FCA review finds weaknesses in challenger banks’ financial crime controls

A recent review conducted by the Financial Conduct Authority (FCA) has found that some challenger banks have significant weaknesses within their financial crime controls and need to improve how they assess financial crime risk.

The review, which was conducted during 2021, has revealed that, in some instances, challenger banks did not have financial crime risk assessments in place for their customers. It also identifies a rise in the number of Suspicious Activity Reports reported by challenger banks, in turn raising concerns about the adequacy of these banks’ checks when taking on new customers.

The review focused on challenger banks that were relatively new to the market and offered a quick and easy application process. This included six challenger retail banks, which primarily consist of digital banks, and covered over eight million customers.

The review did find some evidence of good practice, for example when it comes to the innovative use of technology to identify and verify customers at speed.

Financial crime controls need to be ramped up

Cyber crime on the rise

Sridhar Iyengar, managing director at Zoho Europe, commented: “Today, cyber crime and fraudulent activity is rapidly on the rise with more sophisticated episodes taking place all over the world. It’s no surprise that challenger banks are being impacted, but being able to verify customers at speed is no use if suspicious activity is being missed. As it stands, money launderers are still able to evade detection by capitalising on the shortfalls within a banks’ technological infrastructure.”

Iyengar continued: “There are many new features that can help make systems more secure or raise red flags early. Companies including banks can now benefit from the likes of Artificial Intelligence-based systems to help identify potential fraudulent activities. Immediate action can be taken and customers will remain sheltered from risk.”

Further, Iyengar stated: “In highly competitive markets such as banking, having modern IT systems in place can make a real difference in terms of providing business value and positively impact customer trust and the customer experience as a whole. For market challengers, this is even more important.”

The growing cyber risk, coupled with the growth of hybrid working, which can potentially add further security risks, makes it imperative for all businesses to assess their current IT systems.

Iyengar concluded: “Keeping operations secure, efficient and compliant with regulations is a different endeavour to what it was just a few years ago, and demands that all organisations modernise their IT systems such that the latter are fit for purpose in the post-COVID business landscape.”

Three-year strategy

Sarah Pritchard, executive director for markets at the FCA, said: “Our three-year strategy highlights our commitment to reducing and preventing financial crime. This is important in terms of creating confidence for consumers and market participants in financial services and in demonstrating that the UK is a safe place in which to do business.”

Pritchard concluded: “Challenger banks are an important part of the UK’s retail banking offer. However, there cannot be a trade-off between quick and easy account opening and robust financial crime controls. Challenger banks should consider the findings of this review and continue to enhance their own financial crime systems in order to prevent harm being done by criminals.”

Cyber security vendors announce alliance and Zero Trust PAM solution in EU

Identity Methods, an end-to-end provider of Zero Trust IT architecture, has announced a strategic partnership with Senhasegura, the global cyber security vendor with a presence in over 55 countries and headquartered in Sao Paulo.

The agreement will make Privileged Access Management (PAM) solutions available in the UK and Ireland, Nordic and Benelux markets. That process begins with the launch of Domum, which delivers maximum security for remote workers based on Zero Trust without the need for a VPN, installing agents, additional licensing or any additional configurations.

With expertise in PAM automation and security, Senhasegura is recognised by Gartner as a ‘challenger’ and placed among the ten best global PAM technologies in the latter’s 2021 Magic Quadrant for Privileged Access Management report.

Senhasegura ranked in the Top 3 for above-average PAM technology in Gartner’s Critical Capability report. According to Gartner’s Peer Insights, 98% of existing Senhasegura customers said they would recommend it, awarding it 4.9 out of five stars [based on 109 Gartner peer insights reviews]. Five stars were bestowed by 85% of reviewers, earning it Gartner’s Customer Choice Award in 2021. Senhasegura is the only PAM vendor to provide certificate management capabilities in order to easily manage transport layer security certificate lifecycles and their expiry dates.

Flexible working models

With more companies now adopting flexible working models, security teams are facing greater challenges when it comes to guaranteeing the authenticity of requests from employees or third parties to access systems remotely.

Domum has been designed to help control such access using a simple process of authorisation, enabling administrators to grant external access to users in minutes without the need to configure a VPN or install agents.

Further, Domum complements PAM by helping to manage remote and off-site access safely and securely in accordance with a Zero Trust philosophy.

To help businesses better understand the importance of implementing a PAM solution, Identity Methods has published a PAM Starter Guide. The Privileged Access Management Starter Guide and Toolkit is available online.

PAM is fast becoming vital in any organisation and should be implemented to achieve the principles of Zero Trust. PAM is an information security mechanism that safeguards identities with special access or capabilities beyond regular users. When compromised, privileged accounts can pose significant potential risk to the enterprise. A PAM solution is critical to ensure that core enterprise identities are secured and monitored.

PAM can solve security weaknesses relating to the sharing of passwords and mitigates the risks associated with long-standing permissions.

Identity governance strategy

Ian Collard, founder and CEO of Identity Methods, informed Security Matters: “PAM is a key part of an organisation’s overall identity governance strategy. When integrated with broader identity and access management systems, businesses can achieve a unified governance approach for all employees regardless of their role or level of access.”

According to Collard, organisations are still struggling to protect their networks because they don’t factor-in the access security controls of third parties such as vendors, service providers and consultants.

“This is where Domum comes in,” asserted Collard, “bringing peace of mind by controlling access to remote and flexible users, removing uncertainty around such processes and ensuring that protection is extended to cover all points of connectivity for those operatives who require access to specific systems, regardless of their location.”

An enterprise-grade PAM solution affords organisations the ability to automate the creation, amendment and deletion of accounts, while also providing robust monitoring and reporting. As security administrators need to monitor privileged sessions and investigate any anomalies, a PAM solution’s ability to provide real-time visibility and automated alerting are key benefits for any modern organisation. The launch of Domum greatly complements PAM, leading to a full and rounded capability for monitoring all points of connectivity and securely managing access where and when it’s required.

Reliance High-Tech signposts Technology Day at Mercedes-Benz World

Reliance High-Tech, the independent security technology integrator, has announced details of its next Technology Day, which takes place on Thursday 24 March at Mercedes-Benz World in Weybridge.

Delivering a series of presentations alongside a specially chosen group of technology partners, Reliance High-Tech representatives will look at how the cloud is impacting and influencing the development of next generation security and access control solutions and also evaluating how such developments should align tightly with IT security strategies.

This ‘ticket only’ Technology Day will offer end users, consultants, IT and facilities managers alike an opportunity to hear from a diverse array of leading security industry experts about the latest technology developments and how these are influencing the future of electronic security.

Mercedes-Benz World in Weybridge

Senior personnel from industry-leading technology giants Brivo, Eagle Eye, Milestone, Commend and Mobotix will present on a range of topics in a number of executive briefings, duly covering a variety of issues such as the future of Access Control-as-a-Service, how hybrid solutions are enhancing integration, the evolution of surveillance camera technology, how analytics can perform efficiently in the cloud and the growth of Video Surveillance-as-a-Service.

There will also be day-long exhibition on site where delegates can be hands-on with technology from additional partner companies such as BCD Video, Tiger Bridge Technologies and Thinking Software, all of whom will show how their solutions can work in tandem to present the ideal security solution.

Design and implementation

“We are living in an exciting time due to the way in which the cloud, the Internet of Things and Artificial Intelligence are affecting security technology design and implementation,” commented Jas Murva, head of business development at Reliance High-Tech. “As more of this intelligence is used at the edge and on devices such as surveillance cameras, there remains a degree of confusion about how it can allow resources to be pulled to a central point, reduce energy consumption, facilitate connected thinking between devices and increase the potential power of analytics. This, and many other subjects, will be covered during our Technology Day, which will demystify the evolution of next generation cloud-based security solutions.”

Delegates can choose to attend either a morning or afternoon session, both of which will include the same speakers and content. Luncheon, coffee and other refreshments will be provided and attendees will also have the opportunity to network with the guest experts and peers. 

Reliance High-Tech has also arranged for full delegate access to Mercedes-Benz World and a session that will push delegates’ virtual racing skills to the limit on ultra-realistic racing simulators that capture the excitement, speed and driving demands of real Formula One racing.

Importance of the cloud

Alistair Enser, CEO at Reliance High-Tech, observed: “I’m delighted that we have been able to work with our esteemed technology partners on our first Technology Day focused around the subject of cloud ‘security’. We aim to enlighten people about the importance of the cloud, demystify some of the myths, explain the facts about it, look at why it’s important to embrace its benefits and also outline the roadmap ahead.”

Enser continued: “As an award-winning integrator, we invest almost £1 million internally every year on specialist IT technology and skills and have direct experience of designing and installing the latest products and services available on the market. I would urge any end users, consultants or facilities managers who want to better understand the future of security technology to attend this event. I look forward to welcoming our guests attending Mercedes-Benz World on Thursday 24 March.”

*Delegate numbers for this event will be strictly limited and entrance will be by pre-registered ticket only. For details of the full agenda and the speaker list, and to register your interest, send an e-mail to info@reliancehightech.co.uk

Government Actuary’s Department hit by circa 24,740 malicious e-mails per month

The Government Actuary’s Department has been hit by an average of 24,740 malicious e-mails every month. Data obtained and analysed by the Parliament Street Think Tank via a Freedom of Information request has revealed that a total of 74,221 malicious e-mails, including phishing, malware and spam, had been sent to the Government Actuary’s Department across July, August and September this year.

The Government Actuary’s Department provides actuarial solutions including risk analysis, modelling and advice to support the UK’s public sector. Government Actuary’s Department plays host to circa 200 employees across two offices – in London and Edinburgh – of whom around 165 are actuaries and analysts.

The majority of threats received by the Government Actuary’s Department were spam e-mails, with 38,653 attacks of this nature. In the three-month period under examination, there were also 35,497 phishing attacks and 71 malware or virus e-mails in circulation.

The total amount of phishing attacks decreased over the three-month period. In July, a total of 15,233 phishing attacks came through. In August, this number reduced to 12,111 attacks and, come September, the figure lessened once again to a total of 8,153 phishing attacks.

On average, there were 12,884 spam e-mails received across the three months. These e-mails have the potential to download viruses to staff members’ computers and steal passwords and personal information.

IT infrastructure investment

The Government is investing heavily in its IT infrastructure to the tune of almost five billion pounds on an annual basis. The Department for Business, Energy and Industrial Strategy alone spent almost two million pounds on laptops and smart phones last year. Some 1,216 mobiles were issued to departmental staff in 2020, with 1,557 computers or laptops also part of the mix.

Tim Sadler, CEO and co-founder of Tessian, commented: “The number of phishing attacks that today’s organisations have to deal with is relentless. Phishing is one of the easiest ways for cyber criminals to hack into a company. They just need one distracted or tired employee to miss the cues of an attack in order for it to be successful.”

Sadler continued: “While it’s encouraging to see that the Government is investing heavily in its IT infrastructure to support the workforce, it must also address the issue of whether or not robust security measures are in place to protect employees. In short, the people actually working from the devices. Any failure to do so means that the risk of security incidents caused by human error, such as falling for a phishing scam, will only continue to rise.” 

Reliance High-Tech and Secure Logiq form partnership to promote use of specialist surveillance servers

Reliance High-Tech, the independent security technology integrator, has formed a new partnership with Secure Logiq. Over the last decade, Secure Logiq has become established as an advanced manufacturer of state-of-the-art HD servers that are purpose-built for surveillance-based applications. Reliance High-Tech’s customers will now have access to technology that can process data from up to three times as many cameras as some of the most commonly used servers.

Secure Logiq’s long-standing experience in both the IT and security sectors sits well with Reliance High-Tech’s own background and, as such, both companies aim to change the perception of server technology, highlight its fundamental role and make it a key consideration when it comes to system design. Not only does this benefit the end user in terms of enhanced functionality, but it also means less time specifying, configuring, installing and commissioning.

“Reliance High-Tech only works with Best-in-Class technology providers, so I’m delighted to have formed this partnership with Secure Logiq,” commented Tom Clarke, sales director at Reliance High-Tech. “The worlds of security and IT are now more closely aligned than ever before and we share the view that only servers that have been specially designed for surveillance purposes can create a system that’s fully optimised, energy efficient, reliable and secure. Working with Secure Logiq means that we can add more value and give our customers an unrivalled level of service.”

• 

Secure Logiq offers a range of off-the-shelf devices alongside a custom build service. Its UK-manufactured servers are specifically optimised to efficiently handle multiple streams of HD video data, with a range comprising 1U, 2U, 3U and 4U devices that enable the recording of more channels at a faster rate and the ability to store data for extended periods.

For example, the top of the range HPS-4U-XL Series offers over one Petabyte of storage, three advanced RAID 6 arrays and dual redundant ‘hot swap’ power supplies for total peace of mind in mission-critical applications.

Uptime is everything

For Reliance High-Tech’s customers, it’s fair to state that uptime is everything. Their surveillance technology must be fully operational on a 24/7 basis. Leveraging Secure Logiq’s Logiqal Healthcheck utility, coupled with Reliance High-Tech’s extensive IT monitoring capability, enables an “unprecedented” level of proactive support for customers. 

In the unlikely event of malfunction, the combination of Secure Logiq’s detailed design configuration and Reliance High-Tech’s ISO 27001 and ISO 22301 experience results in fast, effective, secure and robust systems that are proactively monitored.

This means that Reliance High-Tech’s team members have all the information they need to address any issue immediately, proactively, securely and with information security at the very heart of every action.

Missing piece

“Many installers still specify traditional IT servers that simply do not offer the level of processing, storage density, resilience, throughput and overall performance required by modern surveillance systems,” explained Robin Hughes, Secure Logiq’s co-founder. “We provide the missing piece of the HD surveillance jigsaw with servers that are specifically designed for this purpose.”

Hughes added: “Our dedication to innovation and the highest standards of customer service and support are shared by Reliance High-Tech. Together, we will ensure that end users receive the best value and maximum return from their surveillance investment.”

Tom Clarke concluded: “The marriage of Secure Logiq’s standards of excellence with Reliance High-Tech’s IT capability, service capability and advanced monitoring services delivers a new level of system performance, integrity and pre-emptive maintenance and support which we’re extremely excited to introduce to our customers.”

*For further information visit https://reliancehightech.co.uk/

UK and US businesses call for improvement as employee education pinpointed to be biggest cyber security weakness during lockdown

Hardware-encrypted USB drives developer Apricorn has announced the findings from a Twitter poll designed to explore the data security and business preparedness aspects around remote working during the pandemic. More than 30% of respondents singled out employee education as being the biggest area where companies need to make changes to improve cyber security.

The poll ran across six days and targeted employees in both the UK and the US. In addition to concerns about employee education, respondents also flagged updates to hardware (29%), endpoint control (21%) and enforcing encryption (19%) as areas of weakness where organisations need to make changes to strengthen their cyber security posture.

Given that almost 30% of respondents admitted to using unencrypted devices during the pandemic this raises many concerns, and particularly so at a time when we’re seeing a dramatic increase in the volume of data being downloaded along with the potential for more data on the move.

Kurt Markley, director of sales at Apricorn, commented: “Employees have a critical role to play in cyber security processes, from recognising the tools required through to understanding and enacting the policies in place to protect sensitive data. Whether it be through the delivery of awareness programmes or ongoing training, establishing a culture of security within the workforce is now absolutely essential.”

Markley added: “Endpoint security is critical. Deploying removable storage devices with built-in hardware encryption, for example, will ensure that all data can be stored or moved around safely offline. Even if a given device is lost or stolen, the information contained will be unintelligible to anyone not authorised to access it.” 

Not fully prepared

In addition, more than 40% of respondents admitted that, as an individual, they were not fully prepared to work at home securely and productively. Almost a fifth (18%) said they lacked the right technology to do so, 16% were not sure how to and just over 20% stated that they were still not able to work remotely.  

“Many businesses will now have witnessed the positive productivity and financial impact of a remote workforce, but without the right tools, processes and security in place, this can very easily backfire,” continued Markley. 

With the poll results showing that more than 60% of respondents are planning to work remotely either all or some of the time following the pandemic, the threat to corporate data is only going to burgeon. Almost 20% admitted that the experience of working from home has duly highlighted major gaps in their employer’s cyber security strategy/policies.

When questioned as to whether their company had experienced a data breach as a result of remote working during the pandemic, over 20% replied in the afformative, but a further 22% said they didn’t know if they had suffered a breach.

Scrambling to respond

Jon Fielding (managing director for the EMEA at Apricorn) commented: “IT and security teams had to scramble to respond to this crisis and, in doing so, left a lot of companies wide open to breaches. Nine months into employees working remotely, some already know that they’ve been attacked. Others think they may have been, but cannot be certain.”

Fielding concluded: “In the same way that we had to learn how to protect ourselves from illness and modify our behaviour, we also had to learn how to protect our data outside of the firewall and, more importantly, to remain vigilant about it.”

The Apricorn Twitter poll comprised six question and answer options and realised 23,537 responses.

Vemotion enhances channel support with duo of key appointments

Vemotion Interactive – the UK supplier of low latency, high-performance plug-and-play wireless live video streaming solutions for systems integrators and OEM solution providers – has announced Stuart Bishop’s appointment as head of channel recruitment, with Nick Daman taking on the role of channel partner manager.

Bishop’s new role will see him supporting UK and global markets. His previous experience includes 20 years in senior sales/management roles across IT/telecoms, mobile, cloud, the Internet of Things and channel development fields with globally-recognised brands, among them NTL, Fujitsu, Vodafone and IBM.

“I plan to focus on new channel relationships and maximising opportunities with existing partners and resellers, plus developing new partners in the satellite, mobile and security industry marketplace,” explained Bishop.

Stuart Bishop (left) and Nick Daman: joining the team at Vemotion

Nick Daman’s appointment will encompass working with Vemotion partners in all areas of the industry, assisting with sales and support of the Vemotion software and hardware solutions range.

“I can’t wait to energise our existing partners and expand their understanding of Vemotion’s high-performance wireless video streaming capabilities across a wide variety of vertical markets,” enthused Daman. “It’s incredibly exciting to be joining the company at a time when there has never been a greater requirement for low latency, low bandwidth and high-quality live video.”

Commenting on the appointments, Steve Haworth (CEO at Vemotion) said: “We’re delighted to be welcoming Stuart and Nick to the Vemotion team. They join an agile British organisation that continuously strives to innovate with successful video surveillance solutions. These latest appointments illustrate our continued commitment to delivering high-quality streaming video technology backed by first-class customer support.”

SALTO Systems launches Neo Cylinder access control solution for end users

SALTO Systems, the manufacturer of electronic access control solutions, has released the SALTO Neo Cylinder – a new electronic cylinder that, according to the company, “offers more features and better functionality” for end users than any other cylinder currently on the market.

The compact SALTO Neo Cylinder is designed for doors where fitting an electronic escutcheon is not possible or required. In fact, it can be installed on standard doors, server racks, gates, cabinets, electric switches and sliding doors.

The SALTO Neo Cylinder provides an effective and convenient way of securing a building or assets. The clutch system is energy efficient, dropping power consumption to impressively low levels resulting in 100,000/130,000 operations from just one set of batteries. Standby power consumption is also reduced, further extending battery life.

The IP66-rated SALTO Neo Cylinder is weather-resistant, rendering it suitable for outdoor use, even in the harshest of environments. Inside the Neo Cylinder is the latest in electronic lock technology. Certified to the highest security standards, and “incorporating ever-higher quality and reliability”, the SALTO Neo Cylinder “offers value far beyond security”. It also provides greater control over the door by offering end users access to audit trails, reports and alerts.

Thanks to smart keys and mobile technology, the SALTO Neo Cylinder enables users to manage access rights quickly and on a keyless basis (which, states the company, is more secure than using mechanical keys). Additional flexibility, convenience and operational efficiency are provided by the Neo Cylinder’s wireless technology.

Keyless access

“SALTO’s new Neo Cylinder technology provides customers, systems operators and installers alike with new features and the ability to connect keyless access where we couldn’t have justified wiring a door before,” said Marc Handels, chief technology innovation officer at SALTO Systems.

Handels added: “We’ve seen for years now that electronic locking technology is an ecosystem subject to continuous change and growth. We have had to consider how to best anticipate customers’ needs and develop smart locking solutions that are easy to adopt and install. The SALTO Neo Cylinder has more functionality and performance capability than any other cylinder on the market, allowing businesses to connect to their on-premises network via advanced SVN technology or the cloud with the SALTO KS cloud-based access management platform.”

As the SALTO Neo Cylinder is compatible with SALTO SVN, SALTO BLUEnet Wireless and the SALTO KS (Keys-as-a-Service) cloud-based technology, it can be switched to any of SALTO’s technology platforms at any time without changing hardware. It also includes SALTO SVN-Flex technology, which increases the capability, efficiency and reliability of SALTO SVN, in turn yielding better security, control and convenience for end users and their installations. This allows businesses to decide which technology fits better with their day-to-day security, operational and IT needs.

SALTO JustIN Mobile technology is also on-board every cylinder. This gives users and system administrators the capability to send or receive a mobile key to open any door or gate fitted with a SALTO Neo Cylinder via their iOS or Android Bluetooth or NFC-enabled smart phone. This adds “incredible convenience and efficiency” for end users. JustIN mobile app capability also complements the use of SALTO’s other management platforms, specifically the SALTO SPACE data-on-card management software or the aforementioned SALTO KS cloud solution.

Available from the beginning of this month, the SALTO Neo Cylinder delivers an easy-to-use electronic locking platform that integrates all physical security needs through smart, wireless and battery-operated smart cylinders, affording the host organisation all of the latest user access information for virtually any doors in their facility.

*Watch the new SALTO Neo Cylinder in action: https://www.youtube.com/playlist?list=PLc2MQEOljREut7MA-JY7MAIWDVpVPhSec

 

CHAS makes three key appointments designed to strengthen operations

Supply chain risk management expert CHAS (the Contractors Health and Safety Assessment Scheme) has appointed Alex Minett as head of products and markets and Elaine Bailey and Peter Hepworth, both of whom become non-executive directors at the trusted Health and Safety compliance advisor.

Alex Minett brings in-depth knowledge of the SHEQ sector in the UK and internationally from a contracting and consulting perspective having established SHEQ strategies for multiple businesses (including blue chip companies) across diverse sectors.

He also has extensive knowledge of construction Best Practice and compliance having worked for 20 years in the construction sector, including on iconic projects such as the London 2012 Olympic and Paralympic Games and the Battersea Power Station where he advised on safety measures for the demolition and re-erection of the four iconic chimneys.

In addition, Minett was responsible for establishing the initial SHEQ strategy for Transport for Wales and supported the procurement team within the wider provision of the multi-billion pound franchise with pre-qualification of the bids.

Alex Minett

Further afield, Minett worked closely with the World Bank and other funders on one of the world’s largest solar farms in Benban and initiated a zero harm approach to safety at the Facebook Data Centre in Lulea. He was also responsible for embedding safe working practices for the construction and delivery of the Saudi Aramco Petroleum Polytechnic in Saudi Arabia.

Now, Minett has overall responsibility for all of the CHAS products both current and new and is closely involved in the strategic position of CHAS within the marketplace and identifying opportunities for growth.

CHAS managing director Ian McKinnon stated: “Alex is an excellent addition to the CHAS team and we’re delighted to have him on board. His insight and experience will be invaluable as we continue to expand our service offer.”

Minett himself commented: “I’m excited to be joining CHAS at a time of marked growth for the organisation. As the founder of contractor prequalification, CHAS enjoys a first class reputation and I’m looking forward to helping build on this as the business evolves and grows.”

Extensive experience

Elaine Bailey became a non-executive director at CHAS with effect from Wednesday 1 July. Bailey has worked extensively across the construction, criminal justice, Government services and housing sectors in the private, public and not for profit sectors and brings 15 years of executive Board experience to the role.

From 2014 to 2019, Bailey served as CEO of London-based Housing Association The Hyde Group where, as well as significantly improving financial and operating performance, she drove a major change programme designed to simplify, automate and improve service delivery.

Bailey also sits on the Industry Safety Steering Group chaired by Dame Judith Hackitt which is charged with scrutinising proposals and progress towards culture change within the construction industry following the tragic Grenfell Tower fire.

Elaine Bailey

Previously, Bailey held senior positions at FTSE 250 outsourcer Serco and is a trustee of Catch 22 and the Greenslade Family Foundation, as well as a Board member of the Andium Housing Association.

Speaking about Bailey’s appointment, Ian McKinnon stated: “Elaine’s successes at The Hyde Group, along with her knowledge and experience of good governance, make her an excellent addition to the CHAS Board. We also welcome Elaine’s commitment to driving cultural change within the construction industry following the Grenfell Tower tragedy through her work as part of Dame Judith Hackitt’s Steering Group.”

Bailey responded: “I’m delighted to be joining an organisation which plays a key role in improving occupational Health and Safety performance in UK workplaces. I’m looking forward to working with CHAS to continue to raise Health and Safety standards right across the UK.”

Digital transformation

Peter Hepworth formerly oversaw a portfolio of businesses while serving as executive officer of the Professional Services division at Capita plc, where his achievements included rationalising 14 separate learning businesses into one organisation and executing the digital transformations of Constructionline and Parking Eye.

He simultaneously served as CEO of AXELOS.com, a joint venture between Capita and the Cabinet Office and the publisher of global Best Practice guidance for IT, project and risk management. In fact, Hepworth was responsible for founding the operation in 2013. He grew the business internationally, expanding the product range and launching a cyber resilience portfolio while regularly liaising at ministerial level. Hepworth also transitioned AXELOS to become a Content-as-a-Service subscription model.

Previously, Hepworth served as managing director of Activision Blizzard UK where he was responsible for transitioning the business to meet the digital future. He has also held senior positions at L’Oréal, Sara Lee and BDO Stoy Hayward. His additional board experience includes having served as a non-executive director of The Fire Service College, Fera Science and eve Sleep. Hepworth is a Chartered Accountant by background.

Peter Hepworth

“We’re very happy to welcome Peter to the CHAS Board,” enthused Ian McKinnon. “He brings a wealth of experience in digital transformation which will prove invaluable as we continue to navigate the challenges and opportunities of the digital age.”

Hepworth informed Security Matters: “I’m excited to be joining the Board of CHAS as it continues its strong growth trajectory. The company has an excellent reputation with an impressive portfolio of digital products and services that can help businesses transform their risk management processes. I’m delighted to have this opportunity to support the further success of both CHAS and its extensive customer base.”

“Cyber attack fears delaying business innovation” reveals HackerOne survey

A survey conducted by HackerOne has revealed that IT projects are being stifled due to security concerns. More than 80% of UK CISOs and CTOs who were interviewed revealed software IT projects have been hindered due to concerns over inevitable security issues. 90% also agreed that software vulnerabilities pose a significant risk to their organisation.

“Organisations need to find a balance between driving innovation and keeping data safe,” said Laurie Mercer, security engineer at HackerOne. “It’s not surprising that fear around cyber security is hindering this, but by moving beyond traditional cyber security strategies, businesses can start to feel empowered. When I started writing code, new releases of software would take six months to develop and test. Today, new software is released every hour. This new pace of innovation poses a problem for security teams but, by implementing a strategy that supports continuous security, businesses can ensure they’re on alert for any vulnerabilities that software might have. The key is to ensure that security is constantly evolving.”

Manpower and budgets are also a key concern for security professionals, with 63% believing security team resources are not able to keep up with the pace of development. Lack of budget and other resources including skill sets were also cited as key barriers to creating a well-rounded cyber security strategy by over a third of respondents.

Despite the significant number of concerns around vulnerabilities and limited resources, the survey highlighted that 62% would rather accept the risk of software vulnerabilities than invite unknown hackers to find them, while 63% say they’re only comfortable accepting bug submissions from vetted hackers.

A HackerOne customer and CISO of an international health and beauty retailer said: “I understand first-hand the nature of remaining cautious. As we all know, though, traditional cyber security methods alone are not sufficient. CISOs find themselves in a tricky position, needing to embrace innovation, but while ultimately remaining responsible for cyber security. The security landscape is ever evolving so we need to approach defensive strategies in the same way. By working with ethical hackers, it gives organisations the freedom to work on new projects, spin-up new applications and try different ways of working, while at the same time there’s peace of mind that continuous and ongoing testing is taking place. With ethical hacking, these vulnerabilities can be fixed immediately.”

The research was conducted by Opinion Matters and included input from 200 UK CISOs and CTOs. The findings revealed what CISOs believe to be the biggest risks to businesses, which areas are hindering growth and what kind of technology respondents are likely to implement in order to overcome these challenges.