5 December 2023 - Security Buyer Magazine

Intersec: Attack Zone

Take a look at the Loss Prevention Certification Board (LCPB)’s attack zone at Intersec 2024, where market leading products are put to the test by specialists In an era where global security concerns are at the forefront, the world’s premier security, fire, and safety industry trade fair, Intersec, has partnered with the Loss Prevention Certification Board (LPCB). This collaboration marks a significant stride in promoting and supporting third-party approvals and certification of various security products, highlighting the global commitment to a more secure environment. The LPCB, a globally recognised certification body, has been a beacon of trust and reliability for over 150 years. A part of BRE, the LPCB has a long-standing tradition of collaborating with industry leaders and insurers since its inception in 1868. The board’s primary focus has been to establish and maintain standards that ensure fire and security products and services are effective and reliable. LPCB’s Loss Prevention Standards (LPS) have gained widespread recognition and application in the fire and security sectors globally, setting a high benchmark in the industry. A key feature of LPCB’s methodology is its robust testing and evaluation process, which forms the backbone of its third-party certification. This approach is exemplified in its forced entry testing, a procedure that has gained international acclaim for its rigor and effectiveness. Following its highly successful debut at Intersec 2023, the Live-Attack Zone, a dynamic and engaging feature, will make a return at Intersec 2024. The Live-Attack Zone offers a unique and educational experience, allowing visitors to witness first-hand the prowess and efficiency of a wide array of physical security products. LPCB’s forced entry specialists will be demonstrating these products in real time, providing invaluable insights into their capabilities. This feature not only showcases the strength and resilience of the products but also educates attendees on the importance and impact of certified security solutions. In addition to this interactive experience, Intersec 2024 will also introduce an exclusive, tailor-made, and cost-effective exhibiting option at the Live-Attack Zone pavilion. This initiative is designed to provide participants with an unparalleled platform to display their latest innovations and solutions in physical security. It represents a unique opportunity for industry players to engage directly with a global audience, showcasing their commitment to advancing security measures and technologies. This partnership between Intersec and the LPCB is more than just a collaboration; it’s a testament to the growing global emphasis on securing environments and protecting assets. By joining forces, they are setting new standards in the security industry, encouraging the development and implementation of high-quality, certified products that can withstand the challenges of modern threats. The significance of this partnership extends beyond the boundaries of the trade fair. It represents a collective effort by governments, industry leaders, and certification bodies worldwide to enhance security measures. This collaboration is a step forward in creating a safer world, demonstrating the power of unity and shared commitment in the face of evolving security challenges. As Intersec continues to lead the way in the security, fire, and safety industry, its alliance with the LPCB is a shining example of how collaboration and innovation can pave the way for a more secure future. The Live-Attack Zone at Intersec 2024 will not only be a highlight of the event but a symbol of the industry’s dedication to excellence and the relentless pursuit of a safer world. Read more exclusives and news in our latest issue here. Never miss a story… Follow us on: Security Buyer @SecurityBuyer @Secbuyer Media Contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Intersec: Attack Zone Read More »

Improving Medical Equipment Security

Industry Sectors, News Desk, Technology / Rebecca Morpeth-Spayne

The increasing mobility of equipment in the medical environment raises new cause for concern, especially when managing access to valuable or hazardous items, or the confidential data stored within. When using mobile medical equipment, making patient care supplies available when needed while protecting them against unauthorised access is a challenge. Pharmaceuticals, biologics and other valuable or hazardous medical materials stored within mobile carts and cabinets must be locked away when not in use to prevent theft and idle or malicious tampering. In addition, privacy concerns and enforcement of Health Insurance Portability & Accountability Act (HIPAA) regulations dictate that patient information, such as electronic medical records, must be accessible to only legitimate users. Furthermore, the COVID-19 pandemic has strained today’s healthcare facilities and resources. As they rapidly adjust their operations to care for the massively increased patient load, they have also worked aggressively to improve their infection control efforts to prevent the spread of the virus. These efforts include finding ways to safely secure, use and manage mobile medical equipment, such as carts and storage units utilized in their facilities. The need for both safety and security extends to individual patient rooms, which commonly have portable drawer units next to beds that patients can use to store valuable personal items, such as smartphones, laptop computers, purses and wallets. Electronic Access Solutions (EAS) that provide remote access control of intelligent electronic locks, offer a proven method for physically securing mobile medical carts and equipment. They also minimize the need to physically touch keypads and access panels through the use of electronic locks that can be actuated via Bluetooth-enabled smartphones and RFID cards, which can help limit the number of surfaces that are touched within the medical environment. Securing a Wide Range of Mobile Equipment In modern medical practice, efficiency is key. Newer technologies allow for mobility of medical equipment, allowing personnel to bring supplies and machines closer to patients, whether they are in the emergency room or an emergency vehicle. Mobile nursing stations, X-ray machines, sonograms, ventilators, cardiac and respiratory monitors, and other diagnostic machines are now both mobile and wirelessly networked into the hospital’s IT platforms. In addition, mobile carts are now regularly used to dispense medications; the drawers holding the medication must be secured while the carts are also wirelessly networked, allowing drug dispensing to be tracked and updated in real time. This mobility has been a key advantage recently, allowing hospitals and other healthcare facilities to reconfigure their operations and expand emergency and ICU wards to handle the expanded COVID-19 patient load. However, associated risks have increased with these changes: The systems are tied to networks and directly access patient information, creating a risk of HIPAA violation Drug carts that move around constantly contain pharmaceuticals, biologics, pain medication and other valuable or hazardous medical materials that must be strictly controlled and secured Valuable equipment and medical supplies are now mobile, so tracking where they are and managing who accesses and uses them is a key management challenge When combined with smartphone apps or RFID devices, concealed electronic locks and latches provide an effective solution for upgrading the security of existing carts, cabinets and workstations. In addition, a common challenge faced by many facilities is that valuable mobile equipment – like ventilators – is moved all over a facility, especially during periods of intense activity. In response, electronic access systems can provide ways for hospitals to keep track of these mobile assets. Electronic access systems are comprised of three basic elements: an electronic lock, digital credentials for user access, and a system for controlling and monitoring the access credentials. Another important element that must be considered is a system for manual access in the event of power failure. Consistent operation is dependent upon a high-quality, reliable, electronic lock. The associated access control system validates the user credential and signals the door or drawer to open providing access to pharmaceuticals or patient data stored inside. Once access is triggered by this electronic signal, a digital signature is created and archived for audit trail purposes. Electronic locks can be operated through a variety of access control user interface devices, such as digital keypads, Bluetooth controllers, RFID and biometric readers. Most hospitals and other medical establishments use personal RFID nametags to manage access to their buildings, secure storage areas and medical equipment. Since these systems are so well-established, they can be easily adapted for use in full-featured EAS solutions for mobile medical equipment and storage units. In some cases, hospitals and medical facilities have developed the impression that they would need to completely rebuild their ID cards, card reader hardware and hospital software to implement the latest versions of electronic access. However, there are platforms that offer incremental, costeffective ways to add EAS technology to existing medical carts and storage units. Some suppliers offer modular, electronic latching and locking mechanisms that can easily replace existing mechanical locks. These drop-in solutions incorporate electronic locks with detachable readers to allow for matching of existing user credential solutions. This can make it easier to add electronic locking mechanisms with RFID readers to a broad range of mobile medical equipment. The more sophisticated carts and equipment have computers onboard that link wirelessly to the hospital’s network and servers. The EAS software package to manage permissions and provide the audit trail ensures that the right medical personnel – and only those personnel – use the equipment or access drug carts during each shift. This capability includes tight control and tracking access; only certain nurses and other staff with permission to access a drug cart would be able to do so and only for a designated shift. The real benefit of an effective equipment access control system comes from the ability to allow various personnel within a hospital to have access only to the equipment that pertains to their specific responsibilities and level of authority. In a hospital environment, this can change regularly, so having an efficient means of managing this access remotely is essential. Growth of “Touchless”

Improving Medical Equipment Security Read More »

Antoine Harb_Team Leader Middle East_Kingston Technology. (1)

Healthcare entities and employees ‘must overcome cybercrime’

Industry Sectors, Middle East Exclusives, Technology / Rebecca Morpeth-Spayne

Boasting world-class data protection capabilities has never been more essential for companies across industries. While tremendous cyber security advancements have been made, unprecedented transformation has inadvertently instigated significant rises in ransomware attacks. Select sectors and organisations within are strategic targets now more than ever – and healthcare is a primary area of interest to hackers. Kingston Technology, an affiliate of Kingston Technology Company, Inc., a world leader in memory products and technology solutions, is calling on healthcare entities to enhance their preparedness and prevent unauthorised access to confidential information. With the collective healthcare community experiencing a sharp increase in breach attempts, Kingston Technology insist that the very latest hardware encrypted products can prove invaluable for safeguarding Protected Health Information (PHI). “Cybercrime is one of the most pressing and concerning issues healthcare must manage and overcome – now and in the future,” explained Antoine Harb, Team Leader, Middle East and North Africa, Kingston Technology. “New threats are emerging continuously and the sector has never been under greater pressure to prevent breaches. Hackers have identified the value of compromised healthcare data. The volume of attacks is increasing substantially and this is major cause for concern. “However, healthcare entities are well aware of the potential legal and reputational consequences should PHI be compromised,” explained Antoine Harb, Team Leader, Middle East and North Africa, Kingston Technology. “From the very top levels of leadership down, we see a real determination to repel these threats, which is warranted and prudent given the cost implications of failing to meet data protection rules, regulations, and requirements.” For healthcare entities, the reality is clear: PHI must be protected at all costs. The 2023 IBM Cost of Data Breach Report provided a stark illustration of the consequences should PHI be compromised, highlighting the average cost of a healthcare data breach globally reached $10.93 million in 2023. This was the highest among all industries and represents a drastic increase of 53.3% in just three years. In the Middle East, the cost implications are not far behind, reaching $9.186 million this year. This is higher than regional record-high average of $8 million including all sectors. “While critical to the sustainable operation of all healthcare facilities, PHI is in high demand on the black market,” continued Harb. “Breaching hospital or other healthcare facility systems and acquiring such sensitive and classified information represents an opportunity for malicious actors to receive significant sums of money and meet their cyber-business objectives. As a result, cyber attacks are on the rise. They are being experienced with record frequency and adequate protection is a non-negotiable necessity.” A standout example highlighting the need for adequate projection transpired in 2021 when the Dubai Moorfields Eye Hospital experienced a cyberattack. Ransomware group ‘AvosLocker’ claimed responsibility after 60GB of data was stolen, compelling the hospital to contact affected patients as various forms of PHI were decrypted. However, fast-forward to 2023 and many healthcare entities could experience similar infringements given outdated security measures. Earlier this year, a credible report found that 72% of top hospitals in the UAE and Saudi Arabia are falling behind on basic cybersecurity measures, with only 28% boasting the required level of protection[1]. Furthermore, the professionals within healthcare facilities are also liable for safeguarding PHI. As per the Health Insurance Portability and Accountability Act of 1996 (HIPAA), they are bound by law to protect PHI from being disclosed without patient knowledge or consent. Aside from criminal penalties including prison sentences and/or substantial fines when disclosed intentionally, violating HIPPA rules and regulations unintentionally can also be costly. For instance, a maximum fine of $25,000 per year can be issued if an individual was unaware that they were committing a violation. Kingston Technology is adamant in its stance that password-protected, hardware-encrypted USB drives are the best, most secure method for meeting data protection regulations and operating with world-class data defense. Forged to be secure, the company’s Kingston IronKey product line caters to healthcare entities of all kinds – ensuring the necessary protection to dispel cyberattacks. Among those most prudent for healthcare sector organizations is the Kingston IronKey D500S hardware-encrypted USB flash drive, which features flagship military-grade security that makes Kingston IronKey the trusted brand to safeguard classified information. A complete security solution for high-value data protection, data is encrypted and decrypted on the D500S without any trace left on the host system and offers more features than any other drive in its class. Others include drives from the Kingston IronKey Keypad 200 series, which are OS-independent, hardware-encrypted USB Type-A and USB Type-C drives with an alphanumeric keypad for easy-to-use PIN access. The KP200 incorporates XTS-AES 256-bit hardware-based encryption and boasts enhancements that further raise the bar for data protection. Its circuitry is covered by a layer of special epoxy that makes it virtually impossible to remove components without damaging them, and the drive is designed to be tamper-evident to alert owners. “Healthcare entities and their employees must protect the data they are entrusted with,” added Harb. “Whether intentionally or accidentally, failure to meet this requirement can entail severe repercussions, which can be avoided with assistance for the latest innovations available on the market.” Read more exclusives and news in our latest issue here. Never miss a story… Follow us on: Security Buyer @SecurityBuyer @Secbuyer Media Contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Healthcare entities and employees ‘must overcome cybercrime’ Read More »

Veeam Promotes Tim Pfaelzer

Middle East News Desk / Rebecca Morpeth-Spayne

Veeam® Software, provider in Data Protection and Ransomware Recovery, has announced the promotion of Tim Pfaelzer as General Manager and Senior Vice President of Europe, Middle East, and Africa (EMEA). He is responsible for Veeam’s business operations across all segments and markets across the region. Pfaelzer has been with Veeam since July 2021 and most recently held the position of Vice President, Enterprise, EMEA. Tim has spent more than 20 years in the IT industry, including senior management roles at Dell and various positions at Adobe, Autodesk, and Salesforce. Based in Germany, Tim brings his vast experience in business development, marketing, sales leadership, and general management to the Veeam team and its customers and partners across the region. “At a time when the success of every organization across EMEA depends on the availability of their critical business data, it’s essential that they are prepared to not just bounce back from an outage or data loss, but to bounce forward,” said Pfaelzer. “Veeam is leading the data protection of customers in EMEA thanks to the combination of industry-leading innovation with an outstanding team of people and partners across our business. We’re helping more EMEA customers keep their business running by bringing the industry’s broadest set of data protection and ransomware recovery capabilities to every company. I’m looking forward to working with all our customers and partners to ensure we build a safer future for every organization.” “At Veeam, we believe in developing great talent and promoting great leaders from within. Tim is a great example. He has been critical to the growth of our business across EMEA. He is an accomplished leader who puts the needs of our customers and partners at the center of everything we do,” said John Jester, Chief Revenue Officer (CRO) at Veeam. “This promotion is recognition of the incredible work he’s been doing across the region, and I know I speak on behalf of our global team when I say I’m excited to support him as he leads our continued expansion across EMEA.” Veeam delivered consistent, double-digit revenue growth year-over-year (YoY) and was recently ranked once again with 20.5% of the region’s market share as EMEA’s #1 provider of Data Replication & Protection software for 2023H1 in the latest International Data Corporation (IDC) Semiannual Software Tracker. Veeam had the fastest YoY growth rate in the region among the top five DR&P vendors at 7.5% and outperformed the regional market average (6.1%). Read more exclusives and news in our latest issue here. Never miss a story… Follow us on: Security Buyer @SecurityBuyer @Secbuyer Media Contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Veeam Promotes Tim Pfaelzer Read More »