Tag Archives: IT

Bosch launches new information security services to protect against cyber attacks

The IT Security Expo and Congress 2019 takes place in Nuremberg from 8-10 October and experts from Bosch will be on hand on Stand 506 in Hall 10.1 to outline the company’s latest information security services for defending against cyber attacks.

Cyber criminals pose a threat to building security solutions. Today’s physical security systems are increasingly IP-based and run on the same networks as generic office and production IT systems.

“The growing use of IT, along with greater networks, is also making building security solutions potentially vulnerable to all of the same risks that plague the rest of the IT world, such as hacker attacks and malware,” explained André Heuer, who heads the information security operation at Bosch Building Technologies. “Particularly so in critical infrastructure, this interaction of IT and facility management makes it essential to find new ways in which to ward off cyber attacks. We want to help our customers expand their information security strategies to include physical systems.”

BoschInformationSecurity

On that basis, Bosch is introducing new information security services to address security needs in conventional building security systems by erecting “cyber barriers”. The company’s portfolio now embraces three complementary components:

Information Security Consulting for designing tailored information security concepts to meet customers’ individual protection requirements

Security Operations Centre which manages vulnerabilities and information security incidents to ensure a consistently high level of security while complying with reporting requirements

IT Security Services which implement appropriate measures to protect building security solutions from cyber threats

All of the services are provided in close consultation with customers’ IT security officers. By offering these options, Bosch feels that it’s “raising the standard of information security in buildings to a new level”.

Advertisements

Leave a comment

Filed under Risk Xtra

Institute of Risk Management East Africa Regional Group partners with Serianu Ltd to grow local cyber risk talent

The Institute of Risk Management’s (IRM) East Africa Regional Group (a member body of the IRM in the UK) and Serianu Ltd have agreed to work together on addressing the huge deficit of qualified risk managers in the region coupled with local public and private sector organisations needing critical hand-holding to ensure risks and opportunities within organisations are effectively identified and managed.

The collaboration is bidding to develop a fundamental home-grown cyber risk management framework for the African context which aims to increase the number of competent risk professionals as well as enhance excellence in cyber risk management and reporting.

Serianu Ltd is a pan-African cyber security consulting firm. The business has signed a Memorandum of Understanding (MoU) with the IRM that will engender collaboration on research, training, community out-reach and policy design.

IRMLogo

According to Dorothy Maseke, chair of the IRM’s East Africa Regional Group, Kenya especially needs 1,000 qualified risk management professionals annually, yet over the last three years the population has grown from just under 20 to around 120 today.

“Risk management is a relatively new field of professional practice yet, locally and globally, there’s a major shift by regulators to entrench high risk management standards,” explained Maseke. “Risk has become a core reporting requirement by management as well as a key responsibility of Boards of Directors. For instance, Kenya’s public sector is guided by the Mwongozo Corporate Governance Code which sets out compliance parameters.”

New specialism

Maseke added that risk management had emerged as a new specialism as a result of changing business and public sector operating environments that have shone a spotlight on governance mechanisms. At the same time, the practice of risk management is increasingly credited with identifying great opportunities for innovation even as it seeks out issues that would derail any organisation from achieving its goals at any one time.

DorothyMasekeIRM

Dorothy Maseke

Threats and opportunities have been a standard in every organisation’s overall strategy for several decades, but now for the first time in corporate governance history, this is firmly set in the risk manager’s scope of work and monitored daily. Maseke noted that, in this way, organisations are also able to clearly assess and derive the benefits from investing in their systems and processes.

Carol Misiko, the East Africa Regional Group’s secretary, added that cyber risk is no longer a back-office IT team issue (although they clearly play a vital role). Misiko noted that today’s enterprise risk management function needs to be able to understand this constantly evolving risk, but also manage, monitor and report on this emerging risk.

Common interest

Speaking during the MoU signing ceremony, Serianu Ltd’s CEO William Makatiani observed that the two institutions have a common interest in growing the knowledge of Boards of Directors and senior management so that they have a strong grasp on emerging events and issues that may affect their organisations.

“We’re collaborating with the Institute of Risk Management to give directors and managers tools and methods that empower them to have a better grasp of cyber risks and opportunities they can exploit,” stated Makatiani. He added that, generally – and especially so in the public sector – the degree of compliance is still quite low and that many highly regulated private sector organisations are yet to get to cross the 50% mark.

Leave a comment

Filed under Risk Xtra

London jeweller strikes gold with Mul-T-Lock CLIQ

Mul-T-Lock has supplied a high-end jeweller in London with CLIQ locks in order to help the business manage access to cabinets holding valuable items. 

Stocking bespoke pieces and precious stones, the jeweller was looking for a high-level security solution that allowed sales personnel access to individual glass cabinets, without the worry that if one of the keys was lost or misplaced that they would then have to replace the entire suite. 

Over 50 CLIQ cam locks from Mul-T-Lock were installed at the jewellers on each of the cabinets, offering maximum security with the added benefit of audit trail capabilities. 

These capabilities include the ability to schedule individual access permissions for each key, as well as to provide time-limited access. In the case of this particular jewellers, each member of staff was given access to a selection of cabinets at varying times, with individual permissions set by the administrator.

Women's Dream

For example, access could be set for only business hours, meaning that the cabinet could not be accessed at evenings or weekends. Similarly, each time a user opens a lock, that action will be recorded in the system, meaning that the administrator can keep an eye on operations electronically. 

Specialist Mul-T-Lock integrator Elelock Systems specified and installed the CLIQ locks at the jewellers after weeks of careful consultation with the business owner to better understand the store’s requirements. 

Chrys Chrysostomou, managing director of Elelock, told Risk Xtra: “One of the biggest concerns for this particular jeweller was the threat of compromised security if cabinet keys were lost. Mul-T-Lock’s CLIQ technology means you can revoke access in minutes, whereas with a traditional system you would have needed to replace the whole lock, in turn costing time and money. With no cabling, the system was easy to configure and install, making it suitable for a variety of applications. The store manager also received hands-on training from ourselves and Mul-T-Lock, alongside the jeweller’s head of IT and its security representative.” 

MulTLockJewellers2

Suresh Peri, commercial and technical manager at Mul-T-Lock, added: “Our CLIQ system is ideal for retail applications where there are a number of members of staff who need access at varying times, or that require individual permissions for access to high security storage rooms, cabinets or drawers. Being able to revoke access permissions when a member of staff leaves the business also allows retailers to uphold their security and reduce ongoing maintenance costs.”

Leave a comment

Filed under Risk Xtra

NTT Security Corporation signs definitive agreement to acquire WhiteHat Security

NTT Security Corporation has signed a definitive agreement to acquire the privately-owned concern WhiteHat Security, the application security provider committed to securing applications that run enterprises’ businesses. Post-acquisition, WhiteHat Security will operate as an independent and wholly-owned subsidiary of the NTT Security Corporation.

As a result of this acquisition, NTT Security will “provide the world’s most comprehensive end-to-end cyber security solutions”. Together, andworking hand-in-hand, the two organisations will address enterprise security needs that range from IT infrastructure through to critical business applications covering the full lifecycle of digital transformation.

This acquisition expands NTT Security’s portfolio, allowing its customers and partners to benefit from WhiteHat Security’s cloud-based Application Security Platform. For their part, WhiteHat Security’s customers and partners will have access to NTT Security’s consulting and advisory services, along with its next generation platform-based Managed Security Services.

WhiteHatSecurityLogo

“NTT Security’s overarching goal is to provide comprehensive, game-changing cyber security solutions that address the broader needs of digital transformation,” explained Katsumi Nakata, CEO at NTT Security. “WhiteHat Security is recognised globally as a leader and pioneer in the field of application security cloud services and DevSecOps spaces. By bringing WhiteHat Security into our portfolio, we are now well positioned to deliver on our vision of securing a smart and connected society by providing comprehensive security solutions for enterprises undergoing digital transformation.”

Craig Hinkley, CEO of WhiteHat Security, responded: “WhiteHat Security has been at the centre of application security, providing wide-reaching solutions to its customers and partners, and we will continue to invest in our people and technologies to maintain that leadership. The synergy between our two security-focused companies will enable our partners, customers and prospects alike to benefit from our combined cyber security solutions.”

NTT Security and WhiteHat Security will continue to invest in emerging technologies to secure their customers’ businesses. The acquisition enhances NTT Security’s ability to deliver high-performing and effective application security at a global scale.

Leave a comment

Filed under Risk Xtra

KnowBe4 study reveals 92% of organisations’ biggest security concern is end users

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released the results of new research. The company’s report examines over 350 organisations globally and reveals the security weaknesses and concerns within them. On average, 81% of organisations had some degree of concern around security issues.

Cyber crime continues to evolve and become more sophisticated. Artificial Intelligence and machine learning are leveraged by many criminal organisations to help them better understand how to improve their attacks and they’re now targeting specific industry verticals, organisations and even individuals.

Increases in the frequency of ransomware, phishing and crypto-jacking attacks have been experienced by businesses of nearly every size, vertical and location.

KnowBe4

When it comes to attack vectors, data breaches are the primary concern, with credential compromise coming a close second. These two issues go hand-in-hand as the misuse of credentials remains the foremost attack tactic in data breaches. That’s according to Verizon’s 2018 Data Breach Investigations Report.

Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively “old” attack vectors.

Other key findings

*92% of organisations rank end users as their primary security concern. At the same time, security awareness training along with phishing testing tops the list of security initiatives that organisations need to implement

*Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate. In terms of attacks, 95% of those organisations surveyed are most concerned with data breaches

*Ensuring security is in place to meet General Data Protection Regulation (GDPR) requirements is still a challenge for 64% of organisations, despite the GDPR’s fine details having been public knowledge for quite some time

*Attackers’ use of compromised credentials is such a common tactic. 93% of organisations are aware of the problem, but still have lots of work to do to stop it

*When it comes to resources, 75% of organisations don’t have an adequate budget

“2018 was a prolific year for successful cyber attacks, with many of them caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start their defence by establishing a security culture. In order to combat the escalation of social engineering, they absolutely have to ensure that users are trained and tested.”

To read the full report visit www.KnowBe4.com

Leave a comment

Filed under Risk Xtra

UK’s SMBs battling average of five cyber attacks per annum

Small and medium-sized businesses (SMBs) in the UK have faced up to an average of five cyber attacks in the last 12 months. That’s according to research commissioned by online encryption specialists Appstractor Corporation that highlights the growing threat such businesses face from online criminals.

A significant number of IT decision-makers in these SMBs believe they’re being put at greater risk of attack because their security software isn’t keeping pace with the sophisticated nature of the attacks with which they’re confronted.

According to the new independent report entitled ‘Under Attack: Assessing the Struggle of UK SMBs Against Cyber Criminals’. some businesses (19%, in fact) faced as many as ten attacks in the last year. IT bosses who took part in the research survey suggested that one of the major causes for concern for SMBs in the UK is that security and encryption software is aimed at individual consumers or large corporations and Governments, meaning that they cannot be deployed effectively in a small business environment.

SMBCyberSecurity

In fact, only 44% of IT decision-makers in SMBs believe that they’re able to properly protect themselves against cyber criminals using current software and systems when compared to the ability of large businesses to protect themselves.

A third believe that the UKs small business community – which makes up 99% of businesses, according to the Federation of Small Businesses – is being “forgotten about” and placed at a higher level of risk when compared to their larger counterparts.

When it comes to the level of threat faced by these smaller companies, Appstractor Corporation’s research found that 17% of companies faced at least one attack in the last year, 28% were attacked two or three times, 32% faced four or five attacks and 19% were attacked between six and ten times.

A small proportion of companies – 2% – said that their company had been targeted up to 20 times in the last 12 months.

Commenting on the report, Paul Rosenthal (CEO and founder of Appstractor Corporation) agreed that current solutions were not up to scratch. but also said that some SMBs were making themselves an easy target for criminals.

“It’s the case that SMBs are at a disadvantage in the cyber security arms race because software and platforms are not being effectively designed for them, so they have to shoehorn consumer or large enterprise-grade solutions into their company which don’t work in small businesses. IT managers and small business owners need to rid themselves of their current ideas that they are too small to be targeted and so don’t have to worry about security and encryption software. The reality is that small businesses are being targeted by criminals more than ever before. Techniques like automated mass targeting are putting them at a serious and present risk of attack.”

*To access the full report click here

Leave a comment

Filed under Risk Xtra

95% of UK businesses “still struggling” with mobile working as security of data continues to cause concern

Apricorn – the manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives – has unveiled new research results highlighting that 95% of organisations surveyed in the UK recognise problems with mobile and remote working. Worryingly, nearly one-in-five (18%) suggest that their mobile workers don’t care about security.

All (ie 100%) of those IT decision-makers surveyed noted that they had employees who work remotely at least some of the time, with an average of over one third (37%) of staff members who do so. With an increase in the numbers of people working remotely, this means more data moving beyond the confines of the corporate network. Organisations need to ensure that any data – be it at rest or on the move – remains secure.

While many are taking steps to ensure their data is protected, for instance by implementing security policies for mobile working and Bring Your Own Device, just under half of respondents (44%) still agree that their organisation expects their mobile workers to expose them to the risk of a breach. Roughly one third (32%) say that their organisation has already experienced a data loss or breach as a direct result of mobile working, while 30% of respondents from organisations where the General Data Protection Regulation (GDPR) applies are concerned that mobile working is an area that will most likely cause them to be non-compliant.

MobileWorkingSecurity

53% cited that one of their Top Three biggest problems with remote working is due to the complexity and management of the technology that employees need and use. Over half (54%) say that, while their organisation’s mobile workers are willing to comply with requests relating to security measures, employees lack the necessary skills or technologies required to keep data safe. Nearly one third (29%) take the radical approach of physically blocking all removable media, while a further 22% ask employees not to use removable media (although they have no technology means by which to enforce this).

“The number of organisations blocking removable media has increased compared with responses to the same question in 2017, when 18% said they were physically blocking all removable devices,” said Jon Fielding, managing director for the EMEA at Apricorn. “A unilateral ban isn’t the solution and ignores the problem altogether, while also presenting a barrier to effective working. Instead, businesses should identify corporately approved, hardware-encrypted devices that are only provided to staff with a justified business case for having such. The approved devices should then be white-listed on the IT infrastructure, blocking access to all non-approved media.”

Risk of data breaches

Despite strict security policies, mobile working can still leave organisations wide open to the risk of a data breach. Half (50%) of respondents admitted one of the three biggest problems with mobile working is that they cannot be certain their data is adequately secured. Only around half enforce and are completely confident in their encrypted data in transit (52%), in the cloud (52%) and at rest (51%).

“While the new GDPR legislation requires the ‘Pseudonymisation’ and encryption of personal data, encryption isn’t a new concept, and keeping data secure has always been imperative to any organisation handling sensitive information,” added Fielding.

In conclusion, Fielding stated: “Organisations are simply not following security Best Practice. They need to implement and enforce policies and provide employee training to ensure compliance with the GDPR. Failing to put processes in place is putting confidential data at risk. Organisations now face the prospect of being fined even before a breach has occurred.”

Leave a comment

Filed under Risk Xtra