All posts by NTSI Publishing Team

News

New research reveals only a handful of organisations can access sensitive data in a timely manner

Findings show that the cost and complexity of data compliance is hampering business innovation

  • Only 2% of organisations can access sensitive data in less than a week
  • 69% of organisations are waiting over a month to access data, sometimes between 3-6 months
  • 92% of organisations agree that data drives business innovation
  • Organisations see the innovation and profit opportunity in sensitive data but struggle to capitalise on this cost-effectively without more sophisticated and usable data monetisation strategies.

London, 30 April 2024: Protegrity, a global leader in data-centric security and privacy, has today announced the launch of a new research report ‘The State of Data Security Optimisation and Monetisation’. The research reveals that while organisations are using data to drive innovation and new strategies, fewer than 2% of respondents can access sensitive and classified data in less than a week.

Despite 92% of respondents agreeing that the innovation resulting from data has a positive impact on the bottom line, and all agreeing that data can be used to improve customer and employee experiences, it seems that businesses cannot fully leverage the data they hold. They are struggling to keep up with the pace of innovation because the data needed to power new technologies like AI is sensitive and is protected in ways that render it hard to access. While 37% of respondents cited waiting times of 1-2 months to access data, as many as 32% wait between 3-6 months.

The research, undertaken by independent research company, Opinion Matters, surveys CIOs, CTOs, Heads of data and data managers from enterprise organisations.  It examines how organisations are protecting, modernising, and optimising data.

According to Nathan Vega, Vice President Solutions Strategy at Protegrity, “From the research results it is evident that businesses are not leveraging the value of data due to delays in accessibility. If an organisation is measuring access to data in months and not days or hours, there is a limitation on their ability to realise the potential of this data. In today’s modern enterprise, organisations should see time to value within days, a few hours being the norm and within minutes or even seconds being optimal.”

Positively, the research findings revealed that organisations are adhering to data regulations and compliance requirements, with 45% using data controls such as tokenisation and pseudonymisation to secure data. Further, 84% state they are either fully or somewhat prepared to meet PCI compliance requirements. While this is promising, equally concerning is that 2% of respondents admit to being completely unprepared, 14% say they are somewhat unprepared and 46% of respondents say they are only somewhat prepared to meet PCI requirements.

Vega adds, “Companies need to implement data protection tools and strategies that allow them to balance the needs of data security with useability to meet new data modernisation use cases. It is also beneficial to make sensitive data usable data if companies are to make timely and effective decisions to improve customer experiences and drive innovation. Many are struggling keep pace and capitalise on innovation cost-effectively without more sophisticated and usable data monetisation strategies.”

Data compliance and governance have secured a place on the boardroom agenda, with 90% of respondents stating that corporate leaders have a good handle on the importance of data and compliance and regulatory issues surrounding their data.

Based on the important nature of data privacy and compliance it is promising to see that 96% of respondents are planning to invest a portion of their IT budget in data security in 2024 with nearly half (49%) of respondents planning to invest up to 15% of their IT budgets on data security.

Vega concludes, “GDPR and other compliance regulations, while necessary and proven effective for driving data security, are adding to the growing complexity and cost for organisations to gain value from their data. Not only does it require more time and money to secure and access necessary data, but the delays in accessing and using this data also have a knock-on impact on various aspects of business.”

“As the technology landscape evolves and threat actors gain access to new tools, securing sensitive data will continue to be a growing challenge for organisations. However, companies can adhere to stringent data regulations and requirements, keeping data secure, and also reap the benefits of this data by investing in data monetisation and optimisation strategies and implementing tools to help make data accessible and useable without compromising on privacy.”

Research methodology

Protegrity commissioned independent research organisation Opinion Matters to undertake research in February 2024. 600 CIOs, CTOs, CISOs, Heads of data and data managers were surveyed from organisations employing 1,000+ people. Six industry sectors were surveyed including: airlines, banking, retail, pharmaceutical, insurance, and telecommunications, with 300 respondents from the UK and 300 from the US.

To Access the full report, please follow this link: https://www.protegrity.com/resource-center/state-of-data-security-optimisation-and-monetisation

About Protegrity

Protegrity is a global leader in data-centric security and privacy. With Protegrity’s Secure Data Service, organisations can secure their sensitive data wherever it is, control how it’s protected, and have confidence that it is safe, even if a breach occurs. Whether encrypting, tokenising, or applying privacy models, Protegrity delivers a first of its kind cross-border data protection service that offers all the tools necessary to reinstate business-critical cross-border data flows. Protegrity’s technology is cloud-agnostic, AI and machine learning-friendly and quantum- resistant. Today, Protegrity protects the data of Fortune 1000 companies, including the top banks and health insurance providers, and the world’s leading multinational companies.

For more information, visit Protegrity.com.

News

The Road To Digitalisation: Team Energie Deploys Panasonic ESL Technology

Panasonic announces a service framework agreement with team energie to bring ESLs to 72 petrol stations across Germany. 

Wiesbaden, DE. 25th April 2024 – German energy company team energie is partnering with Panasonic Connect Europe to help drive innovation in petrol station convenience stores with the deployment of 800 Electronic Shelf Labels (ESLs), seamlessly integrated through a wireless connection to a centralised Point of Sale (POS) system. A total of 72 team energie petrol stations will be upgraded across Germany, in addition to stations operating under the Aral brand.  

The POS systems will be provided by long-term team energie partner, HUTH. Panasonic engineers will work alongside HUTH to customise and integrate the ESLs with team energie’s back office systems. In trials, petrol station stores fitted with Panasonic ESLs were operational on the same day.  

“Petrol stations, and the wider energy industry, are grappling with rising operating costs, increased regulations, and a shortage of skilled workers. Digitising systems across the petrol station forecourt and shop will help to tackle these challenges head-on, and provide more enjoyable customer experiences,” explains Volker Behn, Managing Director at team energie. “Panasonic’s insight and awareness of how current and future trends will impact the industry, as well as its focus on sustainability; our shared values; its customised solutions; and its understanding of our long-term digitalisation strategy were all instrumental in selecting Panasonic as our technology partner.” 

ESLs key to wider digitalisation strategy 

Following a successful trial in six locations, including its state-of-the-art petrol station in Magdeburg, the installation of ESLs in team energie petrol stations across Germany is the latest step in its digitalisation strategy to deliver an enhanced experience for customers. 

For those petrol stations already fitted with paperless pricing technology, Panasonic ESLs are already streamlining operational efficiencies for team energie employees. By reducing unnecessary manual price changes and automating tasks, pricing errors are reduced, helping to save petrol station employees up to 30 minutes every day. 

In addition, Panasonic ESLs will also be used as digital displays to deliver marketing campaigns and special offers to customers throughout the forecourt, shop, and bistro. 

team energie’s service division will be responsible for planning, installing, and maintaining the ESLs going forward, with Panasonic engineers providing on-site support and spare parts across Germany from its Hamburg, Wiesbaden, and Munich service hubs. 

“team energie continues to set the standard for the modern petrol station. Installing Panasonic ESLs across its German locations demonstrates that it continues to push technological boundaries in pursuit of increased efficiency and market-leading customer experiences,” adds Jens-Michael Pohl, Head of Sales Engineering at Panasonic. 

Panasonic will be demonstrating its ESL solution at the UNITI expo in Stuttgart, Germany, from 14-16 May 2024, in Hall 1, stand IC04.   

For further information on team energie’s first petrol station equipped with Panasonic ESL technology, click here: 

https://oc.connect.panasonic.com/nz/en/case-studies/full-throttle-petrol-station-team-energie 

News

Computer Vision Spearheading AI Productivity in 2024 Says Latest Research

Average productivity gains of 42% over three years predicted but potential barriers are a lack of skills and in-house knowledge. 

Munich, Germany. 18th April 2024 – Adoption of Computer Vision technology, powered by AI, is at a tipping point and set to power productivity across a range of industry sectors, according to the latest research commissioned by Panasonic Connect Europe. On average, decision-makers predict a productivity increase of 42% in the three years following deployment. The manufacturing industry anticipates the biggest boost with increases in productivity as high as 52%.  

Computer Vision is the field of artificial intelligence that enables computers and systems to derive meaningful information from digital images. It is the “eyes of AI”, observing, identifying, classifying, tracking, and ultimately interpreting images into usable “knowledge” that can be further interrogated by humans or by complementary AI.  

Wide variety of applications 

Respondents report that Computer Vision technology is being used across a wide variety of business departments and applications. Practical activities such as repairs and maintenance, production line monitoring, and quality control slightly outweigh use in security and health and safety. Applications in logistics and supply chain are popular, along with real-time projection mapping and people tracking, demonstrating the broad scope of use cases relevant to Computer Vision tech. 

 Available skills a barrier to deployment 

The biggest barriers to deploying the technology were a lack of external specialist support (37%) and maintaining computer vision knowledge in the business (33%). Businesses are also highly sensitive to the potential ethical concerns of deploying AI-powered Computer Vision applications. The largest concern being data security (35%), closely followed by personal privacy and surveillance concerns, lack of corporate guidance and fears for job replacement – all level at 32%.  

 Wider AI deployment surging ahead 

Looking at the wider adoption of Generative AI, the momentum is clear. Overall, more than two-thirds (67%) say that using generative AI is important to their business. More than one-third of respondents (37%) have already implemented a solution and are seeing benefits. A further third (34%) are in the planning stage or the process of implementing the technology. 17% are still thinking about it, but only 13% say they will not deploy Generative AI at all. 

“The research shows clearly that Computer Vision technology is not just a concept but a present reality that is already steering businesses towards significant productivity and operational gains,” said Margarita Lindahl, Head of AI at Panasonic Connect Europe. “Organisations across all sectors that are not yet in the planning stages of deployment are in danger of falling behind. There is also a clear need for specialists, such as Panasonic, to assist businesses in understanding how to deploy this technology effectively and responsibly.” 

A full copy of the research executive summary can be downloaded here: https://eu.connect.panasonic.com/gb/en/whitepapers/how-computer-vision-technology-transforming-industries 

The independent research, carried out by Opinion Matters and commissioned by Panasonic Connect Europe, surveyed 300 senior decision makers responsible for digital transformation and AI/computer vision implementation, working in companies with an annual turnover of 50 million+ Euros across Germany and the UK. 

News

Panasonic Provides Private 5G Network & Testing Facility For Customers

Panasonic opens its first private 5G network testing environment at the Panasonic Campus in Munich. The company is partnering with leading 5G-as-a-Service providers to make private 5G networks easy to set up and simple to operate across Europe. 

Munich, Germany. 4th April 2024 Panasonic Connect Europe has today unveiled a new private 5G network at its Customer Experience Centre (CXC) in Munich to help customers deliver uninterrupted connectivity, real-time communications, and increased security for mission-critical applications in a variety of sectors.  

In collaboration with leading 5G-as-a-Service (5GaaS) providers, Panasonic can now offer dedicated, and fully customised private 5G networks with ultra-low latency, delivering faster response times, enhanced data transfer and communication, and improved network efficiency and reliability.  

The simple installation, configuration, and maintenance of Panasonic’s private 5G network is showcased at its innovative Customer Experience Centre on the Panasonic Campus in Munich, demonstrating secure, superfast upload and download speeds.  

With two cells installed in the CXC, customers and partners can perform handover tests with applications and Panasonic TOUGHBOOK 5GSA devices at a controlled speed and experience the benefits of 5G’s increased network capacity. Customers can also experience the enhanced security and control that private 5G networks offer, with advanced encryption protocols and modified Uplink and Downlink data throughputs optimised for applications. 

With Panasonic owning the entirety of the access network, it has removed the complexity for existing and new customers, and business partners, using state-of-the-art technology to migrate to private 5G networks. This simplifies the relationship between hardware, software, and connectivity, with existing prospects in the transport and logistics, manufacturing, and construction sectors able to explore the advantages of connecting a variety of devices across one private network.  

Third-party manufacturers and software developers can also test 5G applications and devices in a real-life environment, helping to optimize their applications, if requested, with devices using Windows, iOS, or Android operating systems. 

Thorsten Lutz, EU Solution Architect at Panasonic TOUGHBOOK, explains: “Many organisations are looking to unlock the potential of 5G for enhanced efficiencies and connectivity but have concerns or are unsure about how to proceed. With our connectivity experience and with multiple Panasonic mobile devices already optimised for 5G, it’s a natural next step for us to offer secure, superfast private 5G networks to customers and prospects across Europe, where traditional networks or public 5G is not fit for purpose.” 

Interested organisations can now book an on-site workshop and plan their next level of connectivity with Panasonic’s experts, visit: https://eu.connect.panasonic.com/gb/en/campus-munich-walk-through-future  

News

Leveraging regulations to strengthen cyber resilience

Written by Sean Tilley, Senior Director Sales at 11:11 Systems

In today’s interconnected global landscape, operational and cyber resilience stands at the forefront of organisational priorities. The digital age, while unlocking unparalleled opportunities for innovation and growth, brings a new era of cyber threats. These threats – which continue to increase in size, sophistication, and severity – come in many forms, from calculated ransomware and distributed denial of service (DDoS) attacks to phishing, spoofing, and social engineering. As new headlines continue to shine the spotlight on high-profile attacks, it brings home the fact that such threats and their resulting data breaches and downtime have the power to cripple organisations, erode public trust and inflict substantial economic losses.

These threats are further amplified by the surge in remote working and access, exposing vulnerabilities in what were typically considered robust digital defences. Cybercriminals have become more daring and innovative, exploiting these newfound vulnerabilities to orchestrate  more pervasive, sophisticated and damaging attacks than ever before. They can cause immediate operational disruptions, compromised data security, and financial setbacks, and also long-term reputational and trust damage.

This evolving threat landscape has prompted a heightened focus on regulatory compliance and operational and cyber resilience to mitigate the risks and ensure organisations can survive an attack.

 

Regulations drive cyber resilience

Cyber resilience is a specific strategic and comprehensive approach that organisations can adopt to enhance their ability to anticipate, prevent, respond to, and recover from cyber risks and incidents.

True operational and cyber resilience is what governments and regulatory bodies across the globe are hoping to achieve as they design regulatory frameworks that incorporate not just technology, but also people, processes, and information. However, navigating this complex regulatory environment demands a strategic approach, where understanding the nuances of each regulation, its implications, and timelines for compliance becomes critical.

Regulations such as GDPR, HIPAA, and Sarbanes-Oxley (SOX) have already shaped how organisations safeguard data and compliance, but upcoming mandates like NIS2, DORA, and FCA CP19/32 are reshaping how organisations must approach data security, privacy, and cybersecurity to ensure continued levels of customer service despite the surging threats businesses face.

Regulatory compliance is not just a legal obligation but a strategic imperative for operational resilience, necessitating a comprehensive, well-planned approach to cybersecurity. Organisations stand to benefit from reassessing, reinforcing, and revitalising their cybersecurity postures, turning regulatory adherence into a competitive advantage.

 

The Surging Threat of Cyberattacks

The digital age has ushered in a new era of cyber threats and the statistics paint a stark picture, not solely defined by an increase in total attacks, but also by their sophistication and severity.

Cybersecurity Ventures estimated that in 2021 businesses would fall victim to a ransomware attack every 11 seconds. It now predicts that attacks on businesses, consumers, governments, and devices will happen every two seconds by 2031. It is not surprising then that ransomware attacks were involved in 24% of all breaches and ransomware payments in cryptocurrency surpassed the $1 billion mark in 2023, the highest number to date.

 

The Cost of Cyber Insecurity

In 2023, the average total cost of a data breach rose to $4.45 million, the highest in the 19-year history of the Ponemon Institute and IBM’s Cost of Data Breach Report. This upward trajectory is not expected to plateau; experts warn of a continued rise in both the frequency and sophistication of cyberattacks.

Email, the most ubiquitous tool in business communication, has also proven to be a significant vulnerability, responsible for approximately 94% of all malware today and phishing, a method exploiting human error and lack of cybersecurity awareness, remains the most common form of cybercrime. According to a report by email security company Valimail, over three billion malicious phishing emails are sent every day, which amounts to 1% of all email traffic worldwide.

In a recent survey from Egress Software, 94% of organisations reported being the victim of phishing with virtually all attacks leading to a negative outcome of some kind, financial or otherwise. In most of those cases, unfortunately, the incidents imposed at least some financial cost (79%) with 64% of companies reporting that phishing had impacted their bottom line.

From financial losses, customer churn, and reputational damage to lengthy remediation processes and legal repercussions, the impact of cybercrime is far-reaching, affecting every sector and size of business. According to Cybersecurity Ventures, cybercrime is expected to inflict 9.5 trillion USD in total damage in 2024 and another 10.5 trillion USD annually by 2025—up from 3 trillion USD less than a decade ago. If it were measured as a country, then cybercrime would be the world’s third-largest economy after the U.S. and China.

The alarming rise in cyber incidents and their cost is a primary catalyst driving the wave of new regulations in cybersecurity and data protection.

 

Moving from reactive to proactive cyber strategies

Governments and regulatory bodies worldwide are recognising the critical need to fortify digital infrastructures against evolving cyber threats, as well as liability resulting from defective or malicious artificial intelligence (AI) products. The aim is not just to respond reactively to incidents but to establish a proactive, resilient framework that can anticipate and withstand cyber threats and disruptions.

However, the implications of the new regulations are profound for businesses. They necessitate a shift from traditional cybersecurity practices to more integrated, comprehensive strategies that encompass not only technical solutions but also organisational culture, in-depth planning and employee awareness at every level.

The surge in cyber threats has pushed cybersecurity to the forefront of boardroom agendas. As businesses navigate this new terrain, staying informed and agile will be key to both complying with emerging regulations as well as safeguarding their digital assets and their future. This gap between awareness and preparedness underscores the need for a strategic overhaul in how businesses approach cybersecurity and cyber resilience.

 

Regulations and cyber resilience

For businesses, this evolving regulatory landscape means that cybersecurity and data protection are no longer just IT issues but are integral to corporate governance and strategy. Adapting to these regulations requires a comprehensive approach, combining legal compliance with robust cybersecurity and data recovery practices, personnel training and system monitoring to create a resilient operational framework capable of withstanding the challenges of a digitalised economy.

When it comes to cybersecurity and cyber recovery, the complexity and severity of the risk must be considered from a business risk, technology, reputational, and regulatory compliance perspective. There is typically no one-size-fits-all approach. However, companies that stay abreast of potential changes to the regulatory landscape, which is continuing to evolve to stay a step ahead of cyber threats, not only maintain compliance but are better able to navigate the complexities of the environment and bolster their cyber and operational resilience.

News

Panasonic Gears Up To Play A Pivotal Role Supporting The Paris 2024 Olympic And Paralympic Games

As a Worldwide Olympic Partner in the Audio/TV/Video Equipment category, Panasonic will contribute to efficient and sustainable event management at Paris 2024.

Wiesbaden, DE. 15th April 2024 – Panasonic Connect Co., Ltd. will supply state-of-the-art AV solutions, including professional displays, broadcast production equipment and projection systems, for the Olympic Games Paris 2024 to be held in France from July 26 to August 12, and the Paris 2024 Paralympic Games, scheduled from August 28 to September 8. As a Worldwide Olympic Partner, Worldwide Paralympic Partner, and charter member of The Olympic Partner (TOP) Programme, Panasonic will collaborate closely with the International Olympic Committee (IOC), the Paris Organizing Committee for the Olympic Games, and the Olympic Broadcasting Services (OBS) to provide robust support for event operations. 

Aligned with the goal to make Paris 2024 an increasingly sustainable event, Panasonic proposes innovative solutions to the industry’s ongoing labour shortage and the challenges of sophisticated visual expression. Panasonic’s IT/IP platform KAIROS will deliver video content to large LED screens at almost all competition venues (26 in total), simplifying workflows and streamlining operations by producing content for up to three venues via a single KAIROS Core. Additionally, remote cameras will be installed in all 29 press rooms. By consolidating simultaneous interpretation at the Main Press Centre (MPC), translation services can be provided from remote locations, reducing the need for travel. These solutions will enhance operational efficiency, addressing hardware and software aspects compared to previous events. 

Marking the largest-ever projector deployment in competition venues at the Olympic and Paralympic Games, Panasonic plans to install 130 laser projectors. Among them is the world’s smallest and lightest projector1, which boasts a 40% smaller2 body than previous models. Panasonic’s labour-saving projection technology reduces resource allocation for transport, storage, and installation, reducing the event’s carbon footprint. Furthermore, Panasonic’s recently unveiled Remotely Managed Service will allow operators to manage and monitor large-scale multi-projection systems via the cloud and address potential image misalignment caused by factors such as vibration without being present on the site. Together, these innovations will contribute to the event’s wish for sustainability. 

Panasonic has been providing AV equipment and services to the Olympic and Paralympic Games for over 30 years, starting in Barcelona 1992. Additionally, in October 2014, Panasonic made history as the first Japanese company to become a Worldwide Paralympic Partner of the International Paralympic Committee, thereby contributing to peace and development in the international community, as well as promoting Para Sports. 

With a vision of “Sharing the Passion”, Panasonic helps to convey the drama, tension, and emotion of elite athletic competition to people worldwide through its sponsorship activities. Panasonic wholeheartedly supports the mission of the Paralympic Games to foster an inclusive society for people with disabilities by uplifting Para Sport. We remain dedicated to creating products and services that cater to everyone, including seniors and individuals with disabilities. 

 

News

Panasonic TOUGHBOOK Innovation Forum to address needs of the hyper mobile workforce

Technology leaders and customers discuss AI at the Edge, 5G and Security and the UK NHS Ambulance Radio Programme

Industry experts will outline how the latest technologies, such as AI, can help address the needs of the modern Hyper Mobile Worker and boost productivity when they gather at the Panasonic TOUGHBOOK Innovation Forum (TIF) on the De Vere Wokefield Estate near Reading on April 18th. Hot topics such as using AI at the edge of the network, 5G and security and how to navigate the complexity of deploying new technology to a mobile workforce will be discussed by technology leaders including Intel, Cradlepoint and Panasonic. Senior Programme Manager Stuart Murphy will also talk through the recent major NHS Ambulance Radio Programme deployment. A significant UK-wide technology implementation that managed diverse stakeholders and successfully delivered a purpose-designed mobility solution.

“In recent years all workforces have become more mobile but at this forum, we are focused on the needs of the Hyper Mobile Workforce. Those that rely on their mobile device daily, in all conditions to carry out their jobs effectively, from the emergency services to field workers and those in transport and logistics. The latest innovations at this forum will demonstrate how these new technologies can transform the way workers operate,” said Chris Turner, Head of Go-To-Market at Panasonic TOUGHBOOK.

For more information on the TOUGHBOOK Innovation Forum visit: https://info.business.panasonic.eu/TOUGHBOOK-TIF-2024.html#form

For those unable to make this event, the next TIF will be in Frankfurt on June 18th.

News

Burendo Awarded ISO 14001 Environmental Management Certification

By adhering to this standard, Burendo is taking proactive measures to minimise its environmental footprint and achieve its sustainability goals

 9th April 2024, Leeds – Award-winning product delivery and technology consultancy, Burendo, has been awarded the ISO 14001 certification, an internationally recognised standard, for its Environmental Management System (EMS). Burendo is dedicated to minimising its environmental impact and continuously improving its sustainability practices. With this certification, it is taking another proactive step towards achieving its goal of Net Zero.

 The ISO 14001 framework provides a structured approach to environmental management. It requires a comprehensive evaluation of all environmental aspects of Burendo’s operations, including activities and services. Through this assessment, Burendo can also pinpoint areas where environmental performance can be enhanced and implement measures to lessen negative impacts. This proactive approach to environmental management will also result in tangible business benefits, such as reduced waste, energy conservation and cost savings.

ISO 14001 certification holds significant value for organisations including:

  • Ensuring management commitment: Requiring top management to lead the implementation and maintenance of best environmental practices.
  • Strengthening stakeholder relationships: Achieving the certification can enhance Burendo’s reputation and improve relationships with its stakeholders. 
  • Improving business development: Providing a competitive advantage as many customers and partners prefer working with environmentally responsible organisations. 
  • Identifying risks and opportunities: Enabling Burendo to systematically assess environmental risks and opportunities.
  • Safeguarding process improvement: Encouraging a positive ethos of continual improvement within Burendo.

Achieving ISO 14001 certification is a significant milestone in Burendo’s sustainability journey, but it is one of many ongoing initiatives. Burendo is committed to exploring new ways to become a more environmentally responsible company and has implemented several eco-friendly practices, including:

  • Actively analysing its processes to reduce unnecessary waste including replacing single-use plastic with biodegradable or reusable alternatives. 
  • Working with partners who share a commitment to environmental responsibility, thus minimising its environmental footprint throughout the supply chain. 
  • Increasing investment in certified Carbon Offsetting programmes, aligned with Burendo’s expansion and operational needs.

“Earning ISO 14001 certification feels like planting a seed. It’s a commitment to watch it grow into a system that nourishes a healthy environment. This isn’t just about following guidelines; it’s about cultivating a culture of environmental sustainability within Burendo. We’re excited to see this create real change and make a positive impact,” said Gary Green, Co-founder of Burendo.  

About Burendo 

Headquartered in Leeds, Burendo is a product delivery and technology consultancy that helps organisations in complex and regulated environments build more adaptable, innovative capabilities to optimise IT investment and to deliver the highest possible value and ROI. 

Burendo has the unique ability to meet clients where they are on their change cycle initiative and thrives on leading the delivery of products and IT services utilising Lean, Agile methodologies, DevOps techniques and Cloud tools to deliver long lasting, sustainable change. Our capabilities, skillset and range of products and services are designed to deliver end-to-end solutions for our customers. Together, it’s possible – we pride ourselves on making things happen.

News

C8 Consulting Appointed as Global PR Agency for VertiGIS

VertiGIS appoints C8 Consulting to drive brand awareness across four key industry sectors worldwide

C8 Consulting, the disruptive-tech PR agency, announced today that it has been appointed by global market leader and provider of innovative spatial asset management solutions, VertiGIS, to work on delivering a media relations programme focused on the national, broadcast, investment and trade media. The goal is to position VertiGIS and its key spokespeople – including London-based CEO, Andy Berry – as experts at the centre of conversations around geographic information systems (GIS).

Headquartered in London, but with multiple offices around the world, VertiGIS is focused on the development of software solutions and services that enable professionals in the utilities, public sector, telecommunications, and infrastructure sectors to connect their business processes with spatial management technology. Based upon decades of industry experience and research into cutting-edge technology, VertiGIS continues to invest in configurable, cloud-ready software that solves real-world challenges for its customers. Since VertiGIS was acquired by Battery Ventures in 2017 the company has been highly acquisitive, with 10 acquisitions under its belt in North America and Europe in the last 7 years, and shows no signs of slowing down, as the company continues to expand its offerings into target industries around the world.

C8 works strategically with global businesses that are actively disrupting their sectors, that are typically in hyper scale growth mode. For VertiGIS, C8 will work to increase overall brand awareness, raise the profile of its versatile portfolio of products and boost VertiGIS’ influence, particularly across the four key industries: public sector, utilities, telecommunications, and infrastructure.

By kick-starting conversations with audiences that matter, C8 is passionate about telling clients’ stories. The media programme with VertiGIS will involve engaging journalists, analysts, key influencers, legislative bodies, and trade associations through edgy and innovative campaigns to secure editorial that resonates with audiences in influential global, national and trade publications.

C8’s breath of industry and media relations experience will enable VertiGIS to amplify its key messages and stay one step ahead of the competition to build its brand and reputation. Ultimately, C8 will deliver value that impacts the bottom line.

Paula Elliott, Managing Director of C8 Consulting, is delighted to be working with such a rapidly growing company: “VertiGIS has remarkable potential. It possesses highly innovative technology and we’re relishing the opportunity to ramp up its visibility across multiple regions. Once we have helped raise awareness of its GIS capabilities, the scope for company growth and development will be even more exciting.”

VertiGIS’ Chief Marketing Officer, Lisa Cottrell, added: “We were keen to find the right agency and people to take our brand forward, and Paula and her team’s approach really stood out. C8 has extensive industry expertise, impressive PR strategies and strong relationships with global media. Their copywriting Content Studio offering combined with their strong media relationships really appealed. The team’s passion for their clients, products, and people really shone through. We are very much looking forward to working with the team at C8.”

Immerse yourself in the world of words – Celebrating 20 years in PR

This year, C8 Consulting will be celebrating 20 successful years in the PR industry by bringing together its esteemed network including clients, partners, and friends of C8 at The Soho Hotel, London on 16th May 2024. This 20th anniversary event will not only give guests the opportunity to network and hear from a host of inspirational speakers, but also the opportunity to hear about some exciting new developments.

Tech

The Impact of Evolving Regulation and Compliance on API Security

By Karl Mattson, Field CISO at Noname Security

Regulations are constantly evolving and becoming more punitive, with larger fines and penalties every year. As a result, there is a collective industry movement towards the continuous improvement of cybersecurity in businesses and their ecosystems. This includes understanding what policies and processes must be implemented to remain compliant.

However, this is not simply a tick-box exercise; it’s about ensuring that organisations have effective safeguards in place to protect their business, their ecosystem of partners, and their customers.

There’s a wealth of new EU legislation in the pipeline designed to tackle cybersecurity risk in critical sectors. The Digital Operational Resilience Act (DORA) focuses on cybersecurity in the finance sector and the Cyber Resilience Act (CRA) concentrates on reducing risk within hardware and software products. The Network and Information Security 2 Directive (NIS2), seeks to raise cybersecurity standards and incident response capabilities in a wide range of critical industries such as energy, communications, water, banking, health, and transport.

Both the DORA regulation and the NIS2 Directive prescribe that businesses must demonstrably protect everything that is valuable to the organisation, such as finances, systems, and intellectual property. DORA complements the NIS2 Directive as well as the General Data Protection Regulation (GDPR).

Regulation as a competitive advantage

As every CISO knows, cybersecurity is a multi-aspect, multidisciplinary activity and no organisation will ever succeed in entirely preventing attacks and breaches. What businesses can do — and what the regulations require — is implement programmes to manage and minimise risk and demonstrate that they are effective.

Rather than view regulation as an onerous task, achieving compliance enables organisations to gain a competitive advantage. Indeed, as new regulations come into force, organisations are likely to find that many of their partners will require proof of compliance before doing business with them.

Achieving compliance with NIS2 and DORA will be a lengthy process, therefore getting started sooner rather than later is imperative. Additionally, the more resilient the organisation becomes against cybercriminals and risks, the easier it will be to pass regulatory audits.

The implications of DORA for API security

DORA is a crucial legislative framework that mandates operational resilience for financial institutions such as banks, credit institutions, insurance companies or insurance intermediaries, pension funds, investment firms, payment service providers, and e-money institutions, within the EU. Our research indicated that 44% of financial services organisations received regulatory fines resulting from an API security incident in 2023.

Coming into force in January 2025, it requires organisations to prepare for and withstand operational disruptions, including cyberattacks and technology failures. In addition, DORA also applies to third-party IT providers, such as data centres or cloud service providers that deliver services into this sector. In total, more than 22,000 financial institutions and IT service providers in the EU are affected.

DORA sets out several requirements that have implications for API security, namely:

 Digital operational stability: This involves organisations implementing regular testing programmes that identify potential gaps, vulnerabilities and/or deficiencies with digital operational stability such as network security tests, penetration tests, web-app tests, and more. Conducting mandatory reviews based on threat-led penetration testing (TLPT), depending on the size, risk and business profile of the financial enterprise is important, as is regularly testing APIs for vulnerabilities.

DORA outlines examples of security testing, including web-based application and API testing. This includes utilising public-facing resources such as the Open Web Application Security Project (OWASP) API top 10 threats, which helps to identify errors in configuration, weaknesses, logic flaws, and code issues that may allow threat actors to gain access to, manipulate, or otherwise control organisational resources.

Governance and strategy: There is now increased responsibility for management bodies with regard to IT risk management and compliance with security regulations. This includes increased audit plans and specialised training.

NIS2 a step forward for EU cyber resilience

Coming into force in October 2024, the NIS2 Directive is the most comprehensive European cybersecurity directive to date. It has stricter requirements for risk management and incident reporting, covers a wider remit of industries, and features increasingly hard-hitting financial penalties for non-compliance.

While it does not specifically mention APIs, NIS2’s requirements for enhanced cybersecurity, risk management, incident reporting, and supply chain security have significant implications for the security and management of APIs in organisations subject to the directive. For example:

  • Increased Security Requirements: NIS2 imposes stricter security requirements on organisations, including those related to the protection of information systems. As APIs are integral to the functioning of many digital services, ensuring their security becomes crucial under NIS2.
  • Risk Management: Organisations are required to adopt appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems. Since APIs can be potential attack vectors, they need to be included in risk management strategies.
  • Incident Reporting: NIS2 mandates the reporting of significant cybersecurity incidents. As APIs can be involved in or affected by such incidents, organisations need to have mechanisms in place to monitor, detect, and report API-related incidents.
  • Supply Chain Security:The directive emphasises the importance of securing the supply chain, which includes third-party services and software. As APIs are often used to integrate external services, ensuring their security is essential for compliance.
  • Critical Sectors: NIS2 extends its scope to cover more sectors, including digital infrastructure and digital services providers. For these sectors, where APIs are extensively used for integration and service delivery, ensuring API security becomes a priority.

 APIs are critical to business transformation and lie at the heart of corporate strategies for growth and innovation. However, they also represent a considerable security risk. Traditional controls like API gateways and web application firewalls (WAFs) leave APIs vulnerable to targeted attacks or malicious abuse, making them a top attack vector for web applications. Attacks that cause data breaches or compromise performance can lead to regulatory fines, reputational damage, and lost revenue.

With the escalating regulation requirements, organisations must also look at what they need to put in place through the lens of API security. API security should be a priority for every in-scope organisation if they are going to remain compliant with NIS2 and DORA.