cyber security

The phishing threat in numbers

infographic Did you know that the average company with 10,000 or more employees spends $3.7m a year dealing with phishing threats? For more shocking facts and stats about this persistent threat to data security check out the infographic below. This infographic has been designed by Inspired eLearning, which is dedicated to delivering the highest quality enterprise educational products that transform corporate culture, nurture and enhance workforce skills, and deliver maximum ROI for the corporate education budget.

Free Download: the Cyber Security Crashcourse This report contains 40 slides packed with insight into the trends shaping the industry and how you can protect yourself.

Eric Hansleman from 451 Research presents a rapid-fire overview of cyber security.

Click here to download now

Converged security management: The key to mitigating cybersecurity risks

Converged Security Management: The Key To Mitigating Cybersecurity Risks

The IoT revolution has come about thanks to falling component prices, global mobile device adoption, improvements in telecoms infrastructure and the rise of application programming interfaces (APIs). Unsecured and therefore vulnerable devices are now easily searchable through online vulnerability search engine Shodan, among many other means. A series of cyber-attacks targeting such devices as conduits to wider corporate networks has exposed the complacency of some manufacturers over cybersecurity.

The consequences of successful breaches the loss of sensitive data and potentially multi-million pound fines levied for breaches of the forthcoming Global Data Protection Regulation (GDPR) mean the issue is finally getting the attention it warrants. The arguably lower standards of security for consumer devices is a problem, as is the use of third-party suppliers who may not take security as seriously as they should. According to the Department of Homeland Security, this inter-connectedness of devices introduces cyber-physical technologies that connect cyber systems to physical systems, thereby removing the barrier between the cyber and physical worlds but the greater connectivity also expands the potential attack surface for malicious actors. Author bios James Willison BA MA MSyI James is founder of Unified Security Ltd and vice chair of the ASIS European Convergence/ESRM committee. James was awarded the Imbert Prize for an outstanding contribution to the Security Industry in 2011 for his work on convergence with ASIS Europe and the Information Security Awareness Forum. He has worked with BP, Loughborough University, Mitie TSM, the EU and AXIS Communications on convergence. He is an ISACA Academic Advocate and a member of the draft ASIS/ISACA/ISC(2) Security Awareness Standard Working Group. Unified Security Ltd provide consultancy to organisations on how to align their physical and information security functions. This encompasses security policy, common reporting processes, converged security risk assessment, training courses and white papers.

Sarb Sembhi CISM Sarb is CTO and CISO at Virtually Informed, and has previously been a CTO and CISO for the Noord Group. A former consultant in risk and security, Sarb has also worked with the London Chamber of Commerce and Industry Defence and Security Committee and its cybersecurity working group. Other roles have included president of the ISACA London Chapter, chair of ISACA International GRA Region 3 Sub-Committee, chair of ISACA International GRA Committee, ISSA UK Advisory Group member and InfoSecurity Magazine Editorial Group member. Sarb has also served on several security standards groups and speaks at risk and security events around the world. Sarb was shortlisted in IFSEC Global s Top 50 influencers in security & fire 2017: Cybersecurity.

l

Radiation-blocking underwear and 18 other bizarre smart things that could let hackers into your smart home (and one device to protect you)

No object, however mundane, cannot be improved with a computer chip: this seems to be the philosophy driving development of smart things in the smart home arena. It was partly this scattergun approach that prompted Wired magazine to prophesise the demise of the internet of things (IoT) at the start of 2017. Click on the icons in our infographic below to check out 19 of the most bizarre or according to IoT sceptics pointless devices that are creating new vectors of attack for cybercriminals.

Security is little more than an afterthought on too many devices, with criminals able to guess default usernames and passwords by trawling Google. We haven t chosen these 19 devices based on security some may have very rigorous security mechanisms in place. Rather, we chose the most bizarre devices, and paradoxically, in this context, bizarre also means mundane the point being: is a smart hair brush or smart fork really going to deliver benefits that warrant creating new avenues through which hackers could break into your home network? Several products designed to boost IoT security were launched at CES 2017, suggesting the industry is waking up to the threat. We ve included one of them below flagged with a red icon. Free Download: the Cyber Security Crashcourse This report contains 40 slides packed with insight into the trends shaping the industry and how you can protect yourself. Eric Hansleman from 451 Research presents a rapid-fire overview of cyber security.

Click here to download now

UK government issues cybersecurity guidelines for connected cars

Cyber The Department for Transport has published cybersecurity guidelines for manufacturers of smart or connected cars. Written with help from the Centre for the Protection of National Infrastructure, the principles implore everyone in the automotive supply chain to collaborate during the design process and over software upgrades and maintenance long after cars hit the road. The authorities are concerned about the prospect of older vehicles running outdated software.

As cars become increasingly automated and ultimately, driverless the stakes will rise. Last year ethical hackers managed to wrest control of a Tesla Model S while the car was moving and slam on the brakes (see how they did it in the video below). Attacks can even inject malicious code into the electronic control units (ECUs) and controller-area-network (CAN) bus, which control critical systems such as electric steering and braking. Mark Noctor, VP EMEA, Arxan Technologies The eight principles, which were launched by transport minister Lord Callanan, follow: Organisational security is owned, governed and promoted at board level Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain Organisations need product aftercare and incident response to ensure systems are secure over their lifetime All organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system Systems are designed using a defence-in-depth approach The security of all software is managed throughout its lifetime The storage and transmission of data is secure and can be controlled The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail embedded content Connecting to WiFi and external devices via Bluetooth, Modern cars are increasingly smart . The communications and entertainment systems are particularly vulnerable to attack, and can be reverse engineered to access the API libraries that facilitate data sharing between systems, says Mark Noctor, VP EMEA at Arxan Technologies. From here attacks can even inject malicious code into the electronic control units (ECUs) and controller-area-network (CAN) bus, which control critical systems such as electric steering and braking. Preventing application code from being accessed and tampered is one of the biggest priorities in protecting a connected vehicle, and it is encouraging to see the government s guidelines specifically list the ability to protect code and ensure its integrity as key principles. Manufacturers must deploy code hardening measures to prevent attackers from accessing their source code and removing vital data such as cryptographic keys which can be used to access other systems. Anti-tampering measures should be hidden in the code to alert them if the code has been changed, and prevent systems from starting if alterations are detected.

The government announced the Autonomous and Electric Vehicles Bill, which will allow innovation to flourish and ensure the next wave of self-driving technology is invented, designed and operated safely in the UK , during the Queens Speech in June. The outcome of recent efforts by the US government to engage with US automakers over the issue do not augur well. Asked by a Senate committee if they supported mandatory privacy and safety standards, executives from Google, General Motors, Delphi and Lyft were evasive. Free Download: the Cyber Security Crashcourse This report contains 40 slides packed with insight into the trends shaping the industry and how you can protect yourself. Eric Hansleman from 451 Research presents a rapid-fire overview of cyber security.

Click here to download now

A rundown of ransomware master keys released so far

Most ransomware devs operate just like real-life crooks and stick with their blackmail until they get paid. They don t care about your personal documents, photos, videos and other irreplaceable information, period. No ransom, no files.

At the same time, some strange things may happen. There were cases when extortionists called it quits by releasing master decryption keys for their malicious software, thus allowing victims to get their data back for free. Unfortunately, this scenario is the exception rather than the rule. There are different speculations and theories on the motivation of these sympathetic malefactors. Some researchers believe these threat actors simply drop one campaign to move on with another from scratch. Some consider master key dumps to be a display of compassion. Yet other analysts say there are constant wars between gangs where one group hacks another and publishes all keys of their competitors. One way or another, such cases do occur once in a while. The stories below cover all instances of these releases reported to date.

Recent ransomware master keys An individual who goes by an online alias guest0987654321 dumped the RSA private key for XData ransomware on May 30, 2017. The message was posted in a dedicated XData thread on the BleepingComputer forum. Kaspersky Lab promptly used this master key to update their RakhniDecryptor tool and add support for the ransomware in question. The developer of AES-NI ransomware known as thyrex made his victims day by releasing private decryption keys on May 21, 2017. The dump originally included keys for AES-NI edition using [email protected] contact email. Later on the same day, the crook also published master keys for other variants, which allowed Avast and ESET to cook up ad hoc free decryptors. Whoever the person nicknamed lightsentinelone is, he did a huge favor for all Wallet ransomware victims by providing a link to a Pastebin page with a complete set of master keys. This dump took place via BleepingComputer as of May 18, 2017. Avast and Kaspersky quickly picked up this data to create free decrypt tools.

In an unexpected move, someone who goes by an online handle checker123 released the RSA private key for the BTCWare strain on May 3, 2017. Whereas researchers had previously created free decryptors for older variants of this ransomware, two newer ones remained uncrackable until this dump. Michael Gillespie, the author of ID Ransomware service, leveraged the leaked keys to contrive a universal decrypt tool supporting all BTCWare iterations. The once prolific Dharma ransomware became decryptable due to a dump of master keys that occurred on March 1, 2017. A newly registered BleepingComputer forums user, gektar , posted the corresponding Pastebin link in the Dharma support topic. Anonymous user named crss7777 released master keys for all variants of the CrySiS ransomware on November 13, 2016. To this end, said a member of the CrySiS crew posted a Pastebin link on the above-mentioned BleepingComputer forums pointing to a page with all decryption keys for the perpetrating program. Having validated these keys, Kaspersky released an updated edition of RakhniDecryptor so that CrySiS victims could recover their data without submitting the ransom. The authors of CryptXXX ransomware strand abandoned their extortion campaign and started RSA private keys giveaway as of July 14, 2016.

Plagued users were able to get their keys simply by logging into the infection s payment server. The relief was only partial, though, because this dump only supported CryptXXX editions that appended the .Crypz and .Cryp1 extensions to hostage files. Another happy ending case took place on May 18, 2016. This time, the architects of the TeslaCrypt ransomware campaign closed the project and provided the master key on their Tor based payment page. A security enthusiast nicknamed BloodDolly hard-coded this key into his previously released TeslaDecoder utility so that it could crack all versions of this ransom Trojan. Meanwhile, security researchers don t just sit there and wait for the bad guys to throw a bone to their victims. They are busy analysing various ransomware samples for flaws in crypto implementation and have had some success cracking them. Fortunately, lots of cybercriminals write shoddy code, so a little bit of reverse engineering often suffices to spot weak links in ransom Trojans behavior and defang them. A number of security vendors, including Emsisoft, Avast, Kaspersky, AVG, and Bitdefender, stand out from the crowd in this regard as they have coined most of the free ransomware decryptors.

Overall, more than 160 decryption tools out there allow ransomware victims to get off the hook without coughing up Bitcoins. Quite a few of them support widespread strains that have infected thousands of users and keep wreaking havoc around the globe. These include decryptors for the notorious Petya ransomware, Nemucod, Merry X-Mas (MRCR) ransomware, Linux.Encoder.1, the first-ever Mac ransomware called KeRanger, Jigsaw ransomware, CTB-Locker (website edition), Chimera ransomware, CryptoMix, and Globe ransomware. The moral of the story is: do not pay from the get-go if you fall victim to ransomware unless of course the hostage data is critical and you are too pressed for time. Chances are that the threat actors will release master decryption keys in a dump like the ones above. Furthermore, security analysts are doing their best to find effective workarounds. Consider using a tool called CryptoSearch. It automatically finds files encrypted by ransomware and allows you to move them temporarily to a new location. This technique streamlines the data recovery process if a free decryptor appears in the future.

And keep in mind that prevention is better than cure. Do not open suspicious email attachments, apply operating system updates once they are available, and be sure to keep your important files backed up. Free Download: the Cyber Security Crashcourse This report contains 40 slides packed with insight into the trends shaping the industry and how you can protect yourself.

Eric Hansleman from 451 Research presents a rapid-fire overview of cyber security.

Click here to download now

A rundown of ransomware master keys released recently

Most ransomware devs operate just like real-life crooks and stick with their blackmail until they get paid. They don t care about your personal documents, photos, videos and other irreplaceable information, period. No ransom, no files.

At the same time some strange things may happen. There were cases when extortionists called it quits by releasing master decryption keys for their malicious software, thus allowing victims to get their data back for free. Unfortunately, this scenario is the exception rather than the rule. There are different speculations and theories on the motivation of these sympathetic malefactors. Some researchers believe these threat actors simply drop one campaign to move on with another from scratch. Some consider master key dumps to be a display of compassion. Yet other analysts say there are constant wars between gangs where one group hacks another and publishes all keys of their competitors. One way or another, such cases do occur once in a while. The stories below cover all instances of these releases reported to date.

Recent ransomware master keys An individual who goes by an online alias guest0987654321 dumped the RSA private key for XData ransomware on May 30, 2017. The message was posted in a dedicated XData thread on the BleepingComputer forum. Kaspersky Lab promptly used this master key to update their RakhniDecryptor tool and add support for the ransomware in question. The developer of AES-NI ransomware known as thyrex made his victims day by releasing private decryption keys on May 21, 2017. The dump originally included keys for AES-NI edition using [email protected] contact email. Later on the same day, the crook also published master keys for other variants, which allowed Avast and ESET to cook up ad hoc free decryptors. Whoever the person nicknamed lightsentinelone is, he did a huge favor for all Wallet ransomware victims by providing a link to a Pastebin page with a complete set of master keys. This dump took place via BleepingComputer as of May 18, 2017. Avast and Kaspersky quickly picked up this data to create free decrypt tools.

In an unexpected move, someone who goes by an online handle checker123 released the RSA private key for the BTCWare strain on May 3, 2017. Whereas researchers had previously created free decryptors for older variants of this ransomware, two newer ones remained uncrackable until this dump. Michael Gillespie, the author of ID Ransomware service, leveraged the leaked keys to contrive a universal decrypt tool supporting all BTCWare iterations. The once prolific Dharma ransomware became decryptable due to a dump of master keys that occurred on March 1, 2017. A newly registered BleepingComputer forums user, gektar , posted the corresponding Pastebin link in the Dharma support topic. Anonymous user named crss7777 released master keys for all variants of the CrySiS ransomware on November 13, 2016. To this end, said a member of the CrySiS crew posted a Pastebin link on the above-mentioned BleepingComputer forums pointing to a page with all decryption keys for the perpetrating program. Having validated these keys, Kaspersky released an updated edition of RakhniDecryptor so that CrySiS victims could recover their data without submitting the ransom. The authors of CryptXXX ransomware strand abandoned their extortion campaign and started RSA private keys giveaway as of July 14, 2016.

Plagued users were able to get their keys simply by logging into the infection s payment server. The relief was only partial, though, because this dump only supported CryptXXX editions that appended the .Crypz and .Cryp1 extensions to hostage files. Another happy ending case took place on May 18, 2016. This time, the architects of the TeslaCrypt ransomware campaign closed the project and provided the master key on their Tor based payment page. A security enthusiast nicknamed BloodDolly hard-coded this key into his previously released TeslaDecoder utility so that it could crack all versions of this ransom Trojan. Meanwhile, security researchers don t just sit there and wait for the bad guys to throw a bone to their victims. They are busy analysing various ransomware samples for flaws in crypto implementation and have had some success cracking them. Fortunately, lots of cybercriminals write shoddy code, so a little bit of reverse engineering often suffices to spot weak links in ransom Trojans behavior and defang them. A number of security vendors, including Emsisoft, Avast, Kaspersky, AVG, and Bitdefender, stand out from the crowd in this regard as they have coined most of the free ransomware decryptors.

Overall, more than 160 decryption tools out there allow ransomware victims to get off the hook without coughing up Bitcoins. Quite a few of them support widespread strains that have infected thousands of users and keep wreaking havoc around the globe. These include decryptors for the notorious Petya ransomware, Nemucod, Merry X-Mas (MRCR) ransomware, Linux.Encoder.1, the first-ever Mac ransomware called KeRanger, Jigsaw ransomware, CTB-Locker (website edition), Chimera ransomware, CryptoMix, and Globe ransomware. The moral of the story is: do not pay from the get-go if you fall victim to ransomware unless of course the hostage data is critical and you are too pressed for time. Chances are that the threat actors will release master decryption keys in a dump like the ones above. Furthermore, security analysts are doing their best to find effective workarounds. Consider using a tool called CryptoSearch. It automatically finds files encrypted by ransomware and allows you to move them temporarily to a new location. This technique streamlines the data recovery process if a free decryptor appears in the future.

And keep in mind that prevention is better than cure. Do not open suspicious email attachments, apply operating system updates once they are available, and be sure to keep your important files backed up. Free Download: the Cyber Security Crashcourse This report contains 40 slides packed with insight into the trends shaping the industry and how you can protect yourself.

Eric Hansleman from 451 Research presents a rapid-fire overview of cyber security.

Click here to download now

We treat biometrics as plug and play

biometrics IFSEC media partner SecuritySolutionsWatch.com spoke to Jim Miller, chairman and CEO of ImageWare Systems Inc, a developer of identity management solutions. An excerpt of the interview is below click at the bottom to read the full conversation. SecuritySolutionsWatch.com: Thank you for joining us again today Jim at this momentous time in the history of ImageWare.

Congratulations on all the positive developments during the past few months. Before discussing all the new deals and the fast-growing mainstream acceptance of biometrics, perhaps we can begin with an overview of the ImageWare Product Portfolio as it stands now. Jim Miller: We live in a world where our digital identity is the bridge to our human identity. The Internet of things (IoT) is essentially a giant network of connected things a concept that not only has the potential to impact how we work, but also how we live. We can connect our devices to all manner of devices and people. This raises a huge concern with privacy and security in this connected world. Anything connected to your network is now a potential breach point; it makes data security more complex, information governance more complicated, and your corporate and customer data more vulnerable. The same concerns apply to BYOD, or as we sometimes say at ImageWare, Bring Your Own Disaster every connection point is a data breach potential and a majority of folks use their personal devices at work where they access valuable corporate information.. We have seen too many times how this story ends a single tablet or smartphone contains credentials to the entire corporate network and this simple thing can end up costing employers millions.

There is only one thing that can verify the actual person biometrics, one s unique human characteristics. A person who knows the password or has the token is not verifying the actual person, because passwords can be discovered and tokens stolen. The user s unique physical traits, that s where ImageWare delivers value by allowing our users to replace or augment password or PIN security with easy to use biometrics.

Just like your readers, I can t wait until I can stop using passwords for everything and just use my face, voice, eyes, or some other biometric more secure and nothing to remember each time I log in!

Read the full interview on SecuritySolutionsWatch.com

Petya/GoldenEye: Cybersecurity experts respond to ransomware attack

The latest ransomware virus to sweep the globe started in Ukraine after users there downloaded a popular tax accounting package or visited a local news site, according to Ukrainian police and cyber experts. Called GoldenEye or Petya, the virus has affected thousands of computers, disrupting organisations in a wide range of sectors, from shipping to manufacturing. US shipping company FedEx, Danish shipping giant AP Moller-Maersk and Russian oil giant Rosneft are among those hit by the attack.

The malicious code locks machines and demands that victims pay a ransom of $300 in bitcoins or lose their data. The hackers motives are still unclear, with some experts speculating that, given the modest sums demanded, a motive other than financial gain might be driving them. A number of cybersecurity experts offered their analyses to IFSEC Global, which you can read below. Eldon Sprickerhoff, founder and chief security strategist, eSentire Attacks are becoming more widespread, are moving faster, and are harder to kill The eSentire threat intelligence team has confirmed one variant associated with this attack, however broadly there are more than 50 different flavours of ransomware variants in the wild. Of those flavours, behaviors prompt the rapid deletion of files and exfiltration of data. Recently we ve tracked a new variant which works to lock down passwords before encryption, making backup restoration particularly tricky. This attack amplifies the rapid evolution of ransomware; attacks are becoming more widespread, are moving faster, and are harder to kill. While this attack is hitting Europe harder than other countries (at the moment), it is moving quickly and businesses worldwide should treat this as the warning siren. Take this as an opportunity to ensure that offline backups and system patches are up-to-date, and tested.

Dr Jamie Graves, CEO, ZoneFox It s not just computer systems shutting down; it s energy grids losing power, ships stopping in their tracks and people not being able to access their money This is further confirmation that we now live in a world where nation-state sponsored cyber-attacks are becoming as routine as real-world incidents. This latest attack reminds us of two crucial facts regarding the current state of cyber security: that attackers now have access regardless of whether they are state-sponsored or independent to military-grade cyber weaponry, hence the fact that the attacks are so successful. Secondly, that digital data is directly linked to physical assets; it s not just computer systems shutting down, it s energy grids losing power, ships stopping in their tracks and people not being able to access their money. Despite the headlines it will create, especially in the wake of the recent WannaCry incident, this is old news. The origin of this attack looks to be a phishing email that delivers a rebranded piece of ransomware, with the only addition being the NSA EnternalBlue exploits that WannaCry used. If you don t have adequate security in place and a seriously security-conscious culture, you re going to get a free penetration test to show just how vulnerable your organisation really is. Marty P Kamden, CMO, NordVPN One way to protect yourself is to disrupt a system before it boots, as the ransomware runs on boot The latest ransomware assault seems to be particularly dangerous. One of the best protection mechanisms are patches, but they might not always work with this new version of Petya. Another way to protect yourself is to disrupt a system before it boots, as the ransomware runs on boot.

After the device gets infected with a ransomware, it will wait for about an hour until reboot. Reboot is required for a malware to encrypt the system, so in certain cases, if the device gets terminated in the encryption process, it gets disrupted and information can be saved. Generally, system administrators are still not well-prepared to protect their networks, and these attacks will only keep getting worse. Matt Kingswood, UK head, IT Specialists The best way to prepare for an attack is to back up data regularly to the cloud The news story on the new variant of the Petya ransomware dubbed PetrWrap exposes just how complex and well evolved cyber threats have become. Researchers from Kaspersky have documented that the group behind PetrWrap created a special module that patches the original Petya ransomware on the fly . While Kaspersky has a signature for this ransomware already, other AV providers are sure to follow soon. Although there are a range of best practices to reduce the risk of a ransomware infection (such as installing an antivirus scanner, utilising intrusion detection services, applying updates as soon as possible and avoiding unsolicited email attachments), there is no failsafe method for preventing ransomware. The best way to prepare for an attack is to back up data regularly to the cloud. Secure cloud-to-cloud backup solutions create another, encrypted version of your data and maintain prior versions ‘ in the case of a ransomware attack, the versions before the attack.

And, of course, this second copy has the added benefit of preventing data loss via accidental deletion. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Further topics covered include: The network cameras hijack during the 2017 presidential inauguration, updates on the forthcoming EU data protection law (the GDPR), ultra-low light cameras versus thermal cameras and much more.

Click here to Download now

Businesses have been hacked whether they realise it or not, expert warns

There are two types of businesses those who know they ve been hacked and those who don t know they ve hacked a leading security expert has said. Stuart Rawling, director of business development at Pelco Schneider Electric, made the stark warning at the event s opening panel Current trends and future of the industry . Rawling said businesses must have a solid security plan in place which brings together both human and cyber elements.

There is a risk of getting an antivirus solution and hoping that will solve everything, said Rawling. An antivirus won t help you against a zero-day attack by its very definition it s unknown. The theme that rapidly-advancing security technology cannot be expected to tackle threats without a human element and robust planning was a key element of the session. Professor Martin Gill, perpetuity research & director at industry awards the OSPAs, warned that leaving it to technology and it hoping it will all be ok is a dangerous path for the industry. We should be holding on to the human element. I speak to a lot of offenders, and one said to me recently technology doesn t jump off a wall and arrest you . I just interviewed 12 heads of retail and 12 loss prevention directors. And when asked what their best security system is they all agree: their staff. Rawling agreed, saying he doesn t see a day coming soon where a physical security guard is not deployed.

Ultimately there still needs to be a human decision made on what to do, he said. A response plan still requires a human response. What do you do when something happens? That s where security fails most often the operating procedure, not the technology. Fellow panellist Tony Weeks, head of technical services at NSI, said that technology cannot be implemented without human expertise. No matter how advanced the technology, you will still need people to configure and look after the systems, he said. The most important consideration is an outstanding security policy which addresses all aspects, the panel agreed. When I speak to offenders about why they chose their target the answer is always the same because it was easy, said Gill. That hasn t changed over 30 years.

Visit Europe s only large-scale security event in 2017 Taking place in London, 20 22 June 2017, IFSEC International gives you exclusive hands-on access to over 10,000 security solutions, live product demonstrations, and networking with over 27,000 security professionals.

Covering every aspect of security, from access control and video surveillance to smart buildings, cyber, border control and so much more.

Time is running out, register now to avoid missing out

Revealed: The top 50 influencers in security & fire 2017

After extensive consultation with a panel of judges from across the industry, we are delighted to reveal our roll call of the Top 50 influencers in security & fire 2017 in association with the BSIA. You can meet and greet with some of the 50 influencers over drinks at IFSEC International 2017. This networking event takes place between 14:30-15:30 in the Security Management Theatre on day three, 22 June.

IFSEC takes place at London ExCeL between 20-22 June 2017. Get your free badge now. The BSIA is also celebrating its 50th anniversary this year. It s a trio of 50s because we ve also designed the graphic below featuring all influencers based on the cover of the Beatles seminal Sgt. Pepper s Lonely Hearts Club Band album, which also celebrated its 50 th anniversary last month. This year the influencers are broken down into categories for the first time. We ve also added a special lifetime of influence tribute in recognition of the enormous contribution to the industry of Mike Tennent, founder of Tavcom Training, who sadly passed away last month. Click on you categories of interest below to find out who made the grade: Lifetime of influence tribute: Mike Tennent, Tavcom Training Security manufacturers/service providers Security management, education and thought leadership (UK and international) Cybersecurity (UK and international) Fire safety Installer/integrator excellence This year we revamped the process, only permitting nominations with explanations not votes this time round. An expert judging panel then rated nominations based on the nominations persuasiveness and their own knowledge about the nominee.

Judges also submitted their own nominations, which were similarly rated by other judges. In addition to the 50 influencers, there is an added category for installers, defined by excellence rather than influence. How do we define influential? This was anyone: Who has played a key role in driving technological innovation Who has been a driving force in changing regulation , standards/guidance or best practice Someone whose insights/opinions are widely respected and which are influential in shaping debate around industry issues Someone who has been instrumental in the success of the organisation or business they lead or are employed by Someone who has helped to raise the industry s profile or been an influential voice in the national media Our judges will be instructed to consider the nominees influence over the past five years, but to give greater weight to more recent achievements. Installers (fire and security) The criteria for installers was slightly different, being an individual not a company who has done some or all of the following: Consistently provided exceptional customer service Delivered a particular project, or many projects , to exceptionally high standards Been an innovator (eg, cutting average installation times/costs through adoption of new tech or change of process) Played a pivotal role in the success of their company (whether that is growing revenues, market share or reputation for excellence) Played a pivotal role in their company s diversification into new markets (eg IP, home automation, fire, etc) Visit Europe s only large-scale security event in 2017 IFSEC International is taking place at Excel London, 20 22 June 2017, here are 5 reasons you should attend: Exclusive hands-on access to over 10,000 brand new security solutions Network with over 27,000 security professionals Discounts of up to 30% exclusively for IFSEC 150 hours of seminars, workshops and keynote speeches A 1-2-1 meetings service to pre-book face to face meetings.

Time is running out, register now to avoid missing out