Tag Archives: IT

Hanwha Techwin Europe awarded Government’s prestigious Cyber Essentials certification

Hanwha Techwin Europe has been certified as being compliant with the UK Government-backed Cyber Essentials scheme. Administered by the Department for Business, Energy and Industrial Strategy, the industry-supported scheme is designed to help organisations protect themselves against common cyber attacks.

The certificate awarded to Hanwha Techwin Europe verifies that the business has procedures in place specifically designed to minimise the threat of an attack on the IT infrastructure at the company’s headquarters in Chertsey, Surrey and extends to cover laptops used by field-based employees.

HanwhaTechwinEuropeHQ

“We’re constantly evaluating and updating our IT security in order to negate the risk of any disruption to our business or our business partners,” said Bob Hwang, managing director of Hanwha Techwin Europe. “Our cyber security programme is a key element of our ‘We Move With Trust’ philosophy and reflects the proactive stance we’re taking to protect confidential data.”

CyberEssentialsLogo

Hwang continued: “Beyond the scope of the Cyber Essentials scheme, we remain vigilant to ensure that our Wisenet cameras, recording devices and software entrusted to protect property, people and assets are equipped to minimise the threat from cyber attacks. We have a sustained testing and monitoring programme in place designed to identify evolving new threats to the integrity of our solutions. We’re determined to be open and honest with our customers when new cyber security threats are identified and will move quickly to develop further advanced versions of our firmware to combat them.”

Advertisements

Leave a comment

Filed under Risk UK News

Hikvision set to highlight “innovation for the future” at IFSEC International 2017

Hikvision, the supplier of video surveillance products and solutions, will be exhibiting the latest in surveillance technology at IFSEC International 2017 on 20-22 June at ExCeL in London. In 2017, the company’s theme will be ‘Pioneering AI Technology for Video Surveillance’.

This will be a showcase of Hikvision’s latest products and technologies, including the new Turbo 4.0 Series, the H.265+ codec and thermal cameras.

The event also presents an opportunity for attendees to see cutting-edge advances in surveillance technology, including a brand new product and an innovative new set of technologies that come out of the ‘Deep Learning’ concept that’s sweeping through the IT industry at the present time.

HikvisionIFSEC2017

As part of the IFSEC seminar programme, Andy Coles (Hikvision’s key account manager for the UK and Ireland) will join other industry figures for a panel discussion about the future of video surveillance. This will include elements of AI ‘Deep Learning’ and its use in vertical markets and the importance of the security ecosystem.

“Large events like IFSEC are important to us because they give us the chance to connect with our partners and customers”, said Coles. “It’s also great to see what the industry as a whole is doing and to be part of its development into the future.”

*Hikvision will be exhibiting on Stand E800

Leave a comment

Filed under Risk UK News

“It’s time to bury hardware-based security solutions” argues VoipSec’s CEO

Paul German, CEO at VoipSec, believes now is the time for organisations to “bury” dedicated hardware-based security solutions.

“Recent years have seen a fundamental transformation in IT strategy, with networks being more agile and swiftly deployed and applications now deliverable quickly, in any location and scaled to meet an organisation’s requirements,” said German. “From virtualised hardware to network function virtualisation and software defined networking, the hardware and network infrastructure has become decoupled from the application and the application itself is increasingly located anywhere across the cloud.”

According to German, this decoupled approach itself demands a different approach to security. It can no longer be defined by network controls because those networks are virtual, disparate and remote. “When organisations access applications via an Internet address,” commented German, “the physical location is increasingly unknown. Security, therefore, needs to be elastic and flexible.”

German explained that the hardware-based, dedicated Session Border Controller (SBC) doesn’t fit into this model. As an approach to securing the VoIP network, German feels it’s “fundamentally flawed” on many levels.

PaulGerman

Paul German

“It constrains an organisation’s virtualisation strategy. How can a company quickly spin up new cloud-based voice applications, for example? As organisations look to gain the cost, agility and scalability offered by hardware and network virtualisation, the hardware SBC is clearly a problem.”

German added: “Perhaps the most concerning issue is that this approach is flawed from a pure security perspective. Hardware SBCs are considered both one off investments and one off deployments. As every security Best Practice model will attest, with a constantly changing threat landscape any failure to undertake routine updates will leave the organisation vulnerable.”

To be effective, as far as German’s concerned, security solutions must reflect the emerging risk and the current deployment trend.

“A software only model that’s continually updated to mitigate the evolving threat landscape is essential. Software-based SBCs, either on premise or in the cloud, also explore community-led intelligence about threats and risk experiences to rapidly disseminate new threat information and Best Practice. This combination of routine product updates with shared intelligence ensures an attack on a single organisation can be quickly transformed into a patch or update that protects every business from the new risk.”

Despite the widespread adoption of VoIP, the majority of SBC vendors are simply failing to respond and still advise an implement once model. “They fail to update customers on the evolving threat landscape and they cannot support the agile, decoupled infrastructures now required. It begs the question: ‘Just what is the value of the hardware-based SBC?'”

Leave a comment

Filed under Risk UK News

Social engineering “a top cause of cyber incidents” finds Cyber Resilience Report

Research commissioned by Crises Control from the Business Continuity Institute for its annual Cyber Resilience Report 2016 confirms much of what we already suspected about the changing nature of the cyber threat and the way that cyber criminals have found new ways to defeat corporate perimeter security.

66% of respondents to the survey reported that their companies had been affected by at least one cyber security incident over the last 12 months. The costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack. This is focused on the weakest link in the corporate security chain, which is now human beings rather than technology.

The term ‘social engineering’ describes this attack vector, which relies heavily on human interaction and often involves tricking people into breaking normal security procedures. The BCI research shows clearly that phishing (ie obtaining sensitive data through false representation) and social engineering is now the single top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months.

A further 37% were hit by spear phishing (ie phishing through identity fraud).

BCICyber

The research has also confirmed that, to effectively counter this threat, companies now need behavioural threat detection provided by a cyber security network monitoring solution. These plug-in devices monitor your network for signs of suspicious insider activity and failed attempts to hack into the system.

They can also provide invaluable intelligence to be acted upon proactively to nip a successful hack or insider threat in the bud.

Traditional anti-virus monitoring software is no longer enough. The BCI research shows that 72% of companies have this software in place, but only 26% of real cyber security incidents were actually discovered through this route. Much worse, 18% of incidents came to attention through an external source such as a customer, a supplier or the impact on a public website.

Network monitoring solutions are much more effective than anti-virus software in terms of alerting companies to a cyber breach, with 63% of businesses having network monitoring software in place and 42% of cyber incidents being brought to attention through the work of the IT Department to whom such systems report.

The scale of the cyber threat can feel overwhelming at times, but educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience.

The message is simple… Act now before it’s too late.

Leave a comment

Filed under Risk UK News

BeCyberSure launches specialist EU GDPR Risk Assessment service

Information security specialist BeCyberSure has announced the launch of the “most comprehensive GDPR Risk Assessment available”. Conducted by security, risk and compliance specialists, the audit provides organisations with a definitive evaluation of their EU GDPR (General Data Protection Regulation) readiness, as well as what needs to be done to ensure compliance ahead of the 25 May 2018 deadline.

The GDPR supersedes the UK’s Data Protection Act 1998 and applies to every company that collects, processes or stores an EU citizen’s data, regardless of sector, size and geographical location. Enforcement of the GDPR is unaffected by the UK’s decision to leave the EU.

The BeCyberSure GDPR Risk Assessment is said to provide the most rigorous audit process available. The assessment is conducted on and off site by a GDPR specialist, beginning with a detailed review of company policies and governance, procedures and processes, an assessment of physical aspects (such as access to buildings and the storage of paper documents, etc.) and, if deemed necessary, an extensive digital vulnerability test. The audit also involves formal and informal (ie covert) interviews with employees as well as heads of department.

EUGDPRWeb

Carolyn Harrison, marketing director at BeCyberSure, explained that the GDPR is a company-wide issue and should not sit solely with IT.

“Our assessment begins with people, policies and processes to reveal any possible vulnerabilities that would result in non-compliance,” urged Harrison. “We then deep-dive, looking at what data the organisation is capturing, how it’s processed, what consent has been given, where it’s stored and how to dispose of all information that’s not required.” Harrison added: “The best technology in the world can be rendered useless if an open door, whether physical or digital, creates the opportunity to access to data.”

Following the audit, the host organisation is presented with a confidential Advisory Report stating what action (if any) is required to ensure GDPR compliance.

On that note, Harrison stated: “This report is invaluable in terms of benchmarking where an organisation is today, where they need to get to and the best course of action to get there. They can then choose to implement the programme of work themselves, collaborate with BeCyberSure or outsource the entire project to us.”

BeCyberSure has a senior team of GDPR auditors who have a wealth of experience with backgrounds in risk management and compliance, cyber security, policing, intelligence services and the military.

Harrison concluded: “There’s a lot of scaremongering going on about the GDPR and, while it’s true that the potential fines are eye-watering and the threat of personal liability daunting, if organisations act now, then they still have time to put the necessary safeguards in place to be GDPR-compliant. Undertaking a Risk Assessment is the first step in the due diligence process and means that organisations are not spending unnecessarily on their route to compliance.”

*For further information access www.becybersure.com

Leave a comment

Filed under Risk UK News, Uncategorized

84% of small businesses call for intelligent video surveillance as existing systems “fail to protect premises”

A survey1 of small businesses in the UK has discovered that 84% of retail, office and hospitality owners are looking for video surveillance with high resolution images and intelligent features such as remote monitoring to provide superior security for their premises.

85% of respondents also stated that high quality and reliability would be important purchasing considerations when looking to invest in video surveillance.

The survey demonstrates a wide consensus among small business owners that current surveillance solutions in place are not viable to provide the necessary proof of crime at a time when the cost of shop theft is at an all-time high2. It also reveals that new technology is sought to provide the required security level within a given business.

Axis Communications carried out the survey in order to establish small business owners’ key challenges regarding video surveillance and how they believe it could be improved. In addition to stating that high quality images and the ability to access footage remotely on a smart phone or other device is desirable, 70% also suggested that ease-of-use is also high on the agenda.

axiscompanionvms

In light of accessible intelligent technology, 82% of small business owners are considering new video surveillance technology for their premises in order to provide a more up-to-date solution.

The survey results also demonstrate the challenges currently faced by small business owners in regards to their existing video surveillance solutions. A number of factors were revealed as unsatisfactory within their present set-up, including poor quality of images and difficulty of use.

These small business owners reported facing issues with their current video surveillance including “bad quality of system”, “lack of ability to monitor outside of premises” and providing “limited proof of crime”. This feedback further confirms the desire for more intelligent surveillance solutions to help protect businesses and make staff feel safe.

Atul Rajput, regional director for Northern Europe at Axis Communications, observed: “Pioneering technology and the benefits that come with it shouldn’t be limited to corporate entities. With the help of dedicated IT and security installers, the network camera is becoming more accessible and affordable for the small business than ever before. Many small business owners have an awareness that high quality, intelligent solutions are available and are looking for guidance as to how they can make the most of this to protect their premises and, ultimately, their bottom line. A rise in theft and the continued improvements in technology such as remote monitoring and high-quality images are only set to exacerbate this situation.”

Rajput continued: “As legacy video surveillance solutions become obsolete, we’re witnessing a shift in the ways small businesses adopt new solutions. Once regarded as a standalone investment, many now consider IP cameras as a vital upgrade that forms a part of their larger IT infrastructure. Along with this, end users are also looking to remotely access live and pre-recorded video footage anytime and anywhere. The ultimate benefit of this is a solution that delivers information rapidly and cost-effectively and that can benefit from the latest applications as and when they become available.”

References 

1Research was conducted by OnePoll independent market researchers on behalf of Axis Communications between 22 July and 10 August 2016 via an online survey. 500 UK business owners of companies with 1-20 employees that would be involved in the decision to purchase video surveillance equipment for their company premises were surveyed

2http://brc.org.uk/news/2016/cost-of-theft-for-retailers-at-highest-level-since-records-began

Leave a comment

Filed under Risk UK News, Uncategorized

Unwitting cyber scammers cold call industry expert at C3IA Solutions

Would-be cyber scammers made a megabyte blunder when they cold-called Matt Horan of C3IA Solutions: Horan is one of the country’s top cyber security experts. Realising the crooks were trying to take control of his computer, Horan put the call on speaker phone and asked a colleague to record it, with hilarious consequences.

After stringing out the conversation for 35 minutes – during which time he was passed to more senior ‘helpers’ as he posed as an ignorant computer user – Horan then informed the caller that he had no Internet connection.

This prompted the fraudster to use an expletive before hanging up in anger. An edited video of the call has been amusing people across social media.

Horan is keen that the video is used to help people avoid falling for cyber scams. He told Risk UK: “One of the weakest parts of any business’ cyber security is the staff. They do nothing malicious, but can easily assist fraudsters. Along with ‘phishing’ e-mails, this type of phone scam is common and can cause huge amounts of damage.”

Matt Horan, director of C3IA Solutions

Matt Horan of C3IA Solutions

Horan continued: “The caller purports to be from Microsoft or a similar outfit and informs the person who answered the call that there’s a problem with their computer. They then instruct that person to look at the computer’s ‘systems and events logs’, which is simply a log of every action taken. They tell them that this is evidence of ongoing malicious attacks. After that, they try and entice them to log into TeamViewer or something similar which means they then can gain remote access and control of the target computer.”

In addition, Horan stated: “They then have all the information on a computer or network and can infect the system, read e-mails, steal passwords or encrypt the stored data. They can basically do anything they want. Obviously, this can cause massive harm to a business and may well lead to data loss, the theft of funds and the stealing of intelligence as well as cause acute embarrassment.”

C3IA Solutions trains staff at businesses to be ‘cyber-savvy’ and always to hang up on calls like this. If staff are in doubt they should contact their IT support.

“Firms such as Microsoft don’t make calls like the one I took, but they seem authentic,” explained Horan. “Often, the scammers work in pairs so the initial caller can pass over the call to a ‘senior supervisor’, as they tried with me. This gives an added authenticity. Caution should be the watchword when taking calls like this one.”

*The video can be viewed on YouTube: https://youtu.be/ncIehp0fBT8

Based in Poole, Dorset, C3IA Solutions is one of fewer than 20 companies certified by the Government’s National Cyber Security Centre. In addition to its work with Government agencies including GCHQ, the company operates a commercial section that works with businesses, assisting them with their cyber security.

C3IA (a military term) Solutions was set up in 2006 by Horan and Keith Parsons. It has 84 personnel on contract of whom 33 are employees and 51 are associates. The business operates in the defence and security sectors serving both SMEs and multi-national firms.

C3IA is a leading provider of secure ICT, technical programme management and information security services and solutions.

The company takes its Corporate Social Responsibility seriously, supporting serving and past members of the Armed Services. Indeed, the business sponsors those engaged in personal and team development through arduous sporting and other challenges.

Leave a comment

Filed under Risk UK News, Uncategorized