Search

risk

Middle East

Security Management and risk in the UAE

Middle East Exclusives /

Rebecca Spayne, Managing Editor of Security Buyer looks at effective security management in commercial environments, comprehensive risk assessment and response strategies  Effective security management in commercial environments is crucial for safeguarding assets, ensuring employee and visitor safety, and maintaining operational continuity. This article provides a detailed examination of best practices in risk assessment and response strategies, emphasising the importance of an integrated approach. Additionally, it highlights specific security solutions from leading manufacturers that enhance these practices.  Comprehensive Threat Analysis  Understanding the potential threats to a commercial environment is the first step in effective security management. Threat analysis involves identifying both internal and external sources of potential security breaches. Internal threats can include employee theft, fraud, or misconduct, while external threats might involve burglary, vandalism, or cyber-attacks. Environmental hazards, such as natural disasters or accidental fires, must also be considered.  A thorough threat analysis requires a multi-faceted approach. This includes reviewing historical data on security incidents, consulting with security experts, and staying updated on emerging threats. According to a report by Mordor Intelligence, the Middle East commercial security market is projected to grow at a compound annual growth rate (CAGR) of 7.2% from 2023 to 2028. This growth is driven by increased investment in security technologies and infrastructure, highlighting the importance of a robust threat analysis in anticipating and mitigating these threats.  Regular Vulnerability Assessments  Conducting regular vulnerability assessments is essential for identifying weaknesses in the security infrastructure. These assessments should evaluate physical security measures, such as access control systems and surveillance equipment, as well as cybersecurity protocols.  Physical security assessments might involve checking the integrity of locks, gates, and barriers, ensuring that surveillance cameras are positioned correctly and functioning properly, and verifying that alarm systems are operational. Cybersecurity assessments should focus on identifying vulnerabilities in the network infrastructure, such as outdated software, weak passwords, and insufficient encryption. A survey by IBM found that the average cost of a data breach in the Middle East was $6.53 million in 2023, emphasising the critical need for regular vulnerability assessments to prevent such costly incidents.  Risk Prioritisation  Once threats and vulnerabilities have been identified, it is important to prioritise them based on their potential impact and likelihood of occurrence. This process involves assessing the severity of each threat, considering factors such as the potential for loss of life, financial impact, and damage to the organisation’s reputation.  By prioritising risks, security managers can allocate resources more effectively, focusing on the most significant threats. This approach ensures that critical vulnerabilities are addressed promptly, reducing the overall risk to the organisation. The 2023 Global Risk Report by the World Economic Forum highlights that cyberattacks on critical infrastructure and the potential for geopolitical instability are among the top risks faced by organisations today, underscoring the importance of risk prioritisation in security management.  Scenario Planning  Developing and simulating different threat scenarios is a key component of effective risk management. Scenario planning involves creating detailed plans for responding to various types of security incidents, from minor breaches to major emergencies.  Scenario planning should include both tabletop exercises and full-scale drills. Tabletop exercises involve discussing hypothetical scenarios in a controlled environment, allowing team members to explore different response options and identify potential weaknesses. Full-scale drills simulate real-world incidents, providing an opportunity to test the response plan under realistic conditions. The Federal Emergency Management Agency (FEMA) in the United States suggests that regular drills can improve response times by up to 40%, highlighting their effectiveness in preparing for actual incidents.  Incident Response Planning  A detailed incident response plan is essential for managing security incidents effectively. This plan should outline specific actions to be taken in the event of different types of security breaches, including communication protocols, roles and responsibilities, and recovery procedures.  The incident response plan should be based on the results of the threat analysis, vulnerability assessments, and scenario planning. It should include clear instructions for notifying relevant authorities, securing the affected area, and conducting a thorough investigation.  Communication is a critical component of incident response. The plan should include procedures for notifying employees, customers, and other stakeholders about the incident, as well as guidelines for interacting with the media. Clear and timely communication helps to maintain trust and minimise confusion during a security incident. According to a study by the Ponemon Institute, organisations with an effective incident response plan reduce the cost of a data breach by an average of $2 million…. Read more in our latest issue here. Never miss a story… Follow us on: Security Buyer  @SecurityBuyer  @Secbuyer Media Contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Security Management and risk in the UAE Read More »

Genetec

Genetec physical security report

Middle East News Desk /

Genetec, a technology provider of unified security, public safety, operations, and business intelligence solutions, shared the results of its state of the industry report. Based on insights from over 2,000 physical security leaders from around the world, the report looks at how the role of physical security continued to evolve in 2021 as organisations adapted to changing conditions. The changing role of physical security Physical security continues to evolve from being seen as a tool for mitigating risk, to playing a much more significant role in organisations’ digital transformation. The survey showed that more than two-thirds (69%) of respondents described physical security and related data as “mission-critical”. Larger organisations in particular are increasingly seeing value in the data gathered by their physical security systems with over 46% saying they use their security systems as a way to “improve overall business efficiency, productivity and asset optimisation”. Several survey respondents commented that they intended to invest in data management solutions to advance or improve the functionality of their physical security environment in the coming 12 months. The survey revealed that an increasing percentage of organisations (36%) are investing in unified solutions to enable the ease of maintenance, visibility, and data collection across all their systems to improve functionality and operations. This compares to 31% in the 2020 survey. Over half of all respondents (51%) also said they had invested in video analytics to improve the functionality of existing deployments and digitally transform their business processes. “Before the pandemic, physical security’s role in business intelligence and operations was already growing, but over the last two years, it has proven to be a strategic asset in coping with a variety of challenges,” said Pervez R. Siddiqui Vice President, Offerings and Transformation at Genetec. “As we emerge from the pandemic, organisations will contend with three undercurrents; changes in the physical dimension of work as workspaces evolve into hubs for collaboration and cohesion, workflow automation of the mundane in a bid to drive productivity and retention, and board-level interest in achieving operational resilience through integrated risk management.” An accelerated move to the Cloud With the pandemic forcing restricted access to physical sites, cloud-based solutions that enable organisations to remotely monitor video, control cameras, assess system health, perform maintenance, and update firmware/software have become invaluable. To read more exclusive features and latest news please see our Q4 issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Genetec physical security report Read More »

Teledyne

Teledyne FLIR introduces Neutrino SX8 Mid-Wavelength Infrared Camera Module

UK News Desk /

Teledyne FLIR, part of Teledyne Technologies Incorporated, introduced the Neutrino SX8 mid-wavelength infrared camera module and four additional Neutrino IS Series models designed for integrated solutions requiring HD MWIR imagery with size, weight, power, and cost constraints for commercial, industrial, defense original equipment manufacturers, and system integrators. Based on Teledyne FLIR HOT FPA technology, the Neutrino SX8 offers high performance, 1280×1024 HD MWIR imagery for ruggedized products requiring long life, low power consumption, and quiet, low vibration operation. The SX8 and the Neutrino IS series models are ideal for integration with small gimbals, airframes, handheld devices, security cameras, targeting devices, and asset monitoring applications. Reduced time-to-market and development risk The latest additions to the Neutrino MWIR camera portfolio continue to provide shortened time-to-market and reduced project risk with off-the-shelf design and delivery. Teledyne FLIR also provides highly qualified technical services teams for integration support and expertise throughout the development and design cycle. All the cameras and solutions in the Neutrino series are classified under US Department of Commerce jurisdiction as EAR 6A003.b.4.a and are not subject to International Traffic in Arms Regulations. Neutrino IS products include a Teledyne FLIR CZ lens integrated with a Neutrino SWaP Series camera module. All four models using the Neutrino LC and two models using the Neutrino SX8 provide crisp, long-range MWIR imaging. The purpose-designed, factory-integrated CZ lenses and MWIR camera modules provide performance, cost, schedule, and risk benefits unmatchable by other camera or lens suppliers.   To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitynewsdesk.com

Teledyne FLIR introduces Neutrino SX8 Mid-Wavelength Infrared Camera Module Read More »

Kroll Annual Global Fraud and Rise Report reveals a significant increase in reported fraud and risk incidents in UK businesses in 2016

News Desk /

UK businesses are at or near the top of the global table for reporting fraud, cyber and security incidents, according to executives surveyed for the 2016/17 Kroll Annual Global Fraud and Risk Report. The vast majority (90%) of UK participants said they had been affected by fraud in the past 12 months, a significant increase on the 74% of UK businesses reporting incidents of fraud in the 2015 report and much higher than the current global average of 82%. The only country to report a higher incidence of fraud was Colombia (95%). Executives in the UK also reported the second highest rate of cyber incidents (92%) after Colombia (95%), again much higher than the global average of 85%. Virus and worm infestations were the most common cyber incidents reported, in line with most other countries. The second biggest type of cyber incident reported was insider theft of customer or employee data – and at 27% of companies this was much higher in the UK than in other regions. Similar to respondents in other countries, those in the UK said customer records were the most likely target and that ex-employees were the most likely perpetrators of cyber incidents. Along with respondents in the Middle East, those in the UK experienced the highest rate of security incidents in the past year. The majority (82%) said their company had been affected by a security incident, 13% higher than the global average. Tommy Helsby, Co-Chairman, Kroll Investigations & Disputes, commented: “This year’s Kroll Global Fraud and Risk Report shows that it’s becoming an increasingly risky world, with the largest ever proportion of companies across the board reporting fraud and similarly high levels of cyber and security breaches. “One reason for the growth in reported incidents by UK organisations could be that companies are simply more aware of their responsibilities and vulnerabilities and have now accepted that managing and reporting fraud, cyber and security incidents is part of ‘‘business as usual’’. Indeed, executives from the UK were more likely to feel highly vulnerable to a wide range of incidents than respondents in other countries around the world. “However, it’s clear that as well as recognising the risks, UK organisations need to have systemic processes in place to prevent, detect and respond to fraud, cyber and security risks if they are to avoid reputational and financial damage.” Global results Despite widespread concerns about external attacks, the findings reveal that across all regions, the most common perpetrators of fraud, cyber and security incidents over the past 12 months were current and former employees. Six out of ten respondents (60%) at companies that suffered from fraud identified a combination of perpetrators that included current employees, former employees, and third parties, with almost half (49%) involving all three groups. Junior staff were cited as key perpetrators in two-fifths (39%) of fraud cases, followed by senior or middle management (30%) and freelance or temporary employees (27%). Former employees were also identified as responsible for 27% of incidents reported. Overall, 44% of global respondents reported that insiders were the primary perpetrators of a cyber incident, with former employees the most frequent source of risk (20%), compared to 14% citing freelance or temporary employees and 10% citing permanent employees. Adding agents or intermediaries to this “insider” group as quasi-employees increases the proportion of executives indicating insiders as the primary perpetrators to a majority, 57%. Over half of respondents (56%) said insiders were the key perpetrators of security incidents, with former employees again the most common of these (23%). Fraud and security concerns impact overseas expansion Over two-thirds (69%) of global executives say their companies have been dissuaded from operating in a particular country or region due to fraud concerns and just under two-thirds (63%) because of security threats. The road to resilience While insiders are cited as the main perpetrators of fraud, they are also the most likely to discover it. Almost half (44%) of respondents said that a recent fraud had been discovered through a whistleblowing program and 39% said it had been detected through an internal audit. Indeed, three in four respondents indicated that their companies (76%) have adopted employee-focused anti-fraud measures such as staff training or whistleblowing hotlines. 82% of respondents have adopted anti-fraud measures focusing on information such as IT security or technical countermeasures, and 79% have implemented physical security measures. The most commonly reported cyber risk mitigation action was conducting in-house security assessments of data and IT infrastructure, implemented by 76% of the survey respondents’ companies.

Kroll Annual Global Fraud and Rise Report reveals a significant increase in reported fraud and risk incidents in UK businesses in 2016 Read More »

Fighting insider fraud: minimising risk of call centre employees

UK News Desk /

Fighting insider fraud: minimising risk of call centre employees With so much sensitive payment information flowing through a typical contact centre every day, Matthew Bryars, CEO of Aeriandi explores the growing risk of fraud from an organisation’s own employees and what can be done to minimise it. We live in an age where the topic of data security is barely out of the news. Many organisations live and die by their ability to keep our data safe, which is why billions of pounds a year are spent on doing just that. However, a chain is only as strong as it’s weakest link and for many organisations, the humble contact centre can be an often-overlooked vulnerability that ends up being its downfall. One of the main reasons is the close proximity between sensitive payment data and contact centre agents operating in a chaotic environment that often suffers from lax security measures. It can be a recipe for disaster. Furthermore, it’s made worse by the growing threat coming from organised criminal gangs looking to capitalise on this vulnerability in a variety of different ways. According to the UK’s Fraud Prevention Service, CIFAS, the number of confirmed contact centre insider fraud incidents is rising fast. In 2012 it leapt by 126 percent and in 2014 CIFAS announced members had reported 48 cases of employees unlawfully accessing or disclosing customer data – with over 129,500 cases of identity-related fraud also being reported. Bare in mind, this is just reported cases, the true scale of insider contact centre fraud could well be much higher as many cases go unreported or unnoticed. So why is the contact centre becoming an increasingly attractive target for fraudsters? In part it’s due to advances in security technology such as Chip & PIN and 3D Secure making many payment channels safer than ever for consumers. Greater security in online and face-to-face channels means criminals are forced to look for new paths of lower resistance. The traditional contact centre, in which huge volumes of Card Not Present (CNP) transactions are processed, and where customers divulge their payment card details to agents over the phone, is increasingly being seen as one such path. A growing issue Of course, insider fraud isn’t a new phenomenon. In 2006, BBC Newsnight Scotland found that one in 10 of Glasgow’s financial call centres had been infiltrated by criminal gangs, either by planting their own members inside, or coercing current employees to pass on sensitive customer information. More recently, CIPHER (an independent security auditor and Quality Security Assessor) was asked by a bank to investigate the unauthorised use of credit card details. It found a contact centre employee was entering the building outside their normal shift pattern and using a co-worker’s computer to access customer card details. It later transpired this employee was part of an organised crime gang that had compromised over 15,000 credit cards in this manner. This highlights another key issue with insider threats – a single insider with access to the right systems can steal a significant amount of sensitive information in a very short time. As such, this is not an issue that any organisation can afford to ignore. Combatting the criminals Compliance with the Payment Card Industry Data Security Standard (PCI-DSS) goes a long way to improving security within an organisation’s estate. There are various ways to achieve compliance but one of the most cost effective is to use secure phone payment technology to ensure sensitive card information never enters the contact centre environment in the first place. Instead, payments are routed via a secure payment platform, meaning agents can see the transaction is taking place but crucially, have no visibility of the customer’s sensitive card numbers or data. With no sensitive data taken, processed or stored on site, the risk of insider fraud is completely removed and the agents themselves are protected from potential criminal coercion. Secure payment systems can also boost customer confidence as they no longer need to verbally hand their details over to anyone. Furthermore, without any data on site, the contact centre’s obligations with regard to PCI-DSS are significantly reduced. Don’t be left counting the cost The costs of internal fraud can be extremely high – aside from the sanctions and financial penalties imposed by regulators, often it is the associated reputational damage that organisations never recover from. The irony is that organisations need not take any risk at all with payment card data. Secure phone payment solutions can completely eliminate the need for this information to enter the contact centre environment at all, making them a far less appealing target for criminals and removing the associated risks to the organisation. [su_button url=”https://www.aeriandi.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]For more on Aeriandi click here[/su_button]

Fighting insider fraud: minimising risk of call centre employees Read More »

Copyright notice This website and its content is copyright of Security Buyer – © Hand Media International LTD 2021. All rights reserved. Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following: you may print or download to a local hard disk extracts for your personal and non-commercial use only you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

Scroll to Top