Tag Archives: Tesco

Chubb wins fire and security systems contract with retail giant Tesco

Chubb Fire and Security has secured a new contract with retail giant Tesco to service and maintain fire extinguishers and security systems in UK stores and at Tesco’s head office, as well as the fire extinguishers present in the business’ distribution centres.

The UK’s largest retailer with over 2,600 stores, Tesco has worked with Chubb for a number of years now, using its FX range of fire extinguishers. With this new contract, Chubb will also provide intruder alarm maintenance services for half of Tesco’s estate.

John Simons, the property procurement manager at Tesco, said it was logical to explore the advantages of a combined fire and security contract.


“In choosing a service provider,” outlined Simons, “we look for three things: technical ability, sufficient infrastructure and support to deliver a nationwide contract and value for money.”

Chubb complies with strict Service Level Agreements that ensure maintenance is carried out and calls are responded to within a specified period of time. In addition, engineers sign in and out of all site visits electronically, giving Tesco real-time visibility of engineer attendance as well as the reassurance that systems are fully maintained.

“Given the number of sites involved in this contract, good communication, collaboration and thorough organisation are essential, as well as a willingness to adopt our own procedures such as our electronic sign-in system,” added Simons.

Leave a comment

Filed under Risk UK News

Standard protecting food from malicious and deliberate attack revised by BSI

BSI has revised its PAS (Publicly Available Specification) that safeguards food and drink against malicious tampering. PAS 96 Defending Food and Drink was first published in 2008 as a guide to Hazard Analysis Critical Control Point (HACCP) which identifies and manages risks in supply chains.

The food and drinks industry is used to handling natural errors or mishaps within the food supply chain, but the threat of deliberate attack – although not new – is growing with the changing political climate. Ideological groups can see this as an entry point to commit sabotage or further criminal activity.

Therefore, the impacts of threats to the food supply chain are great. They can include direct losses when responding to acts of sabotage or paying compensation to affected producers and suppliers, customers and distributors. Trade embargoes may be imposed by trading partners and longer term reputational damage may occur as a result of an attack.

David Fatscher, head of market development for sustainability at BSI, explained: “It’s not just events such as the horse meat scandal and the subsequent Elliot Review that realise a need for clarity in the food supply chain. As issues such as ‘Food Terrorism’ become more of a reality, businesses need to be extra vigilant and confident that they’ve set up the basic practices on keeping their supply chains ‘sabotage free-. PAS 96 was specifically designed to minimise the risks associated with deliberate attack, enabling businesses to stay one step ahead and not suffer damage to their reputations.”

BSI has revised PAS 96

BSI has revised PAS 96

The revision of PAS 96 includes the introduction of the Threat Assessment Critical Control Points (TACCP) risk management methodology. The TAACP process will help businesses of all sizes avoid and mitigate threats to their food supply chain.

The development of PAS 96 was sponsored by the Department for the Environment, Food and Rural Affairs (Defra) and the Food Standards Agency.

What PAS 96 can do

• Introduce the TAACP process
• Offer scenarios on how TAACP may be applied in existing businesses
• Provide guidance to food business managers through approaches and procedures to improve the resilience of supply chains to fraud or other forms of attack
• Aim to assure the authenticity of food by minimising the chance of an attack and mitigating the consequences of a successful attack

PAS 96 will benefit all organisations, but may be of particular use to managers of small and medium-sized food enterprises who may not have easy access to specialist advice. It’s of value to those involved in manufacturing, purchasing, supplying and selling food products.

David Fatscher of BSI

David Fatscher: head of market development for sustainability at BSI

Some of the organisations involved in the development of PAS 96 have included Agrico UK Limited, the Department for Environment, Food & Rural Affairs (Defra), the Food Standards Agency, the Global Food Security Programme, Heineken UK, J Sainsbury plc, McDonald’s Europe and Tesco.

Other businesses involved in the standard’s development are Bakkavor, Cargill, GIST Limited, Hilton Food Group plc, Leatherhead Food Research, Raspberry Blonde and SSAFE.

Leave a comment

Filed under Risk UK News

The Customer is King… but what do they want when it comes to online security?

The latest eCustomerServiceIndex (eCSI) Survey produced by IMRG and eDigitalResearch suggests that online shoppers are far more interested in enhanced online security than the latest deals and discounts. Mark Kedgley (CTO at New Net Technologies) has the detail.

Tesco, Target, eBay, Office – all are major retailers with a significant online presence seeking to understand what their customers want to buy, how they want to buy it and what would make them buy more. Indeed, the delivered retail experience and an intimate understanding of consumer psychology is where the retail battles are being fought in 2014.

However, the latest eCustomerServiceIndex (eCSI) Survey1 conducted by IMRG and eDigitalResearch reveals that more than half of those online shoppers surveyed didn’t ask for more loyalty cards, coupon schemes or bigger discounts. What they requested is better online security.

Of course, all of the retailers mentioned have something else in common in that they have all recently been subject to security breaches involving customer payment cards or personal information.

Mark Kedgley: CTO at New Net Technologies

Mark Kedgley: CTO at New Net Technologies

Retailers must improve security measures

The main conclusion drawn by eDigitalResearch from the survey findings is as follows: “Onus is very much on retailers to invest in and improve their security measures for their online customers. Over two thirds (67%) expect organisations to contact them immediately (within six hours) by e-mail or phone if security has been breached and it leads to a potential loss of data.”

In other words, customers don’t just expect to be better protected, but are savvy enough to appreciate that breaches can still happen even with appropriate security Best Practices in place. They want to see contingency plans in place that allow them to be notified within the same business day in the event of a breach occurring.

It speaks of a very realistic view on cyber security and one that’s encompassed not only by the PCI DSS (which online retailers should be operating in order to meet agreements with their banks and the payment card brands), but all other security Best Practice frameworks.

If you consider that the breach at Target was only acted on after it had been operational for two-and-a-half weeks, but during that period over 40 million payment card details were stolen and 70 million customers had their personal identifiable information compromised, you can see why speed of detection is essential. If the six-hour detection and notification deadline expected by customers had been met in this case then the damage would have been minimal, rather than catastrophic as it has been.

Retailers would do well to listen to customers’ expectations and pay heed to the lessons learned by their peers.

The growing consumer awareness of online security will ultimately expose those organisations that fail to take online security seriously to significant repercussions of brand damage that reach far beyond the financial implications of a breach.

1*eDigitalResearch’s and IMRG’s eCustomerServiceIndex

Leave a comment

Filed under Risk UK News

Tesco.com data breach – comment from Kaspersky Lab and SafeNet

In response to this morning’s news that Tesco.com has experienced a significant data breach, David Emm (senior security researcher at Kaspersky Lab) and Jason Hart (vice-president of cloud solutions at SafeNet) offer advice on how consumers can make sure their data isn’t compromised in this type of attack.

“This latest data breach experienced by Tesco.com serves to prove the dangers of using one password across the board,” asserted David Emm (senior security researcher at Kaspersky Lab), “as this simply means that cybercriminals can gain access to all your online assets in one fell swoop.”

Emm continued: “It’s possible to create strong, memorable passwords which don’t use personal data. We’ve all heard the advice from security professionals:

1. Make every password at least eight characters long… and 15 plus is better
2. Don’t make passwords easily guessable. There’s a good chance that personal details such as your Date of Birth, place of birth and partner’s name, etc can be found online (maybe even on your Facebook wall)
3. Don’t use real words as they’re open to ‘dictionary attacks’ (whereby someone uses a program to quickly try a huge list of possible words until they find one that matches your password)
4. Combine letters (including uppercase letters), numbers and symbols
5. Don’t ‘recycle’ passwords (eg ‘david1’, ‘david2’, ‘david3’, etc)

Tesco has suspended thousands of online accounts after cybercriminals targeted log-in credentials and Clubcard points

Tesco has suspended thousands of online accounts after cybercriminals targeted log-in credentials and Clubcard points

“We are all aware that, if we follow this advice, there are too many, and they’re too complicated to remember – especially in the case of an account we don’t use very often.

“Instead of trying to remember individual passwords, start with a fixed component and then apply a simple scrambling formula. Here’s an example… Begin with the name of the online resource. Let’s say ‘mybank’. Then apply your formula. For example…

1. Capitalise the fourth character
2. Move the second last character to the front
3. Add a chosen number after the second character
4. Add a chosen non-alphanumeric character to the end

“This would give you a password of ‘n1mybAk;’.”

There is an alternative method, too. “Instead of using the name of the online resource as the fixed component,” stated Emm, “create your own passphrase and use the first letter of each word. So, if your passphrase is ‘the quick brown fox jumps over the lazy dog’, the fixed component of each password starts out as ‘tqbfjotld’. Then apply your four-step rule.”

Emm also commented: “By using either of these methods, consumers can ensure they have a unique password for each online account and therefore secure themselves against these types of breaches that make use of previously gained information.

“If you find even this too complicated, consider using a password manager – software that automatically creates complex passwords for you, keeps them secure and auto-enters them when you need to log in.”

Companies must focus on what matters most – the data

A former ethical hacker for more than 15 years, Jason Hart (vice-president, cloud solutions at SafeNet) explained: “In 2013, there were over 595 million data records lost or stolen, demonstrating that conventional breach prevention and perimeter-based security are not sufficient for protecting modern data. It’s clear that it’s not a matter of ‘If’ a data breach will occur, but ‘When’.

“On that basis, it’s vital that organisations are taking the correct precautions to ensure their most sensitive data remains protected.

“While the latest Tesco data breach was not a result of a direct attack on the Tesco.com website, it does highlight the wider implications of data breaches. Many people often use the same password across multiple sites, so the true impact of the any data breach is always likely to be bigger than first anticipated.”

Hart went on to state: “This is not the first time that supermarkets have fallen foul to a cyber attack and should serve as a reminder to all retailers of the threat posed by data breaches. Too many Security Departments hold on to the past when it comes to their security strategies, focusing on breach prevention rather than securing the data that they’re trying so hard to protect.

“Methods used by cybercriminals are becoming increasingly sophisticated and, if they want to hack the system or steal data, they will find one way or another to do so.

In conclusion, Hart stressed: “Companies need to focus on what matters most – the data. By using technologies such as encryption that render any data useless to an unauthorised party, as well as tamper-proof and robust key management controls, companies can be safe in the knowledge that their data is protected whether or not a security breach occurs.”

Leave a comment

Filed under IFSECGlobal.com News

“Competition not consolidation” will rule in $110 billion physical security equipment and services sector

According to the latest research from IHS Inc, the global industry for physical security equipment and services was worth a massive $110 billion in 2012, with the Americas accounting for more than 40% of the overall market.

Generating $46 billion in revenue last year, North and South America combined made up 41% of the worldwide trade for physical security equipment and services.

Asia was next with $33 billion, followed by the collective Europe, Middle East and Africa (EMEA) region with $29 billion.

Strong growth is predicted in all the markets for the next few years in the IHS report entitled ‘Total Physical Security Equipment and Services: 2013’.

The global industry for physical security equipment and services was worth a massive $110 billion in 2012

The global industry for physical security equipment and services was worth a massive $110 billion in 2012

At its current level, the industry’s annual revenue is double the budget of the US Department of Homeland Security, and is also on a par with the global revenue of giant corporations such as Nissan Motor Co. of Japan, Tesco in the UK or IBM from the United States.

“This is an industry that managed to stay strong during the recession,” said David Green, senior analyst for video surveillance and security services at IHS. “Now, with the general improvement in the global economy we expect total industry revenue to reach $170 billion a year by 2017, even though growth rates will probably peak before then.”

Competition Rules come into play

As the market matures, questions are arising on whether the industry will consolidate.

Convention states that, as markets age, manufacturers will consolidate until a select few dominate the supply. This is a theory supported by many within the industry.

However, IHS isn’t convinced that this will occur because of the huge level of competition within, and the current fragmentation across the market.

Only two entities, for instance, broke the $2 billion level in annual revenue, with both accounting for a combined market share of 10%. Behind them, only five other companies possess a market share of 1% or higher.

In fact, the Top 15 together only just managed a market share of just above 20%, with the remainder of the market (more than 78%) up for grabs among thousands of other companies.

Focusing on the equipment market shows a similar story, with a very shallow curve to the market share table. In all, about 40 players in the space achieved revenues in excess of $100 million per annum in 2012.

“It’s extremely competitive in every vertical, product and region,” Green explained. “You have several companies that are offering virtually the same product in specification and price, yet the highly personal nature of security sales means that each company can claim its own little niche within the market.”

With the split of Tyco International — one of the largest companies represented in the 2012 data — into ADT, Tyco and Pentair Ltd as separate publicly traded companies, the service market is also set to become even more fragmented in the near-term future.

Is consolidation inevitable?

All this means that consolidation of the market may not be as inevitable as one might expect.

“True, mergers and acquisitions in the physical security market are inevitable and will happen, especially on the product side of things, but not with the impact you might see in other markets,” noted Green.

For a company to make significant moves up the market share table, it would realistically need the combined share of five or more existing manufacturers.

“That’s just not going to happen overnight. This is not an industry where one acquisition propels you straight to the top.”

There’s still a general expectation that in the long-term future the industry will start to become dominated by a select few, but it will be a much slower process than traditional market economy studies predict.

“Yes, it defies accepted market logic to some extent,” concluded Green, “but then at $110 billion and beating the recession, it’s hardly a typical industry anyway.”

The IHS report ‘Total Physical Security Equipment and Services: 2013’ combines annual product revenues for the following equipment types: video surveillance, access control, intruder alarms, perimeter security, entrance control (pedestrians and vehicles), consumer video surveillance, thermal cameras and wireless infrastructure as well as service revenues assigned to Video Surveillance as a Service (VSaaS), Access Control as a Service (ACaaS), remote monitoring services and security systems integration.

Find out more about the research

Leave a comment

Filed under IFSECGlobal.com News