Blockchain

Veracode, a global provider of intelligent software security, has released research indicating applications developed by organisations in Europe, Middle East and Africa tend to contain more security flaws than those created by their U.S. counterparts.  Across all regions analysed, EMEA also has the highest percentage of ‘high severity’ flaws, meaning they would cause a critical issue for the business if exploited. High numbers of flaws and vulnerabilities in applications correlate with increased levels of risk, which is particularly notable as software supply chain cyberattacks dominate headlines in 2023. Application lifecycle Researchers found that just over 80 percent of applications developed by EMEA organisations had at least one security flaw detected in their most recent scan over the last 12 months, compared to just under 73 percent of U.S. organisations. In addition, the percentage of applications containing ‘high severity’ flaws was the highest of all regions, at almost 20 percent. Percentage of applications containing ‘high severity’ flaws was the highest of all regions, at almost 20%  "Our data shows that organisations globally are continuing to deploy a worrying number of applications with a high number of flaws in the CWE Top 25,” said Chris Eng, Chief Research Officer at Veracode, adding “We did, however, identify interesting regional differences, particularly in terms of third-party or open-source code usage and the ways in which vulnerabilities are introduced across the application lifecycle.” EMEA-specific findings Analysis of data collected from more than 27 million scans across 750,000 applications helped to produce Veracode’s latest annual report on the State of Software Security. This new report showcases the EMEA-specific findings from those scans and applications, including results from UK, Germany, France, Italy and across the Middle East and Africa. Numbers alone don’t convey the consequences of hackers exploiting software vulnerabilities. With organisations across EMEA utilising an ever more complex mix of third-party software to deliver their services, the exploitation of a serious vulnerability can impact thousands of victims at once. Earlier this year, a vulnerability affecting printing software tools PaperCut MF and PaperCut NG was actively abused by threat actors. Up to 70,000 organisations in 200 countries became potential victims, and law enforcement reports found threat actors successfully compromised vulnerable entities in the education sector.  Java and Third-party Code Introduce Significant Security Flaws  Java usage is key factor in higher percentage of vulnerabilities introduced into applications in region The research identified notable regional differences in preferred language usage, with Java revealed to be the preferred language for developers in EMEA. Teams using Java were found to remediate flaws at a slower rate than those using .NET or JavaScript, causing many of these flaws to persist or remain undiscovered for significantly longer.  Moreover, as over 95 percent of Java applications are comprised of third-party or open-source code, Java usage is a key factor in the higher percentage of vulnerabilities introduced into applications in the region. This highlights the importance of software composition analysis (SCA), which picks up flaws in open-source code, and the research found a higher proportion of flaws reported by SCA in EMEA than in other regions. Public GitHub repositories As generative AI continues to gain strong traction in software development, the risk of vulnerabilities from external sources increases. A study, presented at Black Hat in 2022, showed vulnerabilities in 40 percent of code that had been written by large language models trained on vast troves of unrefined data, including millions of public GitHub repositories. It is, therefore, vital organisations leverage SCA tools to find and fix flaws, empowering developers to take advantage of AI without compromising the security of applications.  Applications Become More Vulnerable Over Time  Overall, the baseline chance that a flaw will be introduced in any given month was 27 percent The research also showed new flaws continue to be introduced into EMEA applications at a far higher rate across the entire application lifecycle than in other regions. While EMEA organisations kept updating applications, there was less of a focus on quality. After a five-year timespan, 50 percent of applications in EMEA continue to introduce new flaws, compared to just over 30 percent for the rest of the world. Overall, the baseline chance that a flaw will be introduced in any given month was 27 percent.   As such, EMEA organisations would benefit from paying more attention to the latter portion of the application lifecycle and scanning applications more regularly. They should also prioritise security training for developers, with the research finding completion of 10 interactive security labs reduces the probability of flaw introduction from 27 percent to about 25 percent in any given month. State of Software Security report “This year’s State of Software Security report shines a light on the importance of security across the entire software lifecycle, as well as the urgent need to address risks posed by third-party and AI-generated code,” said Chris Eng, adding “Whilst across the board globally we are still seeing a concerning volume of vulnerabilities, these figures are higher in EMEA across almost all measurements. Development teams in this region must take the opportunity to automate software security for regular scanning, and carefully consider their use of AI tools, both to increase security and empower developers.”  The Veracode State of Software Security EMEA 2023 recommends four actions software development teams can take to improve their cybersecurity posture.

OmniIndex, the secure web3 data platform, announces a world-first deal with Future-X Education and Cross River State in Nigeria to secure the data of every student in the state with blockchain storage and fully encrypted analytics. The new partnership will see the data of an estimated 500,000 individuals become fully protected with encryption, redacted anonymisation and web3 security. The use of blockchain and encryption technologies will enable accurate real-time insights to improve educational outcomes without ever exposing the individual personal details of those involved. Nigeria’s National Blockchain Policy The agreement with Cross River State is the first deal of its kind in the world and is a marker of Nigeria’s ambition to create a blockchain-powered economy supporting secure transactions, data sharing, and value exchange between people, businesses, and government. Nigeria’s National Blockchain Policy, released in May 2023, outlines the key benefits of such an approach, including the improved transparency and accountability, increased efficiency, enhanced security and financial inclusion that blockchain technology can provide. Nigerian government’s commitment Blockchain storage coalition will ensure the security, integrity, and privacy of students' data  The Nigerian tech sector is one of the fastest growing in Africa and this is backed by the government’s commitment to investment in new technologies. In 2022, the technology start-up ecosystem is said to have attracted around $1 billion to Nigeria.  This latest blockchain storage partnership will ensure security, integrity, and privacy of students' data using blockchain technology, fully homomorphic encryption (FHE), and artificial intelligence (AI) technology. The deal will maintain the Nigerian government’s commitment to meet global trends, UNESCO’s requirements for Future Education Management Information Systems (EMIS) and its Education 2030 vision. OmniIndex’s web3 data platform OmniIndex’s web3 data platform partnership with Future-X enables the Federal Ministry of Education to upgrade Nigeria’s educational data management infrastructure. With the support of OmniIndex, Future-X’s proven EMIS now offers complete accountability with blockchain’s real-time recording of all access and transactions. It also means it has full security with data never exposed to attack, encrypted at all times, immutable, and continually monitored for unauthorised access through its built-in narrow AI engine. OmniIndex’s blockchain storage and encrypted analytics platform uses machine learning (ML) and a large language model (LLM) to provide insights on the fully encrypted data without revealing sensitive information or putting it at risk. Cloud-based education management  Future-X Education is adding pioneering security and privacy to cloud-based education regime data system Caroline Adikpo-Edet, Director Planning, Research and Statistics Department Cross-River State Ministry of Education, said: “Getting accurate data of schools, staffs and learners in Cross River State Ministry of Education has been a challenge but with Future-X, we have been able to solve these challenges and many others.” Future-X Education CEO Dr Patrick Adeneye, said: "Thanks to Omnilndex, Future-X Education is adding industry-pioneering security and privacy to our cloud-based education management information system. We will now be able to expand to more schools and help even more teachers and students in Africa securely access the data they need without any risk of third-party access or exposure." Author's quote  OmniIndex CEO Simon Bain said: “It is fantastic to be working with the Federal Ministry of Education in Nigeria on this project. It is time for everyone to stop talking about the future potential of blockchain technologies, and to actually use blockchain and other related web3 innovations to start making a real difference today. As the world’s only provider of commercial fully homomorphic encryption within a blockchain data storage platform, OmniIndex is proud to be at the forefront of this new Web3 era." “There is a huge appetite for this to be the first of many such deals across Nigeria and we are in active discussion with other states to provide the same data protection and privacy for educational data while providing much-needed insights.”

Renowned for its innovative streak in blockchain security since 2018, SecuX is poised to reveal its latest creation, the Shield BIO card-type hardware wallet, at TOKEN 2049-one of the crypto industry's marquee events scheduled for 13-14 September 2023, in Singapore. The Shield BIO is emblematic of next-gen crypto security, masterfully combining biometric fingerprint authentication with the handy format of a credit card. Security features of SecuX  At the heart of this avant-garde wallet is the military-grade Secure Element chip, synonymous with the robust security features of all SecuX hardware wallets, ensuring unparalleled protection for digital treasures. The incorporation of biometric technology enhances this security, ensuring that only authenticated users can access their assets. "Our trajectory in the industry underscores our commitment to pioneering unmatched blockchain security solutions. The Shield BIO Card Wallet is a testament to our unwavering dedication to supreme security, top-notch functionality, and sleek design," commented Peter Chen, CEO at SecuX. SecuX's commitment Breadth of SecuX's commitment to blockchain security shines through its diverse product lineup The breadth of SecuX's commitment to blockchain security shines through its diverse product lineup. Highlights include the V20 crypto wallet, renowned for supporting a staggering 10,000+ coins and tokens, and the SecuX Nifty-an NFT-display hardware wallet that bagged the prestigious iF design award in 2023. Additionally, the company’s payment terminals are tailored for the ever-evolving crypto sphere; and the XSEED series, offering robust steel cold storage solutions, further elevates its standing in the blockchain community. ASUS Metaverse  2023 has been especially noteworthy for SecuX, marked by key alliances with cybersecurity behemoth - Trend Micro, birthing the co-branded W20 wallet, and collaboration with ASUS Metaverse on the ground-breaking MnemonicX 2048 soul-bound NFT initiative. "In an ever-evolving crypto world, the demand for robust yet user-centric security solutions grows exponentially. The Shield BIO isn't merely a product; it's an assurance of peace of mind," adds Peter Chen.

For the first time, SentrySafe, the global pioneer in fire storage and security solutions, has teamed up with Master Lock, the enduring name in padlocks, to launch the new Next Generation Fire Safe. Available to purchase, the Next Generation Fire Safe is a first-of-its-kind product from the brand featuring all-new exclusive “Master Lock Security, Built-In” technology that empowers consumers to be ready for the unexpected. With unparalleled fireproof and waterproof storage for documents and irreplaceable valuables, the safe helps users secure everything worth protecting. Next Generation Fire Safe With a storage capacity of .81 cubic feet and a weight of roughly 55 pounds, the Next Generation Fire Safe is ideal for safeguarding important documents, passports, birth certificates, jewelry, heirlooms, cash, and more in the home or office.  Categorised based on its primary locking mechanism, traditional combination dial entry, or digital keypad entry, the safe is offered in nine different models with features such as adjustable shelving, internal lighting, key hooks, and more to fit each user’s individual preferences and needs.  Best-in-class technology in a single solution We’re helping to provide peace of mind with this new safe, so people can rest assured" “Bound by shared values and a commitment to innovation, both SentrySafe and Master Lock are proud to meld each brand’s best-in-class technology into a single solution with the new Next Generation Fire Safe,” said Michelle Ozga, category manager at The Master Lock Company. “As preparing for unexpected emergencies and natural disasters becomes increasingly top of mind, we’re helping to provide peace of mind with this new safe, so people can rest assured knowing their most important keepsakes and documents are well-protected for years to come.” Fire safe features Always looking ahead to offer the next cutting-edge solution, SentrySafe reviewed past consumer feedback to create the Next Generation Fire Safe, incorporating several different design modifications to create the best product on the market. Top product features include: Top-Rated Fire and Water Protection – The Next Generation Fire Safe’s enhanced design sets it apart from many competitors to offer best-in-class fire protection with 1-hour UL-certified fire resistance at 1700 degrees Fahrenheit and 1-hour fire protection for digital media up to 1700 degrees Fahrenheit. Tailored to users’ needs and preferences, select safe models also defend against damage from floods, with guaranteed water protection in up to 5 inches of water for up to 24 hours. SentrySafe also offers an after-fire replacement programme to ensure valuables stay protected after tragedy strikes. Enhanced Master Lock Security, Built In – The safe’s advanced, multi-point protection system effectively resists physical attacks and lock manipulation, while its pry-resistant hinge bar in the safe door protects against theft attempts. Digital models also feature three large bolts that automatically lock and provide audible confirmation when closing the safe. Lithium-Ion Batteries Included in Safe – While most safes do not include batteries or long-lasting power solutions, the Next Generation Fire Safe arrives with lithium batteries already installed that provide an extended battery life of 5+ years, simplifying the process of setting up the safe and protecting valuables longer. Fire and Water Bolt-Down Kit – The Next Generation Fire Safe comes with a bolt-down kit that ensures thieves cannot easily remove the safe while maintaining fire and water protection. Override Key – Should safe owners forget their combination or keyed passcode, the Next Generation Fire Safe also comes with an exterior override lock and key set. Sleek, Modern Design – Without sacrificing effectiveness, the Next Generation Fire Safe also features design improvements, including the textured herringbone exterior, angled corners, and a new integrated metal handle that offers secure yet simple access. Responsible Packaging – As part of the brand’s commitment to supporting the environment, the Next Generation Fire Safe packaging is designed with sustainability in mind.

AI is the most effective method for improving anti-money laundering (AML) processes and efficiencies according to AML professionals, research from Feedzai, a pioneering provider of financial crime and risk management solutions. AML ecosystem Feedzai’s The State of Global Anti Money Laundering Compliance Report 2023 surveyed compliance professionals to discover what the biggest threats and opportunities are in the AML ecosystem. It found that 46% of AML professionals are concerned about increasingly sophisticated money laundering techniques, including generative AI. The threat from generative AI and linked technology is now the top challenge for AML professionals, overtaking regulation, cryptocurrency and blockchain, the top threats cited in 2022. Despite no longer occupying the top spot, crypto still remains front of mind for AML professionals. Over half (53%) of those surveyed said that the money laundering activities within their scope are predominantly linked to cryptocurrency transactions. Cryptocurrencies' anonymous and decentralised nature is being exploited to conceal the origins of illicit funds, exacerbating the challenges in detection and monitoring. Result of AI integration AML experts say AI and machine learning are the most useful plans for handling money laundering As criminals utilise increasingly sophisticated technology, so too do those seeking to protect consumers. A third (33%) of AML professionals say that AI and machine learning are the most effective methods for preventing money laundering. Of those already adopting AI, 60% said that the technology has already been effective in driving efficiencies in their organisation’s AML processes.  Looking ahead, over half (51%) of respondents believe that increased use of AI and machine learning is the future of AML and KYC (Know Your Customer) programmes. With the potential to instantly analyse huge data sets, AI is already helping investigators identify bad actors and diffuse threats. As a result of AI integration, see improved KYC processes, reduced false positives, and also a reduced cost burden on compliance professionals. Author's quote Nick Parfitt, Principal AML SME at Feedzai said, “Fraudsters are capitalising on fast-developing technologies to trick existing AML programmes, in many cases using generative AI to their advantage. Our latest report reiterates the demand from AML professionals for their organisations to adopt AI in combination with human insight as a defensive weapon to improve their compliance process and efficiencies."  “Banks and financial institutions are sitting on a wealth of data that they can use to better protect their customers and business. By taking a RiskOps approach, they can put this data to good use by creating a 360-degree view of customer risk that addresses the entire lifecycle of financial crime and compliance, – helping to stop criminals in their tracks before they can do any damage.”

Sentry Enterprises, a cutting-edge company that is transforming what identity means across the physical and digital worlds, announces an alliance with Allegion for customers seeking “trusted-identity” utilising two-factor biometric authentication without expensive infrastructure investment. Allegion, with pioneering brands like Schlage®, Von Duprin® and LCN®, specialises in security around the doorway and beyond, with products that help keep people safe and secure where they live, work, learn and visit. Sentry Enterprises is the creator and maker of SentryCard, a private biometric identity and security solution that operates at the edge. By replacing reliance on passwords with fraud-proof biometric authentication, SentryCard moves security forward with built-in resilience against various threats threat that involves stolen or forged credentials. SentryCard’s authentication solution "The alliance with Allegion delivers biometric authentication and trust that is critical in protecting assets and securing access for enterprises, governments and individuals,” said Mark Bennett, CEO at Sentry Enterprises. “The ability to ensure absolute identity on our SentryCard means that only the individual authorised to access a door or lock is the person entering the door.” Sentry teamed with Allegion and supports end user-owned encryption keys equipped with SCEKS Sentry teamed with Allegion and now supports end user-owned encryption keys provisioned with Schlage’s Custom Encryption Key Service (SCEKS)–enabling these keys to be configured to the MIFARE® DESFire® chip embedded within Sentry’s biometric credential. SentryCard’s two-factor authentication solution is interoperable with Schlage’s award-winning intelligent wired and wireless electronic lock portfolio, Schlage card readers and other NXP-aligned hardware manufacturers. Sentry’s end-to-end biometric platform Sentry’s end-to-end biometric platform addresses user-controlled, proof-of-identity, a critical element missing in highly connected and integrated security, cryptocurrency, and access technologies. The universal identity platform delivers biometric authentication that quickly provides proof-positive identification in all access control systems. Biometric authentication is critical in protecting assets and securing access for enterprises, governments and the military, as well as cryptocurrency and blockchain markets. “Allegion offers strong solutions and a global market presence,” commented Mr. Bennett. “Our technology offers absolute proof of identify for any end user that made the choice to tap Allegion for their access control needs. Using biometrics to activate credentials is an emerging solution, and our technology makes the solution even stronger.”

It’s no secret that the data security sector is constantly changing. It has an annual CGR of about 12.3%. Future trends in data security Much of this has to do with the rise of cybercrime in recent years, with reports showing that cyberattacks happen as often as every 39 seconds. To combat the growing rate of cybercrime, data security has been on the rise. As we journey further into this era, it becomes evident that a spectrum of significant trends is molding the future of data security. This exploration delves into a selection of these trends, unraveling their importance and the potential implications they carry  1. AI security tools will increase  Artificial Intelligence is also being used in the development of smart attacks and malware The introduction of Artificial Intelligence in the data security industry brought significant changes, especially in cybersecurity. AI has been the golden standard for face detection, natural language processing, automated threat detection, and automated security systems. Additionally, Artificial Intelligence is also being used in the development of smart attacks and malware, bypassing even the latest security protocols in data control. And as time progresses, AI security tools will flourish and dominate the scene. Let’s take a more in-depth look at three of the top AI security tools. Targeted attack analysis tool  Manufacturers utilise targeted attack analysis tools to uncover targeted and stealthy attacks. Artificial Intelligence can be applied to the program’s capabilities, processes, and knowledge. For instance, Symantec launched this tool to combat the Dragon 2.0 attack in 2022. The phishing attack reprimanded multiple energy companies while trying to gain access to their operational networks. Targeted Attack Analysis Tools can analyse incidents and look for similarities from previous situations. They also help detect suspicious activities and collect all the necessary data to determine whether a specific action is malicious. Intercept X tool  Results from the Intercept X Tool feature high accuracy and a low false positive rate Sophos, a British security hardware and software company, launched the Intercept X Tool. It engages a neural network that records and analyses data like a human brain. Sophos’ Intercept X Tool can extract features from a single file and perform a deep analysis. It detects malicious activities within 20 milliseconds. Plus, it’s also trained to work on bi-directional sharing and real-world feedback of threat intelligence. Results from the Intercept X Tool feature high accuracy and a low false positive rate.  IBM Watson Technology  IBM’s QRadar Advisor uses IBM Watson Technology, a unique AI tool for fighting cyber attacks. Artificial Intelligence can auto-investigate activities and indicators for potential exploitation or compromise. With cognitive reasoning, IBM Watson Technology can present critical insights to accelerate the response cycle. Security analysts can utilise this technology to search for threat incidents, reducing the risk of letting them fly under the radar. 2. Blockchain as a security solution  It guarantees no points of failure or hackable entrances that can expose datasets inside the system Blockchain is a type of distributed ledger technology (DLT) that aims to establish trust within an untrusting ecosystem. Today it’s one of the most robust cybersecurity technologies in the industry. Blockchain utilises a decentralised ledger system, but your team members can still gain access to transparent information in the cloud. Members can also record, pass along, and view necessary transactional data in the blockchain. The entire blockchain process maintains data integrity within the system while establishing trust among team members. It guarantees no points of failure or hackable entrances that can expose datasets inside the system. Cybersecurity, biometrics Cybersecurity primarily benefits from these features because blockchain can create a secure and robust wall between data and hackers. On top of that, blockchain ledgers can include biometrics like fingerprints and retina scans. These prevent hackers from accessing any private data. Because blockchain is decentralised, it also limits hackable data. Together with the technology’s record-keeping system, each node is provided insight into data manipulation exposing real-time cybercrime attempts.  3. Increased and widened access control  Without access control, expect your company to be open to security issues, including theft, data loss, and breach of data Access control is critical in data security. More than a valuable security tool, business leaders can use access control to regulate people accessing any given resource. A company with an IT security setting can control who has the liberty to edit certain files. One of the primary goals of access control is to minimise threats or attacks to organisations and businesses to keep people and data secure. Without access control, expect your company to be open to security issues, including theft, data loss, and breach of data protection laws. Benefits The benefits of increased and widened access control include: Identifying who can access and control your data at specific time intervals. Protecting data from overwriting, accidental deletion, and malicious intent. User permissions that can be readily changed. Compliance and regulation with data privacy laws. Central management of access to data through a reporting portal or a dashboard.  Multi-factor authentication Access control comes in various types and systems, so it’s critical to know the features of what you’re looking for. The most common type is multi-factor authentication or MFA. It involves multiple steps before logging in, requiring the user to enter other relevant information besides the password. Some other examples of information include biometrics, answering a security question, or entering a code sent to the user’s email address. Two-factor authentication, role-based access control Two-factor authentication further prevents unauthorised entries that can result in unnecessary data possession Two-factor authentication further prevents unauthorised entries that can result in unnecessary data possession.  Another type of access control is role-based access control. In this setup, only one individual can set up access guidelines and grant permissions to specific team members within an organisation. 4. Greater use of the zero-trust security model  The zero-trust security model is a framework that requires every user within and outside the organisation to undergo authentication, authorisation, and validation. These are all essential to ensure proper security configuration before access is granted to the company’s applications and data. A zero-trust model assumes that anyone can cause data breaches and that a traditional network edge is not taken into effect. Moreover, it addresses the following modern-day challenges: Hybrid cloud environments. Security of remote workers. Ransomware threats.  This framework utilises the combination of multiple advanced technologies, including:  A risk-based multi-factor authentication. Endpoint security.  Identity protection.  Cloud workload technology.  The zero-trust model uses all these innovative tools for system identification, user verification, access consideration, and system security maintenance. Constant validation and monitoring Enforcing strict policies and compliance with data privacy laws are also essential Additionally, it also considers data encryption, email security, and asset verification before establishing connections with applications. The architecture of a zero-trust framework requires constant validation and monitoring of the users and the devices they are using. Enforcing strict policies and compliance with data privacy laws are also essential. More importantly, the zero trust architecture requires all organisations to be aware of all their available services and accounts to gain complete control of data handling and manipulation. 5. Increased privacy regulations  Privacy regulations and policies guide organisations in proper data control, handling, and security. These policies guide organisations in proper data control, handling, and security. As a responsible business owner, you must comply with these regulations to avoid legal issues. With cybersecurity attacks becoming common, expect increased and stricter privacy regulations to be released in the next few years. While current policies are still taken into effect, various modifications and adjustments will occur to compete with the rising numbers of data breaches, thefts, data loss, and more.  California Privacy Rights Act (CPRA) Currently, the California Privacy Rights Act (CPRA) is the most comprehensive legislation on state data privacy. It only started to take effect on January 1, 2023. The CPRA introduces the following principles: Broad individual consumer rights. Significant duties of people who need to collect sensitive and personal information. Additional definitions of data privacy and security. An individual’s duties include releasing information about data collection to concerned data subjects and proper access, correction, and deletion of information. Final thoughts  2023 is a big year for data security. Trends such as increased adoption of zero-trust policies, a greater reliance on AI security tools, and the implementation of blockchain as a security solution are all things we expect to see shortly.  Staying up-to-date with these trends is important for keeping your business current and ensuring that you’re adhering to new and changing regulations. Doing so can give you an edge over the competition and keep you out of legal hot water.

Identity management is an important element of both data security and physical security in an organisation. But all ID management solutions are not the same—especially when it comes to security. There are no uniform security standards for the industry, and many off-the-shelf systems fall short when it comes to data protection. To protect people, property, and data, make sure you select a system that maximises security at every stage. What is identity management? Identity management—also known as ID Management (IdM) or Identity and Access Management (AIM)—is a framework for managing digital identities and controlling who has access to what. It includes both policies laying out what types of access different people should have and technologies for enabling and enforcing those access controls. An identity management system makes it easy for IT to define access levels for individuals or groups within the organisation. Each user is assigned a unique identity within the system with specific user rights and restrictions These systems enable companies to increase security and productivity while reducing the costs and labour associated with security efforts. At the lowest level, identity management involves defining what a user is allowed to do on a network, with what devices, and under what circumstances. Each user is assigned a unique identity within the system with specific user rights and restrictions. Specific business system For example, what files, business systems, and programs is the user allowed to access? What are they allowed to do within a specific business system? What physical locations and resources are they allowed to access, and at what times? Access rights and restrictions may be role-based or individualised. An IdM system may provide the backend for a Single Sign-on (SSO) system that controls access to everything on the network with one user identification key. Many security products focus on mobile device management (MDM) systems that control access of devices to the corporate network. As more workers shift to remote and hybrid models, managing what devices are authorised to connect to the network, how users are authenticated when they log on to the device, the activities that can be performed by these devices while on the network, and the data and applications they have access to while offline is essential. Meeting the security challenge Ultimately, the ID management system is only as secure as the access system it connects to In an IdM solution, the user administration system that provisions the roles and rights within the system is linked to an access system that verifies the identity of the user. Ultimately, the ID management system is only as secure as the access system it connects to. Access systems include input screens for passwords or PINs, biometric input systems (such as fingerprint or facial recognition), or readers that connect to identification media (such as an ID badge or smartphone) via Radio-Frequency Identification (RFID), Bluetooth® Low Energy (BLE), or Near-Field Communication (NFC). Some systems may require multifactor identification. RFID and smartphone-enabled BLE and NFC access systems are highly popular for their combination of security, reliability, user convenience, and ease of administration. While there are many access systems available, there are no uniform standards for security—and many standard systems are not very secure. User administration system When evaluating security for an IdM and access system, there are two important aspects to consider. Data storage: How is data stored in the IdM system and on the local reader or input device? Are user identities, rights, and activity logs stored in an unencrypted table on a single server or device? Is a blockchain system used for data storage? Or something in between? Data transmission: How is data transmitted between the access system and the user administration system? Is data transmitted in encrypted form? Is the Advanced Encryption Standard (AES) used? Security starts with the creation of the user ID and identification medium Security starts with the creation of the user ID and identification medium. To protect business data and systems, organisations should look for an IdM solution that uses industry best practices for encrypted data storage and transmission. If using ID badges—as a majority of organisations still do—they also need to consider how and where those badges are produced. Industry best practices For example, our partner evolutionID offers a secure ID-Management system with extended security functions. In-house badge production enhances security by eliminating the need to send sensitive, personalised data to a third-party badge printer. It also streamlines the badge production process, so employees can get their badges right away without waiting. With the creation of the identification medium, individual security features such as biometric properties, user ID, and permissions can be programmed directly onto the transponder card using an RFID reader or distributed to relevant systems by interfaces. This system maximises security and gives organisations the tools they need to customise their security concept for their needs. On top, cost-saving self-service features such as image acquisition or badge management are available for every employee on any device.

Every day, millions of people worldwide use their personal credentials to prove their identity and access a range of services, from databases in their workplace to the banking app on their smartphone. But while this ensures only authorised people have access to certain systems, the use of this personal data opens users up to cyber risks, primarily in the form of identity theft. On Identity Management Day, Source Security spoke to seven IT and cybersecurity experts to discuss their experiences and advice on identity management, including James Brodhurst, Principal Consultant at Resistant AI, who reinforces that: “Securing identities is more important than ever, as fraud and identity theft has impacts for businesses as much as for individuals.” Effective identity management He recommends that businesses and other organisations that use consumer identities as an integral part of operations must address the significant challenges of managing identities and recognise that there is no single solution to all possible cyber threats. Effective identity management is only achieved through a broad range of technologies and data. Businesses have a critical role to play in mitigating cyber threats, as does society as a whole" This is an important first step for organisations to know who they are interacting with, and subsequently distinguish between genuine or illicit actions. “Businesses have a critical role to play in mitigating cyber threats, as does society as a whole. Initiatives such as Identity Management Day serve to increase our collective awareness of the issues and threats we’re facing, and also safeguard sensitive data.” External cyber defences “Why is identity theft so common?” ponders Andy Swift, Technical Director of Offensive Security at Six Degrees. “Well, the simple answer is stealing account credentials is big business. There is a massive industry out there of people stealing and selling credentials on the dark web. I don't suggest you venture to the marketplaces through which stolen credentials are sold on the dark web, but if you did you'd find lists of credentials with different attributes – whether they've been tested, whether they have access to financial data – that dictate price.” “Most stolen credentials are sold to people looking to launch phishing and onward phishing attacks, giving them access to compromised mailboxes to send emails from. Secondly, there are hackers who want to launch attacks – ransomware, more than likely – from within a network without having to navigate its external cyber defences while also evading the long wait for brute force attacks, phishing attacks and other noisy activities to pay off.” Access sensitive data Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target" “And thirdly, there are people who want to simply target external administration interfaces they have identified (RDP for example) which they can in turn use to pivot through to internal networks, or even just target the external host directly.” Gregg Mearing, Chief Technology Officer at Node4, adds: “Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target. In 2020 alone there were 193 billion credential stuffing attacks globally. Attacks commonly start with a database of stolen credentials, usually with usernames, emails and passwords – although phishing emails and suspicious websites are also used to steal corporate credentials. Once they have gained entry into the organisation's system, the attacker can move laterally, completely unnoticed, to access sensitive data, remove files or plant malware.” Most common threats “Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene, 65% of people still reuse passwords across multiple accounts. There can be no doubt that employees are the first line of defence for an organisation against a cyber attack. If trained properly, they can act as a human firewall. However, poor cyber hygiene, a lack of best practice when it comes to managing credentials, and a limited understanding of the most common threats can make an organisation’s employees its greatest weakness.” Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene" Alongside credential stuffing and phishing, Liad Bokovsky, Senior Director of Solutions Engineering at Axway, explains how API attacks are yet another way criminals are executing identity theft: “In fact, last year API attacks increased 348%, and companies affected included some of the largest corporations – Facebook, Instagram, and Microsoft.” Protecting customers’ data “Companies need to do a better job at protecting their customers’ data. In a recent survey, 82% of UK consumers confirmed they would stop doing business with a company if it suffered a data breach that exposed their personal information.” “Thriving and surviving in today’s hyper-connected economy increasingly depends on having sufficient API maturity in place to ensure that anything connecting to an organisation’s servers – devices, apps, customers – is managed appropriately to keep APIs, customer data and the company’s reputation safe. This means having technology and processes in place to make sure that API design, implementation, and management are done properly.” Owning smart devices This needs to change and with the UK no longer required to adhere to EU-GDPR legislation" Michael Queenan, CEO, and Co-Founder of Nephos Technologies, explains how the huge volumes of personal data being created every day are putting consumers at risk: “Whether shopping online, setting up a social media account or simply reading a news article, we are regularly being asked for our identifiable information. With 10% of UK homes now owning smart devices – e.g. an Alexa or a Ring doorbell – our data is constantly being collected, even within our own homes. Should it fall into the wrong hands, it could be used for identity theft or fraud.” “This needs to change and with the UK no longer required to adhere to EU-GDPR legislation, it presents an opportunity to rectify how personal data can be shared. Ultimately, I believe individuals should be responsible for their own data and how it is used.” Ensure data privacy “A possible way of achieving this is through identity-centric blockchain, whereby everyone has a national email address associated with their blockchain identity that permits access to their personal data. This would ensure that only you get to decide who has access – your data, your choice!” This would ensure that only you get to decide who has access – your data, your choice" Steve Young, UKI Sales Engineering Director at Commvault also comments on how identity management is vital for meeting data regulations, thereby supporting data management throughout the business: “In the world of data management, you’d be forgiven for thinking that the focus is all on backups and recovery. But while these are absolutely crucial elements, another key aspect of data management is identity management – only through understanding it will businesses be able to drive their data management to the next level. Identity management is necessary to ensure data privacy.” Latest data regulations “Many people will be most familiar with its function as a way to restrict access of employees to certain files and resources that may hold sensitive or classified information. But what is becoming more important today is how identity management also helps prevent cybercriminals entirely outside an organisation from gaining unauthorised access to a system and initiating a ransomware attack, for example. Because of this, identity management helps businesses be compliant with the latest data regulations, as it ensures that any customer data collected and stored is kept secure.” So, what solutions should IT leaders be prioritising to strengthen their identity management measures? Six Degrees’ Andy Swift recommends multi-factor authentication (MFA): “MFA provides great defence against identify theft, but it's also a reactive technology: for it to be effective, an attacker must already have obtained stolen credentials.” Cyber security training Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management" “That's why comprehensive cyber security training and education on best practices is quite possibly more important than any technology could ever be alone. There's no silver bullet when it comes to achieving strong identity management, but the importance of threat awareness and training cannot be overstated.” “We advocate for the best practices that ensure cyber hygiene and protect personal and professional identities and credentials to prevent credential-based attacks from continuing,” concludes Tyler Farrar, CISO at Exabeam. “Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management, but organisations must build a security stack that is consistently monitoring for potential compromise." "Organisations across industries can invest in data-driven behavioural analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behaviour indicative of credential theft, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time.”

The U.S. Department of Homeland Security (DHS) will be participating at ISC West in a big way. Representatives of the federal department will be taking part in more education sessions this year, and the DHS tech-scouting team will be on hand to view the latest technologies on display at the show. Exhibitors – and anyone else at the show – are invited to the “DHS Town Hall” on March 19 (Thursday) at 3:30 p.m. in meeting room Galileo 1001. The aim is for DHS to engage with the technology community and provide guidance as industry innovation moves forward. In the face of growing operational demands and complex threats, the need for homeland security technology solutions continues to rise. The Department of Homeland (DHS) is seeking new ideas and partners to safeguard public trust, save lives, reduce risks, and protect the flow of commerce and goods for the community. They will share information about the department’s problem sets, capability needs and business opportunities for accelerating technology development to ensure they are keeping pace with the speed of innovation and complex threats. Speaking at ISC West DHS seeks to challenge industry partners to develop technology to enhance security operations across multiple end user missions. The DHS Science and Technology Directorate (S&T) and Cybersecurity and Infrastructure Security Agency (CISA) will jointly speak and exhibit at ISC West. Attendees can meet DHS professionals working in cyber security, critical infrastructure, resilience, aviation security, border and port operations, and first responder capabilities. Attendees are invited to visit the DHS exhibit booth #33040 in the Drones and Robotics Zone. The DHS Town Hall on Thursday, titled “Enhancing Security and Doing Business at the Speed of Life,” will be a “call to action” for show participants to help secure the future. DHS seeks to become more agile and to pursue new pathways to do business in a fast-moving world. Through strategic partnerships, DHS is mobilising the innovation community to safeguard the public trust. Security sessions DHS will also be participating in these sessions at ISC West, March 17-20 at the Sands Expo, Las Vegas, Nev: You Say It’s Going to Change the World? Tues., March 17, 9:45 a.m., Sands 302. Security relies on anticipating what comes next and staying a step ahead. How will 5G increase secure capabilities and reduce threats from bad actors? How will blockchain secure personal and financial identity and when will quantum computing render all encryption obsolete? How is DHS investing in counter-drones? How does AI change the security landscape? The New Federal Security Landscape – Are You Prepared? Wed., March 18, 1 p.m., Sands 302. The federal security landscape is evolving alongside the private sector. What are the new high-risk areas of concern and how are emerging threats (cyber, UAS) changing the way federal facilities are protected? How are these new risks balanced against traditional ones? How is the Interagency Security Committee (ISC) responding? DHS panelists will discuss. CISA Special Guest Speaker at SIA Interopfest. Wed., March 18, 4 p.m., Sands 701. Daryle Hernandez, Chief, Interagency Security Committee, DHS, Infrastructure Security Division, will provide insights to complement the technology interoperability demonstrations. Enhancing Security Through UAS Technology, A DHS Perspective. Thurs., March 19, 11:30 a.m., Venetian Ballroom. What is DHS doing today to prepare for a future of increased visualisation and automation? New questions are emerging around capabilities and vulnerabilities. Emerging technologies like AR, Next Gen Sensors, and UAS, provide the Department of Homeland Security (DHS) with tools to become more responsive and adaptive to new threats.

Art&Co., the world’s renowned online art auction for COVID-19 relief that connected art, finance and support groups, brings continued relief to COVID-19 victims a year on, via blockchain technology provided by LuxTag. LuxTag's blockchain solution Records of funds raised and dispensed to seven charities and various artists were documented using LuxTag's blockchain solution, providing a perpetual audit trail. The receiving charities providing healthcare, food, medicines and guidance to those affected by the contagion were ICU steps, The Care Workers Charity, Khalsa Aid International, Painting Our World in Silver, Solace Women's Aid, Za Teb and Race on the Agenda. The artwork collated came from more than 30 emerging artists as well as famous creators such as Pablo Picasso, Salvador Dali, Jeff Koons and Andy Warhol. The aggregate value of art available in the auction was £1.65 million (US$ 2 million) with prices ranging from £1,000 ($1,250) to £36,000 (US$ 45,000). All art created represented themes connected to the continued trying times, such as health, nature and spirituality. Blockchain technologies for immutable transactions record  Blockchain technologies provide an immutable record of transactions, transparent and open for inspection 24/7" “Blockchain technologies provide an immutable record of transactions, transparent and open for inspection 24/7,” said PremFina Group’s Chief Executive Officer (CEO), Bundeep Singh Rangar, adding “The use of LuxTag's blockchain technology not only helped record the dispersion of funds to charities, it bridged a gap between art and technology via a philanthropic cause.” “Artwork is of unique beauty and often, the beauty lies in its uniqueness. At LuxTag, we work hard to protect unique objects and their authenticity, so projects like Art&Co. 2020 are duly close to our heart,” said Jeff McDonald, the Founder of LuxTag, adding “Blockchain technology, authenticity and provenance of artwork are vivid examples of how traditional crafts can be enhanced with modern tech.” Charity work for the live Art&Co. auction Silicon Valley tech investor, Tim Draper hosted the final live auction event to drum up donations for the live Art&Co. auction, while commenting on the ability of blockchain technologies to record provenance, authenticity and ownership of art objects. Fundraising for charities and not-for-profits has become increasingly significant, as demand for their services have increased and conventional funding routes have shrunk. Helping charities in COVID-19 pandemic period More than 300 million COVID-19 infections have been recorded worldwide and new virulent variants of the coronavirus (COVID-19 virus) have emerged, such as Omicron and Delta. Nearly 15 million people have been infected in the United Kingdom, resulting in more than 150,000 deaths.

Pluralsight, Inc., the enterprise technology skills platform announced that Frontier Software is partnering with Pluralsight to upskill its workforce and modernise its technologies while executing on its mainstay software solutions. Implementing intelligent workflow automation process Frontier has partnered with Pluralsight to implement technology skills development that will close its skills gaps Based in Australia, Frontier Software provides integrated HR and payroll solutions to more than 1,500 organisations across 23 countries throughout Europe, the Asia Pacific, and the Far East, including payroll services to nearly 10% of Australia’s workforce. To keep up with the rapid pace of change and enable the business to continually evolve to meet client expectations in the age of technology, Frontier Software has partnered with Pluralsight to implement a technology skills development strategy that will close its skills gaps and transition the company’s manual processes to intelligent workflow automation and robotic automated processes. Skills development  “Keeping the business and technologists relevant in the marketplace while delivering product offerings that meet what the market demands are the hallmark of a successful business,” said Darren Hnatiw, Chief Technology Officer at Frontier Software. “Providing a solid foundation for technical skill development keeps employees engaged and satisfied while helping Frontier Software ensure we’re getting the most out of our resources.” Upskilling workforce Access to self-paced learning and quality content means we don’t have to spend resources bringing in external consultants" With Pluralsight, Frontier Software can address immediate resource needs to support current solutions by upskilling its workforce. Team members are empowered to develop the technology skills of today and the future in a way that is tailored to their role. Individuals can also take courses they deem valuable to their growth and use Pluralsight’s Skills IQ assessments to identify how to focus their effort. “The impact with Pluralsight has been huge,” added Hnatiw. “Access to self-paced learning and quality content means we don’t have to spend that time and resource bringing in external consultants.” Developing emerging technology skills Frontier Software not only uses Pluralsight to keep team members engaged and upskilled, but it is also using Pluralsight as part of its strategic roadmap to lay a foundation to develop emerging technology skills, such as blockchain and artificial intelligence, that will move the company forward. “Whether we’re addressing the needs of our core offerings, transitioning developers to web development, or steeping ourselves in new, disruptive technologies, we know we can use Pluralsight to get to the meat of their content quickly,” added Hnatiw.

Traka’s innovative key and equipment management solutions have been installed at a new national distribution centre for a top four UK supermarket. The new distribution centre, fulfils orders for the superstore’s chain across all channels, including wholesale, online and retail. On average, it deals with 2.4 million cases per week, which can grow to 3.1 million at peak periods. Biometric locker solutions To keep up with demands, our distribution centres are constantly growing and evolving" Traka’s intelligent key management and biometric locker solutions were installed to improve efficiency and reduce the risk of asset loss. The lockers also present instant access by authorised personnel to fault reporting and audit control capability. Speaking about the need for key management, a representative of the superstore chain said: “To keep up with demands, our distribution centres are constantly growing and evolving, driving new standards in design and use of technology to ensure our products get to our customers on time, in full.” Key and asset management “For the warehouse to operate at maximum capacity, we try to make it as simple as possible for authorised colleagues to gain total control of key and asset management, with full traceability at all times. Traka added value, not only in providing a solution to meet our current needs, but also a futureproof system with an opportunity to network and build, as our operation requirements continue to grow.” Three further locker systems with biometric access have been added to enhance security On site, Traka’s L-Touch key cabinets have been installed, which are specifically designed for larger organisations with a high key turnover. Three further locker systems with biometric access have been added to enhance security and ensure only authorised ‘finger print assigned’ personnel can operate assets at any given time. As with all Traka solutions, audit control capability across key cabinets and asset locker solutions presents instant traceability and reporting. Investigating networking opportunities to integrate Morrisons teams can also benefit from fault logging against items that have been returned with access rights restricted to prevent further damage, wasted time or injury until the issue is resolved. Steve Bumphrey, UK Sales Director added: “Being and maintaining a position as one of the top four retailers in the UK places an enormous responsibility on logistics teams to perform every minute of every day, with no margin for confusion or delay." "We saw first-hand the extent of the challenge and dedication to meet customer needs. As such, we installed systems that could make an instant difference and add value, with the ability to grow and meet ongoing requirements for long-term efficiency and productivity.” Whilst systems are currently installed on a standalone basis, the logistics team at the superstore is currently investigating networking opportunities to integrate Traka technology seamlessly into everyday operations, across the extensive site for the benefit of staff and visitors.

Supply chain issues have plagued the economic recovery during and after the COVID-19 pandemic, and the problems show every indication of persisting for months or even years to come. Supply chain challenges have impacted the security marketplace in many ways, reflecting the breadth and variety of products needed to secure people, facilities, and assets. Wondering about the specifics of that impact, we asked this week’s Expert Panel Roundtable: How does disruption of the global supply chain of components impact players across the security industry?

Our Expert Panel Roundtable is an opinionated group. However, for a variety of reasons, we are sometimes guilty of not publishing their musings in a timely manner. At the end of 2020, we came across several interesting comments among those that were previously unpublished. Following is a catch-all collection of those responses, addressing some of the most current and important issues in the security marketplace in 2021.

The new year comes with new opportunities for the security industry, but what technologies will dominate our discussions in 2020? Topics such as artificial intelligence (AI) and HCI (hyperconverged infrastructure) became familiar in conversations during 2019, and they are likely to dominate our thoughts again in the new year. But other buzzwords are also gaining steam, such as “blockchain” and “frictionless access control.” Connectivity and the cloud will also be timely technology topics as the industry evolves. We asked this week’s Expert Panel Roundtable: What technology buzz will dominate the security industry in 2020?