Subscribe to RSS - SIA

SIA

Cybersecurity benchmarking study released

 - 
Wednesday, October 17, 2018

A new benchmarking study of the cybersecurity practices and initiatives of global organizations provides insight into the cyber landscape today and moving forward over the next few years. The study, called The Cybersecurity Imperitive, was produced in partnership with ESI ThoughtLab and WSJ Pro Cybersecurity and is sponsored by Security Industry Association (SIA) and several other partners.

“As validated by SIA’s just-released 2019 Security Megatrends—highlighting the top factors influencing both short- and long-term change in the global security industry—security companies see cybersecurity as the dominant trend shaping the industry,” SIA CEO Don Erickson said in an email announcing the study. “Having these clear benchmarks around cybersecurity not only facilitates the advancement of cybersecurity within your own organizations, but it also allows firms like yours to deliver appropriate solutions to your customers.”

One key finding in the study is that digital transformation is exposing companies to higher and more costly cyber risks. For example, those whose cybersecurity practices do not keep pace with their digital transformation initiatives are more likely to see $1 million or more in losses from cyberattacks. The research showed that cyber risks rise dramatically as companies embrace new technologies, adopt open platforms and tap ecosystems of partners and suppliers.

“Companies need to make sure that their cybersecurity programs keep pace with their digital transformation effort,” Lou Celi, CEO of ESI ThoughtLab and director of the study, said in the announcement. “Cybersecurity should not be an afterthought. It needs to be integrated into the fabric of an organization’s growth strategy.”

According to the study, there will be an increase in cyber-threat vectors by 2020, including:
•    Attacks through partners, customers and vendors (247% growth)
•    Supply chains (+146%)
•    Denial of service (+144%)
•    Apps (+85%)
•    Embedded systems (84%)

Surveyed companies see high risks from external threat actors, such as unsophisticated hackers (cited by 59% of firms), cybercriminals (57%) and social engineers (44%), but the greatest threat lies with untrained general staff (87%). Another 57 percent of firms see data sharing with partners and vendors as their main IT vulnerability. Nonetheless, only 17 percent of companies have made significant progress in training staff and partners on cybersecurity awareness.

The study also cites the leading cyber-threat vectors in 2018, which are:
•    Malware (81%)
•    Phishing (64%)
•    Ransomware (63%)
•    Viruses (62%)
•    Attacks from Apps (62%)

Another key finding is companies are boosting their cybersecurity investments. To cope with rising cyber risks, surveyed companies are increasing their cybersecurity investment by 7 percent this year and 14 percent next year. The biggest upsurge will come from platform companies, which are hiking their spending 59 percent this year and 64 percent next year. On average, companies with revenue between $250 million and $1 billion will spend $2.9 million next year; $1-5 billion ($5.7 million); $5-20 billion ($10.7 million); and $20 billion+ ($16.8 million).

According to the study, companies now use a variety of technologies to improve cybersecurity, such as multi-factor authentication (90%), blockchain (68%), Internet of Things (62%) and artificial intelligence (AI) (44%).

Security Systems News’ Class of 2017 “20 under 40” winner Ryan Fritts, CISO, ADT, said, "We are using AI in our access and entitlement management to analyze the behaviors of end-users and determine whether or not their behaviors are risky."

Over the next two years, studied firms indicated they plan to greatly expand the use of the following technology solutions:
•    Behavioral analytics (+1,735%)
•    Smart grid technologies (+831%)
•    Deception technology (+684%)
•    Hardware security and resilience (+114%)

The study also found that as corporate cybersecurity systems mature, the probability of costly cyberattacks declines. Cybersecurity beginners have a 21.1-percent probability of cyberattacks generating over $1 million in losses versus 16.1 percent for intermediates and 15.6 percent for leaders.

"Security is a holistic discipline. You need to manage both physical and cyber risks,” Joseph Gittens, SIA director of standards, and Cybersecurity Imperative study advisor, said in a prepared statement. “You could have the best physical security ever—guards, gates, guns and surveillance—but if someone can access your network from the comfort of their living room, it's not doing anything. The reverse is true as well. You could have a ton of cybersecurity but fail to lock down your physical space."
 

Larry Folsom recognized with SIA award

Folsom to receive Jay Hauhn Excellence in Partnerships Award
 - 
10/17/2018

SILVER SPRING, Md.—SIA recently named Larry Folsom as this year’s recipient of the Jay Hauhn Excellence in Partnerships Award, which recognizes security professionals who foster collaboration in the industry. The award will be presented at the SIA Honors Night on Nov. 14 in New York City.

Securing New Ground names keynotes

 - 
Wednesday, August 29, 2018

SILVER SPRING, Md.—The Security Industry Association (SIA) has announced the keynote speakers for its annual executive conference, Securing New Ground (SNG), where more than 250 senior-level industry leaders and financial partners will gather at the Edison Ballroom in New York City, Oct. 25-26.

Jerome Pickett, senior vice president and chief security officer at the National Basketball Association (NBA), and Valerie Thomas, executive information security consultant for Securicon, will give remarks at the event, which brings together industry leaders and key players for two days of information sharing, networking and business analysis.

Thomas, also an ethical hacker and author, will speak at 11:15 a.m. on day 1 of the conference about securing the future of physical security, and Pickett’s remarks at 4:00 p.m. that afternoon will share global lessons from the NBA’s security program, how he’s handling disruptive technologies and using intelligent security solutions to prepare for threats and more.

“Each year, SNG attendees get to dive deep into the security trends that matter to them, and this conference helps them clarify business strategies and drive their business forward,” Don Erickson, SIA’s CEO, said in the announcement. “We are excited to welcome Jerome Pickett and Valerie Thomas to SNG 2018, where attendees will gain top insights from these distinguished security leaders.”

In addition to the keynote addresses, SNG 2018 will feature many engaging discussions and events, including:

•    The View from the Top: Challenges for Today’s Security Industry Leaders
•    Harnessing Cyber-Physical Security Technologies
•    Securing the Future Generation of Security
•    The Smart City of the Future Will Be Conscious
•    Investment Insights: Perspectives from Wall Street and Private Equity

Click here for more.
 

New guide on securing intelligent buildings available

 - 
Wednesday, August 8, 2018

SILVER SPRING, Md.—The Security Industry Association (SIA), in partnership with the ASIS Foundation and the Building Owners and Managers Association (BOMA) International, jointly released guidance for practitioners in the security and building management fields. Intelligent Building Management Systems: Guidance for Protecting Organizations provides a framework to help decision makers assign a risk-based criticality or impact to their building and asks relevant security questions to develop appropriate mitigation strategies. It also serves to establish a common language between the many intelligent building stakeholders.

The guidance is based on original research, Building Automation & Control Systems: An Investigation into Vulnerabilities, Current Practice and Security Management Best Practice, by David J. Brooks, Michael Coole and Paul Haskell-Dowland of Edith Cowan University in Perth, Australia. The research provides an exhaustive overview of identified intelligent building critical vulnerabilities and mitigation strategies.

“The ASIS Foundation is delighted to work with our partners BOMA and SIA to support such critical research in a rapidly developing but insufficiently understood field,” Sandra Cowie, CPP, director, global security and business continuity, principal, and 2018 ASIS Foundation president, said in the joint announcement. “Building automation invokes cutting-edge issues and technology such as the Internet of Things and advanced video analytics, as well as traditional concerns such as physical access control and proper procedures. The integrated whole undoubtedly poses challenges that are still emerging. This research is indispensable to helping our members get a handle on both the challenges and the opportunities of this fast-growing market.”

According to the report, the intelligent building market is growing 31 percent per year and is expected to exceed $59 billion by 2023. These systems are increasingly embedded into the contemporary built environment due to the demand for reduced operating costs, government regulation, and greater monitoring, control and operability. However, this growth comes with a substantial set of security vulnerabilities that many security and facility professionals have not accounted for. Importantly, the research finds a significant disconnect between security and facility professionals’ perceived understanding of intelligent building threats and risks versus actual dangers. In addition, the report revealed that a lack of common terminology and practices can result in misunderstandings and siloed views of associated security risks.

The report findings emphasize the need to:
•    Take a multidisciplinary proactive management approach to intelligent building vulnerability mitigation
•    Fuse multidisciplinary participants into an intelligent building security team

Additional findings include the recognition of intelligent building integrators and cybersecurity experts as partners who can help organizations better understand threats and risks and more effectively achieve intelligent building security.

“The research developed by the ASIS Foundation provides insights that should be leveraged by our members and the industry to better understand and identify vulnerabilities within intelligent building systems," Don Erickson, chief executive officer, SIA, said in a prepared statement. "An essential outcome from this project is the recommended guidance and checklist that will help security practitioners and security technology solutions providers work together to implement strategies to mitigate against potential risks.”
 

Nominations sought for first-ever SIA Progress Award

Award to recognize individual dedicated to the advancement of women in security
 - 
08/08/2018

SILVER SPRING, Md.—The Security Industry Association has opened nominations for the inaugural SIA Progress Award, an initiative sponsored by SIA’s Women in Security Forum.

SIA seeks nominations for 2018 George R. Lippert award

High honor recognizes service and leadership in the security industry
 - 
08/01/2018

SILVER SPRING, Md.—The Security Industry Association is now seeking nominations for the 2018 George R. Lippert Memorial Award, an honor presented annually to a distinguished individual for long-term, selfless service to the security industry and to SIA. The Lippert Award will be presented during SIA Honors Night on Wednesday, Nov. 14, in New York City. Nominations for 2018’s award are being accepted through Friday, Aug. 24.

SIA issues guidance on tariff exclusion process

 - 
Wednesday, July 25, 2018

The Security Industry Association (SIA) recently provided an update and info on the U.S. Trade Representative (USTR)’s announcement of a process to obtain product exclusions from Section 301 tariffs on $34 billion in Chinese goods imported to the United States. In effect as of Friday, July 6, an additional 25 percent tariff applies to 56 tariff subheadings identified by SIA as impacting security-related products.

USTR is now considering exclusion requests “to address situations that warrant excluding a particular product within a subheading, but not the tariff subheading as a whole.”

Since exclusions will be made on a product and not a company basis, exclusions will apply to all imports of the product regardless of whether the importer filed a request.

The exclusion process has the following important dates and features:

•    The public will have 90 days to file a request for a product exclusion; the request period will end on Tuesday, Oct. 9.
•    Following public posting of the filed request on regulations.gov, the public will have 14 days to file responses to the request for product exclusion. After the close of the 14-day response period, interested persons will have an additional 7 days to reply to any responses received in support of or opposition to the request.
•    Exclusions will be effective for one year upon the publication of the exclusion determination in the Federal Register and will apply retroactively to July 6.

In evaluating requests, USTR will consider whether:

•    A product is available from a source outside of China
•    The additional duties would cause severe economic harm to the requestor or other U.S. interests
•    The particular product is strategically important or related to Chinese industrial programs including “Made in China 2025”

SIA wants to ensure affected members review the official notice and are aware of the opportunity for an exclusion via regulations.gov. Additionally, SIA asks members to share any specific products covered within these categories “that they believe may qualify for exclusion and are important to the U.S. security industry, in order to assist us in analyzing this issue.”

Security Systems News is also looking at this topic in our News Poll this month, so please weigh in by voting and commenting.

 

Janet Fenner joins ISS as CMO

Formerly with Dahua, Fenner takes on newly created role at ISS
 - 
07/11/2018

WOODBRIDGE, N.J.—Seasoned and highly respected executive Janet Fenner, formerly with Dahua Technology U.S.A., was recently hired by Intelligent Security Systems to take on a newly created role as chief marketing officer.

SIA market index: Industry confidence begins to rebound

 - 
Tuesday, July 3, 2018

SIA recently released its July 2018 Security Market Index (SMI), which showed industry confidence rebounding after a slight drop in confidence in May.

“After a rocky spring, confidence within the security industry seems to be recovering slightly,” according to the report. “Improvement in a variety of areas, including product production, new product introductions and new orders, led to a July 2018 Security Market Index (SMI) of 65. Any index above 50 indicates that conditions within the industry are largely positive and that security industry professionals are largely confident in their business prospects. The May 2018 SMI was 55, and the March 2018 SMI was 72.”

Special focuses of the July 2018 edition of SMI include:
•    Confidence in the surveillance segment climbing, cautiously
•    Slowing growth for integrators
•    Access control professionals broadly positive moving into summer
•    Consultants holding steady, but with little improvement
•    A bonus feature on government spending and security

According to SIA, the majority of security professionals surveyed for the July 2018 SIA Security Market Index “are at least cautiously optimistic about the prospect of increased security spending this year as a result of the recently enacted Omnibus Appropriations Act. Nearly a quarter of SMI survey respondents were ‘very optimistic about increased spending.’”

Many SIA members cited the poor timing or late release of the FY18 federal budget as the cause for “less than ideal current business conditions” in May.

“After the Omnibus Appropriations Act was enacted, however, more projects and new orders started trickling down, said one video surveillance professional,” the report noted. “One security systems integrator noted, however, that ‘if we start a trade war, (mess) up the immigrant inflow and keep proposing up coal, we’ll not continue the economic growth.’”

Overall, most security professionals surveyed for the July 2018 SIA Security Market Index (surveyed between June 1 and June 15, 2018) consider current business conditions to be either “excellent” (45 percent) or “good” (35 percent).

The majority of security industry professionals surveyed for the July 2018 Security Market Index cited increases in the number of employees or hours worked, marketing spending, product production, new product introductions, product or service sales and new orders.

For capital equipment spending, most (52 percent) said rates were remaining the same, but 48% said spending was increasing, which is improvement compared with May 2018, when only 34 percent were seeing increased capital equipment spending and 12 percent cited decreases.

For security systems integrators only 29 percent consider current business conditions to be “excellent,” compared with 45 percent of the SMI overall. A further 43 percent consider current conditions “good,” but 28 percent believe current conditions are either “average” or “fair.”

Overall, the integrator-specific Index for July 2018 is 59, down three points from its May 2018 level of 62.
   
Over the next three months, most integrators believe business conditions will be either “much better” (29 percent) or “a little better” (57 percent). This is a little more optimistic than the outlook from June 2017, when only 14 percent of integrators expected conditions over the next quarter to be “much better,” with 71 percent expecting “a little better” conditions.

Click here for the full report, including details on increasing confidence in the surveillance and access control segments, as well as info on security consultants, 75 percent of whom consider current business conditions as “excellent.”
 

Keynote speakers announced for Cyber:Secured forum

Leaders from U.S. Attorney’s Office to discuss cybercrime trends
 - 
05/07/2018

DENVER—The Security Industry Association, PSA Security Network and ISC Security Events have announced the keynote speakers for the upcoming Cyber:Secured Forum—an event centered on how to improve and maintain the cybersecurity of integrated solutions and physical security systems.

Pages