9 December 2015

How the JD Wetherspoon breach could have been prevented

How the JD Wetherspoon breach could have been prevented Pat Clawson, CEO at Blancco Technology Group looks at the potential causes of the JD Wetherspoon breach and the measures that could have been taken to prevent it. How could this have been prevented? Is there any valid reason for this database not to have been securely erased when JD Wetherspoon moved to a new provider? One thing that’s interesting about this data breach is that the leaked information was housed on a database related to an old version of JD Wetherspoon’s website that’s since been replaced. When a company decides to replace old websites and launch ones, it’s not a decision that’s made quickly and months of planning go into it. So when that decision was made, JD Wetherspoon should have also created a plan to remove all data completely and permanently from the old database. This would have required identifying a technology solution that could do this, as well as establishing clear processes, documentation and training/communications to all internal departments. Who do you think is most responsible for this breach? Is it the third party who failed to protect/destroy this sensitive data or JD Wetherspoon for failing to ensure their supplier took the appropriate actions? Whenever something goes wrong, people often get lost on focusing on the wrong things – pointing fingers, placing blame and evading responsibility. It’s not about saying one party is 100% to blame. When JD Wetherspoon chose to sign a contract with an third-party vendor to host its (old) website, it immediately took on the responsibility for managing that relationship and doing due diligence on the vendor’s systems and processes being used to house its website. To blame the vendor for the delay in discovering the breach is just irresponsible and it points to a major weakness in how JD Wetherspoon’s internal IT and technology teams managed the relationship with the vendor. There’s no justifiable reason for JD Wetherspoon to not have taken these precautionary data security measures. But it’s also a very common and frequent oversight made by many companies. Even though things like ‘breach notification’ are being pushed heavily with new legislation like the General Data Protection Regulation that’s close to being finalized in Europe, the true definition of secure data removal – or data erasure – just isn’t known enough or discussed enough. And a lot of the times, companies mistakenly presume ‘deleting’ data is the same thing as ‘erasing’ data. But it’s not and that’s where you see companies like JD Wetherspoon and Ashley Madison getting into serious trouble. But that doesn’t mean the third-party vendor who accepted the contractual responsibility and fees to host JD Wetherspoon’s old website isn’t responsible either. The vendor should have been forthcoming and transparent in giving JD Wetherspoon’s IT teams access to view their internal data security processes, data removal methods, tools and technology implemented, documentation and most importantly, communication that the breach had occurred at the time that it did, not months later after the fact. Does this point to a wider issue within data lifecycle management and what happens to information that no longer needs to be stored? The breach itself and the tone of JD Wetherspoon’s response point to a wider issue. All too often, companies think about data security in terms of physical assets and devices. Instead, organizations need to plan for the entire data lifecycle – from creation to storage to finally, secure and permanent removal. Here’s why. There are a lot of different deletion methodologies that exist. The approach you choose depends on your risk tolerance, security posture, your policies and the specific types of data being stored. And one of the biggest lessons from last year’s data breach at Sony is that there’s really no such thing as ‘unimportant’ data. Although most data protection laws and regulations are focused on protecting customer and employee data (and possibly financial data if you’re a public organization), and most organizations are extremely sensitive and vigilant about protecting their intellectual property (from product designs and manufacturing processes to customer lists and go-to-market strategies), few think about the skads of supposedly mundane data contained in everyday emails or employee spreadsheets. But even seemingly unimportant data could cause serious damage to the customers in question and to the companies who failed to stop the breach from occurring. [su_button url=”http://www.blancco.com/en” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about Blancco Technology Group[/su_button]

How the JD Wetherspoon breach could have been prevented Read More »

Comelit scores with customers at Old Trafford

Comelit scores with customers at Old Trafford

Comelit scores with customers at Old Trafford Last month, Comelit invited installers, consultants and specifiers to a seminar about enhancements to its ViP door entry and SimpleHome home automation systems. The event was held at Old Trafford, Manchester, and included a tour of the iconic football stadium. ViP is a market-leading audio/video IP door entry and resident information solution that exploits a peer-to-peer (P2P) architecture. As ViP is not server-based, it also avoids any single point of failure. The system uses Cat5e or higher and frequently forms part of a site’s existing structured cabling, thereby minimising installation time and producing a green solution. Comelit executives showed delegates at the event how a ViP installation can have an unlimited number of stations (entrance panels and internal units). They also demonstrated how installers can perform system configuration, monitoring and maintenance from a remote base through ViP’s Gateways, switchboard and Call Log Client. Integrators who had previously used the Comelit concierge unit at their sites were invited to test the new virtual concierge, which features intelligent alarm management and call queuing. Off-site control with Apps The seminar content stressed that Comelit products empower users by allowing them to monitor their visitors and even grant access by viewing entry panels from Android or Apple apps on their smartphones and tablets. This can be achieved through Wi-Fi, 3G or 4G. The speakers underlined that installer convenience is essential for Comelit. Its Multi-User Gateway means multiple apartments within a building can be connected, with no need for additional cabling. Where an installer wants to mix and match from different vendors, ViP can interface with Crestron/AMX etc. Integration with third-party phone systems is achieved through an IP PBX interface. Enhancing lifestyles Comelit has developed a comprehensive home automation system called SimpleHome. SimpleHome allows customers to make sure that domestic devices adapt to their lifestyles. An Icona door entry monitor in their apartment provides sophisticated door entry features. The monitor’s touchscreen technology also allows residents to automate and pre-programme multiple domestic devices and, as with ViP, SimpleHome gives users options for remote management using smart devices. SimpleHome can be adjusted to meet both site-wide requirements and individual resident preferences. Power usage can be fine-tuned in many ways (notably with lighting management) and simulated occupation is an interesting option when residents are away from home. Jeremy King, National Specification Manager, Comelit UK, said: “This annual event briefs clients on developments in our continually evolving full-IP door entry system, ViP, and the way our SimpleHome product enhances users’ lifestyles. Guests really enjoyed the tour of the football stadium. Our trophy cabinet may not be quite as full as Manchester United’s yet, but Comelit has already won the Merlion Award and a Red Dot Award for product design.” [su_button url=”http://www.comelitgroup.com/en-gb/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about Comelit[/su_button]

Comelit scores with customers at Old Trafford Read More »

New CyberArk survey on security programme effectiveness

New CyberArk survey on security programme effectiveness Seventy-nine percent of IT security professionals report to executive management on compliance, yet 59 percent say threat detection metrics are most critical New industry research sponsored by CyberArk (NASDAQ: CYBR) finds that one-third of CEOs and 43 percent of management teams are not regularly briefed on cyber security issues. Additionally, while 79 percent of IT security professionals are reporting on compliance metrics to demonstrate security programme effectiveness, 59 percent state that threat detection metrics are most important. An independent survey of global IT security professionals, “The Gap Between Executive Awareness and Enterprise Security,” drills into the types of metrics used to measure security programme effectiveness, frequency of reporting, and other factors such as budget and skills. The cyber security gap: Executive awareness and responsibility The survey shows that 60 percent of respondents believe their organisation can be breached. As cyber attacks grow in aggression and impact, CEOs and boards are being held accountable for the security posture of their organisation. A closer look at the perceptions of IT security practitioners regarding executive cyber security leadership provides some clues into what’s driving a lack of alignment: • 61 percent believe that CEOs do not know enough about cyber security; • 69 percent say cyber security is too technical for their CEO; • 53 percent think that CEOs make business decisions without regard to security; • 44 percent believe CEOs simply do not grasp the severity of today’s risks. IT security professionals need to properly educate executives While IT security professionals are relying on executive level leadership on security issues, CEOs are increasingly relying on their IT security teams to provide them with the security information that matters. The survey shows that the cyber security awareness gap may be driven in part by the need for security teams to properly educate CEOs on what’s business critical when it comes to security: • One-third of CEOs are still not regularly briefed on cyber security issues and related business risks; • Forty-three percent of management teams do not regularly receive security status reports; • Fifty-nine percent of respondents emphasised threat detection metrics as the most effective for measuring security programme effectiveness, yet 79 percent still provide compliance and audit findings to their CEOs and executive teams; • Executive visibility into security programme effectiveness varies by industry with the highest percentage of respondents in financial services (72 percent) and healthcare (70 percent) saying they regularly provide executives with reports and metrics; • 50 percent or less of respondents in manufacturing, hospitality, transportation and non-profit industries said that they regularly provide reports and metrics to their executive teams; “Compliance does not equal security. It can lull a CEO into a state of complacency because all it demonstrates is a simple checking of a box without context for responsible levels of information protection,” said John Worrall, chief marketing officer, CyberArk. “Security professionals are briefing executives on the wrong information. They need to arm their CEOs and executive teams with information that matters such threat detection and risk metrics versus compliance and system availability.” Is budget a barrier to effective cyber security? Improving IT security fundamentals is a critical step in improving an organisation’s overall security posture. The survey identified areas for improving organisational security: • Seventy five percent of respondents cited budgeting issues as the primary barrier to improving cyber security; • In the face of a growing cyber security skills gap, 53 percent cited the lack of expertise as a primary barrier; • Endpoint security and privileged account security were cited as the top two organisational security priorities over the coming year. “Increasingly it’s CEOs who own the security agenda – whether they want to or not. One of our goals with this survey was to identify specific gaps between IT security and executive teams and help drive productive conversations that prioritize enterprise security,” continued Worrall. “By providing greater visibility into how cyber security programmes are performing, and regularly communicating needs around budget and skills, IT professionals will gain the support of the executive team and in turn help their organisation become more proactive in protecting against advanced threats.” To help support the need for greater executive guidance and dialogue around critical cyber security decisions, CyberArk recently launched a new industry initiative, the CISO View. The CISO View provides a forum for the CISO community to share best practices and tangible guidance for building effective cyber security programmes. A new report, “The Balancing Act: The CISO View on Improving Privileged Access Controls,” features advice from a panel of CISOs from global 1000 enterprises about how to lead a comprehensive privileged account security programme including recommendations for getting executive buy-in, delivering metrics that matter, and measuring effectiveness of the controls. The report is available for free here. “The Gap Between Executive Awareness and Enterprise Security” survey was conducted by Dimensional Research. The study, commissioned by CyberArk, surveyed 304 global IT security professionals. The primary research goal was to capture hard data on visibility and support of security programmes at the executive level. In addition, researchers sought to determine which metrics are used to define security effectiveness. [su_button url=”http://www.cyberark.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about CyberArk[/su_button]

New CyberArk survey on security programme effectiveness Read More »

Important Social Media Marketing tips for small businesses

Important Social Media Marketing tips for small businesses In this interview I discuss the most important Social Media Marketing tips for small businesses at the business startup show. From taking information from this video, social media for small businesses is essential for growth of business. For small companies with not a massive budget it is key to pick one or two social media platforms to spread the word. For example, Twitter and Facebook are some examples of social media platforms that can provide you with access to send the content you need to send out. Content is essential! Making sure that you are using social media to send out content that will lure the eye of the readers is a hard task to do. So putting up good and interesting stories is very important when using social media.  

Important Social Media Marketing tips for small businesses Read More »

Jacksons Fencing help Eurotunnel provide a secure perimeter

Jacksons Fencing help Eurotunnel provide a secure perimeter Jacksons Fencing, one of the UK’s leading designers, manufacturers and installers of security fencing and access control systems, has successfully completed 8.5km of security fencing and associated gates at the Eurotunnel Terminal, Coquelles, France as part of the Anglo – French commitment to securing key parts of the site against illegal and dangerous migration activity. Located just 12.4km from the UK entrance to Eurotunnel in Folkestone and with a reputation for delivering certified and approved security fencing systems to other high profile sites of critical national importance, the family owned firm completed the project which included more than 40 pedestrian and vehicle gates over an eight week period, to meet a very challenging deadline. The initial project was for 5km of security fencing, the majority of which was originally specified to reinforce physical security measures already in place, while the remainder was to replace existing fencing. The contract was awarded to two principal contractors with Jacksons responsible for 3.3km. However, due to the changing and escalating nature of threat posed by people smugglers operating in and around the Channel Tunnel railhead in Coquelles, Jacksons Fencing has installed a total of 8.5km in four key locations within the site which has a 41.8km perimeter. The project involved Jacksons Fencing Contracts Manager, Steve Hancock, who oversaw the project from start to completion along with a 70 strong team, most of whom were based in Coquelles throughout the contract period. They were supported by Frederic Aubert, General Manager, Jacksons Clôtures, the company’s operation in France, who ensured the fast and accurate exchange of communication between the British workforce and French client. Peter Jackson, CEO of Jacksons Fencing commented; “I don’t believe that any of us involved in the higher end of the perimeter security industry subscribe to the idea of creating an ‘anti-immigration fence’ as it has been dubbed by some, but rather to providing a ‘protect and defend barrier’ which serves to keep everyone safe and Eurotunnel operating efficiently. Respective Governments have yet to arrive at a unified solution to the systemic causes for the global migration crisis. This new perimeter fencing is just one of many individual actions which collectively make a small but worthwhile contribution to help in what is a very real and ongoing humanitarian crisis and I’m proud that Jacksons has played its part in that.” [su_button url=”https://www.jacksons-security.co.uk/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about Jacksons Fencing[/su_button]

Jacksons Fencing help Eurotunnel provide a secure perimeter Read More »

Dallmeier’s DF5300HD Topline cameras

Dallmeier’s DF5300HD Topline cameras With the DF5300HD Topline Dallmeier presents new IP cameras with a high resolution of up to 3K High Definition. The cameras of the DF5300HD Topline series have been designed for applications that require high resolution in real-time and simultaneously a good light sensitivity. The most advanced sensor and encoder technology and the sophisticated image processing provide recordings with a resolution of up to 3K High Definition at excellent contrast, brilliant clarity as well as highest detail resolution and colour fidelity. Very good Low-Light characteristics The very good light sensitivity of the sensor and the sophisticated image processing ensure crisp colour images even in low lighting. In night mode, the cameras also provide outstanding results due to the very good infrared sensitivity. Automatic switching of presets The cameras are equipped with an ambient light sensor and a removable IR cut filter, and can automatically switch between day and night mode. In addition, different day and night presets for the exposure settings can be defined and adjusted. Motor-driven varifocal lens The cameras of the DF5300HD Topline series have a motor-driven megapixel varifocal lens that is perfectly tuned to the image sensor. The adjustment of zoom, focus and iris is made conveniently using a web browser. The manual lens setting directly at the installation site of the camera is not required. Precise iris control The P-Iris control provides precise and automatic setting of the optimum aperture. Thus, the cameras achieve a much better depth of field than with conventional DC auto iris lenses under almost any lighting conditions. EdgeStorage The cameras are equipped with a RAM memory that is used by the EdgeStorage function for storing the video stream in case of a network failure. When the network is restored, the SmartBackfill function ensures a fast transmission to the SMAVIA recording system. This stores the video stream with high speed and then continues the recording of the live stream seamlessly. Different housings The cameras are available with an integrated lens in a compact box housing or in a vandal-resistant dome housing. They can be conventionally supplied with an external power supply unit or conveniently with Power over Ethernet (PoE Class 0, IEEE 802.3af). [su_button url=”http://www.dallmeier.com/en/home.html” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about Dallmeier[/su_button]

Dallmeier’s DF5300HD Topline cameras Read More »

Visit WEC at Intersec 2016 | Stand S1-H35

Visit us at Intersec 2016 | Stand S1-H35 It has been another exciting year at WEC Group, and thanks to a number of large Middle East contracts in countries such as Dubai, Qatar, Saudi Arabia and Abu Dhabi, we have managed to grow our export sales by a further 30%. To build on our continuing success, we will once again be exhibiting at Intersec 2016 in Dubai, 17-19 January. We would be delighted to see you there to discuss your current project requirements. Our dedicated Export Team understand the demand for specific CCTV installation expertise in the global markets. WEC has over 30 years’ experience in the design, production and manufacturing of CCTV Towers supplying to some of the world’s leaders in CCTV Installations. We look forward to meeting you at our stand S1-H35 while attending Intersec 2016. Register for Intersec 2016 here. We look forward to seeing you at the show. Kind regards, John Whittle Export Manager CCTVExport@wecl.co.uk Telephone +44 (0)1254 773718 Mobile +44 (0)7733 228093   Download our export brochure Our brochure will be available on our stand at Intersec in January. For those of you who can not make it to the show, PDF copies can be downloaded here. We have a range of CCTV poles and towers specifically designed for the export market and ease of shipping. Download our export brochure   Recent export projects completed on time using multi model shipping methods Qatar Armed Forces – Qatari Al Udeied Air Base Jebal Ali Port Terminal Upgrade, Dubai Zawija Oil Refinery – Libya King Abdul Aziz Infrastructure Road Development – Saudi Arabia Port of Jersey Upgrade, St Helier, Jersey Jersey Airport, Passenger Terminal Upgrade, Jersey National Tire Distribution Centre – Mississauga, Ontario Canada Khailifa Port Terminal Upgrade – Saudi Arabia Samsung Office Development – Kuwait Balhaf Gas Freight Terminal – Republic of Yemen Honeywell CCTV Customer Solution Centre – Abu Dhabi Port of Salalah Upgrade – Oman   WEC CCTV Product Catalogue Our full catalogue includes images of some of our latest installations, as well as information on new products, and a product gallery section. A PDF copy can be downloaded by clicking the link below or please contact us for a copy by post. Download our product catalogue www.wec.uk.net cctvexport@wecl.co.uk     +44 (0)1254 773718    +44 (0)7733 228093 WEC CCTV | Camera Mounting Solutions Britannia House, Junction Street, Darwen, Lancashire, UK, BB3 2RB      

Visit WEC at Intersec 2016 | Stand S1-H35 Read More »

Scroll to Top