Blockchain

Cowbell, a pioneer provider of cyber insurance for small and medium-sized enterprises (SMEs) and middle-market businesses. It has expanded its Cowbell Connectors to over 30 integrations with top security and cloud service providers.  Stronger security insights Cowbell Connectors enhance cyber risk assessment and underwriting by drawing on inside-out dataWhile many businesses focus solely on outside-in or partial internal data, Cowbell Connectors enhance cyber risk assessment and underwriting by drawing on inside-out data, securely pulling real-time insights from: Cloud environments like AWS, Azure, and GCP Vulnerability scanners such as Tenable, Qualys, and Rapid7 InsightVM Endpoint security solutions like CrowdStrike, SentinelOne, and SophosIdentity and access management platforms such as Okta, Microsoft Entra, and Arnica Compliance-focused tools like Qualys Policy Compliance and Security Studio. Reducing cyber risk These newly expanded integrations - designed to be used as part of a multi-layered model including outside-in data, dark web intelligence, threat intelligence, loss cost and historical claims, and regulatory compliance - come in response to rising cyber attacks, with the U.S. among the countries with high data breach density. Last year, there were over 6.85 billion known records breached in the U.S., while the average cost of a data breach amounted to 9.36 million U.S. dollars; figures Cowbell expects to rise this year, with advances in AI and geopolitical conflicts both contributing to increased risk.  Strengthening cyber resilience Rajeev Gupta, co-founder & Chief Product Officer at Cowbell, shared: “A 2024 survey among chief information security officers (CISO) in the US showed that almost 9 in 10 organisations were at risk of a material cyberattack in the following 12 months; damaging both reputation and bottom lines. It’s now 2025 and the situation is only worsening; AI advancements have continued, empowering cybercriminals to execute more adaptive and scalable attacks, while geopolitical instability is increasingly manifesting in cyberspace.” “With threats evolving faster than ever, businesses must up their game. This is where - following the launch of our Cowbell Resiliency Services (CRS) unit in February this year - our expanded Cowbell Connectors come in, providing a 360-degree view of businesses’ security posture, bolstered by real-time inside-out insights.”  Optimised cyber coverage Cowbell’s proprietary, AI-driven risk ratings – policyholders pave the way for more precise underwritingBy feeding inside-out insights into Cowbell Factors - Cowbell’s proprietary, AI-driven risk ratings - policyholders can not only address and patch vulnerabilities quickly, but also pave the way for more precise underwriting, ensuring coverage accurately reflects the true level of risk exposure.  Demonstrating strong internal controls to underwriters and improving risk rating over time can also result to lower premiums or more favorable coverage terms.  Expanding cyber integrations While businesses and brokers can explore the full suite of integrations in the Cowbell platform today, there are also plans to double its integrations this year, adding a further 30 connectors covering categories including cloud, email and endpoint security, third-party risk management, and SIEM (Security Information & Event Management) platforms.  Keen to help support businesses in the best way possible, Cowbell has also said it is open to exploring new integrations based directly on the needs of its users.

iDenfy, a global pioneer in identity verification and fraud prevention, announced a new partnership with Coast, an innovative blockchain platform simplifying crypto-to-fiat transactions on PulseChain. This partnership will focus on enhancing security and streamlining KYC/AML compliance processes while boosting the platform’s security and addressing critical challenges in the blockchain ecosystem. Securing decentralised finance This partnership represents a crucial step forward, equipping Coast with advanced tools Global money laundering remains a common issue, with an estimated $2. trillion laundered annually, according to the United Nations. As financial crimes grow, platforms operating at the intersection of blockchain and traditional finance face increasing pressure to meet stringent compliance standards. This partnership represents a crucial step forward, equipping Coast with advanced tools to navigate the complexities of regulatory frameworks while fostering trust and security in the decentralised finance sector. Blockchain security simplified Coast has established itself as a pioneer in blockchain technology and financial services by offering a seamless and compliant gateway for users to interact with PulseChain. The platform's mission is to create user-centric financial solutions tailored for the decentralised future while maintaining the highest standards of security and compliance. To achieve this, Coast has partnered with iDenfy, a company known for its robust identity verification and Anti-Money Laundering (AML) tools that meet global compliance requirements. Secure identity verification Through this collaboration, iDenfy will bring its innovative identity verification solution, ensuring precise and secure onboarding for all users. iDenfy’s technology automatically recognises, verifies, and extracts information from more than 3,000 types of identity documents across more than 200 countries and territories. From passports and ID cards to driving licences and residence permits. The solution also includes the integration of iDenfy’s advanced biometric facial recognition and 3D liveness detection technology to prevent fraudulent activities, such as the use of fake images, face masks, or digital renderings. By creating three-dimensional facial maps, iDenfy provides a secure method for user authentication, ensuring the verification process is both seamless and bulletproof. Scalable fraud prevention Coast can now conduct ongoing monitoring and receive instant notifications of any AML risk hits during the KYC process The partnership offers Coast a scalable system that reduces onboarding time while ensuring full compliance with global AML regulations. This includes screening users against sanctions lists, Politically Exposed Persons (PEPs), watchlists, and adverse media sources. By integrating iDenfy’s technology, Coast can now conduct ongoing monitoring and receive instant notifications of any AML risk hits during the KYC process. iDenfy’s solutions have already transformed Coast’s operations, offering a near-perfect verification success rate of 99.99%. Secure and compliant The high level of accuracy is supported by a team of expert reviewers who oversee all automated ID verifications to eliminate potential system errors, fraud attempts, or failures. In addition to its technological capabilities, iDenfy’s software is fully compliant with GDPR, CCPA, and SOC 2 standards, ensuring that businesses can operate with confidence in its data security and privacy practices. Providing financial security For Coast, the ability to deliver a seamless onboarding experience without compromising security is a top priority. The platform aims to bridge the gap between traditional financial systems and blockchain technology, empowering users to interact with decentralised systems easily and securely. With iDenfy’s solutions, Coast has not only improved its onboarding process but also enhanced user trust by ensuring compliance with the latest global regulations. Before partnering with iDenfy, Coast faced challenges in delivering a fast, user-friendly identity verification process while maintaining robust security standards. Innovation in verification iDenfy’s scalable solutions have resolved these issues, significantly improving operational efficiency and user trust. This partnership aligns perfectly with the mission to create a seamless and inclusive experience for PulseChain. Domantas Ciulde, CEO of iDenfy, said, “Blockchain platforms like Coast are paving the way for the future of finance. Our advanced identity verification and AML screening tools ensure that Coast’s users can confidently engage with PulseChain while maintaining compliance with global regulations. We’re proud to support Coast in creating a secure and innovative platform.” Faster and safer onboarding The integration of iDenfy’s tools has also transformed the user experience for Coast’s clients. The streamlined KYC process is now a simple, three-step procedure that takes less than a minute on average to complete. This efficiency ensures that users can quickly access Coast’s services without unnecessary delays, positioning the platform as a pioneer in user-centric blockchain solutions.

SAFR from RealNetworks, the world’s foremost AI computer vision platform for access control and security, invites ISC West 2025 attendees to experience its revolutionary suite of AI-powered solutions at booth #25089.  SAFR's facial recognition technology delivers unparalleled certainty through industry-pioneer accuracy, enabling organisations to monitor and analyse visual data at speeds far beyond human capabilities—all while maintaining the highest standards of data privacy and personal control. Stronger security and unified solutions "Today's security challenges demand more than isolated point solutions—they require seamlessly integrated systems that work together as a unified whole," said Charisse Jacques, President of SAFR.  "Our Unified Facial Recognition Ecosystem represents a fundamental shift in how organisations manage access across their enterprise, bringing unparalleled efficiency, accuracy, and scalability through a single cohesive platform." Unified facial recognition power SAFR unifies identity management, ensures consistent recognition, enables rapid investigationsAt the center of SAFR's Unified Facial Recognition Ecosystem are these core components: One Database to Manage Everything – Eliminating silos with centralised identity management Unified/Shared Watchlist – Ensuring consistent recognition across all deployment points with PACs/VMS integration Forensic Search – Enabling rapid investigation across all connected systems Facial Recognition Analytics – Providing actionable intelligence and operational insights Enterprise Class Solution – Delivering the reliability, security, and scalability demanded by organisations of all sizes Face recognition in action Visitors to booth #25089 will experience firsthand the speed and efficiency of its ecosystem of face-based access control, edge-computing facial recognition cameras and mobile solutions. SAFR will also showcase how its innovative product lineup seamlessly integrates with PACS and VMS systems to provide real-time identity verification at entry points and throughout facilities.

It’s no secret that the data security sector is constantly changing. It has an annual CGR of about 12.3%. Future trends in data security Much of this has to do with the rise of cybercrime in recent years, with reports showing that cyberattacks happen as often as every 39 seconds. To combat the growing rate of cybercrime, data security has been on the rise. As we journey further into this era, it becomes evident that a spectrum of significant trends is molding the future of data security. This exploration delves into a selection of these trends, unraveling their importance and the potential implications they carry  1. AI security tools will increase  Artificial Intelligence is also being used in the development of smart attacks and malware The introduction of Artificial Intelligence in the data security industry brought significant changes, especially in cybersecurity. AI has been the golden standard for face detection, natural language processing, automated threat detection, and automated security systems. Additionally, Artificial Intelligence is also being used in the development of smart attacks and malware, bypassing even the latest security protocols in data control. And as time progresses, AI security tools will flourish and dominate the scene. Let’s take a more in-depth look at three of the top AI security tools. Targeted attack analysis tool  Manufacturers utilise targeted attack analysis tools to uncover targeted and stealthy attacks. Artificial Intelligence can be applied to the program’s capabilities, processes, and knowledge. For instance, Symantec launched this tool to combat the Dragon 2.0 attack in 2022. The phishing attack reprimanded multiple energy companies while trying to gain access to their operational networks. Targeted Attack Analysis Tools can analyse incidents and look for similarities from previous situations. They also help detect suspicious activities and collect all the necessary data to determine whether a specific action is malicious. Intercept X tool  Results from the Intercept X Tool feature high accuracy and a low false positive rate Sophos, a British security hardware and software company, launched the Intercept X Tool. It engages a neural network that records and analyses data like a human brain. Sophos’ Intercept X Tool can extract features from a single file and perform a deep analysis. It detects malicious activities within 20 milliseconds. Plus, it’s also trained to work on bi-directional sharing and real-world feedback of threat intelligence. Results from the Intercept X Tool feature high accuracy and a low false positive rate.  IBM Watson Technology  IBM’s QRadar Advisor uses IBM Watson Technology, a unique AI tool for fighting cyber attacks. Artificial Intelligence can auto-investigate activities and indicators for potential exploitation or compromise. With cognitive reasoning, IBM Watson Technology can present critical insights to accelerate the response cycle. Security analysts can utilise this technology to search for threat incidents, reducing the risk of letting them fly under the radar. 2. Blockchain as a security solution  It guarantees no points of failure or hackable entrances that can expose datasets inside the system Blockchain is a type of distributed ledger technology (DLT) that aims to establish trust within an untrusting ecosystem. Today it’s one of the most robust cybersecurity technologies in the industry. Blockchain utilises a decentralised ledger system, but your team members can still gain access to transparent information in the cloud. Members can also record, pass along, and view necessary transactional data in the blockchain. The entire blockchain process maintains data integrity within the system while establishing trust among team members. It guarantees no points of failure or hackable entrances that can expose datasets inside the system. Cybersecurity, biometrics Cybersecurity primarily benefits from these features because blockchain can create a secure and robust wall between data and hackers. On top of that, blockchain ledgers can include biometrics like fingerprints and retina scans. These prevent hackers from accessing any private data. Because blockchain is decentralised, it also limits hackable data. Together with the technology’s record-keeping system, each node is provided insight into data manipulation exposing real-time cybercrime attempts.  3. Increased and widened access control  Without access control, expect your company to be open to security issues, including theft, data loss, and breach of data Access control is critical in data security. More than a valuable security tool, business leaders can use access control to regulate people accessing any given resource. A company with an IT security setting can control who has the liberty to edit certain files. One of the primary goals of access control is to minimise threats or attacks to organisations and businesses to keep people and data secure. Without access control, expect your company to be open to security issues, including theft, data loss, and breach of data protection laws. Benefits The benefits of increased and widened access control include: Identifying who can access and control your data at specific time intervals. Protecting data from overwriting, accidental deletion, and malicious intent. User permissions that can be readily changed. Compliance and regulation with data privacy laws. Central management of access to data through a reporting portal or a dashboard.  Multi-factor authentication Access control comes in various types and systems, so it’s critical to know the features of what you’re looking for. The most common type is multi-factor authentication or MFA. It involves multiple steps before logging in, requiring the user to enter other relevant information besides the password. Some other examples of information include biometrics, answering a security question, or entering a code sent to the user’s email address. Two-factor authentication, role-based access control Two-factor authentication further prevents unauthorised entries that can result in unnecessary data possession Two-factor authentication further prevents unauthorised entries that can result in unnecessary data possession.  Another type of access control is role-based access control. In this setup, only one individual can set up access guidelines and grant permissions to specific team members within an organisation. 4. Greater use of the zero-trust security model  The zero-trust security model is a framework that requires every user within and outside the organisation to undergo authentication, authorisation, and validation. These are all essential to ensure proper security configuration before access is granted to the company’s applications and data. A zero-trust model assumes that anyone can cause data breaches and that a traditional network edge is not taken into effect. Moreover, it addresses the following modern-day challenges: Hybrid cloud environments. Security of remote workers. Ransomware threats.  This framework utilises the combination of multiple advanced technologies, including:  A risk-based multi-factor authentication. Endpoint security.  Identity protection.  Cloud workload technology.  The zero-trust model uses all these innovative tools for system identification, user verification, access consideration, and system security maintenance. Constant validation and monitoring Enforcing strict policies and compliance with data privacy laws are also essential Additionally, it also considers data encryption, email security, and asset verification before establishing connections with applications. The architecture of a zero-trust framework requires constant validation and monitoring of the users and the devices they are using. Enforcing strict policies and compliance with data privacy laws are also essential. More importantly, the zero trust architecture requires all organisations to be aware of all their available services and accounts to gain complete control of data handling and manipulation. 5. Increased privacy regulations  Privacy regulations and policies guide organisations in proper data control, handling, and security. These policies guide organisations in proper data control, handling, and security. As a responsible business owner, you must comply with these regulations to avoid legal issues. With cybersecurity attacks becoming common, expect increased and stricter privacy regulations to be released in the next few years. While current policies are still taken into effect, various modifications and adjustments will occur to compete with the rising numbers of data breaches, thefts, data loss, and more.  California Privacy Rights Act (CPRA) Currently, the California Privacy Rights Act (CPRA) is the most comprehensive legislation on state data privacy. It only started to take effect on January 1, 2023. The CPRA introduces the following principles: Broad individual consumer rights. Significant duties of people who need to collect sensitive and personal information. Additional definitions of data privacy and security. An individual’s duties include releasing information about data collection to concerned data subjects and proper access, correction, and deletion of information. Final thoughts  2023 is a big year for data security. Trends such as increased adoption of zero-trust policies, a greater reliance on AI security tools, and the implementation of blockchain as a security solution are all things we expect to see shortly.  Staying up-to-date with these trends is important for keeping your business current and ensuring that you’re adhering to new and changing regulations. Doing so can give you an edge over the competition and keep you out of legal hot water.

Identity management is an important element of both data security and physical security in an organisation. But all ID management solutions are not the same—especially when it comes to security. There are no uniform security standards for the industry, and many off-the-shelf systems fall short when it comes to data protection. To protect people, property, and data, make sure you select a system that maximises security at every stage. What is identity management? Identity management—also known as ID Management (IdM) or Identity and Access Management (AIM)—is a framework for managing digital identities and controlling who has access to what. It includes both policies laying out what types of access different people should have and technologies for enabling and enforcing those access controls. An identity management system makes it easy for IT to define access levels for individuals or groups within the organisation. Each user is assigned a unique identity within the system with specific user rights and restrictions These systems enable companies to increase security and productivity while reducing the costs and labour associated with security efforts. At the lowest level, identity management involves defining what a user is allowed to do on a network, with what devices, and under what circumstances. Each user is assigned a unique identity within the system with specific user rights and restrictions. Specific business system For example, what files, business systems, and programs is the user allowed to access? What are they allowed to do within a specific business system? What physical locations and resources are they allowed to access, and at what times? Access rights and restrictions may be role-based or individualised. An IdM system may provide the backend for a Single Sign-on (SSO) system that controls access to everything on the network with one user identification key. Many security products focus on mobile device management (MDM) systems that control access of devices to the corporate network. As more workers shift to remote and hybrid models, managing what devices are authorised to connect to the network, how users are authenticated when they log on to the device, the activities that can be performed by these devices while on the network, and the data and applications they have access to while offline is essential. Meeting the security challenge Ultimately, the ID management system is only as secure as the access system it connects to In an IdM solution, the user administration system that provisions the roles and rights within the system is linked to an access system that verifies the identity of the user. Ultimately, the ID management system is only as secure as the access system it connects to. Access systems include input screens for passwords or PINs, biometric input systems (such as fingerprint or facial recognition), or readers that connect to identification media (such as an ID badge or smartphone) via Radio-Frequency Identification (RFID), Bluetooth® Low Energy (BLE), or Near-Field Communication (NFC). Some systems may require multifactor identification. RFID and smartphone-enabled BLE and NFC access systems are highly popular for their combination of security, reliability, user convenience, and ease of administration. While there are many access systems available, there are no uniform standards for security—and many standard systems are not very secure. User administration system When evaluating security for an IdM and access system, there are two important aspects to consider. Data storage: How is data stored in the IdM system and on the local reader or input device? Are user identities, rights, and activity logs stored in an unencrypted table on a single server or device? Is a blockchain system used for data storage? Or something in between? Data transmission: How is data transmitted between the access system and the user administration system? Is data transmitted in encrypted form? Is the Advanced Encryption Standard (AES) used? Security starts with the creation of the user ID and identification medium Security starts with the creation of the user ID and identification medium. To protect business data and systems, organisations should look for an IdM solution that uses industry best practices for encrypted data storage and transmission. If using ID badges—as a majority of organisations still do—they also need to consider how and where those badges are produced. Industry best practices For example, our partner evolutionID offers a secure ID-Management system with extended security functions. In-house badge production enhances security by eliminating the need to send sensitive, personalised data to a third-party badge printer. It also streamlines the badge production process, so employees can get their badges right away without waiting. With the creation of the identification medium, individual security features such as biometric properties, user ID, and permissions can be programmed directly onto the transponder card using an RFID reader or distributed to relevant systems by interfaces. This system maximises security and gives organisations the tools they need to customise their security concept for their needs. On top, cost-saving self-service features such as image acquisition or badge management are available for every employee on any device.

Every day, millions of people worldwide use their personal credentials to prove their identity and access a range of services, from databases in their workplace to the banking app on their smartphone. But while this ensures only authorised people have access to certain systems, the use of this personal data opens users up to cyber risks, primarily in the form of identity theft. On Identity Management Day, Source Security spoke to seven IT and cybersecurity experts to discuss their experiences and advice on identity management, including James Brodhurst, Principal Consultant at Resistant AI, who reinforces that: “Securing identities is more important than ever, as fraud and identity theft has impacts for businesses as much as for individuals.” Effective identity management He recommends that businesses and other organisations that use consumer identities as an integral part of operations must address the significant challenges of managing identities and recognise that there is no single solution to all possible cyber threats. Effective identity management is only achieved through a broad range of technologies and data. Businesses have a critical role to play in mitigating cyber threats, as does society as a whole" This is an important first step for organisations to know who they are interacting with, and subsequently distinguish between genuine or illicit actions. “Businesses have a critical role to play in mitigating cyber threats, as does society as a whole. Initiatives such as Identity Management Day serve to increase our collective awareness of the issues and threats we’re facing, and also safeguard sensitive data.” External cyber defences “Why is identity theft so common?” ponders Andy Swift, Technical Director of Offensive Security at Six Degrees. “Well, the simple answer is stealing account credentials is big business. There is a massive industry out there of people stealing and selling credentials on the dark web. I don't suggest you venture to the marketplaces through which stolen credentials are sold on the dark web, but if you did you'd find lists of credentials with different attributes – whether they've been tested, whether they have access to financial data – that dictate price.” “Most stolen credentials are sold to people looking to launch phishing and onward phishing attacks, giving them access to compromised mailboxes to send emails from. Secondly, there are hackers who want to launch attacks – ransomware, more than likely – from within a network without having to navigate its external cyber defences while also evading the long wait for brute force attacks, phishing attacks and other noisy activities to pay off.” Access sensitive data Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target" “And thirdly, there are people who want to simply target external administration interfaces they have identified (RDP for example) which they can in turn use to pivot through to internal networks, or even just target the external host directly.” Gregg Mearing, Chief Technology Officer at Node4, adds: “Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target. In 2020 alone there were 193 billion credential stuffing attacks globally. Attacks commonly start with a database of stolen credentials, usually with usernames, emails and passwords – although phishing emails and suspicious websites are also used to steal corporate credentials. Once they have gained entry into the organisation's system, the attacker can move laterally, completely unnoticed, to access sensitive data, remove files or plant malware.” Most common threats “Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene, 65% of people still reuse passwords across multiple accounts. There can be no doubt that employees are the first line of defence for an organisation against a cyber attack. If trained properly, they can act as a human firewall. However, poor cyber hygiene, a lack of best practice when it comes to managing credentials, and a limited understanding of the most common threats can make an organisation’s employees its greatest weakness.” Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene" Alongside credential stuffing and phishing, Liad Bokovsky, Senior Director of Solutions Engineering at Axway, explains how API attacks are yet another way criminals are executing identity theft: “In fact, last year API attacks increased 348%, and companies affected included some of the largest corporations – Facebook, Instagram, and Microsoft.” Protecting customers’ data “Companies need to do a better job at protecting their customers’ data. In a recent survey, 82% of UK consumers confirmed they would stop doing business with a company if it suffered a data breach that exposed their personal information.” “Thriving and surviving in today’s hyper-connected economy increasingly depends on having sufficient API maturity in place to ensure that anything connecting to an organisation’s servers – devices, apps, customers – is managed appropriately to keep APIs, customer data and the company’s reputation safe. This means having technology and processes in place to make sure that API design, implementation, and management are done properly.” Owning smart devices This needs to change and with the UK no longer required to adhere to EU-GDPR legislation" Michael Queenan, CEO, and Co-Founder of Nephos Technologies, explains how the huge volumes of personal data being created every day are putting consumers at risk: “Whether shopping online, setting up a social media account or simply reading a news article, we are regularly being asked for our identifiable information. With 10% of UK homes now owning smart devices – e.g. an Alexa or a Ring doorbell – our data is constantly being collected, even within our own homes. Should it fall into the wrong hands, it could be used for identity theft or fraud.” “This needs to change and with the UK no longer required to adhere to EU-GDPR legislation, it presents an opportunity to rectify how personal data can be shared. Ultimately, I believe individuals should be responsible for their own data and how it is used.” Ensure data privacy “A possible way of achieving this is through identity-centric blockchain, whereby everyone has a national email address associated with their blockchain identity that permits access to their personal data. This would ensure that only you get to decide who has access – your data, your choice!” This would ensure that only you get to decide who has access – your data, your choice" Steve Young, UKI Sales Engineering Director at Commvault also comments on how identity management is vital for meeting data regulations, thereby supporting data management throughout the business: “In the world of data management, you’d be forgiven for thinking that the focus is all on backups and recovery. But while these are absolutely crucial elements, another key aspect of data management is identity management – only through understanding it will businesses be able to drive their data management to the next level. Identity management is necessary to ensure data privacy.” Latest data regulations “Many people will be most familiar with its function as a way to restrict access of employees to certain files and resources that may hold sensitive or classified information. But what is becoming more important today is how identity management also helps prevent cybercriminals entirely outside an organisation from gaining unauthorised access to a system and initiating a ransomware attack, for example. Because of this, identity management helps businesses be compliant with the latest data regulations, as it ensures that any customer data collected and stored is kept secure.” So, what solutions should IT leaders be prioritising to strengthen their identity management measures? Six Degrees’ Andy Swift recommends multi-factor authentication (MFA): “MFA provides great defence against identify theft, but it's also a reactive technology: for it to be effective, an attacker must already have obtained stolen credentials.” Cyber security training Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management" “That's why comprehensive cyber security training and education on best practices is quite possibly more important than any technology could ever be alone. There's no silver bullet when it comes to achieving strong identity management, but the importance of threat awareness and training cannot be overstated.” “We advocate for the best practices that ensure cyber hygiene and protect personal and professional identities and credentials to prevent credential-based attacks from continuing,” concludes Tyler Farrar, CISO at Exabeam. “Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management, but organisations must build a security stack that is consistently monitoring for potential compromise." "Organisations across industries can invest in data-driven behavioural analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behaviour indicative of credential theft, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time.”

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of this problem has emerged in the consumer and political worlds, the issue cannot be ignored when it comes to the authenticity and protection of video and security data. Video surveillance data SWEAR is a company with the mission to ensure the integrity of video surveillance data by mapping video data and writing it into the blockchain, providing real-time, immutable proof of authenticity. Blockchain, which is the underlying technology that enables cryptocurrencies, is a decentralised digital ledger that securely stores records across a network of computers in a way that is transparent, immutable, and resistant to tampering. SWEAR solution The SWEAR solution is based on proactive, foundational protection that validates data at the source The SWEAR solution is based on proactive, foundational protection that validates data at the source before any opportunity for manipulation can occur. “Our technology is about proving what’s real and our goal is to ensure that security content and video surveillance data remain untampered with and reliable when needed,” says Jason Crawforth, Founder and CEO of SWEAR. Real-time authentication Security leaders need to ensure that the content they are relying on to make mission-critical decisions is authentic. Once verified, organisations can be sure that their investment in video can be trusted for critical use cases, including intelligence operations, legal investigations, and enterprise-scale security strategies. SWEAR seeks to embed trust and authenticity directly into video surveillance content at the point of creation. This ensures real-time authentication while proactively preventing tampering or manipulation before it can happen.  AI-generated content The rise of AI-generated content, such as deepfakes, introduces significant challenges As AI transforms the landscape of video surveillance by enhancing threat detection and predictive analysis, it also introduces the very real risk of manipulation through AI-generated content. This presents a significant challenge in protecting critical security data, especially in mission-critical applications. The rise of AI-generated content, such as deepfakes, introduces significant challenges when it comes to ensuring the protection of digital media like video surveillance.  Recent study findings It is a fact that digital media content is being questioned more regularly, which puts businesses, legal systems, and public trust at risk.  A recent study from the Pew Research Center found that 63 percent of Americans believe altered videos and images create significant confusion about the facts of current issues. Last month, California Governor Gavin Newsom signed three bills aimed at curbing the use of AI to create fake images or videos in political ads ahead of the 2024 election.  Footage authenticity “While most of the news cycle has centered on the use of fake content in politics, we need to think about how manipulated videos could affect security,” says Crawforth. “In video surveillance, ensuring the authenticity of footage is critical for keeping operations secure and safe around the world. That means verifying and protecting video data is a must.”  Organisations must be capable of performing thorough digital investigations, which involve retrieving and analysing video and security data from devices and networks through a chain of evidence. Digital forensic capabilities Strong digital forensic capabilities also enhance incident response, risk management, and proactive security An in-depth understanding of who has handled video data, how it was handled, and where it has been is an important step in responding to security incidents, safeguarding assets, and protecting critical infrastructure. Strong digital forensic capabilities also enhance incident response, risk management, and proactive security measures, all essential for risk management, regulatory compliance, and cost control, says Crawforth.  An unbroken chain of custody “By using tools to identify, preserve, and analyse digital evidence, organisations can ensure swift and accurate responses to security incidents,” he adds. “Using the latest tools and techniques is vital for maintaining a strong security posture." "But you must ensure your digital content isn’t manipulated.” SWEAR’s technology provides an unbroken chain of custody, ensuring that video evidence can be trusted and admissible in court and forensic applications.  Authenticating content Authenticating content also strengthens accountability and trust, protecting organisations By verifying video content is protected from tampering, manipulation, or forgery, organisations can be sure that they have reliable evidence that produces actionable results. Authenticating content also strengthens accountability and trust, protecting organisations from legal disputes or compliance violations.  Safeguarding digital content “With an increasing amount of disinformation in today’s world, we sought to develop an innovative solution to safeguard the integrity of digital content,” says Crawforth. SWEAR safeguards security content using real-time “digital DNA” encoding. It integrates directly at the video management system level, ensuring it is preserved with a secure chain of custody and maintains integrity for evidentiary purposes.  Real-time “digital DNA” encoding The digital DNA is then stored on a blockchain, creating an immutable record The solution integrates with cameras and other recording devices to map this digital DNA of the video data, all in real-time. The digital DNA is then stored on a blockchain, creating an immutable record that tracks the content’s history and integrity. Any attempt to manipulate the media can be instantly detected by comparing the current state of the media to its original, authenticated version. SWEAR is actively collaborating with video management solution providers to integrate the technology into their platforms. Video and security data benefits “We’re still in the early stages of our collaboration in this space, but it is clear that the industry recognises that we have to work together to mitigate this risk proactively before it becomes a significant issue,” says Crawforth. “The feedback we have received from the industry to date has been beyond our expectations, and we expect to have more integration partners to highlight shortly.”  “We should approach this as a collaborative effort across the industry, as ensuring the authenticity of video and security data benefits everyone involved,” says Crawforth. 

The U.S. Department of Homeland Security (DHS) will be participating at ISC West in a big way. Representatives of the federal department will be taking part in more education sessions this year, and the DHS tech-scouting team will be on hand to view the latest technologies on display at the show. Exhibitors – and anyone else at the show – are invited to the “DHS Town Hall” on March 19 (Thursday) at 3:30 p.m. in meeting room Galileo 1001. The aim is for DHS to engage with the technology community and provide guidance as industry innovation moves forward. In the face of growing operational demands and complex threats, the need for homeland security technology solutions continues to rise. The Department of Homeland (DHS) is seeking new ideas and partners to safeguard public trust, save lives, reduce risks, and protect the flow of commerce and goods for the community. They will share information about the department’s problem sets, capability needs and business opportunities for accelerating technology development to ensure they are keeping pace with the speed of innovation and complex threats. Speaking at ISC West DHS seeks to challenge industry partners to develop technology to enhance security operations across multiple end user missions. The DHS Science and Technology Directorate (S&T) and Cybersecurity and Infrastructure Security Agency (CISA) will jointly speak and exhibit at ISC West. Attendees can meet DHS professionals working in cyber security, critical infrastructure, resilience, aviation security, border and port operations, and first responder capabilities. Attendees are invited to visit the DHS exhibit booth #33040 in the Drones and Robotics Zone. The DHS Town Hall on Thursday, titled “Enhancing Security and Doing Business at the Speed of Life,” will be a “call to action” for show participants to help secure the future. DHS seeks to become more agile and to pursue new pathways to do business in a fast-moving world. Through strategic partnerships, DHS is mobilising the innovation community to safeguard the public trust. Security sessions DHS will also be participating in these sessions at ISC West, March 17-20 at the Sands Expo, Las Vegas, Nev: You Say It’s Going to Change the World? Tues., March 17, 9:45 a.m., Sands 302. Security relies on anticipating what comes next and staying a step ahead. How will 5G increase secure capabilities and reduce threats from bad actors? How will blockchain secure personal and financial identity and when will quantum computing render all encryption obsolete? How is DHS investing in counter-drones? How does AI change the security landscape? The New Federal Security Landscape – Are You Prepared? Wed., March 18, 1 p.m., Sands 302. The federal security landscape is evolving alongside the private sector. What are the new high-risk areas of concern and how are emerging threats (cyber, UAS) changing the way federal facilities are protected? How are these new risks balanced against traditional ones? How is the Interagency Security Committee (ISC) responding? DHS panelists will discuss. CISA Special Guest Speaker at SIA Interopfest. Wed., March 18, 4 p.m., Sands 701. Daryle Hernandez, Chief, Interagency Security Committee, DHS, Infrastructure Security Division, will provide insights to complement the technology interoperability demonstrations. Enhancing Security Through UAS Technology, A DHS Perspective. Thurs., March 19, 11:30 a.m., Venetian Ballroom. What is DHS doing today to prepare for a future of increased visualisation and automation? New questions are emerging around capabilities and vulnerabilities. Emerging technologies like AR, Next Gen Sensors, and UAS, provide the Department of Homeland Security (DHS) with tools to become more responsive and adaptive to new threats.

Art&Co., the world’s renowned online art auction for COVID-19 relief that connected art, finance and support groups, brings continued relief to COVID-19 victims a year on, via blockchain technology provided by LuxTag. LuxTag's blockchain solution Records of funds raised and dispensed to seven charities and various artists were documented using LuxTag's blockchain solution, providing a perpetual audit trail. The receiving charities providing healthcare, food, medicines and guidance to those affected by the contagion were ICU steps, The Care Workers Charity, Khalsa Aid International, Painting Our World in Silver, Solace Women's Aid, Za Teb and Race on the Agenda. The artwork collated came from more than 30 emerging artists as well as famous creators such as Pablo Picasso, Salvador Dali, Jeff Koons and Andy Warhol. The aggregate value of art available in the auction was £1.65 million (US$ 2 million) with prices ranging from £1,000 ($1,250) to £36,000 (US$ 45,000). All art created represented themes connected to the continued trying times, such as health, nature and spirituality. Blockchain technologies for immutable transactions record  Blockchain technologies provide an immutable record of transactions, transparent and open for inspection 24/7" “Blockchain technologies provide an immutable record of transactions, transparent and open for inspection 24/7,” said PremFina Group’s Chief Executive Officer (CEO), Bundeep Singh Rangar, adding “The use of LuxTag's blockchain technology not only helped record the dispersion of funds to charities, it bridged a gap between art and technology via a philanthropic cause.” “Artwork is of unique beauty and often, the beauty lies in its uniqueness. At LuxTag, we work hard to protect unique objects and their authenticity, so projects like Art&Co. 2020 are duly close to our heart,” said Jeff McDonald, the Founder of LuxTag, adding “Blockchain technology, authenticity and provenance of artwork are vivid examples of how traditional crafts can be enhanced with modern tech.” Charity work for the live Art&Co. auction Silicon Valley tech investor, Tim Draper hosted the final live auction event to drum up donations for the live Art&Co. auction, while commenting on the ability of blockchain technologies to record provenance, authenticity and ownership of art objects. Fundraising for charities and not-for-profits has become increasingly significant, as demand for their services have increased and conventional funding routes have shrunk. Helping charities in COVID-19 pandemic period More than 300 million COVID-19 infections have been recorded worldwide and new virulent variants of the coronavirus (COVID-19 virus) have emerged, such as Omicron and Delta. Nearly 15 million people have been infected in the United Kingdom, resulting in more than 150,000 deaths.

Pluralsight, Inc., the enterprise technology skills platform announced that Frontier Software is partnering with Pluralsight to upskill its workforce and modernise its technologies while executing on its mainstay software solutions. Implementing intelligent workflow automation process Frontier has partnered with Pluralsight to implement technology skills development that will close its skills gaps Based in Australia, Frontier Software provides integrated HR and payroll solutions to more than 1,500 organisations across 23 countries throughout Europe, the Asia Pacific, and the Far East, including payroll services to nearly 10% of Australia’s workforce. To keep up with the rapid pace of change and enable the business to continually evolve to meet client expectations in the age of technology, Frontier Software has partnered with Pluralsight to implement a technology skills development strategy that will close its skills gaps and transition the company’s manual processes to intelligent workflow automation and robotic automated processes. Skills development  “Keeping the business and technologists relevant in the marketplace while delivering product offerings that meet what the market demands are the hallmark of a successful business,” said Darren Hnatiw, Chief Technology Officer at Frontier Software. “Providing a solid foundation for technical skill development keeps employees engaged and satisfied while helping Frontier Software ensure we’re getting the most out of our resources.” Upskilling workforce Access to self-paced learning and quality content means we don’t have to spend resources bringing in external consultants" With Pluralsight, Frontier Software can address immediate resource needs to support current solutions by upskilling its workforce. Team members are empowered to develop the technology skills of today and the future in a way that is tailored to their role. Individuals can also take courses they deem valuable to their growth and use Pluralsight’s Skills IQ assessments to identify how to focus their effort. “The impact with Pluralsight has been huge,” added Hnatiw. “Access to self-paced learning and quality content means we don’t have to spend that time and resource bringing in external consultants.” Developing emerging technology skills Frontier Software not only uses Pluralsight to keep team members engaged and upskilled, but it is also using Pluralsight as part of its strategic roadmap to lay a foundation to develop emerging technology skills, such as blockchain and artificial intelligence, that will move the company forward. “Whether we’re addressing the needs of our core offerings, transitioning developers to web development, or steeping ourselves in new, disruptive technologies, we know we can use Pluralsight to get to the meat of their content quickly,” added Hnatiw.

Traka’s innovative key and equipment management solutions have been installed at a new national distribution centre for a top four UK supermarket. The new distribution centre, fulfils orders for the superstore’s chain across all channels, including wholesale, online and retail. On average, it deals with 2.4 million cases per week, which can grow to 3.1 million at peak periods. Biometric locker solutions To keep up with demands, our distribution centres are constantly growing and evolving" Traka’s intelligent key management and biometric locker solutions were installed to improve efficiency and reduce the risk of asset loss. The lockers also present instant access by authorised personnel to fault reporting and audit control capability. Speaking about the need for key management, a representative of the superstore chain said: “To keep up with demands, our distribution centres are constantly growing and evolving, driving new standards in design and use of technology to ensure our products get to our customers on time, in full.” Key and asset management “For the warehouse to operate at maximum capacity, we try to make it as simple as possible for authorised colleagues to gain total control of key and asset management, with full traceability at all times. Traka added value, not only in providing a solution to meet our current needs, but also a futureproof system with an opportunity to network and build, as our operation requirements continue to grow.” Three further locker systems with biometric access have been added to enhance security On site, Traka’s L-Touch key cabinets have been installed, which are specifically designed for larger organisations with a high key turnover. Three further locker systems with biometric access have been added to enhance security and ensure only authorised ‘finger print assigned’ personnel can operate assets at any given time. As with all Traka solutions, audit control capability across key cabinets and asset locker solutions presents instant traceability and reporting. Investigating networking opportunities to integrate Morrisons teams can also benefit from fault logging against items that have been returned with access rights restricted to prevent further damage, wasted time or injury until the issue is resolved. Steve Bumphrey, UK Sales Director added: “Being and maintaining a position as one of the top four retailers in the UK places an enormous responsibility on logistics teams to perform every minute of every day, with no margin for confusion or delay." "We saw first-hand the extent of the challenge and dedication to meet customer needs. As such, we installed systems that could make an instant difference and add value, with the ability to grow and meet ongoing requirements for long-term efficiency and productivity.” Whilst systems are currently installed on a standalone basis, the logistics team at the superstore is currently investigating networking opportunities to integrate Traka technology seamlessly into everyday operations, across the extensive site for the benefit of staff and visitors.

2024 was a year of significant challenges and remarkable progress in a world that is more interconnected than ever. Global collaboration continues to point the way toward continuing progress in multiple industries, including physical security. In 2024, technology continued to transform the way we connect and cooperate, driven by new technologies such as artificial intelligence (AI) and blockchain. We asked our Expert Panel Roundtable: How did the security marketplace “change for the better” in 2024?

Supply chain issues have plagued the economic recovery during and after the COVID-19 pandemic, and the problems show every indication of persisting for months or even years to come. Supply chain challenges have impacted the security marketplace in many ways, reflecting the breadth and variety of products needed to secure people, facilities, and assets. Wondering about the specifics of that impact, we asked this week’s Expert Panel Roundtable: How does disruption of the global supply chain of components impact players across the security industry?

Our Expert Panel Roundtable is an opinionated group. However, for a variety of reasons, we are sometimes guilty of not publishing their musings in a timely manner. At the end of 2020, we came across several interesting comments among those that were previously unpublished. Following is a catch-all collection of those responses, addressing some of the most current and important issues in the security marketplace in 2021.