Tag Archives: IT

NTT Security Corporation signs definitive agreement to acquire WhiteHat Security

NTT Security Corporation has signed a definitive agreement to acquire the privately-owned concern WhiteHat Security, the application security provider committed to securing applications that run enterprises’ businesses. Post-acquisition, WhiteHat Security will operate as an independent and wholly-owned subsidiary of the NTT Security Corporation.

As a result of this acquisition, NTT Security will “provide the world’s most comprehensive end-to-end cyber security solutions”. Together, andworking hand-in-hand, the two organisations will address enterprise security needs that range from IT infrastructure through to critical business applications covering the full lifecycle of digital transformation.

This acquisition expands NTT Security’s portfolio, allowing its customers and partners to benefit from WhiteHat Security’s cloud-based Application Security Platform. For their part, WhiteHat Security’s customers and partners will have access to NTT Security’s consulting and advisory services, along with its next generation platform-based Managed Security Services.

WhiteHatSecurityLogo

“NTT Security’s overarching goal is to provide comprehensive, game-changing cyber security solutions that address the broader needs of digital transformation,” explained Katsumi Nakata, CEO at NTT Security. “WhiteHat Security is recognised globally as a leader and pioneer in the field of application security cloud services and DevSecOps spaces. By bringing WhiteHat Security into our portfolio, we are now well positioned to deliver on our vision of securing a smart and connected society by providing comprehensive security solutions for enterprises undergoing digital transformation.”

Craig Hinkley, CEO of WhiteHat Security, responded: “WhiteHat Security has been at the centre of application security, providing wide-reaching solutions to its customers and partners, and we will continue to invest in our people and technologies to maintain that leadership. The synergy between our two security-focused companies will enable our partners, customers and prospects alike to benefit from our combined cyber security solutions.”

NTT Security and WhiteHat Security will continue to invest in emerging technologies to secure their customers’ businesses. The acquisition enhances NTT Security’s ability to deliver high-performing and effective application security at a global scale.

Advertisements

Leave a comment

Filed under Risk Xtra

KnowBe4 study reveals 92% of organisations’ biggest security concern is end users

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released the results of new research. The company’s report examines over 350 organisations globally and reveals the security weaknesses and concerns within them. On average, 81% of organisations had some degree of concern around security issues.

Cyber crime continues to evolve and become more sophisticated. Artificial Intelligence and machine learning are leveraged by many criminal organisations to help them better understand how to improve their attacks and they’re now targeting specific industry verticals, organisations and even individuals.

Increases in the frequency of ransomware, phishing and crypto-jacking attacks have been experienced by businesses of nearly every size, vertical and location.

KnowBe4

When it comes to attack vectors, data breaches are the primary concern, with credential compromise coming a close second. These two issues go hand-in-hand as the misuse of credentials remains the foremost attack tactic in data breaches. That’s according to Verizon’s 2018 Data Breach Investigations Report.

Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively “old” attack vectors.

Other key findings

*92% of organisations rank end users as their primary security concern. At the same time, security awareness training along with phishing testing tops the list of security initiatives that organisations need to implement

*Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate. In terms of attacks, 95% of those organisations surveyed are most concerned with data breaches

*Ensuring security is in place to meet General Data Protection Regulation (GDPR) requirements is still a challenge for 64% of organisations, despite the GDPR’s fine details having been public knowledge for quite some time

*Attackers’ use of compromised credentials is such a common tactic. 93% of organisations are aware of the problem, but still have lots of work to do to stop it

*When it comes to resources, 75% of organisations don’t have an adequate budget

“2018 was a prolific year for successful cyber attacks, with many of them caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start their defence by establishing a security culture. In order to combat the escalation of social engineering, they absolutely have to ensure that users are trained and tested.”

To read the full report visit www.KnowBe4.com

Leave a comment

Filed under Risk Xtra

UK’s SMBs battling average of five cyber attacks per annum

Small and medium-sized businesses (SMBs) in the UK have faced up to an average of five cyber attacks in the last 12 months. That’s according to research commissioned by online encryption specialists Appstractor Corporation that highlights the growing threat such businesses face from online criminals.

A significant number of IT decision-makers in these SMBs believe they’re being put at greater risk of attack because their security software isn’t keeping pace with the sophisticated nature of the attacks with which they’re confronted.

According to the new independent report entitled ‘Under Attack: Assessing the Struggle of UK SMBs Against Cyber Criminals’. some businesses (19%, in fact) faced as many as ten attacks in the last year. IT bosses who took part in the research survey suggested that one of the major causes for concern for SMBs in the UK is that security and encryption software is aimed at individual consumers or large corporations and Governments, meaning that they cannot be deployed effectively in a small business environment.

SMBCyberSecurity

In fact, only 44% of IT decision-makers in SMBs believe that they’re able to properly protect themselves against cyber criminals using current software and systems when compared to the ability of large businesses to protect themselves.

A third believe that the UKs small business community – which makes up 99% of businesses, according to the Federation of Small Businesses – is being “forgotten about” and placed at a higher level of risk when compared to their larger counterparts.

When it comes to the level of threat faced by these smaller companies, Appstractor Corporation’s research found that 17% of companies faced at least one attack in the last year, 28% were attacked two or three times, 32% faced four or five attacks and 19% were attacked between six and ten times.

A small proportion of companies – 2% – said that their company had been targeted up to 20 times in the last 12 months.

Commenting on the report, Paul Rosenthal (CEO and founder of Appstractor Corporation) agreed that current solutions were not up to scratch. but also said that some SMBs were making themselves an easy target for criminals.

“It’s the case that SMBs are at a disadvantage in the cyber security arms race because software and platforms are not being effectively designed for them, so they have to shoehorn consumer or large enterprise-grade solutions into their company which don’t work in small businesses. IT managers and small business owners need to rid themselves of their current ideas that they are too small to be targeted and so don’t have to worry about security and encryption software. The reality is that small businesses are being targeted by criminals more than ever before. Techniques like automated mass targeting are putting them at a serious and present risk of attack.”

*To access the full report click here

Leave a comment

Filed under Risk Xtra

95% of UK businesses “still struggling” with mobile working as security of data continues to cause concern

Apricorn – the manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives – has unveiled new research results highlighting that 95% of organisations surveyed in the UK recognise problems with mobile and remote working. Worryingly, nearly one-in-five (18%) suggest that their mobile workers don’t care about security.

All (ie 100%) of those IT decision-makers surveyed noted that they had employees who work remotely at least some of the time, with an average of over one third (37%) of staff members who do so. With an increase in the numbers of people working remotely, this means more data moving beyond the confines of the corporate network. Organisations need to ensure that any data – be it at rest or on the move – remains secure.

While many are taking steps to ensure their data is protected, for instance by implementing security policies for mobile working and Bring Your Own Device, just under half of respondents (44%) still agree that their organisation expects their mobile workers to expose them to the risk of a breach. Roughly one third (32%) say that their organisation has already experienced a data loss or breach as a direct result of mobile working, while 30% of respondents from organisations where the General Data Protection Regulation (GDPR) applies are concerned that mobile working is an area that will most likely cause them to be non-compliant.

MobileWorkingSecurity

53% cited that one of their Top Three biggest problems with remote working is due to the complexity and management of the technology that employees need and use. Over half (54%) say that, while their organisation’s mobile workers are willing to comply with requests relating to security measures, employees lack the necessary skills or technologies required to keep data safe. Nearly one third (29%) take the radical approach of physically blocking all removable media, while a further 22% ask employees not to use removable media (although they have no technology means by which to enforce this).

“The number of organisations blocking removable media has increased compared with responses to the same question in 2017, when 18% said they were physically blocking all removable devices,” said Jon Fielding, managing director for the EMEA at Apricorn. “A unilateral ban isn’t the solution and ignores the problem altogether, while also presenting a barrier to effective working. Instead, businesses should identify corporately approved, hardware-encrypted devices that are only provided to staff with a justified business case for having such. The approved devices should then be white-listed on the IT infrastructure, blocking access to all non-approved media.”

Risk of data breaches

Despite strict security policies, mobile working can still leave organisations wide open to the risk of a data breach. Half (50%) of respondents admitted one of the three biggest problems with mobile working is that they cannot be certain their data is adequately secured. Only around half enforce and are completely confident in their encrypted data in transit (52%), in the cloud (52%) and at rest (51%).

“While the new GDPR legislation requires the ‘Pseudonymisation’ and encryption of personal data, encryption isn’t a new concept, and keeping data secure has always been imperative to any organisation handling sensitive information,” added Fielding.

In conclusion, Fielding stated: “Organisations are simply not following security Best Practice. They need to implement and enforce policies and provide employee training to ensure compliance with the GDPR. Failing to put processes in place is putting confidential data at risk. Organisations now face the prospect of being fined even before a breach has occurred.”

Leave a comment

Filed under Risk Xtra

CDVI UK receives Cyber Essentials accreditation

CDVI UK has announced the company’s successful accreditation to the Cyber Essentials security standards. Cyber Essentials is a Government-backed and industry-supported scheme designed to help organisations protect themselves against common online threats. This set of basic technical controls assists organisations in protecting themselves against common online security threats.

This certification is consistent with the continual desire of CDVI UK to offer secured solutions and products.

CDVI UK has been working with Luke Hargreaves, managing director at Cloud Smart Solutions, to secure the company’s IT network against cyber attacks. The business now has up-to-date and operative cyber security measures in place.

CyberEssentialsLogo

The latest update of the ATRIUM web-based access control to General Data Protection Regulation standards shows that CDVI’s product development is fully connected to the latest trends in the security industry.

The CDVI Group develops products ranging from biometric and online access control solutions through to electromagnetic locking, keypads, stand-alone entrance systems and door automation.

Leave a comment

Filed under Risk Xtra

Spiceworks survey shows one-in-four organisations “not confident” over security of cloud-stored data

Spiceworks has published the results of a new survey examining the adoption and perceptions of cloud storage and file sharing services in businesses across Europe and North America. The results show that Microsoft OneDrive is the most commonly used service, followed by Google Drive and Dropbox (among others). The findings indicate that, although the adoption of cloud storage services has grown rapidly, a quarter of business technology buyers are still concerned about hosting company data in the cloud and are therefore prioritising security when evaluating solution providers.

According to a similar Spiceworks report issued back in March 2016, 53% of organisations were using cloud storage and file sharing services. Among those organisations, 33% were using Dropbox, 31% were using Microsoft OneDrive and 27% were using Google Drive. However, the 2016 report revealed that OneDrive had the highest planned adoption rates.

Today, 80% of organisations are using cloud storage services, while an additional 16% plan to deploy a solution within the next two years. Currently, 51% of organisations are using Microsoft OneDrive, 34% are using Google Drive and 34% are using Dropbox. Additionally, 13% of businesses are currently using Apple iCloud, 6% are using Box, 6% are using Citrix ShareFile and 3% are using Amazon Drive.

When examining adoption rates by company size, the results show that OneDrive has the highest usage in enterprises – defined as businesses with more than 1,000 employees – with an adoption rate of 59%, compared to Google Drive at 29% and Dropbox at 25%.

SpiceworksCloudSecurity

Although OneDrive also claims the top spot in SMEs, the gap in adoption rates among the top players is much smaller. For example, among mid-size businesses with 100 to 999 employees, 54% are using OneDrive, 35% are using Dropbox and 33% are using Google Drive. In small businesses with one to 99 employees, 47% are using OneDrive compared to 39% using Google Drive and 34% using Dropbox.

Security: the most important factor for service selection

Among business technology buyers involved in the purchase decisions for cloud storage services at their organisation, security was considered the most important factor when evaluating providers. In fact, 97% said that security is an important to extremely important factor followed by reliability (96%), cost (93%), ease of use (93%) and vendor reputation (89%). Conversely, technology buyers believe factors such as document collaboration (67%) and app/tool integrations (59%) still matter, but are less important.

When asked to select up to five attributes that they most associate with the top providers, 39% of business technology buyers primarily associate OneDrive with being secure, compared to Google Drive at 28% and Dropbox at 19%. Google Drive ranks the highest in terms of reliability and cost-effectiveness, while Dropbox ranks the highest when it comes to ease of use. Additionally, Microsoft OneDrive was recognised as a trusted vendor and for being integrated with existing apps/tools.

Security of data stored in the cloud

Despite the pervasiveness of cloud storage and file sharing services, some organisations are not confident in the security of their data stored within those services. In fact, 25%of technology buyers believe their data in the cloud is ‘not at all’ to ‘somewhat’ secure. This is perhaps because 16% of organisations have experienced one or more security incidents – such as unauthorised access, stolen credentials or data theft – via their cloud storage service in the last 12 months.

Therefore, organisations are taking extra steps to enhance their data security when using cloud storage and file sharing services. 57% of organisations only allow employees to use cloud storage providers approved by their IT Department, 55% enforce user access controls and 48% train employees on how to use cloud storage services properly.

However, other security measures are less common, such as enforcing multi-factor authentication when using these services (28%), putting a cloud storage/file-sharing security policy in place (28%) and encrypting data in transit (26%) and at rest (22%) via their cloud storage service.

“It’s evident organisations are putting more trust into cloud storage services, but some are still hesitant despite the recent growth in adoption,” explained Peter Tsai, senior technology analyst at Spiceworks. “Although cloud storage services often include features that help in securing sensitive corporate information, there will always be risks involved when entrusting data to a third party.”

The Spiceworks survey was conducted in April and included the views of 544 respondents. Respondents are among the millions of business technology professionals in Spiceworks and represent a variety of company sizes, including SMEs and enterprises. Respondents come from a variety of industries, including manufacturing, healthcare, non-profits, education, Government and finance.

*For more information and a complete list of survey results visit https://community.spiceworks.com/blog/3058-cloud-storage-services-who-claims-the-top-spot-among-microsoft-google-dropbox

Leave a comment

Filed under Risk Xtra, Uncategorized

IFSEC organiser UBM previews ‘The Future of Security’ Seminar Theatre powered by Tavcom Training

In partnership with Tavcom Training, the provider of accredited security systems training courses, IFSEC International organiser UBM has unveiled some of the detail behind ‘The Future of Security’ Seminar Theatre. Sponsored by Panasonic UK, this will deliver a range of essential CPD-accredited presentations on the very latest in security technology design and integration when IFSEC 2018 runs at London’s ExCeL from 19-21 June.

Physical security systems are now heavily dependent on IT-based platforms. This intersection of technologies has opened up significant potential for security installers and engineers to offer even better solutions for their end customers. To reflect this demand, ‘The Future of Security’ Theatre will focus on these opportunities in offering a full set of free seminars. The sessions will expertly target key areas addressing cyber security, IT Best Practice, practical IP networking, integration and system design plus a wide range of additional core areas. All sessions will be delivered by specialist Tavcom trainers.

Delivering insight into the major security challenges, the cyber security sections will look into how robust approaches can strengthen an existing physical security system, providing the end user with even greater resilience to cyber threats.

From an IT security aspect, the sessions will include sessions on understanding firewalls and identifying vulnerabilities which can be inherent in the installation process. In addition, there will be exclusive sessions on the use of drones in security and how this technology is both a benefit and a hazard.

IFSECInternational2018ShowMeHow

‘The Future of Security’ Theatre will be a major element in the new ‘Show Me How’ project at IFSEC International 2018, which will identify education opportunities and exhibiting companies as key destinations where visitors can go to learn about Best Practice and capabilities. Exhibitors will host technical experts on their stands to ensure visitors gain a direct understanding of the products and solutions and making sure they leave fully equipped with the right knowledge.

At the event, all ‘Show Me How’ areas and exhibitors will be clearly signposted to help visitors make the best possible use of their time at IFSEC 2018.

With cyber crime being an ever-present threat exploiting business weaknesses around storing data in multiple locations, Panasonic UK is proactively taking action to thwart such threats by expanding its cyber offerings. In particular at IFSEC International 2018, the business will focus on how integrators and installers can bring additional value to end users by providing ‘cyber safe’ environments.

Paul Tennent, sales director at Tavcom Training, stated: “As a leading training provider for the security and fire installer sectors, Tavcom is excited to be part of the new position IFSEC is taking as a major education provider. Its been interesting to see the insights and research IFSEC has gained over the past year, particularly so in regard to the expectations and direct needs of the installer community. It’s also acutely apparent that growth areas and technologies in and around cyber security are becoming critical, so we’re happy to lend our expertise to the wider IFSEC audience.”

Gerry Dunphy, brand director for IFSEC International, responded: “We’ve been through an extensive research programme over the past 12 months which has provided IFSEC with a clear set of directions, matching the direct needs of our customers. They’ve told us they have a need to understand the future. They need guidance on areas such as how cyber security impacts on physical systems and they need to hear from specialists they can trust. Working with Tavcom Training on ‘The Future of Security’ Theatre is the perfect solution given Tavcom’s history and expertise in these core areas. Our customers have told us what’s keeping them awake at night and it’s IFSEC’s duty to help them rest more comfortably.”

*IFSEC International 2018 is co-located with FIREX International, Safety & Health Expo and The Facilities Show, offering a strategic blend of related business to business events focusing squarely on the protection and management of people, property and assets

Leave a comment

Filed under Risk UK News