Subscribe to Monitoring Matters RSS Feed

Monitoring Matters

by: Ginger Hill - Wednesday, May 13, 2020

The #SSNTalks’ Team is passionate about recognizing diverse, talented, young security professionals representing the next generation of industry leaders via our yearly “40 under 40” awards. We are thrilled to currently be seeking our “40 under 40” Class of 2020, comprised of consultants, integrators, monitoring professionals and end users. Submit nominations online here.

“I have always considered SSN’s ‘40 under 40’ the ‘gold standard’ in our industry and being recognized really made my family and I proud that colleagues that I worked with valued my work and wanted to have me recognized,” Randy Guarneri, vice president of Loss Prevention, Fresh Value Supermarket and SSN’s Class of 2019 award-winner, told SSN

The “40 under 40” Class of 2019 recognized many with military and law enforcement backgrounds, who showed how the IT sector is drawing young talent into the security industry. The Class of 2019 also gave advice on how to help diversify the industry and many were bullish on cloud, AI, machine learning and analytics. 

“When I received word from Ginger Hill, managing editor of SSN, that I was selected to this illustrious group, to me, it was like a sports hall-of-famer getting that call that they were inducted into the sport they played Hall of Fame,” Guarneri remembered. “Only the ‘best of the best’ can enter this prestigious class each year.” 

The SSNteam is excited to see what the Class of 2020 brings to the security industry in terms of talent, leadership qualities, business acumen, tech-savviness and commitment to our industry, as well as celebrate them accordingly with: 

·      A special ceremony at SecurityNext

·      A personalized profile on our website and in the October and November 2020 issues of Security Systems News

·      A special logo to use in email signatures, on social media, etc., establishing them as part of our Class of 2020; and 

·      Opportunities to be interviewed and quoted in our future endeavors to help further establish them as industry thought-leaders.

“Colleagues, friends and even yourself should nominate for this renowned award that recognizes hard work, leadership, integrity, dedication to their field and true passion for that is done in the field day in and day out, while being committed and making a huge influence in the field,” Guarneri encouraged. “A person can have one year or 25 years on the job to exhibit some of the characteristics listed to enter SSN’s ’40 under 40’ Class of 2020.”

To be eligible for SSN’s ’40 under 40’ Class of 2020, nominees must have been born in 1980 or later; work at a system integration firm, alarm installation company or central monitoring center; work in a security professional role for an end user; or be a security industry consultant; and complete/submit the online nomination form.

“Each year a special and entirely new class enters,” Guarneri explained. “The award is far from a ‘life-time’ achievement award, but rather an award that recognizes ‘best’ in class by those that are ‘best in class.’”

*Questions regarding this prestigious award can be directed to SSN Editor, Paul Ragusa, at [email protected] or SSN Managing Editor, Ginger Hill, at [email protected]

by: Ginger Hill - Wednesday, April 29, 2020

I venture to say that the “corona-crisis” is not the first “crisis” you’ve had to deal with as a business owner, employee, parent, son, daughter, brother, sister, grandparent, aunt, uncle … nor will it probably be the last. That’s not thinking negatively, either; that’s just based on the uncertainty of life and the human inability to predict the future. 

So, here’s the deal … we are all coping with the same coronavirus crisis right now and that is the one common denominator that we all have with each other, the “crisis connection,” if you will. But, it’s how you communicate with others during this time that will deem you a success or a failure, professionally and personally.

I recently sat in on a SIA MarketShare webinar with Janet Fenner, SIA Membership and Marketing Committee and member, SIA Board of Directors; Kevin Friedman, principal, Maize Marketing and Jody Ross, vice president of sales, AMAG and member, SIA Board of Directors, and their overall combined message really resonated with me as they emphasized the importance of being empathetic.

“We’re learning as we go,” Friedman said, “it’s really about empathy and being empathetic toward our customers and our employees and our sales staff, and showcasing this is one thing we’re all in together.” 

When I was a teacher, I learned that a student doesn’t care what you’re trying to teach them or say to them, if the student doesn’t feel, know and understand that you generally, authentically care — nothing else you try to do with that student matters. A barrier has been placed, blocking all efforts. And, trust me, if you fake it, they know. The same holds true in all human-to-human relationships. 

“Instead of trying to go for the sale, go for checking in on them [customers]," Fenner said. “Make sure that they’re okay; they’re families are okay; and the more you speak with them, you learn about what their ‘after normalcy’ is going to look like, so you know how to support their efforts.” 

Ross added the importance of listening. “You have to listen to them [customers] and again, empathy,” she said. “You can’t be a bulldog moving forward and pushing them [customers] right now. Everyone is struggling. So, you have to listen.” 

So, what exactly is empathy? It’s simply the ability to understand and share the feelings of another. We’re all going through the same coronavirus situation; this common denominator gives us the ability to literally understand what others are going through. People are craving connection right now, and it’s the companies and businesses who take the time to authentically reach out and listen, hear and understand what others are saying that will come out of this pandemic ahead with strong partnerships and relationships in place.

This isn’t the time for simply “hi, how are you?” with the typical reply of “I’m good.” Nor is it “about pushing product down throats; it’s about checking in … let’s just talk in ‘normal,’” Friedman said.

by: Ginger Hill - Wednesday, April 15, 2020

I’ve been hearing and seeing the use of the word “nimble” lately when it comes to security businesses continuing their success during this trying time of the coronavirus, working from home and social distancing as our new norm. A recent example comes from an online panel organized by Arcules in which Ryan Schonfeld, founder & CEO of RAS Security Group and SSN “40 under 40” class of 2019 said: “ … I think being able to be nimble and adapt to changes quickly is going to be critical.” 

What does “nimble” actually mean and how can it be used in business? 

According to Merriam-Webster, nimble is an adjective that means quick and light in motion, like being agile as well as marked by quick, alert, clever conception or resourcefulness, responsive and sensitive. 

For me, the word nimble brings back memories of nursery rhymes  — “Jack be nimble; Jack be quick; Jack jump over the candlestick.” Which, you’re jumping over fire, it’s a good quality to be “light in motion, agile.” 

Let’s suppose for a minute that the candlestick in full flame in this age-old “rap” is 6-foot-tall and represents the coronavirus and let’s pretend you’re Jack, a well-dressed, savvy, security-industry business man (or woman, “Jackaline”). The only thing holding you back from your next million-dollar deal is a 6-foot burning candle right in front of your face. 

You can see the wax melting, drip by drip and feel the heat from the flame. You have no room to back up and gain momentum as you run forward to leap over it; there’s no room on either side to sneak past; there’s no way under it; there is no sort of hoist to lift you over dangling from the ceiling … it’s just you and a 6-foot burning candle. What are you doing to do? 

Simple. Be nimble. Be quick, agile, clever and resourceful. Be responsive yet sensitive. 

  1. Quick – fast in development … make/devise a plan. 
  2. Agile – well coordinated in movement … effectively execute the plan.
  3. Clever – mentally bright, sharp intelligence … use the things you’ve learned in the past, and don’t be afraid to try and learn new things.
  4. Resourceful – capable of devising a way … don’t second guess yourself; once you’ve made a plan, stick to it, but also be “responsive” to your plan. 
  5. Responsive – being prompt and willing … ready and inclined to take charge and make changes if necessary to your plan, business, personal life, etc.
  6. Sensitive – aware of and responsive to the feelings of others … consider your employees and customers needs, and do whatever you can to help. 
by: Ginger Hill - Wednesday, April 8, 2020

One thing I’ve noticed throughout this whole COVID-19 pandemic is the increase in cybersecurity hardening tips, tricks and solutions promoted on social media, adding to the already seemingly constant mentioning and discussion of data breaches taking place all over the globe. The more people see or hear of something, the less likely they are to take notice and actually do something.

Take the car alarm as an example. When this technology first became popular, very few people had heard the sound that a car alarm makes, so when it went off, people took notice. Now, in present day, car alarms are hardly even noticed, perhaps only when one is going off outside our bedroom window at 2 a.m. 

Therefore, it’s easy to understand how people can become fatigued with cyber breaches and why complacency can result. Of course, this is right up cybercriminals’ alleys. As consumers become more and more desensitized to data breaches, the more each becomes just “noise,” and not a thing to take seriously.  

I recently sat in on a virtual Women in Cybersecurity (WiCyS) panel discussion, “Cyber Breach Fatigue,” to gain more information. Panelists included Rhonda Bricco, service delivery manager and Cat Goodfellow, cyber engineering director, both at UnitedHealth Group and at Optum, Deb Doffing, information security, technology management professional and Sue Perkins, general management director.

Fact: During Q1-Q3 of 2019, 5,183 cyber breaches were publicly disclosed, resulting in 7.9 billion exposed records.

“A billion, a trillion … I don’t think the number of exposed records moves the needle anymore,” Goodfellow said. “I doubt there’s an adult today who’s personal information hasn’t been inadvertently released.” 

The thing is, unless you’ve been personally affected by a data breach and/or suffering a painful experience as the result, then, more than likely, reports seen about data breaches in all media outlets become just meaningless background noise. 

“A lot of [people] out there are becoming apathetic and despondent, and these breaches are becoming the norm, especially when the breaches are caused from a huge range of skills, from teenagers to very sophisticated teams extracting or manipulating information,” Doffing said. 

And, now for the “elephant in the room,” COVID-19. This pandemic has prompted breaches and phishing campaigns like never before seen. 

“We really need to pay attention and educate how important it is to be diligent during this time because people are really getting damaged personally, just with a click of the mouse,” Bricco warned. 

In the current virtual landscape and moving into the future, we all must fight cyber breach fatigue and complacency. It’s time to once and for all acknowledge that data breaches will happen; they impact lives; and there are actions to take to prevent personal data from getting breached/stolen, so complacency isn’t an option. 

“Understand the cost [not just financially] of potential breaches … and the risk of that breach,” Perkins said, “understanding these two components helps people understand what needs to be done.” 

Make now the time you took control of your personal information by taking action:

  • Demonstrate good password hygiene by using strong, different passwords for each log in.
  • Use different user IDs for each of your accounts. 
  • Don’t click on unknown URLs.
  • Be careful what you put out there about yourself and your family, including pictures, on social media platforms. 
  • Be mindful on what ads you click on. Cybercriminals watch these habits, learn what you like and then use that against you, for example, via a phish, vish or smish
  • Become more cybersecurity minded by asking for and researching security tool recommendations from trusted colleagues and friends.
by: Ginger Hill - Wednesday, March 18, 2020

I refuse to give the coronavirus power by using it as click bait in my blog title; however, staying true to my blog, “Monitoring Matters,” I do see that education is necessary during this time of our lives. I feel that the more people understand and know what to do, the better we are prepared to handle any situation, whether that be a pandemic of any kind, a major cyberattack, etc. So, before we get started, I want to first sincerely thank you for reading my blog and I hope that you not only enjoy the content but find it helpful and useful. 

In my opinion, all the security industry associations are doing a great job at keeping their members as well as the security-related press well informed about the state of our industry at this time; offering up-to-date information about business continuity; etc. 

There’s also a whole other aspect to contend with when it comes to this time of social distancing, quarantining and working from home: cybercriminals! In my lifetime, this is the first time for such an influx of people working digitally; I can picture it now … cybercriminals rubbing their greedy little hands together, excited to attack digitally! Think about it … if you were a cybercriminal, wouldn’t you find it the best time to strike with some businesses and their employees struggling to keep “business as usual,” some even digitally working for the very first time? 

Additionally is the influx of scams already taking place, from people physically knocking on doors of seniors’ residents pretending to be Red Cross representatives offering coronavirus testing for money and/or robbing the individual(s) to unscrupulous online offerings for products to treat or cure COVID-19 (which do not exist at this time) to phishing scams via phone, text and email. 

Here are some quick “to-dos” to immediately enhance your, your business and your loved ones’ security: 

  1. Do not post pictures of the inside of your home on social media. Working from home can feel isolating and while it seems fun and entertaining to post pics of yourself working from home, things that show up in the background of pictures gives a preview of all the valuables you own to possible robbers. 
  2. Change all passwords into passphrases using a series of numbers, letters and symbols. Use a password manager or write the new passphrases onto a piece of paper and keep in a secure place, such as a locked desk drawer, file cabinet or fire-proof lockbox. 
  3. Don’t leave any accounts “open.” When you’re finished with a program or website that requires a login, be sure to physically take your mouse and click to logout. 
  4. If you receive an email, work or personal, from someone you don’t know or recognize, do not open it. Instead, send a group email or use your company’s recommended communication tool, such as Slack, to ask if anyone sent out an email regarding keywords used in the subject line of the questionable email. 
  5. Do not open your door to strangers or people you do not know, and remind senior relatives and friends to do the same. 

 

**Here are some FREE, reliable, valuable resources to have at your fingertips, specific to COVID-19, business continuity, scams, best practices, etc

by: Ginger Hill - Wednesday, March 11, 2020

The more I think about it, the more I realize I’m a “house purist.” I like my home to be as free as possible from “extra” electronics of any kind. Sure, I have a laptop, smartphone and a rebuilt iPAD from 10 years ago, and I’m connected to the Internet, but I don’t have cable TV and quite frankly, I refuse to put a voice assistant of any kind in my home … ever! It creeps me out that some random person can be listening, inserting themselves into my daily existence at any time. 

Recent research backs up my no-voice-assistant decision: 75 percent of U.S. households will be at risk to get hacked via voice assistants by 2025 and inaudible, invisible commands can be injected into voice-controlled devices simply by shining a laser at the device; no spoken words needed. 

Researchers at the University of Michigan and the University of Electro-Communications found that light can be converted to sound using a microphone. This means that a remote attacker standing several meters away from a device, most of which are embedded with the common MEMS microphone, can inject arbitrary audio signals to the target microphone by aiming a laser at the microphone’s aperture, covertly triggering the production on an acoustic pressure wave. Basically, the microphone responds to the laser light as if it were sound. 

So, what devices are vulnerable to this attack, now known as LightCommands? The researchers demonstrated this attack on many commercially available voice-controllable systems that use Siri, Portal, Google Assistant and Alexa. They successful injected LightCommands at a maximum distance of more than 100 meters while penetrating clear glass windows. 

The researchers concluded that additional compromises of third-party hardware, such as lock and cars, can be vulnerable to LightCommands attacks and they believe that the heat caused by lasers can also be an effective way to inject false signals into sensors. 

If you still choose to have voice assistants in your home, at this point the only protection against LightCommands attacks is to: 

  1. Keep all voice assistants non-visible from the outside by physically blocking them from sight from windows; and 
  2. Because LightCommands allows attackers to inject commands as a legitimate user, avoid giving voice assistants access to every single connected IoT device/sensor that you have invited into your life as hackers can hijack any digital smart systems attached.
by: Ginger Hill - Wednesday, February 26, 2020

Having had the privilege of attending three shows during February, I’ve heard this phrase most: “It’s hard to believe that ISC West is already here!” And, quite frankly, I couldn’t agree more! 

As I think back to last year’s ISC West, there were three key trends that resonated with me: 1. deep learning, artificial intelligence (AI) and machine learning (ML); 2. video doorbells; and 3. RMR for integrators. 

Last year, right after ISC West, I reached out to some experts to gather their thoughts regarding these trends. Here’s some of the responses I received to help whet our appetites for ISC West 2020: 

(I wonder how these trends have evolved over the course of about a year; I’m excited to find out in less than a month!) 

How is deep learning/AI/ML currently enhancing the security industry? 

“It’s hard to say … it’s an overused buzzword that is difficult to actually nail down what it means or what it’s doing. Future … likely … now … unlikely.” 

— Mark Hillenburg, executive director of marketing, Digital Monitoring Products

“Deep Learning, a subset of AI research, is primarily helping the security industry in the world of video surveillance/video management. Video is typically the largest source of unstructured data, data with no predefined format on the information contained inside, so in order to process out people, objects, events, etc., typically requires a large amount of processing power and can be very costly. Most of the world’s video typically is recorded and not watched because the manpower to review the amount of video recorded is impossible to achieve. 

Computers are very adept at repeated tasks, such as processing video; however, traditional algorithms for computer vision, the realm of research into video and image processing, were not really able to scale to that high volume without massive computation resources investment. The computer vision research world has really seen a large improvement in the advances deep learning is bringing in terms of increased speed to results, increased accuracy and reduced computation requirement. This will likely continue as time progresses, but the deep learning revolution for video can bring actionable information in previously unmonitored video to operations at a very powerful pace.”  

—Dr. Sean Lawlor, data scientist, Genetec Inc. 

“AI is used today in the security industry to perform tasks like facial recognition and video analytics. While these are impressive accomplishments, they are still atomic in nature in the sense that they represent isolated inputs to the system as a whole.” 

—Paul Saldin, vice president of engineering, Alula

“There has been tremendous progress in video analytics through deep learning and artificial intelligence that surpasses anything created so far. Facial recognition, license plate readers and even things like hard hat and safety glass detection now are a reality. These processes not only enhance security by providing detailed information on who many be coming or going at a business and at what exact time, but they can also improve operations and safety.” 

—Robert Messer, president, ABP Technology 

“Technology advances from deep learning and AI can help improve the accuracy in intrusion detection, and help to reduce false alarms. The security system needs to know when a homeowner is home or away, and needs to track occupants’ movements to initiate activities across the home. Features like smart sensors, geofencing, voice controls and facial recognition have been making systems more intelligent. And, as security continues to integrate with home automation, we’ll see the home become more capable of anticipating the needs of its occupants.” 

—Alice DeBiasio, vice president and general manager, global residential security, Resideo

“Deep learning and AI are making smart security smarter based on data analytics, sample teaching, and intelligent decision making. In other words, it isn’t enough for security devices to simple collect large volumes of data, which they are certainly capable of doing. Deep learning and AI methods can help analyze that data and separate what is important from what is not — or analyze the data to uncover deeper trends and more complex information that the collected data alone cannot. Take video analytics, for example. AI powered video analytics are event-based solutions that apply deep learning and artificial intelligence, efficiently analyzing vast amount of data generated by videos, and generates quick response in real time. This system reduces manual monitoring and associated costs and increases productivity of video surveillance systems. Through the application of AI, video analytics can go far beyond just informing users that a person or other object has entered an unauthorized space. With the information collected from a large number of cameras, companies can apply facial recognition software to identify a specific person approaching a building. In addition, by running analytics, a company can not only alert the user to an unauthorized vehicle approaching a building but can also scan the license plate, giving the security officers information that can be checked with existing databases to determine potential-threat status.”

—Joe Liu, CEO, Miotta

Why are video doorbells so popular among consumers? 

“Marketing and promotion and the proliferation of video as ‘security.’ In reality, security prevents someone from stealing your stuff … where video just lets you know who did it. Video doorbells are very popular, but after living with one for almost two years, I’ll be interested to see if there is a market demand for a second generation of owners. Once you have one, will you spend the money the second time? We will wait and see.”

— Mark Hillenburg, executive director of marketing, Digital Monitoring Products

“Video doorbells are set to experience massive adoption in the security industry in 2019, and it’s no mystery why. Customers love being able to monitor their front door remotely and protect deliveries from would-be porch pirates. This also naturally extends the perimeter of protection for homeowners, and when paired home automation for locks, video doorbells can assist to enable greater access controls for engagement and remote entry management. That said, not all video doorbells are created equal. If you don’t have a fast network on the backend, you’ll experience late alerts and lag during two-way voice chat, which compromises the functionality. You really need a fully integrated system to get the most out of this popular technology.” 

—Brad LaRock, vice president of marketing, Alula

“Situational awareness has always been one of the key attractants in surveillance solutions and video doorbells give us another means to improve our situational awareness. Just like with our businesses, we all want to protect our homes and now what is going on. And, we are also ‘linked in,’ so to speak. Our smartphones, tablets and computers are essentially a part of us and if we can use those devices to see who is at the door and respond in real time, then it makes life for us that much easier.” 

—Robert Messer, president, ABP Technology

“Video doorbells have been a popular trend in the industry and continue to gain momentum. They solve an immediate need, and more consumers are asking for them. Homeowners see the value in being able to see and speak to visitors, and have access through their mobile devices. Dealers should be including video doorbells on every installation.” 

—Alice DeBiasio, vice president and general manager, global residential security, Resideo

What does your company offer in terms of RMR for your integrator partners?

“Recurring monthly revenue (RMR) is the lifeline savvy systems integrators seek to stay profitable, and it can be found in many different technologies, including power solutions. For the end-user customer, managed power solutions offer a value-added solution that ensures system uptime, integrity and reliability. The possibilities to perform managed power services can encompass many physical elements: the main power supply; power system outputs; supervised inputs; and standby batteries. Managed monitoring can include event reports; AC loss notification; service due reminders; overcurrent alert; low-battery warning; and insufficient battery standby. Remote servicing capabilities of power solutions can cover output supervision; battery load testing; remote power cycling; and system health log/trouble alerts. There is also the opportunity to create real-time action alerts and reports via email, XML, web-browser notification or Simple Network Management Protocol (SNMP).” 

—Michael Bone, marketing manager, LifeSafety Power, Inc.

“Mobile medical alerts are a natural fit for security companies. Adding medical alerts expands your security offerings and increases perceived value for your customers because you now offer safety and peace of mind for your customers both at home and away. Security companies have an established customer base comprised of safety-minded individuals who may need medical alert themselves, and there are scores of new customers opportunities available through referrals because each existing customer has a relative or friend who could use a medical alert device.” 

—Craig Pyle, VP of product, Freeus

“March Networks currently offers RMR models to our certified partner community through two hosted services offerings: March Networks Insight and March Networks Searchlight as a Service. Both soutions provide customers with flexible service terms and payment options, and help integrators reduce service costs through expert video system health monitoring support delivered via March Networks’ secure Network Operations Center (NOC).”

—Dan Cremins, global leader, product management, March Networks

“Video is a major driver for new RMR and we are leaning into that opportunity. Our modular approach also means that our partners don’t pay for home automation capabilities unless they will be getting additional RMR from their customers for those services. Because we are vertically integrated and own the network, more of the RMR goes into the integrator’s pocket rather than a third-party provider. All our services are provided at a wholesale rate with no stipulation on what the integrator can charge their customers, so they set their own pricing and can reap the RMR that their market will bear.” 

—Dave Mayen, vice president of product management, Alula

“ABP Technology offers an advanced platform for integrators that allows them to offer customers basic cloud services as well as their own service and value. That means that integrators now can sell their skills integrating, tuning and maintaining their systems”

—Robert Messer, president, ABP Technology

“As the residential security landscape continues to evolve, there is an increasing opportunity for RMR around smart home technologies. Our products are connecting the major systems of the home – on the exterior, behind the wall, on the wall and in the cloud. We believe the security dealer is best positioned to win in the smart home market, and we’re fully committed to helping them deliver the connected experience their customers demand.”

—Alice DeBiasio, vice president and general manager, global residential security, Resideo

“Miotta offers an ‘in-a-box self-configuring connected system’ and collaborative Video-IoT RMR security service for security integrators/operators to offer to their residential and enterprise customers. Miotta’s mobile-cloud ‘virtual’ security service platform allows integrators, security dealers, ISP’s, mobile carriers and more to offer mobile-cloud security services to both residential and enterprise customers.”

—Joe Liu, CEO, Miotta

by: Ginger Hill - Wednesday, February 19, 2020

February, the month of love, captures the hearts of some with flowers, chocolates and cute stuffed teddy bears, but for me, it’s travel that warms my heart and this month is shaping up to be what I call my “travel trifecta.” First it was New Orleans, now Grapevine, Texas and next is San Diego.

Having just recently returned from “N’awlins” from our show, SecurityNext, which was a huge success, I am currently in the midst of attending Milestone’s MIPS 2020, focusing on the power of open. So far, I have learned that “open” gives security integrators choices, which empowers them to create exactly what end users want when it comes to security-related installs — experiences.

“The power of open offers flexibility, choices and possibilities,” Kenneth Petersen, chief sales and marketing manager, Milestone Systems, said during his presentation at MIPS.

As MIPS concludes today, I will continue to share juicy bits of knowledge gained (For example, did you know Milestone became a seller on AWS?) on my Twitter feed @SSN_Ginger, so be sure to follow me if you aren’t already, and be on the look out for more on MIPS 2020 and Milestone in the coming weeks.

Wrapping up this week and into the weekend, I will be jet-setting off to San Diego for AMAG Technology’s 20th Security Engineering Symposium (SES) 2020. This will be a time of learning, networking, developing relationships and interacting with distinguished end users, consultants and integrators with discussions about modern technologies, trends and how the real world of security in changing.

“AMAG Technology's Security Engineering Symposium brings together our community of end-users, consultants, integrators and technology partners to network, interact and discuss the industry's latest issues and trends," AMAG Technology, Director of Business Development, Kami Dukes, told Security Systems News. "It's important for our customers and partners to attend because we learn so much more when we collaborate and work together. AMAG gets inspired to do things differently by listening to the community's interaction and feedback. Their engagement is invaluable. The event remarkably contributes to our product vision and improved solution offerings to the market. I think it's the most valuable event of the year."    

Be on the look out for “tweets de jour” from me during AMAG’s SES 2020 and if you haven’t yet booked travel to any security-related events this year, I highly encourage you to:

1. Do some research to find the perfect event that relates to you and your business.
2. Reach out to the event director with any questions or comments prior to the event.
3. Register and book travel.
4. To get the most out of your event, read my LinkedIn article about how to get the most out of a conference experience.
4. Go enjoy, network and learn!
 

Topic:
by: Ginger Hill - Wednesday, January 22, 2020

Did you know … the first ransomware attack happened in 1989 by Joseph L. Popp, a Harvard-trained evolutionary biologist? As history tells us, Popp created the AIDS Trojan, known as the PC Cyborg, and sent 22,000 infected diskettes, labeled “AIDS Information – Introductory Diskettes,” to an international AIDS conference. 

Unsuspiciously, the diskette did educate the user, but it also infected the user’s computer. After approximately 90 reboots, the virus would encrypt files on the hard drive, and to reverse it, the price was $189 made payable to a P.O. box in Panama. 

Although Popp’s virus was easily defeated, it started a snowball effect across the digital world. 

It’s been 31 years since the first ransomware infection and we’re still dealing with these on the daily. Research from precisesecurity.com, showed weak passwords caused 30 percent of ransomware infections in 2019. 

“Weak passwords.” How many times do we see or hear this phrase? Ad nauseam, if you ask me. And, yet, a quick Google search reveals some of the most popular passwords of 2019: 

  • 12345
  • 123456 (This one was used by 23.3 million victim accounts globally.)
  • 12345678 (This was chosen by 7.8 million data breach victims.)
  • 111111
  • test1
  • abc123
  • Password (More than 3.5 million people use this one to protect their sensitive information.)

It just doesn’t make sense. Yes, we have what seems like a bajillion passwords to remember for access to various locations, physically and digitally, but taking the easy way out hasn’t served us or the world well up to this point. It’s only produced one of the leading cyberattacks used by cyber criminals — ransomware.

So, now what? I suggest we take control over our password/phrase creation and usage. My proposal is simple: Set aside some time to create a list of strong passphrases and/or words once every quarter, adding each time to the previous list. Schedule “password/phrase creation” into your calendar so you set the intention ahead of time. The result will be a list of passwords/phrases that can be used anytime: when asked to update, creating a new account, etc. 

A Quick Tutorial

Creation: Think of a secret about yourself that only you or very few of your closest family/friends know. (To my knowledge, cyber criminals have yet to figure out how to hack brains to get information, so this seems like the safest, most secure information.) Then, create a passphrase, incorporating letters, numbers and symbols with your secret. 

Example (DO NOT USE): …Th3Qu1ckBr0wnF0xJump3d0v3rTheLazyD0g!?

Usage: Use a different, unique password or phrase for each account. Does this take time? Yes. Is it worth it to help prevent ransomware attacks? According to the statistics, yes, but this is something you have to decide for yourself by asking: “Is it worth my time to create strong passphrases and/or passwords to keep my sensitive information, such as access to my bank account or work life, safe?”

Lest we forget, Albert Einstein did define “insanity” as “doing the same thing over and over again and expecting different results.”

by: Ginger Hill - Wednesday, January 15, 2020

We’re about two weeks into the new year, and suffice to say, gearing up for travel is top of mind for security professionals. The “big” industry shows always seem so far away at this point, but before we know it, ISC West will be here in March, followed by ESX in June; GSX in September; ISC East in partnership with ASIS NYC in November; and more. In addition to these, are the smaller, boutique-type events, such as our SecurityNext conference in February (It’s not too late to register, btw!), not to mention all the companies that host events throughout the year. This puts you and your personal data in quite a few airports’ computer systems, screening technologies, etc., which can be a hacker’s paradise. 

Fortunately, while you’re on your yearly security quests, TSA is on a “quest” of its own: “to merge cybersecurity and information technology,” according to a special notice issued on January 7, 2020. And, they aren’t going at it alone. The agency has the support of America’s airport facilities, working together to create a cybersecurity culture by adopting the requirement “cybersecurity by design” to ensure cybersecurity is at for forefront, as opposed to being an add-on or afterthought. 

In addition to merging cyber and information technology, there are other “requirements for the information security and security screening technologies industry to ensure everyone is working towards a common goal,” it said in the notice. Other requirements include: 

  • Implementation of adequate access control and account management practices by enabling multi-level access to equipment sources and the ability to restrict users;
  • The ability for airport operators to change system level passwords;
  • Use of unique identification of individuals, activity and access to security equipment; 
  • Protection of screening algorithms form compromise, modification and rendering equipment inoperable, and provide immediate alert when algorithms have been accessed;
  • Covering USB ports are covered and access to ports, cables and other peripherals are protected from unauthorized use;
  • Employing automated measures to maintain baseline configurations and ensure systems protections;
  • Proper management of internal and external interfaces and encryption of ingress and egress traffic;
  • Implementing methods to update security equipment affected by software flaws; 
  • Running security assessment tools on devices to ensure appropriate configuration and patch levels, and that no indicators of compromise are present; 
  • Full support to ensure security equipment hardware, software and operating system vulnerabilities are identified and remediated; 
  • Use of an approved encryption method to ensure integrity of all data at rest on security equipment; 
  • Providing comprehensive list of all software and hardware that compromise security equipment; 
  • Demonstrating the ability to update equipment design and capabilities to align with changing cyber intelligence and threat reporting; and 
  • Vetting all local or remote maintenance personnel with the inclusion of background checks. 

TSA hopes that these requirements will “increase security levels; raise the bar of cybersecurity across screening solutions; provide vendors an opportunity to demonstrate their cybersecurity credentials; and provide an aligned approach across the industry—making it easier for vendors to adapt to end user requirement.”

Sounds like a win for anyone involved in travel. 

 

Pages