All

Our fortnightly eConnect newsletters bring the latest industry news, topical content, recruitment opportunities and event information directly to your inbox.

85% of disabled consumers say they haven’t requested additional support from firms 

960 640 Stuart O'Brien

More than three-quarters of disabled consumers have not shared their support needs with businesses and organisations when accessing essential services, according to the latest research from Experian.

Some 85% of disabled consumers and those with support needs said they had not explained to their bank or building society how they could be better supported when interacting with them, a trend repeated with credit card (90%) and pension providers (91%).

For those that have shared their support needs, 70% are satisfied with the extra support they receive – demonstrating that the support can be put in place once organisations are aware of people’s needs.

The findings come as disability experts, campaigners and businesses call for contributions to a new community driven, open-sourced website which aims to improve accessibility for people when dealing with businesses and other organisations.

The Support List (www.WhatWeNeed.Support) has been created in recognition of the challenges faced by those with additional support needs. It has been driven by leading disability and accessibility specialists, Dan Holloway and Chris Fitch, and informed by the lived experiences of more than 1,400 disabled people and those with additional support needs.

Those behind the project, including main sponsor Experian and other firms including Lloyds Banking Group, NewDay, HSBC, Co-Operative Bank and Tesco Bank, are hoping members of the disabled community will share their experiences to allow the List to expand its guidance, allowing it to incorporate a wider range of support needs over time.

The list is intended to be a publicly available starting point to promote dialogue between disabled people and those with additional support needs, and businesses looking to support the needs of their customers in delivering products and services.

It is a broad list, initially focusing on the areas of sight, hearing, and mental health and dementia, and outlines consumer preferences in the following categories:

  • Telephone communications
  • Written communications and in-person meetings
  • Communication preferences
  • Other support needs

The list will expand over time to cover more disabilities, vulnerabilities, and circumstances, informed by the lived experiences of contributors, and then tested by organisations to see how readily they can be put in place.

The ambition is that the Support List will be used to develop standardised approaches and responses to those with disabilities and support needs, which can be used across multiple industries and sectors, to benefit people with support needs anywhere in the UK. It will be iterated over time based on feedback from consumers and industry.

Dan Holloway, Co-convenor of the Futures Thinking Network at The Oxford Research Centre for the Humanities, said: “As disabled people we are used to having to repeat often highly personal, information to every organisation disabled people deal with, just to be able to access services others take for granted. We hope that this project will help break the cycle of exhaustion and trauma that has such a disastrous impact on our lives.”

Chris Fitch, Consumer Vulnerability Lead at the Money Advice Trust, and Research Fellow at the University of Bristol, said: “Firms have a legal, regulatory, and business imperative to make changes that allow disabled and vulnerable consumers to access and use their products and services.  Support List connects firms with people – so firms can understand the changes people need, and disabled and vulnerable people can change the way firms understand their needs.”

Paul Speirs, Managing Director, Digital Consumer Information, Experian UK&I, said: “I am proud that Experian has played a role in supporting the creation of the Support List resource over the past year. We hope the website will act as a catalyst for knocking down barriers that are faced by disabled and vulnerable people every day.”

Kathryn Townsend, Government Disability & Access Ambassador (Banking Sector), said: “Companies that provide services on an on-going basis, such as finance, energy and telecommunications, have a unique opportunity to deliver personal, accessible experiences for their customers – and yet many disabled people still face barriers.

“The financial services industry has been leading the way on accessibility, but there is more that can be done across all sectors. The Support List provides a welcome resource which puts disabled people’s voices at the heart of the solution, and will hopefully help address some of the challenges that companies cite.”

Safe standing returns to top flight English football

960 640 Stuart O'Brien

The Government has confirmed that Premier League and Championship clubs wishing to introduce licensed ‘safe standing’ areas at football stadiums will be allowed to do so from the start of the forthcoming 2022/23 season.

Brentford, Queens Park Rangers and Wolverhampton Wanderers will be the first clubs to join ‘early adopters’ Cardiff City, Chelsea, Manchester City, Manchester United and Tottenham Hotspur in offering licensed standing in designated seated areas for home and away fans.

Other clubs are expected to adopt licensed standing areas during the course of the football season.

The iconic Wembley Stadium will also offer a small licensed standing area for fans at forthcoming domestic matches later this season.

The stadiums have been selected following an application process, open to all grounds covered by the all-seater policy, led by the Sports Grounds Safety Authority (SGSA).

Strict conditions have been met, including enhanced use of CCTV, improved steward training and fans being strictly limited to ‘one person, one space’. Clubs have also engaged with fans as part of their application process.

A final report on last season’s Government-commissioned trial at the early adopter clubs has concluded that the installation of barriers or rails in areas of persistent standing in seated areas has delivered a positive impact on spectator safety and improved fans’ match day experience in both home and away sections. The report recommends that clubs should be given the opportunity to implement licensed standing areas as soon as possible.

An interim report into the trial, published by the Sports Grounds Safety Authority (SGSA) in April, found that:

  • Goal celebrations being more orderly with no opportunity for forwards and backwards movement of fans, reducing the risk of fans falling on those around them;
  • Barriers offering stability for people moving up and down aisles and gangways;
  • Latecomers being able to access their seats in the middle of rows more quickly, as others are already standing and have barriers to lean against to allow them to pass;
  • Pockets of overcrowding being easier to identify to security officials, as fans are lined up more clearly

The final report concludes:

  • The exit of fans from the stadia is more uniform because the barriers limit spectators’ ability to climb over seats to exit more quickly;
  • Spectators are lined up more clearly and therefore any risk of overcrowding can be identified, particularly using CCTV;
  • Stewards can be put in more locations without risking impacting sight lines;
  • There is no evidence to date that the introduction of licensed standing areas has led to an increase in standing elsewhere in stadia

The announcement was made by Sports Minister Nigel Huddleston at Tottenham Hotspur’s White Hart Lane stadium, after he joined fans in the club’s 10,000-strong safe standing area to watch the North London club win 1-0 against Burnley on 15 May.

Cardiff City, Chelsea, Manchester City, Manchester United and Tottenham Hotspur took part in the early adopter programme during the second half of the 2021/2022 season. A 2-2 draw on 2 January between Chelsea and Liverpool at Stamford Bridge kicked off the test events.

Under licensed standing, fans are allowed to stand for matches in allocated spaces behind a barrier or a rail in areas of persistent standing. Each supporter has to occupy the same area they would take if they were sitting, with a traceable, numbered ticket.

Seats cannot be locked in the up or down position, so fans can can sit if they wish to, and the standing areas cannot affect the views of other fans. Other parts of the grounds remain all-seated and fans are expected to sit in these areas.

Standing areas are already commonplace in Germany’s Bundesliga and there are similar examples across the rest of Europe, the United States and Australia.

DOWNLOAD: Cloud physical security now a critical link in digital transformation agenda

960 640 Stuart O'Brien

A new practical guide has been published by Security-as-a-Service specialist Morphean to help security businesses understand and adopt the digitalised world of physical security.

It argues that cloud physical security is now playing a critical role in the digital transformation agenda, as AI-driven analytics help unlock superior security and intelligence benefits while helping to mitigate the rising cost base being felt by many security businesses across Europe.

Digitalisation has ushered in a new era of hosted security platforms that are disrupting the industry. With the cloud providing the critical infrastructure, exciting new technologies and systems are emerging that enable the sharing of powerful data-driven insights from surveillance data. These benefits relate not only to improved security, but also to operational intelligence to drive efficiencies and profitability for end users. It will increasingly be those security professionals who can combine a physical securityskillset with knowledge of the cloud, networks and systems, that will reap future rewards.

However, as the cost-of-living crisis deepens with energy and fuel prices running at their highest rates in decades, the guide reasons that cloud, AI and analytics have multiple economic benefits for partners. Switching to the cloud not only represents more predictable budgeting and recurring revenue for the partner business, but also leads to cost savings by making better use of people and internal resources, while helping them to gain a competitive edge as customer requirements rapidly evolve.

Cloud physical security, charged per device per month, offers the partner a route to more sustainable revenue growth and contracts to be leveraged by upselling more features. In addition, with cloud, a highly skilled technical engineer can set up systems remotely, not only saving money on fuel but completing several customer jobs in the time that it would take to set up just one system at a customer site. Selling and deploying faster and more efficiently represents a better return on the individual’s salary investment.

Key areas covered in the guide include:

  • Cloud physical security: A new digital dawn for CCTV
  • The business case: Reduce costs and streamline operations
  • Analytics and data-driven decisions: Improve security and business performance
  • Employing sustainable practices: Achieve green targets
  • Improving cybersecurity knowledge: Protect networks and systems
  • Trusted partnerships: Build relationships that lead to long-term success

Martyn Ryder, VP Sales and Marketing at Morphean, explained: “Such is the nature and complexity of the modern threat landscape that companies are increasingly turning to external partners to strengthen their security posture. To remain competitive physical security specialists need to arm themselves with knowledge of network connectivity, AI and the power of analytics to help them position cloud physical security technology as more than just business security, but also business intelligence. In so doing, the partner can also access many potential cost-saving benefits to future-proof their business.”

The guide also explores the importance of establishing trusted partnerships to work more collaboratively, in order to minimise system vulnerabilities and to mitigate cyber security risk. Learning to recognise the cyber risks will help security professionals and their customers ensure the most appropriate security protocols are in place for maximum protection of networks and systems.

From CCTV to Fire Safety: We’ve got you covered at the Total Security Summit

960 640 Stuart O'Brien

Have you claimed your complimentary pass for October’s Total Security Summit in Manchester? This bespoke event event has everything you need to execute the perfect physical and IT security strategy for your organisation.

10th & 11th October – Radisson Blu Hotel Manchester Airport

Your pass is entirely complimentary and includes; a corporate “speed-dating” itinerary, an overnight stay at the venue, an evening drinks reception, networking dinner with entertainment, as well as all meals and refreshments throughout – all free of charge.

You can also enjoy a seat at our series of insightful seminar sessions, hosted by industry thought-leaders.

Confirm your free place here or contact me via the below details for more information.

Functional safety market to reach $8.9bn by 2030

960 640 Stuart O'Brien

According to the recent study published by P&S Intelligence, the functional safety market accounted for $4,839.2 million revenue in 2021, which is set to reach $8,990.6 million by 2030, growing at a 7.1% CAGR between 2021 and 2030.

The report categorises the functional safety concept is applicable to a variety of businesses where modern technology in safety-related systems is vital. It ensures that the systems provide the necessary risk reduction to ensure equipment and worker protection.

Key Findings:-

  • The APAC market revenue will be over $2,000 million in 2030, which is also expected to advance at the highest rate in the coming years. With the growth of the strictly regulated industries, such as oil and gas and electricity, the demand for functional safety is surging in developing countries, mainly in China and India.
  • Because of its extraordinarily high rate of industrial output, China has a share of over 30% in the regional market. Such factors act as catalysts for the automation sector in the country. Funding is being planned to ensure growth and quality, as well as to address environmental issues and reduce overcapacity.
  • From 2021 to 2030, the automotive and transportation sector is expected to develop at the highest rate, of more than 7.5%, in the market. Numerous technical advancements in automobiles have been made in recent years, particularly in terms of safety.
  • By SIL type, systems compatible with SIL3 have the biggest share of the functional safety market, and this category will also expand at the quickest rate in the coming years. Most industrial enterprises can afford systems based on this level of safety compliance.
  • During 2021–2030, safety sensor demand is expected to expand at a CAGR of more than 7.5%. Machine safety, people security, body part protection, high-risk zone safety, and perimeter monitoring are all areas where safety sensors are employed.

Modern technologies, including AI, ML, and IIoT, are both reflections of scientific progress and enablers of further scientific progress. Such technical capabilities might provide the much-needed benefits that surpass the advantages of the manual mode, as well as a new route for the adoption of solutions based on such technologies.

IIoT is enabling safety and compliance services by facilitating analysis, monitoring, and control, as well as the practical management of physical processes, all of which aid in enhancing system performance.

Global physical security market to hit $195.6bn by 2030

960 640 Stuart O'Brien

Market Research Future (MRFR) asserts that global demand for physical security is poised to reach $195.6bn by 2030, equivalent to a 6.7% CAGR throughout the forecast period (2021–2030).

The reports points out that the physical security market’s competitive landscape is ‘enormous and tense’, with new competitors quickly entering the market and existing players making massive investments.

With the expansion of Internet-based services and technological progress, the market picture for physical security has shifted, however. Utilising physical security systems and solutions to regulate, monitor, and test any potential threats, attacks, environmental disasters, etc. is a trend in the physical security business and one that the report says will drive growth.

The usage of locks and keys with password-protected setups, alarms, sirens, etc., to combat an emergency attack are examples of such technological improvements. Technologies like facial recognition, iris recognition, etc., mean the physical security market is expected to undergo a boom with the entrance of new technological systems.

The Systems subsegment is predicted to account for the greatest market share throughout the forecast period. The growth is mostly attributable to an increase in the residential sector’s adoption of video surveillance equipment.

The Government sector is anticipated to drive the market over the period under review. Governments across the globe are concentrating on securing offices and public spaces using CCTV surveillance. The number of government security breaches has boosted the global demand for physical security solutions. Developed nations in particular are in search of authentication control alternatives that contribute to the improvement of their national security.

The report segments the global market for physical security into four regions, with each contributing considerably to the industry in terms of its capabilities and population requirements. However, North American area has the largest physical security market share, as it is where the primary development drivers for the physical security industry are generated, and the public appears to be fairly interested in market advancements about new goods.

The majority of acoustic insulation market revenue is anticipated to come from countries such as the United States and Canada, which are experiencing an increase in demand for high-tech security solutions in government and private organizations, public places such as shopping malls, restaurants, and movie theaters, etc., as a result of rising terrorist threats.

Due to the rapid evolution of technology, physical security trends in Europe have increased the demand for physical security systems and solutions, contributing to the region’s constant expansion. Due to rapid technological advancement and rising public safety expenditures in these nations, the Asia-Pacific area is identified as one of the key regions that has the potential to be the future market leader.

The true value of firewall controls

960 640 Stuart O'Brien

By Eleanor Barlow, Content Manager, SecurityHQ

Network environments have become so complex that a single misstep on a critical firewall can take the entire network offline and expose your business to cyber-attacks. Improperly managed firewalls create some of the greatest business risks in any organization. Often, the risks are things you don’t find out about until it’s too late.

One unique element about firewall-related risks is that they do not require sophisticated hacking skills to be exposed. Simple misconfiguration errors and oversights in the process of managing your firewalls can cause problems like opening the network perimeter to security exploits and creating business continuity issues. Add network complexity into the mix, combined with all the other duties you and your team are responsible for, it becomes clear that firewall management is a business challenge that needs to be addressed properly.

The Solution to Mitigate Against These Threats

Next Generation Firewalls provide additional value as supplementary security features such as IPS, Antivirus, VPN are part of the package. Which is why it is crucial to know what to do with these features, to safeguard data/people/processes, and to save and optimise valuable time and resources.

Know which Next Gen Firewall Controls elevate security posture and are worth the investment.

Next Generation Firewalls (NGFWs) are the latest in digital protection, helping to merge the best parts of traditional and more modern technology. NGFWs are an essential part of a broader cyber security strategy, they serve as a first line of defence to external threats, malware, and hackers trying to gain access to your data and systems.

In addition to the standard perimeter/external firewall, many companies are starting to install internal firewalls to provide an additional layer of protection, but what is worth the investment?

For more information, download this white paper on ‘Next Gen Firewall Controls. What’s Really Worth the Investment?’ to know more about the challenges and benefits of Intrusion and Prevention and Detection Systems (IPS/IDS), Geo Location Tagging, URL Content Filtering, Deep Packet Inspection, Sandboxing, and Identity Awareness.

Or, to watch experts explore the Firewall Process, view ‘Best Practice for Firewall Controls & Management

Do you specialise in Transit Security, Screening & Scanning? We want to hear from you!

960 640 Stuart O'Brien

Each month on Security Briefing we’re shining the spotlight on a different part of the security market – and in July we’ll be focussing on Transit Security, Screening & Scanning.

It’s all part of our ‘Recommended’ editorial feature, designed to help security buyers find the best products and services available today.

So, if you’re a supplier of Transit Security, Screening & Scanning and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Clair Wyld on c.wyld@forumevents.co.uk.

Here’s our full features list:

Jul – Transit, Screening & Scanning

Aug – Biometrics Sep – IP/IT Security

Oct – CCTV

Nov – Loss Prevention Solutions

Dec – Drones

How the MITRE ATT&CK Framework has revolutionised cyber security

960 640 Guest Blog

Authors: Zee SayiEleanor Barlow, Aaron Hambleton, Deodatta Wandhekar, SecurityHQ

The MITRE ATT&CK framework is, in essence, a knowledge base of adversary tactics, techniques, and procedures (TTPs). These TTP’s are based on real-world observations, used by various threat actors, that have been made globally accessible to be used as the foundation for threat models and methodologies.

According to the MITRE website, the framework has a ‘mission to solve problems for a safer world, by bringing communities together to develop more effective security.’

It is important to highlight how innovative this framework is. It has shifted the balance with regards to cyber warfare and created a means of allowing security teams in all sectors, from anywhere around the world, to see the different stages of adversarial attack, and help raise awareness of the mechanisms which can be used by attackers to launch attacks.

Since the framework offers a more focused approach by listing the TTP’s throughout the kill chain lifecycle, this has allowed security teams to formulate a more targeted response. This, in turn, means that teams are working more collaboratively, to ensure that the security posture is as it should be. For instance, with this intel, teams can perform Penetration Testing exercises, consisting of Red, Blue and Purple Teams, to strengthen security by exposing weaknesses. These kinds of exercises help security teams protect their companies the right way, so that they are alert and resilient in ensuring no stone is unturned.

An example of the MITRE ATT&CK Framework being used in real life is shown below, where Aaron Hambleton, Security Monitoring & Incident Response Lead for SecurityHQ, used the MITRE ATT&CK navigator during a real world investigation to identify and track the most recent TTPs known to be used by APT34. For more on Advanced Persistent Threats, view this white paper.

How SecurityHQ Uses the MITRE Framework

According to Deodatta Wandhekar, Manager of Global SOC at SecurityHQ, ‘Traditionally, our SecurityOperation Centres (SOCs) work on alert investigations, which are typically one-to-one, derived from different security tools, and are mapped against MITRE. To truly leverage the MITRE Framework, we must constantly add custom anomaly-based use cases, which are then tagged and aligned with MITRE Tactics and Techniques, to improve the overall detection coverage. From the client’s perspective, the MITRE framework is used to demonstrate the detection coverage. This helps identify the security gaps and work on the necessary areas to initiate discussions to onboard a security technology to cover the gaps for better detection.’

The below graph highlights the coverage of different use cases which are currently active at SecurityHQ. This is a constantly evolving graph.

At SecurityHQ, we have further leveraged the MITRE Framework in a way to depict the true impact of a real security incident.

The below Snapshot shows a real-world security breach ticket, which demonstrates actual mapping of the different MITRE techniques seen over a given timeline. This provides the clients, and our IR leads, with a very powerful picture of the security incident.

The snapshot shows the collection of all related incidents and individual alerts. These may go as separate alerts, but essentially are artefacts from the same adversary, which are then grouped to provide a summarised timeline, with a view of attack events. This shows events that may have happened before the trigger point, or even after the trigger point.

How the Repository of Knowledge Can Benefit Business

Since its official release in May 2015, the MITRE ATT&CK framework has been talked about a lot in all industries. However, its use is often still underestimated, and many security teams are still playing catch up in updating their defences.

The framework offers an opportunity to stay current and informed on the latest tactics used by adversaries during cyber-attacks. The MITRE ATT&CK framework is industry agnostic, and the matrix contains information for the following platforms: Windows, macOS, Linux, PRE, Azure AD, Office 365, Google Workspace, SaaS, IaaS, Network and Containers.

We are living in the age of digital transformation, and it has never been more important to have cyber vigilance. Threats are lurking round every corner; the perimeter now extends beyond infrastructure to the user. Emphasising the importance on cyber vigilance.

Other Models and How to Use Them

There are other frameworks and models still in use today, such as the cyber kill chain, created by Lockheed Martin to help organisations trace the stages of a cyber-attack, starting with reconnaissance, and travelling all the way though to final actions, via weaponization, delivery, exploitation, installation, command, and control and actions on objective.

Another model commonly used is the Diamond Model, for intrusion analysis. This model covers four elements, including Adversary, Capability, Infrastructure and Victim, to portray every incident as a diamond, with each element linked.

However, the MITRE ATT&CK framework is the most widely adopted in the industry and used by industry experts, such as SentinelOne, across the globe. What’s more, it is free, and provides businesses with a fantastic source of information to strengthen their security posture.

Strong leaders don’t have strong passwords

960 640 Guest Blog

By Steven Hope (pictured), CEO of Authlogics

Many business leaders have had a rough ride over the past two years. However, the corporate world can be an unforgiving environment, global pandemic or not.

We live and work in an increasingly litigious world and any indication of wrongdoing or malpractice (intentional or otherwise), runs the risk of costly and consuming legal action. Such action isn’t restricted to the aggrieved or the opportunist but regulators wanting to show they have the bite to match their bark.

The end of May 2022 marks four years since GDPR was enshrined in law and although the UK is no longer part of the EU, it still has the UK GDPR. With so much publicity, years before and after GDPR coming into force, it is reasonable to suspect that there are few board meetings taking place that do not raise issues of data protection, compliance, privacy, and security on their agendas.

Looking at the picture painted by official statistics published in March, by the UK government’s Department for Digital, Culture, Media & Sport in its Cyber Security Breaches Survey 2022, it would at first glance appear that issues of cyber security are being taken seriously at board level.

The report states that approximately four in five (82%) of boards or senior management within UK businesses rate cyber security as a ‘very high’ or ‘fairly high’ priority. What’s more a growing number of businesses (although still only 34%) have cyber security as part of their job. More good news is that 50% of businesses are updating the board on cyber security matters at least quarterly, with this rising to 80% for larger organisations.

However, the finding of a new survey conducted by NordPass has been making waves by suggesting C-level executives may not be taking matters as seriously when it comes to their own conduct. The research reveals that the top passwords being used are 123456, password, and 123456789, as well as a range of names, animals and mythical creatures. The same type of ‘simple’ passwords that many people use in their day-to-day life.

Now, I would not suggest that strong leadership requires strong passwords, as I have long argued that strong passwords are simply more complicated to remember than they are to hack; what is making it ‘strong’ exactly? We should not be too surprised, after all executives are just people prone to the same behaviours as everyone else, naturally gravitating to convenience in their live to work lifestyles.  However, it also appears to be the case that business leaders are aware of their own shortcomings when it comes to password best practice, with Pulse and Hitatchi ID revealing that 94% of leaders are aware of the need for password training.

The Information Commissioners Office (ICO) is charged with policing the UK GDPR and it has made it crystal clear from day one that it requires organisations to not only be accountable, by being not only responsible for compliance, but they must also be able to demonstrate it. It would be extremely hard for a director (it is they who will ultimately carry the can) to swear under oath that 123456 is a satisfactory password, especially to safeguard the type of information that a C-level executive would typically have access to. Furthermore, there is also the acknowledgement that a leader within an organisation is an obvious target.

The good news is that fixing the password problem from the board to the bottom, to establish and maintain demonstrable compliance, does not require a difficult knock on the door of the boss. The first step is to understand the current susceptibility of your organisation and that begins with a password breach audit. It is a free service that within minutes will determine which accounts (active and dormant) within the domain have been breached. Do this and you are on course to demonstrating a process for compliance adherence. Armed with these insights immediate remedial company-wide action can be taken to close any breaches, using Password SecurityManagement (PSM). These systems ensure every password adheres to best practice as dictated by NIST 800-638 (National Institute of Standards and Technology) a US government agency that is widely regarded as the trusted authority on password policy, and that they stay that way.

The latest DBIR (Data Breach Investigations Report) published in May by Verizon, suggests that82% of data breaches involve a human element. This echoes other findings that 80% of breaches are caused by weak, stolen, or reused passwords. So, the exposure and risk of having anyone within an organisation, let alone its leaders, creating an easily exploitable vulnerability is high. The penalty, whether in the form of the eye-watering fines the ICO has at its disposal, or the financial and reputational harm it can do to the profitability and reputation of the business can be hugely damaging.  If you think multifactor authentication (MFA) will say the day, think again. Despite the increased adoption of MFA, so too has the number of passwords being used- along with the number of password-based attacks.

Business has been tough enough, why make it any tougher than it needs to be, by exposing the company to such unnecessary risk?