• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

Data

Data security in the new business world

960 640 Guest Blog

By Andrea Babbs, Country Manager and Head of Sales for VIPRE Security Limited

With many businesses having to overhaul their operations overnight to enable their staff to work from home due to Covid-19, maintaining as close to business as usual was an absolute priority. But in the rush to implement collaboration tools to get employees up and running for business continuity, cyber security was pushed further down the list of priorities, potentially putting organisational data at significant risk. 

Many businesses may have already had some level of cyber security protection in place, but the shift in working environments and practices means that the emphasis on data security must be reinforced. Some IT security leaders have seen a 30,000% increase in Covid-19 themed attacks, as cyber-criminals continue to use the current global crisis as an opportunity to target potentially vulnerable end-user systems. With a de-centralised workforce, there is an even greater need for employees to take responsibility for keeping sensitive company information secure, and not just rely on security software to assume the role of data guardian. 

Harder, better, faster

While the transition to remote and flexible working has been implemented gradually across many organisations over the years, the overnight change triggered by government protocol has had a dramatic impact on employee working practices. With no peer review or easy access to conversational questions to quickly ask: “does this email look strange to you?”, employees are potentially at increased risk of falling foul of phishing scams. 

Add to this the heightened pressures of staff feeling the need to work harder, faster, for longer and demonstrate how much they are actually working when at home, it’s no surprise that mistakes are made. For example, responding to emails immediately rather than taking the time to stop and think whether the email is actually genuine, or giving out sensitive information over the phone to be seen as helpful during a difficult and stressful time. 

Reinforcing responsibility

With tools to support employees that reinforce the need to think before they press send on an email, and consider whether it is authentic or not, employees can assume some of the responsibility for keeping data secure. And as 53% of data breaches are classified as insider, clearly the workforce has a critical role to play in an organisation’s cyber defence strategy. 

Businesses can support employees to avoid commonly made mistakes such as forgetting to attach a document when you wrote that you had, or sending misaddressed emails or attaching incorrect information by deploying technology such as VIPRE’s Safe Send which provides a simple safety check. This provides the user with a prompt prior to any email being sent, reminding employees to double check and confirm the addressee and what has been attached. Parameters can also be set to add certain domains to an allow list, or the solution can be deployed on a department or user basis. For example, financial data is highly sensitive, so may require confirmation for all emails, but another department may only need checks on external emails. 

Certain keywords can also be defined, so when those keywords are identified within an email – an unreleased new product name, for example – an additional confirmation is prompted before the email is sent, allowing for that all important double check that the right person is being sent the right information. 

Technology provides a vital piece of the cyber security puzzle through high quality layered protection that covers email security, web and end-point protection. As the threat landscape is arguably evolving at a faster rate than ever before, coupled with the workplace shifting to a new normal – these tools have never been more critical.

Focusing on the user is also key, educating them and empowering them to take some responsibility for data security, supported by innovative software – not just relying on the IT department. Those that adopt such an approach will be far more successful than those that rely on technology in isolation. 

The race to normality

In the rush to keep ‘business as usual’ during such uncertain times, businesses may have inadvertently made their security infrastructure vulnerable to data breach – be that from external threats or accidental insider data leakage. As we slowly make the transition from home working to moving back to the office, or transforming to a hybrid workforce, security needs to be reinforced yet again, with a combination of reminders, prompts and continuous training. 

Employees are a vital tool in a business’ arsenal, so they must be regularly trained and reminded about how they can stay one step ahead of cyber threats. But it’s human nature to make mistakes and as such, employees must be appropriately supported with intuitive technology that can spot anomalies, errors and factors that fall outside of set parameters to highlight where potential threats, scams and faults are about to take place.

Threat to corporate data from departing employees ‘underestimated by businesses’

960 640 Stuart O'Brien

More than half (51%) of knowledge workers believe the risk to corporate data from departing employees is being underestimated and bigger than organisations think, while (87%) report their former employer has never approached them to verify they hadn’t taken data when they’ve left a job.

That’s according to Code42’s new Data Exposure Report, which concludes workers believe their employers aren’t protecting themselves against the departing employee insider threat and that data theft is posing a real danger to both former and new employers.

Other key findings from Code42’s new Data Exposure Report on insider threat include:

  • Three-fourths (75%) of respondents say that their new employer did not ask them if they had brought data from their previous employer
  • One-third (32%) of respondents who had infiltrated data were encouraged by their new employers to share it with new colleagues
  • The most common forms of data taken from a previous to a new employer are examples of one’s work (38%), followed by colleagues work and financial records (both 19%)
  • 17% also took customer lists or records, just over one in ten knowledge workers (14%) also took customer’s data — which could lead to a serious violation of GDPR
  • Two-thirds (63%) of respondents who said they have taken data are repeat offenders
  • Staff have the ability to access and therefore exfiltrate: data they didn’t create (73%), data they didn’t contribute to (69%), and 59% can see data from other departments

Code42 surveyed nearly 5,000 knowledge workers at companies with more than 1,000 employees in the U.S., U.K. and Germany.

“When it comes to data loss, leak and theft, for too many companies, the inside is their blindside,” said Joe Payne, Code42’s president and CEO. “Insider threat programs are not keeping up with today’s collaborative work culture. People and data are on the move now more than ever. Workers are switching jobs, and company files are being uploaded to the web, emailed as attachments and synched to personal cloud accounts. Our new report is a wake-up call for security teams that have traditionally relied on prevention-based security strategies for blocking when the rest of their organization is busy sharing.”

Hacking

GUEST BLOG: Combatting the threat of accidental insider data leakage

960 640 Guest Blog

By Andrea Babbs, UK General Manager, VIPRE SafeSend

Cybercrime has rapidly become the world’s fastest growing form of criminal activity, and is showing no sign of slowing down with the number of attacks on businesses rising by more than 50% in the last year alone.

While most corporates have made significant efforts to invest in cybersecurity defences to protect their organisations from the outside threat of cybercrime, few have addressed the risk of breaches that stem from the inside in the same way. Insider threats can come from accidental error, such as an employee mistakenly sending a sensitive document to the wrong contact, or from negligence such as an employee downloading unauthorised software that results in a virus spreading through the company’s systems. 

We’re all guilty of accidentally hitting send on an email to the wrong person, or attaching the wrong document; but current levels of complacency around email security culture are becoming an ever greater threat. Few organisations have a clear strategy for helping their employees understand how a simple error can put the company at significant risk; even fewer have a strategy for mitigating that risk and protecting their staff from becoming an inside threat. 

So where does the responsibility lie to ensure that company data is kept secure and confidential? 

According to reports, 34% of all breaches are caused by insider fault, yet many employees are unaware of their responsibility when it comes to data protection. With employee carelessness and complacency the leading causes of data breaches – understandable when human error is inevitable in pressured working environments – there is clearly a lack of awareness and training. And while there is an obvious and urgent need for better employee education, should IT leaders not be doing more to provide the tools that take the risk of making accidental mistakes out of employees’ hands?

With simple technology in place that provides an essential double check for employees – with parameters determined by corporate security protocols – before they send sensitive information via email, accidental data loss can be minimised and an improved and proactive email securityculture achieved. In addition to checking the validity of outbound and inbound email addresses and attachments – thereby also minimising the risk of staff falling foul of a phishing attack – the technology can also be used to check for keywords and data strings in the body of the email, to identify confidential or sensitive data before the user clicks send.

In order for organisations to limit the number of insider data breaches, it’s crucial for employees to understand the role they play in keeping the company’s data secure. But in addition to supporting employees with training, deploying an essential tool that prompts for a second check and warns when a mistake is about to be made, organisations can mitigate the risk of accidental error, and the potentially devastating consequences that might have on the business. 

Email is arguably the key productivity tool in most working environments today; placing the full burden of responsibility for the security of that tool on employees is both an unnecessary overhead and, increasingly, a security risk. In contrast, supporting staff with a simple, extra prompt for them to double check they aren’t mistakenly sharing confidential data raises awareness, understanding and provides that essential security lock-step – before it’s too late. 

Voice biometrics demand to hit $2.8bn by 2024

960 640 Stuart O'Brien

The global Voice Biometrics Market size is expected to grow from $984 million in 2019 to $2,845 million by 2024, equivalent to a Compound Annual Growth Rate (CAGR) of 23.7%

That’s according to a new report from MarketsandMarkets, which says the key factors driving demand include an increasing need for robust fraud detection and prevention systems across the Banking, Financial Services, and Insurance (BFSI) industry vertical and a need for reducing authentication and identification costs.

North America is expected to account for the largest market size in the Voice Biometrics Market by region during the forecast period. The region is home to many key vendors, such as Nuance Communications, Verint, and Pindrop.

APAC is expected to grow at the highest CAGR during the forecast period with increasing investments in strengthening security infrastructure. An increasing demand for cloud-based solutions from retail and eCommerce and healthcare verticals is expected to drive the Voice Biometrics Market in the region.

Overall, the report identifies the key market players as Nuance Communications (US), NICE (Israel), Verint (US), AimBrain (UK), Voice Biometrics Group (US), Phonexia (Czech Republic), OneVault (South Africa), SESTEK (Turkey), LumenVox (US), LexisNexis Risk Solutions (US), VoicePIN (Poland), Uniphore (India), Pindrop (US), Aculab (UK) and Auraya (Australia).

Physical security services market to hit $191.7bn

960 640 Stuart O'Brien

The global physical security services market will expand at a CAGR of 11.7% by 2022 to reach $191.7 billion.

That’s according to the latest data from Transparency Market Research (TMR), which pegged the market at $110.3bn in 2017.

In its analysis, TMR says the physical security services market has a consolidative vendor landscape, with prominent players including Tyco International Limited, SECOM Company Limited, The ADT Corp, United Technologies Corporation, and STANLEY Convergent Security Solutions accounting for a lion’s share of revenue.

These players are adopting strategies based primarily on product innovations and new product launches.

Based on the type, the ACaaS segment dominated the global physical security services market and is expected to remain dominant in terms of revenue by accounting US$80.9 bn by the end of 2022.

Region-wise, North America dominated the global physical security services market and is expected to remain dominant over the forecast period from 2017 to 2022 by expanding at a 12.6% CAGR.

In general terms, TMR says the physical security services market is gaining traction due to the need for physical safety to mitigate and reduce crime and risks of the thefts.

Additionally, growing expenses for the physical safety of the infrastructure by organizations coupled with the growing adoption of the internet of things (IoT) devices are supporting growth.

Further, growing penetration of the cloud-based data storage and servers along with growing technological developments, mainly in video surveillance, are contributing toward faster growth of the global physical security services market.

Two thirds of employees don’t feel safe at work

960 640 Stuart O'Brien

Only one in three workers feel safe in their own workplace due to steps taken by their employer.

A survey, commissioned by Expert Security UK, polled 2,000 people with the question ‘has your employer taken actions to ensure you feel safe in the workplace,’ with an overwhelming response of no.

And a further 62 per cent admitted that their employer had taken some steps, but not nearly enough to make them feel ‘safe’ within the working environment.

So, what is a safer working environment? Danny Scholfield, managing director, Expert security UK, has provided tips for employers to learn from…

1. Car park

If your business has one, then your car park will be the first point of contact for your employees and customers, so it’s essential that it is secure. One of the best ways to deter crimes outside is by improving visibility, so that means ensuring that pathways, doorways and entrances are well illuminated. Eliminate as many shadowy areas as possible as these are ideal spots for attackers to hide. Consider installing emergency phone lines in easy to reach places; employees will feel safer knowing they can access help quickly and easily. 

2. CCTV

Of course, one of the biggest deterrents when it comes to any criminal activity is CCTV. Knowing they are being watched and that any footage could be used to identify and prosecute them can be a powerful way to discourage people from acting maliciously. They can also be huge tools in helping staff members feel safe.

Start by installing good quality CCTV cameras at entrances, exits, gateways and doors. A poor quality camera may do the same in terms of acting as a deterrent, but in the event that you need to use the footage, it’s important that details can be seen clearly.

3. Your business premises

Your next step should be to protect the premises of your business. Where necessary and applicable, use gates and fences to secure potential entry points and ensure that you have strong locks and fob systems in place where only staff members can gain access. You could also consider installing motion detectors and alarms that not only sound locally but can alert the authorities if a breach is detected.

4. Online safety

In today’s online world, cybersecurity is also an incredibly important step to take when ensuring that your employees feel safe as so many threats now exist digitally. You might consider investing in a training course for your staff that goes over the basics of cybersecurity, such as phishing scams, how to tell the difference between secure and insecure connections, making sure downloads are safe from viruses, and using strong passwords.

5. Workplace harassment

It isn’t just outside threats that employers should be aware of. A great deal of harassment and bullying can go on inside the walls of your business, even if you don’t know about it. Even verbal bullying can create tension between staff members and, if left unchecked, it could escalate to physical violence.

Start by making strong policies against workplace harassment and bullying a top priority for your business’ security policy, whether that means writing new policies altogether or updating existing ones. Consider sending your management team to training seminars that focus on anti-bullying and equality in the workplace, as these are the people who often see problems first but don’t necessarily have the skills to tackle them. Make sure your final policies are communicated to all staff members so they are aware of them, know what to do in the event of an incident, and feel confident that you will support them.

If all five points are prioritised and actioned, it is a great starting point to ensuring your workforce are well looked after, feel safe and work happy, so that you don’t run the risk of having only 1 in 3 feel 100% safe.

Physical security demand to hit $119bn by 2023

960 640 Stuart O'Brien

It’s been predicted that the global physical security market will to grow in value from $84.1 billion last year to $119.4 billion by 2023.

That’s equivalent to a Compound Annual Growth Rate (CAGR) of 7.3%, according to analysis from ResearchandMarkets.

Its report, The ‘Physical Security Market by Component and Services, Organisation Size, Vertical and Region – Global Forecast to 2023’ found that (deep breath) rising incidents of terror attacks, technological advancements and deployment of wireless technology in security systems, increasing use of IP-based cameras for video surveillance, implementation of mobile-based access control, and adoption of Internet of Things (IoT)-based security systems with cloud computing platforms are projected to drive the growth of the market across the globe.

However, violation of privacy related to physical security systems and services is expected to restrict the growth of the market across the globe in some instances.

The Services segment is projected to lead the physical security market during the forecast period. The report says physical security services play a vital role in enhancing the existing video surveillance system by integrating digital video surveillance with network and IT systems.

This integration enhances property safety and reduces loss from thefts. Moreover, the service segment is being continuously affected by the introduction of the integrated Social, Mobile, Analytics, and Cloud (SMAC) solution, which need proper monitoring.

The Large Enterprises segment is expected to lead the physical security market in 2018. These enterprises were the early adopters of physical security solutions and services, as they have larger revenue pool to spend and a larger infrastructure to be protected.

High spending on security, followed by the high need for securing large assets is leading large enterprises to contribute to a higher market share in the physical security market.

The residential segment faces the challenge to manage security without violating the privacy of their guests, comfort, and travel experiences. In residential premises, the implementation of access control and video surveillance security systems is growing.

The residential properties are installing access control systems to prevent invasion and burglary. Residential properties are increasingly adopting electronic lock-based access control systems. The demand for electronic products is growing with the increased home automation trend.

The APAC physical security market is projected to grow at the highest CAGR during the forecast period. This growth is primarily driven by the rising adoption of access control systems in Small and Medium-sized Enterprises (SMEs), hospitality businesses, airports, ATMs, banks, residential buildings, and religious places, among others are expected to drive the physical security market.

Security systems are expected to witness increasing adoption in APAC as the countries in the region are emerging economies with a growing number of manufacturing bases, and there is also a constant risk of terror threats in the region.

Code

GUEST BLOG: Securing SMEs for the future

960 640 Stuart O'Brien

By David Navin, Head of Corporate, Smoothwall

Cyber-attacks are nothing new, with a new threat, attack or breach making a regular occurrence on the news agenda. With a number of high profile attacks on large corporations such as Yahoo, Sony, TalkTalk and Camelot, it is easy to think that cyber criminals only go after the big fish.

In fact, security expert Dr. Emma Philpott recently stated: “There’s a lot of great talk, but most SMEs do nothing about cyber-security. It’s shocking.”

Although it may sound harsh, Philpott was actually simply confirming what the majority of the security industry will tell you; that SMEs rarely have clear, actionable measures in place which present a rather inviting opportunity to hackers and threat actors.

Research last year found that 48 per cent of SMEs fell victim to at least one cyber-attack in the past year, with 10 per cent targeted multiple times. It begs the question, therefore: why do SMEs not consider their cyber security as important an issue as large enterprises?

Last year in the UK there were 5.4 million SMEs, making up over 99 per cent of all UK businesses, making them absolutely crucial for the UK economy. With such importance placed on UK SMEs, it highlights the sheer importance as to why the security problem is so serious and needs to be addressed.

It isn’t that SMEs are over-confident or ignorant to the threat of cybercrime. The majority of SMEs suffer from an inferiority complex and believe they are not at risk because they are not big or important enough to be a target for hackers.

They could not be more wrong.

Consumers share their data with SMEs on a daily basis, with many large companies working with SMEs as part of their supply chain. This makes SMEs a very attractive proposition for criminals looking to get hold of valuable data – be it corporate or personal. By playing a part in the supply chains of larger companies, they can be exploited as back doors into their larger partners, providing cyber criminals with a passage to attack the ‘bigger fish’. Security is another issue as well. Aside from the value of the data they hold, SMEs provide a bullseye for threat actors as they tend not to have the same level of security in place as their larger counterparts. This means they are not only an appealing option to hackers, they are often an easy one.

Constant vigilance

With the increasingly common Advanced Persistent Threat (APT), there is more chance that a cyber-attack has been set out to steal data rather than to cause damage to the network or organisation.

Mitigating against such attacks is very challenging and larger businesses invest in highly complex security systems to protect themselves. It is often the case that SMEs don’t feel they can afford such investment, but the truth is that there are some security measures that can be taken without huge cost.

There are five fundamental security measures every business should have in place: web security with perimeter firewall, application control, network segmentation, IPS (Intrusion Prevention Systems) and email security. By implementing these, SMEs can begin to build a defence with these security pillars as their foundation. As the business grows, further investment can be then made and built on top of this. 

Go small to win big

SMEs can take no chances. If found to be the weak link in a large organisation’s security defence, it is likely that they will lose that partner and the hundreds of customers that come with them, and the reputational and financial damage that will result could be catastrophic to a small business. We have already seen how a cyber-attack can affect a company’s prospects, with Yahoo’s acquisition by Verizon cut significantly as a result of its 2014 hack, and SMEs can be subject to the same consequences as well.

This is why, alongside having the core five defences in place, SMEs must adhere fully to security regulation. We know compliance is a painful process for SMEs – it can be time-consuming and therefore costly. There is no avoiding compliance, even if it does not necessarily lead to better security, but what it will always do is protect relationships with larger partners. Coupled with at least a basic level of security, the SME becomes far less appealing to a hacker.

Companies, no matter their size, need to have all the measures in place so as to keep their data watertight and relationships safe. Reputation for any company is built from the bottom up: prevention before cure, or face the ignominy of a potential debacle, TalkTalk-style.

Total Security Summit logo

Crises, CCTV and Cyber Crime top the total security summit

800 450 Jack Wynn

The global landscape has experienced a rather monumental change over the last year, with security being more relevant than ever as we go into 2017.

The first Total Security Summit of the year is determined to address these issues and uncertainties in a bespoke two-day event for security professionals.

Meet, share, connect and debate business relevant to your current and future projects with matchmade face-to-face meetings, experience a day of dining, drinks and discussion as you network with fellow business professionals and attend seminars covering a range of relevant topics.

Reaching a landmark age in political global challenges and uncertainties, it’s vital to prepare for the future, protecting crowded areas, addressing terror threats and discussing counter-terrorism is Dr Anna Maria Brudenell, Lecturer in Military and Security Studies,
Cranfield Defence and Security for the first seminar on Global Security Strategy.

As terror threats continue to rise and evolve without warning, discussing and understanding the implications is crucial to develop your security in a crisis. Chris Phillips, Managing Director, International Protect and Prepare Security Office (IPPSO) is presenting seminar 2 on Crisis Management and Communications

Video surveillance is being used in greater quantity and with higher quality expectations, with Britain among the leaders in CCTV operation, but are the benefits worth the cost? With few resources and increasing legal parameters, Simon Lambert, Independent CCTV Consultants, Lambert Associates is discussing  CCTV and Video Surveillance in seminar 3.

axis-excell-4

John Marsden, Head of Fraud, Equifax, is discussing how to identify and tackle theft as it happens, assessing risk, detecting threats and ensuring on-going training in Seminar 4: Keeping your Business’ Cash and Assets Safe and Secure

Going into your second day, and following morning networking, James Willison, Founder, Unified Security Ltd goes digital. As our dependency on technology grows, many companies are more vulnerable than ever, between data and privacy risks to ransomware, hackers are becoming more sophisticated, and businesses need to adapt quickly for Seminar 5 on Cyber Crime – the United Security Response.

With a continuing rise in companies at risk of fraud, from physical fraud to high level hacking, security needs to be tight across the board, and the final seminar before more discussion and networking addresses these fears. Fraud Prevention with David Lee, Fraud Prevention Manager, Transport for London sees the summit almost to a close.

Taking place between the 13-14 March at the Radisson Blu Hotel, London Stansted, this year’s Total Security Summit is the industry go-to for professionals.

To secure a complimentary delegate place at either of the two annual Total Security Summit events, call Liz Cowell on 01992 374 072 or email l.cowell@forumevents.co.uk.

Or, to attend either event as a supplier, call Nick Stannard on 01992 374 092 or email n.stannard@formumevents.co.uk.

For more information, visit www.totalsecuritysummit.co.uk.

Residents in large cities expected to give up data

960 640 Jack Wynn

50% of citizens in big cities are predicted to share their personal data to benefit from ‘smart cities’ by 2019.

Analysts at Gartner believe the ‘hyperconnectivity’ of a smart city will mean residents will voluntarily give up information to benefit from government and commercial collaboration.

Data sharing is already constantly happening on a small scale, but it is expected to accelerate and expand due to demand for efficiency and convenience.

Many are already sharing their details with VPAs, or virtual personal assistants, who simplify the process by filling out long forms and paperwork for you.

Governments are already beginning to adapt to the change, and are expected to generate revenue from open data, with 20% of local government organisations expected to benefit from this by 2020.

“Open data portals in cities are not a new thing, but many portals today have limited machine readability and therefore limited business value,” said Gartner research vice president, Bettina Tratz-Ryan, “the city becomes ‘smart’ when the data is collected and governed in a way that can produce valuable real-time streams, rather than just backward-looking statistics or reports.”

Some cities have already begun to make changes to their interface. The Copenhagen Data Exchange is already making moves to connect citizen data, but the process isn’t yet real-time.

The most important part, according to Gartner, is to remodel the data to generate profit. The key to monetisation will be to create an automated and streamlined service in order to organise patterns.

“Users will have a number of options to ‘pay’ for data access depending on the use case,” said Ms. Tratz-Ryan. “A normal citizen may simply participate via data democracy and have free access in return for providing their own data, whereas commercial use may require sharing revenue with the data owner, or buying a license to access an enriched data source.”

  • 1
  • 2