Evolution invests in people development with appointment of Louise Gough as Human Resources manager

Evolution, the integrated fire and security solutions specialist, has appointed Louise Gough as its new Human Resources (HR) manager to lead the business’ recruitment strategy, implement new training and development opportunities, manage employee relations and provide support to the wider business.

Gough joins Evolution with a wealth of HR management experience, including eight years’s service with a market-leading integrated security business where she was also involved in project and bid work and facilities management. Prior to that, Gough worked for a number of large manufacturing and construction firms.

Louise Gough: the new HR manager at Evolution

Now, Gough is looking forward to helping drive even further business growth at Evolution. “It’s a very exciting time for the business,” explained Gough in conversation with Risk Xtra. “The workforce has expanded considerably already this year and further growth is expected as a result of the business being successful in winning some large projects n the UK, the Republic of Ireland and further afield in Europe.”

Further, Gough stated: “I hope to add real value to the business and will start by closely reviewing our recruitment and wider people strategies and use my knowledge and experience to implement new methods that enable us to work smarter, while also enhancing our strong position within the integrated security sector. I want to take the HR burden away from the senior managers and allow them to focus more closely on their own roles, which in turn will lead to more proactive and productive teams.”

Richard Lambert, managing director of Evolution, enthused: “We’re delighted that Louise is joining the team. She has proven experience and great sector knowledge which will be invaluable. There’s no doubt Louise will help to drive the business forward as we continue our plans to grow in the UK and Europe.”

ANT Telecom concludes research project on companies’ communications, lone worker and critical alert procedures

Automated communication specialist ANT Telecom has recently completed research designed to unearth a better understanding of how businesses communicate and respond to incidents in the workplace.

Within its research, ANT Telecom looked at the range of devices employees were using to communicate with colleagues, including lone workers, as well as incident reporting and response timings and the resulting impact these factors have on business continuity in the workplace.

From the variety of communications business have available to adopt, a GSM mobile solution was the most prevalent, with 76.92% confirming it as their preferred device to keep upon their person. However, the research also showed that an overwhelming percentage (71.43%, in fact) used their devices for voice only, leaving just 28.57% with the means necessary to receive real-time plant processing updates and critical alerts directly to their device.

This approach is likely to affect machine downtime and product wastages as employees cannot benefit from instant alerts if an incident occurs, which is greatly beneficial to keeping production lines and machinery running smoothly.

However, real-time information is of no value whatsoever if it’s not used effectively. It’s therefore essential to assess how machine alerts could and should be used to facilitate the quickest response possible.

Machine maintenance

Machine maintenance is also a large part of a company’s communication and its impact on production was also a subject raised in the research. The majority (32%) of those who answered confirmed that it would take between zero and two minutes for an engineer to be notified if a problem occurred with a piece of machinery on the manufacturing or production site, but over 38% stated that this would take more than ten minutes, with 6% confirming it would take over 30 minutes for their business.

Those surveyed were also asked if their alert system automatically distributed machine or processing faults directly to a qualified engineer, who would then attend to the fault, and 73% answered ‘No’. Of course, manufacturing plants have been collecting alert information from machines for years. Supervisory control and data acquisition (SCADA) systems for remote monitoring and control are a standard component of any operating environment, providing a single view of equipment performance on a large screen in a Control Room.

More recently, these systems have gone mobile, offering operators and maintenance engineers alike the chance to view the red, amber and green alerts on a tablet while on, or away from, the factory floor. That’s great, but the way in which organisations respond to these alerts is still, in the main, archaic.

A red alert could prompt a generic page message to which any number of individuals may or may not respond. Alternatively, an operator viewing the red alert on the SCADA screen has to call the engineering team leader who will access a control panel to understand the true nature of the problem and only then identify and contact a team member to resolve the issue.

Impact on productivity

An overwhelming 88% of respondents felt that machine faults impacted productivity in some way, while 44.44% of those questioned thought that the time taken to detect a fault through to a qualified engineer resolving the issue could be reduced. There are numerous ways in which businesses can address this issue in a proactive manner.

Direct integration between a communication system and a control panel, for example, provides immediate information about the nature of the fault. By designing and configuring a smart workflow, it then ensures the communication system automatically contacts the most relevant team, such as electrical engineering specialists, thereby eliminating a number of time-consuming manual steps. Once the designated team member has received the notification, they can confirm their attendance and, critically, provide updates on the repair resolution.

The results of this research highlight some prominent issues for businesses that must be addressed and acted upon accordingly. In an era where increasing regulatory scrutiny is matched by rapid advances in disruptive innovation, there can be no excuse for companies who fail to take advantage of the best available technology. To optimise such technology, it makes sense to partner with a trusted expert, evaluate your exposure and plan for a safer and more connected future.

MOBOTIX Global Partner Conference 2017 goes ‘Beyond Human Vision’

MOBOTIX has successfully completed its largest Global Partner Conference which hosted 234 participants from 46 countries to coincide with the launch of the company’s new website and a strategy that focuses on ‘Beyond Human Vision’.

The three-day event in Langmeil, Kaiserslautern included over 20 presentations covering market trends, sales strategy and technical sessions in areas such as cyber security and the Internet of Things (IoT). The breakout sessions on day three included regional updates and Expert Panels that connected partners with senior MOBOTIX product management executives, developers and solution specialists.

The Global Partner Conference also included project examples from invited customers, among them McDonald’s (Germany), Jashanmal Group (Dubai) and Belfius Bank (Belgium) as well as details of exciting initiatives in Singapore, the United States, Australia and Greece.

For the first time, MOBOTIX welcomed an expanded partner showcase including Gold Sponsorship from Konica Minolta, Genetec, Strops and Milestone Systems plus an additional 11 Silver sponsors across diverse areas such as storage, facial recognition, portable surveillance, wireless connectivity and the IoT.

“Our Global Partner Conference marks the start of a new journey for MOBOTIX that begins with acknowledging our traditions before embracing the transition to a new path that welcomes the opportunities of tomorrow,” enthused Thomas Lausten, CEO at  MOBOTIX, “MOBOTIX is changing and part of that evolution is embracing a future with a new found passion and openness that includes industry standards and third party partners with the goal of delivering higher value solutions.”

Lausten continued: “Our new mission statement to go ‘Beyond Human Vision’ is at the heart of a philosophy that recognises video surveillance is part of a wider potential with MOBOTIX as a foundational platform for innovative solutions to real world challenges in manufacturing, retail, healthcare, transportation and, indeed, many other areas.”

The event coincided with the launch of a new MOBOTIX website, new company branding and the first version of a global partner locator, plus a new White Paper on the vital role MOBOTIX is playing in protecting its technologies from cyber attack.

“EMEA now top source of phishing attacks worldwide” suggests NTT Security’s Global Threat Intelligence Report

Over half (53%) of the world’s most recent phishing attacks have originated in the EMEA region, according to the 2017 Global Threat Intelligence Report (GTIR) published by NTT Security, the specialist security business within the NTT Group.

Analysing global threat trends from 1 October 2015–31 September 2016, the report also shows that, of all phishing attacks worldwide, 38% came from the Netherlands, second only to the US (41%). The data highlights that 73% of all malware globally was delivered to its victims because of a phishing attack.

According to the GTIR, which highlights the latest ransomware, phishing and DDoS attack trends and the impact of these threats against organisations, the UK was the third most common source of attacks against the EMEA behind the US (26%) and France (11%).

In terms of top attack source countries globally, the UK was second only to the US (63%) accounting for 4% of all attacks, just behind China on 3%.

The report reveals some of the biggest regional differences related to brute force attacks, which are commonly used to crack passwords. Of all brute force attacks globally, 45% started in the EMEA, which is more than the Americas (20%) and Asia (7%) combined. In addition, 45% of brute force attacks that deliberately targeted EMEA customers also started in the region.

“While phishing attacks affected organisations everywhere, the EMEA has emerged as the top region for the source of these attacks,” stated Dave Polton, global director of innovation at NTT Security. “These figures, combined with those for brute force attacks, should be of very serious concern for any organisation doing business in the EMEA, especially with the European Union (EU) General Data Protection Regulation just around the corner. Any organisation processing data belonging to EU citizens needs to demonstrate that their information security strategy is robust.”

Polton is calling for more active collaboration between business, Government and law enforcement agencies to tackle global threats and ensure measures are in place that will have a long-lasting and positive impact on global security.

Other key EMEA findings

In the EMEA, over half (54%) of all attacks were targeted at just three industry sectors: finance (20%), manufacturing (17%) and retail (17%). Over 67% of malware detected within the EMEA was some form of Trojan.

Top services used in attacks against the EMEA included file shares (45%), websites (32%) and remote administration (17%).

Frank Brandenburg, COO and regional CEO at NTT Security, said: “We all know that no security plan is guaranteed and that there will always be some level of exposure, but defining an acceptable level of risk is important. Clients are starting to understand that, by default, every employee is part of their organisation’s security team. Businesses are now seeing the value in security awareness training, knowing that educating the end user is directly connected with securing their enterprise.”

Brandenburg added: “Expanding cyber education and ensuring employees adhere to a common methodology, set of practices and mindset are key elements. Clients see that assisting and coaching their employees on the proper use of technology will only enhance the organisation’s overall security presence.”

*Download the NTT Security Global Threat Intelligence Report by accessing the following web address: https://www.nttcomsecurity.com/en/gtir-2017

“New Government must help deliver productivity boost” urges ADS

Defence and security sector Trade Association ADS Group has stated that the UK’s future economic success will depend on the new Government working with industry to achieve a major boost in productivity.

Launching ADS’ five-point ‘General Election Manifesto’, CEO Paul Everitt said the spotlight would be on the new Government’s commitment to putting in place the foundations for substantial gains in productivity by attracting investment, supporting innovation and delivering a Brexit deal designed to sustain UK competitiveness.

“The UK needs a step change in productivity to fully achieve our potential and put vital sectors of our economy on the right footing to compete around the world,” stressed Everitt. “The Government elected on Thursday 8 June will face economic challenges that it must work in partnership with industry to address if we’re to achieve sustainable and long-term economic growth. Any failure to prioritise productivity gains would put at risk the UK’s future ability to generate high value jobs and maximise the economic potential of our ingenuity.”

Paul Everitt: CEO at the ADS Group

Everitt continued: “We need to see the development of an ambitious industrial strategy with full political and financial backing, support for SME investment in technologies and the latest advanced manufacturing processes, and prioritisation of innovation to make sure the UK benefits from the jobs, exports and growth that flow from new ideas.”

The five election priorities set out by ADS are as follows:

(1) Develop an ambitious Industrial Strategy that attracts global investment

The Government must build on successful sector strategies with long-term political and financial backing for an ambitious industrial strategy

(2) Prioritise productivity by investing in supply chains

Given the UK’s long-term productivity challenge, the UK must support SMEs in their ability to invest in new technologies, develop world-class skills and adopt the latest manufacturing processes

(3) Invest in industrial innovation

Prioritising and focusing funding on industrial innovation, as well as scientific research, would ensure that the UK benefits from the jobs, exports and growth that flow from our innovative ideas

(4) Enhance national security by investing in UK capability

The next Government should ensure its value for money analysis recognises and reflects the benefits of equipping a UK supply chain with the capabilities, technologies and engineering services necessary for our long-term national security

(5) Deliver a Brexit deal that sustains our global competitiveness

Our sectors’ ability to compete globally depends on a stable transition to a new deal with the EU that delivers what might best be termed ‘frictionless’ trade and access to regulators, R&D programmes and skills

Organisations “need to do more” to ensure EU GDPR compliance

Organisations need to do more work to ensure compliance with the European Union’s General Data Protection Regulation (GDPR) which is due to come into force in May 2018. While organisations are largely aware of their upcoming obligations, levels of maturity to meet the new standards are low.

Overall, organisations are only complaint with less than 40% of the principles laid out in the GDPR. DLA Piper’s Global Data Privacy Snapshot 2017 notes that some industries are progressing towards compliance better than others. The hospitality and banking sectors are ahead of the rest with 48% and 43% compliance respectively, compared to the average of around 37%. Healthcare and manufacturing are at the bottom end of the scale with 34% and 35% compliance.

Data breaches are already the second greatest concern for business continuity professionals. That’s according to the latest Horizon Scan Report published by the Business Continuity Institute. Unless organisations become compliant by the time the GDPR comes into force then a breach could become even more disruptive.

Patrick Van Eecke, partner and global co-chair of DLA Piper’s Data Protection practice, said: “The responses show that many organisations still have work to do on their data protection procedures. Any organisations operating in Europe will need to see major improvements in their score by May 2018 if they’re to avoid potentially heavy financial penalties under the GDPR, not to mention serious reputational damage as people become more and more aware of their rights in this area.”

Van Eecke added: “With more and more organisations placing data centre stage, data protection will become an increasingly prominent issue. It’s vital that organisations invest now in the strategy and processes needed to help them to meet their obligations.”

Jim Halpert, the US co-chair of DLA Piper’s Global Data Protection practice, added: “As privacy requirements such as privacy by design, data portability and extensively documenting a privacy program become more complex, compliance demands significant operational work that takes time. In this sense, the results are not surprising. The time to step up compliance efforts is this year, not next.”

The GDPR will apply to processing carried out by organisations operating within the EU and to organisations outside the EU that offer goods or services to individuals in the EU.

The UK Government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. Organisations failing to comply with the GDPR after its implementation in 2018 could face fines as high as 4% of global annual turnover.

New report from WhiteHat Security reinforces that organisations must focus on risk

WhiteHat Security has issued its eleventh annual Web Applications Security Statistics Report. Compiled using data collected from tens of thousands of websites, the report reveals that the majority of web applications exhibit, on average, two or more serious vulnerabilities per application for every industry at any given point in time.

The Report’s findings are based on the aggregated vulnerability scanning and remediation data from web applications that use the WhiteHat Sentinel service for application security testing. The research shows that no industry has mastered application security. Of the 12 industries analysed, the IT, education and retail industries suffer the highest number of critical or high-risk vulnerabilities per web application (at 17, 15 and 13 respectively).

The findings also highlight that the IT and retail industries struggle to remediate in a timely manner. It takes approximately 250 days for IT and 205 days for retail businesses to fix their software vulnerabilities.

According to the ‘Window of Exposure’ data contained in the report, another key metric organisations need to pay attention to is the number of days an application has one or more serious vulnerabilities open during a given time period. Across all industries, a substantial number of web applications remain always vulnerable.

A few key highlights of the report include: 

• Information Technology (IT): 60% of web applications are always vulnerable
• Retail: Half of all web applications are always vulnerable
• Banking and financial services: 40% and 41% (respectively) of web applications are always vulnerable
• Healthcare: 47% of web applications are always vulnerable

“We’ve observed that organisations have hundreds, if not thousands, of consumer-facing web applications, and each of these web apps has anywhere from five to 32 vulnerabilities,” said Tamir Hardof, chief marketing officer at WhiteHat Security. “This means that there are thousands of vulnerabilities across the average organisation’s web applications. While this number is overwhelming, risk ratings can really help security teams prioritise which vulnerabilities they work on fixing first. Unfortunately, what this year’s report tells us once again is that organisations are not really relying on risk levels as a baseline to inform their application security strategies.”

Remediation rates

The report also captures data on vulnerabilities that are fixed once they’re discovered. Generally, the more critical the vulnerability, the more complex they are to understand and remediate.

For nine of the 12 industries analysed, remediation rates are below 50%. In IT, less than 25% of open vulnerabilities are remediated, while vulnerabilities in this industry have an average age of 875 days. The average time-to-fix for vulnerabilities varies by industry, from approximately 15 weeks in the energy industry to 35 weeks in IT.

Key trends from 2013-2015 include the following:

• Remediation rates declined significantly in IT, which saw a drop from 46% to 24%, and in banking, which dropped from 52% to 42%
• Financial services and retail saw modest increases in their remediation rates, from 41% to 48% for financial services, and from 42% to 48% for retail
• The greatest improvement was in the food and beverage industry, where remediation rates quadrupled from 17% to 62%
• In manufacturing, rates almost doubled from 34% to 66%, while healthcare and insurance increased from 26% to 42%, and from 26% to 44% respectively

“Since 2013, the average time to fix vulnerabilities has trended upward overall, but we’ve seen some great successes with customers who’ve embedded security into the software development process,” said Ryan O’Leary, vice-president of the Threat Research Centre and technical support for WhiteHat Security.

“Discovering vulnerabilities in development is key to reducing vulnerabilities when the application is staged. Introducing source scanning, or SAST, has the potential to eliminate 80%-90% of well-known vulnerabilities. We look forward to seeing how this report will evolve as security and development teams work together more closely around shared security and risk management goals.”

BSI publishes BS ISO 37500: Guidance on Outsourcing

BSI – the business standards company – has published BS ISO 37500: Guidance on Outsourcing, the first overarching ISO standard to set out the generic principles and procedures of outsourcing and assist businesses in accessing a common vocabulary on which to base their communications.

The value of outsourcing has already been noted by those organisations who want to increase efficiencies and reduce costs by contracting work to external third parties. This practice – which encourages mutually beneficial collaborative working relationships – has grown over the past 20 years and is estimated to generate revenues in the region of trillions of US dollars per annum.

Nevertheless, there are challenges and hazards to be encountered. Not all outsourcing deals are a success. Some can fail dramatically – and publicly – while others simply fail to perform well.

BSI ISO 37500 can help organisations boost their business efficiency, gain better value and help avoid costly mishaps. It can assist and support customers, service providers and third party advisors (such as lawyers and consultants) involved in outsourcing.

In particular, it will help organisations to identify the business case for outsourcing, select the most appropriate customer or provider partner, transition to the new operating model and deliver value through the relationship.

BS ISO 37500 can assist and support customers, service providers and third party advisors (such as lawyers and consultants) involved in outsourcing

BSI ISO 37500 is relevant to all markets including manufacturing, retail, financial services, the public sector and facilities management.

Dan Palmer, head of market development for manufacturing and services at BSI, explained: “Outsourcing can apply to any business in any industry and in any location. By providing common practices, concepts and procedures that can be used to manage the outsourcing life cycle, BS ISO 37500 will improve the understanding of everyone involved in the process and lead to greater success.”

Benefits of BS ISO 37500

• Improved operability by harmonising communications between organisations engaged in – or in the process of engaging in – outsourcing in national and international markets
• Includes the terminology, concepts and procedures to improve the understanding of all parties involved in outsourcing
• Uses a common vocabulary for outsourcing communications, avoiding misunderstandings and incorrect and/or unrealistic expectations and reducing transaction costs
• Boosts business efficiency which will benefit everyone involved in the process

The international standard was developed by experts from countries including Canada, Germany, India, Malaysia, Netherlands and the UK. Additional UK input came from organisations including AEGON, BP, CapitalOne, DWF, Gartners, IBM, the National Outsourcing Association and PwC.

Adrian Quayle, chairman of the ISO Committee which developed the standard, added: “The benefits of using a standard such as BS ISO 37500 are clear. It provides the cornerstones of what businesses need to get right when they’re outsourcing. The application of this guidance provides all parties involved in outsourcing activities across the life-cycle with the assurance that business objectives can be achieved by using common governance and processes.”