Tag Archives: Data Security

Honeywell launches 30 Series IP cameras “to improve data and video protection”

Honeywell has announced the release of its 30 Series IP cameras: a new suite of video cameras that strengthens building safety and security through advanced analytics and secure channel encryption. With the new cameras, end users can also benefit from lower total cost of ownership and reduced risk as well as improved picture quality without increased storage needs.

“Honeywell is in the business of protection – from buildings through to data and the people within those buildings,” said Jeremy Kimber, video global product management director for Honeywell Commercial Security. “With the release of the 30 Series IP cameras, we’re providing advanced secure channel encryption that guards against unauthorised access and the unsanctioned distribution of data and video to help end users seamlessly integrate security into any business.”

HoneywellHC30Family

Honeywell 30 Series IP Cameras are available in dome, bullet, ball and fisheye models that feature:

Secure channel encryption: The new cameras provide HTTP over TLS1.2 (HTTPS) encrypted streaming to Honeywell MAXPRO NVRs. They adhere to the Payment Card Industry Data Security Standard. Together, these elements help meet the increasingly stringent requirements being set by IT Departments to shield businesses against unauthorised access and unsanctioned distribution of data and video, potentially saving end users up to $3.86 million (the average global cost of a data breach).

Advanced motion people detection: Traditional motion detection only detects pixel changes, leading to a higher false alarm rate. Advanced motion people detection is designed to reduce false alarm rates as it will only create an alarm when the moving object is recognised as a person.

Enhanced storage space and image quality: A higher quality camera resolution of up to 5 MP delivers exceptional images and comes with a user-friendly interface for secure remote viewing. The H.265 smart codec feature allows for storage of longer clips and lower bandwidth consumption, enabling images to take up to 50% less storage space, which decreases operating costs.

The new line of cameras is fully-integrated using HTTPS encrypted streaming with MAXPRO NVRs. They can also be used with performance-embedded NVRs linked to the MAXPRO Cloud multi-site video and access control management platform and with the ADPRO XO range of NVRs complete with on-board video analytics.

With advanced analytics and encryption capabilities, Honeywell 30 Series IP cameras offer an array of quality options for all SMEs, entry-level enterprise and critical applications where compliance is essential such as banking and finance, Government, the utilities, the education sector, retail and premium commercial.

Advertisements

Leave a comment

Filed under Risk Xtra

70% of financial companies suffer cyber security incident in last 12 months

New research conducted by data security company Clearswift reveals that 70% of financial companies have experienced a cyber security incident in the past year, highlighting the serious threat that both data breaches and malicious attacks pose to the UK’s financial sector.

The research, which surveyed senior business decision-makers within enterprise financial organisations in the UK, found that almost half of the incidents reported over the past 12 months originated from employees failing to follow security protocol or data protection policies. This threat was biggest in mid-sized financial companies (with 3,000-4,999 employees) with 52% of respondents citing employee failure to follow corporate data protection policies as their biggest issue.

In addition to this, it was found that further causes of cyber security incidents within the financial sector included the introduction of malware and viruses via third party devices, including USBs and Bring Your Own Device (32%), file and image downloads (25%) and employees sharing data with unintended recipients (24%).

UKFinanceCyber

“The financial sector is the lynchpin of the UK’s economy and a vital part of our nation’s Critical National Infrastructure, so it’s alarming to see such high numbers of security incidents within financial organisations,” said Dr Guy Bunker, CTO at Clearswift. “Unfortunately, in this day and age it’s a case of ‘when’ not ‘if’ a firm is breached so the financial sector needs to shift gears and speed up the innovation and deployment of effective data protection and threat mitigation strategies.”

The numbers associated with security incidents are in stark contrast with further findings from the survey which revealed less than a quarter (23%) of respondents had an adequate level of budget allocated to cyber security within the firm. Unsurprisingly, 73% of respondents would like to see some – if not a significant – increase in their organisation’s cyber security spending.

Bunker added: “Whether it’s an inadvertent mistake, a malicious insider or an external threat actor that causes a security incident, the ramifications of data loss are extremely serious for any organisation. For those organisations who hold citizen data and their financial information, there’s a need for extra vigilance to protect that data no matter where it’s stored, how it’s processed or what digital collaboration channels it flows through. Understanding the latest threats and the potential consequences from next generation attacks will help drive the business case for investment in new technology to mitigate the risks.”

He continued: “Cyber security needs to rapidly evolve and the budgeting process should take this into account. The threat which can bring down a company may not have existed three months ago. Financial organisations need to be able to respond immediately in order to protect their reputation. While many areas of securing a company’s data can be improved by educating employees and developing clear policies and processes, technology plays a key role in mitigating today’s biggest threats through automating and enforcing security protocols. This requires investment. Great information security is a positive business differentiator and a driver of growth.”

Leave a comment

Filed under Risk Xtra

Egress Software Technologies CEO responds to ICO’s Data Security Incidents Report for Q2

On Friday 16 November, the Information Commissioner’s Office (ICO) published its Data Security Incidents Report for Q2 2018. Data security incidents, which are breaches of the seventh data protection principle or personal data breaches reported under the Privacy and Electronic Communications Regulations, are a major concern for those affected and a key area of action for the ICO.

On 18 July 2018, the Independent Inquiry into Child Sexual Abuse (IICSA) was fined £200,000 for revealing the identities of abuse victims in a mass e-mail. On 9 August, Lifecycle Marketing (Mother and Baby) Ltd, also known as Emma’s Diary, was fined £140,000 for illegally collecting and selling personal information belonging to more than one million people.

On 20 September, Equifax Ltd was fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017 and, on 28 September, BUPA Insurance Services was fined £175,000 for failing to have effective security measures in place to protect customers’ personal information.

ICOLogoWeb

Tony Pepper, CEO of Egress Software Technologies, commented: “Looking at this report, it’s no surprise that the number of data security incidents filed to the ICO has continued to increase with no signs of plateauing. Overall, there has been a 29% increase in the number of reported data security incidents, from 3,146 between April and June 2018 to 4056 from July to September 2018. This demonstrates a 490% increase compared to the same quarter in 2017.”

Pepper continued: “Similar to the statistics we observed in the ICO’s previous report, this doesn’t necessarily mean that organisations are experiencing more incidents, but it definitely does mean that more are now being reported. The increased awareness for organisations to tread carefully has been fuelled by the General Data Protection Regulation, as well as the significant data breach incidents that recognisable brands have suffered in recent times.”

In terms of the monetary penalties, fewer fines were issued between July and September compared to those issued between April and June, with £875,000 issued under the Data Protection Act in the most recent complete three-month period.

Significant growth in data incidents

Although the report doesn’t summarise the type of incidents reported, it does detail the sectors that have experienced significant growth in these incidents. These include general business, which has experienced an increase of 87%, finance with 49%, insurance and legal with 63%, media with 633% and transport and leisure with 57%, while Government, at both the central and local level, experienced a 14% increase.

“We have also seen an organisation fined for unlawfully selling personal data, while Equifax was fined the highest amount under the Data Protection Act (£500,000) for a cyber attack that exposed the personal information of up to 15 million UK citizens.”

ElizabethDenhamICO

Information Commissioner Elizabeth Denham

Pepper added: “Clearly, there’s not only an issue with external attackers illegally obtaining and hacking an organisation’s systems to obtain data, but also with internal employees – and companies as a whole – misleading the population on why their personal data is being collected and how it will be used. As a result, organisations should be vigilant when it comes to ensuring data security protection is in place, and especially so to combat internal threats.”

Pepper feels that organisations should take a user-centric approach to data security, ensuring that every employee – from C-Suite executives to the average worker – is as security savvy as they need to be. This philosophy has been highlighted in recent Egress research, which revealed that 20% of an organisation’s employees don’t know what kinds of personal information should be protected when sharing data via e-mail.

“By taking a user-centric approach and equipping staff to protect personal data through technology that supports and secures the work they do,” urged Pepper, “as well as more training and awareness of what constitutes the mishandling of personal data, organisations will be able better placed to mitigate the chances of external and internal data security incidents.”

Leave a comment

Filed under Risk Xtra

95% of UK businesses “still struggling” with mobile working as security of data continues to cause concern

Apricorn – the manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives – has unveiled new research results highlighting that 95% of organisations surveyed in the UK recognise problems with mobile and remote working. Worryingly, nearly one-in-five (18%) suggest that their mobile workers don’t care about security.

All (ie 100%) of those IT decision-makers surveyed noted that they had employees who work remotely at least some of the time, with an average of over one third (37%) of staff members who do so. With an increase in the numbers of people working remotely, this means more data moving beyond the confines of the corporate network. Organisations need to ensure that any data – be it at rest or on the move – remains secure.

While many are taking steps to ensure their data is protected, for instance by implementing security policies for mobile working and Bring Your Own Device, just under half of respondents (44%) still agree that their organisation expects their mobile workers to expose them to the risk of a breach. Roughly one third (32%) say that their organisation has already experienced a data loss or breach as a direct result of mobile working, while 30% of respondents from organisations where the General Data Protection Regulation (GDPR) applies are concerned that mobile working is an area that will most likely cause them to be non-compliant.

MobileWorkingSecurity

53% cited that one of their Top Three biggest problems with remote working is due to the complexity and management of the technology that employees need and use. Over half (54%) say that, while their organisation’s mobile workers are willing to comply with requests relating to security measures, employees lack the necessary skills or technologies required to keep data safe. Nearly one third (29%) take the radical approach of physically blocking all removable media, while a further 22% ask employees not to use removable media (although they have no technology means by which to enforce this).

“The number of organisations blocking removable media has increased compared with responses to the same question in 2017, when 18% said they were physically blocking all removable devices,” said Jon Fielding, managing director for the EMEA at Apricorn. “A unilateral ban isn’t the solution and ignores the problem altogether, while also presenting a barrier to effective working. Instead, businesses should identify corporately approved, hardware-encrypted devices that are only provided to staff with a justified business case for having such. The approved devices should then be white-listed on the IT infrastructure, blocking access to all non-approved media.”

Risk of data breaches

Despite strict security policies, mobile working can still leave organisations wide open to the risk of a data breach. Half (50%) of respondents admitted one of the three biggest problems with mobile working is that they cannot be certain their data is adequately secured. Only around half enforce and are completely confident in their encrypted data in transit (52%), in the cloud (52%) and at rest (51%).

“While the new GDPR legislation requires the ‘Pseudonymisation’ and encryption of personal data, encryption isn’t a new concept, and keeping data secure has always been imperative to any organisation handling sensitive information,” added Fielding.

In conclusion, Fielding stated: “Organisations are simply not following security Best Practice. They need to implement and enforce policies and provide employee training to ensure compliance with the GDPR. Failing to put processes in place is putting confidential data at risk. Organisations now face the prospect of being fined even before a breach has occurred.”

Leave a comment

Filed under Risk Xtra

Spiceworks survey shows one-in-four organisations “not confident” over security of cloud-stored data

Spiceworks has published the results of a new survey examining the adoption and perceptions of cloud storage and file sharing services in businesses across Europe and North America. The results show that Microsoft OneDrive is the most commonly used service, followed by Google Drive and Dropbox (among others). The findings indicate that, although the adoption of cloud storage services has grown rapidly, a quarter of business technology buyers are still concerned about hosting company data in the cloud and are therefore prioritising security when evaluating solution providers.

According to a similar Spiceworks report issued back in March 2016, 53% of organisations were using cloud storage and file sharing services. Among those organisations, 33% were using Dropbox, 31% were using Microsoft OneDrive and 27% were using Google Drive. However, the 2016 report revealed that OneDrive had the highest planned adoption rates.

Today, 80% of organisations are using cloud storage services, while an additional 16% plan to deploy a solution within the next two years. Currently, 51% of organisations are using Microsoft OneDrive, 34% are using Google Drive and 34% are using Dropbox. Additionally, 13% of businesses are currently using Apple iCloud, 6% are using Box, 6% are using Citrix ShareFile and 3% are using Amazon Drive.

When examining adoption rates by company size, the results show that OneDrive has the highest usage in enterprises – defined as businesses with more than 1,000 employees – with an adoption rate of 59%, compared to Google Drive at 29% and Dropbox at 25%.

SpiceworksCloudSecurity

Although OneDrive also claims the top spot in SMEs, the gap in adoption rates among the top players is much smaller. For example, among mid-size businesses with 100 to 999 employees, 54% are using OneDrive, 35% are using Dropbox and 33% are using Google Drive. In small businesses with one to 99 employees, 47% are using OneDrive compared to 39% using Google Drive and 34% using Dropbox.

Security: the most important factor for service selection

Among business technology buyers involved in the purchase decisions for cloud storage services at their organisation, security was considered the most important factor when evaluating providers. In fact, 97% said that security is an important to extremely important factor followed by reliability (96%), cost (93%), ease of use (93%) and vendor reputation (89%). Conversely, technology buyers believe factors such as document collaboration (67%) and app/tool integrations (59%) still matter, but are less important.

When asked to select up to five attributes that they most associate with the top providers, 39% of business technology buyers primarily associate OneDrive with being secure, compared to Google Drive at 28% and Dropbox at 19%. Google Drive ranks the highest in terms of reliability and cost-effectiveness, while Dropbox ranks the highest when it comes to ease of use. Additionally, Microsoft OneDrive was recognised as a trusted vendor and for being integrated with existing apps/tools.

Security of data stored in the cloud

Despite the pervasiveness of cloud storage and file sharing services, some organisations are not confident in the security of their data stored within those services. In fact, 25%of technology buyers believe their data in the cloud is ‘not at all’ to ‘somewhat’ secure. This is perhaps because 16% of organisations have experienced one or more security incidents – such as unauthorised access, stolen credentials or data theft – via their cloud storage service in the last 12 months.

Therefore, organisations are taking extra steps to enhance their data security when using cloud storage and file sharing services. 57% of organisations only allow employees to use cloud storage providers approved by their IT Department, 55% enforce user access controls and 48% train employees on how to use cloud storage services properly.

However, other security measures are less common, such as enforcing multi-factor authentication when using these services (28%), putting a cloud storage/file-sharing security policy in place (28%) and encrypting data in transit (26%) and at rest (22%) via their cloud storage service.

“It’s evident organisations are putting more trust into cloud storage services, but some are still hesitant despite the recent growth in adoption,” explained Peter Tsai, senior technology analyst at Spiceworks. “Although cloud storage services often include features that help in securing sensitive corporate information, there will always be risks involved when entrusting data to a third party.”

The Spiceworks survey was conducted in April and included the views of 544 respondents. Respondents are among the millions of business technology professionals in Spiceworks and represent a variety of company sizes, including SMEs and enterprises. Respondents come from a variety of industries, including manufacturing, healthcare, non-profits, education, Government and finance.

*For more information and a complete list of survey results visit https://community.spiceworks.com/blog/3058-cloud-storage-services-who-claims-the-top-spot-among-microsoft-google-dropbox

Leave a comment

Filed under Risk Xtra, Uncategorized

MOBOTIX launches ‘Cactus Concept’ to set focus on cyber security for video surveillance

MOBOTIX has announced a heightened focus on cyber security by implementing the ‘Cactus Concept’. The concept aims to deliver a comprehensive approach towards protecting MOBOTIX products against the threat of cyber attacks along with education and tools to help customers and partners alike in building and maintaining secure video surveillance and access control environments.

The ‘Cactus Concept’ will raise awareness among potential and existing MOBOTIX customers of the importance of data security in network-based video security systems and how organisations can protect themselves through cost-efficient and intelligent solutions. End-to-end encryption with no blind spots is required, from the image source via the data cables and the data storage through to the VMS on the end user’s computer.

Like a cactus, whose every limb is covered in thorns, all of the modules (camera, storage, cables, VMS) in the MOBOTIX system have ‘digital thorns’ that protect them from unauthorised access.

MOBOTIXCactusConcept

“Modern video surveillance and access control technologies help protect people, places and property across the world, but they’re increasingly targeted by criminals aiming to infiltrate, take-over or disable them,” explained Thomas Lausten, CEO of MOBOTIX. “With the Internet of Things trend adding billions of IP-connected devices each year, our industry must lead the way in creating secure platforms that can reduce the risks posed by these damaging attacks.”

MOBOTIX firmly believes in its ‘Cactus Concept’ to protect every element of the design, manufacture and operation of each device along with end-to-end encryption across the entire usage and management cycle.

To ensure the highest levels of security, MOBOTIX uses the services of SySS, a highly regarded and independent third party security testing company that examines the security of both software and hardware elements. SySS customers include Basler Versicherungen, Bundeswehr, CreditPlus Bank AG, Daimler, Deutsche Bank, Deutsche Flugsicherung, Festo, Hewlett Packard, Innenministerium/LKA Niedersachsen, SAP, Schaeffler, Schufa, T-Systems and Union Investment.

Sebastian Schreiber, CEO at SySS, added: “MOBOTIX has a contract with us to provide further penetration testing of its technology elements. The initial platform testing on a current camera model revealed very positive results. We’ll now continue security testing as an ongoing process.”

Thomas Lausten concluded: “Cyber security has been and will continue to be a core focus for us. We look forward to working with our peers in the industry, as well as customers and Government agencies, in order to protect the very technologies and systems that help make society safer for us all.”

*For more information visit www.cactusconcept.com

Leave a comment

Filed under Risk UK News

TDSi’s Ian Hoare gains Master’s degree from Bournemouth University

Integrated security manufacturer TDSi has announced that its software analyst and developer Ian Hoare has graduated with a Master’s degree in Cyber Security and Human Factors from Bournemouth University. Hoare’s qualification demonstrates the company’s continued commitment to research, education and training.

TDSi’s managing director John Davies commented: “We’re very proud that Ian has earned his Master’s degree, having worked extremely hard to study alongside his role at TDSi. As a company, we champion education and training as it benefits not only the person and the business, but also the security industry as a whole.”

Hoare elaborated on the significance of his new degree for his role at TDSi. “This new qualification demonstrates that I’m up-to-date with the very latest advances in cloud computing and online security. The TDSi team is always at the forefront of secure software for the modern world, but we’re keen to illustrate this with Continuing Professional Development, giving additional confidence to our customers that all has been done to secure their data.”

Ian Graduation 2017

Ian Hoare of TDSi

As part of his graduation process, Hoare produced a dissertation that examines the secure development life-cycle and how it can fit into the agile development process. He commented: “The Agile development process doesn’t allow for any security processes. There’s an argument that it shouldn’t, as it’s an overhead of the initial development.”

Hoare concluded: “However, it’s important to identify and mitigate vulnerabilities within the system, as the financial costs are far greater if vulnerabilities are found after the product is released. This is even more important with the EU’s looming General Data Protection Regulation, which comes into force in May next year.”

Hoare’s Master’s in Cyber Security and Human Factors is just part of an ongoing process of training and research. He concluded: “The cloud environment is continuously changing, with new threats evolving. It’s vital to use this knowledge now and to continuously keep this learning and information updated as technology and security needs evolve.”

Leave a comment

Filed under Risk UK News