Subscribe to Monitoring Matters RSS Feed

Monitoring Matters

by: Ginger Hill - Wednesday, February 19, 2020

February, the month of love, captures the hearts of some with flowers, chocolates and cute stuffed teddy bears, but for me, it’s travel that warms my heart and this month is shaping up to be what I call my “travel trifecta.” First it was New Orleans, now Grapevine, Texas and next is San Diego.

Having just recently returned from “N’awlins” from our show, SecurityNext, which was a huge success, I am currently in the midst of attending Milestone’s MIPS 2020, focusing on the power of open. So far, I have learned that “open” gives security integrators choices, which empowers them to create exactly what end users want when it comes to security-related installs — experiences.

“The power of open offers flexibility, choices and possibilities,” Kenneth Petersen, chief sales and marketing manager, Milestone Systems, said during his presentation at MIPS.

As MIPS concludes today, I will continue to share juicy bits of knowledge gained (For example, did you know Milestone became a seller on AWS?) on my Twitter feed @SSN_Ginger, so be sure to follow me if you aren’t already, and be on the look out for more on MIPS 2020 and Milestone in the coming weeks.

Wrapping up this week and into the weekend, I will be jet-setting off to San Diego for AMAG Technology’s 20th Security Engineering Symposium (SES) 2020. This will be a time of learning, networking, developing relationships and interacting with distinguished end users, consultants and integrators with discussions about modern technologies, trends and how the real world of security in changing.

“AMAG Technology's Security Engineering Symposium brings together our community of end-users, consultants, integrators and technology partners to network, interact and discuss the industry's latest issues and trends," AMAG Technology, Director of Business Development, Kami Dukes, told Security Systems News. "It's important for our customers and partners to attend because we learn so much more when we collaborate and work together. AMAG gets inspired to do things differently by listening to the community's interaction and feedback. Their engagement is invaluable. The event remarkably contributes to our product vision and improved solution offerings to the market. I think it's the most valuable event of the year."    

Be on the look out for “tweets de jour” from me during AMAG’s SES 2020 and if you haven’t yet booked travel to any security-related events this year, I highly encourage you to:

1. Do some research to find the perfect event that relates to you and your business.
2. Reach out to the event director with any questions or comments prior to the event.
3. Register and book travel.
4. To get the most out of your event, read my LinkedIn article about how to get the most out of a conference experience.
4. Go enjoy, network and learn!
 

Topic:
by: Ginger Hill - Wednesday, January 22, 2020

Did you know … the first ransomware attack happened in 1989 by Joseph L. Popp, a Harvard-trained evolutionary biologist? As history tells us, Popp created the AIDS Trojan, known as the PC Cyborg, and sent 22,000 infected diskettes, labeled “AIDS Information – Introductory Diskettes,” to an international AIDS conference. 

Unsuspiciously, the diskette did educate the user, but it also infected the user’s computer. After approximately 90 reboots, the virus would encrypt files on the hard drive, and to reverse it, the price was $189 made payable to a P.O. box in Panama. 

Although Popp’s virus was easily defeated, it started a snowball effect across the digital world. 

It’s been 31 years since the first ransomware infection and we’re still dealing with these on the daily. Research from precisesecurity.com, showed weak passwords caused 30 percent of ransomware infections in 2019. 

“Weak passwords.” How many times do we see or hear this phrase? Ad nauseam, if you ask me. And, yet, a quick Google search reveals some of the most popular passwords of 2019: 

  • 12345
  • 123456 (This one was used by 23.3 million victim accounts globally.)
  • 12345678 (This was chosen by 7.8 million data breach victims.)
  • 111111
  • test1
  • abc123
  • Password (More than 3.5 million people use this one to protect their sensitive information.)

It just doesn’t make sense. Yes, we have what seems like a bajillion passwords to remember for access to various locations, physically and digitally, but taking the easy way out hasn’t served us or the world well up to this point. It’s only produced one of the leading cyberattacks used by cyber criminals — ransomware.

So, now what? I suggest we take control over our password/phrase creation and usage. My proposal is simple: Set aside some time to create a list of strong passphrases and/or words once every quarter, adding each time to the previous list. Schedule “password/phrase creation” into your calendar so you set the intention ahead of time. The result will be a list of passwords/phrases that can be used anytime: when asked to update, creating a new account, etc. 

A Quick Tutorial

Creation: Think of a secret about yourself that only you or very few of your closest family/friends know. (To my knowledge, cyber criminals have yet to figure out how to hack brains to get information, so this seems like the safest, most secure information.) Then, create a passphrase, incorporating letters, numbers and symbols with your secret. 

Example (DO NOT USE): …Th3Qu1ckBr0wnF0xJump3d0v3rTheLazyD0g!?

Usage: Use a different, unique password or phrase for each account. Does this take time? Yes. Is it worth it to help prevent ransomware attacks? According to the statistics, yes, but this is something you have to decide for yourself by asking: “Is it worth my time to create strong passphrases and/or passwords to keep my sensitive information, such as access to my bank account or work life, safe?”

Lest we forget, Albert Einstein did define “insanity” as “doing the same thing over and over again and expecting different results.”

by: Ginger Hill - Wednesday, January 15, 2020

We’re about two weeks into the new year, and suffice to say, gearing up for travel is top of mind for security professionals. The “big” industry shows always seem so far away at this point, but before we know it, ISC West will be here in March, followed by ESX in June; GSX in September; ISC East in partnership with ASIS NYC in November; and more. In addition to these, are the smaller, boutique-type events, such as our SecurityNext conference in February (It’s not too late to register, btw!), not to mention all the companies that host events throughout the year. This puts you and your personal data in quite a few airports’ computer systems, screening technologies, etc., which can be a hacker’s paradise. 

Fortunately, while you’re on your yearly security quests, TSA is on a “quest” of its own: “to merge cybersecurity and information technology,” according to a special notice issued on January 7, 2020. And, they aren’t going at it alone. The agency has the support of America’s airport facilities, working together to create a cybersecurity culture by adopting the requirement “cybersecurity by design” to ensure cybersecurity is at for forefront, as opposed to being an add-on or afterthought. 

In addition to merging cyber and information technology, there are other “requirements for the information security and security screening technologies industry to ensure everyone is working towards a common goal,” it said in the notice. Other requirements include: 

  • Implementation of adequate access control and account management practices by enabling multi-level access to equipment sources and the ability to restrict users;
  • The ability for airport operators to change system level passwords;
  • Use of unique identification of individuals, activity and access to security equipment; 
  • Protection of screening algorithms form compromise, modification and rendering equipment inoperable, and provide immediate alert when algorithms have been accessed;
  • Covering USB ports are covered and access to ports, cables and other peripherals are protected from unauthorized use;
  • Employing automated measures to maintain baseline configurations and ensure systems protections;
  • Proper management of internal and external interfaces and encryption of ingress and egress traffic;
  • Implementing methods to update security equipment affected by software flaws; 
  • Running security assessment tools on devices to ensure appropriate configuration and patch levels, and that no indicators of compromise are present; 
  • Full support to ensure security equipment hardware, software and operating system vulnerabilities are identified and remediated; 
  • Use of an approved encryption method to ensure integrity of all data at rest on security equipment; 
  • Providing comprehensive list of all software and hardware that compromise security equipment; 
  • Demonstrating the ability to update equipment design and capabilities to align with changing cyber intelligence and threat reporting; and 
  • Vetting all local or remote maintenance personnel with the inclusion of background checks. 

TSA hopes that these requirements will “increase security levels; raise the bar of cybersecurity across screening solutions; provide vendors an opportunity to demonstrate their cybersecurity credentials; and provide an aligned approach across the industry—making it easier for vendors to adapt to end user requirement.”

Sounds like a win for anyone involved in travel. 

 
by: Ginger Hill - Wednesday, December 18, 2019

I recently read an article stating that the biggest cyberattack of 2020 has already happened. Needless to say, this sparked my attention, plunging my mind into thoughts of sophisticated cybercriminals who have already hatched a plan attack that’s just sitting in wait, ready to emerge when prompted. While I don’t promote, condone or encourage using scare tactics as a way to educate others and prompt them to take action, this does sound a bit scary; so, I reached out to some cybersecurity experts and members of SIA’s Cybersecurity Advisory Board to better understand and learn what you and I can do to protect ourselves going forward. 

“The most successful cybercriminals are the ones you don’t even know are there,” Tiffany Pressler, senior manager, HID Global, said. 

Min Kyriannis, head, Technology Business Development, Jaros, Baum & Bolles further explained: “Typically, hackers will remain dormant in someone’s network until a sequence or signal is sent to initiate the attack.”

To better understand a cyberattack, Pressler explained the Cyber Kill Chain, eight recognized phases that most cyberattacks go through. The phases are: 

  1. Reconnaissance
  2. Intrusion
  3. Exploitation
  4. Privilege escalation
  5. Lateral movement
  6. Obfuscation/anti-forensics
  7. Denial of service
  8. Exfiltration

“Each phase offers an opportunity to stop the attack, but most aren’t aware that a breach has happened at any of these phases until months or years after the breach has occurred,” Pressler explained. “Based upon that logic, any breach impending in 2020 is probably already significantly down the list of phase stages.” 

This doesn't mean doom and gloom, but rather, a sort of "heads up" to take action now to protect yourself for what you already know is coming.

One of the biggest complaints people talk about is identity theft, so Kyriannis advised to see what services are available. “Following the Equifax data breach, there are free services provided to lock your credit report, for example TrueIdentity,” she said. “Always ask questions about how companies your working with are security the information you’re providing them. I set alerts on my credit cards so that when I use them, a text message is sent to my cell phone.”

Pressler also offers some simple, proactive actions to take now: 

  • Turn on multi-factor authentication for any and all applications and devices. 
  • Use a password manager to help you remember and not reuse passwords. 
  • Always use complex passwords consisting of letters, upper- and lowercase, numbers and symbols. It’s best when your password does not equate to a readable word, sentence or name. 
  • Never click on links in emails or text messages. 
  • Hover over links to reveal the full URL to see if it goes to a legitimate domain, owned by a company.
  • Secure links with a link scanner, such as Norton SafeWeb or ScanURL.
  • Never give out information through webpages launched from a link. Always go to a company’s homepage and log in there.

“If you’re proactive about setting these measures, you’re making it harder for the cybercriminals, but you’re also giving yourself a chance to recover quickly,” Kyriannis encouraged.

by: Ginger Hill - Wednesday, December 4, 2019

Did you know that nearly half of the U.S. population fears being a victim of a mass shooting? According to an August 2019 Gallup poll, 48 percent of U.S. adults are “very” or “somewhat” worried, which is up 9 percent after a gunman killed 58 people in Las Vegas in 2017. While each of us takes on a certain level of risk no matter where we choose to live, and of course, unfortunately, none of us can avoid danger all the time, some cities are better at protecting their residents. 

WalletHub, a personal finance website, compared 182 cities across the nation, including the 150 most populated U.S. cities in addition to at least two of the most populated cities in each state. One of the three dimensions measured was “home & community safety,” containing metrics such as number of mass shootings, presence of terrorist attacks, thefts per capita and more. Each metric was graded on a 100-point scale, with a score of 100 representing the highest level of safety. 

The results are as follows. 

The top 5 safest cities based solely on the “home & community safety” dimension:

  1. Yonkers, New York
  2. Plano, Texas
  3. Columbia, Maryland
  4. Irvine, California
  5. Aurora, Illinois

The top 5 least safest cities based solely on the “home & community safety” dimension:

  1. Philadelphia, Pennsylvania
  2. St. Louis, Missouri
  3. Detroit, Michigan
  4. San Bernardino, California
  5. Baton Rouge, Louisiana 

The top 5 safest cities based on overall score, including all three dimensions: “home & community safety,” natural disaster risk,” and “financial safety,”: 

  1. Columbia, Maryland — 85.33
  2. Yonkers, New York — 84.80
  3. Plano, Texas — 83.54
  4. Gilbert, Arizona — 83.44
  5. South Burlington, Vermont — 83.33

The top 5 least safest cities based on overall score, including all three dimensions: “home & community safety,” natural disaster risk,” and “financial safety,”:

  1. Baton Rouge, Louisiana — 56.26
  2. Detroit, Michigan — 56.07
  3. San Bernardino, California — 53.93
  4. Fort Lauderdale, Florida — 45.88
  5. St. Louis, Missouri — 42.90

Where does your city or nearest city rank? Click here for an interactive map. 

by: Ginger Hill - Tuesday, November 26, 2019

Did you know the first recorded use of the term “Black Friday” was used to describe a financial crisis in the 1800s? How’s that for some Thanksgiving trivia to share with family and friends around the turkey this year? 

History of 'Black Friday'

As the story goes, the gold market crashed on Friday, September 24, 1869 when two notoriously ruthless Wall Street financiers, Jay Gould and Jim Fisk, teamed up to buy as much of the nation’s gold as they possibly could, according to the History Channel. Gould and Fisk hoped it would drive up the price of gold so they could sell it for bewildering profits, but instead, the conspiracy unraveled, sending the stock market into a free-fall, bankrupting everyone from Wall Street barons to farmers. 

More recently, and more related to the modern-day “Black Friday,” is the story of the Philadelphia police in the 1950s, who used the term to describe the chaos that ensued the day after Thanksgiving when hordes of suburban shoppers and tourists flooded into the city prior to the big Army-Navy football game. Philly cops were forced to work extra-long shifts to deal with the additional crowds and traffic, and shoplifters, who would take advantage of the pandemonium in stores to make off with merchandise. 

By the early 1960s, the term “Black Friday” had caught on in Philly, as the city’s merchants tried desperately, but to no avail, to change it to “Big Friday” to remove any negative connotations related to the day. But it was the 1980s to the rescue! Retailers reinvented Black Friday by offering one-day sales, freebies, fun family events, etc. and since, it has morphed into a four-day event, spawning even more shopping-related holiday extravaganzas including “Cyber Monday” and “Small Business Saturday.”  

Shopping safety tips

Needless to say, present-day shoppers have more risk to manage during their retail therapy experiences, not only physically but digitally. Mat Newfield, CISO of Unisys, offers some tips to keep you and your loved ones safe while shopping, with added commentary from yours truly: 

  1. Only shop with official retailers and websites you trust. If you haven’t verified that a website is who they portray to be, even if they’re offering the top toy of the year at a whopping 75 percent off, move on to a trusted site. 
  2. Make sure the website shows the security padlock icon in the browser and that the address begins with “https://”. (Remember “s” in the addy means “secure.”) 
  3. If shopping away from home, for example, in a local coffee shop while sipping on your favorite beverage, be sure your mobile device is updated and avoid unsecure Wi-Fi networks. 
  4. Keep your phone charged at all times in case of emergencies. Consider bringing along a portable charger to avoid plugging into a random USB port you may find. 
  5. Check local authorities’ alerts. Sign up to receive updates on traffic or news of any potential disturbances with local news and/or radio stations. 
  6. Where ever you choose to shop, especially if you are going at it alone, let someone you trust know your destination plans. 
  7. As soon as you walk into a store, survey your surroundings and make sure you know the location of all exits. 
  8. Stay alert. Have fun and enjoy, but be vigilant for suspicious activity happening around you. 
  9. In an emergency, stay calm and move to the edges of crowds. Don’t allow yourself to get caught in the middle of something unsafe.
by: Ginger Hill - Tuesday, November 19, 2019

Some studies have found that the human brain actually processes words by recognizing each word heard through the ears and seen with the eyes as an individual picture. I know when I’m listening to a podcast or lecture, the radio, reading something, etc. and I hear or see a word that is delightful to me, my mind engages, blooming a series of images that represent that word. In other words, I see pictures in my mind related to what I heard or saw.

Let’s say, for example, you just heard the word ‘cybersecurity.” What images popped into your mind? For me, it’s images of hooded people in basements crouched over a laptop, padlocks, computers with data flying out of it as if it’s being stolen, etc. 

Believe it or not, how people “see” the word cybersecurity is a big deal, as images can conjure up false realities of what it actually is and encompasses. And, with digital being such a major part of our lives, pictures/images provide the visual communication we are accustomed to.

The Daylight Security Research Lab, part of the Center for Long-Term Cybersecurity at U.C. Berkeley, compiled a dataset of the most common cybersecurity-related images used on the Internet during a two-year period of Google Image Search results for 28 terms related to privacy and cyber security. Every week for two years, the research team entered terms, such as cybersecurity, camera surveillance, camera privacy and more (you can see all 28 here) into a custom Google Search Engine (Google CSE). For each term searched, 100 images were scraped using a script, resulting in three sets of search terms each aimed at the following: 

  • Set 1: general technologies, technical themes or topics;
  • Set 2: representations of abstract ideas or practices; and
  • Set 3: Dave Eggar’s book, “The Circle,” which at the time of the study was a best-seller and represented topics of interest related to this study. 

Though the Berkeley researchers are continuing to analyze the seven gigabytes of collected imagery data, preliminary analyzations found that the most common colors used in cybersecurity imagery online are blue, grey, black and red, while padlocks and abstract network diagrams are the most common images. 

In my opinion, fear should not be the driver that encourages people to take action to stay safe. Yet, this research shows that the majority of images and colors related to cybersecurity do just that. Dark colors, in this case, blue, grey and black, are frequently associated with evil, mystery and fear. Red is often associated with danger. Just these four colors alone can communicate and evoke fear, and when used along with padlocks and images of computer networks, the message is clear: cybersecurity = fear. 

People should know the truth about cybersecurity —in words and in pictures — so that they can make educated decisions on how to best protect themselves, not fear mongered into it. Therefore, it’s important to create and use realistic imagery and pictures when it comes to discussing and presenting cybersecurity online. 

Do you agree or disagree? Why or why not?

by: Ginger Hill - Wednesday, November 6, 2019

Kind of like the once elusive sound of a car alarm in a packed parking lot in the 80s to the flooded number of parked cars with car alarms today, as is the discussion of cyberattacks, cybercrimes, data breaches and such. 

I remember being around seven years old and in our local K-Mart parking lot with my mom, when a sound emerged from somewhere among the parked cars. That’s the first time I had ever heard a car alarm. Today, a car alarm is an annoyance at best and not really “heard” by many people anymore. 

Likening that to the cyber world, I remember becoming so intrigued with cybersecurity, cyberattacks, cybercrimes and such about 10 years ago, when I became heavily involved in social media. It was something exciting and different than had ever been seen before in true crime stories that intrigue and whet the public’s palates. Fast-forward to today, and it’s become common-place to see these types of stories throughout all aspects of media reporting — online articles and blogs; social media platforms; TV news stories; documentaries; radio reporting; etc., so much so, that people are already or becoming numb to it, passing it off as just “one of those things we have to deal with in life.” However, especially as a security professional, cyberattacks and data breaches not only shouldn’t be taken lightly, they absolutely cannot be, as they have literally ruined business and people. So, I ask you: “Are you ready and prepared?” 

Sad to say, but if you’re like the majority of the over 800 CISOs and other senior executives across North America, Europe and Asia, surveyed (commissioned by FireEye and delivered by Kantar, an independent market research organization), the answer is unfortunately, “no.” The study found that: 

  • 51 percent of surveyed organizations don’t believe they are ready or would respond appropriately to a cyberattack or data breach; 
  • 29 percent of these organizations with response plans in place haven’t tested or updated them in the last 12 months or more; and
  • 76 percent of the organizations plan to increase their cyber security budget in 2020. 

The survey also highlighted varying global viewpoints. In Asia, Japan plans to prioritize detection capabilities in 2020 and expresses concerns regarding cloud security, while Korea believes nation states are the most likely source of cyberattacks. The U.S. is leading the transition to cloud; Germany is concerned about cloud security and France believes employee training to be a top protection measure. 

I urge you, don’t become a parked car in a sea of cyberattacks and data breaches with your alarm going off and people just walking by like nothing is wrong. Prepare by creating a plan and know/understand exactly how to execute that plan before, during and after a cyberattack or data breach. This is a must. Think about it – it can’t be underestimated just how smart cybercriminals really are; it’s all they focus on day in and day out. They are experts at their craft and we must know how to prevent as must as possible and reciprocate, when necessary, to stay safe.

by: Ginger Hill - Wednesday, October 30, 2019

Yesterday’s J.D. Power 2019 Home Security Satisfaction Study that includes both professionally (pro) installed and DIY home security systems got me to thinking about the importance of customer satisfaction as it pertains to the security industry. 

The study, based on responses from 5,289 customers, fielded during July and August of 2019, measured customer satisfaction with home security based on the following: billing and payment; customer service; price; professional monitoring; purchase and installation; and quality of the system. 

In the pro installed category, Brinks Home Security ranked highest in customer satisfaction with a score of 858, followed by ADT, scoring 847. The DIY category ranked Ring Alarm highest, with a score of 904, while SimpliSafe was a close second, with a score of 900. 

Other key findings include: 

  • Desire to upgrade: the most common reason customers in pro and DIY install start shopping for a home security system. Pro install customers were spurred to act by special discounts and bundled packages; DIY install customers are motivated by peace-of-mind and protecting their property. 
  • Brand reputation and pricing: Pro install customers are mostly driven by brand reputation while DIY install customers lean more on price in their decision-making process. 
  • DIY install customers are more satisfied than pro install customers: DIYers are especially satisfied with pricing and are more likely to have additional security-related products beyond control panels, keypads, hubs and alarm sensors, such as video doorbells, exterior cameras and alarm sirens. It is critical to provide pricing options that meet customers’ needs and are easily understood by consumers.

In response to this study, I did some research, and while I think there will always be a part of the population who prefers DIY home security systems, there are three key actions home security professionals can take to retain customers, gain new ones and win-over some of the DIY segment of the industry.

Create extraordinary customer experiences. 

  • Each customer is unique, so it’s necessary to use different tactics to delight them. In other words, consumers want a customized experience. 
  • Treat each as a person, rather than a persona; work hard to understand how each customer feels; and appreciate their needs. 
  • Timeliness matters and most customers expect to find whatever they need — pricing, inventory, etc. — from a company in three clicks or less. To solve complex issues, most consumers expect to speak to one person.
  • Use multiple channels to engage with customers and potential customers including email, in-person, phone, online chat/live support, mobile apps, online portals, online knowledge bases, messenger apps, online forms, social media, text messaging, online communities and voice assistants. 

Be innovative.

  • Embrace and become “the expert” in new technologies so you can show savvy consumers you are up-to-date and teach other consumers who may be behind the curve. (Think artificial intelligence and machine learning). 
  • Connectivity is a major trend in security and offering consumers the opportunity to connect their devices — security systems, smart speakers, fitness trackers, smart thermostats, and more — is key. 

Trust is super important. 

  • Honesty is the best policy when earning customer trust. Through the eyes of a consumer, security, reliability, transparency, ethics and authenticity all equal trust.
  • Make sure strong security controls are in play to protect customer data. 
  • Show consumers that their data is being used legitimately.

 

Here’s a few other resources to help you, the pro installer, increase customer satisfaction: 

 
by: Ginger Hill - Wednesday, October 23, 2019

As the weather cools off here in Texas, I’m heading to the desert — Phoenix, Arizona to be exact, for some (more) sun and warmth, but most importantly to join Resideo at the CONNECT 2019 dealer’s conference. It’s here that I’ll learn all about the connected home – security, HVAC, plumbing and more — and bring all that knowledge to you! Below is a description of all that you can look forward to in the coming days. 

The Partner and Innovation Showcase offers the opportunity to meet with the Resideo team to see their latest technologies in action. On Thursday, Oct. 24, I’ll be tweeting about the latest and greatest connected/smart home technologies offered by Resideo @SSN_Ginger, so be sure you’re following me as well as our hashtag #SSNTalks. 

On Friday, Oct. 25, I’ll bring you tid-bits of information via Twitter from Scott Harkins, VP/GM, Connected Home, Resideo, on how energy, water, air and security provide new opportunities to drive additional revenue and how you can become the smart home hero and expert, presented by Quentin Gunther and Rick Desch, both from Resideo. Also, Bruce Kimbrell of the Disney Institute will be presenting on how to inspire employee engagement through a culture of effective feedback and empowerment.

On Saturday, Oct. 26, I’ll be heading back to Texas, but before I do, Resideo VP/GM, Global Pro Security, Alice DeBiasio will talk about the booming smart home market, forecasted to include approximately 1.3 billion devices by 2022. With the majority of consumers saying they’d choose to have their smart devices installed by a professional versus installing themselves, this is must-have information to create your smart home strategy within your business. This will be followed by how-tos from Jen Tagle of Resideo about selling video alarm verification — how to design, demo and price it to stay ahead of your competitors, create a higher RMR and provide priority police response to your customers. 

Again, be sure to follow me on Twitter @SSN_Ginger as well as Security Systems News’ hashtag #SSNTalks to be the first to see what’s going on at Resideo Connect 2019. 

Pages