All

Our fortnightly eConnect newsletters bring the latest industry news, topical content, recruitment opportunities and event information directly to your inbox.

Zero Trust ‘now the norm’ for global business

960 640 Stuart O'Brien

Zero Trust (ZT) has become the default cybersecurity strategy for global business: In 2021, fewer than one in four of the organisations surveyed had a ZT strategy in place, but by 2023, this number has grown to 61%. In addition, a further 28% plan to implement Zero Trust within the next year and a half.

That’s according to the 2023 State of Zero Trust Report released by Okta. For the first time since the firm started issuing the State of Zero Trust Report in 2019, the number of organisations that already have a defined Zero Trust strategy in place, far exceeds those still in planning stages (or without such a strategy).

In partnership with Qualtrics, in April 2023, Okta conducted a global study including 860 information security decision makers from North America (US, Canada); EMEA (Denmark, Finland, France, Germany, Ireland, Netherlands, Norway, Sweden, UK); and APJ (Japan, Australia).

“We now live in a Zero Trust world,” said Stephen McDermid, EMEA CSO for Okta. “The global figures suggest that within 18 months, nine in every 10 businesses will ‘be ZT’. And businesses are putting their cybersecurity money where their Zero Trust mouth is. Despite widespread cost-cutting, 60% of organisations have seen an increase of up to 24% in their ZT budgets since last year.”

The report suggests that leaders recognise the primary importance of Zero Trust in enabling today’s digital business. The research shows 93% of the global C-Suite now believe that Identity is important to their business strategy.

The report demonstrates that, despite growing knowledge of the low assurance value, passwords remain the standard for authentication – and are in use at more than half (55%) of our respondent’s organisations, across all regions.

Security questions were the second most commonly used practice, with just 19% (less than 1 in 5) of businesses) using high-assurance factors like platform-based authenticators and biometrics.

“In a world where businesses must never trust and always verify, the method of verification is critical,” continued McDermid. “The uncomfortable truth behind recent attacks is that verification based on passwords and simple questions is not enough. Social engineering has evolved dramatically and as such, so should the front line of identity verification. In practice, this will mean passwordless technologies.”

As an insight into the drivers behind this need to address social engineering, respondents to the research cited “People” as the biggest security concern for businesses with “Network” and “Data” coming in a distant second and third, respectively. While the user has always been rated a top priority, this year it’s an unusual outlier, reflecting an increasing understanding of the critical function of identity, in Zero Trust security initiatives.

In the face of this perception that the user remains the weakest link, more than two in three companies either say security is the unquestioned top priority or that their current priority balance is three-quarters security, one-quarter usability.

However, the research also reveals that holes still remain. Only 1 in 5 (20%) of respondents have automated provisioning/deprovisioning for external users such as partners and contractors. This suggests that companies remain especially vulnerable to attacks from within the supply chain.

McDermid added: “Companies have long since recognised that either through malice or simple poor practice, their people represent the single biggest security threat, but these figures suggest that businesses may have been too narrow in the definition of ‘their people’.  Suppliers and partners are – from a security perspective – just as risky as an employee. But there seems to be a lag in addressing this.”

Within this incredibly active global market, there are some clear leaders when it comes to embracing ZT. Companies in financial services and software are more likely to have an initiative in place today (at 71% and 68%, respectively).

58% of public sector organisations have a ZT strategy, with almost another third planning to implement one in the next 12 months.

“It is easy to see the impact of regulation on these figures,” concluded McDermid. “Some industries will face tighter demands that necessitate Zero Trust and drive the market in the short term. We welcome this catalyst for innovation and look forward to seeing what early adopters can show the wider industry.

“The past two years have seen a huge jump in the number of businesses that say identity is a critical part of their Zero Trust strategy.  Now that Zero Trust is set to define how business is done, it follows that getting identity right will be a major factor in making that business easier, faster, and better.”

Photo by Towfiqu barbhuiya on Unsplash

CCTV MONTH: Answering the rise in security threats with better communication and surveillance

960 640 Guest Blog

Police recorded crime in England and Wales in the year ending December 2022 exceeded pre-coronavirus pandemic levels. The number of professional security guards in the UK is on the decline, and it is widely known that the sector is having a challenging time recruiting for a shortage of staff. Additionally, people employed within the professional security sector are faced with numerous barriers to entry into the profession – and in some cases have to carry out their own training and apply for their own licenses to work in this space.

Added to this is the fact that many receive physical and verbal abuse on a daily basis. While one might be inclined to think that this is to be expected and acceptable for this kind of job, it raises questions of employers around what they can do to make these kinds of jobs safer and more appealing to current and potential employees. While offering training goes a long way to providing people with the skills they need to carry out their jobs – it doesn’t’ stop there.

Firms must consider their approach to communication and surveillance. While this might seem like a given, and obvious to many, a key question is whether the technology that teams are using is really fit for today’s purpose? Have firms provided teams with the right tools to do their jobs and feel safe as they carry out their duties? Chris Potts, ANT Telecom explains…

The state of play across the industry

In August 2012 there were 88,915 active security guard licences on the market, says research from Gov.uk and the Security Industry Authority. Since then, in recent years, it steadily declined to between approximately 62,000 – 71,000. As expected, over the pandemic, 2020 and 2021, this figure was at its lowest – 61,630 and 62,901, respectively, with 2022 sitting at 64,226 licences. While this figure points out the decline in licenses, which staff generally have to attain themselves, it illustrates the decline in the number of people actively working in the industry. Despite this decrease, the British Security Industry Association (BSIA) says the UK’s private security industry must recruit, train and licence over 62,000 officers over the next 12 months – to keep up with the growing demand for its services, and to keep the public safe.

The retail sector is feeling the pressure too. Figures from the British Retail Consortium’s (BRC) crime survey reveal that incidents rose from a pre-Covid high of over 450 per day in 2019/20 to over 850 per day in 2021/22. These include physical assault, threats with weapons, racial and sexual abuse. Further, the total cost of retail crime stood at £1.76 billion during 2021/22, with £953 lost to customer theft; and over 8 million incidents occurred during that year. Alongside this, the BRC points out that retailers spent approximately £715 million on crime prevention in 2021/22. Naturally, for retailers and supermarkets this is a major issue. Crime erodes profit and it distresses staff who are on the wrong end of customer abuse and crime.

Anti-social behaviour and violence at football stadiums is rising too. Figures from Gov.uk explain that in the 2021 and 2022 football season, there were 2,198 football-related arrests. However, arrests in the 2022/23 season were approximately 59% higher than those during the 2018/19 football season (pre-Covid); and comparable with levels seen in 2011/12, 2012/13 and 2014/15 seasons. Common offences included public and violent disorder. Typically, any violence and criminal behaviour witnessed and experienced at events, especially football matches, puts a majority of people off attending – especially parents who want to bring children to a match. These types issues need to be contained, and those responsible banned, as no one wants to see a return of the hooliganism witnessed in the 70s.

A joined up approach to solving the problem

Security teams can use many approaches to prevent and manage incidents. Deterrence, catching people in the act, and evidence collection are key. But without the right collaborative approach and communication technologies, teams will not be as effective as they could be.

In retail, this might translate to increasing the security guard presence in stores to help put off criminal behaviour. It could involve enabling cashiers and floor staff to communicate with security guards when they spot disruptive or criminal behavior – or, equipping some staff with body-worn cameras, as this allows for evidence collection to take place if/when CCTV footage doesn’t reach a particular area of a store or fails. Similarly, at sporting events, CCTV, body worn cameras and communication technologies can enable security teams to collaborate effectively to spot wrong doing in crowds and co-ordinate an appropriate response.

Communication technology’s role

At the heart of all of these joined-up approaches lies a strong need for technology to enable effective communication. Gone are the days when security guards are armed just with a torch, hard boots and walkie-talkie radio.  To protect stores, employees need the correct tools to communicate. This will enable them to work together effectively to not only prevent incidents scaling, but to catch perpetrators in the act, in a collaborative effort.

However, what is the best technology?  Smartphones prove impractical in emergency situations as the time taken to make calls and wait for colleagues to respond is too long.

Alternatively, PoC (Push-to-Talk over Cellular) offers a more reliable solution. Retail staff can instantly communicate on an open channel and effortlessly report any misconduct or known offenders who have entered the store, thereby supporting the security teams.

Similar to smartphones, PoC operates on 3G, 4G, 5G, and WiFi, eliminating the need for significant investments in central infrastructure and allowing for quick deployment. In addition to emergency incidents, shop assistants can readily report other issues that require attention, such as spills in aisles, flooding in toilets, or improperly stacked shelves to help improve customer experience.

Moreover, there are a wide range of devices available, some of which come equipped with dual functionality, combining features like Push to Talk and Body Worn Cameras in a single device. This eliminates the necessity for security teams to carry multiple devices, resulting in significant cost and energy savings. With only one device to charge, maintain, and dispose of at the end of its lifespan, the overall efficiency and convenience is greatly enhanced.

Conclusion

Today, the sector grappling with a shortage of staff. Yet, crime and antisocial behaviour is on the rise. In many cases teams are also not always making use of modern technology and approaches towards managing security operations and reducing anti-social behaviour.

The use of CCTV, coupled with modern communication technology, and a more effective joined up approach to security provides the industry, retailers and events organisers an answer to managing this problem for both their employees and the public at large.

CCTV MONTH: The evolution of CCTV in commercial security – A decade of transformation

960 640 Stuart O'Brien

Closed-Circuit Television (CCTV) has long been a cornerstone of commercial security. Over the past decade, however, the capabilities and functions of CCTV systems have evolved tremendously, driven by technological advancements and the changing needs of businesses. Let’s dive into the key developments that have shaped the world of commercial CCTV in the past ten years, as relayed by delegates and suppliers at the Total Security Summit…

  1. High-Definition Video Quality: Early CCTV systems often produced grainy and low-resolution footage, limiting their effectiveness. The last decade has seen a shift to HD and even 4K video quality. This has drastically improved the clarity of surveillance footage, allowing for better identification of individuals, license plates, and other critical details.
  2. Smart Analytics: The integration of artificial intelligence (AI) and machine learning has transformed passive CCTV cameras into proactive security tools. Modern systems can detect unusual movements, count people, recognise license plates, and even identify left-behind or removed objects. By alerting security personnel in real-time, these intelligent analytics enhance responsiveness to potential threats.
  3. Remote Monitoring: With the proliferation of cloud technology, CCTV footage can now be accessed and monitored remotely. Whether through dedicated applications or web portals, security managers can view live streams or archived footage from anywhere, ensuring constant surveillance and immediate response to incidents.
  4. Integration with Other Systems: Modern CCTV solutions often seamlessly integrate with other security systems, such as access control, alarm systems, and perimeter detection. This interconnectedness ensures a more comprehensive and cohesive security approach, where one system’s trigger can activate another – for instance, a breach in a perimeter might automatically redirect camera focus to the affected area.
  5. Enhanced Night Vision: Advancements in infrared technology and low-light cameras have significantly improved CCTV functionality in the dark. Today’s systems provide clear footage even in minimal light conditions, ensuring round-the-clock surveillance efficacy.
  6. Wireless Capabilities: While wired CCTV cameras still dominate many commercial settings, the rise of wireless cameras has added flexibility and reduced installation complexities. These cameras, often powered by batteries and connected via Wi-Fi, can be placed in locations where wiring might be challenging.
  7. Data Protection Features: With the growing emphasis on data protection regulations, such as the EU’s General Data Protection Regulation (GDPR), CCTV systems have incorporated features to ensure privacy. This includes data encryption, masking or blurring certain zones, and secure storage and transmission protocols.
  8. Cost-Effective Solutions: As technology has become more accessible and manufacturing processes more efficient, high-quality CCTV solutions are now more affordable for businesses of all sizes. This democratisation has expanded the adoption of advanced CCTV systems beyond large corporations to small and medium-sized enterprises.

The past decade has been pivotal for the world of commercial CCTV. No longer just passive recording devices, modern CCTV systems are dynamic, intelligent, and integral to a comprehensive security strategy. As technology continues to advance, one can only anticipate further innovations that will redefine the realm of commercial surveillance.

Are you researching CCTV solutions for your business? The Total Security Summit can help!

Photo by Joe Gadd on Unsplash

Do you specialise in Loss Prevention Solutions? We want to hear from you!

960 640 Stuart O'Brien

Each month on Security Briefing we’re shining the spotlight on a different part of the security market – and in November we’ll be focussing on Loss Prevention Solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help security buyers find the best products and services available today.

So, if you’re a supplier of Loss Prevention Solutions solutions and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Macy Townsend on m.townsend@forumevents.co.uk.

Here’s our full features list:

Nov – Loss Prevention Solutions
Dec – Drones
Jan 24 – Access Control
Feb 24 – Business Continuity & Risk Management
Mar 24 – Fire Solutions
Apr 24 – Lone Worker Security
May 24 – Perimeter
Jun 24 – SIA Security Training
Jul 24 – Transit, Screening & Scanning
Aug Aug 24 – Biometrics
Sep 24 – IP/IT Security
Oct 24 – CCTV

Photo by charlesdeluvio on Unsplash

Luciditi’s Proof of Age Standards Scheme (PASS) begins live testing

960 640 Stuart O'Brien

Luciditi’s Age Proof accredited Proof of Age Standards Scheme (PASS) digital card is entering its live testing phase, potentially helping to reduce the threat of retailers facing prosecution by accepting fake ID cards at the point of purchase.

Prior to the official launch of Age Proof, Luciditi is inviting one thousand 16-25 year olds to receive a free digital card in return for their feedback. The company is also working with Serve Legal to roll-out a testing programme on products such as vapes, energy drinks and gambling scratch cards across retailers ranging from supermarkets to convenience stores.

Unlike physcial ID cards digital Age Proof cards offer much greater security from fraud, unlike physical ID which is routinely forged.

The move towards digital is set to be well received by young people, with 94% of respondents in favour of a digital form of ID that they can use on their phone, according to an auditor community survey by Serve Legal. A further 90% felt it would be more desirable than carrying a physical ID card such as a driving license or passport.

Ian Moody, co-founder and CEO for Luciditi, said: “We’re very excited at the prospect of launching the UK’s first PASS digital proof of age card as it will completely transform the way age is verified at the point of purchase. Age Proof provides enhanced data security and convenience for young people, whilst eliminating the current threat of prosecution caused by retailers accepting fraudulent physical cards.”

Age Proof cards will be able to be accessed via a smartphone app and harness QR technology to provide real-time verification – offering speed, convenience and greater data protection to young people aged 16+ and 18+.

The 16+ digital cards provide a host of benefits, allowing this age group to legally purchase energy drinks, age-restricted computer games or music and over-the-counter medication such as paracetamol, through to buying a pet or getting body piercings without parental consent.

The 18+ card includes features such as legal entry into a pub or gambling venue, the purchase of cigarettes or vapes and purchasing a tattoo. The only current restriction on the card is that the Licensing Act for the sale of alcohol only allows physical cards bearing the PASS hologram and logo as acceptable proof of age when purchasing alcohol. Changes to the law are anticipated in 2024 which will add digital PASS and make it permittable to buy alcohol using Age Proof.

Moody added: “Fake ID cards, whether they be forged physical identity cards, driving licenses or even passports, have become more and more sophisticated in recent years and have proven a major headache for retailers. We’ve developed a standards-based digital solution which brings the UK a giant step closer to eradicating the problem completely.”

Tony Allen, executive director for Age Check Certification Scheme, the world’s first dedicated conformity assessment body on age assurance and the PASS-appointed independent auditors, said: “The Luciditi Age Proof system has been subject to a rigorous audit to the published PASS standards, including ensuring security, privacy, accuracy and the inclusion of anti-fraud measures.

“It’s also a significant boost to the retail sector and is a precursor to enhanced automation, with work already underway to establish a universal transaction method across all retailers that avoids consumers needing multiple apps to verify their age. The implementation of digital verification technology across all self-checkouts and electronic point of sale (EPOS) systems will be key to this and is expected to be rolled out as soon as the Home Office complete their forthcoming consultation on digitally enhanced transactions for alcohol.”

Security and risk management spending to grow by 14% in 2024

960 640 Stuart O'Brien

Global end-user spending on security and risk management is projected to total $215 billion in 2024, an increase of 14.3% from 2023 when spending will reach $188.1 billion.

That’s according to Gartner, which says the continuous adoption of cloud, continuous hybrid workforce, rapid emergence and use of generative AI (GenAI), and the evolving regulatory environment are forcing security and risk management (SRM) leaders to enhance their security and risk management spending.

Shailendra Upadhyay, Senior Research Principal at Gartner, said: “At the same time, they are focusing their efforts by adopting technical security capabilities that provide far greater visibility and responsiveness across the organisation’s entire digital ecosystem and restructuring the way the security function operates to enable agility without compromising security.”

Spending on data privacy and cloud security are projected to record the highest growth rates in 2024, with each segment increasing more than 24% year-over-year (see Table 1). Privacy remains a top organizational priority as regulations that impact the processing of personal data continue to emerge, including those related to the use of AI. Gartner predicts that by 2025, 75% of the world’s population will have its personal data covered by modern privacy regulations.

Table 1. Security and Risk Management End-User Spending for All Segments, Worldwide, 2022-2024 (Millions of U.S. Dollars)

 

Segment

 

2022 Spending

2022

Growth (%)

 

2023 Spending

2023

Growth (%)

 

2024 Spending

2024 Growth (%)
Application Security 5,047.6 10.9 5,765.2 14.2 6,670.3 15.7
Cloud Security 4,487.4 24.0 5,616.7 25.2 7,002.6 24.7
Data Privacy 1,129.2 9.9 1,338.7 18.5 1,667.3 24.6
Data Security 3,072.9 21.4 3,692.1 20.1 4,333.3 17.4
Identity Access Management 13,944.1 13.6 16,169.1 16.0 18,556.5 14.8
Infrastructure Protection 24,089.0 19.9 28,359.6 17.7 33,319.6 17.5
Integrated Risk Management 5,157.3 9.6 5,687.1 10.3 6,277.7 10.4
Network Security Equipment 18,932.5 11.9 21,383.6 12.9 24,360.1 13.9
Security Services 73,394.7 3.9 80,835.7 10.1 89,996.7 11.3
Consumer Security Software 7,443.4 2.9 7,901.7 6.2 8,406.7 6.4
Others 8,029.8 50.1 11,365.4 41.5 14,362.8 26.4
Total 164,728.0 10.6 188,114.8 14.2 214,953.7 14.3

Source: Gartner (September 2023)

The continued growth in public cloud services will bolster spending on cloud security tools. In the cloud security segment, the combined spending on cloud access security brokers software (CASB) and cloud workload protection platforms (CWPP) is projected to total $7 billion in 2024, up 24.7% from 2023. Demand for cloud-based detection and response solutions — such as endpoint detection and response (EDR) and managed detection and response (MDR) — is also expected to increase in 2024.

Spending on security services – consulting, IT outsourcing, implementation and hardware support –is forecast to total $90 billion in 2024, an increase of 11% from 2023. Security services is expected to represent 42% of total security and risk management end-user spending in 2024, and to remain the largest area of security and risk management spending in 2024.

“In light of cyber risks increasing, cyberthreats proliferating and a changing operating environment, it is more critical than ever for organizations to build and optimize a cybersecurity program,” said Upadhyay. “It is the cornerstone of cybersecurity initiatives which help SRM leaders secure new environments, protect against the expanded attack surface, consume security capabilities in new ways and create better efficiencies through automation.”

Image by Emilian Robert Vicol from Pixabay

CCTV MONTH: Choose only the best solutions for your organisation

960 640 Stuart O'Brien

In the contemporary landscape, the importance of effective CCTV systems as a deterrent and investigative tool cannot be understated. For security professionals, selecting the right supplier and solution is pivotal. Here are the primary considerations to guide this crucial decision, informed by delegates and suppliers at the Total Security Summit…

  1. Identify Your Needs:
    • Purpose of Installation: Whether you’re deterring criminal activity, monitoring staff, or overseeing production processes, the purpose will influence your choice.
    • Scale of Coverage: Decide if you need site-wide surveillance or if specific high-risk areas will suffice.
  2. Camera Quality & Capabilities:
    • Resolution: With options ranging from Full HD to 4K, choose a resolution suitable for your needs. Higher resolution provides clearer images, but also demands more storage.
    • Low-light Capabilities: For areas with poor lighting, cameras with good infrared (IR) capabilities or starlight sensors are essential.
    • Pan-Tilt-Zoom (PTZ): For expansive areas, PTZ cameras that can be remotely controlled to pan, tilt, or zoom can be particularly useful.
  3. Data Storage & Retrieval:
    • Storage Capacity: Based on the number of cameras and desired archival duration, ensure the solution provides ample storage.
    • Cloud vs. On-Site: While on-site storage (like DVRs or NVRs) offers direct control, cloud storage solutions provide flexibility and off-site backup.
    • Ease of Retrieval: User-friendly interfaces that allow for intuitive search and retrieval of footage are invaluable.
  4. Integration & Compatibility:
    • Existing Systems: If you’re upgrading, ensure the new system integrates smoothly with existing security infrastructure.
    • Scalability: Opt for systems that allow easy addition of cameras, accommodating future expansion.
  5. Remote Access & Notifications:
    • Mobile Access: In an interconnected age, the ability to view footage remotely via smartphones or tablets is a significant advantage.
    • Real-time Alerts: Systems that notify security personnel of suspicious activity in real-time can enhance response times.
  6. Compliance & Regulations:
    • Data Protection Act (DPA): Ensure the system complies with UK regulations concerning data storage, especially if the cameras capture public spaces.
    • Installation Regulations: Some areas have restrictions on camera installation; familiarise yourself with local rules.
  7. Supplier Reputation & Expertise:
    • Testimonials & Reviews: A reputed supplier often has a trail of satisfied clients. Check reviews and ask for case studies or references.
    • After-Sales Support: Post-installation support, including maintenance and software updates, is crucial.
  8. Cost & Warranty:
    • Budget: While cost is a consideration, remember that the cheapest option might not always be the best in terms of durability and functionality.
    • Warranty Duration & Coverage: A comprehensive warranty can save costs in the long run, ensuring your investment’s longevity.
  9. Additional Features:
    • Audio: Some advanced cameras come with audio recording capabilities, enhancing the depth of surveillance.
    • Analytics: Features like motion detection, facial recognition, or licence plate recognition can be invaluable, depending on your security needs.
  10. Installation & Maintenance:
  • Ease of Installation: Wireless cameras can be easier to install but might be prone to interference. Wired solutions, while more stable, may require extensive installation procedures.
  • Regular Maintenance: To ensure optimal functionality, regular maintenance checks are a must.

Making the right choice in CCTV suppliers and solutions is paramount to ensuring safety and enhancing security measures. By weighing these considerations meticulously, security professionals can secure their premises efficiently and effectively.

Are you researching CCTV solutions for your business? The Total Security Summit can help!

Image by Republica from Pixabay

SAVE THE DATE: Total Security Summit – March 2023

960 640 Stuart O'Brien
Miss this week’s Total Security Summit? The next event will take place on March 18th & 19th at the Radisson Hotel & Conference Centre at London Heathrow – and you can secure your free delegate place today! This unique event is spread across two days and will allow you to meet with selected solution providers for 1-2-1 meetings, and gain access to live and pre-recorded industry webinars. Attendance is entirely free and flexible – fitting your requests around your time and schedule. There is an extremely limited number of complimentary passes available – Accept our invitation here.

Who is behind the latest wave of UK ransomware attacks?

960 630 Stuart O'Brien

Ransomware attacks in the UK hit record levels last year, according to data by the Information Commissioner’s Office. These attacks potentially exposed the private information of over 5.3 million individuals across more than 700 organisations.

Unfortunately, this concerning trend has continued into this year, with prominent companies and public bodies falling victim to ransomware attacks in the UK including the Royal Mail, Capita, and the Barts Health NHS trust.

Just last month, the Police Service of Northern Ireland faced a significant data breach when the surnames and initials of 10,000 police employees were accidentally disclosed in response to a Freedom of Information request.

On Thursday, Greater Manchester Police became the latest target of a ransomware attack. The breach means thousands of police officers’ names, photos, and serial numbers are at risk of becoming public knowledge. While the names of many officers are publicly available, there is particular concern regarding the identities of undercover officers.

Ian Reynolds, Director and cybersecurity expert at SecureTeam, clears up the jargon and explains how businesses can prevent and respond to ransomware attacks…

What is a ransomware attack?

Ransomware is malicious software that infiltrates an organisation’s computer network, commonly gaining entry through a phishing attack. In this type of attack, victims are tricked – often via deceptive emails or downloadable files – into downloading malware. Cybercriminals may also exploit vulnerabilities within operating systems or software applications.

Once inside the network, the malware proceeds to encrypt the data on the affected computers, effectively locking the files and rendering them inaccessible.

The cybercriminals will then offer an ultimatum: pay a ransom, usually in cryptocurrency, in exchange for a decryption tool or key. This decryption tool is the only means by which the victim can regain access to their data. The ransom demand, usually delivered through a pop-up message or a text file, may be accompanied by threats and intimidation intended to coerce the victim into making the payment quicker.

According to the Information Commissioner’s Office (ICO), 706 ransomware incidents were reported in 2022, an increase from 694 reported in 2021.

Have police forces been targeted deliberately?

Ransomware attacks are prevalent across the public and private sectors, indiscriminately targeting businesses and organisations of all sizes. According to the Information Commissioner’s Office, the retail and manufacturing industry is more vulnerable than any other UK sector to ransomware attacks, with 14% of all reported attacks.

However, this incident serves as a stark reminder that organisations, particularly those where staff details can be extra sensitive, need to be careful in vetting third-party suppliers who handle their data. People need to consider that sensitive data can be exposed whether it’s in an attack on a harmless-seeming supplier.

Who is behind the attacks?

There are numerous criminal gangs actively engaged in ransomware activities; the majority of ransomware groups are associated with regions in Eastern Europe, former Soviet republics, and notably, Russia.

Earlier this year, several prominent organisations, including British Airways, the BBC, and Boots, fell victim to an attack orchestrated by the Clop group, based in Russia. These global threats highlight the need for international bodies to address cybersecurity

Is it legal to pay a ransomware group?

Paying ransomware gangs is heavily frowned upon by UK authorities. Last year, the Information Commissioner’s Office and the National Cyber Security Centre both clarified that they did “not encourage” the payment of ransoms. Nonetheless, UK firms are making payments. The average ransomware payment by UK organisations is higher than the global average, at £1.7m.

Paying ransomware attackers does not guarantee that a company will get their data back. There have been several cases where businesses have paid a ransom and still not received their data back. In July 2021, the Travelex currency exchange company paid a £4.6 million ransom to the LockBit ransomware group but did not recover its data, significantly reducing its share price, and eventually leading to the company’s forced administration.

Do the police forces face punishment from the data regulator?

The ICO has launched an investigation into whether Greater Manchester Police (GMP) selected their third-party supplier properly and carried out a proper contracting process.

The third-party supplier in question, Digital ID, will also be scrutinised. Digital ID manufactures identity cards and lanyards for various UK organisations including several NHS trusts and universities. The investigation will likely assess Digital ID’s handling of sensitive data and adherence to GDPR. However, it’s worth noting that the ICO said last year it was planning to reduce the use of fines on public sector organisations for GDPR breaches.

How can businesses protect themselves from ransomware attacks? 

Businesses can protect themselves by using strong passwords, enabling two-factor authentication, and keeping their software up to date. They may also want to consider implementing a mobile device management (MDM) solution to help them manage and secure remote workers’ devices. Secure cloud storage ensures data accessibility and protection.

Sensitive data should always be encrypted for secure communication, both in emails and websites using SSL. Local-drive encryption prevents unauthorised access in case of device loss or theft, making it much more difficult for hackers to access company data.

The best way to protect workers from cyberattacks is to make sure they are aware of the risks and how to protect themselves. Educating employees on the dangers of phishing emails will prevent them from occurring.

My system has been infiltrated by a ransomware attack, how should I respond? 

  • Isolate the infection: Disconnect the compromised computer from the network immediately to prevent further spread. Disable Wi-Fi and unplug network cables to ensure the isolation is effective.
  • Alert relevant parties: Your IT team must be notified, as must the incident response team, senior management, and, if relevant, the legal counsel. Contact your local police force and report the ransomware incident.
  • Consider bringing in a cybersecurity expert: Engaging a cybersecurity expert will likely help you avoid more significant issues later on.
  • Do NOT pay the ransom: Remember, paying does not guarantee that you will receive your data back.

Image by Pete Linforth from Pixabay

Access Control tops the list of solutions security professionals need in 2023/24

1024 617 Stuart O'Brien

Access Control, Visitor ID Systems and Cameras are topping the list of technologies the UK’s security professionals are sourcing for 2023/24, according to our exclusive research.

The findings have been revealed in the run up to the Total Security Summit, which takes place on October 9th & 10th in Manchester and are based on delegate requirements.

Delegates registering to attend are asked which solutions they needed to invest in during 2023/24 and beyond.

Incident Management and Risk Management solutions rounded out the Top 5.

Top 10 technologies being sourced by Total Security Summit delegates 2023/24:

Access Control

Visitor ID Systems

Cameras

Incident Management

Risk Management

Project Management

Training & Education

Remote Monitoring

Business Continuity

Crisis Management

Sarah Beall, Managing Director at Forum Events & Media, said: “The way we match buyers and suppliers at the Total Security Summit gives us a unique insight into the types of products and services the industry is looking for right now. Not only does it mean we can deliver a highly-targeted B2B event with proven outcomes for all attendees, but we can deliver valuable insights into how the market is developing at what is a hugely exciting time for all stakeholders.”

To find out more about the Total Security Summit, visit https://totalsecuritysummit.co.uk.

For more information about the buying trends data and the Total Security Summit, contact Macy Townsend on 01992 374091 | m.townsend@forumevents.co.uk.