Risk UK March by ProActiv Publications Ltd. - Issuu
I'm looking for a Recruitment Coordinator to join our team. Use them to create a mood in any area you meet and greet clients ▻ Use them in boardrooms and. Claire Salisbury. Area Sales Manager - Home Counties & West Region. Technical. Aaron Banton. Technical Support Engineer. Oliver Genders. Technical . fabula-fantasia.info Ltd, Unit 4 Iceni Court, Icknield Way, Letchworth, Hertfordshire, SG6 1TN Company Registration No: | VAT Registration.
PHI data fields from those breaches included emails, social security numbers, banking and employment information and medical records. Interestingly, healthcare has hung on to its 1 ranking even though the second half of has yet to see the same level of large-scale breaches affecting the healthcare industry as seen in the first half. Top industries per records compromised Jan 1 — Oct 31 Other 2.
The healthcare industry holds first place by a small margin over computer services in terms of records compromised in the first ten months of Both incidents clearly demonstrate the dangers posed to healthcare by external adversaries.
Yet, the threat from inside should never be overlooked. In fact, one of the largest healthcare breaches of the last five years was the compromise of a provider of software services to the healthcare industry.
Nearly 50 per cent of healthcare breaches have an undisclosed attack type In almost half of the healthcare breaches sampled, the victim organisation has not to date disclosed exactly what type of attack they sustained see Figure 3. This may be because they did not know at the time the breach went public, or they were in the process of investigation.
When the attack type is not revealed, the public may raise important questions about security posture and handling of the attack.
Was a cybersecurity incident response plan in place? Was an emergency response services team engaged? Were there comprehensive auditing capabilities for at least the critical systems, particularly those containing electronic PHI? In another scenario, perhaps the breach was still under investigation and the victim planned to disclose the findings later.
Knowing how other organisations in an industry are being attacked helps security professionals determine where risk must be addressed, which in turn helps everyone spend security dollars more effectively. Data is a sampling of notable incidents for each year and not a full representation of all incidents. There are several actor profiles within this category: With phishing and malware accounting for nearly 24 per cent of disclosed attacks, the impact of social engineering and the inadvertent actor on the healthcare threat landscape is clearly significant.
Prevalent attacks targeting the healthcare industry IBM Managed Security Services MSS continuously monitors billions of events reported every year by thousands of client devices in over countries.
Analysis of the data accumulated between January 1,and October 31,reveals some interesting findings about attacks against the healthcare industry. Malicious documents and sites Fooling victims into opening malicious documents or clicking on links to malicious sites are proving to be very successful attack methods in the healthcare industry, with the document angle appearing preferable to the link approach.
As we explain below, spear phishing increases the effectiveness of these attacks.
Meet the ezCCTV Team
Shellshock One of the threat game changers forShellshock is the number two attack vector, making up just over 16 percent of the attacks. Attackers are looking to exploit existing functionality in applications rather than risking malware detection that would thwart their success. This type of attack has been prevalent across other industries in addition to healthcare.
The IBM report The price of loyalty programs highlights an upward trend in brute force attacks targeting account passwords. Successful exploitation could allow an attacker to access user profile data or confidential documents stored on the web application or server. This active scripting language is not supported in Internet Explorer Healthcare organisations running earlier versions of Internet Explorer are at risk of attackers using VBScript to execute arbitrary code on a vulnerable system.
We address the use of legacy applications more fully later in this report. Like older applications, non-sanctioned applications can present a problem. IBM MSS found that healthcare industry employees use a number of applications, from file sharing apps such as Dropbox to apps like TeamViewer that facilitate online meetings, which may or may not be officially sanctioned by the organisation.
Bringing end user devices into the security fold can be difficult, presenting attackers with an additional attack vector. Credit card data is an ingredient, but there can also be email addresses, social security numbers, employment information and medical history records. That information opens victims to spear phishing campaigns and can be used against them in all kinds of ways: IBM researchers estimate that medical images are by far the largest, fastest-growing data source in the healthcare industry, accounting for at least 90 per cent of all medical data today.
Criminals can combine the knowledge gleaned from these images with the other data they find in medical records to custom-tailor their scams or attacks. A victim whose images show rheumatoid arthritis, for example, could be targeted with a tailored email campaign for pain relief and persuaded to click on a link to a fictitious pain management site, thus downloading malicious code.
Since many EHRs include financial and employment information, sifting through data to find suitable victims for a fraudulent health plan or discount medical card can be a simple job for a scammer. Medical records are also highly prized for use in medical identity theft, a crime on the rise.
Like the identity thief, the spear phisher mines the rich vein of data buried in health records for easy money — and the more data acquired, the sharper the spear or social-engineering hook in a spear-phishing email.
As we saw in the Dyre Wolf campaign, an attack targeted at the banking industry, which resulted in millions lost by targeted organisations, some of the most elaborate, sophisticated multi-step attacks begin with an appropriately calculated spear-phishing email. That is because the sheer number of devices is going to grow exponentially.
Although manufacturing, utilities and transportation are the major IoT industries at play, healthcare is also in the game. Why is the proliferation of IoT a security concern in the healthcare industry? A review of some of the medical devices used in hospitals, homes or both—surgical and anesthesia devices, ventilators, drug infusion pumps, external defibrillators, patient monitors, and laboratory and analysis equipment, to name just a few—paints a troubling picture.
Over the last few years, researchers have been uncovering vulnerabilities in these devices, many of which play a vital role in supporting or sustaining life. Inthe Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, released an alert warning of a hard-coded password vulnerability affecting about medical devices across approximately 40 vendors — in terms of sheer numbers, a huge discovery. Remote attackers might modify critical settings or device firmware, and disturbing realworld scenarios could ensue: Finding connected medical devices to target is as easy as visiting Shodan, a well-known search engine that allows users to locate Internet-connected devices.
Attackers might want to exploit devices to cause injury or death, which is an obvious and serious concern. Another scenario is security compromise for financial gain i. Attackers are known to diversify their targets and could very well threaten to apply the DDoS extortion attack vector to medical devices.
Theft of data via devices is also a risk. One can wonder if the healthcare industry has this potential problem in their sights. Food and Drug Administration, device manufacturers do not yet regard the resolution of vulnerabilities resulting in information disclosure as a top priority.
For example, earlier this year researchers disclosed a flaw in the way thousands of popular mobile applications, including medical apps, store data online, rendering the applications exploitable by attackers.
It is clear that mobile applications in the hands of both consumers and medical staff can be attack entry points. A growing number of healthcare organisations are using software as a service SaaS in the cloud to host applications and data and to improve costs and efficiency. Health information exchange HIE systems that allow for the mobility of healthcare information electronically across distinct systems are increasingly cloud-based.
Federal and state incentive programs in the US encourage the use of HIEs, but some healthcare organizations have been reluctant to move towards a cloud-based system because not all cloud services vendors offer HIPAA business associate agreements. The web browser is a popular attack vector, but not the only one. According to one source, as of SeptemberMicrosoft Windows XP holds over 12 percent of the installed operating systems for desktops, yet Microsoft ended technical support and security updates for Windows XP operating system on April 8 That 12 per cent is dispersed across many industries, but it includes the healthcare sector—leaving vulnerable systems open to exploitation.
Migration to newer versions of an operating system or web browser requires time and money, and a lack of funding may be one of the fundamental obstacles to improving the security posture of the healthcare sector. As a survey released last year by the Healthcare Information and Management Systems Society reported, nearly half of the responding healthcare organizations spend three percent or less of their IT budget on security.
The percentage may be slightly higher on average today. This may not seem sufficient to cover what might be required—i. A recent report highlights that the ideal spend on security is Even with adequate funds, some organisations are unable to migrate off of legacy platforms because their equipment is incompatible with newer versions of Windows, or drivers for newer versions of Windows are not available for expensive equipment such as CT and MRI machines.
Unfortunately, legacy operating systems and dated applications are only one facet of a many-sided dilemma. Healthcare companies may still use heritage processes without updating security practices around them.
Many organisations, even those that have adopted electronic health records, are still keeping some form of paper records. Bags full of private, confidential medical documents are still being found in trash bins — a perfect example of a route to security compromise. In addition, failure to implement reasonable safeguards to protect PHI when disposing of medical records violates HIPAA rules and could result in fines and penalties. When the organization is keeping electronic health records, is the PHI encrypted?
Healthcare organisations may feel the pressure of this issue more acutely than those in other sectors because of the sensitivity, volume and velocity of the data traveling through their networks.
The fact that attackers can see them as a rich environment for stealing data and threatening harm of immediate physical or financial consequence speaks volumes for the pressing need for healthcare organisations to assess risk, address issues and focus investment.
Where should limited funds be focused? Healthcare organisations that have placed someone in charge of security strategy, worked out an incident response plan, and made wise choices about data protection policies will fare better when they face a potential breach or compromise.
Who is running the show? Security problems left unmanaged will take root and run amok, so they must be managed, and someone has to be in charge. In large organisations, that person should be a full-time Chief Information Security Officer CISO who can help steer the overall security strategy and budget.
CISOs answer the burning question: Is the organisation making the right calls on security-related solutions? Smaller organisations may not require a CISO, but they should still have a dedicated information security person with the power to make risk-benefit decisions that improve the overall security posture of the organisation.
The roads may be unsafe and the supermarkets closed. In both scenarios, what you need most of all is preparedness. Specifically, the cyber threat to your organization calls for an incident response plan, or IRP, that helps you comply with HIPAA and other regulations. Plus it can change your security stance from reactive to proactive, potentially saving you a great deal of time and money. Your IRP should be a dynamic document reviewed regularly, with changes made wherever they are needed following an incident.
But well-documented procedures go only so far. Every organization must also have staff capable of carrying out the IRP and calming the chaos of a security incident.
Our system works wirelessly over 3G networks and it can also use satellite transmission for hard to cover areas.
At any one time we have at least three trained staff in our Lincolnshire control room. Whether an intruder activates an alarm, is seen on camera or is picked up by a movement detector, our wireless security products send a signal via the mobile networks alerting our control room. Voice alarms warning intruders can also be activated remotely. TAG products create a virtual fence on sites, but you also need physical security.
Because ArmaWeave is woven and has no welds, it can be made from high tensile steel giving it substantial resistance to cutting attacks with hand, powered and non-contact tools.
The tight mesh pattern provides no climbing aids, again limiting the potential for intrusion. The company created a system specifically to provide maximum security in temporary installations for the London Olympics. Working with energy generating products can be hazardous. A major threat when working with highly flammable elements, such as oil and gas, is fire. An early warning smoke detection system can be instrumental in buying time to respond to the fire threat and minimise losses.
The detectors can be positioned in easy to access and maintain areas but, at the same time, sampling pipes can be inserted into hard to reach or closed areas, such as electrical equipment enclosures. If an accident occurs or there are fatalities, it is essential the company knows how many and who was on site through a Persons on Board report. This can be done by taking the data from the access control system integrated into gates, barriers and turnstiles on the perimeter, providing a report for emergency services to tally against.
Each company and site needs to be assessed on a case-by-case basis to decide what security measures are needed. Is it perimeter control to ensure that sites are secure from the public? Is it access control to ensure certain high-risk areas are not accessible to certain employees?
A security company needs to work with the site manager to establish what the key needs of the business are and can then create a tailor made solution for that particular site. In poor light these amazing HD cameras deliver a clear color image where others show only black and white.
And in extreme low-light they deliver a black and white image where others show no image at all!
Add the Bosch Video Security app and overcome the bandwidth barrier so you can view HD images from anywhere. See video security in a new light at www. At the same time, in the event of an incident, rapid sub-second recovery of the network is required in order to minimise disruption to operators. The solution should also alert all the required operators as to what has happened and where in the network the incident occurred, so that any remedial action can be taken.
Network redundancy is therefore a key factor in selecting the most appropriate solution. Ensuring that high definition IP video of critical infrastructure is always available, while minimising deployment and running costs, are equally important. F Solution In order to minimise installation costs, the ideal solution is a full Power-over-Ethernet PoE deployment at video camera locations, while connecting to a full gigabit multi-ring When selecting a suitable switch, vibration is often overlooked.
This is particularly important if the switches are installed close to a motorway or railway line 16 www. However, this power rating may not be sufficient for the latest high power cameras, particularly the units that offer PTZ pan-tilt-zoom functionality. Many IP cameras now have integral motors and drives or other features such as fans or heaters. Some switch manufacturers may only offer units that satisfy the normal PoE power standard i. The latest IEEE standard is designated as Other advantages are that POE switches offer a variety of manageable features, including: Power Scheduling — the system can be set up to schedule provision of power to end devices, which can be switched off at certain times of the day when they are not needed.
For example, a security camera in an office car park may be switched on only between the hours of 8am and 7pm. Power Priority — if there is a power drop over the network or emergency back-up power is required, the system can be set up to provide In order to minimise installation costs, the ideal solution is a full Power-over-Ethernet PoE deployment at video camera locations power to only the most critical end devices in the network.
Ring Redundancy Demanding new IP video applications require seamless video throughput. The end customer considers any breaks in video feed as unacceptable. This includes not only live monitoring of video, but also recording of video for later review, as well as live analytics for monitoring doors, areas and any other location of interest to security operators.
Ring redundancy is therefore a critical factor. Ring recovery times may need to be down to subseconds e. Today, network topologies therefore require more complex offerings than standard single ring designs. The world is moving towards multiple, interconnected ring topologies. This standard is designed to eliminate all the network conversation between devices to keep the network traffic to an absolute minimum. Hardware Specifications In security and surveillance applications, typically at least one managed switch in a ring is located in the main communications room, with the majority of switches installed at the point of the camera, for example, pole mounted at a main gate in a small junction box at the side of a railway line or motorway.
Here, the main factor to consider is the temperature rating of the switch. In these environments, ruggedised switches will need to be deployed. These switches have typically undergone rigorous specialist Demanding new IP video applications require seamless video throughput.
The end customer considers any breaks in video feed as unacceptable 18 www. When selecting a suitable switch, vibration is often overlooked. This is particularly important if the switches are installed close to a motorway or railway line. For very harsh environments such as waste recycling plants, where highly corrosive gases occur, or for very high humidity conditions, optional special coatings can be applied to switch components to prevent parts actively corroding.
Software All managed switches typically have a full software suite that allows for complete configuration into any network topology. As with all software, patches and bug fixes are required from time to time. These are standard across all reputable switch manufacturer ranges and are typically provided free-of-charge to customers.
Allowing software updates also offers the opportunity of providing the customer with new additional features to an existing hardware platform as these are developed over time. Inthe Met Police stated that 1 in 6 crimes are solved thanks to these solutions. And with the technology improving, expanding and becoming more accurate through the years, we can expect these numbers to continue to grow. The introduction of a code of practice for publicly-owned CCTV systems last year was a great step forward for our industry.
As a section we welcomed and supported it; although it initially only covers a tiny proportion of CCTV systems, it is an important achievement to promote best practice when using the technology.
However, we are clear that it is not just government and local authorities that need to know how to maximise the potential of these systems. Last year, we launched a successful piece of research based on a study of the number of CCTV cameras currently used in the UK.
Therefore, a key focus for our industry in will be to make guidance and advice available for this side of the end-user spectrum. Inwe started this work by holding some successful seminars to help CCTV users to navigate the latest regulatory and technological developments in the sector. Events were held in Scotland, Leeds and Windsor. At the event he said: Another area that continues to be critical to our work as a section is making sure the industry is responsive to technology developments.
Remotely monitored CCTV cameras continue to be an effective and popular choice to secure sites while improving the efficiency of the security operations. This constantly evolving technological landscape means the industry needs to remain responsive while continuing to guarantee the quality of the products it offers.
And this is true not only for the UK market. In the current economic climate we are seeing more and more CCTV manufacturers looking abroad for exporting opportunities. With developments in IP and wireless technology set to drive buying behaviour in overseas markets inthere is a real opportunity for responsible UK companies to shine.
The Middle East in particular has become a key market for our industry inand will no doubt continue to gather momentum as we move deeper into CCTV is one of the most important security developments of the recent years, but the success of any system requires a diligent approach to planning, design, installation, maintenance and operation, as well as the use of quality products. The BSIA is committed to developing and sharing best practice to drive up standards in our industry.
It is important that we retain their trust and confidence in The introduction of a code of practice for publiclyowned CCTV systems last year was a great step forward for our industry 19 www. The show hosts technology, equipment and services alongside a high level education programme designed to protect against the evolving security threat. Here we look at just a few of the products and services on show from th April at Olympia, London. Alford Technologies Alford Technologies will be launching a new lightweight disruptor, the 1 Litre Bottler Lite user-filled explosive disruptor and Squid Tape, the underwater non-adhesive fixing tape at the Expo.
Bottler Lite and the standard Bottler ranges are omni-directional explosive disruptors that come in a range of sizes. The Bottler Lite range already consists of a 0. As with the other Bottler Lite products, the new charge can accommodate one of three different explosive loads to deliver the same omni-directional effect, but with a higher water to explosive ratio than the original 1 Litre Bottler giving a more controlled and precise disruptive effect and less collateral damage.
This, says the company, makes them ideal for use against soft-cased IEDs or in urban or indoor applications. Squid Tape is a silicone-based nonadhesive tape which can be used in air and underwater for joining or tying items together or for fixing charges to targets.
While non-sticky to the touch, it is adhered and bonds to itself even when completely submerged. Stand J50 Fischer The Fischer Rugged Flash Drive is a tough memory stick, designed for safe storage and transportation of sensitive data in harsh environments.
It is suitable for use with ruggedised computers. The Fischer circular connector interface, combined with durable encapsulation technique, guarantees data safety in case of loss or theft. Fischer Rugged Flash Drive is equipped with high speed flash memory, signalling and protocol certified, and available from 4 Gb to Gb.
FaceVACS-Entry is ready for integration into electronic gates eGates which provide travellers with electronic passports ePassports the option to pass through automatic passport checks.
Cognitec says it has optimised the system to ensure efficiency and ease of use for travellers while capturing images that guarantee high verification accuracy, thus fully complying with guidelines set by the European Border Police Frontex.
Security Solutions Today : Mar-Apr by Security Solutions Today - Issuu
A proprietary sensor, able to distinguish between human faces and artefacts like printed images and masks, detects presentation attacks. Stand D65 22 www. Reported to offer a rapid, low cost installation, the Mantis is listed as a viable alternative to deep mount static bollards. The Mantis is available with a range of stainless steel covers, finished in a variety of colours.
The Mantis offers a static solution with a true excavation depth of only mm. No precasting of the pit is required, nor is any additional rebar.
This means that the Mantis will arrest a 7. In the impact the structure of the bollard remained intact, ensuring continued protection against further attack. The lens zoom range is 12 to 66mm, and when the internal 2.
With 1,mm focal length at over m distance, the field of view is 2. The extremely high magnification in combination with HD resolution means a person can be identified at distances in excess of m.
Therefore, this lens is ideal for video surveillance in sports stadiums, city centres, air ports, harbours, as well as border control, intersections and roads. This flexibility provides benefits for both installers, who are able to install the product quickly and easily without the need to learn how to operate a new system, and for users who can choose a solution that has both residential and commercial benefits.
This feature enables users to arm only the sensors needed to protect the house perimeter or isolated areas of the house. It also provides a silent mode, removing audible tones during arming and hence allowing users to set the alarm without disturbing others in the house.
This feature allows for easier programming for user set-up, which saves installers time on the job. This provides benefits for installers allowing them to take advantage of fast, reliable signalling solutions without the need for extensive training or prolonged set-up times. The new compact housing design provides an ideal solution for systems that do not require several additional add-ons to the basic panel and where space is limited. The new housing provides benefits to installers for quick and easy installation in both residential and commercial settings.
The prevalence of smartphones and tablets means that mobile applications are becoming an increasingly popular way of providing services to consumers.
Accessing Galaxy Flex via its mobile app allows easy remote control of the system at the touch of a button. Features such as status reporting, set and unset, control of groups, outputs and detailed log information can all be accessed on the go. What is the alternative option for systems without it? This provides several benefits to installers as they do not have to be trained to install it or have to stock separate residential and commercial products.
Everyone is talking about remote access via phones and tablets, but are people actually using it? The feedback we are receiving is that people are using remote access via their mobile devices.
With the growth of portable devices such as smartphones and tablets it makes sense for customers to use remote access as they can control their entire security system on the move, saving them time and offering added convenience.
The demand for remote access via mobile devices is something that we are seeing grow across the industry. Is speeding up the install time the main benefit of the new housing design? Every aspect of the new housing was designed to help installers do things faster and more easily in comparison to tradition metal enclosures. Everything from the moulded inserts to accept the optional peripheral boards, to the ABS material to allow wireless devices to be clipped into the same box, and the snap-on hinged lid has been specifically designed to speed up install time.
Fatalities caused by fires in England dropped by a third to in the six months April-Septembercompared with the same period ten years ago, according to the Dept for Communities and Local Government. There were also 94 deaths due to accidental dwelling fires during April to September.