Cyber Management Alliance, the global frontrunner in cyber crisis management and training, is delighted to announce that its highly popular course, Cyber Incident Planning & Response (CIPR) has become the first course to be certified by the recently-rebranded NCSC’s certified training scheme, provided by APMG International. The Cyber Management Alliance course was first certified by the Government Scheme in 2016 and is also accredited by the Chartered Institute of Information Security (CIISec).
Interactive, practical, and immersive, the entire course can be conveniently completed by attending a virtual classroom or via a self-paced e-learning environment. Besides gaining imperative insights into key cyber risk-reducing controls for their business, course participants also have the advantage of being trained by Amar Singh, renowned across the globe as one of the top cybersecurity practitioners and the founder and CEO of Cyber Management Alliance.
Online delivery program
Speaking on the launch, Amar said, “I am delighted that APMG has awarded NCSC Certified Training status for the CIPR course, including its online delivery program. The updated and comprehensive course is accessible for all levels of management and technical audiences. The CIPR course is a complete guide to planning and responding to a cyber crisis or a data breach.”
APMG-International’s COO, Nick Houlton, said, “Protecting individuals, teams and organizations from the financial and reputational damage of Cyber Incidents is at the heart of the Information Security Agenda. APMG is delighted to certify this course on behalf of the UK National Cyber Security Center and looks forward to its continuing success in the market.”
Over 300 organizations in 20 different countries have benefitted from the course and internal workshops"
Cyber Management Alliance’s co-founder, Bal Rai, said, “We are pleased to have received NCSC Certified Training certification status. Over 300 organizations in 20 different countries have benefitted from the course and internal workshops and with the launch of the online training it means every organization, globally, can access the knowledge and skills at any time.”
Previous participants of the NCSC-Certified CIPR workshop have come from organizations including the United Nations, UK Ministry of Defense, several UK Police Forces, NHS Trusts, European Central Bank, Swiss National Bank, Microsoft, Ernst and Young and many others.
Responding to a cyber incident
One of the course attendees, Wayne Parkes, Head of ICT - Warwickshire Police UK, had this to say: "Quite a difficult subject to get over sometimes but I think Amar presented it really well. Nice mixture of technical knowledge and practical examples. Good for a very mixed audience as it wasn’t overly technical. I highly recommend it in terms of bringing a mixed group up to speed with the importance of responding to a cyber incident, and what the essentials are, about dealing with it."
SureCloud announces delivering its services through a cloud-based platform, offering a suite of pragmatic and integrated Cybersecurity, Risk, and Advisory services. The company has announced the launch of its Cyber Resilience Assessment (CRA) solution to provide security assurance for organizations transitioning to ‘the new normal’ of remote working.
Cyber Resilience Assessment
The new solution has been introduced in response to the changing threat landscape caused by the rapid move to remote working, in the wake of COVID-19 pandemic.
During this period, organizations have had to adapt quickly to maintain business operations, which in turn, have led to potential compromizes in cybersecurity. SureCloud’s Cyber Resilience Assessment provides a three-stage approach to address this issue.
Assessment of new security and risk posture
Firstly, a response analysis is undertaken to learn the lessons from the enforced move to remote working. This is followed by an assessment of the new security and risk posture considering factors such as radically changed perimeter security and data leakage potential.
During this phase, a targeted phishing exercise is also undertaken in consideration of the dramatic rise in attacks over the course of the COVID period, up by 600%. Finally, based on outputs from the first two phases, a clear plan is produced to stabilize and secure the business considering new and emerging threats.
Remote working guidelines
SureCloud also provides useful remote working guides, which include cybersecurity best practices
SureCloud also provides useful remote working guides, which include cybersecurity best practices, a checklist of security considerations, social engineering services and security clinics with SureCloud’s expert security consultants.
These features, along with access to dynamic reporting using SureCloud’s Gartner recognized platform, basically mean the Cyber Resilience Assessment solution is an effective way to help organizations ensure their cyber resilience and stabilize their business operations.
Countering business risks posed by remote working
Speaking on the launch, Ben Jepson, Vice President of Risk Advisory at SureCloud, said, “Recent global events have caused a widespread business operational change, forcing organizations to adopt remote working practices in a phenomenally short period of time. We fully expect these new practices, or an iteration of them to be the new normal moving forward.”
Ben adds, “Remote working can bring a range of new business risks that impact people, processes, and technology. Therefore, it is important for organizations to take stock of their new risk and security posture, learn lessons from enforced remote working, and implement a plan to ensure their cyber resilience moving forward.”
Enhanced risk management and cybersecurity
He continued, “SureCloud is dedicated to making risk management and cybersecurity as streamlined and straightforward as possible, so we are delighted to announce the launch of our Cyber Resilience Assessment service. We are confident that organizations will find it useful to gain security assurance in their transition to a new way of working.”
Global MSC Security has announced that it has chosen Meningitis Now as its charity for the Global MSC Security Conference and Exhibition 2020, which takes place at the Bristol Hotel in Bristol, United Kingdom, on Monday 9th and Tuesday 10th November, 2020.
The annual event for professionals operating in all areas of the surveillance industry, will help the Bristol and Avon Group (B&A Group) to meet its pledge to raise £100k, for the only charity dedicated to fighting meningitis in the UK.
Global MSC Security Conference and Exhibition 2020
The B&A Group has already raised more than £75k to help fund the ground breaking vaccine project taking place at the University of Bristol, which is aiming to eradicate all strains of the meningitis virus. A fundraising dinner will be hosted on the eve of the Global MSC Security Conference and Exhibition 2020.
Each year the surveillance industry proves its generosity, and I know they will be out in force again for Meningitis Now"
Last year, the Global MSC Security Conference & Exhibition raised £5400 for The Lily Foundation. The Managing Director of Global MSC Security, Derek Maltby stated, “Each year the surveillance industry proves its generosity, and I know they will be out in force again for Meningitis Now.”
Raising funds for charity
Derek Maltby added, “With so many fundraising events canceled and postponed this year due to Coronavirus, it has never been more important to support our charities.”
B&A Group’s Clare Raby, comments, “We have made huge strides in our pledge to raise £100k for Meningitis Now. We are delighted that Global MSC Security has come onboard to help us to achieve and hopefully exceed our target before the end of this year.”
Registrations for the Global MSC Security Conference & Exhibition 2020 opened on 4th May, 2020, along with the announcement of the theme of the conference and keynote speakers.
The 2021 edition of Saudi International Airshow will double in size, with more than 100,000 square meter surface exhibition space, two new exhibition halls, in addition to the existing hall and a static display. Despite COVID-19 and several months of slow business, many requests for exhibiting have been received as Saudi International Airshow will be the first airshow to be held in 2021, the organizers said.
Hosted by Saudi Aviation Club and held under the Patronage of His Royal Highness Prince Sultan bin Salman bin Abdulaziz Al Saud, Chairman of the Saudi Space Commission, Founder and Chairman of Saudi Aviation Club, Saudi International Airshow will take place at Thumamah Airport, Riyadh from 16 to 28 February 2021.
Aerospace products and services
For its second edition, Saudi International Airshow will introduce two new areas: Space & Satellite, and Aviation & Aerospace Cybersecurity, and will host more than 500 international booths where exhibitors will showcase a full range of aerospace products and services. The exhibition will have stations located next to the runway to offer a full range of aircraft available for test flights.
World’s top aviation companies have confirmed their commitment to Saudi International Airshow 2021
The world’s top aerospace and aviation companies have confirmed their commitment to Saudi International Airshow 2021, the organizers added. International Pavilions, representing countries such as USA, France, UK, Russia, China, Czech Republic will have dedicated zones at the show. Saudi International Airshow has become one of the top Aviation & Aerospace events within the Middle East, as Saudi Arabia is the largest market within the region.
Unmanned Aerial Vehicle
Saudi International Airshow connects the Aviation and Aerospace industry to Saudi Arabia. It provides the perfect platform to learn, network and conduct business across all areas of the industry and promote successful worldwide trade. The show will also provide an opportunity to meet the Unmanned Aerial Vehicle (UAV) community and learn about UAV technology.
The outstanding 2019 edition established Saudi International Airshow as one of the key events within the aviation & aerospace industry. The first edition was attended by more than 20,000 people, featured more than 80 aircraft, 57 participating countries, and 267 local and international companies who signed 15 Memorandums of Understanding (MoUs).
You are not alone: operators everywhere are asking themselves what are they going to do? How are they going to get back to business, and fast? How are they going to cost-effectively operate with all the new safety requirements that have arisen as a result of COVID? How are they going to ensure it all gets done for the safety of customers and staff? How are they going to protect their brand from the negative exposure of being identified as a property with a reputation for COVID?
The economic impact of COVID is expected to hit brick and mortar businesses the worst, as their businesses are dependent on people being physically present. According to a recent report by RBC, it is estimated that 70% of Americans expect to avoid public spaces, 57% of Canadians will be unwilling to attend conferences without a vaccine and 63% of people will prefer to drive vs fly.
This means, that for those of you in the business of travel, conferences, co-working spaces, retail stores, museums, art galleries, restaurants, sports arenas, hotels, cruises, airlines, resorts, theme parks, long-term care, education, etc. in the blink of an eye your approach to on-site safety just changed. To ensure your property is safe and secure, it is no longer just about access control, video surveillance and intruder alarms; it is also about sanitisation
To get back to business and operating at full capacity after COVID, operations must find a way to eliminate the fear, uncertainty and doubt in the minds of their customers and employees.
The affect of COVID-19 on safety and security
To safely get back to business, the Centers of Disease Control and Prevention (CDC) emphasis that all operations need a pandemic response planJust like cybersecurity has had a direct impact on the IT strategy and budget, COVID will have a direct hit on the operations strategy and budget. To ensure your property is safe and secure, it is no longer just about access control, video surveillance and intruder alarms; it is also about sanitization, the lines between the security and maintenance just blurred.
From customers, to employees, to government regulators, to management, the focus is now on operations and the sanitization policies, procedures and actions of the team. To put this change of priority into perspective, six months ago, sanitisation was not top of mind for people. Why, because it was not a life or death issue, we had other first world problems to garner our attention.
From an operations perspective if we enabled a sanitization issue to become significant enough to impact the safety of customers and staff and therefore the brand, then that was an operational choice versus a mistake.
Standards for sanitisation
Just like cybersecurity has had a direct impact on the IT strategy and budget, COVID will have a direct hit on the operations strategy and budgetThe issue is, today while the operating priority of sanitization has significantly increased, it is not measured and managed to the same standard as the other safety and security concerns across a business. Also, important to consider, while people may not hold an operation liable during this first wave, we can guarantee they are not going to be as understanding during the second wave or a future pandemic.
To safely get back to business, the Centers of Disease Control and Prevention (CDC) and the Occupational Health and Safety regulators emphasis that all operations need a pandemic response plan and should follow these simple guidelines:
Develop your plan
Implement your plan
Maintain and revise your plan
While this sounds simple enough, keep in mind that requirements are constantly evolving and will continue to do so for the foreseeable future, or at least until all the research is in. To create an emergency response plan for a pandemic, properties must first determine what needs to be sanitized.
The current requirements dictate that most surfaces and objects will just need a normal routine cleaning, it is only the frequently touched surfaces and objects like light switches and COVID has changed the game and made the digital transformation of operating procedures not a ‘nice-to-have’ but a must-havedoorknobs that will need to be cleaned and then disinfected to further reduce the risk of germs on surfaces and objects.
The challenge is when you step back and consider what people touch in a day; the list quickly grows. After only 30 minutes, I easily came up with a list of over 60 items that one could call ‘high touch’! If you think about it, the list is extensive; telephones, doorknobs, drawer handles, counters, pens, keypads, computers, etc. and the list is only going to get longer as the research comes in.
The challenge is when you step back and consider what people touch in a day; the list quickly grows
If we don’t change our ways, not only will we be doomed to continue making the same mistakes, but we will continue to be lost in paper and filing cabinetsTo scope the impact on operations as part of the plan, we must then find and identify all of those high touch things across the property. If we then combine that with the fact that CDC requires that all high touch locations must not only be cleaned more often, but that they also require that each location is first cleaned with soap and water, and then disinfected for one minute before finally being wiped down.
This means a one-minute task just turned into a 4-minute task, that must now be completed multiple times a day. From a resourcing perspective this adds up quickly, and operating efficiency must be a priority. Not to mention it is going to get very complicated to measure and manage especially.
Post COVID rules
Getting back to business is going to be complicated; lots to do, lots of moving parts and no technology to help. The fundamental challenge to keep in mind is not that the sanitization requirements have evolved, the real issue is that for most businesses this area has been left unchanged for generations.
Still today most rely on checklists, logbooks and inspections to manage the responsibilities of our front-line workers, which might have been fine before COVID. Post-COVID the rules have changed and so should the approach to managing physical operating compliance on the front lines. COVID like most physical operating requirements is tactical, detailed and specific; broad strokes, the honor system and inspections are not going to cut it.
The digital transformation
COVID has changed the game and made the digital transformation of operating procedures not a ‘nice-to-have’ but a must-have. If we don’t change our ways, not only will we be doomed to continue making the same mistakes, but we will continue to be lost in paper, filing cabinets filled with checklists, never to be seen again. Only with the right data can we significantly improve the operational decisions necessary to accelerate our return to full operating capacity.
At the end of the day, to fully recover, operations must eliminate the fear, uncertainty and doubt in the minds of customers and employees, only then can we really get back to business.
News reports and opinion columns about face recognition are appearing everyday. To some of us, the term sounds overly intrusive. It even makes people shrink back into their seats or shake their head in disgust, picturing a present-day dystopia. Yet to others, face recognition presents technology-enabled realistic opportunities to fight, and win, the battle against crime.
What are the facts about face recognition? Which side is right? Well, there is no definitive answer because, as with all powerful tools, it all depends on who uses it. Face recognition can, in fact, be used in an immoral or controversial manner. But, it can also be immensely beneficial in providing a safe and secure atmosphere for those in its presence.
Concerns of facial recognition
With the increased facial recognition applications, people’s concerns over the technology continuously appear throughout news channels and social media. Some of the concerns include:
Privacy: Alex Perry of Mashable sums up his and most other peoples’ privacy concerns with face recognition technology when he wrote, “The first and most obvious reason why people are unhappy about facial recognition is that it's unpleasant by nature. Increasing government surveillance has been a hot-button issue for many, many years, and tech like Amazon's Rekognition software is only making the dystopian future feel even more real”.
Accuracy: People are worried about the possibilities of inaccurate face detection, which could result in wrongful identification or criminalization.
Awareness: Face recognition software allows the user to upload a picture of anyone, regardless of whether that person knows of it. An article posted on The Conversation states, “There is a lack of detailed and specific information as to how facial recognition is actually used. This means that we are not given the opportunity to consent to the recording, analyzing and storing of our images in databases. By denying us the opportunity to consent, we are denied choice and control over the use of our own images”
The concerns with privacy, accuracy, and awareness are all legitimate and valid concerns. However, let us look at the facts and examine the reasons why face recognition, like any other technology, can be responsibly used:
Privacy concerns: Unlike the fictional dystopian future where every action, even in one’s own home, is monitored by a centralized authority, the reality is that face recognition technology only helps the security guard monitoring public locations where security cameras are installed. There is fundamentally no difference between a human security guard at the door and an AI-based software in terms of recognizing people on watchlist and not recognizing those who are not. The only difference is that the AI-based face recognition software can do so at a higher speed and without fatigue. Face recognition software only recognizes faces that the user has put in the system, which is not every person on the planet, nor could it ever be.
Accuracy concerns: It is true that first-generation face recognition systems have a large margin for error according to studies in 2014. However, as of 2020, the best face recognition systems are now around 99.8% accurate. New AI models are continuously being trained with larger, more relevant, more diverse and less biased datasets. The error margin found in face recognition software today is comparable to that of a person, and it will continue to decrease as we better understand the limitations, train increasingly better AI and deploy AI in more suitable settings.
Awareness concerns: While not entirely comforting, the fact is that we are often being watched one way or another on a security camera. Informa showed that in 2014, 245 million cameras were active worldwide, this number jumped to 656 million in 2018 and is projected to nearly double in 2021. Security camera systems, like security guards, are local business and government’s precaution measures to minimize incidents such as shoplifting, car thefts, vandalism and violence. In other words, visitors to locations with security systems have tacitly agreed to the monitoring in exchange for using the service provided by those locations in safety, and visitors are indeed aware of the existence of security cameras. Face recognition software is only another layer of security, and anyone who is not a security threat is unlikely to be registered in the system without explicit consent.
In August 2019, the NYPD used face recognition software to catch a rapist within 24 hours after the incident occurred. In April 2019, the Sichuan Provincial Public Security Department in China, found a 13-year-old girl using face recognition technology. The girl had gone missing in 2009, persuading many people that she would never be found again.
Face recognition presents technology-enabled realistic opportunities to fight, and win, the battle against crimeIn the UK, the face recognition system helps Welsh police forces with the detection and prevention of crime. "For police it can help facilitate the identification process and it can reduce it to minutes and seconds," says Alexeis Garcia-Perez, a researcher on cybersecurity management at Coventry University. "They can identify someone in a short amount of time and in doing that they can minimize false arrests and other issues that the public will not see in a very positive way". In fact, nearly 60% Americans polled in 2019 accept the use of face recognition by law enforcement to enhance public safety. Forbes magazine states that “When people know they are being watched, they are less likely to commit crimes so the possibility of facial recognition technology being used could deter crime”.
One thing that all AI functions have been proven to achieve better results than manual security is speed. NBC News writes, “Nearly instantaneously, the program gives a list of potential matches loaded with information that can help him confirm the identity of the people he’s stopped - and whether they have any outstanding warrants. Previously, he’d have to let the person go or bring them in to be fingerprinted”.
Facial recognition can also be immensely beneficial in providing a safe and secure atmosphere for those in its presence With AI, instead of spending hours or days to sift through terabytes of video data, the security staff can locate a suspect within seconds. This time-saving benefit is essential to the overall security of any institution, for, in most security threat situations, time is of the utmost importance. Another way in which the technology saves time is its ability to enable employees (but not visitors) to open doors to their office in real-time with no badge, alleviating the bottleneck of forgotten badge, keycode or password.
A truly high-performance AI software helps save money in many ways. First, if the face recognition software works with your pre-existing camera system, there is no need to replace cameras, hence saving cost on infrastructure. Second, AI alleviates much of the required manual security monitoring 24/7, as the technology will detect people of interest and automatically and timely alert the authorities. Third, by enhancing access authentication, employees save time and can maximize productivity in more important processes.
AI-enabled face recognition technology has a lot of benefits if used correctly. Can it be abused? Yes, like all tools that mankind has made from antiquity. Should it be deployed? The evidence indicates that the many benefits of this complex feature outweigh the small chance for abuse of power. It is not only a step in the right direction for the security industry but also for the overall impact on daily lives. It helps to make the world a safer place.
Companies are following government guidance and getting as many people as possible working from home. Some companies will have resisted home working in the past, but I’m certain that the sceptics will find that people can be productive with the right tools no matter where they are. A temporary solution will become permanent. But getting it right means managing risk.
Access is king
In a typical office with an on-premise data center, the IT department has complete control over network access, internal networks, data, and applications. The remote worker, on the other hand, is mobile. He or she can work from anywhere using a VPN. Until just recently this will have been from somewhere like a local coffee shop, possibly using a wireless network to access the company network and essential applications.
CV-19 means that huge numbers of people are getting access to the same desktop and files, and collaborative communication toolsBut as we know, CV-19 means that huge numbers of people are getting access to the same desktop and files, applications and collaborative communication tools that they do on a regular basis from the office or on the train. Indeed, the new generation of video conferencing technologies come very close to providing an “almost there” feeling.
Hackers lie in wait
Hackers are waiting for a wrong move amongst the panic, and they will look for ways to compromise critical servers. Less than a month ago, we emerged from a period of chaos. For months hackers had been exploiting a vulnerability in VPN products from Pulse Secure, Fortinet, Palo Alto Networks, and Citrix. Patches were provided by vendors, and either companies applied the patch or withdrew remote access. As a result, the problem of attacks died back.
But as companies race to get people working from home, they must ensure special care is taken to ensure the patches are done before switching VPNs on. That’s because remote desktop protocol (RDP) has been for the most part of 2019, and continues to be, the most important attack vector for ransomware. Managing a ransomware attack on top of everything else would certainly give you sleepless nights.
As companies race to get people working from home, they must ensure special care is taken to ensure the patches are done before switching VPNs on
Hackers are waiting for a wrong move amongst the panic, and they will look for ways to compromise critical serversExposing new services makes them also susceptible to denial of service attacks. Such attacks create large volumes of fake traffic to saturate the available capacity of the internet connection. They can also be used to attack the intricacies of the VPN protocol. A flow as little as 1Mbps can perturbate the VPN service and knock it offline.
CIOs, therefore, need to acknowledge that introducing or extending home working broadens the attack surface. So now more than ever it’s vital to adapt risk models. You can’t roll out new services with an emphasis on access and usability and not consider security. You simply won’t survive otherwise.
Aside from securing VPNs, what else should CIO and CTOs be doing to ensure security? The first thing to do is to look at employee behavior, starting with passwords. It’s highly recommended that strong password hygiene or some form of multi-factor authentication (MFA) is imposed. Best practice would be to get all employees to reset their passwords as they connect remotely and force them to choose a new password that complies with strong password complexity guidelines.
As we know, people have a habit of reusing their passwords for one or more online services – services that might have fallen victim to a breach. Hackers will happily It’s highly recommended that strong password hygiene or some form of multi-factor authentication (MFA) is imposedleverage these breaches because it is such easy and rich pickings.
Secondly, the inherent fear of the virus makes for perfect conditions for hackers. Sadly, a lot of phishing campaigns are already luring people in with the promise of important or breaking information on COVID-19. In the UK alone, coronavirus scams cost victims over £800,000 in February 2020. A staggering number that can only go up. That’s why CIOs need to remind everyone in the company of the risks of clickbait and comment spamming - the most popular and obvious bot techniques for infiltrating a network.
Notorious hacking attempts
And as any security specialist will tell you, some people have no ethics and will exploit the horrendous repercussions of CV-19. In January we saw just how unscrupulous hackers are when they started leveraging public fear of the virus to spread the notorious Emotet malware. Emotet, first detected in 2014, is a banking trojan that primarily spreads through ‘malspam’ and attempts to sneak into computers to steal sensitive and private information.
In addition, in early February the Maze ransomware crippled more than 230 workstations of the New Jersey Medical Diagnostics Lab and when they refused to pay, the vicious attackers leaked 9.5GB or research data in an attempt to force negotiations. And in March, an elite hacking group tried to breach the World Health Organization (WHO). It was just one of the many attempts on WHO and healthcare organizations in general since the pandemic broke. We’ll see lots more opportunist attacks like this in the coming months.
More speed less haste
In March, an elite hacking group tried to breach the World Health Organization (WHO). It was just one of the many attempts on WHOFinally, we also have bots to contend with. We’ve yet to see reports of fake news content generated by machines, but we know there’s a high probability it will happen. Spambots are already creating pharmaceutical spam campaigns thriving on the buying behavior of people in times of fear from infection. Using comment spamming – where comments are tactically placed in the comments following an update or news story - the bots take advantage of the popularity of the Google search term ‘Coronavirus’ to increase the visibility and ranking of sites and products in search results.
There is clearly much for CIOs to think about, but it is possible to secure a network by applying some well thought through tactics. I believe it comes down to having a ‘more speed, less haste’ approach to rolling out, scaling up and integrating technologies for home working, but above all, it should be mixed with an employee education program. As in reality, great technology and a coherent security strategy will never work if it is undermined by the poor practices
The global pandemic caused by the novel coronavirus is changing work environments to an unprecedented degree. More employees than ever are being asked to work remotely from home. Along with the new work practices comes a variety of security challenges.
Without the proper precautions, working from home could become a cybersecurity nightmare, says Purdue University professor Marcus Rogers. “Criminals will use the crisis to scam people for money, account information and more,” he says. “With more people working from home, people need to make sure they are practicing good cybersecurity hygiene, just like they would at work. There is also a big risk that infrastructures will become overwhelmed, resulting in communication outages, both internet and cell.”
Concerns about the coronavirus have increased the business world’s dependence on teleworking. According to Cisco Systems, WebEx meeting traffic connecting Chinese users to global workplaces has increased by a factor of 22 since the outbreak began. Traffic in other countries is up 400% or more, and specialist video conferencing businesses have seen a near doubling in share value (as the rest of the stock market shrinks).
Basic email security has remained unchanged for 30 years
Email is a core element of business communications, yet basic email security has remained unchanged for 30 years. Many smaller businesses are likely to still be using outdated Simple Mail Transfer Protocol (SMTP) when sending and receiving email. “The default state of all email services is unencrypted, unsecure and open to attack, putting crucial information at risk,” says Paul Holland, CEO of secure email systems provider Beyond Encryption.
“With remote working a likely outcome for many of us in the coming weeks, the security and reliability of our electronic communication will be a high priority,” says Holland. The company’s Mailock system allows employees to work from any device at home or in the office without concerns about data compromise or cybersecurity issues.
Acting quickly and effectively
As the virus spreads, businesses and organizations will need to act quickly to establish relevant communication with their employees, partners and customers surrounding key coronavirus messages, says Heinan Landa, CEO and Founder of IT services firm Optimal Networks. Employers should also enact proper security training to make sure everyone is up to speed with what’s happening and can report any suspicious online activity.
Reviewing and updating telework policies to allow people to work from home will also provide flexibility for medical care for employees and their families as needed.
Scammers, phishing, and fraud
An additional factor in the confusing environment created by the coronavirus is growth in phishing emails and creation of domains for fraud. Phishing is an attempt to fraudulently obtain sensitive information such as passwords or credit card information by disguising oneself as a trusted entity. Landa says homebound workers should understand that phishing can come from a text, a phone call, or an email. “Be wary of any form of communication that requires you to click on a link, download an attachment, or provide any kind of personal information,” says Landa.
Homebound workers should understand that phishing can come from a text, a phone call, or an email
Email scammers often try to elicit a sense of fear and urgency in their victims – emotions that are more common in the climate of a global pandemic. Attackers may disseminate malicious links and PDFs that claim to contain information on how to protect oneself from the spread of the disease, says Landa.
Ron Culler, Senior Director of Technology and Solutions at ADT Cybersecurity, offers some cyber and home security tips for remote workers and their employers:
When working from home, workers should treat their home security just as they would if working from the office. This includes arming their home security system and leveraging smart home devices such as outdoor and doorbell cameras and motion detectors. More than 88% of burglaries happen in residential areas.
When possible, it’s best to use work laptops instead of personal equipment, which may not have adequate antivirus software and monitoring systems in place. Workers should adhere to corporate-approved protocols, hardware and software, from firewalls to VPNs.
Keep data on corporate systems and channels, whether it’s over email or in the cloud. The cyber-protections that employees depended on in the office might not carry over to an at-home work environment.
Schedule more video conferences to keep communication flowing in a controlled, private environment.
Avoid public WiFi networks, which are not secure and run the risk of remote eavesdropping and hacking by third parties.
In addition to work-from-home strategies, companies should consider ways to ensure business cyber-resilience and continuity, says Tim Rawlins, Director and Senior Adviser for risk mitigation firm NCC Group. “Given that cyber-resilience always relies on people, process and technology, you really need to consider these three elements,” he says. “And your plan will need to be adaptable as the situation can change very quickly.”
Employees and their employers
Self-isolation and enforced quarantine can impact both office staff and business travelers
Self-isolation and enforced quarantine can impact both office staff and business travelers, and the situation can change rapidly as the virus spreads, says Rawlins.
Employees should be cautious about being overseen or overheard outside of work environments when working on sensitive matters. The physical security of a laptop or other equipment is paramount. “It’s also important to look at how material is going to be backed up if it’s not connected to the office network while working offline,” says Rawlins.
It’s also a good time to test the internal contact plan or “call tree” to ensure messages get through to everyone at the right time, he adds.
HID Global is introducing a new “flagship” line of access control readers as successors to the iCLASS line. The new HID Signo readers will support 15 different credentialing formats and communicate using the latest NFC (near field communication), BLE (Bluetooth Low Energy) and OSDP (Open Supervised Device Protocol) standards. HID Global says the new readers will simplify integration to more secure and mobile credentials.
HID Global has invested in a “future-proof” approach that both accommodates a variety of current market needs and can adapt to embrace new technologies as they come onto the market. The new line incorporates “all the hardware you need,” combining the capabilities of older generations of readers into a single product.
Simplifying the choice of readers
The new reader line seeks to simplify the choice of readers in a time when a variety of trends is complicating the access control market, from cloud systems to mobile access to identity management.
“We are simplifying the way we bring our products to market, and baking it all into our readers,” says Harm Radstaak, HID Global Vice President and Managing Director. “If an installer takes a reader out of the box and mounts it on the wall, it just works.”
We are simplifying the way we bring our products to market"
In designing the product, HID sought feedback from channel partners, installers, consultants and end users on how the new readers would function. In addition, the company sought advice from architects on the design of the product. Aesthetics and industrial design elements were a priority because they ideally reflect the quality and “promise” of how the product will perform.
Cybersecurity is another emphasis. The readers store cryptographic keys and process cryptographic operations on certified EAL6+ secure element hardware, and custom authentication keys can be used for organizations who prefer that level of control. EAL6+ certification is a designation of the Evaluation Assurance Level of an IT product or system (the highest score is EAL7). Signo also includes a velocity checking feature designed to mitigate and thwart brute force attacks.
“The new Signo line is a continuation of the journey we have been on,” says Radstaak. “It is the natural succession of what we have been doing for years, and it underlines our position in the market.” By natively supporting mobile credentials, the new product line reinforces HID’s commitment to mobile systems, which the company first brought to market in 2014. Signo readers also include Enhanced Contactless polling to support mobile credentials in Apple Wallet.
Embracing the OSDP standard, which was created in 2008, also addresses the growing customer need for bi-directional, secure communications. There is built-in support for OSDP Secure Channel as well as legacy Wiegand communication for organizations seeking to transition.
Signo incorporates support for most credential technologies globally, including Seos, credentials with HID’s Secure Identity Object, and a variety of 125kHz legacy technologies such as Indala and Prox.
The flexibility and openness of Signo is a response to the acceleration of new technologies entering the access control market. “If you look at new technologies in general, our market has been slow in adopting them,” says Radstaak. “However, with new entrants in the market, new technologies, new device manufacturers and artificial intelligence (AI), I believe the market is adopting new technologies much faster than before. Users are much savvier.”
Administrators will be able to remotely configure and diagnose readers
Radstaak says he expects market adoption of the new readers will be fast. “Customers have been waiting for this platform,” he says. “This has been a tremendous investment for HID Global, and it underlines our position in the market with its open platform, simplicity and future-proofing. We are prepared for whatever comes next technology-wise.”
With Signo readers, administrators will be able to remotely configure and diagnose readers as well as monitor status through a centrally managed and connected reader ecosystem.
As a member of the FiRA Consortium, HID Global has advocated bringing new technology to market based on the “fine ranging” capabilities of ultra-wideband (UWB) technology, which has applications in detection of the precise location or presence of a connected device or object. It’s the kind of technology that Signo platform’s “future-proofing” approach is geared to accommodate. “As the capability unfolds, we will be there to adapt,” says Radstaak.
The U.S. Department of Homeland Security (DHS) will be participating at ISC West in a big way. Representatives of the federal department will be taking part in more education sessions this year, and the DHS tech-scouting team will be on hand to view the latest technologies on display at the show. Exhibitors – and anyone else at the show – are invited to the “DHS Town Hall” on March 19 (Thursday) at 3:30 p.m. in meeting room Galileo 1001. The aim is for DHS to engage with the technology community and provide guidance as industry innovation moves forward.
In the face of growing operational demands and complex threats, the need for homeland security technology solutions continues to rise. The Department of Homeland (DHS) is seeking new ideas and partners to safeguard public trust, save lives, reduce risks, and protect the flow of commerce and goods for the community. They will share information about the department’s problem sets, capability needs and business opportunities for accelerating technology development to ensure they are keeping pace with the speed of innovation and complex threats.
Speaking at ISC West
DHS seeks to challenge industry partners to develop technology to enhance security operations across multiple end user missions. The DHS Science and Technology Directorate (S&T) and Cybersecurity and Infrastructure Security Agency (CISA) will jointly speak and exhibit at ISC West.
Attendees can meet DHS professionals working in cyber security, critical infrastructure, resilience, aviation security, border and port operations, and first responder capabilities. Attendees are invited to visit the DHS exhibit booth #33040 in the Drones and Robotics Zone.
The DHS Town Hall on Thursday, titled “Enhancing Security and Doing Business at the Speed of Life,” will be a “call to action” for show participants to help secure the future. DHS seeks to become more agile and to pursue new pathways to do business in a fast-moving world. Through strategic partnerships, DHS is mobilizing the innovation community to safeguard the public trust.
DHS will also be participating in these sessions at ISC West, March 17-20 at the Sands Expo, Las Vegas, Nev:
You Say It’s Going to Change the World? Tues., March 17, 9:45 a.m., Sands 302.
Security relies on anticipating what comes next and staying a step ahead. How will 5G increase secure capabilities and reduce threats from bad actors? How will blockchain secure personal and financial identity and when will quantum computing render all encryption obsolete? How is DHS investing in counter-drones? How does AI change the security landscape?
The New Federal Security Landscape – Are You Prepared? Wed., March 18, 1 p.m., Sands 302.
The federal security landscape is evolving alongside the private sector. What are the new high-risk areas of concern and how are emerging threats (cyber, UAS) changing the way federal facilities are protected? How are these new risks balanced against traditional ones? How is the Interagency Security Committee (ISC) responding? DHS panelists will discuss.
CISA Special Guest Speaker at SIA Interopfest. Wed., March 18, 4 p.m., Sands 701.
Daryle Hernandez, Chief, Interagency Security Committee, DHS, Infrastructure Security Division, will provide insights to complement the technology interoperability demonstrations.
Enhancing Security Through UAS Technology, A DHS Perspective. Thurs., March 19, 11:30 a.m., Venetian Ballroom.
What is DHS doing today to prepare for a future of increased visualization and automation? New questions are emerging around capabilities and vulnerabilities. Emerging technologies like AR, Next Gen Sensors, and UAS, provide the Department of Homeland Security (DHS) with tools to become more responsive and adaptive to new threats.
Synectics has secured a multi-site protection contract for a customer whose infrastructure assets are considered critical to national security. Responsible for maintaining an energy network that supplies over 3.9 million homes and businesses, the customer required a centralized system to guard against both physical and cyber threats at five key sites – each recognized as a national asset with corresponding levels of access clearance.
The Synectics solution, driven by its Synergy 3 command and control platform, integrates third-party sensors, analytics, cameras, systems, personnel databases, and edge devices. The resulting level of situational awareness gives the team – based at the customer’s state-of-the-art Alarm Receiving Center (ARC) – complete oversight and control of security, safety, and site-management systems at each facility.
Electrified perimeter-fence systems
As part of the contract, Synectics will also provide a redundant ARC solution for failover scenarios. The core integrations included as part of the project ensure alerts and responses are linked to, and can implement direct control of, door-access systems, intrusion-detection systems, intercom technology, and the electrified perimeter-fence systems deployed at each location.
Synectics will conduct a complete system FAT, which includes all specified third-party software and hardware, at its dedicated UK testing facilities. Given the high-risk, high-security nature of the project, the provider’s ability to system-test at such scale was a crucial factor in the contract being awarded. The five locations to be monitored from the ARC are government-authorized to trigger armed response units to deal with imminent or actual threats.
Command and control system
In addition to meeting technical resiliency specifications, Synectics will be providing cybersecurity consultation
The solution will, therefore, employ customized workflows to support incident (alarm) validation and protocol-compliant responsive action. The solution will also see each site equipped with its localised command and control system for on-site management, with the ability to manually and automatically escalate incidents to the ARC team as required. Cybersecurity was a specific focus of the brief.
In addition to meeting technical resiliency specifications with authentication and encryption solutions, Synectics will be providing ongoing cybersecurity consultation, working in partnership with in-house specialists to ensure the continuous development of protective measures.
Martin Bonfield, UK Sales Manager at Synectics, commented: “The perfect alignment between customer requirements and Synectics’ track record in CNI meant the lead integrator came directly to us with this exciting project. Our credentials and expert team, coupled with Synergy 3’s ability to remotely integrate and interoperate with any third-party system vital to effective operations, meant we ticked multiple boxes."
"We are regarded in the industry as a safe pair of hands with the relevant experience, and an innovator with the forward-focused technology required to meet all aspects of the brief.”
The Office for Students (OfS) is the independent regulator of higher education in England, responsible for ensuring that all undergraduate and postgraduate students, whatever their backgrounds, have a fulfilling experience of higher education which enriches their lives and careers and delivers value for money. They are headquartered in Bristol, United Kingdom with a workforce of around 450 people.
GDPR Data Privacy Management
Higher Education Funding Council for England (HEFCE), Office for Students’ predecessor, became a client of SureCloud back in 2017, implementing the GDPR Data Privacy Management Suite to support and enhance their GDPR program.
As a new organization and a successor of HEFCE, Office for Students has been looking to mature its approach to risk management. The focus of this for the team was initially to improve risk policies and procedures, to develop internal capability, enhance reporting to show transparency and allow challenge, and to identify and manage risks enterprise-wide systematically.
Effective Risk Management approach
Office for Students needed a single, seamless, enterprise-wide solution to manage all aspects of risk management
These improvements established a highly effective risk management approach, but the organization soon hit the ceiling in terms of their process supporting risk systems, with technology being a limiting factor rather than an enabler.
The organization was relying on numerous disparate spreadsheets to assess and monitor different types of risk, these were inconsistent, time-consuming and error-prone. Office for Students needed a single, seamless, enterprise-wide solution to manage and monitor all aspects of risk management.
Data privacy Risk Management solution
Office for Students has been a SureCloud client for cybersecurity services since March 2017 and began deploying SureCloud’s governance, risk and compliance (GRC) solution in July 2017 to assist with their responsibilities under GDPR.
Knowing that SureCloud also offered a comprehensive risk management solution (recognized on Gartner’s IRM Magic Quadrant), which could be tailored to their precise needs, Office for Students opened a conversation with SureCloud about how best to configure their existing SureCloud Data Privacy Risk Management solution to enable enterprise risk management.
SureCloud’s Risk Management solution delivers:
A central view of risk across the organization via a single intuitive dashboard
Risks organized across divisions, legal entities, business functions, and geographies
The ability to provide a central repository for enterprise risk, allow the organization to show the entirety of the risk environment and consider overlaps and interdependences
A range of risk management methodologies to understand the likelihood, impact and overall risk rating
Configurable drillable dashboards and reports to provide a real-time snapshot of risk at any time
Centralized, cloud-based platform
SureCloud’s centralized, cloud-based platform underpins the Risk Management product
SureCloud’s centralized, cloud-based platform underpins the Risk Management product, allowing anyone from across an organization deploying the application to add information at any time, from anywhere.
Office for Students worked with SureCloud to configure the Risk Management application to their precise needs and was ready for rollout ahead of schedule.
Rapid implementation services
“SureCloud got to grips with our requirements incredibly quickly,” said Ben Whitestone, Head of Governance at the Office for Students, adding “As the only independent regulator for higher education in England, we regulate in the interests of hundreds of thousands of students, and we take that responsibility very seriously.”
Ben adds, “Managing the risks we face is an important part of our governance. But with our legacy systems, we were focused more on updating spreadsheets than actually managing risk. SureCloud’s platform is enabling us to take a far more agile approach to risk management, focusing on taking action to mitigate threats and exploit opportunities, with substantial time and cost savings as a result.”
Streamlined, centralized Risk Management
“SureCloud’s Platform has moved us away from using a series of disparate spreadsheets and countless emails for recording risk, with all of the potentials for errors that entails, to a single, centralized source of risk information for every member of staff,” said Whitestone.
He further adds, “It’s dynamic and agile, if we want to get a snapshot of risk for a particular department or function, we can.”
Intuitive, user-friendly platform
We are very pleased with how quickly staff can get to grips with the SureCloud Platform"
“Despite us being at the start of our risk management journey, we are very pleased with how quickly staff can get to grips with the SureCloud Platform, this was a key factor for us” commented Whitestone.
Whitestone adds, “They can more or less log on and go – it’s extremely intuitive and easy-to-use. In turn, this means that it frees up a huge amount of time spent manually inputting or transferring information, which is a great advantage for us.”
Systems and culture working in-sync
“We undertook a great deal of work to evolve our culture of risk management, to one that was far more consistent and proactive.” stated Whitestone
He adds, “With SureCloud’s Risk Management solution in place, we have the systems to underpin that culture, and enable us to take a far more streamlined, agile and accurate approach to help manage risk across the organization.”
Eagle Eye Networks, the provider of cloud video surveillance, announces one of the fastest completions of a large scale, fully integrated citywide surveillance program, installing 13,720 cameras in 4 months.
This project has been a large success for Mexico City C5, contributing to Mexico City's larger ‘Citizen Safety’ mobile application. This mobile application facilitates content sharing for more effective neighborhood watch and a panic SOS button. “Effective citywide surveillance is more than installing cameras in a few key locations, it’s about creating a platform that meets the unique needs of each municipality.”
Unique web application
The cameras are all operational, remotely monitored, and providing safety and security to citizens today
“In partnership with Eagle Eye Networks we leveraged the Eagle Eye Video API and SDK to customize a unique web application that is designed to integrate fixed, mobile body worn, and vehicle cameras into one interface, providing an unprecedented level of insight and awareness into our cities operations, ” said Jaime Abad Valdenebro, CEO, Omnicloud.mx.
4G connectivity with Eagle Eye Networks’ bandwidth optimization was utilized in order to facilitate this quick deployment, installing approximately 250 cameras per day at its peak. The cameras are all operational, remotely monitored, and providing safety and security to citizens today.
Integration of new technologies
This fast-paced install occurred amidst the global supply chain challenges caused by COVID-19, however, Eagle Eye Networks’ strong partnership with both the Reseller, Omnicloud.mx, and suppliers provided alternatives and solutions to keep the project on schedule.
Eagle Eye Networks solution was chosen because the Eagle Eye Cloud Video API Platform provides an open solution that allows integration of new technologies (AI, advanced analytics, search, license plate recognition), new suppliers, and new cameras at any time. Future and cybersecurity proofing the city’s investment and eliminating the headaches associated with managing large premise based data centers was crucial in their decision.
City-Wide surveillance project
Eagle Eye’s cloud video retention and massive on demand scalability make it ideal for large scale deployments"
“When deploying a city-wide surveillance project, scalability, retention, and cellular transmission must be considered. Eagle Eye’s cloud video retention and massive on demand scalability make it ideal for large scale deployments. To operate your own large data center system for video recording is expensive and challenging.”
“With Eagle Eye’s subscription service we provide a more robust and lower cost answer for large scale deployments. Furthermore, our open platform provides a future proof solution, integrating AI, video analytics, and advanced search at the click of a mouse,” said Dean Drako, CEO of Eagle Eye Networks.
“More than half of the world’s population resides in cities, creating an increased demand for smart, accurate insights to help streamline everyday operations including public safety, traffic flow management, infrastructure and transportation. Enormous amounts of data collection, aggregation, and storage are necessary to drive the deep analysis that is required to produce these smart insights.”
“The only way to efficiently manage this data is to aggregate and analyze in the cloud,” said Jeff Kessler, Managing Director of Imperial Capital and Publisher of the Security Industry Annual Report. The Eagle Eye Cloud is a robust, scalable and cost-effective solution, purpose-built to support the data storage and analysis demands that city-wide deployments require.
BlueVoyant, a global expert-driven cybersecurity services company announced that it has been selected by DarkOwl, providers of one of the world’s largest index of DarkNet content, to deliver a tailored and comprehensive Managed Security Service. BlueVoyant will provide its advanced Managed Detection and Response (MDR+) capabilities, including support from its team of skilled intelligence analysts and security experts, to protect endpoints, detect intrusion and defend against the latest and most sophisticated security threats.
Protecting critical assets
DarkOwl enables organizations to safely search a dataset of darknet content. Its Vision API enables its data to be directly integrated into a client’s native platforms, while its DarkINT risk scores simplify risk management based on the organization’s darknet footprint. Monitoring and alerting enable clients to quickly discover breached material appearing on the darknet.
Monitoring and alerting enable clients to quickly discover breached material appearing on the darknet
As an expert in analyzing the cyber threat landscape, DarkOwl was looking for a security solution that goes beyond the current patchwork of point products and is instead modelled directly on the company’s unique data and activities, as Mark Turnage, CEO of DarkOwl, explains, “The threat landscape continues outpacing threat defense and it has become obvious that the existing model for protecting critical assets, end-users and endpoints is flawed."
Customized threat response
Instead of choosing yet another partial solution that can only determine threat and compromise based on triggered rulesets or known patterns of behavior, we chose BlueVoyant’s MDR+ approach to get ahead of the curve. By modeling its service on our data and the output of our activities BlueVoyant is able to detect issues and compromize much earlier.”
BlueVoyant’s Managed Detection and Response (MDR+) provides real-time and customized threat response and remediation - terminating malicious processes, isolating devices, and manually preventing persistence and lateral movement associated with sophisticated attacks. BlueVoyant incorporates client-driven rules of engagement (ROE) enabling immediate, decisive action to stop threats that could cripple a network versus non-critical events where a lower-tiered response may be appropriate.
Comprehensive threat data analytics
The service combines an expert team, comprehensive threat data analytics, and advanced technology solutions to deliver remote endpoint monitoring and protection, threat detection, and incident remediation.
BlueVoyant MDR+ includes:
24/7/365 detection and response support by expert analysts with over 200 years of collective Security Operations and Threat Hunting experience who operate across multiple global locations
Detection and blocking of malware, ransomware, zero-days, non-malware and file-less attacks
Remote endpoint incident investigation and remediation led by BlueVoyant’s security operations specialists.
Support from highly skilled cybersecurity professionals to lift the burden from in-house teams was a key factor in DarkOwl’s decision to select BlueVoyant, as Mark Turnage explains, “Running this program ourselves is not a possibility and would deplete far too many resources from our core business, DarkNet Intelligence. We appreciate BlueVoyant’s ongoing model and execution of selecting and hiring the best-of-breed and most experienced staff.”
Cyber threat landscape
Mark continues, “DarkOwl was looking for best-in-class managed Endpoint Security and Threat/Compromize Detection and Response capabilities and found them in BlueVoyant. We see their services as remarkably robust and industry leading, and it made sense for DarkOwl to go with the best in the business.”
Jim Rosenthal, CEO, BlueVoyant comments, “The fast pace and complex evolution of the cyber threat landscape makes it hard for under-pressure internal teams to stay current with every emerging threat. The unrivalled knowledge and experience of our team, combined with our advanced technology and proprietary datasets, provides deep expertise and oversight that means clients like DarkOwl can be confident that their business is protected.”
Protecting the oil and gas market is key to a thriving economy. The list of security challenges for oil and gas requires the best technology solutions our industry has to offer, from physical barriers to video systems to cybersecurity. We asked this week’s Expert Panel Roundtable: What are the security challenges of the oil and gas market?
We are all more aware than ever of the need for cybersecurity. The Internet of Things is a scary place when you think about all the potential for various cyber-attacks that can disrupt system operation and negatively impact a customer’s business. Because most physical security systems today are IP-based, the two formerly separate disciplines are more intertwined than ever. We asked this week’s Expert Panel Roundtable: How can cybersecurity challenges impact the physical security of a company (and vice versa)?
Cloud systems are among the fastest-growing segments of the physical security industry. The fortunes of integrators can improve when they embrace a recurring monthly revenue (RMR) model, and cloud systems are expanding the services and features manufacturers can provide, from remote diagnostics to simplified system design. But for all the success of cloud systems, there remains confusion in the market about the exact definition of “cloud.” Or does there? We asked this week’s Expert Panel Roundtable: What is “the cloud?” Is there agreement in the market about what the term means?