Tag Archives: IT

BeCyberSure launches specialist EU GDPR Risk Assessment service

Information security specialist BeCyberSure has announced the launch of the “most comprehensive GDPR Risk Assessment available”. Conducted by security, risk and compliance specialists, the audit provides organisations with a definitive evaluation of their EU GDPR (General Data Protection Regulation) readiness, as well as what needs to be done to ensure compliance ahead of the 25 May 2018 deadline.

The GDPR supersedes the UK’s Data Protection Act 1998 and applies to every company that collects, processes or stores an EU citizen’s data, regardless of sector, size and geographical location. Enforcement of the GDPR is unaffected by the UK’s decision to leave the EU.

The BeCyberSure GDPR Risk Assessment is said to provide the most rigorous audit process available. The assessment is conducted on and off site by a GDPR specialist, beginning with a detailed review of company policies and governance, procedures and processes, an assessment of physical aspects (such as access to buildings and the storage of paper documents, etc.) and, if deemed necessary, an extensive digital vulnerability test. The audit also involves formal and informal (ie covert) interviews with employees as well as heads of department.

EUGDPRWeb

Carolyn Harrison, marketing director at BeCyberSure, explained that the GDPR is a company-wide issue and should not sit solely with IT.

“Our assessment begins with people, policies and processes to reveal any possible vulnerabilities that would result in non-compliance,” urged Harrison. “We then deep-dive, looking at what data the organisation is capturing, how it’s processed, what consent has been given, where it’s stored and how to dispose of all information that’s not required.” Harrison added: “The best technology in the world can be rendered useless if an open door, whether physical or digital, creates the opportunity to access to data.”

Following the audit, the host organisation is presented with a confidential Advisory Report stating what action (if any) is required to ensure GDPR compliance.

On that note, Harrison stated: “This report is invaluable in terms of benchmarking where an organisation is today, where they need to get to and the best course of action to get there. They can then choose to implement the programme of work themselves, collaborate with BeCyberSure or outsource the entire project to us.”

BeCyberSure has a senior team of GDPR auditors who have a wealth of experience with backgrounds in risk management and compliance, cyber security, policing, intelligence services and the military.

Harrison concluded: “There’s a lot of scaremongering going on about the GDPR and, while it’s true that the potential fines are eye-watering and the threat of personal liability daunting, if organisations act now, then they still have time to put the necessary safeguards in place to be GDPR-compliant. Undertaking a Risk Assessment is the first step in the due diligence process and means that organisations are not spending unnecessarily on their route to compliance.”

*For further information access www.becybersure.com

Leave a comment

Filed under Risk UK News, Uncategorized

84% of small businesses call for intelligent video surveillance as existing systems “fail to protect premises”

A survey1 of small businesses in the UK has discovered that 84% of retail, office and hospitality owners are looking for video surveillance with high resolution images and intelligent features such as remote monitoring to provide superior security for their premises.

85% of respondents also stated that high quality and reliability would be important purchasing considerations when looking to invest in video surveillance.

The survey demonstrates a wide consensus among small business owners that current surveillance solutions in place are not viable to provide the necessary proof of crime at a time when the cost of shop theft is at an all-time high2. It also reveals that new technology is sought to provide the required security level within a given business.

Axis Communications carried out the survey in order to establish small business owners’ key challenges regarding video surveillance and how they believe it could be improved. In addition to stating that high quality images and the ability to access footage remotely on a smart phone or other device is desirable, 70% also suggested that ease-of-use is also high on the agenda.

axiscompanionvms

In light of accessible intelligent technology, 82% of small business owners are considering new video surveillance technology for their premises in order to provide a more up-to-date solution.

The survey results also demonstrate the challenges currently faced by small business owners in regards to their existing video surveillance solutions. A number of factors were revealed as unsatisfactory within their present set-up, including poor quality of images and difficulty of use.

These small business owners reported facing issues with their current video surveillance including “bad quality of system”, “lack of ability to monitor outside of premises” and providing “limited proof of crime”. This feedback further confirms the desire for more intelligent surveillance solutions to help protect businesses and make staff feel safe.

Atul Rajput, regional director for Northern Europe at Axis Communications, observed: “Pioneering technology and the benefits that come with it shouldn’t be limited to corporate entities. With the help of dedicated IT and security installers, the network camera is becoming more accessible and affordable for the small business than ever before. Many small business owners have an awareness that high quality, intelligent solutions are available and are looking for guidance as to how they can make the most of this to protect their premises and, ultimately, their bottom line. A rise in theft and the continued improvements in technology such as remote monitoring and high-quality images are only set to exacerbate this situation.”

Rajput continued: “As legacy video surveillance solutions become obsolete, we’re witnessing a shift in the ways small businesses adopt new solutions. Once regarded as a standalone investment, many now consider IP cameras as a vital upgrade that forms a part of their larger IT infrastructure. Along with this, end users are also looking to remotely access live and pre-recorded video footage anytime and anywhere. The ultimate benefit of this is a solution that delivers information rapidly and cost-effectively and that can benefit from the latest applications as and when they become available.”

References 

1Research was conducted by OnePoll independent market researchers on behalf of Axis Communications between 22 July and 10 August 2016 via an online survey. 500 UK business owners of companies with 1-20 employees that would be involved in the decision to purchase video surveillance equipment for their company premises were surveyed

2http://brc.org.uk/news/2016/cost-of-theft-for-retailers-at-highest-level-since-records-began

Leave a comment

Filed under Risk UK News, Uncategorized

Unwitting cyber scammers cold call industry expert at C3IA Solutions

Would-be cyber scammers made a megabyte blunder when they cold-called Matt Horan of C3IA Solutions: Horan is one of the country’s top cyber security experts. Realising the crooks were trying to take control of his computer, Horan put the call on speaker phone and asked a colleague to record it, with hilarious consequences.

After stringing out the conversation for 35 minutes – during which time he was passed to more senior ‘helpers’ as he posed as an ignorant computer user – Horan then informed the caller that he had no Internet connection.

This prompted the fraudster to use an expletive before hanging up in anger. An edited video of the call has been amusing people across social media.

Horan is keen that the video is used to help people avoid falling for cyber scams. He told Risk UK: “One of the weakest parts of any business’ cyber security is the staff. They do nothing malicious, but can easily assist fraudsters. Along with ‘phishing’ e-mails, this type of phone scam is common and can cause huge amounts of damage.”

Matt Horan, director of C3IA Solutions

Matt Horan of C3IA Solutions

Horan continued: “The caller purports to be from Microsoft or a similar outfit and informs the person who answered the call that there’s a problem with their computer. They then instruct that person to look at the computer’s ‘systems and events logs’, which is simply a log of every action taken. They tell them that this is evidence of ongoing malicious attacks. After that, they try and entice them to log into TeamViewer or something similar which means they then can gain remote access and control of the target computer.”

In addition, Horan stated: “They then have all the information on a computer or network and can infect the system, read e-mails, steal passwords or encrypt the stored data. They can basically do anything they want. Obviously, this can cause massive harm to a business and may well lead to data loss, the theft of funds and the stealing of intelligence as well as cause acute embarrassment.”

C3IA Solutions trains staff at businesses to be ‘cyber-savvy’ and always to hang up on calls like this. If staff are in doubt they should contact their IT support.

“Firms such as Microsoft don’t make calls like the one I took, but they seem authentic,” explained Horan. “Often, the scammers work in pairs so the initial caller can pass over the call to a ‘senior supervisor’, as they tried with me. This gives an added authenticity. Caution should be the watchword when taking calls like this one.”

*The video can be viewed on YouTube: https://youtu.be/ncIehp0fBT8

Based in Poole, Dorset, C3IA Solutions is one of fewer than 20 companies certified by the Government’s National Cyber Security Centre. In addition to its work with Government agencies including GCHQ, the company operates a commercial section that works with businesses, assisting them with their cyber security.

C3IA (a military term) Solutions was set up in 2006 by Horan and Keith Parsons. It has 84 personnel on contract of whom 33 are employees and 51 are associates. The business operates in the defence and security sectors serving both SMEs and multi-national firms.

C3IA is a leading provider of secure ICT, technical programme management and information security services and solutions.

The company takes its Corporate Social Responsibility seriously, supporting serving and past members of the Armed Services. Indeed, the business sponsors those engaged in personal and team development through arduous sporting and other challenges.

Leave a comment

Filed under Risk UK News, Uncategorized

“Hybrid cloud and the CIO will rule in 2017” asserts Informatica

Cloud has reached maturity. No longer seen as the dangerous option, widespread cloud adoption will enable more flexible and rapid service in 2017. As a result, businesses will need to have total control of their infrastructure and sensitive data if they’re to keep up. With this in mind, Greg Hanson (vice-president for worldwide consulting at data specialist Informatica), has moved to explain the four areas businesses must prepare for in 2017 if they’re to perfect their cloud strategy.

Enterprises will embrace a hybrid cloud approach to dispel data fragmentation

Widespread adoption of Software-as-a-Service (SaaS) has traditionally been the preserve of SMEs looking for subscription-based models and easily scalable software. Yet pockets of SaaS investment have crept into the enterprise in 2016, occurring within individual lines of business and causing data fragmentation which hampers agility.

In 2017, rather than shying away from SaaS deployments business-wide, successful enterprises will embrace a hybrid approach to the cloud and reclaim their single view of data assets.

Security will no longer be a question of on-premise or cloud

It’s no longer about whether on-premise or cloud is more secure, but rather about understanding that breaches come from the inside. Threats exist inside the firewall and, as a result, perimeter defence has long since been ineffective.

After all, the biggest threat to an organisation’s security posture doesn’t come from the kind of infrastructure and software it uses, but rather its people.

greghansoninformatica

Greg Hanson

The amount of data that business users are consuming and demanding means it’s the data management strategy that’s imperative. Security posture in 2017 will be defined by an organisation’s ability to carve out a cohesive data management strategy to track data wherever it resides, and then secure it at its source. 

Brands will live and die by their customer experience

From financial institutions to retailers and manufacturers, customer experience will overtake price as the new differentiator for customers. As such, data stewardship and governance will become the priority for those delivering second-to-none experiences and successful transformation projects.

It’s all very well pulling data assets together and sharing them with lines of business for these initiatives, but they will need to know that the quality of the data they’re implementing into systems is pristine.

What’s more, they will need the right guidance and tools to access the data in the first place and visualise it in such a way that it can travel the last mile and be put into real use. This is where a cohesive data management strategy is essential for bridging the disconnect between data scientists and business users. 

CIOs will secure their future by reclaiming ownership of data initiatives

With CIOs increasingly facing competition from a tech-savvy set of business IT buyers, it will be imperative that the former step up and take ownership of business agility and transformation to ensure they still lead their organisation’s digital journey.

Lines of business are increasingly looking to do things cheaper and quicker without the involvement of IT. This means that CIOs will need to reclaim control of data management at its root to drive enterprise-wide security and improve accessibility of data.

Only then can they fully ensure that the single view of the company’s data assets doesn’t become somewhat ‘muddied’ by a disjointed IT spend and independent data management across the business.

Leave a comment

Filed under Risk UK News, Uncategorized

Evidence Talks launches SPEKTOR Rapid Imager for forensic imaging “at unparalleled speeds”

A global collaboration between digital forensics specialist Evidence Talks and Australia-based Schatz Forensic will afford investigators in law enforcement, Government agencies and Corporate Security Departments the ability to create forensic images significantly faster than when using traditional techniques.

The breakthrough in forensic imaging speed in a triage tool comes as a result of integration between Evidence Talks’ SPEKTOR solution and Schatz Forensic’s next generation forensic imaging technology, named Evimetry. Evimetry is based on the peer-reviewed AFF4 forensic image file format, advanced compression and intelligent sequencing of disk access.

Dr Bradley Schatz, director of Schatz Forensic and an inventor of the AFF4 forensic image format, has a PhD in Digital Forensics, a Bachelor’s degree in Computer Science, 23 years experience in IT and 13 years in digital forensics. Schatz is a globally recognised leader in forensic research, with appointments across the leading publication venues of the field.

Andrew Sheldon MSc, Chief Technical Officer of Evidence Talks and originator of the SPEKTOR forensic platform, has 37 years of experience in IT, 23 of which have focused on forensic computing. He holds a Masters degree in the discipline from the Centre for Forensic Computing at the Royal Military College of Science, Cranfield University and is a regular speaker at industry events.

rapidimager

Sheldon commented: “During our research into methods of reducing forensic imaging times, I discovered Dr Schatz and his work on the peer reviewed and forensically sound AFF4 imaging format. Further development of this work by Schatz Forensic was so close to our desired objectives that we approached him to work collaboratively and combine the technology into the SPEKTOR product range. This has accelerated our ability to deliver outstanding performance to a market that’s demanding faster image creation in order to cope with massive increases in target media capacities.”

Exclusive licensing agreement

Now, with an exclusive licensing agreement in the triage space, Evidence Talks is embedding the necessary code across its SPEKTOR product suite. In a recent test, the SPEKTOR Rapid Imager produced a full linear image on a MacBook Air with 120 GB storage in under four minutes. That can be set against the previous timeframe using industry standard tools of some 45 minutes.

SPEKTOR Rapid Imager isn’t just fast when imaging SSD media. It’s optimised for slower systems employing rotational media with tests indicating significant reductions in imaging times.

The new system was launched at the 2016 F3 annual workshop in Gloucester on Tuesday 8 November. Evidence Talks is a founder member of F3, which is a non-profit organisation helping to provide low-cost training for digital forensic practitioners.

Commenting on the product release, Dr Bradley Schatz said: “We recognised very early in discussions with Andrew Sheldon that Evidence Talks had the vision and will to lead the forensic triage market to preserve more evidence in less time. This vision aligns perfectly with that of Schatz Forensic. The seamless integration of SPEKTOR and the Evimetry imager engine provides a dramatic increase in digital forensic triage performance which will have immediate and measurable benefits for end users.”

Leave a comment

Filed under Risk UK News, Uncategorized

New report from WhiteHat Security reinforces that organisations must focus on risk

WhiteHat Security has issued its eleventh annual Web Applications Security Statistics Report. Compiled using data collected from tens of thousands of websites, the report reveals that the majority of web applications exhibit, on average, two or more serious vulnerabilities per application for every industry at any given point in time.

The Report’s findings are based on the aggregated vulnerability scanning and remediation data from web applications that use the WhiteHat Sentinel service for application security testing. The research shows that no industry has mastered application security. Of the 12 industries analysed, the IT, education and retail industries suffer the highest number of critical or high-risk vulnerabilities per web application (at 17, 15 and 13 respectively).

The findings also highlight that the IT and retail industries struggle to remediate in a timely manner. It takes approximately 250 days for IT and 205 days for retail businesses to fix their software vulnerabilities.

InternetSecurity2

According to the ‘Window of Exposure’ data contained in the report, another key metric organisations need to pay attention to is the number of days an application has one or more serious vulnerabilities open during a given time period. Across all industries, a substantial number of web applications remain always vulnerable.

A few key highlights of the report include: 

  • Information Technology (IT): 60% of web applications are always vulnerable
  • Retail: Half of all web applications are always vulnerable
  • Banking and financial services: 40% and 41% (respectively) of web applications are always vulnerable
  • Healthcare: 47% of web applications are always vulnerable

“We’ve observed that organisations have hundreds, if not thousands, of consumer-facing web applications, and each of these web apps has anywhere from five to 32 vulnerabilities,” said Tamir Hardof, chief marketing officer at WhiteHat Security. “This means that there are thousands of vulnerabilities across the average organisation’s web applications. While this number is overwhelming, risk ratings can really help security teams prioritise which vulnerabilities they work on fixing first. Unfortunately, what this year’s report tells us once again is that organisations are not really relying on risk levels as a baseline to inform their application security strategies.”

Remediation rates

The report also captures data on vulnerabilities that are fixed once they’re discovered. Generally, the more critical the vulnerability, the more complex they are to understand and remediate.

For nine of the 12 industries analysed, remediation rates are below 50%. In IT, less than 25% of open vulnerabilities are remediated, while vulnerabilities in this industry have an average age of 875 days. The average time-to-fix for vulnerabilities varies by industry, from approximately 15 weeks in the energy industry to 35 weeks in IT.

Key trends from 2013-2015 include the following:

  • Remediation rates declined significantly in IT, which saw a drop from 46% to 24%, and in banking, which dropped from 52% to 42%
  • Financial services and retail saw modest increases in their remediation rates, from 41% to 48% for financial services, and from 42% to 48% for retail
  • The greatest improvement was in the food and beverage industry, where remediation rates quadrupled from 17% to 62%
  • In manufacturing, rates almost doubled from 34% to 66%, while healthcare and insurance increased from 26% to 42%, and from 26% to 44% respectively

“Since 2013, the average time to fix vulnerabilities has trended upward overall, but we’ve seen some great successes with customers who’ve embedded security into the software development process,” said Ryan O’Leary, vice-president of the Threat Research Centre and technical support for WhiteHat Security.

“Discovering vulnerabilities in development is key to reducing vulnerabilities when the application is staged. Introducing source scanning, or SAST, has the potential to eliminate 80%-90% of well-known vulnerabilities. We look forward to seeing how this report will evolve as security and development teams work together more closely around shared security and risk management goals.”

Leave a comment

Filed under Risk UK News, Uncategorized

Dot Origin partners with ASSA Abloy to enhance “pioneering” EdgeConnector solution

Dot Origin has partnered with ASSA Abloy Access Control, a UK division of ASSA Abloy, in a bid to enhance the pioneering EdgeConnector system.

Aperio wireless locks have been integrated within the EdgeConnector system for converged physical and logical access management. The solution provides host organisations with physical access control that’s truly integrated with their IT resource access management platform, in turn delivering enhanced security, simple management and easy installation.

All door access requests are processed centrally in real time, resulting in significant compliance and cyber security benefits.

Aperio is designed to upgrade mechanically-locked doors and wirelessly connect them online to new or existing access control systems. Aperio requires minimal modification to doors and premises, offering both a cost-effective and simple security upgrade.

AperioEdgeconnector

Left to Right: Nigel Cogram (sales manager for access control solutions at Dot Origin) pictured alongside David Hodgkiss (national sales manager at ASSA Abloy Access Control)

David Hodgkiss, national sales manager at ASSA Abloy Access Control, informed Risk UK: “Dot Origin shares our passion for providing integrated security solutions that deliver the greatest value for end users. Our partnership will enable Dot Origin’s EdgeConnector online door access control solutions to extend even further through the incorporation of Aperio wireless locks.”

Dan Isaaman, technical director and co-founder of Dot Origin, responded: “We’re excited to be able to provide our clients with solutions encompassing the Aperio product set. Dot Origin’s EdgeConnector solutions have already been integrated for a number of years with HID Global’s security products. This new partnership will present EdgeConnector’s end users with an extended choice of flexible installation configurations thanks to the versatility of ASSA Abloy’s Aperio wireless locks.”

EdgeConnector provides real-time, centralised access control decision-making capability without complexity. The system integrates directly with existing IT user administration tools based on Windows Active Directory or an alternative LDAP database.

Physical access management is fully scalable as standard from a server rack to whole buildings; across multiple sites worldwide and for any number of users without the usual restrictions and complexities involved with traditional access control systems.

Leave a comment

Filed under Risk UK News, Uncategorized