-category search allows the operator to combine and search across multiple categories such as people, vehicles and location as well as any search agents developed and integrated into XProtect by third party technology partners.

By way of example, operators can narrow their investigation to only contain video sequences that include blue vehicles and males and exclude those that only meet one of them.

Expanded support for 360-degree cameras

XProtect 2020 R3 also offers expanded support for any 360-degree camera that delivers a complete fish-eye view. Most customers will experience significant installation and camera cost reductions and increased situational awareness when deploying these camera types compared to standard surveillance cameras.

The 2020 R3 release contains many more new and improved features and capabilities such as improved video rendering performance in the XProtect Smart Client, adaptive streaming for XProtect Mobile and direct streaming improvements in XProtect Web Client. On the cameras and devices side, XProtect 2020 R3 includes improvements such as increased security without compromising ease-of-use, more freedom to build installations that suit customers’ needs and new Device Packs.

HID Global “brings trust” to online and mobile banking in face of cyber threat

As consumers embrace the convenience of online and mobile banking at both traditional and the latest all-digital financial institutions, it has become an increasingly difficult challenge to combat cyber security threats while complying with regulatory data protection mandates. Trusted identity solutions specialist HID Global has solved those challenges for several banks as part of their digital transformation initiatives.

“Our solutions protect data and transactions while delivering a seamless experience for the consumer as well as maximum flexibility for banks,” explained Brad Jarvis, vice-president and managing director of identity and access management solutions at HID Global. “This includes the option of cloud-based authentication services that remove the complexity of providing multifactor authentication to a growing and diverse user population, while also offering the convenience and efficiency of centralised regulatory compliance audits.”

Challenging issues

As a business, HID Global is helping to address some of the most challenging of mobile banking issues. For example, a retail bank in Egypt has improved compliance and reduced fraud and operational costs thanks to an HID Trusted Transactions solution. This is pre-integrated with Temenos digital front office and core banking products.

In addition, a Swiss wealth management group is using the solution, along with the HID ActivID Authentication Server, to optimise flexibility while protecting mobile banking transactions and securing corporate data, applications and systems.

Further, two banks in Eastern Europe and the UK are using the solution for quick and easy compliance with Second Payment Services Directive (ie PSD2) regulations.

Even with financial institutions returning to (almost) normal operating hours, many believe digital banking will grow in importance as part of ensuring business continuity and supporting customers who prefer not to visit their local branch during the ongoing health crisis. According to a McKinsey & Company report, the use of digital channels has grown in Europe by up to 20% during the COVID-19 pandemic.

Adoption of digital banking

“In just a couple of months, customers’ adoption of digital banking has leapt forward by a couple of years,” suggests the document. “Our most recent customer survey showed a 10% to 20% rise in digital banking use across Europe in April. Many Italian banks are striving to enable every single one of their customers to use digital banking. Such a jump in adoption opens the door for banks to turn digital channels into real sales channels, not just convenient self-service tools.”

HID Global’s complete HID Trusted Transactions offer for end users in the banking and finance sector includes the HID Authentication platform delivered either as a server or service, plus a choice of hardware tokens or the HID Approve multi-factor authentication solution with mobile push notification capabilities and the HID Risk Management Solution – Threat and Fraud Detection.

The comprehensive offer from the business delivers risk-based adaptive authentication, threat detection and transaction signing.

*Click here for more information about HID’s advanced multi-factor authentication solutions for the banking sector

All MOBOTIX IoT camera solutions integrated in Gentec’s cloud-based Stratocast VMS

MOBOTIX has taken another step towards integrating its technology within partner systems with the news that, after extensive development processes and testing procedures, all MOBOTIX Internet of Things (IoT) camera solutions have now been integrated in Gentec’s cloud-based Stratocast video management system (VMS).

VMS specialist Genetec has been one of MOBOTIX’s most important technology partners for many years now. “The integration of our camera systems in Stratocast, whose high level of cyber security is put to the test in annual stress tests and evaluations, is another milestone in the long-term co-operative relationship that exists between MOBOTIX and Genetec,” explained Hartmut Sprave, CTO at MOBOTIX.

Thomas Dieregsweiler, head of product management for MOBOTIX, added: “When we make our technology available and integrate it with other solutions, it’s paramount to us that we don’t compromise on the cyber security of our systems. Genetec and MOBOTIX speak the same language. We’re one of the world’s first camera manufacturers to successfully integrate with the Stratocast solution.”

The cloud-based Stratocast is designed for SMEs. When using Stratocast, end customers can always rest assured that their company is protected and that seamless operation is ensured. Using a PC, laptop, tablet or smart phone, Stratocast guarantees access to live videos and video recordings that are stored ‘cyber-safe’ in the cloud.

The end user themselves requires only basic computer expertise, as no computer infrastructure such as additional servers have to be installed. No maintenance or updates will be required. This makes solutions affordable and very transparent for the end user. They only pay by usage.

Stratocast allows the end user to circumvent typical server-based problems such as additional IT infrastructure or employees, lack of storage space, loss of records and unscaleable prices or functionalities.

The scope of functions provided can also be extended by using the Genetec Security Center for central monitoring. This means the cloud-based network can grow and develop according to the end user’s needs.

Successful co-operation

As is the case for MOBOTIX, cyber security and data protection are the highest priority for Genetec. For example, all communication between the on-site system and the cloud is fully-encrypted with Transport Layer Security. Genetec guarantees 99.5% availability (availability and access to video). All data is backed up three-fold in the cloud.

Genetec works exclusively with hardware and software partners who meet the highest quality standards for cyber security and data protection.

“We have integrated our technology into Stratocast’s technology over the last six months,” explained Thomas Lausten, CEO of MOBOTIX. “All test series were completed successfully. The quality of our video solutions combined with a keen focus on cyber security and our global sales network is how we became one of the first camera manufacturers to integrate our technology in the cloud-based Stratocast . It proves once again that the decentralised intelligence of our camera systems makes MOBOTIX one of the most important players on the global market.”

*For further information visit https://www.mobotix.com/en/mobotix-genetec-stratocast

70% of financial companies suffer cyber security incident in last 12 months

New research conducted by data security company Clearswift reveals that 70% of financial companies have experienced a cyber security incident in the past year, highlighting the serious threat that both data breaches and malicious attacks pose to the UK’s financial sector.

The research, which surveyed senior business decision-makers within enterprise financial organisations in the UK, found that almost half of the incidents reported over the past 12 months originated from employees failing to follow security protocol or data protection policies. This threat was biggest in mid-sized financial companies (with 3,000-4,999 employees) with 52% of respondents citing employee failure to follow corporate data protection policies as their biggest issue.

In addition to this, it was found that further causes of cyber security incidents within the financial sector included the introduction of malware and viruses via third party devices, including USBs and Bring Your Own Device (32%), file and image downloads (25%) and employees sharing data with unintended recipients (24%).

“The financial sector is the lynchpin of the UK’s economy and a vital part of our nation’s Critical National Infrastructure, so it’s alarming to see such high numbers of security incidents within financial organisations,” said Dr Guy Bunker, CTO at Clearswift. “Unfortunately, in this day and age it’s a case of ‘when’ not ‘if’ a firm is breached so the financial sector needs to shift gears and speed up the innovation and deployment of effective data protection and threat mitigation strategies.”

The numbers associated with security incidents are in stark contrast with further findings from the survey which revealed less than a quarter (23%) of respondents had an adequate level of budget allocated to cyber security within the firm. Unsurprisingly, 73% of respondents would like to see some – if not a significant – increase in their organisation’s cyber security spending.

Bunker added: “Whether it’s an inadvertent mistake, a malicious insider or an external threat actor that causes a security incident, the ramifications of data loss are extremely serious for any organisation. For those organisations who hold citizen data and their financial information, there’s a need for extra vigilance to protect that data no matter where it’s stored, how it’s processed or what digital collaboration channels it flows through. Understanding the latest threats and the potential consequences from next generation attacks will help drive the business case for investment in new technology to mitigate the risks.”

He continued: “Cyber security needs to rapidly evolve and the budgeting process should take this into account. The threat which can bring down a company may not have existed three months ago. Financial organisations need to be able to respond immediately in order to protect their reputation. While many areas of securing a company’s data can be improved by educating employees and developing clear policies and processes, technology plays a key role in mitigating today’s biggest threats through automating and enforcing security protocols. This requires investment. Great information security is a positive business differentiator and a driver of growth.”

Barracuda Networks helps Leeds United FC to tighten up its cyber defence

Cloud-enabled security and data protection solutions specialist Barracuda Networks has been selected by Leeds United Football Club’s management team to help protect it from today’s advanced cyber threats.

Working with Leeds-based IT reseller and club sponsor Altinet, Barracuda Networks is providing Leeds United FC with its Message Archiver in order to make the storage and access of e-mails simpler, quicker and more secure. As well as being easy to set up and manage, the new e-mail archiving solution allows Leeds United FC to combine on-site hardware with cloud-based replication. This ensures that e-mail data is easy to recover in the event of an attack or data loss.

“As a multi-million pound business, we’re dealing with high volumes of important and confidential e-mails on a daily basis so we have to assume that we’re a high-value target for cyber attackers,” said Mark Broadley, head of IT and facilities at Leeds United FC. “Our legacy e-mail solution wasn’t providing a high enough level of protection, and had meant that staff within the HR and legal teams were spending a lot longer finding information than was needed. On the recommendation of Altinet, we were delighted to make Barracuda Networks the first signing of this very important project.”

Barracuda Networks’ solution helps Leeds United FC to easily meet regulatory requirements and take complex discovery requests in its stride. This is particularly important given the club’s historical high turnover of personnel, and the need to find and read archived e-mails in minutes rather than hours or days.

Chris Ross, senior vice-president for international business at Barracuda Networks, said: “Being selected by Leeds United FC to improve and modernise the club’s data protection is an important accolade for us. With cyber attackers becoming ever-more sophisticated and data protection rising higher up the corporate agenda, it’s important that organisations replace legacy solutions and keep up-to-date with the latest threats.”

Ross added: “As it increasingly becomes about when you’re going to be attacked rather than if, data protection and recovery should form a key element of every organisation’s cyber security strategy. On top of keeping an eye on Leeds United FC’s cyber defences, we’ll be watching with interest and wishing the club the best of luck as it seeks promotion from the Championship back to the Premier League.”

Egress Software Technologies CEO responds to ICO’s Data Security Incidents Report for Q2

On Friday 16 November, the Information Commissioner’s Office (ICO) published its Data Security Incidents Report for Q2 2018. Data security incidents, which are breaches of the seventh data protection principle or personal data breaches reported under the Privacy and Electronic Communications Regulations, are a major concern for those affected and a key area of action for the ICO.

On 18 July 2018, the Independent Inquiry into Child Sexual Abuse (IICSA) was fined £200,000 for revealing the identities of abuse victims in a mass e-mail. On 9 August, Lifecycle Marketing (Mother and Baby) Ltd, also known as Emma’s Diary, was fined £140,000 for illegally collecting and selling personal information belonging to more than one million people.

On 20 September, Equifax Ltd was fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017 and, on 28 September, BUPA Insurance Services was fined £175,000 for failing to have effective security measures in place to protect customers’ personal information.

Tony Pepper, CEO of Egress Software Technologies, commented: “Looking at this report, it’s no surprise that the number of data security incidents filed to the ICO has continued to increase with no signs of plateauing. Overall, there has been a 29% increase in the number of reported data security incidents, from 3,146 between April and June 2018 to 4056 from July to September 2018. This demonstrates a 490% increase compared to the same quarter in 2017.”

Pepper continued: “Similar to the statistics we observed in the ICO’s previous report, this doesn’t necessarily mean that organisations are experiencing more incidents, but it definitely does mean that more are now being reported. The increased awareness for organisations to tread carefully has been fuelled by the General Data Protection Regulation, as well as the significant data breach incidents that recognisable brands have suffered in recent times.”

In terms of the monetary penalties, fewer fines were issued between July and September compared to those issued between April and June, with £875,000 issued under the Data Protection Act in the most recent complete three-month period.

Significant growth in data incidents

Although the report doesn’t summarise the type of incidents reported, it does detail the sectors that have experienced significant growth in these incidents. These include general business, which has experienced an increase of 87%, finance with 49%, insurance and legal with 63%, media with 633% and transport and leisure with 57%, while Government, at both the central and local level, experienced a 14% increase.

“We have also seen an organisation fined for unlawfully selling personal data, while Equifax was fined the highest amount under the Data Protection Act (£500,000) for a cyber attack that exposed the personal information of up to 15 million UK citizens.”

Information Commissioner Elizabeth Denham

Pepper added: “Clearly, there’s not only an issue with external attackers illegally obtaining and hacking an organisation’s systems to obtain data, but also with internal employees – and companies as a whole – misleading the population on why their personal data is being collected and how it will be used. As a result, organisations should be vigilant when it comes to ensuring data security protection is in place, and especially so to combat internal threats.”

Pepper feels that organisations should take a user-centric approach to data security, ensuring that every employee – from C-Suite executives to the average worker – is as security savvy as they need to be. This philosophy has been highlighted in recent Egress research, which revealed that 20% of an organisation’s employees don’t know what kinds of personal information should be protected when sharing data via e-mail.

“By taking a user-centric approach and equipping staff to protect personal data through technology that supports and secures the work they do,” urged Pepper, “as well as more training and awareness of what constitutes the mishandling of personal data, organisations will be able better placed to mitigate the chances of external and internal data security incidents.”

dormakaba issues brochure and video on cyber security and data protection

Security and access solutions specialist dormakaba has launched its latest brochure promoting products that protect the physical security of Data Centres, server rooms and server racks. Created with building services professionals in mind, the brochure includes products suitable for high security applications where the protection of data is paramount. Accompanying the brochure, dormakaba has also created a video to highlight the importance of physical access for secure Data Centres. 

The physical security of data plays a key role in ensuring that information is kept secure and safe from misuse. Whether private to an organisation or an individual, organisations have a responsibility to ensure that all data is kept secure throughout its lifecycle (ie from the time it’s created right through to the time that it’s used and, finally, through to the time it’s archived).

The first section of the brochure introduces the main challenges faced when securing data, including where sensitive data resides and how it’s stored. With site access restricted to a select group of individuals, Data Centres and server rooms are environments that require secure and compliant access solutions.

The brochure also includes product categories that recommend fit for purpose solutions depending on the desired application. These range from cylinder and key systems to electronic access control and safe locks.

“With the European Union’s General Data Protection Regulation due to come into force on Friday 25 May, organisations now have a heightened awareness of their responsibilities when it comes to protecting personal data,” said Clive Baker, director of security locking at dormakaba. “While many have brought in new policies to guarantee the protection of information, the physical aspect of data security is often overlooked. This brochure has been created to educate those responsible for ensuring compliance with ever more stringent legislation.”

*To view the video accompanying the brochure visit: https://www.youtube.com/watch?v=2_G_OXK-dSw&t=1s

**Free copies of dormakaba’s new brochure may be downloaded at: www.dormakaba.co.uk or contact marketing.gb@dormakaba.com

GDPR Readiness Checklist Tool launched by NW Security Group to help businesses comply with upcoming EU legislation

NW Security Group, the provider of IP video solutions and security consultancy, has launched a free European Union (EU) General Data Protection Regulation (GDPR) Readiness Checklist Tool to help businesses quickly and easily determine if they’re adequately preparing for the new legislation. Due to come into effect on 25 May, the EU GDPR aims to ensure the protection of personally identifiable information. According to recent figures, over 50% of companies across the UK will not be ready for the GDPR by the stated deadline.

While awareness of the new legislation has risen in recent months, the consensus is that UK firms are under-prepared for the EU GDPR, and therefore at risk of fines as high as €20 million or 4% of a company’s annual turnover (whichever is greater).

As an expert in providing security consultancy and training, NW Security has been giving businesses across the UK guidance on how to ensure compliance by the May deadline in a series of awareness seminars. The GDPR Readiness Checklist Tool has formed a vital part of each seminar, helping attendees determine how effective their data protection processes are on their respective journeys towards GDPR compliance.

Nigel Peers, senior consultant at NW Security, offers his thoughts on the EU’s General Data Protection Regulation and how companies must prepare for its introduction

“As a provider of IP-based security systems, we’ve always taken cyber security very seriously indeed to ensure the solutions we recommend to our customers protect the data that’s generated,” stated Nigel Peers, senior consultant at NW Security. “In recent months, we’ve been raising awareness with companies and helping them to assess their levels of preparedness for the GDPR using our quick Checklist Tool. As the timeframes become more urgent and levels of readiness are left wanting, we felt it would be helpful to make this free Checklist Tool available to more companies across the UK. It prompts them to think about how best to prepare themselves and their supply chains for the GDPR and provides an insight of just how comprehensive a full GDPR Organisational Readiness Assessment needs to be.”

One of the seminars was held at the Wirral Chamber of Commerce in Birkenhead, welcoming attendees from a range of businesses in the region to heighten understanding of the new GDPR and identify how it could impact their organisation. Laura Cross, director at Concentric HR, said of the seminar: “It was extremely informative and practical. We don’t feel fully prepared for the GDPR as yet, but events such as this have definitely increased our knowledge on the topic and given us great learnings to take back and implement within our firm.”

Cross continued: “The GDPR Readiness Checklist Tool was one of the most useful aspects of the seminar. It really helped me to understand where our business is currently on the journey towards GDPR compliance. Knowing that there are external experts out there that can support us along the way is extremely reassuring for our business.”

*To use the free EU GDPR Readiness Checklist Tooll visit: www.nwsecuritygroup.com/gdpr-readiness-quick-checklist

New date announced for free-to-attend BSIA/FIA-supported cyber security seminar

A free-to-attend, half-day seminar which aims to help security buyers and installers alike to navigate the complex world of cyber security is being held in Solihull on Thursday 2 November.

Organised by the British Security Industry Association (BSIA) and supported by the Fire Industry Association (FIA), the event will include presentations from a wide range of cyber security experts, with a particular focus on the potential vulnerabilities of ‘connected products’ – meaning any security product that can be accessed or operated remotely via the Internet (eg intruder alarms, video surveillance systems and access control solutions) – and how these vulnerabilities can be combated.

Delegates will be informed about the potential cyber risks facing their business, with presentations from the West Midlands Police’s digital cyber crime team and the Scottish Business Resilience Centre’s team of ‘ethical hackers’.

Attendees will also find out how the BSIA’s ongoing work in the field of cyber security is helping the security industry to protect itself and its customers.

Finally, delegates will benefit from a summary of the European Union’s new General Data Protection Regulation, which is set to come into force in May 2018.

The seminar is open to security and fire solutions buyers and installers, or indeed anybody from either industry with an interest in improving their business’ cyber security and data protection policies.

Registration for the event will be open from 9.00 am, with presentations starting at 9.45 am and the event expected to finish at around 1.30 pm.

*A full programme and online booking forms for both delegates and exhibitors are available from the BSIA’s website