Subscribe to

Blogs

Weak passwords and ransomware infections go hand-in-hand

 - 
Wednesday, January 22, 2020

Did you know … the first ransomware attack happened in 1989 by Joseph L. Popp, a Harvard-trained evolutionary biologist? As history tells us, Popp created the AIDS Trojan, known as the PC Cyborg, and sent 22,000 infected diskettes, labeled “AIDS Information – Introductory Diskettes,” to an international AIDS conference. 

Unsuspiciously, the diskette did educate the user, but it also infected the user’s computer. After approximately 90 reboots, the virus would encrypt files on the hard drive, and to reverse it, the price was $189 made payable to a P.O. box in Panama. 

Although Popp’s virus was easily defeated, it started a snowball effect across the digital world. 

It’s been 31 years since the first ransomware infection and we’re still dealing with these on the daily. Research from precisesecurity.com, showed weak passwords caused 30 percent of ransomware infections in 2019. 

“Weak passwords.” How many times do we see or hear this phrase? Ad nauseam, if you ask me. And, yet, a quick Google search reveals some of the most popular passwords of 2019: 

  • 12345
  • 123456 (This one was used by 23.3 million victim accounts globally.)
  • 12345678 (This was chosen by 7.8 million data breach victims.)
  • 111111
  • test1
  • abc123
  • Password (More than 3.5 million people use this one to protect their sensitive information.)

It just doesn’t make sense. Yes, we have what seems like a bajillion passwords to remember for access to various locations, physically and digitally, but taking the easy way out hasn’t served us or the world well up to this point. It’s only produced one of the leading cyberattacks used by cyber criminals — ransomware.

So, now what? I suggest we take control over our password/phrase creation and usage. My proposal is simple: Set aside some time to create a list of strong passphrases and/or words once every quarter, adding each time to the previous list. Schedule “password/phrase creation” into your calendar so you set the intention ahead of time. The result will be a list of passwords/phrases that can be used anytime: when asked to update, creating a new account, etc. 

A Quick Tutorial

Creation: Think of a secret about yourself that only you or very few of your closest family/friends know. (To my knowledge, cyber criminals have yet to figure out how to hack brains to get information, so this seems like the safest, most secure information.) Then, create a passphrase, incorporating letters, numbers and symbols with your secret. 

Example (DO NOT USE): …Th3Qu1ckBr0wnF0xJump3d0v3rTheLazyD0g!?

Usage: Use a different, unique password or phrase for each account. Does this take time? Yes. Is it worth it to help prevent ransomware attacks? According to the statistics, yes, but this is something you have to decide for yourself by asking: “Is it worth my time to create strong passphrases and/or passwords to keep my sensitive information, such as access to my bank account or work life, safe?”

Lest we forget, Albert Einstein did define “insanity” as “doing the same thing over and over again and expecting different results.”

TSA’s quest to merge cybersecurity and information technology

 - 
Wednesday, January 15, 2020

We’re about two weeks into the new year, and suffice to say, gearing up for travel is top of mind for security professionals. The “big” industry shows always seem so far away at this point, but before we know it, ISC West will be here in March, followed by ESX in June; GSX in September; ISC East in partnership with ASIS NYC in November; and more. In addition to these, are the smaller, boutique-type events, such as our SecurityNext conference in February (It’s not too late to register, btw!), not to mention all the companies that host events throughout the year. This puts you and your personal data in quite a few airports’ computer systems, screening technologies, etc., which can be a hacker’s paradise. 

Fortunately, while you’re on your yearly security quests, TSA is on a “quest” of its own: “to merge cybersecurity and information technology,” according to a special notice issued on January 7, 2020. And, they aren’t going at it alone. The agency has the support of America’s airport facilities, working together to create a cybersecurity culture by adopting the requirement “cybersecurity by design” to ensure cybersecurity is at for forefront, as opposed to being an add-on or afterthought. 

In addition to merging cyber and information technology, there are other “requirements for the information security and security screening technologies industry to ensure everyone is working towards a common goal,” it said in the notice. Other requirements include: 

  • Implementation of adequate access control and account management practices by enabling multi-level access to equipment sources and the ability to restrict users;
  • The ability for airport operators to change system level passwords;
  • Use of unique identification of individuals, activity and access to security equipment; 
  • Protection of screening algorithms form compromise, modification and rendering equipment inoperable, and provide immediate alert when algorithms have been accessed;
  • Covering USB ports are covered and access to ports, cables and other peripherals are protected from unauthorized use;
  • Employing automated measures to maintain baseline configurations and ensure systems protections;
  • Proper management of internal and external interfaces and encryption of ingress and egress traffic;
  • Implementing methods to update security equipment affected by software flaws; 
  • Running security assessment tools on devices to ensure appropriate configuration and patch levels, and that no indicators of compromise are present; 
  • Full support to ensure security equipment hardware, software and operating system vulnerabilities are identified and remediated; 
  • Use of an approved encryption method to ensure integrity of all data at rest on security equipment; 
  • Providing comprehensive list of all software and hardware that compromise security equipment; 
  • Demonstrating the ability to update equipment design and capabilities to align with changing cyber intelligence and threat reporting; and 
  • Vetting all local or remote maintenance personnel with the inclusion of background checks. 

TSA hopes that these requirements will “increase security levels; raise the bar of cybersecurity across screening solutions; provide vendors an opportunity to demonstrate their cybersecurity credentials; and provide an aligned approach across the industry—making it easier for vendors to adapt to end user requirement.”

Sounds like a win for anyone involved in travel. 

 

The state of ransomware ...

 - 
Wednesday, January 8, 2020

The recent cyberattack on the city of New Orleans is another sobering example of how vulnerable we are as a nation to cyber criminals. Even for cities like New Orleans, which was prepared for such an attack, there is an incredible amount of time and effort and cost that goes into getting a city back up on its feet after such an incident.

Following the New Orleans attack, a report on the State of Ransomware in the U.S., created by cybersecurity research firm Emsisoft, was rushed to be released ahead of its original Jan. 1 2020 release date because, as researchers pointed out, the New Orleans incident “elevates the ransomware threat to crisis level. Governments must act immediately to improve their security and mitigate risks. If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked.”

By releasing the report early, the company hopes it will help “kickstart discussions and enable solutions to be found sooner rather than later. Those solutions are desperately needed.”

Looking at the numbers on ransomware, they are pretty mind numbing, as in 2019 the U.S. was hit by “an unprecedented and unrelenting barrage of ransomware attacks that impacted at least 966 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion,” according to Emsisoft.

The impacted organizations included:
•    113 state and municipal governments and agencies;
•    764 healthcare providers; and
•    89 universities, colleges and school districts, with operations at up to 1,233 individual schools potentially affected.

The incidents were not simply expensive inconveniences, according to the report, which noted that the disruption they caused put people’s health, safety and lives at risk. For example:
•    Emergency patients had to be redirected to other hospitals;
•    Medical records were inaccessible and, in some cases, permanently lost;
•    Surgical procedures were canceled, tests were postponed and admissions halted;
•    911 services were interrupted;
•    Dispatch centres had to rely on printed maps and paper logs to keep track of emergency responders in the field;
•    Police were locked out of background check systems and unable to access details about criminal histories or active warrants;
•    Surveillance systems went offline;
•    Badge scanners and building access systems ceased to work;
•    Jail doors could not be remotely opened; and
•    Schools could not access data about students’ medications or allergies.

“The fact that there were no confirmed ransomware-related deaths in 2019 is simply due to good luck, and that luck may not continue into 2020,” Emsisoft CTO Fabian Wosar said in the report. “Governments and the health and education sectors must do better. ”

Other effects of the incidents included:
•    Property transactions were halted;
•    Utility bills could not be issued;
•    Grants to nonprofits were delayed by months;
•    Websites went offline;
•    Online payment portals were inaccessible;
•    Email and phone systems ceased to work;
•    Driver’s licenses could not be issued or renewed;
•    Payments to vendors were delayed;
•    Schools closed;
•    Students’ grades were lost; and
•    Tax payment deadlines had to be extended.

In looking at how unprepared local governments are, a 2019 University of Maryland, Baltimore County research report based on data from a nationwide survey of cybersecurity in U.S. local governments, stated that, “Serious barriers to their practice of cybersecurity include a lack of cybersecurity preparedness within these governments and funding for it,” and that “Local governments as a whole do a poor job of managing their cybersecurity.”

The issues identified included:
•    Just over one-third did not know how frequently security incidents occurred, and nearly two-thirds did not know how often their systems were breached;
•    Only minorities of local governments reported having a very good or excellent ability to detect, prevent, and recover from events that could adversely affect their systems; and
•    Fewer than half of respondents said that they cataloged or counted attacks.

In some cases, governments failed to implement even the most basic of IT best practices, the report noted. For example, Baltimore experienced data loss because data resided only on end-user systems for which there was no backup mechanism in place.

According to the University of Maryland, Baltimore County's research, more than 50 percent of governments identified “lack of funding” as a barrier to cybersecurity and this is almost certainly an issue in the education and healthcare sectors, too. “Resolving the problem may simply require that organizations reallocate their existing budgets, or it may require that additional funding be provided either by federal or state government. In either case, it is an issue that must be addressed,” researchers concluded.
   
While 966 government agencies, educational establishments and healthcare providers were impacted by ransomware in 2019, the report noted that not a single bank disclosed a ransomware incident.

“This is not because banks are not targeted,” researchers noted. “It is because they have better security and so attacks against them are less likely to be successful. If government agencies were simply to adhere to industry-standard best practices — such as ensuring all data is backed up and using multi-factor authentication everywhere that it should be used — that alone would be sufficient to reduce the number of successful attacks, their severity and the disruption that they cause.”
 
As Wosar pointed out, “2020 need not be a repeat of 2019. Proper levels of investment in people, processes and IT would result in significantly fewer ransomware incidents and those incidents which did occur would be less severe, less disruptive and less costly.”
 

Proactively going head-to-head with cyber threats

 - 
Wednesday, December 18, 2019

I recently read an article stating that the biggest cyberattack of 2020 has already happened. Needless to say, this sparked my attention, plunging my mind into thoughts of sophisticated cybercriminals who have already hatched a plan attack that’s just sitting in wait, ready to emerge when prompted. While I don’t promote, condone or encourage using scare tactics as a way to educate others and prompt them to take action, this does sound a bit scary; so, I reached out to some cybersecurity experts and members of SIA’s Cybersecurity Advisory Board to better understand and learn what you and I can do to protect ourselves going forward. 

“The most successful cybercriminals are the ones you don’t even know are there,” Tiffany Pressler, senior manager, HID Global, said. 

Min Kyriannis, head, Technology Business Development, Jaros, Baum & Bolles further explained: “Typically, hackers will remain dormant in someone’s network until a sequence or signal is sent to initiate the attack.”

To better understand a cyberattack, Pressler explained the Cyber Kill Chain, eight recognized phases that most cyberattacks go through. The phases are: 

  1. Reconnaissance
  2. Intrusion
  3. Exploitation
  4. Privilege escalation
  5. Lateral movement
  6. Obfuscation/anti-forensics
  7. Denial of service
  8. Exfiltration

“Each phase offers an opportunity to stop the attack, but most aren’t aware that a breach has happened at any of these phases until months or years after the breach has occurred,” Pressler explained. “Based upon that logic, any breach impending in 2020 is probably already significantly down the list of phase stages.” 

This doesn't mean doom and gloom, but rather, a sort of "heads up" to take action now to protect yourself for what you already know is coming.

One of the biggest complaints people talk about is identity theft, so Kyriannis advised to see what services are available. “Following the Equifax data breach, there are free services provided to lock your credit report, for example TrueIdentity,” she said. “Always ask questions about how companies your working with are security the information you’re providing them. I set alerts on my credit cards so that when I use them, a text message is sent to my cell phone.”

Pressler also offers some simple, proactive actions to take now: 

  • Turn on multi-factor authentication for any and all applications and devices. 
  • Use a password manager to help you remember and not reuse passwords. 
  • Always use complex passwords consisting of letters, upper- and lowercase, numbers and symbols. It’s best when your password does not equate to a readable word, sentence or name. 
  • Never click on links in emails or text messages. 
  • Hover over links to reveal the full URL to see if it goes to a legitimate domain, owned by a company.
  • Secure links with a link scanner, such as Norton SafeWeb or ScanURL.
  • Never give out information through webpages launched from a link. Always go to a company’s homepage and log in there.

“If you’re proactive about setting these measures, you’re making it harder for the cybercriminals, but you’re also giving yourself a chance to recover quickly,” Kyriannis encouraged.

New research on state of security convergence

 - 
Wednesday, December 18, 2019

Security convergence has emerged as one of the most discussed and debated topics over the past few years in security, becoming a theme and backdrop that enters into, and many times, dictates conversations among top thought leaders in the industry today.

That is why I was excited to dive into new research from the ASIS Foundation, which just published its State of Security Convergence in the United States, Europe and India.

What I like about a study like this is it gives the industry a way to measure where we are in this security convergence movement, which is also part of what is being described by many outside and within security as the digital transformation.

Interestingly, although many are talking about “convergence,” ASIS found that only 24 percent of study respondents have converged their physical and cybersecurity functions. When business continuity is included, a total of 52 percent have converged two or all of the three functions. Of the 48 percent who have not converged at all, 70 percent have no current plans to converge.

“For years, security practitioners have accepted that organizations are increasingly converging their physical security and cybersecurity functions,” said Brian Allen, CPP, president, ASIS Foundation Board of Trustees. “This study collected current data to measure trends and progress with converging environments. What we’ve learned is that, although convergence has brought positive results, there is still much work to be done.”

Not surprisingly, the study found that security convergence produces tangible positive benefits, with 96 percent of organizations that converged two or more functions (physical, cyber and/or BCM) reporting positive results from the combination, and 72 percent saying that convergence strengthens overall security. In addition, 44 percent of converged organizations report no negative results from converging. Even in companies that have not converged, 78 percent believe that convergence would strengthen their overall security function.

While saving money is not the primary motivation for convergence, a key driver and benefit of convergence is the desire to better align security strategy with corporate goals, ASIS noted in the executive summary. When asked, “which of the following factors might convince you to converge?” the number one answer cited by 38 percent of those who had not yet converged was “better alignment of security/risk management strategy with corporate goals.” This was also considered the most positive benefit by 40 percent of the respondents that already converged two or more functions, the study found.

Interestingly, the main barriers to convergence were “turf and silo issues,” said one survey respondent. “Everyone wanted to safeguard his responsibilities, his people, his budget, his prestige and his importance to the company.”

Using survey responses from more than 1,000 security leaders from around the globe — plus more than 20 follow-up interviews — the study analyzes the relationship between physical security, cybersecurity and business continuity in modern organizations. It provides relevant benchmarks to compare strategies, plans and operations and determine best practices for creating more effective and cost-efficient security and risk operations.

The study’s executive summary is available free here. The full report is available here for purchase and is complimentary for all ASIS members.

Supported by member and corporate donations, the ASIS Foundation invests in elevating security practice through research and education. The Foundation awarded more than 170 scholarships in 2019 totaling more than $75,000.

ISC East resurgence continues

 - 
Wednesday, December 4, 2019

ISC East 2019, held at the Jacob Javits Center in New York City Nov. 20-21, continued to build on the positive momentum and growth it has experienced over the past few years, bringing more than 7,600 security and public safety professionals — up 6 percent from 2018 — together to discuss new trends and solutions, to celebrate industry successes and leaders and better define the roadmap for security moving forward.

The 2019 event welcomed 350 leading security brands, including more than 100 new companies and brands, covering 130 security product categories. Activity on the show floor was brisk with good traffic and networking going on throughout both days and many exhibitors commenting that they were pleased with the quantity — and quality — of security professionals in attendance.

Will Wise, group vice president, Reed Exhibitions, told SSN before and during the conference that he is excited to see all of ISC and SIA’s hard work translate into continued growth of the show.
  
“We have been working hard the last 4-5 years to really infuse more innovation and continue to drive growth and momentum into ISC East,” Wise told SSN. “ISC East has been on a nice growth trajectory, especially the last few years, even making the Trade Show Executives Fastest 50 Growing Events list the last couple of years.”

He continued, “There has been a lot of good work in regard to better content, growing the exhibitor list, which this year was at approximately 350 exhibitors (up from about 280 in 2018) — a huge uptick versus 3-4 years ago. When you have better content, more exhibitors with an even more diverse number of solutions, those are all add up to a great recipe for success.”

Mary Beth Shaughnessy, event director for ISC Security Events, also noted that ISC East has been on the upswing for the past few years and continues to grow. "This year kicked into a new level of success, with expanded product offerings and content, we’ve secured the spot as the largest Northeast converged security Show. Education tracks were created to provide attendees with greater opportunity to connect and learn with their cross-functional security & public safety industry peers both on the IT and Physical security side of their organization. Attendees left the Show with the insights and knowledge needed to defend and protect against new and emerging threats.”

Wise pointed out that the show also benefitted from co-locating for the second year with Infosecurity ISACA North America, and from the increased relationship with ASIS NYC Chapter, which officially supported ISC East this year and will continue to expand the partnership next year, he said.

ISC East, in collaboration with Premier Sponsor the Security Industry Association (SIA), also featured a SIA [email protected] East program with more than 20 complimentary sessions with practical and in-depth content on converged security, cybersecurity, computer vision & AI, physical security and more.

Wise shared with SSN the Top 5 ISC East Breakout Sessions:
•    We Sneak Into High Security Buildings and Get Paid For it;
•    AI for Video Surveillance: Technology Overview and Future Directions;
•    Video Analytics: The Next Advance in Secure Access Control;
•    Implementing Converged Security, a Process - Bringing it All Together; and
•    Achieving Comprehensive Facility Security

Additionally, the SIA [email protected] East program offered two prominent female Keynote Speakers for the first time at ISC East — Deanne Criswell, commissioner of the New York City Emergency Management Department, and Angela Stubblefield, chief of staff at the Federal Aviation Administration (FAA).

“The 2019 SIA [email protected] East program was a great success, with enthusiastic attendees taking part in our education sessions, engaging keynotes and hands-on workshops covering cutting-edge topics like the drone security policy landscape, technologies driving smart cities and IoT security at the edge," said SIA CEO Don Erickson. “Additionally, industry leaders gathered at SIA’s Return on Security breakfast to learn how solutions providers find business benefits beyond security, and the SIA Women in Security Forum hosted a dynamic breakfast and discussion on achieving true diversity and inclusiveness in the security workforce.”

In addition to the busy expo floor, engaging sessions and keynotes and special events, one of the highlights for ISC East, as it is each year, is SIA Honors Night, where the who’s who of the industry gathered to celebrate SIA’s 50th anniversary and honor some of the movers and shakers in the industry.

SSN was honored to be in attendance and extends our congratulations to Honors Night award recipients:
•    George R. Lippert Memorial Award: Steve Van Till, co-founder, president and CEO, Brivo;
•    Jay Hauhn Excellence in Partnerships Award: Andrew Lanning, co-founder, Integrated Security Technologies;
•    Insightful Practitioner Award: George Anderson, director of World Trade Center security for the Port Authority of New York and New Jersey;
•    SIA Progress Award: Maureen Carlo, director of strategic alliances, North America, BCDVideo; and
•    Mission 500 Partner Innovation Award: Jeff Gardner, president and CEO, Brinks Home.

SIA also honored Sandra Jones, founder of Sandra Jones and Co. (SJ&Co), who announced her retirement after 45 years in the security industry. Jones has been a pioneering spirit in the industry, serving as a mentor to many and giving back to the industry, most prominently helping lead the Security Industry Association for nearly 40 years.

Overall, ISC East continues its resurgence as the top security show in the Northeast, providing a unique experience that you can’t find at ISC West, for example.

“One of the ways that ISC East has been able to differentiate itself from ISC West is taking on characteristics and personality of the NYC-area and overall Northeast market for security and public safety, which as we know, is a massive market with urgencies for security and safety,” Wise said. “Our attendee data shows a less than 10 percent overlap of attendees with East versus West, which is really good, as we are providing a unique audience for exhibitors.”

ISC East 2020 will take place Nov. 18-19, 2020 at its continued home base, New York City’s Jacob K. Javits Center.

 

Safest cities in America, 2019

 - 
Wednesday, December 4, 2019

Did you know that nearly half of the U.S. population fears being a victim of a mass shooting? According to an August 2019 Gallup poll, 48 percent of U.S. adults are “very” or “somewhat” worried, which is up 9 percent after a gunman killed 58 people in Las Vegas in 2017. While each of us takes on a certain level of risk no matter where we choose to live, and of course, unfortunately, none of us can avoid danger all the time, some cities are better at protecting their residents. 

WalletHub, a personal finance website, compared 182 cities across the nation, including the 150 most populated U.S. cities in addition to at least two of the most populated cities in each state. One of the three dimensions measured was “home & community safety,” containing metrics such as number of mass shootings, presence of terrorist attacks, thefts per capita and more. Each metric was graded on a 100-point scale, with a score of 100 representing the highest level of safety. 

The results are as follows. 

The top 5 safest cities based solely on the “home & community safety” dimension:

  1. Yonkers, New York
  2. Plano, Texas
  3. Columbia, Maryland
  4. Irvine, California
  5. Aurora, Illinois

The top 5 least safest cities based solely on the “home & community safety” dimension:

  1. Philadelphia, Pennsylvania
  2. St. Louis, Missouri
  3. Detroit, Michigan
  4. San Bernardino, California
  5. Baton Rouge, Louisiana 

The top 5 safest cities based on overall score, including all three dimensions: “home & community safety,” natural disaster risk,” and “financial safety,”: 

  1. Columbia, Maryland — 85.33
  2. Yonkers, New York — 84.80
  3. Plano, Texas — 83.54
  4. Gilbert, Arizona — 83.44
  5. South Burlington, Vermont — 83.33

The top 5 least safest cities based on overall score, including all three dimensions: “home & community safety,” natural disaster risk,” and “financial safety,”:

  1. Baton Rouge, Louisiana — 56.26
  2. Detroit, Michigan — 56.07
  3. San Bernardino, California — 53.93
  4. Fort Lauderdale, Florida — 45.88
  5. St. Louis, Missouri — 42.90

Where does your city or nearest city rank? Click here for an interactive map. 

Per Mar expands in Nebraska with latest buy

 - 
Wednesday, November 27, 2019

Per Mar Security Services, parent company to Midwest Alarm Services and a provider of total security solutions for residential and commercial clients based in Davenport, Iowa, recently acquired NECO Security based in Lincoln, Neb. The deal brings more than a half century’s worth of business and expertise into the Per Mar family.

Founded by Don Nielsen in 1957, NECO Security specializes in residential and commercial burglar and fire alarm systems in the Lincoln area. Nelson said that after 63 years in the Fire Alarm/Security industry, he is excited about “a new season” for the Nielsen family

“After careful thought and consideration, as our customers are of utmost importance, we have selected Per Mar as our successor,” Nielsen said. “Per Mar has a UL Listed, FM Approved, TMA 5 Diamond Certified Central Monitoring Center, and offers an expanded range of services to our customers. In addition, Per Mar’s company, Midwest Alarm Services, is a Premier Notifier Distributor … thus completing the perfect fit.”

Brian Duffy, COO of Per Mar Security Services, is equally excited to continue the tradition that NECO has built over the past 62 years.

“The Nielsen family has built a great company in Lincoln through years of hard work and excellent service,” he said. “We are honored that they are placing their trust in us to be stewards of the business.”

NECO Security’s Project Manager, Bill Thomas, and their technicians will be joining Midwest Alarm Services, serving customers out of Per Mar and Midwest Alarm Services local Lincoln, Neb. office.

“We are excited to have NECO Security join our organization,” said Midwest Alarm Services President Doug Richard. “NECO and Midwest Alarm Services were two of the original Notifier dealers in the U.S. The NECO team will be a great cultural fit as they have been working together for decades and have a customer first mentality. We are looking forward to working with them to continue to deliver the best service in the industry.”

The tale of ‘Black Friday’ plus 9 safety tips

 - 
Tuesday, November 26, 2019

Did you know the first recorded use of the term “Black Friday” was used to describe a financial crisis in the 1800s? How’s that for some Thanksgiving trivia to share with family and friends around the turkey this year? 

History of 'Black Friday'

As the story goes, the gold market crashed on Friday, September 24, 1869 when two notoriously ruthless Wall Street financiers, Jay Gould and Jim Fisk, teamed up to buy as much of the nation’s gold as they possibly could, according to the History Channel. Gould and Fisk hoped it would drive up the price of gold so they could sell it for bewildering profits, but instead, the conspiracy unraveled, sending the stock market into a free-fall, bankrupting everyone from Wall Street barons to farmers. 

More recently, and more related to the modern-day “Black Friday,” is the story of the Philadelphia police in the 1950s, who used the term to describe the chaos that ensued the day after Thanksgiving when hordes of suburban shoppers and tourists flooded into the city prior to the big Army-Navy football game. Philly cops were forced to work extra-long shifts to deal with the additional crowds and traffic, and shoplifters, who would take advantage of the pandemonium in stores to make off with merchandise. 

By the early 1960s, the term “Black Friday” had caught on in Philly, as the city’s merchants tried desperately, but to no avail, to change it to “Big Friday” to remove any negative connotations related to the day. But it was the 1980s to the rescue! Retailers reinvented Black Friday by offering one-day sales, freebies, fun family events, etc. and since, it has morphed into a four-day event, spawning even more shopping-related holiday extravaganzas including “Cyber Monday” and “Small Business Saturday.”  

Shopping safety tips

Needless to say, present-day shoppers have more risk to manage during their retail therapy experiences, not only physically but digitally. Mat Newfield, CISO of Unisys, offers some tips to keep you and your loved ones safe while shopping, with added commentary from yours truly: 

  1. Only shop with official retailers and websites you trust. If you haven’t verified that a website is who they portray to be, even if they’re offering the top toy of the year at a whopping 75 percent off, move on to a trusted site. 
  2. Make sure the website shows the security padlock icon in the browser and that the address begins with “https://”. (Remember “s” in the addy means “secure.”) 
  3. If shopping away from home, for example, in a local coffee shop while sipping on your favorite beverage, be sure your mobile device is updated and avoid unsecure Wi-Fi networks. 
  4. Keep your phone charged at all times in case of emergencies. Consider bringing along a portable charger to avoid plugging into a random USB port you may find. 
  5. Check local authorities’ alerts. Sign up to receive updates on traffic or news of any potential disturbances with local news and/or radio stations. 
  6. Where ever you choose to shop, especially if you are going at it alone, let someone you trust know your destination plans. 
  7. As soon as you walk into a store, survey your surroundings and make sure you know the location of all exits. 
  8. Stay alert. Have fun and enjoy, but be vigilant for suspicious activity happening around you. 
  9. In an emergency, stay calm and move to the edges of crowds. Don’t allow yourself to get caught in the middle of something unsafe.

What images and color(s) represent the word ‘cybersecurity’?

 - 
Tuesday, November 19, 2019

Some studies have found that the human brain actually processes words by recognizing each word heard through the ears and seen with the eyes as an individual picture. I know when I’m listening to a podcast or lecture, the radio, reading something, etc. and I hear or see a word that is delightful to me, my mind engages, blooming a series of images that represent that word. In other words, I see pictures in my mind related to what I heard or saw.

Let’s say, for example, you just heard the word ‘cybersecurity.” What images popped into your mind? For me, it’s images of hooded people in basements crouched over a laptop, padlocks, computers with data flying out of it as if it’s being stolen, etc. 

Believe it or not, how people “see” the word cybersecurity is a big deal, as images can conjure up false realities of what it actually is and encompasses. And, with digital being such a major part of our lives, pictures/images provide the visual communication we are accustomed to.

The Daylight Security Research Lab, part of the Center for Long-Term Cybersecurity at U.C. Berkeley, compiled a dataset of the most common cybersecurity-related images used on the Internet during a two-year period of Google Image Search results for 28 terms related to privacy and cyber security. Every week for two years, the research team entered terms, such as cybersecurity, camera surveillance, camera privacy and more (you can see all 28 here) into a custom Google Search Engine (Google CSE). For each term searched, 100 images were scraped using a script, resulting in three sets of search terms each aimed at the following: 

  • Set 1: general technologies, technical themes or topics;
  • Set 2: representations of abstract ideas or practices; and
  • Set 3: Dave Eggar’s book, “The Circle,” which at the time of the study was a best-seller and represented topics of interest related to this study. 

Though the Berkeley researchers are continuing to analyze the seven gigabytes of collected imagery data, preliminary analyzations found that the most common colors used in cybersecurity imagery online are blue, grey, black and red, while padlocks and abstract network diagrams are the most common images. 

In my opinion, fear should not be the driver that encourages people to take action to stay safe. Yet, this research shows that the majority of images and colors related to cybersecurity do just that. Dark colors, in this case, blue, grey and black, are frequently associated with evil, mystery and fear. Red is often associated with danger. Just these four colors alone can communicate and evoke fear, and when used along with padlocks and images of computer networks, the message is clear: cybersecurity = fear. 

People should know the truth about cybersecurity —in words and in pictures — so that they can make educated decisions on how to best protect themselves, not fear mongered into it. Therefore, it’s important to create and use realistic imagery and pictures when it comes to discussing and presenting cybersecurity online. 

Do you agree or disagree? Why or why not?

Pages