Tag Archives: Data

Euralarm outlines content of upcoming new study on false fire alarms in Europe

Fire and Rescue Services collect facts and figures during responses to alarms from fire detection and alarm systems. Now, Euralarm has reviewed the different approaches for data collection and analysis in England, Germany, Switzerland, Sweden and Austria.

A key observation is the differences noted between the examined countries. These differences hamper comparisons, although a view of the European norms would suggest the opposite. Euralarm is therefore calling for more co-operation between the stakeholders involved which would enable new insights into fire alarms in general.

Buildings are safer today because of the fire detection and alarm systems installed within. Indeed, without these systems, fires would go undetected and spread. Exit routes would be impassable due to smoke and fire, resulting in injuries and even fatalities, aside from damage caused to the building(s).

EuralarmFireAlarmReport

As is the case with any system, though, there are conditions that can lead to false alarms binding public and private resources as well as hurting the reputation of fire alarm and detection systems. False alarms can be reduced, for example, through the use of modern multi-sensor fire detectors as well as the regular application of correct maintenance requirements, making the systems reliable and dependable for building occupants.

In spite of such existing solutions, the market is lacking sufficient data that would outline the potential to reduce false alarms even more. An initial study by Euralarm in 2012 showed that data sources were missing and existing sources not comparable. Reliable details (eg data pools) on the range of false alarm difficulties and their causes are needed. At the moment, lack of such detail is hindering the development of a suitable basis upon which to define and deploy effective countermeasures.

The new study focuses on investigating data collection and analysis processes in order to achieve a better understanding of what needs to be done and, hopefully, will provide momentum for changes to be made.

Key observations

The review of the data collection process of transmitted alarms from fire detection and Alarm systems has been carried out by the Euralarm Task Group for False Alarms.

The project’s objective has been to analyse the specific methodologies by taking an empirical approach, with the aim of deriving a common understanding of the facts and figures collected during Fire and Rescue Services’ responses to fire alarms.

From the existing data pools, members of the Task Group then attempted to calculate the false alarm ratios based on four different models. In doing so, they then took the step of attempting a comparison between the investigated countries.

One of the observations of the review is that comparison of fire alarm figures in the respective countries is hampered by “missing alignment” in terms of common terminology and processes. A view towards the European norms would suggest the opposite, but the fact is that the application guidelines are national and these are the basis for any data collection. The analysed material recorded and collected by experts during responses to fire alarms is handled quite differently from country to country.

Lack of proper information leads to narrow or wrong measures being implemented, which is clearly detrimental to society and must be changed.

A fundamental understanding of fire alarms – and specifically false alarms – is a requirement for any attempts towards betterment. Since a common approach would (in principle) be possible, Euralarm proposes that the fire safety industry, Fire and Rescue Services and building owners work far more closely together on this matter.

*The full report will be published in Q4 2017

Leave a comment

Filed under Risk UK News

Inner Range to unveil Integriti Encrypted High Security integrated access control and security system at IFSEC International 2017

We live in an era where criminal activity has become more sophisticated and information about system hacking more readily available. With organisations being more vulnerable to attack, access control and security system manufacturer Inner Range is addressing the challenge for the security industry by adding another system to its already strong portfolio: Integriti Encrypted High Security.

Launching at IFSEC International 2017, Inner Range’s Integriti Encrypted High Security is an integrated access control and security system offering the pioneering integrated security and building management functionality of its flagship brand Integriti, but with the added advantage of being end-to-end fully encrypted to 128 bit with Mac authentication. Data encryption ensures secure LAN communications at all times, while continuous monitoring detects any fault or attempted module substation.

Chantel Smith, business development manager at Inner Range Europe, commented: “Integriti Encrypted High Security delivers end-to-end full encryption, which is essential for buildings and facilities that are of critical importance to national infrastructure and for Data Centres and research labs where there’s a heightened security risk.”

Smith continued: “Equally, we’re experiencing an increase in demand for systems from organisations big and small that don’t necessarily need end-to-end encryption to meet regulatory requirements, but understand the importance of adding an extra layer of protection for their buildings.”

InnerRangeIntegritiHighSecurity The Integriti Encrypted High Security system comprises a suite of products which together offer all the elements necessary to build a fully-integrated high security system that provides complete end-to-end data encryption. The Integriti range of products includes controllers, input expansion modules, end of line modules, keypads, card readers, power supplies and equipment enclosures.

The system’s modular design delivers scope for expansion while also boasting hybrid architecture which supports both high security and standard commercial grade (resistor network) areas at the same facility at the same time. The end result is a single, holistic and affordable security solution for the entire organisation.

Expansion of the Integriti system is achieved by installing additional encrypted modules to the high security controller’s RS-485 LAN or adding additional controllers to the system. The entire platform, including multiple controllers, can be managed from the Integriti Enterprise software.

*Visit Inner Range Europe on Stand E1400 at IFSEC International 2017

Leave a comment

Filed under Risk UK News

Social engineering “a top cause of cyber incidents” finds Cyber Resilience Report

Research commissioned by Crises Control from the Business Continuity Institute for its annual Cyber Resilience Report 2016 confirms much of what we already suspected about the changing nature of the cyber threat and the way that cyber criminals have found new ways to defeat corporate perimeter security.

66% of respondents to the survey reported that their companies had been affected by at least one cyber security incident over the last 12 months. The costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack. This is focused on the weakest link in the corporate security chain, which is now human beings rather than technology.

The term ‘social engineering’ describes this attack vector, which relies heavily on human interaction and often involves tricking people into breaking normal security procedures. The BCI research shows clearly that phishing (ie obtaining sensitive data through false representation) and social engineering is now the single top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months.

A further 37% were hit by spear phishing (ie phishing through identity fraud).

BCICyber

The research has also confirmed that, to effectively counter this threat, companies now need behavioural threat detection provided by a cyber security network monitoring solution. These plug-in devices monitor your network for signs of suspicious insider activity and failed attempts to hack into the system.

They can also provide invaluable intelligence to be acted upon proactively to nip a successful hack or insider threat in the bud.

Traditional anti-virus monitoring software is no longer enough. The BCI research shows that 72% of companies have this software in place, but only 26% of real cyber security incidents were actually discovered through this route. Much worse, 18% of incidents came to attention through an external source such as a customer, a supplier or the impact on a public website.

Network monitoring solutions are much more effective than anti-virus software in terms of alerting companies to a cyber breach, with 63% of businesses having network monitoring software in place and 42% of cyber incidents being brought to attention through the work of the IT Department to whom such systems report.

The scale of the cyber threat can feel overwhelming at times, but educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience.

The message is simple… Act now before it’s too late.

Leave a comment

Filed under Risk UK News

“Watering hole-style cyber attacks on the rise” warns High-Tech Bridge

On Sunday 12 February, security firm Symantec released an analysis of a new wave of attacks that has been underway since at least October 2016 and came to light when a bank in Poland discovered previously unknown malware running on a number of its computers.

The bank then shared indicators of compromise with other institutions and a number of those other organisations confirmed that they too had been compromised.

These ‘watering hole’ attacks attempted to infect more than 100 organisations in 31 different countries.

Symantec has blocked attempts to infect customers in Poland, Mexico and Uruguay by the same exploit kit that infected the Polish banks. Since October, 14 attacks against computers in Mexico have been blocked, 11 against computers in Uruguay and two against computers in Poland.

wateringholecyberattack

Preliminary investigations suggested that the starting point for the Polish infection could have been located on the web server of Poland’s financial sector regulatory body, namely the Polish Financial Supervision Authority (www.knf.gov.pl).

Commenting on this news, Ilia Kolochenko (CEO of High-Tech Bridge) said: “We should expect that cyber criminals will find more creative and reliable ways to compromise their victims. Trustworthy websites, such as governmental ones, represent great value for cyber criminals, even if they don’t host any sensitive or confidential data.”

Kolochenko continued: “In the past, hackers used one-off or garbage websites to host malware, but as corporate users become more educated and vigilant, attackers need to find more reliable avenues to deliver malware and enter corporate networks. That’s why Gartner, as well as other independent research companies, continuously say that the risk posed to corporate web applications is very high and seriously underestimated. Spear phishing and watering hole attacks against high-profile websites will grow significantly in the near future.”

Leave a comment

Filed under Risk UK News, Uncategorized

30% of NHS Trusts have experienced a ransomware attack” finds SentinelOne

30% of NHS Trusts in the UK have experienced a ransomware attack, potentially placing patient data and lives at risk. One Trust – the Imperial College Healthcare NHS Trust – admitted to being attacked 19 times in just 12 months. These are the findings of a Freedom of Information (FoI) request submitted by SentinelOne.

The Ransomware Research Data Summary explains that SentinelOne made FoI requests to 129 NHS Trusts, of which 94 responded. Three Trusts refused to answer, claiming their response could damage commercial interests. All but two Trusts – Surrey and Sussex and University College London Hospitals – have invested in anti-virus security software on their endpoint devices to protect them from malware.

Despite installing a McAfee solution, Leeds Teaching Hospital has apparently suffered five attacks in the past year.

No Trusts reported paying a ransom or informed law enforcement of the attacks: all preferred to deal with the attacks internally.

Ransomware which encrypts data and demands a ransom to decrypt it has been affecting US hospitals for a while now. The Hollywood Presbyterian Medical Center in Los Angeles notoriously paid cyber criminals £12,000 last February after being infected by Locky, one of the most prolific ransomware variants.

nhstrustsransomware

With the infected computers or networks becoming unusable until a ransom has been paid* or the data has been recovered, it’s clear to see why these types of attack can be a concern for business continuity professionals, with the latest Horizon Scan Report published by the Business Continuity Institute highlighting cyber attacks as the prime concern. This is a very good reason why cyber resilience has been chosen as the theme for Business Continuity Awareness Week in 2017.

“These results are far from surprising,” said Tony Rowan, chief security consultant at SentinelOne. “Public sector organisations make a soft target for fraudsters because budget and resource shortages frequently leave hospitals short changed when it comes to security basics like regular software patching. The results highlight the fact that old school AV technology is powerless to halt virulent, mutating forms of malware like ransomware. A new and more dynamic approach to endpoint protection is needed.”

Rowan continued: “In the past, some NHS Trusts have been singled out by the Information Commissioner’s Office for their poor record on data breaches. With the growth of connected devices like kidney dialysis machines and heart monitors, there’s even a chance that poor security practices could put lives at risk.”

*Note that the data isn’t always recovered even after a ransom has been paid

Leave a comment

Filed under Risk UK News, Uncategorized

Unwitting cyber scammers cold call industry expert at C3IA Solutions

Would-be cyber scammers made a megabyte blunder when they cold-called Matt Horan of C3IA Solutions: Horan is one of the country’s top cyber security experts. Realising the crooks were trying to take control of his computer, Horan put the call on speaker phone and asked a colleague to record it, with hilarious consequences.

After stringing out the conversation for 35 minutes – during which time he was passed to more senior ‘helpers’ as he posed as an ignorant computer user – Horan then informed the caller that he had no Internet connection.

This prompted the fraudster to use an expletive before hanging up in anger. An edited video of the call has been amusing people across social media.

Horan is keen that the video is used to help people avoid falling for cyber scams. He told Risk UK: “One of the weakest parts of any business’ cyber security is the staff. They do nothing malicious, but can easily assist fraudsters. Along with ‘phishing’ e-mails, this type of phone scam is common and can cause huge amounts of damage.”

Matt Horan, director of C3IA Solutions

Matt Horan of C3IA Solutions

Horan continued: “The caller purports to be from Microsoft or a similar outfit and informs the person who answered the call that there’s a problem with their computer. They then instruct that person to look at the computer’s ‘systems and events logs’, which is simply a log of every action taken. They tell them that this is evidence of ongoing malicious attacks. After that, they try and entice them to log into TeamViewer or something similar which means they then can gain remote access and control of the target computer.”

In addition, Horan stated: “They then have all the information on a computer or network and can infect the system, read e-mails, steal passwords or encrypt the stored data. They can basically do anything they want. Obviously, this can cause massive harm to a business and may well lead to data loss, the theft of funds and the stealing of intelligence as well as cause acute embarrassment.”

C3IA Solutions trains staff at businesses to be ‘cyber-savvy’ and always to hang up on calls like this. If staff are in doubt they should contact their IT support.

“Firms such as Microsoft don’t make calls like the one I took, but they seem authentic,” explained Horan. “Often, the scammers work in pairs so the initial caller can pass over the call to a ‘senior supervisor’, as they tried with me. This gives an added authenticity. Caution should be the watchword when taking calls like this one.”

*The video can be viewed on YouTube: https://youtu.be/ncIehp0fBT8

Based in Poole, Dorset, C3IA Solutions is one of fewer than 20 companies certified by the Government’s National Cyber Security Centre. In addition to its work with Government agencies including GCHQ, the company operates a commercial section that works with businesses, assisting them with their cyber security.

C3IA (a military term) Solutions was set up in 2006 by Horan and Keith Parsons. It has 84 personnel on contract of whom 33 are employees and 51 are associates. The business operates in the defence and security sectors serving both SMEs and multi-national firms.

C3IA is a leading provider of secure ICT, technical programme management and information security services and solutions.

The company takes its Corporate Social Responsibility seriously, supporting serving and past members of the Armed Services. Indeed, the business sponsors those engaged in personal and team development through arduous sporting and other challenges.

Leave a comment

Filed under Risk UK News, Uncategorized

“Hybrid cloud and the CIO will rule in 2017” asserts Informatica

Cloud has reached maturity. No longer seen as the dangerous option, widespread cloud adoption will enable more flexible and rapid service in 2017. As a result, businesses will need to have total control of their infrastructure and sensitive data if they’re to keep up. With this in mind, Greg Hanson (vice-president for worldwide consulting at data specialist Informatica), has moved to explain the four areas businesses must prepare for in 2017 if they’re to perfect their cloud strategy.

Enterprises will embrace a hybrid cloud approach to dispel data fragmentation

Widespread adoption of Software-as-a-Service (SaaS) has traditionally been the preserve of SMEs looking for subscription-based models and easily scalable software. Yet pockets of SaaS investment have crept into the enterprise in 2016, occurring within individual lines of business and causing data fragmentation which hampers agility.

In 2017, rather than shying away from SaaS deployments business-wide, successful enterprises will embrace a hybrid approach to the cloud and reclaim their single view of data assets.

Security will no longer be a question of on-premise or cloud

It’s no longer about whether on-premise or cloud is more secure, but rather about understanding that breaches come from the inside. Threats exist inside the firewall and, as a result, perimeter defence has long since been ineffective.

After all, the biggest threat to an organisation’s security posture doesn’t come from the kind of infrastructure and software it uses, but rather its people.

greghansoninformatica

Greg Hanson

The amount of data that business users are consuming and demanding means it’s the data management strategy that’s imperative. Security posture in 2017 will be defined by an organisation’s ability to carve out a cohesive data management strategy to track data wherever it resides, and then secure it at its source. 

Brands will live and die by their customer experience

From financial institutions to retailers and manufacturers, customer experience will overtake price as the new differentiator for customers. As such, data stewardship and governance will become the priority for those delivering second-to-none experiences and successful transformation projects.

It’s all very well pulling data assets together and sharing them with lines of business for these initiatives, but they will need to know that the quality of the data they’re implementing into systems is pristine.

What’s more, they will need the right guidance and tools to access the data in the first place and visualise it in such a way that it can travel the last mile and be put into real use. This is where a cohesive data management strategy is essential for bridging the disconnect between data scientists and business users. 

CIOs will secure their future by reclaiming ownership of data initiatives

With CIOs increasingly facing competition from a tech-savvy set of business IT buyers, it will be imperative that the former step up and take ownership of business agility and transformation to ensure they still lead their organisation’s digital journey.

Lines of business are increasingly looking to do things cheaper and quicker without the involvement of IT. This means that CIOs will need to reclaim control of data management at its root to drive enterprise-wide security and improve accessibility of data.

Only then can they fully ensure that the single view of the company’s data assets doesn’t become somewhat ‘muddied’ by a disjointed IT spend and independent data management across the business.

Leave a comment

Filed under Risk UK News, Uncategorized