UK and US businesses call for improvement as employee education pinpointed to be biggest cyber security weakness during lockdown

Hardware-encrypted USB drives developer Apricorn has announced the findings from a Twitter poll designed to explore the data security and business preparedness aspects around remote working during the pandemic. More than 30% of respondents singled out employee education as being the biggest area where companies need to make changes to improve cyber security.

The poll ran across six days and targeted employees in both the UK and the US. In addition to concerns about employee education, respondents also flagged updates to hardware (29%), endpoint control (21%) and enforcing encryption (19%) as areas of weakness where organisations need to make changes to strengthen their cyber security posture.

Given that almost 30% of respondents admitted to using unencrypted devices during the pandemic this raises many concerns, and particularly so at a time when we’re seeing a dramatic increase in the volume of data being downloaded along with the potential for more data on the move.

Kurt Markley, director of sales at Apricorn, commented: “Employees have a critical role to play in cyber security processes, from recognising the tools required through to understanding and enacting the policies in place to protect sensitive data. Whether it be through the delivery of awareness programmes or ongoing training, establishing a culture of security within the workforce is now absolutely essential.”

Markley added: “Endpoint security is critical. Deploying removable storage devices with built-in hardware encryption, for example, will ensure that all data can be stored or moved around safely offline. Even if a given device is lost or stolen, the information contained will be unintelligible to anyone not authorised to access it.” 

Not fully prepared

In addition, more than 40% of respondents admitted that, as an individual, they were not fully prepared to work at home securely and productively. Almost a fifth (18%) said they lacked the right technology to do so, 16% were not sure how to and just over 20% stated that they were still not able to work remotely.  

“Many businesses will now have witnessed the positive productivity and financial impact of a remote workforce, but without the right tools, processes and security in place, this can very easily backfire,” continued Markley. 

With the poll results showing that more than 60% of respondents are planning to work remotely either all or some of the time following the pandemic, the threat to corporate data is only going to burgeon. Almost 20% admitted that the experience of working from home has duly highlighted major gaps in their employer’s cyber security strategy/policies.

When questioned as to whether their company had experienced a data breach as a result of remote working during the pandemic, over 20% replied in the afformative, but a further 22% said they didn’t know if they had suffered a breach.

Scrambling to respond

Jon Fielding (managing director for the EMEA at Apricorn) commented: “IT and security teams had to scramble to respond to this crisis and, in doing so, left a lot of companies wide open to breaches. Nine months into employees working remotely, some already know that they’ve been attacked. Others think they may have been, but cannot be certain.”

Fielding concluded: “In the same way that we had to learn how to protect ourselves from illness and modify our behaviour, we also had to learn how to protect our data outside of the firewall and, more importantly, to remain vigilant about it.”

The Apricorn Twitter poll comprised six question and answer options and realised 23,537 responses.

Inner Range offers contact tracing reports to help create safe environments

Access control solutions manufacturer Inner Range is offering customers the ability to identify close contacts of anyone displaying symptoms of COVID-19, or other infectious diseases, by generating detailed reports of where the infected person has been and who else has been near them.

The contact tracing report can be generated and shared quickly and easily. It can show which doors an infected user has passed through, how much time they spent in each area, what time they badged a reader and which other users were near them up to 15 minutes before the infected person arrived and 60 minutes after they left the area.

Reports are completely customisable and multiple variations can be saved to ensure operators have the information they need for a range of requirements.

Inner Range’s general manager Tim Northwood said: “Organisations around the globe are struggling with the challenges raised by the COVID-19 pandemic. One way that we can help to address some of these issues is by assisting organisations to design safer work environments for their staff and customers. Providing a robust contact tracing report will help organisations quickly identify users who could be at risk and interrupt the spread of infection.”

The contact trace report is available via Inner Range’s intelligent integrated access control and security system Integriti and specifically for those end customers using the Integriti Business and Integriti Corporate software editions.

Specific access permissions

The reports can be generated and displayed directly within Integriti and shown on the operator’s screen in a user-friendly format. Reports can be saved in PDF, Excel, CSV, Text, Image or RTF formats along with more advanced options such as generating HTML or creating everything that’s needed for an MHL single-page website.

In addition, Inner Range access systems can provide specific access permissions for each area of a building and include area counting to monitor and limit the number of users in a particular area. This is available for Enterprise-level Integriti as well as Inner Range’s Entry-level system, namely Inception.

Occupancy thresholds can be set for a whole building, a specific area, individual offices or rooms, car parks and lifts. Once the level is reached, further users’ permissions are suspended until the occupancy count has a spare space. All information about occupancy can be transmitted to the site’s Health and Safety manager for real-time monitoring and alerts. A report can be run at any time in order to confirm the occupancy status of any designated area.

HID Global “brings trust” to online and mobile banking in face of cyber threat

As consumers embrace the convenience of online and mobile banking at both traditional and the latest all-digital financial institutions, it has become an increasingly difficult challenge to combat cyber security threats while complying with regulatory data protection mandates. Trusted identity solutions specialist HID Global has solved those challenges for several banks as part of their digital transformation initiatives.

“Our solutions protect data and transactions while delivering a seamless experience for the consumer as well as maximum flexibility for banks,” explained Brad Jarvis, vice-president and managing director of identity and access management solutions at HID Global. “This includes the option of cloud-based authentication services that remove the complexity of providing multifactor authentication to a growing and diverse user population, while also offering the convenience and efficiency of centralised regulatory compliance audits.”

Challenging issues

As a business, HID Global is helping to address some of the most challenging of mobile banking issues. For example, a retail bank in Egypt has improved compliance and reduced fraud and operational costs thanks to an HID Trusted Transactions solution. This is pre-integrated with Temenos digital front office and core banking products.

In addition, a Swiss wealth management group is using the solution, along with the HID ActivID Authentication Server, to optimise flexibility while protecting mobile banking transactions and securing corporate data, applications and systems.

Further, two banks in Eastern Europe and the UK are using the solution for quick and easy compliance with Second Payment Services Directive (ie PSD2) regulations.

Even with financial institutions returning to (almost) normal operating hours, many believe digital banking will grow in importance as part of ensuring business continuity and supporting customers who prefer not to visit their local branch during the ongoing health crisis. According to a McKinsey & Company report, the use of digital channels has grown in Europe by up to 20% during the COVID-19 pandemic.

Adoption of digital banking

“In just a couple of months, customers’ adoption of digital banking has leapt forward by a couple of years,” suggests the document. “Our most recent customer survey showed a 10% to 20% rise in digital banking use across Europe in April. Many Italian banks are striving to enable every single one of their customers to use digital banking. Such a jump in adoption opens the door for banks to turn digital channels into real sales channels, not just convenient self-service tools.”

HID Global’s complete HID Trusted Transactions offer for end users in the banking and finance sector includes the HID Authentication platform delivered either as a server or service, plus a choice of hardware tokens or the HID Approve multi-factor authentication solution with mobile push notification capabilities and the HID Risk Management Solution – Threat and Fraud Detection.

The comprehensive offer from the business delivers risk-based adaptive authentication, threat detection and transaction signing.

*Click here for more information about HID’s advanced multi-factor authentication solutions for the banking sector

Genetec unveils ‘Innovate Everyday’ webinar series for end users and integrators

Genetec, the developer of unified systems for enhanced security, operations and intelligence, has announced a new series of webinars designed to assist end users and system integrators in navigating these testing times.

The sessions outline ways in which customers from various industries are repurposing their existing physical security systems in order to solve specific pandemic-related issues. In addition, they will cover ways in which Genetec is evolving its own solutions to address critical new requirements.

The details for the upcoming webinars are as follows:

Thursday 16 July

Privacy now and after COVID-19 Amid a public health crisis, the global pandemic is raising questions about privacy. How can technology help?

Tuesday 21 July

Physical security innovations to help during the pandemic In this session, experts will discuss the new reality and how technology is being developed and deployed

Tuesday 4 August

Delivering new innovations Experts from Genetec, Quanergy and HID will discuss collaborative innovations that are supporting end users in the current environment

Tuesday 18 August

Identity as the new perimeter Experts will discuss why identity is now the backbone to infrastructure management and the enforcement of security policies

Wednesday 26 August

Machine Learning: Making sense of data Data scientists will explain the use of machine learning to improve product performance, give users greater insights into their physical security data and enable organisations to more effectively automate their processes

*For more information or to register for any of these webinars visit https://www.genetec.com/innovate-everyday

**Watch the promotional video here: https://www.youtube.com/watch?time_continue=1&v=auYzGXGbxgE&feature=emb_logo

WatchGuard report finds two-thirds of malware to be encrypted

WatchGuard Technologies’ latest Internet Security Report shows that 67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and that 72% of encrypted malware was classified as zero day, so on that basis would have evaded signature-based anti-virus protection.

These findings show that, without HTTPS inspection of encrypted traffic and advanced behaviour-based threat detection and response, organisations are missing up to two-thirds of incoming threats. The report also highlights the finding that the UK was a top target for cyber criminals in Q1, earning a spot in the Top Three countries for the five most widespread network attacks.

“Some organisations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard. “As malware continues to become more advanced and evasive, the only reliable approach towards defence is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Key findings

Other key findings from WatchGuard’s latest Internet Security Report include:

Monero cryptominers surge in popularity Five of the Top Ten domains distributing malware in Q1 (identified by WatchGuard’s DNS filtering service DNSWatch) either hosted or controlled Monero cryptominers. This sudden jump in cryptominer popularity could simply be due to its utility. Adding a cryptomining module to malware is an easy way for online criminals to generate passive income

Flawed-Ammyy and Cryxos malware variants join top lists The Cryxos trojan was third on WatchGuard’s Top Five encrypted malware list and also third on its Top Five most widespread malware detections list, primarily targeting Hong Kong. It’s delivered as an e-mail attachment disguised as an invoice and will ask the user to enter their e-mail and password which it stores. Flawed-Ammyy is a support scam where the attacker uses the Ammyy Admin support software to gain remote access to the victim’s computer

Three-year-old Adobe vulnerability appears in top network attacks An Adobe Acrobat Reader exploit that was patched in August 2017 appeared in WatchGuard’s top network attacks list for the first time in Q1 of this year. This vulnerability resurfacing several years after being discovered and resolved illustrates the importance of regularly patching and updating systems

Mapp Engage, AT&T and Bet365 targeted with spear phishing campaigns Three new domains hosting phishing campaigns appeared on WatchGuard’s Top Ten list in Q1 2020. They impersonated digital marketing and analytics product Mapp Engage, online betting platform Bet365 (this campaign was in Chinese) and an AT&T login page (this campaign is no longer active at the time of the report’s publication)

COVID-19 impact Q1 2020 was only the start of the massive changes to the cyber threat landscape brought on by the COVID-19 pandemic. Even in the first three months of 2020, WatchGuard still saw a massive rise in remote workers and attacks targeting individuals

Malware hits and network attacks decline Overall, there were 6.9% fewer malware hits and 11.6% fewer network attacks in Q1, despite a 9% increase in the number of Fireboxes contributing data. This could be attributed to fewer potential targets operating within the traditional network perimeter with worldwide work-from-home policies in full force during the COVID-19 pandemic

Anonymised data

The findings in WatchGuard’s Internet Security Reports are drawn from anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the Threat Lab’s research efforts. Over 44,000 appliances worldwide contribute threat intelligence data to the report. In Q1 2020, they blocked over 32,148,519 malware variants in total (730 samples per device) and more than 1,660,000 network attacks (38 attacks per device).

The complete report includes key defensive Best Practices that organisations of all sizes can use to protect themselves in today’s threat landscape and a detailed analysis of how the COVID-19 pandemic and associated shift to working from home affected the cyber security landscape.

*To view the full report visit Internet Security Report for Q1 2020

Security & Safety Things “sparks new era” in video surveillance with commercial availability of supported cameras

Security & Safety Things is “set to reshape innovation in video analytics and computer vision” with the commercial availability of a number of new IP security cameras from a variety of vendors that leverage the Security & Safety Things open and secure Internet of Things platform. This new generation of security cameras will employ the free Security & Safety Things camera operating system, which enables the cameras to run multiple Artificial Intelligence-enabled applications in parallel.

The apps automate the analysis of video data to produce valuable operational intelligence for business optimisation as well as provide easy-to-deploy tools that can aid in re-opening measures from the COVID-19 pandemic.

“Organisations of all sizes around the world need flexible and easy-to-deploy solutions that enable compliance with constantly changing pandemic-centric Health and Safety mandates and provide future value to ramp up and optimise their ongoing business operations,” stated Hartmut Schaper, CEO of Security & Safety Things.

He continued: “Companies can now deploy cameras running the Security & Safety Things operating system and use a selection of apps from our Application Store to detect the absence of facial coverings in a retail environment. The next day, that same camera can help the same retailer optimise merchandise placement based on store footfall, in one store or throughout the enterprise, along with further optimisations.”

First camera manufacturer

This month, Qisda/Topview will be the first camera manufacturer to launch a camera running the Security & Safety Things operating system, followed in quick succession by AndroVideo, who will also start shipping its own Security & Safety Things-enabled cameras in Q2.

Bosch is making its INTEOX camera line available as of July followed by Vivotek and BSTsecurity, who plan to ship a bit later in Q3. The first devices from Hanwha Techwin that run the Security & Safety Things operating system are expected to be commercially available in Q4. Security & Safety Things, Hanwha Techwin, Vivotek, Bosch, Qisda/Topview and AndroVideo are all members of the Open Security and Safety Alliance.

The free Security & Safety Things operating system is built on the Android Open Source Project. It leverages the expanding processing and analytic power of modern IP cameras to exponentially increase the amount of operational intelligence that can be mined from traditional IP-based surveillance footage.

The applications that can be installed on these cameras, both in an on-premise as well as a remote setting, are created by highly specialised third party developers and available through the platform’s open Application Store. This already features more than 50 applications from more than 35 developer partners, with more than 30 additional apps expected to be available the store very soon.

Typical use cases

In addition to pandemic applications, use cases include the detection of weapons, behavioural analysis, payment systems for garages, drone threat detection and even identifying objects presented for purchase in a cash register transaction for cashier-free retail environments.

Together with some of its camera and system integration partners, Security & Safety Things is already running projects in a live setting. These projects use, for example, heat mapping and queue analysis in retail stores and automated payment processing and license plate recognition for barrier-free traffic.

These types of applications are running in pilots with the parking management solutions provider Peter Park as well as with the leading mobility provider SIXT.

*More information about the Security & Safety Things platform and how businesses can benefit from the platform can be found at www.securityandsafetythings.com

**For an overview of the Artificial Intelligence video apps currently available for the Security & Safety Things-supported cameras, the Application Store may be viewed at https://store.securityandsafetythings.com

 

2020 edition of Security Essen cancelled by Messe Essen due to ongoing COVID-19 pandemic

The 2020 edition of popular international trade fair Security Essen, which was scheduled to run from 22-25 September, has been cancelled due to the ongoing Coronavirus pandemic. According to Messe Essen, customer expectations and the performance promise of the exhibition cannot be fulfilled under the present circumstances. The decision to cancel was taken by Messe Essen in the wake of close consultations with partner associations. The next Security Essen will now run at Messe Essen from 20-23 September 2022.

As a respected international platform for the security industry, Security Essen is always a showcase highlighting the latest innovations. Numerous market leaders in the security industry had already confirmed their participation for this year.

Security Essen covers everything from cyber security through to innovations in building security and new solutions for the protection of valuables. Every other year, circa 1,000 exhibitors from upwards of 40 countries show their innovations to no less than 36,000 trade visitors from 125 different nations.

“Anticipation around the 2020 edition and the new concept we had put in place for Security Essen was so high among all those involved,” explained Oliver Kuhrt, managing director of Messe Essen, “which made the decision to cancel all the more difficult. The fact is that the current situation, as well as the continuing global travel restrictions, will not allow adequate preparation for the trade fair.”

Careful evaluation

Norbert Schaaf, chairman of the Management Board of the Federal Association of Safety Engineering and chairman of the Security Essen Advisory Board, observed: “The cancellation of Security Essen 2020 is the result of a careful evaluation of the current situation which we have undertaken together. Since the majority of our participants come to Essen from abroad, we had to act with prudence. Due to the unclear worldwide development of the Coronavirus pandemic and the associated uncertain travel planning we were left with no alternative.” 

Dr Christian Endreß, managing director of the Federal Association for Security in Industry and Commerce and a member of the Security Essen Advisory Board, added: “Security Essen as an important international event in the security industry’s calendar and a particular highlight for the Federal Association. The cancellation is hitting the industry and the security associations pretty hard. We regret the decision, but we also fully understand it and look forward to 2022 with confidence.”

Dr Harald Olschok, general manager of the Federal Association of the Security Industry and also a member of the Security Essen Advisory Board, concluded: “From the perspective of our member companies, the decision to cancel Security Essen is fully understandable. Personally, I regret this very much, because it would have been my fifteenth and last Security Essen as CEO of the BDSW and the BDGW. The Coronavirus crisis represents an enormous economic challenge for security solutions providers. I’m sure that the management and the entire team of the BDSW and the BDGW with their affiliated member companies are looking forward to Security Essen 2022 when, hopefully, there will be better economic conditions for all.”

Security challenges in telecoms sector met head-on by access control systems

As Catherine Laug explains, the telecoms industry has grown at such a remarkable rate that it’s now a key part of our everyday lives. At present, the COVID-19 pandemic has created an unprecedented requirement for almost all industries to operate a ‘working from home’ policy and to provide the general public with an increased access to online services, in turn making the telecoms industry even more vital.

A major impact of this fundamental change is the presence of a growing number of telecoms facilities, which are proving to be the cornerstone of service delivery. Equipment is often located in isolated areas, so strict access control systems are needed to keep any vulnerability to an absolute minimum.

Telecoms companies cover vast expanses of land to keep the service up-and-running for their customers. This involves several tens of thousands of plants and facilities, from mobile phone towers through to street cabinets for the wired network. This underlines the value of a standardised access control strategy to simplify access to all sites.

Now, maintenance technicians no longer need to worry about accessing the numerous facilities during their daily inspection rounds. Once configured, single electronic key solutions guarantee access to the right place at the right time, allowing technicians to focus their attention on the task at hand.

Specific access processes

For their part, operators are assured that their field teams, often comprised of sub-contractors, can carry out all maintenance work during specified times in line with their specific access processes.

Most of the facilities requiring protection are outdoor sites particularly exposed to wind, sun, snow and sea spray. That being so, access control systems must be able to withstand corrosion caused by bad weather. End users can now specify a certified and conceptual solution to this challenge with cylinders that meet the requirements of the EN 1670 corrosion resistance standard with a, IP66-67-68-69 rating designed to guarantee maximum protection.

In point of fact, the latest generation electronic keys also use inductive technology for contactless information exchange between the key and cylinder. With this technology, the electronic key can transmit access rights to the cylinder even if the humidity at the site has corroded the surface of the lock. In other words, bad connections no longer prevent information from being transmitted between the key and lock.

At some telecommunications towers, access is restricted to those authorised to work at height. Software is now available that liaises with the operator’s information system, collecting select information from the various user profiles to limit access to authorised individuals. This allows operators to use the software to assign access rights for specific areas based on the technician’s profile and authorisation.

To improve on-site control activities, electronic keys work with specific apps and new technology (ie RFID and beacons, etc) to send technicians verification messages about their access rights or required safety instructions (such as wearing a helmet and abiding by the buddy system, etc).

Similarly, users can interact with the central system and submit on-site attendance reports and flag up anomalies errors, etc. These bespoke features are designed to meet ever-stricter security requirements in companies and, importantly, accommodate the latest Government guidelines.

Sub-contracting and shared access sites

Sub-contractors are an increasingly common fixture in both maintenance activities and emergency call-outs. Several officers may well require daily access to a number of scattered, remote facilities.

The access control system is further complicated by the fact that sites may be shared by different businesses. Water towers, for instance, are often used to support radio masts.

It’s now possible to deliver an effective response to multi-activity sites with just one electronic key being needed for countless locks. Officers no longer need to carry large bunches of keys between sites. Instead, they can access the right place at the right time with maximum security.

Communication infrastructures may be the prime target for large-scale attacks wherein those parties involved are looking to compromise the country’s economic potential. They may also attract various types of vandal, tempted by the challenge of scaling facilities or the apparent vulnerability of street cabinets.

Today’s access control solutions are invaluable when it comes to protecting facilities from harm. Electronic cylinders and padlocks have CEN 1303 certification with the highest level of resistance to drilling and, therefore, vandalism.

What’s more, a lost or stolen electronic key can be disabled on a swift footing to prevent any unwanted intrusions. In certain solutions, the built-in reporting feature in the system software aims to report any attempts to gain access outside specified time ranges or in out-of-bounds areas, thereby detecting any anomalies.

Catherine Laug is Group Head of Marketing at LOCKEN

SSAIB praises registered firm PLP Fire Protection for playing vital role at NHS Nightingale Hospital

The Security Systems and Alarms Inspection Board (SSAIB) has been full of praise for one of its registered firms, namely PLP Fire Protection, which has been providing invaluable assistance in the building of the Government’s first emergency field hospital at the ExCeL Exhibition Centre in London’s Docklands.

The temporary NHS Nightingale Hospital has been established to treat up to 4,000 Coronavirus patients, with Dorset-based PLP Fire Protection helping to transform ExCeL (which was due to host IFSEC International and FIREX International next month before the COVID-19 pandemic forced a reschedule) into a working hospital in just nine days.

BAFE SP203-registered PLP Fire Protection has worked diligently with 160-plus other contractors – as well as 200 British Army engineers – to complete the astonishing transformation.

Company director Rob Beeching has revealed just how hard the work has been for him and the various members of his team, whom he has nothing but praise for in what had been a tough week for them all. Replying to an email from Fire Industry Association CEO Ian Moore, Beeching stated: “Quite honestly, this week has been hell. We were literally brought back to site on Monday morning and had the most unrealistic time to make sure the initial 500-bed section was installed and signed off. The effort from my team and the sub-contractors has been incredible. I’m so proud of them all.”

Beeching added: “We have even had tears from some of our guys, but proud tears. Working conditions have been very tough, both physically and mentally. I have been arriving back home at midnight most days this week. Then I just feel like breaking down. It has been an emotional rollercoaster for sure.”

Intensive care scenario

With the initial 500 beds in place, the NHS Nightingale Hospital will care for patients with the virus in intensive care who have been transferred from other London hospitals. The building work continues in order to make sure the space is sorted for the other 3,500 beds planned, but Beeching insisted that he would not force his committed team to continue to work if they were worried about being in close proximity to the virus.

On that note, Beeching observed: “We were told by a representative from the World Health Organisation that, once patients start arriving, although they will be sectioned off by a wall, we would still be working in adjacent halls. They said we would be completely safe. I wasn’t going to force any of my guys to carry on working if they didn’t feel comfortable with the arrangements but, when I asked for a show of hands in terms of who wanted to continue, 80% raised their hands. They’re all in this until the end and feel they cannot leave the site until the job is completed.”

In conclusion, Beeching said: “Even our suppliers have been personally delivering the equipment that we need to site. We are so grateful. The help being offered from so many people has been amazing.”

SSAIB CEO Alex Carmichael informed Fire Safety Matters and Security Matters: “It’s great to see SSAIB-registered firm PLP Fire Protection assisting with the construction of the NHS Nightingale Hospital and I have to commend the company for its dedicated effort during this difficult time.”

Carmichael continued: “On behalf of everyone here at the SSAIB, I want to thank Rob and the rest of his team for their heroic commitment to helping the NHS in this way and as they continue to assist with the creation of more beds at the facility. I hope they all remain safe while completing this vital work.”