Subscribe to

Blogs

Industry confidence skyrockets, SIA reports

 - 
Wednesday, July 31, 2019

Security industry confidence continues to rise with the summer temps, according to The Security Industry Association’s latest Security Market Index, a bimonthly measure and outlook for the security industry.

While confidence in the state of the market had already seen a bump in May with a Security Market Index (SMI) of 63, up from the March SMI of 60, hopes are even higher this month with a July 2019 SMI of 71, SIA reported, noting that any Index above 50 indicates that conditions within the industry are largely positive and that security industry professionals are predominantly confident in their business outlooks.

Special focuses of the July 2019 SMI include:
•    A continuously climbing SMI for security consultants;
•    Despite other sectors' increases, a dip in confidence for the video surveillance SMI;
•    Integrators increasing spending among decreases in overall confidence in business conditions; and
•    Expected security spending increases in government and education.

For its July SMI, SIA found that 48 percent of security professionals rated current business conditions as “excellent,” and 45 percent said they were “good.” Only 7 percent said conditions were “average,” and no Security Market Index respondents considered current conditions to be “fair” or “poor.” In May 2019, 49 percent of respondents said conditions were “excellent,” and 38 percent rated conditions as “good.” Eight percent said conditions were “average,” 5 percent rated conditions as “fair” and no Security Market Index respondents rated conditions as “poor.”

SIA noted that multiple respondents said that there is a strong demand from customers for security system upgrades, as well as new installations, while others pointed out the strong acquisition activity currently happening within the security market. And while the responses were mostly positive, some pointed out what they see as current issues in the industry. “While the economy appears strong, we’re seeing a lot of pressure to cut prices,” said a respondent working in the access control sector, who rated current business conditions as “good.” One respondent who works as an engineer in the industry rated current business conditions as “good,” but expressed worry over the U.S. president’s relations with Europe, saying, “Unnecessary business risk results.”

While numbers remained steady in most key factors (new orders; product/service sales; new product intro; and capital equip spend) this July, SIA found that the percentage of respondents who said they plan on increasing their number of employees or hours worked jumped to 76 percent, when only 56 percent said so in May.

Within the next three months, 90 percent of security professionals believe business conditions will be either “much better” or “a little better,” SIA found, with 10 percent expecting no change to business conditions, and zero Security Market Index respondents expecting conditions to be worse. This is slightly more optimistic than in May, when 87 percent expected improved conditions within three months.

When SIA asked which vertical market they think has the most potential for increased security spending in the next five years, many respondents to the July SMI answered government and education, with 24 percent answering government, and 21 percent answering education. Other answers included healthcare (17 percent), cannabis (10 percent), office buildings (7 percent) and energy (3 percent).
  
In regard to increased government business, SIA referenced a Dec. 2018 U.S. Government Accountability Office (GAO) report, Federal Building Security: Actions Needed to Help Achieve Vision for Secure, Interoperable Physical Access Control, which pointed out the need for improved security in government buildings and a government-wide approach to regulate access to controlled areas in federal buildings using access control systems such as card readers.   

“Implementation of physical access control systems at federal agencies represents a significant federal investment,” stated the report. “For example, over the next five years the Transportation Security Agency plans to spend about $73 million to implement physical access control systems . . . In addition, according to GSA officials, GSA has spent millions of dollars to test these systems.”   

School security has also proven to be a booming market for the security industry, with bills requiring security spending in schools and grants for security systems in schools being introduced at a rapid rate, SIA reported.  The education sector of the market for security equipment spending and services reached $2.7 billion in revenue in 2017, according to a 2018 report from IHS Markit, School Security Systems Industry – U.S. Market Overview. The market is expected to grow an average of 1 percent annually, reaching $2.8 billion by 2021. However, the report warns that since so much progress has been made in securing schools over recent years, security spending may actually slow in the market.

For the full Security Market Index, including a breakdown by segment click here

How to assess your company’s cybersecurity risk

 - 
Wednesday, July 31, 2019

It finally happened. Temps reached into the 100s in Dallas as Cyber:Secured Forum helped some security professionals stay cool inside The Westin Dallas Park Central while learning actionable takeaways and best practices related to maintaining and improving cybersecurity of security systems and solutions. While I gather my thoughts to bring you a detailed rendition of the past two days, now would be a great time to do a cybersecurity risk assessment on your system. 

Here are my “4 Preliminaries” (4Ps) to help you get started on your assessment:

  1. Perspective. Make a list of all information stored on your computer, online, in different apps and in the cloud, for example, work documents, apps, music, passwords, pictures, videos of your family, banking and credit card credentials, etc. Physically seeing how much precious data you have should be a wakeup call to protect it against cyber threats and attacks.
  2. Passwords. Make a list of all online accounts and their login credentials. 
  3. Peruse. Look through the list and carefully think about the value of each type of stored data. If it would be detrimental if anyone gained access or a particular piece or data or online account was lost, deleted or leaked online, put a star by it or highlight it. 
  4. Posture. Take a position of defense against cyberattacks, cybercriminals and cyberthreats. To start, make sure all the passwords on your list are strong to prevent access to your data. Each account needs a DIFFERENT, robust password consisting of at least 12 or more of the following: upper- and lower-case letters, and numbers and symbols in various combinations and locations within the password. 

Once you’ve completed the 4Ps, google the phrase “cybersecurity risk assessment checklist.” This tool is available for free from different organizations and businesses. Choose the checklist that resonates most closely with your business, or take bits and pieces of a variety of checklists to create a custom list. Then, using the information you’ve already gathered from the 4Ps, get started answering the questions. You’ll be well on your way to learning exactly where your company is postured for cybersecurity as well as areas that need improvement. 

 

Artificial Intelligence (AI) necessary to respond to cyberattacks

 - 
Wednesday, July 24, 2019

Being born in the late 70s, it’s been amazing to watch the evolution of computers, the Internet, cyber and the like. I remember sitting in my junior high computer class—7th grade, I believe. Working with Basic on an Apple 2e, I created white coding on a black screen that made a man (stick figure) jump, dance and run when the user got the correct answer to the math problem presented on the screen. That, my friends, was high tech! 

Now, the graphics are realistic and some even interact with voice; data is being produced and shared at the rate of zettabytes; and computers are turning into machine learners, all of which is absolutely amazing but at the same time scary as bad people have turned it into a free-for-all of mass hacking that is detrimental to people and society. 

Human security experts work tirelessly each and every day to keep people like you and me, and the world safe; however, being human, they have their limits. For example, cybersecurity involves repetitiveness and tediousness, scouring through big data to identify anomalous data points; long, exhausting hours of data analysis; and relentlessly monitoring data going in and out of enterprise networks. Enter the age of artificial intelligence (AI) penetrating into the cyber realm in terms of security, obviously known collectively as cybersecurity. Working along-side humans, AI can complement cybersecurity by performing the repetitive, tedious tasks; it can be trained to take predefined steps against attacks and learn the most ideal responses going forward; and AI is fast and accurate with data analysis. This enables and empowers human security experts to use their talents and skills on other projects to further enhance cybersecurity. 

Capgemini, a global leader in consulting, technology services and digital transformation, recently published “Reinventing Cybersecurity with Artificial Intelligence Report,” finding 61 percent of enterprises said they cannot detect breach attempts today without the use of AI technologies. That’s over half of the 850 senior executives surveyed from IT information security, cybersecurity and IT operations in seven sectors across 10 countries. And if that’s not eye-opening enough, check out these findings: 

  • 69 percent believe AI will be necessary to respond to cyberattacks; 
  • 73 percent are testing AI use cases for cybersecurity; 
  • 64 percent said AI lowers the cost and reduces overall time taken to detect and respond to breaches by 12 percent; and
  • 56 percent said their cybersecurity analysts are overwhelmed and approximately 23 percent are not able to successfully investigate all identified incidents. 

With numbers like these, it’s easy to see AI and machine learning are essential to cybersecurity now and into the future. So, here at SSN, we’ve taken a huge step to bring you the latest and greats cybersecurity news with the addition of a “cybersecurity” tab on our website. Yep, that’s right … a whole section dedicated to all things cybersecurity!

To get a taste of our cybersecurity content check out the articles “Federal government aims to modernize physical security practices” and “Data forensics: time is of the essence,” and as always, we value your feedback. 

 

 

Cybersecurity on tap at SSN

 - 
Friday, July 19, 2019

For the past few years here at SSN we have been paying more and more attention to cybersecurity and its role within physical security, looking at it from as many different security perspectives as possible — end user, consultant, specifier, commercial integrator, supplier — you name it and we’ve probably written about it!

With cybersecurity playing such a prominent role in physical security today, we have added a section on our site that is completely devoted to our cybersecurity coverage. The convergence of physical and IT security is happening, and what better place to stay up to date on the latest happenings in the cybersecurity space than right here at SSN.

Some of our recent cyber-related stories include a great piece from SSN Contributing Editor Lilly Chapa, who attended the recent SIAGovSummit, about how the federal government aims to modernize physical security practices. As she points out, government agencies intend to evolve their security approach to address changing technology, threats and budgets, including working closer with cybersecurity and IT professionals.

Another interesting story worth checking out is by SSN Managing Editor Ginger Schlueter, who spoke with Cyber Criminologist Dr. Peter Stephenson about the art of data forensics.

Plus, she will be attending Cyber:Secured Summit at The Westin Dallas Park Central, July 29-31, and providing full coverage of the event here on the site as well, which you can find by just clicking on the Cybersecurity tab at the top of the site.

Dive right in here.

Summing up the 2019 Genetec Press Summit

 - 
Wednesday, July 17, 2019

I’ve spent the last two days in Montreal, learning all about Genetec but also learning tidbits of powerful information about the security industry. I will be sharing my thoughts, observations and knowledge in the days to come, so stay tuned to our website. Here is a preview of what’s to come:

We sometimes take for granted how “precious an average day is and how much it takes just to make a day average,” Andrew Elvish, vice president, marketing & product management, Genetec said when it comes to ensuring safety and security each and every day. Further, we have to “make sure everything happens every day.”

Genetec does its part to ensure everything happens every day by creating security solutions as well as partnering with others who do the same. The company has a global footprint in which they grow organically and currently, it employees 1,500 people of whom speak 23 different languages. The company also invests 28 percent of their topline into R&D. Expansion efforts are focused on entering a market at the right place at the right time with an emphasis on building channels and channel partners.

Yesterday was filled with open, authentic discussions around hot topics within the industry with Genetec employees as well as people from outside the organization who work with Genetec. Topics of discussion included: the role of privacy in a digital democracy, the future of AI in security, privacy matters in security, ALPR and the role of parking in cities and a panel discussion about cannabis and security.

Today, I get the unique opportunity to visit the Montreal Casino’s command center to see security in action, demonstrating how everything happens every day.

Again, stay tuned to SSN’s website and print publication for in-depth coverage and knowledge sharing of this event.

North America to lead growing global stadium security market

 - 
Wednesday, July 17, 2019

The increasing focus on safe cities and securing sports events and concerts in stadiums is aiding expansion of the global Stadium Security Market. 

The global market was valued at $6.2 billion in 2017 and is expected to reach $16.1 billion by 2025, growing at a CAGR of 12.8 percent during the forecast period, according to a new report from Fortune Business Insights based in Pune, India.

The report, titled “Stadium Security Market: Global Market Analysis, Insights and Forecast, 2018-2025,” offers insights into the market and the rising importance on public safety and security in stadiums across the world. According to the study, stadium owners are now installing well-equipped security systems including metal detectors, intrusion alarm systems, access control systems, CCTV cameras, facial recognition systems and fire alarm systems.

“Technological advancements such as adoption of Internet of Things (IoT) in stadium security systems is expected to enhance the spectator experience,” noted one of the lead analysts on the study. “Upgradation of stadium security plan can offer a convenient and personalized experience to spectators and simultaneously ensures complete security.” Moreover, IoT adoption helps in the effective management of stadium infrastructure, contributing towards the growth of the market, he said.

As per seating capacity, stadiums with capacity between 30,000 and 50,000 are anticipated to grow at a rapid pace driven by rising number of events and concerts, growing at a CAGR of 13.4 percent and. On the other hand, stadiums with a capacity of less than 30,000 seats are projected to account for the highest share in the global market. However, this segment is anticipated to exhibit a CAGR of 12.5 percent during the forecast period.                     
                                                                         
North America is expected to lead the global Stadium Security Market in the forecast years. Predominantly, Canada and the U.S are on alert for terrorist attacks, which compels the stadium owners to adopt stadium security solutions. Rapid technological advancements in stadium security systems and growing demand for maintaining stadium infrastructure are driving the market in North America. The market in Asia Pacific is expected to gain an impressive share in the forecast years.
 
Increasing terrorist threats and pressing need for ensuring public safety are compelling companies to develop innovative and smart stadium security measures. “To gain an edge over strong competition, several leading players are installing stadium security systems at some major stadiums to maintain their position in the global market,” the research firm found.

The top 10 players covered two-third of the share in the global market in 2017, the study noted, including:
•    Avigilon Corp.
•    AxxonSoft
•    BOSCH Security Systems
•    CISCO Systems Inc.
•    Dallmeier
•    Genetec Inc.
•    Honeywell International Inc.
•    Intel Corporation
•    NEC Corporation
•    Rapiscan Systems
 

Five-year study of security alarms released

 - 
Wednesday, July 10, 2019

Fire is the biggest risk for both residential and commercial properties, followed by burglaries, which tend to spike in the summer and winter months, according to a new study completed by American Alarm and Communications of verified alarms from homes and businesses across Greater Boston and central New England.

“Given our monitoring footprint in New England, and our systems for tracking alarm events, we use this data to understand local trends and to help people better manage risk in their homes or places of business,” Wells Sampson, president of American Alarm, said about the study. “When we decided to look at five years of data, and saw the results, we felt there would be public benefit if we released the information so everyone in our region is aware of these trends.”

The study, entitled “Regional Security Report: Five-Year Study of Verified Alarms, 2014-2018,” analyzed data collected at the company’s monitoring center that tracks activity from its professionally installed and maintained security and life-safety systems at nearly 30,000 locations, primarily in greater Boston, central Massachusetts, Rhode Island and southern New Hampshire.

During the five-year period studied, 1,644 verified alarms occurred, including 532 fire alarms, 333 burglar (intrusion) alarms, 224 elevator entrapments and 185 panic alarms (also called hold-up alarms). A verified alarm is defined as a signal caused by an actual event that posed a threat and required intervention.

The following is a summary of results:
•    Fire is the biggest risk for residential and commercial property, followed by burglary;
•    Fire alarms spike in January and February, doubling the monthly average;
•    Burglar alarms are more frequent during the summer and winter months;
•    Burglar alarms are concentrated in late evening and overnight hours;
•    Panic alarms peak in the mornings and afternoons at banks, and in the late evenings at gas stations and convenience stores; and
•    Elevator alarms are mostly from commercial buildings and clustered during business hours.

For more information on the types and timing of alarms, see the report here.

Guiding IoT manufacturers to safer, more secure and private horizons

 - 
Wednesday, July 10, 2019

Featured in Time magazine’s “Top 10 Public-Service Announcements,” the popular one from the 1960s, 70s and 80s went something like this: “It’s 10pm … do you know where your children are?” Being the ripe age of 42, I vaguely remember the tail-end of this campaign where a celebrity or publicly known person — Joan Rivers, Jane Seymour, Darryl Strawberry, Paul Stanley, etc. —would appear on the TV screen at 10pm or 11pm, depending on location, and ask this almost sinister-like question of moms and dads waiting for their dose of the nightly news. During this time, several cities across the U.S. had adopted new curfew laws and this was the late-night reminder to parents. 

Since then, it’s been parodied several times: CNBC asks, “It’s 4 o’clock … do you know where your money is?” while Monster.com asks, “It’s 6 o’clock … do you know where your career is?” And, my personal favorite: “It’s 10am … do you know where your coffee is?” While these are fun and playful sayings and marketing tactics, there’s a lot of truth to be discovered by answering that simple, historical question that remains ingrained in society. So, I ask you, the IoT manufacturer, the security installer, the IoT user: “It’s 10pm … do you know what your IoT devices are doing?” If you can’t answer that question, you may have a security/privacy issue. 

In response to IoT devices, their security/privacy issues, and the lack of laws and governance of these little electronic baubles, several organizations have developed IoT “guidelines” to help developers create, manufacturers build, and consumers purchase and use more secure IoT products:

Security Systems Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Security Systems

By: National Institute of Standards and Technology (NIST) 

This publication, targeted toward security engineering professionals, provides principles and concepts, and how these can be effectively applied to the creation of IoT devices and other security-related device. It is recognized that no system can be engineered to by absolutely secure and trustworthy, but rather, the focus should be on “adequate security,” making sure the device address the users security concerns. 

With several free, downloadable publications related specifically to IoT security, the IoT Security Foundation is on a mission to “Build Secure, Buy Secure and Be Secure.” They offer a tool called “IoTSF Compliance Checklist” that helps IoT manufacturers create devices that are within contemporary best practices. The checklist opens as an Excel document, with tabs that take the person through the entire process of compliance, starting with assessment steps; includes device hardware, software, operating systems and interfaces; and concluding with issues such as encryption, privacy, cloud and network elements and device ownership transfer. 

IoT Security Guidance

By: The Open Web Application Security Project (OWASP)

With the familiar look of a Wikipedia page, this guide speaks directly to IoT manufacturers, developers and consumers, offering specific and general recommendations. It’s laid out in an easy-to-read chart and bullet point format. It addresses 10 key categories such as insecure web interface, poor physical security, privacy concerns and insecurity cloud interface; tells what security issues the manufacturer, developer and consumer should be aware of; and offers recommendations to remedy such issues. 

Future Proofing the Connected World

By: Cloud Security Alliance’s IoT Working Group

This PDF guide offers 13 steps to developing secure IoT products, but it also describes exactly why IoT security is needed and addresses some of the common security challenges for IoT users. The 13-step process starts with developing a secure methodology and ends with performing internal and external security reviews. 

IoT Security Guidelines and Assessment

By: GSMA

The goal of these guidelines and assessment is to help create a secure IoT market with trusted, reliable and scalable services. The guidelines include 85 secure design, development and deployment recommendations; security challenges, attack models and risk assessments, and examples while the assessment, based on a structured approach yet providing a flexible framework, address the diversity of the IoT market while addressing the whole ecosystem.

Demand for cloud-based solutions within security growing

 - 
Wednesday, June 26, 2019

One of the top themes at ISC West 2019 this past April was the increased adoption of cloud-based services, products and solutions. This month’s News Poll looked to gauge how the cloud is being adopted within security today, asking readers if they have seen the use of cloud-based solutions increasing.

Not surprisingly, 76 percent of respondents said they “get asked more and more,” for cloud-based solutions, while another 18 percent said they “see a slight uptick in interest.” Only 5 percent said they did not see “much traction yet.”

As one respondent summed it up, “Cloud is the Future. Either get on the bus or get run over by it.”

When looking at where readers see the greatest adoption of cloud, 57 percent said, “for video surveillance, storage and data,” 35 percent said “within access control,” and 8 percent said it is best suited “for cybersecurity/IT” purposes.   

“I have worked for a cloud-based access control provider for over 15 years. The rate of cloud adoption has never been higher for us,” Dave Williams, VP of Strategic Accounts for Brivo, wrote in. “There has always been multiple access control companies to fit specific vertical market needs, there will continue to be multiple providers. At some point, much like the sunsetting of DVR technology, access control servers will become a thing of the past. There might be a niche vertical some place that still holds on to older technology, but by far the vast majority will be Cloud.”

In terms of where the industry is at when it comes to the adoption of cloud, 32 percent of respondents said, “We are still in the early adoption phase,” while another 32 percent said, “It will all be cloud-based someday.” Interestingly, 37 percent of respondents said they “see a hybrid approach winning out,” which would include a combination of on-premise and cloud-based systems being used.

“There will be a long term need still for on-premise systems, due to bandwidth costs, and in enterprises where there is no Internet access to the video surveillance or access control systems permitted,” noted one respondent. “However, the market for software running on the Cloud will grow, since this allows the vendor to maintain the software system at its data center and frees up the Integrator or end user from periodic software updates.”

You decide: should 9-1-1 telecommunicators be classified as a “Protective Service Occupation?”

 - 
Wednesday, June 26, 2019

Being a part of the security industry as a journalist, it intrigues me as to the wealth of security-related knowledge floating around out there in cyberspace, magazine articles, books, newspapers, tv … any and all media outlets really. Take just a moment and think about this: at any given time, we can access information via our smart devices about any topic we choose. Seriously, let that soak in for a minute … 

The conclusion? Knowledge is power, as the saying goes; there’s even a Twitter hashtag dedicated to the adage: #KnowledgeIsPower. And, as I learned from my dad, it’s the one thing no one can take away from you. But I want to challenge this with: knowledge is power, but taking action based on that knowledge is powerful. Knowing something is only half the battle; it’s action taken because of knowledge that creates power-filled outcomes that truly supports, and adds truth and value to this concept.

With that in mind, The Monitoring Association (TMA) has joined with APCO International, the world’s oldest and largest organization of public safety communication professionals, calling on us — security industry professionals — to support a bill. To make an educated decision, we must gain knowledge: 

Name of the bill: 9-1-1 SAVES Act.

Type of bill: bipartisan, bicameral, simple and zero-cost.

What the bill would do: fix the federal classification by appropriately grouping Public Safety Telecommunicators with other “protective” occupations. 

Why this is important: our federal government currently classifies 9-1-1 operator positions as administrative/clerical, in the same group as secretaries, office clerks and taxicab dispatchers. While 9-1-1 operators do sit at desks, working on computers and phones, would you agree or disagree that this is an inaccurate classification and a disservice to the lifesaving work and dedication of these professionals?

TMA’s and APCO’s argument: Public Safety Telecommunicators should be classified as Protective Service Occupations. This includes a broad range of “protective” occupations such as lifeguards, gambling surveillance officers, fish and game wardens, parking enforcement workers, firefighters, playground monitors and more. These organizations believe reclassification is common sense, and about getting Public Safety Telecommunicators the recognition they deserve for the work they do every day to protect and save the lives of the public and first responders. 

Now that you have the knowledge, it’s time to take action. Here are your two choices: 

  1. Do nothing. After all, not taking action is in essence making a decision.
  2. Send a letter. APCO’s website offers a dynamic form where individuals can provide key contact information and the appropriate letter is sent automatically to your U.S. senators and representatives. (I just did. It literally takes less than 1 minute.) 
 

Pages