Subscribe to RSS - Security Industry Association

Security Industry Association

Formjacking, a newer way of stealing personal data online

 - 
Wednesday, October 16, 2019

Cyber Security Awareness Month is in full swing; social media is buzzing with extremely helpful content and resources, mostly of which is free to help businesses and individuals gain and stay in control of their digital worlds. As the saying goes, “you learn something new every day,” or you should. Through social media related to #NCSAM, #cybersecurityawarenessmonth and #BeCyberAware, I heard about a newer way hackers are stealing data – formjacking.

I knew the term “jacking” meant stealing, but combing it with the word “form,” it could mean a variety of things, so I reached out to my friends at the Security Industry Association (SIA) for some guidance. 

“Formjacking is the injection of malicious code into a seemingly trustworthy website form that relays a copy of the field inputs to an attacker,” Joe Gittens, director of standards, SIA, explained. “In these cases, the victim’s transaction with the trust source is not interrupted; however, information from the from, which could include sensitive data, is relayed to the attacker.” 

That literally gave me chills. I can’t speak for you, but I know I have filled out at least hundreds of forms in my digital life; reflecting back over my past 20 years, there’s no telling what data I’ve shared. And, with formjacking, here’s the kicker – there are no red flags for the average online user to look for. 

“Unlike with spoofing and phishing, there are very few tell-tale signs that a form has been compromised,” Min Kyriannis, head, technology business development, Jaros, Baum & Bolles and member of SIA’s Cybersecurity Advisory Board. In fact, the only way to detect formjacking is looking at the code, “and, unless you’re trained, it’s hard to detect,” Gittens said. 

It looks like the regular, every day Joe who is going online and filling out forms has absolutely no way of knowing his data could be at risk, although end users can self-sabotage through installing browser plug-ins, Gittens said. Therefore, it’s mainly up to the company behind the online form to ensure people and their data are protected. 

“Companies need to ensure that all software, plug-ins and any third-party applications or extensions have been vetted and check for vulnerabilities,” Kyriannis advised. “These need to be continuously checked, since software is constantly being updated.” 

It amazes me how smart cybercriminals/hackers truly are, and it’s important to never underestimate them. Think about it in these terms: once a threat is recognized and identified by the “good guys,” the “bad guys” have already moved on “looking for more covert ways to harvest data,” Gittens said, in a way that’s the “easiest to hide and what’s most lucrative” for them,” added Kyriannis.

Gittens identified partner trust as key and noted that formjacking can and has affected large and mom-and-pop institutions. “Just like with other attacks, understanding exactly what type of privileges a third-party service has on your website or your browser and only allowing the most trusted services into your ecosystem can help protect you and your business. Also, be careful about what types of information you are collecting in forms in case you are attacked. If you don’t have to collect sensitive data, don’t do it – contract a trusted third party to perform the transaction for you who has better security protocols in place and can provide you and your customers with assurances. The SIA Cybersecurity Advisory Board will soon look to provide guidance on how security stakeholders can foster more trust within the device and application ecosystem.”

Kyriannis concurs that trust is key, but “people with malicious intent will always find new ways to sneak under the radar. The industry must lead in bringing awareness to their clients, customers, etc., and self-awareness is critical – for end users, that means setting up security parameters for themselves,” such as tagging credit cards to constantly monitor charges. 

Formjacking Key Takeways

  1. Any and all information shared via an online form is at risk of being stolen. 
  2. The only way to detect formjacking is to look at the code. 
  3. Ensure software, plug-ins and any third-party applications or extensions have been vetted and regularly check for vulnerabilities.
  4. Understand the exact privileges a third-party service has on your website/browser. 
  5. If you don’t have to collect sensitive data, don’t. 
  6. Set up security parameters for yourself.

SIA announces Securing New Ground 2019 speakers

 - 
10/11/2019

SILVER SPRING, Md.—Top c-level executives and security directors will headline at Securing New Ground (SNG) 2019, October 29-30 in New York City at the Grand Hyatt New York in Manhattan, with topics ranging from the humanity of security to consumer trends to managing corp

Steve Van Till to receive SIA’s 2019 Lippert Award

 - 
10/08/2019

SILVER SPRING, Md.—The Security Industry Association (SIA) selected Steve Van Till, co-founder, president and CEO of Brivo, as the 2019 recipient of the George R. Lippert Memorial Award.

Maureen Carlo named 2019 recipient of the SIA Progress Award

 - 
Wednesday, October 2, 2019

The first thought that popped into my head when hearing about Maureen Carlo, director of strategic alliances – North America at BCDVideo, named as the recipient of this year’s SIA Progress Award: “It couldn’t have happened to a more deserving, humble and truly amazing individual.” 

Carlo and I met my first year in the industry – back in 2010-ish. After an encounter on Twitter and several tweets later, we became fast social media pals. Then, serendipitously, at my second ISC West in a rather obscure hallway, off the beaten path of the show, we found ourselves walking toward each other. Carlo recognized me and said, “Ginger?” And, I literally screamed, “Maureen!” as we gave each other a hug, having met for the first time in person. Since that moment, I have proudly called her my friend. (See how social media can bring people together?) 

It is truly an honor to be writing about Carlo, an industry veteran whose 15-year tenure includes roles at BCDVideo, Videotec Security, NeuEon, Venture Communications & Security and Wells Communication. Through her work in the industry and her seemingly magical way of building strong relationships with others, Carlo has developed an international reputation as a strategic electronic security and integrated systems leader. 

Carlo is dedicated to the advancement of SIA’s mission and serves as committee co-chair of the SIA Women in Security Forum, in which I, too, am a member. (I was so honored when Carlo presented me a membership pin and bag at ISC West at the Women in Security Forum’s breakfast!) Her passion for diversity and inclusivity in the security industry is inspiring, as she helps guide SIA’s efforts in engaging security professionals to promote, recruit and cultivate the leadership of women. 

“Joining SIA offered me the opportunity to connect with the most prestigious leaders in our industry, and together we have created a movement with the Women in Security Forum that is engaging and influencing our integrated security world through diversity and inclusivity,” Carlo said in the announcement. “I am inspired by this award and awed by the honor of receiving the 2019 SIA Progress Award. When we are dedicated to championing others and recognize values, vulnerability, courage and grit as part of the process, our partnerships and participation grow – the effects are force multipliers in bettering our workforce and advancing the next generation of our converged physical and cybersecurity industry.” 

Recent activities in which she helped organize and present lively networking and professional growth include a breakfast at ISC West 2019 and happy hour at GSX 2019; moderator of the ISC West session, “Being a Woman Business Owner in the Security Industry is an Advantage, Not a Disadvantage,” and panelist in the ISC East session, “Strategies for Successful Leadership in the Security Industry.” 

“SIA is thrilled to present the 2019 SIA Progress Award to Maureen Carlo in recognition of her strong dedication to furthering the growth of women in the security industry,” Don Erickson, CEO, SIA said. “Her enthusiastic efforts to elevate women in security through outreach, engagement and leadership have helped to grow the forum and shed light on challenges women face in the industry.” 

SIA’s Progress Award recognizes SIA members who have shown excellence in their advancement of opportunities and success for women in the security industry. Recipients are determined based on their contributions to fostering women in the industry, promotion of women’s professional growth though mentorship and/or sponsorship, recognitions and awards for activities and demonstration of the highest levels of professionalism and integrity in the industry. 

SIA will present Carlo with her award during SIA Honors Night, November 20, in New York City.

 

SIA, ALAS and CANASA coalition in favor of USMCA

 - 
09/11/2019

SILVER SPRING, Md. – The Security Industry Association (SIA), the Latin American Security Association (ALAS) and the Canadian Security Association (CANASA) have formed a coalition to urge the U.S.

SIA Statesman Award winners honored for their work

 - 
06/20/2019

SILVER SPRING, Md.—“… And the rest, they say, is history.” This is one of my most favorite quotes as it depicts a positive continuation of something that originated in the past.

Look for SIA’s ‘Top 8’ technology advancements on the ISC West showroom floor

 - 
Wednesday, March 27, 2019

Times are exciting and abuzz here at Security Systems News, with thoughts of ISC West and preparation taking place for booth visits, video interviews, happy hours and dinners, and connecting/reconnecting with industry professionals to learn about new trends and offerings available for security. Personally, I enjoy talking about industry trends, new technologies and where people predict the industry to be heading in the future. It’s quite fascinating when you stop to think about just 10 years ago and how far the security industry has come since. 

The Security Industry Association (SIA) shared the top eight technological advancements the organization feels is most significantly impacting physical and cybersecurity and public safety. Here’s what to look for on the showroom floor: 

  1. Cloud – Video surveillance as a service (VSaaS), specifically recording, storage, management, analytics and monitoring solutions in the cloud, especially residential video with low camera counts, according to Joseph Gittens, director of standards, SIA, via ISC West’s website.
  2. Artificial Intelligence (AI) – analytics applications for automated motion and trespassing detection, advanced algorithms performing identification and categorization within scenes and systems, and leveraging data from multiple sensors to help reduce false alarms and enhance home automation. 
  3. Robotics/autonomous systems – improvements in robotics and drones around AI, power storage and mobility, in which many companies are allowing users to pay for services provided by these security solutions.
  4. Mobile credentials – SIA predicts the public will become comfortable using these credentials to complete transactions other than access control. In turn, more commercial security installations should be seen along with systems migrating into unified systems that grant and manage access. 
  5. Security audio – specialized solutions that monitor and apply analytics to audio. Audio can also be a lucrative value add-on to video security systems. 
  6. Facial biometrics – look for solutions that provide acute verification accuracy and more affordability with these solution offerings.
  7. 5G LTE – glimpses of mobile video security solutions with public safety and smart cities applications. 
  8. Voice control – new home security and home automation products with existing or “coming soon” integration with voice control/smart speaker providers.

Let’s go on a treasure hunt at ISC West 2019! When you see one of these technologies in action on the showroom floor, take a picture or short video and tweet it to our hashtag #SSNTalks and tag our editors @SSN_Editor and @SSN_Ginger! 

SIA’s new conference AcceleRISE, inspiring the next generation security professional

 - 
Tuesday, February 12, 2019

The countdown to SIA’s new conference acceleRISE has begun with plans for security leaders to share ideas and inspire tomorrow’s up and coming young security professionals via coaching, business skill development and networking. This event is to take place August 14-16 at the Radisson Blu in downtown, Minneapolis.

Having never been to Minnesota and being the extreme foodie that I am, I did a little research and discovered a meat-centric American grill that I would totally check out — Butcher & The Boar. Glancing at their menu, offerings include:

      • Delectables to share: artisan cheeses, red wine jelly, house-made crackers and breads.
      • Tantalizing main meals: Wagyu ribeye, Filet Mignon, coffee-brined duck breast and smoked salmon salad.
      • Mind-boggling desserts: sweet potato cream brulee with orange coriander, dark chocolate ganache baked tart accented with mascarpone … the list goes on and on. I mean, you’ve got to stay properly nourished to soak up all the knowledge of this event’s keynotes, panel sessions, team-building    exercises, peer networking and workshops!

“Finding and keeping qualified talent is the number one issue facing SIA members and the industry,” CEO of SIA, Don Erickson, said in a press release. “AcceleRISE will provide young security professionals with a compelling learning experience, ignite new thinking, strengthen leadership skills, sharpen business acumen and ultimately propel attendees forward as stronger contributors to their employers’ success.”

With topics such as introducing the security industry ecosystem, project and time management, inspiring yourself to innovate and more, attendees will walk away with:

       • Insight into leadership, business and soft skills development;
       • Understanding of emerging security trends and principles of critical thinking; and
       • Insight from accomplished security professionals, offering real-life examples of security-related career paths.

“Today’s young professionals bring a unique perspective to the workplace,” Erickson told SSN. “They are creative and critical thinkers who will become stronger contributors to engineering, sales, marketing, customer service and project management teams by having access to the compelling experience offered through AcceleRISE. Designed by young professionals with input from managers, this event will complement the quality educating and training offered by employers today.”

Security Systems News is honored to be a participant in this event to continue to engage with the young security professionals of tomorrow.
 

New privacy initiative, headed by ADT, to establish home security standards, best practices

 - 
Tuesday, January 29, 2019

Yesterday in the United States, Data Privacy Day 2019 was celebrated. On social media, tweets flew by offering tips on how to protect data against hackers. Security professionals and enthusiasts on LinkedIn discussed the topic at hand while top privacy leaders, such as the National Cyber Security Alliance Executive Director, Kelvin Coleman; Eva Velasquez, president and CEO, Identity Theft Resource Center; and CEO Larry Magid of Connect Safely, among others, convened in San Francisco for an afternoon of focused discussion about opportunities and challenges for data security moving forward. 

Yes, yesterday was quite the day for data security. However, we must recognize that securing data is a 24/7, 365 day a week operation. Google “data security breach” and incident after incident will pop up … for me, it was about 117 million in .75 seconds. Recently, Ring was outed by major news outlets for Ukraine engineers and executives at Ring having “highly privileged access” to live customer camera feeds — both doorbell cameras and in-home cameras — around the world, while a NEST camera was hijacked with a voice warning a California family that three missiles from North Korea were headed to the U.S., which, of course, was not true, but I can imagine sent the family into sheer panic. 

With breaches such as these, among the millions of other data breaches and exposed records in the United States alone, ADT in partnership with SIA, The Monitoring Association, Electronic Security Association, the Internet Society’s Online Trust Alliance and TrustArc are creating a new consumer privacy initiative.

“Alongside industry organizations and partners, we will be outlining privacy and ethics priorities for the industry, creating an external and internal advisory board, and updating our promise to customers: ‘At ADT we are dedicated to your safety, and helping take care of what you value and cherish most in your life: your loved ones, your property and your privacy,” ADT’s CEO, Jim DeVries, said in an internal company memo that went out to all 19,000 ADT employees and to SSN, exclusively. 

In the coming months, the initiative is focused on the following key objectives, the press release said. 

  • Adopting a set of industry-wide best practices that are customer-centric and drive transparency. 
  • Working with dealers, partners and other industry organizations on enhanced privacy and ethical standards for our industry. 
  • Programs focused on privacy, ethics and transparency. 

ADT is also soliciting participation from other organizations who are interested in helping to drive the objectives. 

So, how do you think this initiative will help with data security? 

Let’s discuss!

 

SIA reveals Securing New Ground 2019 details

 - 
12/05/2018

SILVER SPRING, Md.—The Security Industry Association recently announced that next year’s Securing New Ground conference will be held Oct. 29 to 30, 2019, at the Grand Hyatt New York in New York City.

Pages