Tag Archives: Data

IDIS strengthens integrity of video surveillance with critical failover

IDIS has debuted a powerful suite of features designed to bring critical failover capabilities and peace of mind to users of the company’s innovative technology offerings. Bringing together existing, improved and new failover features, IDIS addresses multiple threats to crucial video surveillance operations with IDIS Critical Failover, a collection of five capabilities that strengthen the fault tolerance of end users’ CCTV infrastructure.

“If any part of video surveillance infrastructure fails, it’s critical to first recognise the failure and then initiate appropriate alternative or redundant technologies to minimise loss of data,” noted James Min, managing director of IDIS Europe. “Full redundancy of every component in your infrastructure is prohibitively expensive and adds unnecessary complication in most cases, while manual recognition and resolution costs precious time and risks gaps in footage. IDIS Critical Failover reduces both issues through a multi-layered collection of capabilities spread across the devices in your infrastructure.”

IDISCriticalFailover

IDIS Critical Failover consists of five parts: Temporary Smart Failover, Smart Failover, Storage Redundancy, NVR Failover and Dual Power Supply.

If you experience a problem with network instability, Temporary Smart Failover starts recording to an internal recording session buffer (of at least 60 MB), ensuring there’s no break in the data being sent to the NVR. For longer network issues, such as a complete failure of the link between the camera and the NVR, Smart Failover takes over. When the IP camera and NVR become disconnected, the camera instantly begins recording to an internal SD card. It records at the original quality until half of the SD card is filled up and then adjusts the quality to ensure a full 24 hours of footage is captured on just a 32 GB card. H.265 cameras add support for SDXC cards, with a theoretical limit of 2 TB. Once the network link is restored, all of the data is automatically transferred to the NVR, leaving no incident unrecorded.

Storage Redundancy exists inside the NVR (DR-8364D) in the form of native RAID 1 or RAID 5 support. With RAID 1 support, the NVR stores two identical copies of the data: if one disk fails, the data is then retrieved from the second one. RAID 5 stores the data and additional parity data in separate locations, providing the same redundancy, but more efficiently than RAID 1.

NVR Failover protects against the failure of the entire NVR. Both the primary and standby NVR continuously monitor one another to quickly switch to the functioning NVR during a failure, reducing the risk of data loss and decreasing failover response times.

Finally, native Dual Power Supplies (DR-8364D) provide a redundant power supply in case the first one fails, increasing uptime and reducing the risk of data loss.

*View Critical Failover in action: https://youtu.be/FvAgyOSuhTM

Advertisements

Leave a comment

Filed under Risk UK News

Hanwha Techwin Europe awarded Government’s prestigious Cyber Essentials certification

Hanwha Techwin Europe has been certified as being compliant with the UK Government-backed Cyber Essentials scheme. Administered by the Department for Business, Energy and Industrial Strategy, the industry-supported scheme is designed to help organisations protect themselves against common cyber attacks.

The certificate awarded to Hanwha Techwin Europe verifies that the business has procedures in place specifically designed to minimise the threat of an attack on the IT infrastructure at the company’s headquarters in Chertsey, Surrey and extends to cover laptops used by field-based employees.

HanwhaTechwinEuropeHQ

“We’re constantly evaluating and updating our IT security in order to negate the risk of any disruption to our business or our business partners,” said Bob Hwang, managing director of Hanwha Techwin Europe. “Our cyber security programme is a key element of our ‘We Move With Trust’ philosophy and reflects the proactive stance we’re taking to protect confidential data.”

CyberEssentialsLogo

Hwang continued: “Beyond the scope of the Cyber Essentials scheme, we remain vigilant to ensure that our Wisenet cameras, recording devices and software entrusted to protect property, people and assets are equipped to minimise the threat from cyber attacks. We have a sustained testing and monitoring programme in place designed to identify evolving new threats to the integrity of our solutions. We’re determined to be open and honest with our customers when new cyber security threats are identified and will move quickly to develop further advanced versions of our firmware to combat them.”

Leave a comment

Filed under Risk UK News

Euralarm outlines content of upcoming new study on false fire alarms in Europe

Fire and Rescue Services collect facts and figures during responses to alarms from fire detection and alarm systems. Now, Euralarm has reviewed the different approaches for data collection and analysis in England, Germany, Switzerland, Sweden and Austria.

A key observation is the differences noted between the examined countries. These differences hamper comparisons, although a view of the European norms would suggest the opposite. Euralarm is therefore calling for more co-operation between the stakeholders involved which would enable new insights into fire alarms in general.

Buildings are safer today because of the fire detection and alarm systems installed within. Indeed, without these systems, fires would go undetected and spread. Exit routes would be impassable due to smoke and fire, resulting in injuries and even fatalities, aside from damage caused to the building(s).

EuralarmFireAlarmReport

As is the case with any system, though, there are conditions that can lead to false alarms binding public and private resources as well as hurting the reputation of fire alarm and detection systems. False alarms can be reduced, for example, through the use of modern multi-sensor fire detectors as well as the regular application of correct maintenance requirements, making the systems reliable and dependable for building occupants.

In spite of such existing solutions, the market is lacking sufficient data that would outline the potential to reduce false alarms even more. An initial study by Euralarm in 2012 showed that data sources were missing and existing sources not comparable. Reliable details (eg data pools) on the range of false alarm difficulties and their causes are needed. At the moment, lack of such detail is hindering the development of a suitable basis upon which to define and deploy effective countermeasures.

The new study focuses on investigating data collection and analysis processes in order to achieve a better understanding of what needs to be done and, hopefully, will provide momentum for changes to be made.

Key observations

The review of the data collection process of transmitted alarms from fire detection and Alarm systems has been carried out by the Euralarm Task Group for False Alarms.

The project’s objective has been to analyse the specific methodologies by taking an empirical approach, with the aim of deriving a common understanding of the facts and figures collected during Fire and Rescue Services’ responses to fire alarms.

From the existing data pools, members of the Task Group then attempted to calculate the false alarm ratios based on four different models. In doing so, they then took the step of attempting a comparison between the investigated countries.

One of the observations of the review is that comparison of fire alarm figures in the respective countries is hampered by “missing alignment” in terms of common terminology and processes. A view towards the European norms would suggest the opposite, but the fact is that the application guidelines are national and these are the basis for any data collection. The analysed material recorded and collected by experts during responses to fire alarms is handled quite differently from country to country.

Lack of proper information leads to narrow or wrong measures being implemented, which is clearly detrimental to society and must be changed.

A fundamental understanding of fire alarms – and specifically false alarms – is a requirement for any attempts towards betterment. Since a common approach would (in principle) be possible, Euralarm proposes that the fire safety industry, Fire and Rescue Services and building owners work far more closely together on this matter.

*The full report will be published in Q4 2017

Leave a comment

Filed under Risk UK News

Inner Range to unveil Integriti Encrypted High Security integrated access control and security system at IFSEC International 2017

We live in an era where criminal activity has become more sophisticated and information about system hacking more readily available. With organisations being more vulnerable to attack, access control and security system manufacturer Inner Range is addressing the challenge for the security industry by adding another system to its already strong portfolio: Integriti Encrypted High Security.

Launching at IFSEC International 2017, Inner Range’s Integriti Encrypted High Security is an integrated access control and security system offering the pioneering integrated security and building management functionality of its flagship brand Integriti, but with the added advantage of being end-to-end fully encrypted to 128 bit with Mac authentication. Data encryption ensures secure LAN communications at all times, while continuous monitoring detects any fault or attempted module substation.

Chantel Smith, business development manager at Inner Range Europe, commented: “Integriti Encrypted High Security delivers end-to-end full encryption, which is essential for buildings and facilities that are of critical importance to national infrastructure and for Data Centres and research labs where there’s a heightened security risk.”

Smith continued: “Equally, we’re experiencing an increase in demand for systems from organisations big and small that don’t necessarily need end-to-end encryption to meet regulatory requirements, but understand the importance of adding an extra layer of protection for their buildings.”

InnerRangeIntegritiHighSecurity The Integriti Encrypted High Security system comprises a suite of products which together offer all the elements necessary to build a fully-integrated high security system that provides complete end-to-end data encryption. The Integriti range of products includes controllers, input expansion modules, end of line modules, keypads, card readers, power supplies and equipment enclosures.

The system’s modular design delivers scope for expansion while also boasting hybrid architecture which supports both high security and standard commercial grade (resistor network) areas at the same facility at the same time. The end result is a single, holistic and affordable security solution for the entire organisation.

Expansion of the Integriti system is achieved by installing additional encrypted modules to the high security controller’s RS-485 LAN or adding additional controllers to the system. The entire platform, including multiple controllers, can be managed from the Integriti Enterprise software.

*Visit Inner Range Europe on Stand E1400 at IFSEC International 2017

Leave a comment

Filed under Risk UK News

Social engineering “a top cause of cyber incidents” finds Cyber Resilience Report

Research commissioned by Crises Control from the Business Continuity Institute for its annual Cyber Resilience Report 2016 confirms much of what we already suspected about the changing nature of the cyber threat and the way that cyber criminals have found new ways to defeat corporate perimeter security.

66% of respondents to the survey reported that their companies had been affected by at least one cyber security incident over the last 12 months. The costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack. This is focused on the weakest link in the corporate security chain, which is now human beings rather than technology.

The term ‘social engineering’ describes this attack vector, which relies heavily on human interaction and often involves tricking people into breaking normal security procedures. The BCI research shows clearly that phishing (ie obtaining sensitive data through false representation) and social engineering is now the single top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months.

A further 37% were hit by spear phishing (ie phishing through identity fraud).

BCICyber

The research has also confirmed that, to effectively counter this threat, companies now need behavioural threat detection provided by a cyber security network monitoring solution. These plug-in devices monitor your network for signs of suspicious insider activity and failed attempts to hack into the system.

They can also provide invaluable intelligence to be acted upon proactively to nip a successful hack or insider threat in the bud.

Traditional anti-virus monitoring software is no longer enough. The BCI research shows that 72% of companies have this software in place, but only 26% of real cyber security incidents were actually discovered through this route. Much worse, 18% of incidents came to attention through an external source such as a customer, a supplier or the impact on a public website.

Network monitoring solutions are much more effective than anti-virus software in terms of alerting companies to a cyber breach, with 63% of businesses having network monitoring software in place and 42% of cyber incidents being brought to attention through the work of the IT Department to whom such systems report.

The scale of the cyber threat can feel overwhelming at times, but educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience.

The message is simple… Act now before it’s too late.

Leave a comment

Filed under Risk UK News

“Watering hole-style cyber attacks on the rise” warns High-Tech Bridge

On Sunday 12 February, security firm Symantec released an analysis of a new wave of attacks that has been underway since at least October 2016 and came to light when a bank in Poland discovered previously unknown malware running on a number of its computers.

The bank then shared indicators of compromise with other institutions and a number of those other organisations confirmed that they too had been compromised.

These ‘watering hole’ attacks attempted to infect more than 100 organisations in 31 different countries.

Symantec has blocked attempts to infect customers in Poland, Mexico and Uruguay by the same exploit kit that infected the Polish banks. Since October, 14 attacks against computers in Mexico have been blocked, 11 against computers in Uruguay and two against computers in Poland.

wateringholecyberattack

Preliminary investigations suggested that the starting point for the Polish infection could have been located on the web server of Poland’s financial sector regulatory body, namely the Polish Financial Supervision Authority (www.knf.gov.pl).

Commenting on this news, Ilia Kolochenko (CEO of High-Tech Bridge) said: “We should expect that cyber criminals will find more creative and reliable ways to compromise their victims. Trustworthy websites, such as governmental ones, represent great value for cyber criminals, even if they don’t host any sensitive or confidential data.”

Kolochenko continued: “In the past, hackers used one-off or garbage websites to host malware, but as corporate users become more educated and vigilant, attackers need to find more reliable avenues to deliver malware and enter corporate networks. That’s why Gartner, as well as other independent research companies, continuously say that the risk posed to corporate web applications is very high and seriously underestimated. Spear phishing and watering hole attacks against high-profile websites will grow significantly in the near future.”

Leave a comment

Filed under Risk UK News, Uncategorized

30% of NHS Trusts have experienced a ransomware attack” finds SentinelOne

30% of NHS Trusts in the UK have experienced a ransomware attack, potentially placing patient data and lives at risk. One Trust – the Imperial College Healthcare NHS Trust – admitted to being attacked 19 times in just 12 months. These are the findings of a Freedom of Information (FoI) request submitted by SentinelOne.

The Ransomware Research Data Summary explains that SentinelOne made FoI requests to 129 NHS Trusts, of which 94 responded. Three Trusts refused to answer, claiming their response could damage commercial interests. All but two Trusts – Surrey and Sussex and University College London Hospitals – have invested in anti-virus security software on their endpoint devices to protect them from malware.

Despite installing a McAfee solution, Leeds Teaching Hospital has apparently suffered five attacks in the past year.

No Trusts reported paying a ransom or informed law enforcement of the attacks: all preferred to deal with the attacks internally.

Ransomware which encrypts data and demands a ransom to decrypt it has been affecting US hospitals for a while now. The Hollywood Presbyterian Medical Center in Los Angeles notoriously paid cyber criminals £12,000 last February after being infected by Locky, one of the most prolific ransomware variants.

nhstrustsransomware

With the infected computers or networks becoming unusable until a ransom has been paid* or the data has been recovered, it’s clear to see why these types of attack can be a concern for business continuity professionals, with the latest Horizon Scan Report published by the Business Continuity Institute highlighting cyber attacks as the prime concern. This is a very good reason why cyber resilience has been chosen as the theme for Business Continuity Awareness Week in 2017.

“These results are far from surprising,” said Tony Rowan, chief security consultant at SentinelOne. “Public sector organisations make a soft target for fraudsters because budget and resource shortages frequently leave hospitals short changed when it comes to security basics like regular software patching. The results highlight the fact that old school AV technology is powerless to halt virulent, mutating forms of malware like ransomware. A new and more dynamic approach to endpoint protection is needed.”

Rowan continued: “In the past, some NHS Trusts have been singled out by the Information Commissioner’s Office for their poor record on data breaches. With the growth of connected devices like kidney dialysis machines and heart monitors, there’s even a chance that poor security practices could put lives at risk.”

*Note that the data isn’t always recovered even after a ransom has been paid

Leave a comment

Filed under Risk UK News, Uncategorized