TechMER, a member of the MER Group, launched its new Modular Vehicle Intercom System (mVIS) for armored vehicles, at ISDEF 2019

Creating a Smarter Future

TechMER, a member of the MER Group, launched its new Modular Vehicle Intercom System (mVIS) for armored vehicles, at ISDEF 2019

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on skype
Skype
Share on whatsapp
WhatsApp
Share on email
Email

mVIS (Modular Vehicle Intercom System) is the next generation of military-grade integrated communications system for armored and command & control vehicles. An IP-based radio system (RoIP) that unifies internal and external communications, distributing it to the individual users within the vehicle and throughout the chain of command, mVIS allows tactical ranks on all fronts to speak to each other directly, continuously and securely.

TechMER’s innovative RoIP integrated communications system enables smarter, more effective use of ACV communications systems and new operational capabilities, supporting the modern battlefield’s tactical communications requirements, by enabling connectivity across the various ground forces, under the command and control of headquarters and rear command posts.  

According to Itzhak Schwartz, TechMER CEO “With mVIS integrated communications system, forces can enjoy the benefits of a dynamic tactical RoIP network that enables direct connectivity between operational forces independent of mediators, and supports real-time collaborative decision making.  Over the past 20 years TechMER has supplied communication systems for Merkava Mk4 tanks and military forces across the world, leveraging the vast operational and technical knowledge it has acquired over the years, to design the next generation ACV communications system, mVIS.”  

The breakthrough technology developed by TechMER in Sderot has resulted in a flexible, dynamic and highly redundant RoIP network, suitable for rapid deployment on all vehicle types.

mVIS was officially launched at the 2019 ISDEF Exhibition, showcasing the system’s modern user interfaces, designed for smartphone-generation soldiers.

Special update for Microsoft RDP vulnerability patch

Creating a Smarter Future

Special update for Microsoft RDP vulnerability patch

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on skype
Skype
Share on whatsapp
WhatsApp
Share on email
Email

Independent LTE Networks Can Save Lives

Creating a Smarter Future

Independent LTE Networks Can Save Lives

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on skype
Skype
Share on whatsapp
WhatsApp
Share on email
Email

Since September 11, 2001 tragic day, municipal authorities and search & rescue around the world have been working together to boost urban defense networks and improve tactical communication and interoperability among first responders in times of emergency. That’s certainly a step in the right direction: interoperability – the deployment of unified connectivity schemes that combine multiple communication and teleprocessing technologies, frequencies, and protocols – enables better coordination and synchronization between forces in the field and allows for maximum control over the scene.

This capability helps to save the lives of civilians, as well as first responders, and search & rescue authorities.

Today, more than ever, it’s clear that the only way to effectively manage a state of emergency is to deploy a dedicated network that connects all the forces in the field on a single platform and enables them to send and receive real-time video footage of the events. In cases of emergency where civilian communication infrastructures are down or become inoperable, as a result of physical damage caused by a natural disaster or due to overloads during a terror attack, a mobile, interoperable 4G LTE tactical cellular network can provide a continuous channel of communication for responders. This type of network can also be used to facilitate communication with distant areas where cellular coverage is not normally available.

Tactical Cellular Networks for Municipalities

With the aim of improving a city’s ability to respond to emergencies, many municipalities around the world have set up mobile tactical LTE networks to help them manage emergency situations quickly and effectively. This technology allows authorities to comply with national emergency demands, which require that they respond quickly to a range of emergency scenarios, from terror attacks and mass accidents, to nature disasters and incidents involving hazardous materials.

The tactical control system that was set up in Towers 1 and 3 of the new World Trade Center after the September 11 attacks relies heavily on LTE and RoIP technologies. These solutions allow first responders to synchronize their communications using cellular, UHF, and VHF devices. In times of emergency, federal agencies and first responders can communicate with one another in a heterogeneous radio environment while retaining the ability to communicate with users outside the system, such as authorities using traditional radio systems. This means, that the police and fire departments, who normally operate on separate frequencies, can communicate with one another without making any changes to their standard communication protocols.

Moreover, LTE technology can be used to relay information from a wide range of sensors, such as CCTV cameras, helmet and body cameras, still cameras, infra-red imaging devices, wiretap microphones, fire-detection thermometers, and more. In addition, bandwidths available to mobile and independent LTE networks are substantially higher than those of public networks, due to the relatively small number of users and thanks to specialized configurations for bandwidth optimization.

Videos, images, and other files can be transferred at high speeds to first responders, medical teams, tactical teams and even the media, creating a fully synchronized ecosystem. This also ensures that decision-makers remain informed and medical specialists or off-site command centers can watch real-time video feeds from the forces in the field and decide how to respond to a particular threat or situation.

The fact that communication is done on a data network adds a whole new layer of operational capabilities, by enabling users to install and use tactical applications for even faster, more efficient communication. Some useful applications include: Push-to-Talk, which allow for instant two-way communication during an event. Other possible applications include chat apps, instant messaging, or file sharing – all at high speed and in real time. Data networks also enable the use of layered maps to display the position of the forces in the field, this increases situational awareness for first responders, enhancing the commanding officers’ ability to manage and control the situation.

MER offers a wide range of tactical communication solutions, including mobile LTE networks, mobile command centers, and advanced RoIP systems. The company’s solutions have already been implemented within a large number of government, military, and civilian authorities in Israel and around the world

כמו להגן על הבלון מהסיכה”: איך מאבטחים אירועי ענק”

Creating a Smarter Future

כמו להגן על הבלון מהסיכה”: איך מאבטחים אירועי ענק”

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on skype
Skype
Share on whatsapp
WhatsApp
Share on email
Email

בישראל מתקיימים, מידי שנה, לא מעט אירועים המוגדרים כמגה-אירוע ונדרשים למעטפת ביטחון מיוחדת. למרות האתגר העצום הטמון בכך, הוכח שניתן לעבור בשלום מגה-אירועים בינלאומיים ומתוקשרים בישראל. מה צריכה תוכנית אבטחה לאירוע כזה לכלול? איך טכנולוגיות העיר החכמה יכולות לעזור? והיכן ניתן למנף את יישומי ה-IoT? ראיון מיוחד עם צחי פרישברג, ראש תחום פתרונות HLS חכמים בקבוצת מר, לקראת אירוויזיון 2019

לחצו לראיון המלא

  

Promisec of MER Group has been shortlisted for the 20 Most Promising ‘Enterprise Security Solutions’

Creating a Smarter Future

Promisec of MER Group has been shortlisted for the 20 Most Promising ‘Enterprise Security Solutions’

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on skype
Skype
Share on whatsapp
WhatsApp
Share on email
Email

The Cyber Threat to Japan and the 2020 Olympic Games in Tokyo

Connecting the Dots

The Cyber Threat to Japan and the 2020 Olympic Games in Tokyo

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on skype
Skype
Share on whatsapp
WhatsApp
Share on email
Email

Japan - target for Cyberattacks

In recent years, Japan has become a major target for cybercriminals, falling victim to multiple attacks, many of which resulted in huge loss of data, leaked information and serious damage to organizations’ finances and security status. The businesses targeted cross a broad range of segments from chemical, satellite, medical and food to automotive, communications, energy and finance. Among the most prominent cyber incidents in recent years are:
  • January 2018 – A Japan-based cryptocurrency exchange lost $530 million worth of cryptocurrency NEM in a hack – possibly the largest cryptocurrency heist of all time.
  • April-May 2017 – A global “ransomware” cyberattack hit computers at 600 locations in Japan. Cybersecurity researchers subsequently uncovered a growing cyber-espionage campaign originating in China, targeting construction, engineering, aerospace and telecom companies not only in Japan, but also in the U.S. and Europe.

    Japan cyber threat

  • September 2016 – Japanese Defense Ministry and Self-Defense Forces (SDF) communications networks linking SDF bases and camps were compromised.
  • May 2016 – An ATM heist involving around 1,400 machines in convenience stores resulted in the loss of 1.4 billion yen ($12.7 million).
  • June 2015 – Japan Pension Service (JPS) was hacked, resulting in the exfiltration of personal data belonging to 1.25 million people.
  • April 2012 – A hack of Japan’s Ministry of Agriculture, Forestry, and Fisheries resulted in more than 3,000 documents being exfiltrated to a foreign destination, including 20 classified documents on negotiations on the Trans-Pacific Partnership (a broad free-trade agreement). According to press reports, the hackers searched Ministry computers for TPP documents, transferred all that were found a single computer, and then compressed them to make them easier to send.[1]
Cyberattacks in Japan

Cyber threats to Japan are becoming even more challenging as the country heads towards the 2020 Tokyo Olympics, a platform that hostile cyber actors are likely to use to gain publicity, strategic advantage, and criminal profit. Japanese officials have already said that they are expecting to be targeted by a range of cyber threats, from phishing websites that sell fake entry tickets, to ransomware and cyber espionage, and even more extreme scenarios, like attacks against securing critical infrastructure.

The Olympic Games could provide an opportunity for actors, perhaps sponsored by other states, to target visiting politicians, journalists, and other individuals who may be sources of intelligence. The massive gathering in Tokyo presents cybercriminals with a huge audience and “easy prey”, whereby hacking compromised hotel and public WiFi networks and using malware will enable them to obtain sensitive information like credit card details etc. This is not mere speculation – it has happened in previous Olympic Games: major cyber attacks hit the  London Olympics in 2012, including DDoS attacks on power systems that lasted for 40 minutes, and at the Rio Olympics in 2016. The Japanese concern is therefore justified. 

The GDPR – Forget Everything You Knew About Data Protection

Connecting the Dots

The GDPR – Forget Everything You Knew About Data Protection

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on skype
Skype
Share on whatsapp
WhatsApp
Share on email
Email
The new General Data Protection Regulation (AKA GDPR) is not another directive; in May 2018 it is set to become an enforceable law that will change the world of data protection as we know it.

How it all began

On April 2016, the EU parliament approved the new regulation, replacing the current directive, according to which businesses have been operating for the past 20 years. 

Organisations that work with or process EU residents` data were given a two-year transition period to plan for and implement the necessary changes to their daily processes and policies. This two years period is about to end.

The Regulation: Different types of entities

First, it is important to understand the two types of entities to which the regulation refers:

“Data controller” – a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed.

“Data processor” – any person (other than an employee of the data controller) who processes the data on behalf of the data controller. 

The Major Differences

Although the new regulation maintains key principles of the previous directive, it includes various changes. Here are some of the major ones:

1.     Business location – The regulation has extra-territorial applicability, meaning that whether your company is controlling the data or just processing it, if that personal data is of subjects residing in the European Union, this regulation applies to you. 

2.     Heavy Penalties – Don’t say you didn’t know! Organisations found not compliant with the new regulation will be heavily fined with up to 4% of annual global turnover or €20 Million (the greater of the two).

3.     Request for consent – Want to use personal data for business purposes? You will now need to obtain explicit consent from the user prior to using the information. This will be done by presenting the user with an easily understood terms and conditions form, which will also contain the purpose for which the data is processed.  

4.     Breach Notification – Have been breached? If that breach puts the personal data you are controlling or processing at risk, you may be obligated to report it within 72 hours. Exposure of this kind of information could not only cause financial damage, but also leave a significant stain on the company’s reputation. 

5.     Transparency – Data subjects will be able to obtain, from the data controller, a confirmation as to whether information concerning them is being processed by the controller, in what form and for what purposes. The data controller shall provide the subject with a copy of the personal data being held free of charge. 

6.     Right to be forgotten – In the case that the data subject withdrew its consent or that the processing of the data is no longer relevant to the original purpose, data subjects will have the right to ask the data controller to completely erase their information, stop processing and disseminating it. 

7.     Data Portability – Data subjects will have the right to receive the personal data form previously provided to a data controller, in order to transmit it to another controller.

8.     Privacy by design – This will no longer be considered an addition to a product, rather a legal requirement that must be included from the beginning of the product design. 

9.     Data Protection Officers (DPOs) – Certain organisations will be obligated to appoint a Data Protection Officer, who will be responsible for overseeing the organisation`s data protection strategy and implementation, and to ensure compliance with the new regulation. 

It is important to note that the regulation does not specify a framework for adherence, but puts the responsibility on organizations to maintain best practices for data security.  That means each organization has its unique needs and adaptation when it comes to the GDPR. 

GDPR and BREXIT

UK Businesses might ask themselves whether they should prepare for the new regulation. As they are due to leave the European Union following Brexit, will it apply to them?  

The answer, in short is YES. Here’s why: 

1.     The UK is scheduled to leave the EU on March 2019, meaning it will still be part of the EU when the regulation is due to come into force (May 2018). 

2.     Since the regulation applies to any organisation that works with or processes EU residents’ data, most UK businesses will still have to comply with the regulation, regardless of Brexit.  

3.     This August, the British government published its statement regarding the country`s data protection bill. Much of the bill aims to implement the GDPR, meaning that either way, UK businesses will need to be compliant.

Final note
So, there you have it. If you’re in the world of data protection and working with the data of any EU individuals, you better start thinking fast. You have until May 2018 to plan and implement a system that’s compliant. It’s no longer an option, it’s now the law. 

The GDPR – 5 steps to start from

Connecting the Dots

The GDPR – 5 steps to start from

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on skype
Skype
Share on whatsapp
WhatsApp
Share on email
Email
You know you need to make changes to your data protection processes. You've read, learnt and accepted your fate. You've even negotiated a budget and resources. So, what now? And how will you get it all done for May 2018 when the regulation becomes law?

If you too are feeling a little overwhelmed, we've prepared five simple steps to get you started:

 
Increase Awareness

When it comes to data, privacy and cyber security, your employees are the first line of defence. Make sure all of your employees are well aware of the new regulation and its key principles, as well as the threats the company is facing. 

This includes tailored training for all employees, from security and management teams through your administrative department. One great solution would be to implement an Anti-Email Phishing program that uses an interactive approach and simulating real-world email phishing attacks to help prepare employees for the real thing.  

Data Mapping

Ask the following questions to map the information your company holds:

What data do we have?
Where is it held?
Who has access to it?
Are there any 3rd parties with access to this information? This task can be incredibly tedious and often error prone. There are many tools on the market to help you out with this task.  

Remember – As of May 2018, knowing what data you have will not only be a convenience, but rather your legal obligation. 

 

Map the Data’s Journey

From the moment it arrives with the company until it is processed and saved, either by you (as a ‘data controller’) or by your ‘data processor’.  Distinguish between the different types of information:

1.     Information about your company – this might include information about your products, research and development, business practices and processes, employees, and the state of your finances

2.     External information – customers’ information that is being controlled and processed. For the purpose of GDPR, you need to have a complete view of the ‘data journey’ – where it is stored, how it is processed, through which 3rd party companies has it passed, etc. 

Data Protection Impact

Assessment (DPIA) or a Gap Analysis 

This is an assessment of your organisation’s current security level as well as its level of compliance with the regulation. This will help you identify and prioritise the key areas your organisation must address ahead of May 2018.  

Remediation Plan

according to the results of the gap analysis, initiate a remediation plan with clear, prioritised tasks. This may include the implementation of various cyber security products, training programmes, subscription to threat intelligence feeds, conducting a risk assessment to your data processors, establishing an incident response plan and much more.

Final note

We recognize that preparing your organization to comply with the GDPR is no small feat. The above five items are a solid start, but you should also consider using the services of a single service provider to manage the entire operation from start to finish – from data mapping to the implementation of the remediation plan. In the case that you do choose to work with a service provider, be sure they have a deep familiarity with the regulation, turn-key capabilities and connections to the latest cutting-edge cyber technologies.


Good luck! 

 HLS & Cyber

Connecting the Dots

 HLS & Cyber

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on skype
Skype
Share on whatsapp
WhatsApp
Share on email
Email

3 Basic cybersecurity rules to keep your company safe – Tips from our experts

Connecting the Dots

3 Basic cybersecurity rules to keep your company safe – Tips from our experts

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on skype
Skype
Share on whatsapp
WhatsApp
Share on email
Email
Cybersecurity is not only about buying expensive IT security products. As a global company, we meet daily with companies of all sizes - from small businesses to big enterprises.
Surprisingly enough, while all companies have security products embedded in their systems, none seems to implement the very basic protocols that would keep them safe from cyberattacks.
While there is no bullet proof strategy to avoid cyberattacks, here are some basic tips that can help keep your company safe:

1.       CYBERSECURITY IS A TEAM EFFORT

In many organizations, cybersecurity is still believed to be an IT issue only. This perception is simply wrong. When cyber incidents occur, they affect a wide range of departments within organizations and require their immediate responses. The departments listed below should have clear processes in place to respond to any potential cyberthreat. Their involvement before (prevention), during (response), and after (conclusions) a cyber incident is crucial to strengthen cybersecurity.

The Legal Department  when it comes to cybersecurity, it is always good to have an attorney by your side.

  • The legal department role includes drafting internal policies, procedures, and contractual provisions regarding discovery, investigation, remediation and reporting of breaches. The goal here is to minimize any legal damage that could result from potential data breaches.
  • It also includes investigating incidents to determine the scope of a breach, and analyzing requirements under applicable laws and regulations. 
  • Cyber incidents may expose companies to lawsuits from customers whose personal details are compromised.  At the executive level, directors are also liable for breach of fiduciary duty and duty of care, which are both binding obligations.
  • The cyberattack at Target in 2013, and resulting lawsuits, are striking examples of heavy legal consequences resulting from cyberattacks.  As a reminder: in November and December of 2013, Target Corporation suffered one of the largest cyber breaches to date. The breach resulted in personal and credit card information of approximately 110 million Target customers being compromised.  More than 140 lawsuits were filed following the breach (1)

Human Resources (HR) – what is the connection between HR and cybersecurity you might ask?

Well, the HR department:

  • Works with the most sensitive personnel data. While this information is a goldmine for attackers, it is often left unprotected and vulnerable to attacks.
  • Ensures that new employees have not brought any sensitive data or information with them from their previous places of employment – or conversely, ensures that former employees no longer have access to their online accounts as soon as they leave their positions.
  • Plays a vital role in communicating risks and lessons learnt from previous cyber incidents.
  • Helps the IT department develop and disseminate security procedure guidelines across the organization.

Communications/Media – The way a company responds to a cyber incident, along with its communications with those affected by the incident, can greatly affect its success in retaining customers.

  • According to a recent survey(2) 29% of existing customers would discontinue relationships with the company after a data breach.
  • The General Data Protection Regulation (GDPR), which will become applicable in the European Union in May 2018, reinforces the need for transparency and efficient communications.  In a GDPR-post world, companies will be legally obligated to disclose sensitive information regarding cyber incidents on their systems, within 72 hours. Therefore, IT and communications teams should have processes in place to ensure the quick response required by the GDPR.

C-level – It is a well-known fact that C-suite executives are responsible for mitigating business risks, while IT delivers the technological support that drives the business.

  • In today’s hyper connected world, it is almost impossible to separate business from technology.
  • The threat of cyberattacks is now just part of the day-to-day reality of doing business, therefore it is critical to include the C-suite in incident response and table-top exercises, so they fully understand their roles, as well as the potential cost of an attack.
  • Having firsthand experience of an attack, even a simulated one, means the C-suite will gain awareness, which is vital to driving a top-down security-focused culture.

2.      CREATE A HUMAN FIREWALL

When it comes to cybersecurity, your employees are the first line of defense. It is everyone’s responsibility – from board members, to the secretary sitting at the front desk.  To create a cybersecurity culture in the organization, the following values should be emphasized : 

  • Awareness – The focus will be on uninformed users who can do harm to your network by visiting websites infected with malware, responding to phishing e-mails, postponing software update and data back-up, storing their log-in information in unsecured locations, or even giving away sensitive information over the phone when exposed to social engineering. Employees must be aware of those various risks, and trained to respond accordingly.
  • Readiness/Cybersecurity Drills – A fire drill is a practice of the emergency procedures to be used in case of fire. Why not practice the emergency procedures to be used in the case of a cyberattack? Make sure to practice cybersecurity drills with different scenarios and in a timely manner to identify problems, and have processes in place to respond efficiently in the future.
  • Training – your employees should be trained to understand the concept of “cyber risk exposure”, and become familiar with the many ways attackers can exploit information they gather. This includes a wide range of risks, from reconnaissance efforts to targeted attacks. Training should not be theoretical, but rather use real life examples.

3.      HAVE A CYBER INCIDENT RESPONSE (IR) PLAN READY 

  • When it comes to the incident response plan, the first step is to define what an incident is. By doing so, the process of deciding whether to act upon a threat or not will be much easier and will improve your IT team effectiveness.
  • Assign roles – make sure the relevant employees are aware of their roles and responsibilities. Those roles should include:
    • an IT manager to monitor the evolving situation and update relevant teams accordingly;
    • a decision-maker to approve the response plan;
    • a coordinator to lead the communications between the different departments;
    • a technical writer to make sure everything is documented.
  • Learn your lessons – Based on the above-mentioned documentation, decisions should be made, processes should be defined to effectively respond to cyber incidents.
  • Involve different departments – A successful, well-drilled, IR plan requires excellent internal cooperation across the organization.
  • Measure your success in handling the event by defining key performance indicators (both qualitative and quantitative) – For example: how much time should it take to identify the threat? What is the timeframe to report to affected customers?  
  • Do not wait for the next cyber incident to pull out your IR document. Perform periodic cybersecurity drills to test your IR team, your processes and procedures, and update them accordingly. 

In conclusion, before investing in a cybersecurity product, remember two key tips:

Cybersecurity requires first and foremost a change in your company culture.
The aftermath of cyberattacks are always more expensive than preventing them.

Get in touch with us today, we’d love to hear from you!