Tag Archives: Risk

Cybersecurity, News

CHAS teams up with NormCyber to help contractors control cyber risk

NormCyber, the award-winning managed security service provider, has teamed up with CHAS, the trusted expert in supply chain compliance, to offer CHAS members an easy and affordable way of managing cyber risk. The agreement provides CHAS members – which include more than 35,000 contractors and more than 2,000 client organisations across sectors including construction, facilities management and manufacturing, to name a few – with access to Norm.’s range of award-winning managed cyber security services at a preferential rate.

Norm.’s services are designed to meet the cyber security needs of mid-sized organisations that may not have the in-house expertise or resources to protect their operations from ever-more sophisticated threats. From today, CHAS members are entitled to exclusive discounts on the company’s all-encompassing Smartbloc. service, which provides complete visibility and real-time monitoring of a company’s people, processes and technology to reduce the risk of attack. Other available services include: Cyber Essentials and Cyber Essentials PLUS certification; Cyber Safety and Phishing; and the Essential Cyber Security Bundle, which includes vulnerability management and 24/7 threat detection and response.

“CHAS has a strong track record of helping contractors and clients raise standards of risk management across a wide range of issues within multiple sectors,” says Pete Bowers, COO at Norm. “We are excited to partner with CHAS to extend this influence to cyber risk and help contractors within the sectors in which they operate raise their cyber security standards.

“The construction industry, for example, has an unwanted reputation in the cyber underworld – high-value transactions make it an attractive target, while complex supply chains and the widespread use of third-party contractors give hackers plenty of attack options. Norm.’s services will help CHAS members within the construction industry and elsewhere shore up their cyber security defences cost-effectively and conveniently.”

Ian McKinnon, Managing Director at CHAS, adds: “Cyber security is an ongoing and ever-evolving challenge for our members, yet many organisations lack the internal expertise to manage this issue effectively in-house. We are delighted to team up with Norm to offer our members an easy and affordable solution.

“Our agreement with Norm will enable CHAS contractors to tackle this challenge head-on and is yet another example of CHAS’s commitment to helping members simplify and streamline their risk management processes.”

Cybersecurity, News

Threats Exploiting Employees a Concern For Microsoft 365 Users

Egress Report Cites Cyber Security Experts, Offers Recommendations to CISOs Representing the 1 Million Companies Deploying Microsoft 365

LONDON, UK – 21st June 2022 – Egress, the leading provider of intelligent email security, has today issued a report identifying a number of security risks facing users of Microsoft 365, which along with its suite of tools, is expected to be relied upon by more than one million companies and over 250 million users[1].

Click here to read the full report: https://pages.egress.com/Whitepaper-EmailRisksInMS365-06-22_2021-Landing-PAGE-eBook.html

The threat analysis has been compiled by leading experts in cyber security. Lisa Forte is the co-founder of Red Goat Cyber Security LLP, Robin Bell is the Chief Information Security Officer, (CISO) at Egress, and Jack Chapman is the VP of Threat Intelligence at Egress. Their collective insights provide both the context associated with perceived risks as well as recommendations for CISOs to reduce both inbound and outbound risk, protecting their people, organization and customers.

Overall, the expert panel felt Microsoft 365’s native security capabilities offered good, basic email protection from phishing, and data loss prevention (DLP) tools for dealing with outbound data loss. However, the group also believes that there remain issues requiring enhanced protection from highly advanced inbound phishing threats, outbound data loss, and exfiltration events that cannot be reduced by static DLP.

“Microsoft’s protection now rivals Secure Email Gateways (SEGs), but there remain substantial gaps in its email security. Both Microsoft and SEGs struggle to detect the most sophisticated social engineering attacks,” said Jack Chapman, Egress VP of Threat Intelligence. “Topping the list are threats that target and exploit individuals such as phishing attacks, and outbound risks such as data loss caused by human error or intentional exfiltration. CISOs must evaluate their level of protection and augment their existing email security with additional layers of technology where required, to protect their employees and their data.”

Snapshot of Email Risks in Microsoft 365

  • Phishing: credential theft, leakage of sensitive/regulated data, navigating users to malicious URLs, requesting multi-factor authentication (MFA) codes, and ransomware.
  • Human Error: autocomplete of the incorrect email recipient, complex, manual management of customizations and settings.
  • Deliberate acts of data exfiltration for as yet unknown use cases that are not covered by policies.
  • Reporting is limited when seeking to understand the level of risk from phishing emails.

Microsoft 365 – CISO Security Recommendations

To CISO’s responsible for the safe deployment and use of Microsoft 365, the Egress report offers a number of key recommendations, beginning with a question – how much do I understand? Framing this guidance is that any tool or service is more easily deployed when it is user-friendly and frictionless.

Understanding begins with CISO’s who must analyze the risks their organization faces in order to prioritize the right layers of security across people, technology, and processes. Further, they must understand the limits of Microsoft 365 and seek to avoid a cookie-cutter cyber approach. A comprehensive, holistic view of the risk is invaluable to identify the products that will complement and seamlessly integrate into your business environment to manage and reduce risks.

This approach must also extend to employees. To reduce human-activated risk, businesses need to reinforce widespread staff training and back it up with intelligent email security tools to catch moments when employees are prone to making mistakes.

According to the 2022 Egress report, Fighting Phishing: The IT Leader’s View, over the past 12 months, 85% of organizations were victims of phishing, 60% of organizations were hit by ransomware, and 40% of organizations had credentials stolen.

[1] Statista: Number of Office 365 company users worldwide as of June 2022, by leading country

For more information and interview requests, contact Jordan Brackenbury at PR@Egress.com

News

FullCircl Releases Company Group Explorer

A Unique Way to Visualise and Explore Company Hierarchies for Easier Onboarding and Risk Management

London, 13th June 2022: FullCircl, the Customer Lifecycle Intelligence (CLI) platform that helps B2B companies in financially regulated industries do better business faster, is delighted to announce the launch of its new Company Group Explorer, a visual way to discover company hierarchies so that banks, FSIs and insurance businesses can improve onboarding speed and reduce risk.

This is the first of many significant feature releases made possible through the integration of Artesian and Duedil technologies following the merger last year, under the FullCircl Customer Lifecycle Intelligence proposition. Built upon the Business Information Graph (B.I.G™), which ingests and matches data from over 40 different validated and verified sources such as credit bureaus, Companies House and HMRC, Company Group Explorer makes it easy for sales and risk analysts to navigate entire company structures, drill into parent companies and subsidiaries, and understand international linkages to:

  • Understand an organisation’s hierarchy
  • Identify relationships between customers/prospects and other group entities
  • Understand Ultimate Beneficial Owner (UBO) data

Commenting on this feature release, Shazia Anthony, Senior Product Marketing Manager at FullCircl, commented:

“Company Group Explorer makes it easier for our clients in regulated industries to understand a customers’ true company structure, whether prospecting for group opportunities, performing due diligence checks or increasing underwriting acumen.”

“Our roadmap is packed full of new features leveraging the best of our combined technologies, which will ensure we continue to deliver the richest, deepest, and most meaningful insights to our customers.”

News

Jamie Graves appointed as CEO of Uleska to accelerate growth and expansion plans

Belfast, UK – March 9, 2022 – Uleska, a leading DevSecOps platform that helps organisations effectively reduce software security risks and IT costs, today announced it has appointed ex-ZoneFox chief, Jamie Graves, as CEO to help support the company’s growth and expansion plans.

The DevSecOps market is estimated to reach over $23 billion by 2028, which has been driven by the significant security benefits organisations are seeing in addressing vulnerabilities in code and software before it is publicly released. However, a key challenge organisations face when transitioning to DevSecOps is a lack of security integration tools, which can seamlessly fit into the Software Development Lifecycle, without slowing down the development process or overburdening DevOps teams with false positives.

Uleska plays a critical role in tackling this challenge, by offering organisations an orchestration platform designed to help software and development teams work together efficiently, to remediate vulnerabilities and implement effective security measures with ease and speed, while minimising false positives.

“One of the biggest challenges organisations face when implementing DevSecOps is that it adds cumbersome security checks, which generate false positives and slows down agile development. This costs organisations both time and money and often results in friction between development and security teams. Uleska is tackling this challenge by streamlining the process and enabling security and development to work together effectively and collaboratively. I am delighted to be appointed as CEO of Uleska as I believe the platform offers major benefits to organisations that are looking to reduce their risk exposure by adopting DevSecOps,” said Jamie Graves, CEO of Uleska.

In addition to the appointment of Graves, Uleska’s founder Gary Robinson has taken on the role of Chief Security Officer, while the company has also appointed Raquel Soares as Chief Marketing Officer and Martin Hewitt as Chief Product Officer. The newly instated leadership team will play a key role in helping Uleska meet its growth and expansion targets, while making valuable updates to the platform to better serve their customers’ growing and evolving security needs.

“I believe there is a huge opportunity for Uleska to help organisations improve their defences against cybercriminals by working to remediate vulnerabilities in code, before software is released. This offers organisations significant security and cost savings and will ultimately play a critical role in building a safer and more secure digital future,” continued Graves.

Uleska’s automation and collaboration platform allows security teams and developers to work together to solve security vulnerabilities in software quickly, before it’s released. The platform allows its customers to automatically scan their software with a wide range of application security tools, without the manual overhead, which results in a 20 times faster time-to-value in terms of set-up, training and running the tools, and results in an 80 percent cost reduction in the ongoing running and operation of these tools. Through the reduction in costs and speeding up the AppSec process, Uleska is allowing organisations to achieve more with fewer resources, thus allowing teams to focus resources on the issues and metrics that matter.

News

Sedex report highlights inequalities and risks for women in agriculture, alongside solutions to progress gender equality in supply chains

London, 8 March 2022: This International Women’s Day, Sedex releases a report which reveals inequalities, challenges and risks for women working in agriculture. The findings, released today in the report “Progressing gender equality in agriculture”, provide crucial insight and actions for organisations sourcing from agricultural industries, supporting to drive gender equality in supply chains.

An estimated 28% of people working globally are in the agricultural sector [1], making it a major employer that many businesses are connected to through their supply chain. Agriculture is also one of the world’s most hazardous industries for workers [2].

Women comprise about 43% of agricultural workers [3]. While this work provides crucial economic opportunities, female workers in agriculture are often more exposed to physical, financial and other risks than their male counterparts. Understanding these risks and what actions businesses should take to address them are key to progressing gender equality in supply chains, with gender-disaggregated data a key enabler.

“Sedex’s insights into women’s working situations in agriculture help organisations to identify risks, focus their efforts, address negative impacts, and drive positive change for female workers. These activities are more crucial than ever, as businesses face growing pressure from investors, consumers and governments to operate more responsibly and sustainably.” Jessica McGoverne, Director of Policy and Corporate Affairs at Sedex

High-risk issues within agriculture vary between countries, but some are consistently high, including insufficient wages and irregular employment – with women often more vulnerable. Gender stereotypes and the roles women have at work also make them vulnerable to many risks that are already high for agricultural workers. Multiple factors, including age, ethnicity, and religion, can intersect to increase this vulnerability.

Women are more likely than men to be in lower-paid roles with less decision-making power. Women tend to be excluded from leadership roles. At agricultural sites in Sedex data, women make up only 21% of manager positions and 31% of supervisor positions, and accounted for only 38% of promotions from 2020-2021. This lack of representation can detract from progressing gender equality.

Women are underrepresented in structures that act as enablers for change.

Alongside underrepresentation in management roles, Sedex data shows women comprise only 38% of worker committee members in agriculture work sites.

“Gathering gender-disaggregated data and assessing risk is crucial for protecting workers and improving gender equality. Sedex members are able to access and model data that helps to assess where risks of irresponsible behaviour in supply chains exists. This allows organisations to focus resources in the areas that need the most improvement – whether in terms of gender equality and representation or other factors like health and safety risk assessment. Sedex provides a platform, tools and consulting services to aid companies to improve their sourcing practices”, says McGoverne.

[1] https://ilostat.ilo.org/100-statistics-on-the-ilo-and-the-labour-market/ – no.36

[2] https://www.ilo.org/safework/areasofwork/hazardous-work/WCMS_110188/lang–en/index.htm

[3] https://www.cgiar.org/news-events/news/cgiar-celebrates-international-womens-day-2021/

News, Retail & E-commerce

Risky retailers – 60% are now more likely to take risks, research shows

60% of UK retailers are taking more business risks than before the Covid-19 pandemic.

According to research conducted by Opinium and LiveArea, a Merkle Company, businesses are reacting to changes in consumer behaviour and gambling on new services or offerings.

As well as taking more risks, the process of implementation has sped up. When it comes to approving new products, features, or solutions, over half (54%) stated that approval process has become quicker as a direct result of the pandemic. Moreover, 64% of businesses are quicker at making business decisions and 23% are much quicker.

When introducing new ideas to the market, technology was seen to be the main driver. 6 in 10 (60%) stated technology drove innovation, while nearly half thought that profits (49%) and customer demand (48%) were key drivers.

‘The pandemic has highlighted some of the glaring faults in many retail companies. For too long they have feared introducing new technology, utilising new platforms, or stepping outside their traditional audience,” said Samantha Mansfield, Senior Strategy Director at LiveArea, a Merkle Company. “This can simply no longer be the case – brands need to take risks but do so in a data driven manner. The keys to modern retailer success lie in being able to innovate, test, and rollout new products, services and features quickly, and then having the insight and flexibility to consistently optimise its performance. Companies able to so will thrive in our new digital first economy.”

About the research

The study was developed by LiveArea, a Merkle Company and conducted in July 2021 by independent research agency Opinium, surveying 150 decision makers* across retail in the UK.

*Decision makers include owners, chief executives, managing directors, directors and managers

About LiveArea, a Merkle Company

LiveArea, a Merkle Company is an award-winning global customer experience and commerce agency. We bring the full potential of digital business to life, helping brands create meaningful and lasting customer connections. Fusing creativity, strategy, and technology, our services include NXT IntelligenceTM, product innovation, connected commerce, service design, performance marketing, and orchestrated services. We bring together world-class commerce technology, building and launching innovative products and services powered by data-driven insights to elevate customer relationships – online and in-store. We deliver B2B, B2C, and D2C solutions to clients in health and beauty, fashion and apparel, luxury, consumer packaged goods, retail stores, healthcare, and automotive. For more information, visit www.LiveAreaCX.com.