Advertisement
Advertisement
Home Blog

Security Solutions Issue 115 Out Now!

In Security Solutions Issue 115, we look at the role of the private security industry in Australia’s national counter-terrorism plans. We also discuss strategies to help identify insider threats, examine whether or not prisons are fertile recruiting grounds for terrorist groups and explore ways to demonstrate the value of an effective cyber security strategy to the company board.

Check out the latest issue today and subscribe!

Ukraine’s State Service of Special Communications and Information Protection selects Radware for cloud and application security services

Radware®, a leading provider of cyber security and application delivery solutions, today announced that Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) is using Radware’s Cloud DDoS Protection and Cloud Web Application Firewall (WAF) Services as pro-bono technical assistance to increase its cyber defenses in the face of aggressive and persistent cyber attacks.

Ukraine’s SSSCIP is tasked with protecting state information resources.

In parallel with Russia’s physical invasion of Ukraine, the world was exposed to modern warfare. As Russian troops entered Ukraine, regional DDoS and application attacks followed, targeting Ukraine’s communications systems, web applications, and other infrastructures.

With nation-state threat actors and other hackers launching volumetric attacks across multiple and emerging DDoS and web attack vectors, Ukraine’s SSSCIP team chose Radware for a comprehensive threat detection and mitigation solution to protect a number of critical governmental web-services.

“It’s our top priority to protect the IT infrastructure in Ukraine,” said Victor Zhora, the deputy chief of Ukraine’s SSSCIP. “Radware has helped us shield our networks, protect our applications, and bolster the resilience of our IT infrastructure.”

“With cyber playing a bigger role in international conflicts, the internet has become its own battle ground,” said Yoav Gazelle, Radware’s chief business officer. “Designed to ready organizations against emerging threats, our real-time mitigation solutions and emergency response teams work 24X7 to detect and automatically block the most sophisticated attacks, including zero-day and unknown DDoS attacks.”

Vendor impersonation overtakes CEO fraud in email attacks – Abnormal Security reports

Abnormal Security, the cloud-native email security platform, have announced the release of new research that showcases a rising trend in financial supply chain compromise as threat actors impersonate vendors more than ever before.

In January 2022, the number of business email compromise (BEC) attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations in each month since. In May 2022, external, third-party impersonation made up 52% of all BEC attacks seen by Abnormal, while internal impersonation fell to 48% of all attacks. Just one year prior, internal impersonation accounted for 60% of all attacks—marking a 30% year over year increase in third-party impersonation.

Financial supply chain compromise is a subset of business email compromise in which cybercriminals take advantage of known or unknown third-party relationships to launch sophisticated attacks. The goal is to use the legitimacy of the vendor name to trick an unsuspecting employee into paying a fraudulent invoice, changing billing account details, or providing insight into other customers to target. These tactics are increasingly dangerous, with one attack stopped by Abnormal requesting $2.1 million for a fake invoice.

Throughout the report, Abnormal dives into four known types of financial supply chain compromise—vendor email compromise, ageing report theft, third-party reconnaissance, and blind third-party impersonation—each with varying degrees of sophistication. Whereas a vendor email compromise attack requires the threat actor to understand business relationships and financial transaction schedules, a blind third-party attack simply leverages traditional social engineering tactics to request payments using pretexts like impending legal actions. While all four types of attacks have seen success, those that use legitimate compromised accounts are extremely difficult to detect and can be disastrous to the companies they target.

“While financial supply chain compromise is not new, the increase in using third-party impersonation tactics is worrisome,” states Crane Hassold, director of threat intelligence at Abnormal Security. “Our threat intelligence team has discovered increasingly sophisticated attacks that are nearly impossible for legacy systems or end users to detect, particularly because they come from real vendor accounts, hijack ongoing conversations, and reference legitimate transactions.”

According to the FBI, business email compromise has exposed organisations to $43 billion in losses over the past six years, and real losses continue to grow year over year, making up 35% of all losses to cybercrime in 2021 alone. This new trend is just one example of the increasing sophistication of these modern email threats, and how cybercriminals continue to evolve and optimise their strategies for success. As employees become more aware of traditional BEC attacks that rely on executive impersonation, threat actors have successfully started to impersonate other entities—often with larger degrees of success.

Said Hassold, “This shift to financial supply chain attacks is another important milestone in the evolution of threat actors from low-value, low-impact threats like spam to targeted high-value, high-impact attacks. And because they are successful, we expect that this external impersonation will continue to rise as a percentage of all attacks, ultimately dominating the BEC landscape for the foreseeable future.”

So why does this shift in attacker behaviour matter? For one, it means the ultimate victims of financial supply chain attacks are not in control of the initial compromise, which makes it more important than ever for companies to maintain a robust understanding of their supply chain. To solve this problem, Abnormal Security uses unique AI ​​to precisely baseline good behaviour across internal and external identities and communications. The proprietary VendorBase technology identifies all vendors in a customer’s ecosystem to understand individual risk level, using a federated database across all Abnormal customers. By recognising when a vendor may have a high risk of fraud, Abnormal knows when an email should be more heavily scrutinised for malicious activity, effectively preventing all forms of financial supply chain compromise.

To learn more about financial supply chain compromise and download the full report, please visit https://abnormalsecurity.com/resources/financial-supply-chain-compromise

Aqua Security collaborates with CIS to create first guide for software supply chain security

Pure-play cloud native security provider Aqua Security, and the Center for Internet Security (CIS), an independent, non-profit organisation with a mission to create confidence in the connected world, have released the industry’s first formal guidelines for software supply chain security.

Developed through collaboration between the two organisations, the CIS Software Supply Chain Security Guide provides more than 100 foundational recommendations that can be applied across a variety of commonly used technologies and platforms.

In addition, Aqua Security unveiled a new open source tool, Chain-Bench, which is the first and only tool for auditing the software supply chain to ensure compliance with the new CIS guidelines.

Although threats to the software supply chain continue to increase, studies show that security across development environments remains low. The new guidelines establish general best practices that support key emerging standards like Supply-chain Levels for Software Artifacts (SLSA) and The Update Framework (TUF) while adding foundational recommendations for setting and auditing configurations on the Benchmark-supported platforms.

Within the guide, recommendations span five categories of the software supply chain, including Source Code, Build Pipelines, Dependencies, Artifacts and Deployment (link to blog with overview).

CIS intends to expand this guidance into more specific CIS Benchmarks to create consistent security recommendations across platforms. As with all CIS guidance, the guide will be published and reviewed globally. Feedback will help ensure that future platform-specific guidance is accurate and relevant.

“By publishing the CIS Software Supply Chain Security Guide, CIS and Aqua Security hope to build a vibrant community interested in developing the platform-specific Benchmark guidance to come,” said Phil White, benchmarks development team manager for CIS.

“Any subject matter experts who develop or work with the technologies and platforms that make up the software supply chain are encouraged to join the effort in building out additional benchmarks. Their expertise will be valuable to establishing critical best practices to advance software supply chain security for all.”

To date, the guide has been reviewed by experts at CIS, Aqua Security, Axonius, PayPal, CyberArk, Red Hat, and other leading technology firms.

To support organisations adopting the CIS guidance, Aqua released Chain-Bench. Chain-Bench scans the DevOps stack from source code to deployment and simplifies compliance with security regulations, standards, and internal policies to ensure teams can consistently implement software security controls and best practices.

“Building software at scale requires strong governance of the software supply chain, and strong governance requires effective tools. This is where we saw an opportunity to add value,” said Eylam Milner, Director Argon Technology, Aqua Security.

“We wanted to leverage our expertise in software supply chain security to help build critical guidance for one of industry’s most pressing challenges, as well as a free, accessible tool to help other organisations adhere to it. The work doesn’t stop here. We will continue working with CIS to refine this guidance, so that organisations worldwide can benefit from stronger security practices.”

To learn more about the CIS Software Supply Chain Security Guide, visit the CIS WorkBench. To download Chain-Bench, visit GitHub.

Changing the cyber security conversation for Australian SMBs

While businesses generally have some awareness of cyber security risks, we often see smaller businesses think of themselves as inconsequential targets compared to larger organisations with more assets and financial wealth.

The reality is that there’s no correlation between business size and risk. In fact, small businesses are an as big – if not a bigger – cyber security target because they are perceived as easier to compromise, and while the payoff may not be as big, it’s still large enough to hurt. The average cost of an incident to a small business is about $9000, and that only covers the incident response, not ongoing costs such as remediation and market or reputation damage.

Most of the time, the amount of focus and investment Australian SMBs give to cyber security corresponds to direct or third-party exposure to the risks. We tend to find businesses relying on direct or indirect knowledge of another business/industry close to them being breached.  Less commonly, some businesses have a staff member who has knowledge of cyber security threats and is convinced of the benefit in conducting a risk assessment, risk reduction or threat mitigation exercise and becomes the primary reason that their organisation will act and invest in cyber security.

However, a broader discussion on cyber security has started to take place among Australian SMBs. The catalyst for this shift is the Australian Government, which is offering credits and tax offsets for SMBs to invest particularly in “cyber security systems” and other digital tooling.

Since the measure was unveiled in the 2022-23 Budget, we’ve seen a marked increase in the amount of cyber security discussions. The tax offset removes the cost of entry to cyber security as being a potential barrier. It encourages and rewards small businesses that take cyber security seriously.

It also shows small businesses that they should be investing in cyber security, and that it can no longer be deprioritised. When the Government raises cyber security of SMBs as an issue, and puts funding behind mitigating it, this acts as a strong signal for business as they set priorities for 2022 and beyond.

Making the first move: an independent assessment

One at a time, as SMBs start to take up the offer of cyber security investment assistance, they have the capability to be able to offset the cost of implementing these protective services that they potentially wouldn’t have accessed before.

But how they approach the space, where they may have limited or no internal domain expertise, can be challenging.

We’re seeing a lot more small businesses seek an independent cyber security assessment to understand where they stand now and how their newfound budget can be best spent.

What they are most keen to understand is their current state of play and where their cyber security risks are. It is likely that Australian SMBs will baseline themselves against key standards such as the CIS Top 18 cyber security controls or – closer to home – the Essential Eight controls written by the Australian Signals Directorate. Both have traditionally provided guidance and ‘north star’ goals for all businesses that are investing to improve cyber security postures. They also make useful baseline measures for SMBs, as all businesses can equally benefit from the application of best practices to whatever discipline or domain they are working in.

Given SMB budgets are still going to be small, regardless of Government assistance, it is very likely that the result of these assessments will drive SMBs to consume a mix of managed cyber security services. The exact mix will depend on the outcome of the assessment, but managed services generally are the most cost-effective way to access otherwise high-end levels of protection, avoiding significant upfront outlay while also leveraging the expertise of the managed service provider and the vendor whose technology is used.

The combined efforts of all parties involved will act as a force multiplier for the security posture of individual Australian SMBs, and for the sector generally.

 

 

 

Tactical Options – Strategic Response to Resistance

The objective for officers in a confrontation is safety and control. Tactical options models were developed to provide officers with reasonable guidance in determining the proper response in relation to subject actions, a mechanism for explaining the level of response and the circumstances under which it was exercised. They provide public safety administration with a realistic means of evaluating appropriate response and a means of documenting that option.

Though the actual specifics of force response varies between states (and countries), the general principles remain the same – officers may respond with what they believe is reasonably necessary in the circumstances to achieve their lawfully justified objective. The physical process of arrest occurs after control has been achieved. Force must cease when control has been affected, as the use of force on a subject who is already under control exceeds prevailing standards of professional conduct.

The concept of reasonableness relates to what the common person would deem appropriate if they were in a similar situation and circumstances. An element of belief on reasonable grounds is that officers can justify their reasoning that lead to their actions (subjective test), and that their reasoning was sound (objective test). They should also take into account the proportionateness of their response, which relates to the objective, circumstances of the incident and the recipient use of force by the subject. A key element is that officer response is not excessive or extreme.

An important factor is the requirement for responding with force in the first instance. Officers must reasonably believe and demonstrate that the use of force is necessary to achieve their objective relative to the circumstances and other plausible choices e.g. negotiation, disengagement, etc.

An understanding of tactical options in conjunction with lawful force guidelines helps officers make correct operational choices, with plausible justification for self defence (force used with lawful reason) and avoid the possibility of committing assault (force used without lawful reason).

Tactical Options

Tactical options are expressed in terms of subjective resistance that motivate officer response, within lawful parameters and agency guidelines.

Subject Resistance

  • Psychological Intimidation: subject displays visual and verbal cues that indicate potential resistance e.g. blank stare, clenched fists, tightening of jaw muscles, posturing, etc.
  • Passive Resistance: subject will not voluntarily comply with verbal and physical attempts of control e.g. dead weight, no reaction to verbal commands, etc.
  • Verbal Resistance: subject verbally indicates an unwillingness to obey commands and cease unlawful behaviour e.g. quiet statement, threat, etc.
  • Defensive Resistance: subject prevents officers from gaining control e.g. pulling or pushing away, resistance to restraint and control, etc.
  • Active Aggression: subject physically assaults officers or another person with less than deadly force e.g. advancing, challenging, punching, kicking, grabbing
  • Deadly Force Assault: force used against officers or another person that may result in great bodily harm or loss of life e.g. knife attack

Officer Response

  • Presence: officer presents as a uniformed authority or verbal identifies themselves e.g. security guard
  • Tactical Communication: using assertive interpersonal skills for verbal directions g. de-escalation phrases, compliance commands
  • Tactical Disengagement: creating safe separation from a situation should it escalate beyond officers’ ability to control it effectively g. withdrawing from a building
  • Cordon & Contain: creating a safe perimeter when engagement may escalate a situation and a safer option is to contain until assistance arrives g. preventing access to area
  • Empty Hand: techniques employed to control subjects using only the human body e.g. passive escorts, compliance holds, distraction techniques, strikes
  • Filled Hand: using external weapons to control subject resistance; justified when lower forms of response have failed or officers believe their empty hand skill is insufficient e.g. chemical agent, taser, baton
  • Potential Lethal Force: using force that is likely to result in great bodily harm or loss of human life e.g. firearm

At the highest levels of resistance and response, the difference between subjects resisting with deadly force and officers responding with potential lethal force is that the subject action is unlawful and is aimed at causing purposeful harm to officers (or another person), whilst officer action is a lawful response to the subject action posing a real and impending threat to life and is used to stop the threat. Neither action, subject nor officer, requires the use of a weapon.

2 common ways of representing subject resistance and officer response are continuums and models.

Situation Totality

Tactical options are based on the principles of safety and control. They are directly related to subject actions during the situation, and employed with regards to lawful response. All actions, relational factors between parties and conditions surrounding the confrontation comprise the totality of the situation. Each relevant condition relates to the confrontation in determining officer response.

Officer/Subject Factors

It is reasonable that a discrepancy in the age, gender, physical size, fitness, skill level or number of subjects involved in the confrontation may mandate that officers use more or less force to control the situation.

Special Circumstances

A confrontation may include circumstances which would allow officers to increase the use of force. A subject in close proximity to a weapon creates an increased danger to officers which must be dealt with immediately. Officers who are injured, exhausted, on the ground, disabled or in imminent danger would be justified in escalating through tactical options, or they may have special knowledge of a subject’s skills that would require the use of increased force.

Response Evaluation

In evaluating responses, strong consideration should be made to ensure officer safety, which involves the ability to disengage or escalate. Strategies used in a confrontation should be evaluated in terms of its likelihood to be effective compared to its likelihood to cause damage (control vs injury). Strategies that offer a high degree of effectiveness with limited potential for risk are preferred options, whilst those that do not facilitate either disengagement or escalation in response to a threat are risky.

Operational Rationale

The aim of workplace safety policy is to reduce and eliminate hazards in the workplace, and guides the establishment of workplace procedures, including operational parameters and guidelines for officers in public safety roles. The duty of care concept establishes the idea that the preservation of safety and health at work is a continuous legal and social responsibility of all those who have control over the conditions and circumstances in which work is performed. This responsibility covers all workplaces and working conditions (unless specifically excluded by regulation).

The general duty of care responsibility of employers and employees is as follows:

  • Employers shall provide and maintain a working environment that is safe and without risks to health, including safe premises, safe and hygienic working environment, safe equipment, trained and competent personnel, and adequate information, instruction and supervision.
  • Employees must take reasonable care for their own health and safety and for that of anyone else who may be affected by their acts or omissions at work. Further, they shall not willfully or recklessly interfere with or misuse anything provided in the interests of health safety or welfare, or willfully place at risk the health or safety of any person at work.

Not meeting this responsibility may result in negligence, defined as the omission to do something that a reasonable person would do, guided upon those considerations that ordinarily regulate the conduct of human affairs, or doing something that a reasonable and prudent person would not do.

While the continuum model has served as a useful instructional tool for officers over the years, it has some limitations as a tool for application in an operational environment. Officers engaged in encounters with noncompliant subjects may feel that they are legally obligated to climb the use-of-force ladder and de-escalate to compliance, hesitating to take safer immediate assertive actions to end unlawful resistance.

While this may not sound radically different than current practice, it is a contrast to the continuum doctrine, where officers are legally and morally bound to use no force where the possibility exists of avoiding it, and to use the least force theoretically possible in the least intrusive way for the shortest possible amount of time.

The reality is that when a subject is noncompliant, the officer has the legal and moral obligation to gain compliance as quickly and safely as possible. Rather than lowest force, officers should use the most effective response (in this context effective means quickest and safest). The most effective means of gaining compliance may not be the least possible force, but it must remain reasonably necessary and in proportion to the officers’ objective.

While de-escalation is a response option, it is not always plausible to attempt verbal calming. Some conditions contributing to non-compliance are medical emergencies dependent on brain chemistry that will not respond to calming techniques and get worse and less treatable over time. This does not argue against crisis intervention methods, but rather puts those strategies as available for use when appropriate and by-passed when they are not.

That which is most effective tends to result in shorter physical contact when a hands-on response is inevitable. Briefer contact means less likelihood of injury to offender, bystander and officer. Therefore, application of effective means to end non-compliance is a moral imperative as well as tactically superior and justifiable.

When choosing tactical options in response to subject resistance, officers must do what is reasonably necessary to ensure safety (theirs, others) and gain control. This decision will be based on officer training and experience. Selecting an inappropriate option for a particular circumstance, whether too little (failing to act) or too much (excessive action), may result in negligence on the part of the agency and/or officer. It is this aspect of liability that drives much of the current operational safety training paradigm and post-incident management strategies. Unfortunately, it is also responsible for much of the officer attrition from the public safety sector.

The distinction between resistance and response is that subjects are motivated by unwillingness to comply with officers. Subjects may initiate resistance at any level. Officers are reactive to subject action and may choose any option that represents a reasonable response to a perceived threat. Tactical options should be justified, effective and defensible, and officers must remain vigilant.

Over confidence in API protection leaves enterprises exposed to attacks – Radware

A report by cyber security vendor Radware reveals that 92% of companies state they have a plan in place to adequately protect APIs from cyberattacks, yet 62% admit a third or more of APIs are undocumented

Radware’s 2022 State of API Security report survey, conducted with Enterprise Management Associates, reveals a false sense of security among organisations when it comes to API protection.

The survey includes responses from chief information officers, chief technology officers, vice presidents of IT, and IT directors from global organisations across North America, EMEA, and APAC.

 

According to the survey, API usage is on the rise. Ninety-two percent (92%) of the organisations surveyed have significantly or somewhat increased their API usage with 59% already running most of their applications in the cloud. Additionally, almost 97% of organisations use APIs for communications between workloads and systems, highlighting the growing reliance on APIs in day-to-day business operations.

The real and underestimated threat of undocumented APIs

While 92% of those surveyed believe they have adequate protection for their APIs and 70% believe they have visibility into applications that are processing sensitive data, 62% admit a third or more of APIs are undocumented. Undocumented APIs leave organisations vulnerable to cyber threats, such as database exposures, data breaches, and scraping attacks.

“For many companies, there is unequivocally a false sense of security that they are adequately protected from cyberattacks. In reality, they have significant gaps in the protection around unknown and undocumented APIs,” said Gabi Malka, Radware’s chief operations officer and head of research and development.

“API security is not a ‘trend’ that is going away. APIs are a fundamental component to most of the current technologies and securing them must be a priority for every organisation.”

Bot attacks remain a threat along with misperceptions about API protection

Nearly one third of companies (32%) surveyed stated automated bot attacks are one of the most common threats to APIs. In terms of detecting an API attack, 29% say they rely on alerts from an API gateway and 21% rely on web application firewalls (WAF).

Malka added: “The survey data indicates that API protection is not keeping up with API usage. Many organisations are basing their API security strategies on false assumptions — for example that API gateways and traditional WAFs offer sufficient protection. This leaves APIs vulnerable and exposed to common threats, like bot attacks.

A comprehensive API protection solution, that includes bot protection, will address these threats. But very few respondents indicated that they had solutions that actually did or even had the capability to provide effective security. Enterprise protection is only as strong as its weakest link.”

API attacks flying under the radar

Half of companies surveyed viewed their existing tools as only somewhat or minimally effective at protecting their APIs, with 7% reporting that the solutions they have in place did not identify any attacks at all. The inability of the existing tools to adequately protect APIs from common threats further adds to the false security narrative.

Open source contributes to security myth

Sixty-five percent (65%) of respondents believe that open-source code is more secure than proprietary code and nearly 74% believe that container-based deployments and microservice architectures are more secure than monolithic architectures and deployments by default.

According to Malka: “The belief that open source is more secure by design could explain why some organisations are lax when it comes to patch management. Yet, as we have seen with Log4j and Heartbleed, open source can have the same security flaws as proprietary code. Believing that open source is inherently more secure by default only further contributes to the false narrative that leaves organisations vulnerable to cyber-attacks.”

Nine steps towards building better security resilience

Australian organisations have taken a keen interest in building resiliency to adverse conditions, particularly those related to cybercrime, but there is more to do to mature these approaches

As business leaders, the past two years have really crystallised what is and isn’t important. People are crucial to our ongoing success and growth; culture is king; and above all, across people and technology, we value resiliency: to change, to crisis, and to whatever else our operating environment throws at us.

A recently-released ‘barometer’ shows “Australian companies are building resilience as they navigate a succession of crises”. It calls on businesses to create a “holistic, 360-degree strategy” to address threats to the digital ecosystems, noting that “the risk of cyber attacks and threats … is the top concern for both Australian and G20 organisations in 2022.”

This is far from an isolated perspective.

The Government’s own cybersecurity advisory recently implored Australian organisations “to improve their cybersecurity resilience in light of the heightened threat environment”, which includes ongoing ransomware and malware infections, and the risk of state-sponsored attacks.

There are some encouraging signs in the space. Dataminr research from this month shows that almost all Australian businesses “have invested in their business’ resilience, with 25% having invested over $100,000 between 2019-2021.”

However, the same research also concludes that “resilience has become a priority but not necessarily a reality, and businesses remain unprepared for risks despite the high-impact events in the last 24 months.” Cybercrime, it finds, remains a particularly palpable risk in the eyes of business leaders.

For organisations and their leaders to get ahead of cybercriminals and build resiliency measures, they should aim to take the following nine key steps.

Understand risk

Cyber resilience must be a primary focus of boards and senior management. It’s not something that can be left solely to the CIO. Executives should be able to demonstrate understanding in this area, and commit to periodically reviewing the organisation’s exposure to compromise. Regularly addressing the risk of cyber failure and ensuring that cyber resilience is built into all aspects of business and operating models is crucial for reducing the company’s exposure to cyber compromise.

Understand consequences

We can all comprehend how a prolonged breakdown of cybersecurity in the telecommunication sector, the banking industry, or an airline could be catastrophic on a national scale. It’s why critical infrastructure operators in Australia now face regulated cybersecurity responsiveness. At the small and medium-size business level, however, cyber disruption can be equally disastrous both for the organisation and for the customers who had placed their trust in it. For any organisation, the failure or disruption of operating systems or the compromise of sensitive, personal data will be reflected in their reputation, credibility, and, ultimately, profitability and licence-to-operate.

Inventory systems and data

Accurate assessment of risk and the consequence of failure is facilitated by a clear understanding of an organisation’s IT systems and of the data it holds. If boards and senior management understand the value of their data to those of malicious intent, if they know where that data is, how it is protected, and who has access to it, then they are in a stronger position to implement a cyber resilient business model.

Practise good cyber hygiene

The Australian Cyber Security Centre has developed a list of 35 strategies to enhance cyber resilience. While some are complicated and need the support of experts, simple strategies like regular patching of software and operating systems, password policies, multi-factor authentication, and application whitelisting will help mitigate about 85% of the current malicious intrusions.

Backup and response plan

There have been enough publicised instances of malicious destruction of data, or denial of access to data (as with ransomware), that building system redundancy and regular real-time backing up of data and records is a necessity. Redundancy and backup systems are essential to recovery after a successful attack. Boards also need to ensure that their regularly exercised response plans can be implemented immediately if an attempted attack is detected.

Malware protection

There is a growing range of off-the-shelf anti-malware systems. Cybersecurity technology companies are developing solutions that have moved beyond the concept of firewalls into predictive analysis, providing deeper layers of security.

Invest in cybersecurity

Investment in cybersecurity can never be a one-off activity because the threat landscape is ever changing. Effective cyber resilience requires continuous investment in the upgrading and refining of protective systems as a normal cost of business.

Empower your people

Cyber resilience requires the active participation of all staff. Without regular training and security skills upgrading, company expenditures on the most sophisticated protection systems will be less effective. A strong security culture creates an environment where peer behaviour reinforces positive security practices.

Consult cybersecurity professionals

Cybersecurity can become so complex that few companies can afford the expertise and resources to achieve cyber resilience on an in-house basis. Access to professional advice on cybersecurity is essential, as attack methodologies proliferate in sophistication. Managed service providers have the expertise to assist companies with professional advice and customised software solutions. What can never be outsourced, however, is the responsibility for cybersecurity within an enterprise.

Resilience is now a must-have element of culture and organisational DNA. All organisations can expect their resiliency to be tested at one time or another, and with an increased cadence due to the rapid pace of change generally. By maturing resiliency strategies and approaches now, organisations can be best prepared for when their test comes.

i-PRO upgrades PTZ cameras, includes AI features

New features include AI at the edge of the network enabling auto-tracking, class-leading low light performance and enhanced cybersecurity.

i-PRO, recently split from parent company Panasonic in the ANZ region, has announced the addition of AI to its revamped PTZ (pan, tilt, zoom) camera range. This latest development will add a total of 35 new cameras.

With this development, i-PRO adds the first AI- enabled PTZ cameras to the company’s S-Series.

The cameras include a powerful built-in AI processor enabling advanced automatic tracking to make operators’ lives much easier. The cameras, equipped with the highest levels of cybersecurity, can run two different Deep Learning AI applications at the edge of the network, reducing load and server infrastructure costs. Thanks to i-PRO’s open platform AI strategy, the Software Developer Kit (SDK) can also be used to integrate third party specialist applications.

For the first time, i-PRO has also added PTZ cameras to its U-Series, the company’s cost effective range for the most price-sensitive installations. This addition is further evidence of i-PRO’s commitment to listen to market demands and to be fast and flexible in responding to needs.

The S-Series PTZ Cameras: Smarter, faster and cybersecure

The new S-Series PTZ cameras are designed to make operators’ lives easier with smarter, smoother and more simple operation. They deliver improved image quality, especially in low lighting, with the latest image sensors and lenses to improve accuracy and prevent false alarms.

The powerful onboard Ambarella AI processor supports advanced auto-tracking which can assist

operators by automatically detecting, zooming in on, and tracking people, vehicles and bicycles, as well as the unique attributes of detected objects such as colour and type. Security operators will also notice faster PTZ response times during preset operation and improvements in auto- focus when operating manually. This ensures the operator has access to consistently sharp images.

Available in 2MP and 5MP resolutions and offering 21x-40x zoom ratios in indoor and outdoor settings, the S-Series PTZ cameras come in a wide range of options such as smoke dome, salt resistant, and black models. With IP66/IP67 protection against dust and water and IK10 impact resistance, the outdoor S-Series PTZs are built to withstand challenging outdoor environments and can operate effectively in any temperatures.

The U-Series PTZ Cameras: Cost effective yet still cyber secure

The new U-Series PTZ camera is the smaller brother to the S-Series, designed for projects that do not require AI functionality but still need the core benefits of i-PRO’s quality, reliability and cybersecurity. The cameras offer customers a cost effective, easy install and cybersecure PTZ with leading image quality even in low lighting situations.

Available in 2MP resolutions with 3.1x- 21x zoom ratios in indoor and outdoor settings, the new U-Series PTZ outdoor models meet IP66 and IK10 impact resistance standards.

Benefitting both series: core quality, design and cyber security

The PTZ cameras in both series benefit from a new modern design in a smaller form factor that is similar in size to many dome cameras. This convenient size along with outstanding low light performance, means the cameras can be conveniently installed in almost any position and still produce high quality images and accuracy of object detection to reduce false alarms. Both camera line-ups have also achieved the highest level of cybersecurity with FIPS 140-2 level 3 certification.

“Today i-PRO has taken another important step towards becoming the next generation partner for the security industry,” said Marius Van Der Merwe, i-PRO APAC Director. “We are making security operators’ lives easier by delivering the market’s first PTZ with an AI open platform, on the edge, with the highest levels of cybersecurity. At the same time, we’re taking innovation into our cost- effective U-Series range to give the market access to the same powerful hardware – all as the wider industry struggles with product availability and price increases.”

For more information, visit: https://i-pro.com/apac/en

New research suggests a passwordless future, but adoption is still in its infancy

Andre Durand, CEO and founder of Ping Identity

Ping Identity (NYSE: PING), the intelligent identity solution for the enterprise, and Yubico, the leading provider of hardware authentication security keys, surveyed IT leaders across the globe, including in Australia, to determine their appetite for passwordless solutions. Overwhelmingly, the desire was clear to adopt more secure and convenient methods of passwordless authentication. They cited gains in security, productivity, and customer experience as key drivers.

“Passwords are not only frustrating but easily exploited via remote bad actors,” said Andre Durand, CEO and founder of Ping Identity.  “A passwordless future not only removes a usability headache for end-users, but makes identity and account take over and fraud far more difficult for remote actors. It’s reassuring to see IT leaders across the globe aligned on a future where passwords are replaced by simple, easy, and more secure authentication.”

Read the full Ping Identity Survey: Our Passwordless Future: a New Era of Security

Key Global and Australian Findings:

Passwords present serious security concerns:

  • 94% globally and 95% of Australian IT leaders have serious concerns about user-generated passwords.
  • 91% globally and 89% of Australian IT leaders are very or somewhat worried about passwords at their organisation being stolen.
  • The thought that passwords are deceptively weak is highest among Australian IT leaders (92%), compared to a still sizable 69% of French IT leaders.
  • 50% globally and 47% of Australian IT leaders are concerned that passwords are too weak for security purposes.
  • 94% of Australian IT leaders say  that employees have been less cautious with their password management as remote and hybrid work become more common.

Passwords are a drain on productivity:

  • 67% globally and 71% of Australian IT leaders are concerned with the helpdesk costs associated with passwords.
  • 33% of helpdesk tickets globally and 37% in Australia are related to passwords, and in the past year, IT leaders have seen a 30% increase globally and 33% increase in Australia in password-related incidents.
  • Globally, IT leaders estimate employees must enter passwords an average of 12 times a day globally.  In Australia this figure is 15 times daily.

IT leaders face challenges and resistance to passwordless adoption:

  • 97% of IT leaders globally and 99% of those Australian IT leaders who haven’t adopted passwordless authentication believe they will face challenges in doing so.
  • 91% of IT leaders globally and 94% of Australian IT leaders agree that password security is a cultural issue for which business leaders – not users – must take responsibility.
  • 33% of IT leaders globally and 39% of IT leaders in Australia of those who haven’t adopted passwordless authentication say a lack of expertise is a barrier to adopting passwordless authentication.

 Unlocking the benefits of a passwordless future

  • 100% of Australian IT leaders recognise the benefits of passwordless authentication, including enhanced security (55%) reduced security costs (47%), and less support needed (46%).
  • 96% of IT leaders globally and in Australia say passwordless authentication would create an easier user experience (UX) for employees; 98% of those with a customer login portal say it would create an easier UX for customers.
  • Australian IT leaders lead the way in their likelihood to adopt passwordless authentication with 79% completely or very likely to adopt this in the near future. This compares to 67% in France, 56% in Germany and 63% in both the UK and US.
  • Among organisations that adopted or plan to use passwordless authentication, the top forms are biometrics (67% globally and 61% in Australia), PIN (48% globally and 39% in Australia)) and physical security keys (38% globally and 29% in Australia).

“With the vast majority of all cyberattacks starting with stolen passwords or other weak login credentials, Yubico is working towards a phishing-resistant and passwordless future,” said Stina Ehrensvard, CEO and co-founder of Yubico. “The need for adopting modern authentication is highlighted on a daily basis with examples like the White House’s cybersecurity executive order and Russia’s invasion of Ukraine. Surveys like this demonstrate the mindset of industry leaders and the important journey towards simple and strong passwordless authentication.”

Ping Identity and Yubico surveyed 600 IT leaders and decision-makers from large organisations (10,000+ employees) across the U.S., Europe, and Australia to better understand their key security concerns, at a time when password-related incidents are rising and billions of passwords have been exposed from data breaches. The findings underscore the dire limitations and risks of passwords and the burden they place on users and the help desk.

Learn more at www.pingidentity.com

Axis transforms Victoria’s two largest cities into Leading Smart Cities

Axis announces its partnership with two of the largest cities in Victoria, Australia – Melbourne and Geelong, to enhance its Safe City Camera Networks.

The integrated security solutions supplied by Axis will help communities feel safer in public places through enhanced crime prevention, deterrence, and response. Over 300 CCTV cameras have been upgraded to Axis’ PTZ cameras across the two cities.

The high-performance PTZ cameras enables the automatic detection between vehicles and pedestrians, providing council with insights of the traffic flow and patterns.

“The data and insight that our technology provides is critical in the proper planning and management of public spaces and transport,” Johnny Lee, Business Development Manager, Transportation and Smart Cities, Axis Communications ANZ.

“Our technology was originally planned to boost security around club and nightlife precincts, but both cities are increasingly utilised to understand how their respective cities are changing,” Mr Lee said.

Axis was able to meet the needs for a network of security solutions that would not only help to reduce crime and vandalism towards key infrastructure, but also support additional smart city initiatives such as traffic management and urban mobility.

As experienced across cities across the world, the ongoing impact of the pandemic has changed the numbers of drivers on the road and travel behaviours associated with public transport.

As a result of the Axis implementation, the first-ever dedicated Congestion Management Team was established to respond in real-time to bottlenecks, incidents, and breakdowns.

Victorian State Government has made an unprecedented investment in congestion-busting technology, including 700 extra traffic monitoring cameras and almost 200 wireless traffic sensors to help monitor and ease traffic congestion in cities like Melbourne

“As we return to post Covid normality we begin to see an increase in the use of roads and public transportation, a key to delivering an efficiently flowing city is to understand how it operates. From the flow of vehicles & pedestrians through to effects of events on transport infrastructures such as parking and public transport. Data analytics and automations allow for transport operators and city councils to make informed decision and plan for the future.” Mr Lee said.

Deputy Mayor Trent Sullivan said the upgrades to the network have improved public safety and transport planning in Greater Geelong.

“This type of smart technology is game-changing as it provides accurate data to inform public space and transport planning,” the Deputy Mayor said. “The cameras in Central Geelong are linked to a control centre that is monitored by both specially trained council staff and Victoria Police.”

“Having real-time data on usage of public spaces means we can make sure Central Geelong and our townships are attractive, vibrant and active.”

Axis has a proven track record of offering ‘Smart Cities’ solutions worldwide and is continuing efforts to help Australian cities be smoothly operating, lively hubs of activity that protect citizens whilst still respecting their privacy.

“The City of Melbourne through the Safe City Camera Program and many other safety initiatives takes safety of the public domain very seriously. Through our security integrator we have developed a strong working relationship with the Axis Communications Melbourne Office. The Axis products are very reliable and we communicate well and openly with the Axis team when we provide feedback about improvements, potential changes or new products to create a safer Melbourne.” Craig Buckingham – Team Leader Security services at City of Melbourne.

About Axis Communications

Axis enables a smarter and safer world by creating network solutions that provide insights for improving security and new ways of doing business. As the industry leader in network video, Axis offers products and services for video surveillance and analytics, access control, intercom, and audio systems. Axis has more than 3,800 dedicated employees in over 50 countries and collaborates with partners worldwide to deliver customer solutions. Axis was founded in 1984 and has its headquarters in Lund, Sweden.

For more information about Axis, please visit our website www.axis.com

Aqua Security unveils enterprise cloud native security SaaS in APAC

Pure-play cloud native security provider, Aqua Security, has announced the general availability of cloud native security SaaS in Singapore, serving the broader APAC region.

This allows customers to take advantage of the data sovereignty, platform security and flexibility provided by the SaaS service to prevent cloud native attacks before they happen.

Aqua customers in government, banking, financial services as well as other regulated sectors can leverage the service for comprehensive cloud native security, compliance and risk management, through an in-region service that addresses their data sovereignty and governance requirements.

The SaaS service enables customers to adopt cloud native security best practices as they expand their cloud native footprint and DevOps pipelines.

The general availability launch of the SaaS builds on two services already being utilised by customers: Aqua’s CyberCenter threat intelligence and vulnerability information database for scanning, and Dynamic Threat Analysis (DTA). Both allow DevOps teams to shift further left and incorporate security into their CI pipelines to identify malware and potentially malicious code.

The APAC SaaS region now offers the full enterprise suite as part of Aqua’s Cloud Native Application Protection Platform (CNAPP), including software supply chain security and shift-left risk-centric vulnerability management, security issue categorisation and runtime protection.

Enforcement of runtime protection and monitoring policies is available across containers, including managed container platforms, serverless and virtual machines in public cloud and on-premises.  The full suite of functionality allows customers to solve their cloud native security needs in a single platform.

“We have a number of existing public sector customers in the region, and we are committed to meeting our customer needs and requirements,” said Rob D’Amico, AVP of APJ at Aqua. “We’re seeing a surging interest from customers for an integrated and unified platform that protects the full cloud native application lifecycle from code to runtime. Eliminating multiple point solutions drives down operational cost and complexity.”

Aqua Grows Regional Partnerships

As part of the global investment, Aqua is growing its partnerships with technology alliance leaders in the region. APAC customers, particularly those in highly regulated industries, can keep their data local and adhere to compliance regulations.

Aqua Security’s platform is both SOC Type II and ISO27001 compliant.

Five steps to improve the security of your shared privileged accounts

Sharing of privileged accounts is a technique used by many IT teams, but one that can leave organisations vulnerable to a cyberattack.

Often used as a way to provide access for teams of privileged users, administrators, or applications, shared accounts involve a group of people using the same credentials to gain access. Unfortunately, lax shared-account management can lead to intentional, accidental, or indirect misuse that can undercut compliance efforts.

From embedded and hardcoded passwords to those used for message-passing between two applications, security gaps exist and they need to be managed. Password rotation is, of course, a best practice, but when left to a user’s own discretion it can be unreliable.

With shared accounts, changing passwords becomes an even bigger problem. There could be confusion about who changed the credentials, and the communication of updated passwords may be less than fully secure.

In addition, auditing and reporting information on session activities from shared accounts may be incomplete, because the individual responsible cannot be identified. This again reduces the overall security posture of the IT infrastructure as it is difficult to track accountability.

Improving shared account security

Thankfully, there are a range of ways shared account security can be improved without any unwanted impact on user productivity. Five ways this can be achieved are:

  1. Deploy an appliance-based or cloud-based solution to overcome the challenge:
    Organisations require a security solution that offers privileged password and session management within a single hardened or virtual appliance. The chosen appliance needs to have wide-ranging compatibility covering a range of operating systems, databases, applications, and devices. The security team should be able to manage accounts for services, application-to-application (A2A), and application-to-database (A2DB), without the need to juggle multiple tools. Using appliances offers organisations a solution that is much easier to implement and maintain over the lifecycle of the solution.

 Alternatively, cloud-based PAM solutions are becoming more commonly considered.  In this case it should offer comparable if not the same level of functionality and support a distributed implementation that can be applied across separated networks.

  1. Have a system that allows automatic inventory workflows:
    Once a distributed network discovery engine has been put in place, an organisation’s security team can identify and profile all users and services automatically and monitor their activity through unified management.

Many strong security policies go unenforced because policymakers are unaware that an asset or account even exists. Consistency comes from control, and control from knowledge.  An automated discovery solution to regularly check for systems and accounts is the best way to ensure that nothing is missed.

  1. Monitor all active sessions:
    For a platform to put full control into the hands of the security team, it needs to record every activity initiated by a privileged session. Real-time information can be relayed through a proxy session monitoring service for Secure Shell or remote access protocols, without revealing passwords at any stage. Such monitoring capabilities should be rich enough to allow threat assessors to view a playback of the session for auditing or forensic purposes, therefore meeting a range of compliance standards.
  2. Deploy the right desktop tools:
    Standardisation is an argument that spans many subsections of the IT world. When it comes to security, there can be an enterprise-wide threat posture caused by having policies and practices that are not easy to follow for all employees. For this reason, complex new workflows should be avoided wherever it’s possible to do so. Continual authentication to a security layer when accessing different applications is not ideal, so the account management system should support standard tools such as PuTTY, RDP, SSH and Microsoft Terminal Services Client.
  3. Ensure comprehensive analytics and reporting capabilities are in place:
    All key decision makers prefer to have single points of reference for their data. Whatever metrics are being used to monitor security, they should be presented in a single dashboard, in a clear, intuitive format. Everything from details about privileged accounts and passwords to expiry dates, remote access tools, SSH keys, and service accounts should be readily accessible by the security team. This will allow the team to take timely action to prevent issues before they cause disruption or losses.

Effectively securing shared privileged accounts can be a complex thing to achieve, but it can be made much easier if the right management tools are in place. Once this has been achieved, the benefits of shared accounts can be enjoyed while security gaps are minimised.

Using Orbital Insights To Improve Supply Chain Security

In this episode of Security TV, we speak with Mike Kim, Vice President / Head of Asia Pacific at Orbital Insight about the role of geospatial data in supply chain management.

Orbital Insight is using AI, machine learning, and computer vision to turn millions of images into a big-picture understanding of the world. Learnings and analyses are quantitatively grounded in observation, creating unprecedented transparency, and empowering global decision-makers with a new source of market insights. By analyzing millions of satellite images at a time, we equip innovative industry leaders with advanced, unbiased knowledge of socio-economic trends. Orbital Insight is funded by Sequoia Capital.

For more information visit orbitalinsight.com

Entrust report – use of company-wide encryption stagnates in Australia

Australia is lagging behind the global average when it comes to having a consistent, enterprise-wide encryption strategy. This and other findings are highlighted in the Entrust 2022 Australian Global Encryption Trends Study, the seventeenth annual multinational survey of IT professionals conducted by the Ponemon Institute.

 

The study reports on the cybersecurity challenges organisations face today, and how and why organisations protect their data. Key findings include:

 

Companies are taking data protection more seriously, but there’s still a way to go

The global average of organisations having a consistent enterprise-wide encryption strategy leapt from 50 percent to 62 percent as they seek greater control of the data, they have distributed across multiple cloud environments.

 

However, in contrast, this research shows that Australian organisations are lagging behind global averages, as the number of organisations reporting to have a consistent enterprise-wide encryption strategy stagnated at 55% in 2022, from 54% in 2021.

 

“In Australia, we noticed that the encryption strategy has stagnated over the last two years, which was an interesting find given that last year Australia was ahead of the global average. Organisations in Australia are striving to defend sensitive data against threats as it continues to increase their use of the cloud, containers and IoT platforms, however the slow growth highlights the pain point of skills shortages in Australia” says James Cook, VP Sales, Digital Security APAC, Entrust.

 

The study found that the top driver for encrypting data in Australia is to protect information against specific, identified threats (68% of respondents, vs. the global average of 50% and an increase from 63% in Australia last year). The next highest driver was to comply with internal policies (53% of respondents vs. the global average of 27%).

 

Respondent organisations in Australia encrypt several data types at higher rates than the global averages with financial records topping the list (56% in Australia vs. 45% globally). Similarly healthcare information (32% in Australia vs. 22% globally) is also noteworthy, this research shows that the types of data being encrypted has changed from last year when intellectual property was the most encrypted data type (62% is 2021 vs. 48% in 2022), followed by employee data (60% in 2021 vs. 50% in 2022).

 

This year’s report also revealed that the top two biggest challenges in planning and executing a data encryption strategy were finding the data according to 55% of respondents in Australia and classifying it (36% of respondents in Australia).

 

While the results indicate that companies have gone from assessing the problem to acting on it, they also reveal encryption implementation gaps across many sensitive data categories. For example, in Australia alone, just 36% of respondents say that encryption is extensively deployed across containers, 28% for big data repositories and 41% across IoT platforms. Similarly, while 63% of global respondents rate hardware security modules (HSMs) as an important part of an encryption and key management strategy, half said they were still lacking HSMs. These results highlight the accelerating digital transformation underpinned by the movement to the cloud, as well as the increased focus on data protection.

 

Organisations seek greater control of their cloud data

This year’s study also reveals how the flow of sensitive data into multiple cloud environments is forcing enterprises to increase their security in this space. Notably, this includes containerised applications, where the use of HSMs reached an all-time high of 33% in Australia and 40% on average globally.

 

More than half of Australian respondents (57%) admit their organisations transfer sensitive or confidential data to the cloud whether or not it is encrypted or made unreadable via some other mechanism such as tokenisation or data masking. However, another 30% said they expect to do so in the next one to two years.

 

“The rising adoption of multi-cloud environments, containers and serverless deployments, as well as IoT platforms, is creating a new kind of IT security headache for many organisations,” said John Metzger, vice president of product marketing for digital security solutions at Entrust. “This is compounded by the growth in ransomware and other cybersecurity attacks. This year’s Global Encryption Trends study shows that organisations are responding by looking to maintain control over encrypted data rather than leaving it to platform providers to secure.”

 

When it comes to protecting some or all of their data at rest in the cloud, 51% of those surveyed in Australia said encryption is performed in the cloud using keys generated and managed by the cloud provider. Another 24% of respondents reported encryption being performed on-premises prior to sending data to the cloud using keys their organisation generates and manages, while 16% are using some form of Bring Your Own Key (BYOK) approach.

 

Together, these findings indicate the benefits of cloud computing outweigh the risks associated with transferring sensitive or confidential data to the cloud, but also that encryption and data protection in the cloud is being handled more directly.

 

 

Employees continue to represent a significant threat to sensitive data

When it comes to the sources of threats, 59% of Australian respondents identified employee mistakes as the top threat that might result in the exposure of sensitive data, compared with the global average of 47%. The other highest ranked threats identified were system or process malfunction (36%), the threat from temporary or contract workers (29%), and hackers (15%).

 

These results make it clear that threats are coming from all directions so it’s distressing, but not surprising that nearly three quarters (85%) of respondents admitted having suffered at least one data breach, and just about half (47%) having suffered one in the last 12 months.

 

“Over 17 years of doing this study, we’ve seen some fundamental shifts occur across the industry. The findings in the Entrust 2022 Global Encryption Trends study point to organisations being more proactive about cybersecurity rather than just reactive,” said Dr Larry Ponemon, chairman and founder of the Ponemon Institute. “While the sentiment is a very positive one, the findings also point to increasingly complex and dynamic IT landscape with rising risks that require a hands-on approach to data security and a pressing need to turn cybersecurity strategies into actions sooner rather than later.”

 

“As more enterprises migrate applications across multi-cloud deployments there is a need to monitor that activity to ensure enforcement of security policies and compliance with regulatory requirements. Similarly, encryption is essential for protecting company and customer data and it is encouraging to see such a significant jump in enterprise-wide adoption,” said Cindy Provin, Senior Vice President for Identity and Data Protection at Entrust. “However, managing encryption and protecting the associated keys are rising pain points as organisations engage multiple cloud services for critical functions. As the workforce becomes more transitory, organisations need a comprehensive approach to security built around identity, zero trust, and strong encryption rather than old models that rely on perimeter security and passwords.”

 

Gallagher Mobile Connect delivers seamless automation for new hybrid-friendly commercial building

Gallagher, a leading manufacturer of security technology, have today announced how newly opened commercial building, 221 London Circuit, has made innovative use of Gallagher’s Mobile Connect solution to offer smart office environments for businesses adopting a hybrid model of working.

Managed by property developer, Molonglo, 221 London Circuit is a 12-storey property based in the city centre of Canberra, Australia and is positioned to offer flexible workspaces for the professional service industry.

Gallagher’s Mobile Connect app has been integrated with 221 London Circuit’s on-site service technology, Office Office, to enable tenants to book and access meeting rooms directly from their smartphone. Through this intelligent integration, Gallagher Mobile Connect allows businesses requiring office facilities or temporary shared rooms for meetings or small events, to secure a space at 221 London Circuit online and issues them with instant access credentials, without the need for paperwork or a property manager to be on site to let them in.

Daniel Rex, Head of Innovation & Operations for Molonglo, says: “The flexibility of our workspaces at 221 London Circuit reframes traditional leasing as an on-demand service offering – where space is only accessed and paid for when required. By working with Gallagher and installing their mobile technology, we’ve been able to simplify access for our tenants and remove the need for physical ID cards.

“The fact that Gallagher Mobile Connect is backed by a globally recognized method of authentication gives us complete peace of mind that not only are our spaces easily accessible, but the software managing the access is completely cyber-secure.”

Craig Schutte, Gallagher’s Vice President for Asia Pacific and IMEA (India, Middle East, and Africa), says the seamless automation and integration of Gallagher Mobile Connect in spaces like 221 London Circuit supports the rise in demand for frictionless office environments.

“Our Mobile Connect solution is an excellent example of how security technology plays a key role in enabling people to work the way they want to through seamless automation and intelligence within their working environment. By using Gallagher’s mobile app, tenants at 221 London Circuit can enjoy a completely frictionless experience when accessing their office – from the carpark, to the lift, and into the meeting room – it’s all managed via their mobile.

“With many businesses shifting towards a hybrid approach to working, we can see the demand for flexible and frictionless office spaces continuing to grow well into the future.”

How to create Recurring Monthly Revenue within your security business

In this episode of the ASIAL Security Insider Podcast, we speak with Paul Metzheiser, Managing Partner at Tamco. We spoke with Paul at the recent ISC West conference about the best way for systems integrators to create sources of recurring monthly revenues (RMR).

Paul explains the eight pillars of successfully building RMR within your business.