Tag Archives: Retail

Evolution launches dedicated retail security website

Evolution, the integrated fire and security business, has launched a dedicated website for its recently-introduced specialist retail division.

The website (evoretailuk.com) is an easy-to-use, simple to navigate showcase for the company’s retail expertise, demonstrating both ‘traditional’ and ‘next generation’ products and systems to protect assets before, during and even after they leave a store.

EvolutionRetail

Philip McKelvey, head of retail sales at Evolution, has explained to Risk UK that the website will be expanded as the division grows.

“We can provide best advice and consultancy on all aspects of security, working with the latest products and technologies from the UK and Europe,” said McKelvey. “Our current range of RFID tags and labels will be constantly updated to include anti-counterfeiting measures. These will all be highlighted and promoted online.”

Evolution’s new retail division is based in Chelmsford.

Leave a comment

Filed under Risk UK News

“EMEA now top source of phishing attacks worldwide” suggests NTT Security’s Global Threat Intelligence Report

Over half (53%) of the world’s most recent phishing attacks have originated in the EMEA region, according to the 2017 Global Threat Intelligence Report (GTIR) published by NTT Security, the specialist security business within the NTT Group.

Analysing global threat trends from 1 October 2015–31 September 2016, the report also shows that, of all phishing attacks worldwide, 38% came from the Netherlands, second only to the US (41%). The data highlights that 73% of all malware globally was delivered to its victims because of a phishing attack.

According to the GTIR, which highlights the latest ransomware, phishing and DDoS attack trends and the impact of these threats against organisations, the UK was the third most common source of attacks against the EMEA behind the US (26%) and France (11%).

In terms of top attack source countries globally, the UK was second only to the US (63%) accounting for 4% of all attacks, just behind China on 3%.

CyberThreatIntelligence

The report reveals some of the biggest regional differences related to brute force attacks, which are commonly used to crack passwords. Of all brute force attacks globally, 45% started in the EMEA, which is more than the Americas (20%) and Asia (7%) combined. In addition, 45% of brute force attacks that deliberately targeted EMEA customers also started in the region.

“While phishing attacks affected organisations everywhere, the EMEA has emerged as the top region for the source of these attacks,” stated Dave Polton, global director of innovation at NTT Security. “These figures, combined with those for brute force attacks, should be of very serious concern for any organisation doing business in the EMEA, especially with the European Union (EU) General Data Protection Regulation just around the corner. Any organisation processing data belonging to EU citizens needs to demonstrate that their information security strategy is robust.”

Polton is calling for more active collaboration between business, Government and law enforcement agencies to tackle global threats and ensure measures are in place that will have a long-lasting and positive impact on global security.

Other key EMEA findings

In the EMEA, over half (54%) of all attacks were targeted at just three industry sectors: finance (20%), manufacturing (17%) and retail (17%). Over 67% of malware detected within the EMEA was some form of Trojan.

Top services used in attacks against the EMEA included file shares (45%), websites (32%) and remote administration (17%).

Frank Brandenburg, COO and regional CEO at NTT Security, said: “We all know that no security plan is guaranteed and that there will always be some level of exposure, but defining an acceptable level of risk is important. Clients are starting to understand that, by default, every employee is part of their organisation’s security team. Businesses are now seeing the value in security awareness training, knowing that educating the end user is directly connected with securing their enterprise.”

Brandenburg added: “Expanding cyber education and ensuring employees adhere to a common methodology, set of practices and mindset are key elements. Clients see that assisting and coaching their employees on the proper use of technology will only enhance the organisation’s overall security presence.”

*Download the NTT Security Global Threat Intelligence Report by accessing the following web address: https://www.nttcomsecurity.com/en/gtir-2017

Leave a comment

Filed under Risk UK News

Genetec announces technology partnership with SimonsVoss

Genetec, the provider of open architecture security and public safety solutions, has announced a technology partnership with SimonsVoss, the manufacturer of electronic locks. Through this partnership, Genetec will be able to integrate the SimonsVoss SmartIntego digital locking cylinder, the ‘Smart Handle’ and padlock wireless locks with its own Synergis solution (the IP-based access control core system in Genetec’s Security Center, the company’s unified IP security platform. This will offer a cost-effective and scaleable solution for a wide range of end user customers, including security and risk managers operating in the spheres of higher education, healthcare, retail and Government institutions.

Customers will be able to enroll SimonsVoss locks into their Synergis access control system with Version 5.6 of Security Center, which is expected to be available in early Q2 2017 through the Genetec Channel Partner Programme.

GenetecLogo

With the cost of hardwired access control installation increasing, in the main due to infrastructure complexity and compliance requirements, the ease and speed of installation of a wireless access control solution saves customers money. It also greatly enhances an organisation’s security for staff, visitors and property (both physical and intellectual).

For systems integrators, this integration will offer a greater choice of industry-standard wireless electronic locks. Overall system design and deployment will be greatly simplified, allowing Genetec-certified channel partners to leverage wireless locks and significantly reduce the installation time and labour costs typically associated with hardwired solutions.

“We’re thrilled to add the SimonsVoss brand to our expanding portfolio of supported locks,” said Derek Arcuri, product marketing manager at Genetec. “Both companies will now be able to offer end users and systems integrators alike a greater choice in access control hardware, whether for designing a new physical security system or updating an existing one.”

Bernhard Sommer, managing director at SimonsVoss, added: “The integration of our SmartIntego locks with the enterprise-class Synergis access control software from Genetec will enable a scaleable access control solution that meets today’s needs while providing an easy pathway to future upgrades.”

When Synergis and SimonsVoss locks are deployed alongside Genetec video surveillance products, end users will be able to view all of their lock events and activities seamlessly linked with live or recorded video, giving them a more complete and unified view of their organisation’s security.

Leave a comment

Filed under Risk UK News, Uncategorized

New report from WhiteHat Security reinforces that organisations must focus on risk

WhiteHat Security has issued its eleventh annual Web Applications Security Statistics Report. Compiled using data collected from tens of thousands of websites, the report reveals that the majority of web applications exhibit, on average, two or more serious vulnerabilities per application for every industry at any given point in time.

The Report’s findings are based on the aggregated vulnerability scanning and remediation data from web applications that use the WhiteHat Sentinel service for application security testing. The research shows that no industry has mastered application security. Of the 12 industries analysed, the IT, education and retail industries suffer the highest number of critical or high-risk vulnerabilities per web application (at 17, 15 and 13 respectively).

The findings also highlight that the IT and retail industries struggle to remediate in a timely manner. It takes approximately 250 days for IT and 205 days for retail businesses to fix their software vulnerabilities.

InternetSecurity2

According to the ‘Window of Exposure’ data contained in the report, another key metric organisations need to pay attention to is the number of days an application has one or more serious vulnerabilities open during a given time period. Across all industries, a substantial number of web applications remain always vulnerable.

A few key highlights of the report include: 

  • Information Technology (IT): 60% of web applications are always vulnerable
  • Retail: Half of all web applications are always vulnerable
  • Banking and financial services: 40% and 41% (respectively) of web applications are always vulnerable
  • Healthcare: 47% of web applications are always vulnerable

“We’ve observed that organisations have hundreds, if not thousands, of consumer-facing web applications, and each of these web apps has anywhere from five to 32 vulnerabilities,” said Tamir Hardof, chief marketing officer at WhiteHat Security. “This means that there are thousands of vulnerabilities across the average organisation’s web applications. While this number is overwhelming, risk ratings can really help security teams prioritise which vulnerabilities they work on fixing first. Unfortunately, what this year’s report tells us once again is that organisations are not really relying on risk levels as a baseline to inform their application security strategies.”

Remediation rates

The report also captures data on vulnerabilities that are fixed once they’re discovered. Generally, the more critical the vulnerability, the more complex they are to understand and remediate.

For nine of the 12 industries analysed, remediation rates are below 50%. In IT, less than 25% of open vulnerabilities are remediated, while vulnerabilities in this industry have an average age of 875 days. The average time-to-fix for vulnerabilities varies by industry, from approximately 15 weeks in the energy industry to 35 weeks in IT.

Key trends from 2013-2015 include the following:

  • Remediation rates declined significantly in IT, which saw a drop from 46% to 24%, and in banking, which dropped from 52% to 42%
  • Financial services and retail saw modest increases in their remediation rates, from 41% to 48% for financial services, and from 42% to 48% for retail
  • The greatest improvement was in the food and beverage industry, where remediation rates quadrupled from 17% to 62%
  • In manufacturing, rates almost doubled from 34% to 66%, while healthcare and insurance increased from 26% to 42%, and from 26% to 44% respectively

“Since 2013, the average time to fix vulnerabilities has trended upward overall, but we’ve seen some great successes with customers who’ve embedded security into the software development process,” said Ryan O’Leary, vice-president of the Threat Research Centre and technical support for WhiteHat Security.

“Discovering vulnerabilities in development is key to reducing vulnerabilities when the application is staged. Introducing source scanning, or SAST, has the potential to eliminate 80%-90% of well-known vulnerabilities. We look forward to seeing how this report will evolve as security and development teams work together more closely around shared security and risk management goals.”

Leave a comment

Filed under Risk UK News, Uncategorized

Case Security awarded Wavestore Enterprise level partner status

Wavestore, the provider of open platform Video Management Software (VMS) that unlocks the full potential of integrated security solutions, has announced that Case Security has become the first systems integrator in the UK to be awarded Wavestore Enterprise level partner status.

Wavestore’s ‘Better Together’ Partner Programme is designed to provide maximum support and real-world advantages for systems integrators such as Case Security, who are choosing to recommend Wavestore VMS solutions to their end user clients.

Olney-based Case Security is one of the UK’s largest and fastest-growing independent providers of bespoke security solutions. Established over 40 years ago, the company has been in private ownership since 1997 and operates predominantly in the banking, retail, commercial, distribution and domestic sectors.

CaseSecurityDaveNewburyWavestoreGlennFletcher

Case Security’s Dave Newbury pictured with Glenn Fletcher, Wavestore’s head of sales 

Meeting clients’ expectations

“We’re proud to be the first in the UK to become a Wavestore Enterprise level partner,” said Dave Newbury, managing director of Case Security. “Most importantly for us, it provides an opportunity to work even closer with the team at Wavestore and our distributor Mayflex, who first introduced us to the benefits of Wavestore’s VMS, in order to ensure that we always meet our end user clients’ expectations.”

Newbury added: “We work with discerning clients who often have very complex security requirements, so it’s good to be able to show them that we have the full support of true partners such as Mayflex and Wavestore who share our passion for delivering Best of Breed, value-added solutions.”

Glenn Fletcher, Wavestore’s head of sales, explained: “Wavestore’s Enterprise partners have unrivalled access to our business and we warmly regard them as an extension of our team. It means we can work together on new business development programmes, as well as provide support every step of the way, to ensure our mutual clients achieve maximum return from their investment in a solution that has Wavestore’s VMS at its heart.”

Leave a comment

Filed under Risk UK News, Uncategorized

IFSEC International 2015: ASSA Abloy reports on a successful event highlighting integrated security solutions

ASSA Abloy used the platform of IFSEC International 2015 to showcase integrated security solutions and access control technology from its leading brands.

At ExCeL London between 16-18 June, the company revealed how its future-proof solutions enable customers to have the correct level of access across a wide range of end user markets, including the commercial, education, healthcare, transport and retail sectors.

Also demonstrated was the flexibility of the available solutions which is enabled through ‘open’ communication technology. Products from ASSA Abloy, Abloy, Mul-T-Lock, Traka and Yale were showcased.

The company’s stand featured an Integration Zone detailing how the group’s access control products offer “an unrivalled proposition” through the use of open communication protocols that are easily scalable and which can be integrated with most security systems (as well as being compatible with all major OEMs).

ASSA Abloy benefited from a successful IFSEC International 2015

ASSA Abloy benefited from a successful IFSEC International 2015

In essence, the Integration Zone showcased the group’s breadth of product offerings and global capability.

Chris Bone, vice-president of access control solutions for the EMEA region at ASSA Abloy, said: “IFSEC International 2015 proved to be a hugely important show for us, not only allowing us to showcase our latest product innovations but also providing the business with an excellent platform to display our ability to operate as a global solutions partner.”

Bone continued: “There was a constant stream of visitors to our stand, all of whom had the opportunity to hear first hand from our partners about why they choose to work with ASSA Abloy and to see the Integration Zone that successfully displayed the flexibility provided by our open communications systems.”

Leave a comment

Filed under Risk UK News

BSI publishes BS ISO 37500: Guidance on Outsourcing

BSI – the business standards company – has published BS ISO 37500: Guidance on Outsourcing, the first overarching ISO standard to set out the generic principles and procedures of outsourcing and assist businesses in accessing a common vocabulary on which to base their communications.

The value of outsourcing has already been noted by those organisations who want to increase efficiencies and reduce costs by contracting work to external third parties. This practice – which encourages mutually beneficial collaborative working relationships – has grown over the past 20 years and is estimated to generate revenues in the region of trillions of US dollars per annum.

Nevertheless, there are challenges and hazards to be encountered. Not all outsourcing deals are a success. Some can fail dramatically – and publicly – while others simply fail to perform well.

BSI ISO 37500 can help organisations boost their business efficiency, gain better value and help avoid costly mishaps. It can assist and support customers, service providers and third party advisors (such as lawyers and consultants) involved in outsourcing.

In particular, it will help organisations to identify the business case for outsourcing, select the most appropriate customer or provider partner, transition to the new operating model and deliver value through the relationship.

BS ISO 37500 can assist and support customers, service providers and third party advisors (such as lawyers and consultants) involved in outsourcing

BS ISO 37500 can assist and support customers, service providers and third party advisors (such as lawyers and consultants) involved in outsourcing

BSI ISO 37500 is relevant to all markets including manufacturing, retail, financial services, the public sector and facilities management.

Dan Palmer, head of market development for manufacturing and services at BSI, explained: “Outsourcing can apply to any business in any industry and in any location. By providing common practices, concepts and procedures that can be used to manage the outsourcing life cycle, BS ISO 37500 will improve the understanding of everyone involved in the process and lead to greater success.”

Benefits of BS ISO 37500

• Improved operability by harmonising communications between organisations engaged in – or in the process of engaging in – outsourcing in national and international markets
• Includes the terminology, concepts and procedures to improve the understanding of all parties involved in outsourcing
• Uses a common vocabulary for outsourcing communications, avoiding misunderstandings and incorrect and/or unrealistic expectations and reducing transaction costs
• Boosts business efficiency which will benefit everyone involved in the process

The international standard was developed by experts from countries including Canada, Germany, India, Malaysia, Netherlands and the UK. Additional UK input came from organisations including AEGON, BP, CapitalOne, DWF, Gartners, IBM, the National Outsourcing Association and PwC.

Adrian Quayle, chairman of the ISO Committee which developed the standard, added: “The benefits of using a standard such as BS ISO 37500 are clear. It provides the cornerstones of what businesses need to get right when they’re outsourcing. The application of this guidance provides all parties involved in outsourcing activities across the life-cycle with the assurance that business objectives can be achieved by using common governance and processes.”

Leave a comment

Filed under Risk UK News