Tag Archives: Internet

NordVPN creates new generation password manager dubbed NordPass

NordVPN is creating a new generation password manager. NordPass will have a full range of features to ensure that passwords are as secure as possible. Its easy-to-use interface makes staying secure effortless.

“We can secure your connections with NordVPN and we can secure your files with NordLocker, but you still need a strong password for both,” explained Marty Kamden, CMO at NordVPN. “Passwords are the front line for your online account security. That’s why we’re introducing NordPass. It all started when we were looking for a safer and more productive way to deal with passwords within our company. In the end, this initiative has grown into something pretty exciting, which we decided to expand beyond the bounds of our own business.”

NordPass will remember and autosave all passwords, autofill online forms and allow the saving of private notes. Additionally, the new tool will generate strong passwords on the spot. NordPass will support major operating systems, offering browser extensions as well as native mobile and desktop apps.

ZeroEncryptionNordPass is created using the latest security practices and industry standards. It uses powerful Advanced Encryption Standard (AES-256-GCM) encryption with Argon2 for key derivation, which is virtually unbreakable. Additionally, the new tool will have a zero-knowledge encryption process to ensure ultimate security.

“Zero-knowledge encryption means you own the key to your passwords,” continued Kamden. “By the time your data reaches our servers, it’s already encrypted on your device, which means we have zero knowledge about the items saved in your vault. We couldn’t see your passwords even if we wanted to. These are only the essential features that come with the first version of NordPass. We’re very eager to expand its capabilities in the near future.”

At the moment, NordPass is going through internal stress-tests. It’s expected that the first beta version will be released this autumn.

NordVPN is a trusted online privacy and security solution used by over 12 million Internet users worldwide. It offers military-grade encryption with advanced privacy solutions and is recognised by the most influential tech sites and IT security specialists.

*For more information in NordPass access the NordVPN blog

Leave a comment

Filed under Risk Xtra

Hikvision awarded Cyber Essentials Plus accreditation by National Cyber Security Centre

Hikvision has been awarded Cyber Essentials Plus status – the highest accreditation in the programme. Operated by the National Cyber Security Centre (NCSC), the Cyber Essentials scheme is an independently assessed accreditation supported by the Government. The scheme is designed to carry out rigorous testing of Internet-enabled products connected to a given company’s infrastructure – in this case that of Hikvision – in order to ensure that, when connected to a network, those products are safe, secure and don’t provide a risk to devices on the rest of the network.

In partnership with five independent test houses, the Cyber Essentials Plus accreditation process covers a number of different areas to ensure users of Internet-enabled devices are assured of the highest level of protection against potential cyber threats and attacks. These independent test houses assess products through internal testing and vulnerability scanning. Cyber Essentials Plus accreditation is only awarded when testers are fully satisfied that the tested products don’t pose a risk to the wider network.

CyberEssentialsPLUSLogo

“Cyber security is really hot topic in the security industry so naturally we’re delighted to have been awarded Cyber Essentials Plus status,” explained Gary Harmer, sales director for Hikvision UK and Ireland. “As the only manufacturer in our industry to have received this level of accreditation, it’s confirmation of the confidence we at Hikvision have in our own operations.”

Hikvision will continue to work with the NCSC and other authorised bodies to maintain, develop and enhance the security of its products, operating environments and processes.

*An earlier version of the Press Release suggested that the Cyber Essentials Plus status relates to products and has caused some confusion. To clarify, Hikvision has been awarded Cyber Essentials Plus accreditation, which relates directly to the security and robustness of its own infrastructure within the company’s UK operation. It was never Hikvision’s intention to mislead the reader with any inference that the accreditation related in any way to the company’s own products. Hikvision sincerely apologises for the unclear statement about the award

*To find out more about Hikvision’s plans for enhanced cyber security, visit Stand D300 at IFSEC International between 19-21 June. IFSEC International runs at London’s ExCeL

Leave a comment

Filed under Risk Xtra

Free seminar set to help buyers and installers improve cyber security

Helping security buyers and installers to navigate the complex world of cyber security is the aim of a forthcoming event organised by the British Security Industry Association (BSIA). Supported by the Fire Industry Association (FIA), the event takes place in Solihull on Wednesday 4 October.

This free-to-attend, half-day gathering will include presentations from a wide range of cyber security experts and offer a particular focus on the potential vulnerabilities of ‘connected products’ – meaning any security product (ie intruder alarms, video surveillance systems and access control) that could be accessed or operated remotely via the Internet – and how these vulnerabilities can be combated.

Delegates will be informed about the potential cyber risks facing their business, with presentations from the West Midlands Police digital cyber crime team and an engaging and surprising demonstration from the Scottish Business Resilience Centre’s team of ‘ethical hackers’.

Attendees will also find out how they can combat the cyber threats they face, with presentations outlining the benefits of the Government’s Cyber Essentials accreditation and introducing the BSIA’s ongoing work in the field of cyber security.

BSIACyberSecurity

Finally, delegates will benefit from a summary of the new EU General Data Protection Regulation (GDPR), which is set to come into force in early 2018.

The event is open to security and fire solutions buyers and installers, or indeed anybody from either industry with an interest in improving their business’ cyber security and data protection policies.

Registration for the event will be open from 9.00 am, with presentations kicking off at 9.45 am and the event expected to finish at around 1.30 pm. A full programme and online booking forms for both delegates and exhibitors are available on the BSIA’s website at: https://www.bsia.co.uk/events.aspx

Leave a comment

Filed under Risk UK News

Social engineering “a top cause of cyber incidents” finds Cyber Resilience Report

Research commissioned by Crises Control from the Business Continuity Institute for its annual Cyber Resilience Report 2016 confirms much of what we already suspected about the changing nature of the cyber threat and the way that cyber criminals have found new ways to defeat corporate perimeter security.

66% of respondents to the survey reported that their companies had been affected by at least one cyber security incident over the last 12 months. The costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack. This is focused on the weakest link in the corporate security chain, which is now human beings rather than technology.

The term ‘social engineering’ describes this attack vector, which relies heavily on human interaction and often involves tricking people into breaking normal security procedures. The BCI research shows clearly that phishing (ie obtaining sensitive data through false representation) and social engineering is now the single top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months.

A further 37% were hit by spear phishing (ie phishing through identity fraud).

BCICyber

The research has also confirmed that, to effectively counter this threat, companies now need behavioural threat detection provided by a cyber security network monitoring solution. These plug-in devices monitor your network for signs of suspicious insider activity and failed attempts to hack into the system.

They can also provide invaluable intelligence to be acted upon proactively to nip a successful hack or insider threat in the bud.

Traditional anti-virus monitoring software is no longer enough. The BCI research shows that 72% of companies have this software in place, but only 26% of real cyber security incidents were actually discovered through this route. Much worse, 18% of incidents came to attention through an external source such as a customer, a supplier or the impact on a public website.

Network monitoring solutions are much more effective than anti-virus software in terms of alerting companies to a cyber breach, with 63% of businesses having network monitoring software in place and 42% of cyber incidents being brought to attention through the work of the IT Department to whom such systems report.

The scale of the cyber threat can feel overwhelming at times, but educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience.

The message is simple… Act now before it’s too late.

Leave a comment

Filed under Risk UK News

Unwitting cyber scammers cold call industry expert at C3IA Solutions

Would-be cyber scammers made a megabyte blunder when they cold-called Matt Horan of C3IA Solutions: Horan is one of the country’s top cyber security experts. Realising the crooks were trying to take control of his computer, Horan put the call on speaker phone and asked a colleague to record it, with hilarious consequences.

After stringing out the conversation for 35 minutes – during which time he was passed to more senior ‘helpers’ as he posed as an ignorant computer user – Horan then informed the caller that he had no Internet connection.

This prompted the fraudster to use an expletive before hanging up in anger. An edited video of the call has been amusing people across social media.

Horan is keen that the video is used to help people avoid falling for cyber scams. He told Risk UK: “One of the weakest parts of any business’ cyber security is the staff. They do nothing malicious, but can easily assist fraudsters. Along with ‘phishing’ e-mails, this type of phone scam is common and can cause huge amounts of damage.”

Matt Horan, director of C3IA Solutions

Matt Horan of C3IA Solutions

Horan continued: “The caller purports to be from Microsoft or a similar outfit and informs the person who answered the call that there’s a problem with their computer. They then instruct that person to look at the computer’s ‘systems and events logs’, which is simply a log of every action taken. They tell them that this is evidence of ongoing malicious attacks. After that, they try and entice them to log into TeamViewer or something similar which means they then can gain remote access and control of the target computer.”

In addition, Horan stated: “They then have all the information on a computer or network and can infect the system, read e-mails, steal passwords or encrypt the stored data. They can basically do anything they want. Obviously, this can cause massive harm to a business and may well lead to data loss, the theft of funds and the stealing of intelligence as well as cause acute embarrassment.”

C3IA Solutions trains staff at businesses to be ‘cyber-savvy’ and always to hang up on calls like this. If staff are in doubt they should contact their IT support.

“Firms such as Microsoft don’t make calls like the one I took, but they seem authentic,” explained Horan. “Often, the scammers work in pairs so the initial caller can pass over the call to a ‘senior supervisor’, as they tried with me. This gives an added authenticity. Caution should be the watchword when taking calls like this one.”

*The video can be viewed on YouTube: https://youtu.be/ncIehp0fBT8

Based in Poole, Dorset, C3IA Solutions is one of fewer than 20 companies certified by the Government’s National Cyber Security Centre. In addition to its work with Government agencies including GCHQ, the company operates a commercial section that works with businesses, assisting them with their cyber security.

C3IA (a military term) Solutions was set up in 2006 by Horan and Keith Parsons. It has 84 personnel on contract of whom 33 are employees and 51 are associates. The business operates in the defence and security sectors serving both SMEs and multi-national firms.

C3IA is a leading provider of secure ICT, technical programme management and information security services and solutions.

The company takes its Corporate Social Responsibility seriously, supporting serving and past members of the Armed Services. Indeed, the business sponsors those engaged in personal and team development through arduous sporting and other challenges.

Leave a comment

Filed under Risk UK News, Uncategorized

“Faster response times needed to combat cyber threat” finds BCI survey

Two thirds of respondents to a global survey carried out by the Business Continuity Institute report that they had experienced at least one cyber incident during the previous twelve months, while 15% stated they had experienced at least ten incidents during the same period.

The frequency of these cyber incidents demonstrates exactly why it’s so important for organisations to have plans in place to mitigate them or otherwise lessen their impact.

The Cyber Resilience Report, conducted by the BCI and sponsored by Crises Control, found that there was a wide range of response times for cyber incidents. Almost a third of organisations (31%) stated that they responded within one hour. However, one fifth (19%) take a worrying four hours or more in responding to a cyber event, while almost half (44%) take more than two hours to respond. This has clear implications for the time taken to return to business as usual, and the ultimate cost of the incident to the host organisation.

IntelligenceLedSecurity2

Even if businesses wish to respond immediately to a cyber attack, the nature of the attack may render them unable to do so. The research finds that phishing and social engineering are the top causes of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months and 37% attacked by way of spear phishing.

The BCI has discovered that 45% of companies were hit by a malware attack and 24% by a Distributed Denial of Service episode. All these forms of attack will, in different ways, render an organisation’s own network either contaminated or inoperable. Their website may have been taken down and they may well have to switch off their Internet connection until they can secure themselves from further attack.

A detailed study of 369 business continuity and resilience professionals from across the world, the research also reveals that the costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

David James-Brown FBCI, chairman of the BCI, commented: “This piece of research is one of the most timely, insightful and relevant the BCI has ever produced. Cyber attacks tend to target the weakest links of an organisation. That calls for a greater awareness of cyber crime. As the cyber threat evolves, it’s crucial to stay on top of it, building long-term initiatives and regularly updating recovery plans.”

Rickie Sehgal, chairman of Crises Control, added: “Rapid communication with employees, customers and suppliers is vital for any company in terms of responding effectively to a major business disruption event such as a cyber attack. When your business is at risk, even a one-hour delay in responding to an incident can be too long. Taking more than two hours to respond, as almost half of companies appear to do, is simply unacceptable.”

Leave a comment

Filed under Risk UK News, Uncategorized

Protectas SA and Bosch Security Systems partner on new cloud-based monitoring services in Switzerland

Protectas SA and Bosch Security Systems are now partnering to provide remote video monitoring services to Protectas customers in Switzerland, home to two major Protectas Remote Control Centres.

Bosch cloud-based monitoring services enable Protectas to offer a vast portfolio of video monitoring services securely and cost-effectively from a centralised cloud server.

For its small- and medium-size customers, Protectas offers a highly effective ‘live intervention’ service, with IP cameras from Bosch monitoring key areas. Cameras detect suspicious behaviour and notify personnel at the Protectas Remote Control Centre. From this central location, the security operators view video, and can investigate and verify the suspicious behaviour being reported.

SecuritasProtectasBoschMonitoring

Through a remote audio connection, the operator notifies intruders that the police are on the way, preventing further damage.

Other vital monitoring services include video verification for indoor areas, virtual guard tours and virtual assistant, which provides immediate remote video and audio support to employees in distress with just one push of an emergency button.

The system is also designed for easy and inexpensive start-up. With only an IP camera and an Internet connection, end customers can begin using the Site Monitor App immediately for live and remote video monitoring. Benefits also include industry-specific business support services such as customer traffic reports for high-traffic retail facilities.

Fastest possible emergency response

Bosch cloud-based monitoring services and Protectas’ highly-trained operators work in synergy to ensure the fastest possible emergency response. Cloud-based alarm bundling intelligently groups related events together, significantly reducing the operator capacity needed per incident. As soon as the operator on duty initiates the alarm response process, cloud-based monitoring services displays the video operation interface, which renders a clear perspective of the situation to enable a swift and sure emergency response.

Arnaud Ducrot, CTO at Protectas, explained: “At Protectas, we’re really confident that this partnership will serve our remote guarding strategy. Including mature, efficient and cost-effective cloud services in our security solutions, especially on-site and mobile guarding, makes an important difference to our small- and medium-size customers.”

Protectas SA belongs to Securitas AB (which, incidentally, is not affiliated with the Swiss company of the same name, Securitas AG). From a broad range of services of specialised guarding, technology solutions and consulting and investigations, the business customises offerings that are suited to the individual customer’s needs in order to deliver the most effective security solutions.

Leave a comment

Filed under Risk UK News, Uncategorized