Tag Archives: Risk Management

“Cyber attack fears delaying business innovation” reveals HackerOne survey

A survey conducted by HackerOne has revealed that IT projects are being stifled due to security concerns. More than 80% of UK CISOs and CTOs who were interviewed revealed software IT projects have been hindered due to concerns over inevitable security issues. 90% also agreed that software vulnerabilities pose a significant risk to their organisation.

“Organisations need to find a balance between driving innovation and keeping data safe,” said Laurie Mercer, security engineer at HackerOne. “It’s not surprising that fear around cyber security is hindering this, but by moving beyond traditional cyber security strategies, businesses can start to feel empowered. When I started writing code, new releases of software would take six months to develop and test. Today, new software is released every hour. This new pace of innovation poses a problem for security teams but, by implementing a strategy that supports continuous security, businesses can ensure they’re on alert for any vulnerabilities that software might have. The key is to ensure that security is constantly evolving.”

CISOCIOCyberAttack

Manpower and budgets are also a key concern for security professionals, with 63% believing security team resources are not able to keep up with the pace of development. Lack of budget and other resources including skill sets were also cited as key barriers to creating a well-rounded cyber security strategy by over a third of respondents.

Despite the significant number of concerns around vulnerabilities and limited resources, the survey highlighted that 62% would rather accept the risk of software vulnerabilities than invite unknown hackers to find them, while 63% say they’re only comfortable accepting bug submissions from vetted hackers.

A HackerOne customer and CISO of an international health and beauty retailer said: “I understand first-hand the nature of remaining cautious. As we all know, though, traditional cyber security methods alone are not sufficient. CISOs find themselves in a tricky position, needing to embrace innovation, but while ultimately remaining responsible for cyber security. The security landscape is ever evolving so we need to approach defensive strategies in the same way. By working with ethical hackers, it gives organisations the freedom to work on new projects, spin-up new applications and try different ways of working, while at the same time there’s peace of mind that continuous and ongoing testing is taking place. With ethical hacking, these vulnerabilities can be fixed immediately.”

The research was conducted by Opinion Matters and included input from 200 UK CISOs and CTOs. The findings revealed what CISOs believe to be the biggest risks to businesses, which areas are hindering growth and what kind of technology respondents are likely to implement in order to overcome these challenges.

Leave a comment

Filed under Risk Xtra

Institute of Risk Management pledges commitment to Armed Forces community by signing Armed Forces Covenant

Senior members of the Institute of Risk Management (IRM) recently gathered at a co-signing ceremony for the Armed Force’s Covenant at Horseguards Parade in London. The signing was between the IRM and the Greater London Reserve Force’s and Cadet’s Association (GLRFCA).

Guests included IRM Board members. There were also representatives present from the Kent Army Cadet Force including Lieutenant Colonel Simon Dean OBE, Deputy Commandant Major Richard Phillips and Regimental Sergeant Major Pete Barnes. SO1 Lieutenant Colonel David Utting (head of engagement for the British Army) was also present and gave a brief message on partnering with defence.

The signing between the IRM and GLRFCA signifies an ongoing commitment to service leavers and personnel as laid out in the pledge.

IRMAFC1

Socrates Coudounaris CFIRM (left), chairman of the IRM, and SO1 Lieutenant Colonel David Utting (head of engagement for the British Army)

Socrates Coudounaris CFIRM, chairman of the IRM, said: “It was a great privilege to be here today to co-sign the Armed Forces Covenant. It’s vitally important that the Armed Forces and businesses are mutually engaged. This signifies a wider pledge by the IRM to increase the risk management profession’s visibility to ex-military personnel. We provide accessible and relevant training and qualifications that will help ex-Armed Forces personnel in making the transition to the business world.”

IRMAFC2

Lieutenant Colonel Simon Dean OBE and Captain Vicky Robinson (country PR for the Kent Army Cadet Force and head of marketing and communications at the IRM)

Coudounaris added: “Many of the skills learned by services personnel naturally cross over into the world of risk management and we’re keen to ensure these skills are recognised and that we can help support individuals’ lifelong learning and career transition where possible.”

Drew Jeacock, head of engagement for the GLRFCA, stated: “The Government is committed to supporting the Armed Forces community by working with a range of partners who’ve signed the Armed Forces Covenant. It’s a national responsibility involving Government, businesses, local authorities, charities and the public. Demonstrating commitment to the Armed Forces family is a significant gesture and I hope that the IRM will embrace the intent and values that we hold close to our core. We value the IRM’s support.”

*The IRM supports Captain Victoria Robinson, the organisation’s head of marketing and communications, who’s also the county PR officer for the Kent Army Cadet Force, with leave for annual camp and other cadet-related activities

Leave a comment

Filed under Risk Xtra

Frontline Security Solutions wins first RoSPA Gold Award for Occupational Health and Safety

Frontline Security Solutions has received its first Gold Award from the Royal Society for the Prevention of Accidents (RoSPA), winning in its first year of entering. RoSPA Gold Award winners are recognised for achieving a high level of performance while demonstrating well-developed occupational Health and Safety management systems and culture, an outstanding control of risk and low levels of error, harm and loss.

Frontline Security Solutions is part of Chubb, which itself is a part of Carrier, a leading global provider of innovative HVAC, refrigeration, fire, security and building automation technologies.

Nichola Maher, EH&S manager at Frontline Security Solutions, told Risk Xtra: “Frontline has a robust, people-centric ethic. We’re delighted to receive our first ROSPA accolade, and particularly so as it’s a Gold Award.”

FrontlineROSPA2019

Simon Trundley, project manager for Frontline Security Solutions who collected the award, added: “By demonstrating the robust Health and Safety practices we have in place, we’re helping to ensure that all staff feel safe at work, which gives them more confidence to carry out their roles and responsibilities. It’s an honour to receive such an important award for and on behalf of Frontline Security Solutions.”

By attaining a RoSPA Award, an organisation is acknowledged for its commitment to maintaining a well-balanced approach towards Health and Safety management, as well as demonstrating superior practices in areas such as leadership and workplace contribution.

Leave a comment

Filed under Risk Xtra

Cyber security firm Foregenix scoops Queen’s Award for Enterprise

A cyber security firm has picked up the Queen’s Award for Enterprise. Foregenix, which celebrates its 10th Anniversary this month, received the award for its work in international trade and is believed to be the first cyber security consultancy with a determined focus on protecting the payment and finance industries to pick up the accolade.

Headquartered in the UK, Foregenix has generated around 60% of its revenue from international sales over the past four years, helped by new offices in Boston servicing North America, Frankfurt, Europe, Sydney, Australasia and São Paulo, Brazil and a new base in Singapore in 2019.

Foregenix offers a range of services including managed detection and response, digital forensics, compliance and risk. It’s one of the leading certification companies for payment systems on PCI point-to-point encryption and an authority on ATM ‘cash-out’ attacks.

The Queen’s Award for Enterprise follows on from recognition by The Sunday Times as one of the Top 100 SME exporters in 2017 and 2018.

ForegenixPaulHumpageAndrewHenwoodBenjaminHosack

Left to Right: Paul Humpage, Andrew Henwood and Benjamin Hosack of Foregenix

The Queen’s Awards have recognised the achievements of British businesses since 1965. Around 200 businesses receive the accolade each year.

Co-founder and CTO Andrew Bontoft commented: “It’s testimony to the brilliant work and dedication of our global team that we’ve received this prestigious award. We’re very proud of what the team has achieved and grateful for the recognition this award signifies. We would also like to thank our clients and suppliers for helping us to achieve this honour.”

CEO Andrew Henwood added: “Foregenix aims to protect businesses and organisations from criminals who attempt to endanger people’s livelihoods and futures for their own enrichment. It’s a cause that resonates with our customers. We offer them practical advice and solutions for baked-in security and real risk reduction.”

Leave a comment

Filed under Risk Xtra

Echosec launches security-focused anonymous search tool for The Dark Web

Online data aggregation and information discovery specialist Echosec has introduced Beacon, a search platform for The Dark Web purpose-designed to help discover threats and prevent future attacks.

Beacon is an intelligence tool that helps security teams and public safety professionals alike to find key information from The Dark Web safely through a regular web browser. Previously, the only way to access The Dark Web was through a TOR browser.

The Dark Web is non-indexed and non-secure, yet searching it is crucial for security and public safety organisations as it’s a veritable hotbed for nefarious activity. Beacon provides end users with a single point of entry into The Dark Web and presents critical information in a structured and consistent way.

Organisation of Dark Web data makes analysis of it more efficient and threat intelligence actionable for law enforcement, security and risk managers.

EchosecBeacon

“Beacon helps teams to quickly identify information that can prepare them for the worse case scenario,” said Michael Raypold, CTO at Echosec. “Through Beacon, end users can identify threats quickly and enable efficient issues management.”

A basic Beacon search can provide intelligence on subjects like drug trafficking, the sale of firearms and hacker data. A UK search conducted on 12 April found 14,849 instances of hacker data using the keyword “UK + hacking,” while “UK + credit card” returned 16,600 and “UK + guns” 2,650 results respectively.

More advanced search functions in Beacon have produced thousands of results for information on the sale of identities, e-mail addresses and other personally identifiable information. One excerpt from a credit card search result on a Dark Web site reads: “Hello all clients ! – I’m a hacker, good seller, best tools, sell online 24h. – I want introduce to you my services and sell fresh cvv (visa/master,amex,dis,bin,dob,fullz..) all country, Dumps track 1&2, Account paypal, SMTP, RDP, VPS, Mailers, do WU transfer and Software Bug Transfer Western Union. – I sell cvv Fresh – Fast and Good price.”

Beacon is commercially available and simple and safe to interact with for users of all backgrounds. However, due to the sensitive nature of The Dark Web, Echosec meets with potential customers to review and approve their case before providing access. Echosec also takes steps to ensure that Beacon use is compliant with the current privacy laws and data provider terms.

*More information about Beacon may be found at https://www.echosec.net/darknet/

Leave a comment

Filed under Risk Xtra

BAE Systems launches “major update” to NetReveal platform for financial institutions

The latest version of BAE Systems’ NetReveal platform combines the best of advanced analytics and human expertise to enable financial institutions to effectively combat financial crime and fraud in an environment of rapidly evolving regulatory requirements and changing financial crime patterns.

Faced with increasing transactions, evolving regulations, a growing number of payment channels, customer friction, investigation challenges and strengthening privacy regimes, financial crime and fraud investigators are under pressure to make more confident and intelligence-led decisions and do so at an unprecedented pace.

Built on modernised modular technology, NetReveal addresses these challenges by working smarter and faster and supporting an intelligence-led approach:

Smarter: Profiling and detection against transactional data that commonly takes hours to process is now processed within 30 minutes (on average)

Faster: Advanced analytics with machine learning techniques improve operational performance by driving fewer false positives. Integrated Robotic Process Automation (RPA) means that routine tasks are automated, enabling investigators to focus more on high value strategic investigative work. The Real-Time Detection Engine helps institutions to keep pace with sophisticated criminals across growing digital channels

Intelligence-Led: Entity-based investigations deliver efficiency improvements of 20-30% on average by streamlining multiple detections into a single combined alert dashboard. Interactive lists also provide actionable information to adjudicate alerts effectively

BAESystems

Culmination of major investment

Rob Harrison, head of product and solutions for the financial services sector at BAE Systems Applied Intelligence, said: “This release is the culmination of major investment and engineering development of our financial crime platform and suite of solutions. We’ve focused on providing compliance and fraud teams with the latest advanced analytics, technology advancements and productivity improvements.”

Harrison added: “The latest version of NetReveal combines the best of human expertise and advanced analytics which we believe puts financial institutions in the strongest position possible to address the major market challenges of today, namely regulatory complexity and change, evolving fraud patterns, productivity and efficiency pressures and new risk management approaches.”

Julie Conroy, research director for the Aite Group’s Retail Banking practice, commented: “The use of RPA to improve financial crime operations significantly increases accuracy, reduces operational costs and enhances productivity. Given the growing data challenge, having the ability to advance investigator efficiency by reducing repetitive manual tasks, human error and, by extension, the number of false positives ultimately frees up time to focus on more strategic tasks.”

NetReveal is a single integrated platform for money laundering compliance and fraud prevention, enabling financial institutions to benefit from lower total cost of ownership across their compliance and fraud teams thanks to a single solution.

A comprehensive range of compliance and counter-fraud solutions can be deployed either individually or collectively.

Leave a comment

Filed under Risk Xtra

Linx International Group expands team with new Group marketing manager and marketing co-ordinator

Linx International Group – the global provider of security, risk management, consultancy and training services – has announced the appointment of Group marketing manager Jerry Alfandari and marketing co-ordinator Victoria Carter.

Fluent in both English and German, Alfandari has a proven track record of managing international marketing campaigns including social and digital content strategies. He’s joined by Victoria Carter, who brings expertise in social media, public relations and video production to the team.

On his appointment, Alfandari explained: “I’m excited to be part of a team that’s working with security practitioners at all levels around the world to develop and launch new courses along with innovative training methods.”

Victoria Carter and Jerry Alfandari

Victoria Carter and Jerry Alfandari

Carter added: “Training and education has always been central to my own career progression, so I’m excited to be joining a company that shares my ethos and is committed to professionalism across the security sector.”

Led by director of sales and marketing Sarah Hayward-Turton, the marketing team will promote the Linx International Group brand and the work of its companies – Tavcom Training (including the CTSP Register), PerpetuityARC Training and the Linx Consultancy.

Hayward-Turton stated: “It’s an exciting time to be part of the Linx International Group. We’re bringing new talent into the organisation, as well as nurturing and developing the skills of those that have been with us for many years.”

Alfandari and Carter are based at the Linx International Group’s Training Centre in Bishops Waltham, Hampshire.

Leave a comment

Filed under Risk Xtra