ConnectWise, the provider of intelligent software and expert services for technology solution providers (TSPs), has released the findings of the second annual ConnectWise SMB State of Cybersecurity report.
The year 2020’s study was conducted between June and July 2020 and surveyed over 700 IT and business decision makers in the US, the UK, Canada, Australia and New Zealand. A few major findings from the report include:
91% of SMBs said they would consider using or moving to a new IT service provider if it offered the “right” cybersecurity solution
68% of respondents said the “right” offering means having confidence in an MSP’s ability to respond to security incidents, while 58% stated it’s having confidence in an MSP’s ability to minimize damage or loss
Three-quarters of the respondents worried they will be the target of an attack in the next six months
Over half of SMBs surveyed (52%) agree they lack the in-house skills necessary to properly deal with security issues, and 49% of SMBs find more cybersecurity expertise as an added benefit of working with an MSP
Only 13% of SMBs are having regular cybersecurity-related conversations with their MSP and 29% of SMBs talk to their MSP about cybersecurity only after they have suffered an incident
Although COVID-19 did not significantly impact respondents’ views on cybersecurity, the pandemic has raised new concerns for SMBs, with 79% of respondents worrying about their remote devices or remote employees being breached.
Check Point® Software Technologies Ltd., a provider of cyber security solutions globally, announces the acquisition of a new cloud-based technology that delivers secure remote access created by Odo Security.
This technology will integrate with Check Point´s Infinity architecture, and become the easiest and most secure solution for enterprises need to enable employees´ secure remote access to any application. The COVID-19 pandemic has driven enterprise adoption of mass remote working for their global workforces, from 30% before the pandemic to 81%.
Threat prevention services
Seventy-four percent plan to enable large-scale remote working permanently. However, many organizations overlooked critical aspects of security in the race to enable remote working, which significantly increased their exposure to cyber-attacks. Now more than ever, organizations need to secure remote connectivity anytime, anywhere to any resource.
Many organizations find themselves compromising security in order to deliver the connectivity required"
“Many organizations find themselves compromising security in order to deliver the connectivity required by their business needs,” said Dr. Dorit Dor, VP of Products, Check Point Software Technologies. “By incorporating Odo Security’s unique clientless, cloud-delivered secure remote access to our portfolio of threat prevention services, we help organizations overcome this dilemma. Check Point delivers a consolidated solution to help organizations to securely connect any number of remote employees to everything, from any location, making working from home easier and safer than ever.”
Secure access service edge technology
Odo Security, an Israeli start-up founded in 2017, developed a cloud-based, clientless secure access service edge (SASE) technology that delivers secure remote access. Unlike traditional secure remote access solutions, this technology enables:
Users to easily connect through a unified portal to a wide range of applications, such as remote desktops, web applications, database servers, cloud and corporate servers, with no client or software installation.
Security administrators to easily deploy the solution in less than five minutes from the cloud. They also gain enhanced visibility including full audit trail of user activity.
Zero Trust Architecture to define granular access policy to give the right people in the right context, the least privileged access to applications and reduce the attack surface.
Check Point will integrate Odo Security’s technology into its Infinity architecture and SASE vision. This consolidated solution will deliver the easiest secure remote access with unmatched security, based on NSS top-rated threat prevention security services. The transaction is expected to be closed within a week.
Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd, a provider of cyber security solutions globally, publishes its latest Global Threat Index for August 2020.
Researchers found that the Qbot trojan, also known as Qakbot and Pinkslipbot, has entered the top ten malware index for the first time, ranking as the 10th most prevalent malware in August, while the Emotet trojan remains in 1st place for a second month, impacting 14% of organizations globally.
Ransomware installation techniques
First seen in 2008, Qbot has been continually developed and now uses sophisticated credentials theft and ransomware installation techniques, making it the malware equivalent of a Swiss Army knife according to researchers. Qbot now also has a dangerous new feature: a specialized email collector module which extracts email threads from the victim’s Outlook client and uploads them to an external remote server.
This enables Qbot to hijack legitimate email conversations from infected users
This enables Qbot to hijack legitimate email conversations from infected users, and then spam itself out using those hijacked emails to increase its chances of tricking other users into getting infected. Qbot can also enable unauthorized banking transactions, by allowing its controller to connect to the victim's computer.
Active malspam campaigns
Check Point’s researchers found several campaigns using Qbot’s new strain between March and August 2020, which included Qbot being distributed by the Emotet trojan. This campaign impacted 5% of organizations globally in July 2020.
“Threat actors are always looking at ways to update existing, proven forms of malware and they have clearly been investing heavily in Qbot’s development to enable data theft on a massive scale from organizations and individuals. We have seen active malspam campaigns distributing Qbot directly, as well as the use of third-party infection infrastructures like Emotet's to spread the threat even further.”
This month Emotet remains the most popular malware with a global impact of 14% of organizations
“Businesses should look at deploying anti-malware solutions that can prevent such content reaching end-users and advise employees to be cautious when opening emails, even when they appear to be from a trusted source,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point.
The research team also warns that ‘Web Server Exposed Git Repository Information Disclosure’ is the most common exploited vulnerability, impacting 47% of organizations globally, followed by ‘MVPower DVR Remote Code Execution’ which impacted 43% of organizations worldwide. ‘Dasan GPON Router Authentication Bypass (CVE-2018-10561)’ is in third place, with a global impact of 37%. This month Emotet remains the most popular malware with a global impact of 14% of organizations, closely followed by Agent Tesla and Formbook affecting 3% of organizations each.
Maintaining persistence and evasion techniques
↔ Emotet – Emotet is an advanced, self-propagating and modular Trojan. Emotet was originally a banking Trojan, but recently is used as a distributor of other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.
↑ Agent Tesla - Agent Tesla is an advanced RAT functioning as a key logger and information stealer, capable of monitoring and collecting the victim's keyboard input, system clipboard, taking screenshots, and exfiltrating credentials belonging to of a variety of software installed on a victim's machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client).
↑ Formbook - Formbook is an Info Stealer that harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to its C&C orders.
Information disclosure vulnerability
A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request
This month ‘Web Server Exposed Git Repository Information Disclosure’ is the most common exploited vulnerability, impacting 47% of organizations globally, followed by ‘MVPower DVR Remote Code Execution’ which impacted 43% of organizations worldwide. ‘Dasan GPON Router Authentication Bypass (CVE-2018-10561)’ is in third place, with a global impact of 37%.
↑ Web Server Exposed Git Repository Information Disclosure – An information disclosure vulnerability that has been reported in Git Repository. Successful exploitation of this vulnerability could allow an unintentional disclosure of account information.
↓MVPower DVR Remote Code Execution - A remote code execution vulnerability that exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request.
↑ Dasan GPON Router Authentication Bypass (CVE-2018-10561) – An authentication bypass vulnerability that exists in Dasan GPON routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system.
Popular mobile malware
This month xHelper is the most popular mobile malware, followed by Necro and Hiddad.
xHelper – A malicious application seen in the wild since March 2019, used for downloading other malicious apps and display advertisements. The application can hide itself from the user, and reinstall itself in case it was uninstalled.
Necro – Necro is an Android Trojan Dropper. It can download other malware, showing intrusive ads and stealing money by charging paid subscriptions.
Hiddad - Hiddad is an Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database inspects over 2.5 billion websites and 500 million files daily, and identifies more than 250 million malware activities every day.
Egress, the provider of human layer data security solutions, released their 2020 Outbound Email Data Breach Report, which highlights the true scale of data security risks related to email use. 93% of IT leaders surveyed said that their organization had suffered data breaches through outbound email in the last 12 months. On average, the survey found, an email data breach happens approximately every 12 working hours.
Rising outbound email volumes due to COVID-19-related remote working and the digitization of manual processes are also contributing to escalating risk. 94% of respondents reported an increase in email traffic since the onset of COVID-19 and 70% believe that working remotely increases the risk of sensitive data being put at risk from outbound email data breaches.
The study, independently conducted by Arlington Research on behalf of Egress, interviewed 538 senior managers responsible for IT security in the UK and US across vertical sectors including financial services, healthcare, banking and legal.
Insights from the report
Key insights from respondents include:
93% had experienced data breaches via outbound email in the past 12 months
Organizations reported at least an average of 180 incidents per year when sensitive data was put at risk, equating to approximately one every 12 working hours
The most common breach types were replying to spear-phishing emails (80%); emails sent to the wrong recipients (80%); incorrect file attachments (80%)
62% rely on people-led reporting to identify outbound email data breaches
94% of surveyed organizations have seen outbound email volume increase during COVID-19. 68% say they have seen increases of between 26 and 75%
70% believe that remote working raises the risk of sensitive data being put at risk from outbound email data breaches
Root cause of breach incidents
In terms of the impact of the most serious breach incident, on an individual-level, employees received a formal warning
When asked to identify the root cause of their organization’s most serious breach incident in the past year, the most common factor was “an employee being tired or stressed”. The second most cited factor was “remote working”.
In terms of the impact of the most serious breach incident, on an individual-level, employees received a formal warning in 46% of incidents, were fired in 27% and legal action was brought against them in 28%.
At an organizational-level, 33% said it had caused financial damage and more than one-quarter said it had led to an investigation by a regulatory body.
Traditional email security tools
In one-third of the most serious breaches suffered, employees had not made use of the technology provided
The research also found that 16% of those surveyed had no technology in place to protect data shared by outbound email. Where technology was deployed, its adoption was patchy: 38% have Data Loss Prevention (DLP) tools in place, while 44% have message level encryption and 45% have password protection for sensitive documents.
However, the study also found that, in one-third of the most serious breaches suffered, employees had not made use of the technology provided to prevent the breach.
Outbound email security risks mitigation
Organisations need technologies, like machine learning, to create a contextual understanding of individual users"
Egress CEO Tony Pepper comments: “Unfortunately, legacy email security tools and the native controls within email environments, such as Outlook for Microsoft 365, are unable to mitigate the outbound email security risks that modern organizations face today. They rely on static rules or user-led decisions and are unable to learn from individual employees’ behavior patterns. This means they can’t detect any abnormal changes that put data at risk – such as Outlook autocomplete suggesting the wrong recipient and a tired employee adding them to an email.”
“This problem is only going to get worse with increased remote working and higher email volumes creating prime conditions for outbound email data breaches of a type that traditional DLP tools simply cannot handle. Instead, organizations need intelligent technologies, like machine learning, to create a contextual understanding of individual users that spots errors such as wrong recipients, incorrect file attachments or responses to phishing emails, and alerts the user before they make a mistake.”
Reporting of outbound email data breach
When an outbound email data breach happens, IT leaders were most likely to find out about it from employees
Organizations still cannot paint a full picture of the risks, relying on people-led reporting to identify email breaches, despite severe repercussions
When an outbound email data breach happens, IT leaders were most likely to find out about it from employees. 20% said they would be alerted by the email recipient, 18% felt another employee would report it, while 24% said the employee who sent the email would disclose their error.
However, given the penalties that respondents said were in place for employees who cause a breach, it is not guaranteed that they will be keen to own up, especially if the incident is serious. 46% said that the employee who caused a breach was given a formal warning, while legal action was taken in 28% of cases. In 27% of serious breach cases, respondents said the employee responsible was fired.
Safeguard both employees and data
Tony Pepper comments: “Relying on tired, stressed employees to notice a mistake and then report themselves or a colleague when a breach happens is unrealistic, especially given the repercussions they will face. With all the factors at play in people-led data breach reporting, we often find organizations are experiencing 10 times the number of incidents than their aware of."
"It’s imperative that we build a culture where workers are supported and protected against outbound email breach risk with technology that adapts to the pressures they face and stops them from making simple mistakes in the first place. As workers get used to more regular remote working and reliance on email continues to grow, organizations need to step up to safeguard both employees and data from rising breach risk.”
IP cameras for video surveillance has been a trending topic amongst enterprises across the world due to rising concerns for security and safety. IP CCTV cameras are revolutionizing security measures, and technology has evolved to allow for a more diverse security monitoring system through high resolution, larger digital storage options and compatibility for integrated analytical software.
According to Global CCTV Market Forecast 2022, analysts expect the market for global CCTV to grow at a CAGR of around 11% during 2018-2022.
Clearly, a successful hack of an enterprise security camera system could lead to a range of implications. Amongst the main ones is unauthorized access to video and audio streams of data, as well as to the archive, violation of confidentiality, HIPPA, PII and potential leaks of personal and corporate information, possible copying, unauthorized distribution and duplication of such data.
“Most Enterprise video surveillance systems are vulnerable to hackers. According to our studies, more than half of companies and organizations, both large and small, do not take sufficient precautions when it comes to preventing their security cameras from being hacked. Be it ignorance or just careless approach to security of their network in general, the results of hacking can be disastrous,” says Chris Ciabarra, the CTO and co-founder of Athena Security.
With the increasing number of surveillance cameras installed in homes, offices and public places, hacking incidents related to these devices happen more and more often.
The ease of hacking surveillance cameras
It’s not a secret that surveillance cameras, like many other Internet of things (IoT) devices, are full of vulnerabilities that can be exploited by hackers.
A hacker can find hundreds of potentially vulnerable IoT devices to hack into
Cameras, just like all other devices connected to the Internet, have IP addresses that are easy to find using Shodan, a search engine for Internet-connected devices. With this simple tool, a hacker can find hundreds of potentially vulnerable IoT devices to hack into, including cameras, especially when most companies use default passwords.
Below are basic recommendations on how to protect your camera network, and what actions you should take to minimize the chance of hacking.
Change the default username and password
You should start by changing the default password and username of your camera network. Even though this may seem obvious, not everyone does it, practically leaving the door for hackers wide open.
Use a strong password that is hard to guess. When setting up the password use numbers, symbols, both uppercase and lowercase letters. Do not use simple and commonly used passwords, such as the ones in SplashData's list of 100 worst passwords of the year.
Do not use the same password you are already using for other online accounts. According to a recent survey on data privacy conducted in May 2019, 13% of respondents with at least one online account say they use the same password for all their accounts. Using a password manager to generate a strong random password may be a good idea.
Update your camera firmware regularly
Keeping cameras firmware up-to-date is very important as it allows you to prevent hackers from exploiting vulnerabilities and bugs that are already patched by manufacturers in a new firmware update.
Despite the fact that most modern cameras will automatically download and install firmware updates, some require the user to check for updates and install them.
Set up two-factor authentication
Set up the two-factor authentication if your cameras support it. With two-factor authentication on, the camera manufacturer will send you a randomly generated passcode via text message or phone call, as an addition to username and password, during each log in to the account. Two-factor authentication prevents hackers from accessing the camera system even if they were able to crack username and password.
Not all surveillance camera systems support two-factor authentication, though.
Prevent cameras from sending information to third parties
Companies that use surveillance cameras very often do not put enough effort into protecting their cameras and the data they transmit, despite the fact that this footage is of great importance to many people.
The firmware of most cameras from different manufacturers is programmed in a way to keep a connection with the manufacturer’s server without knowledge of the end-user. Most users, both private and corporate, are not aware of this and therefore do not take any steps to protect themselves from this potential vulnerability, which could result in footage leak to a third party or a successful hacker attack.
To prevent your camera network from transmitting, the following steps should be taken.
Step 1: Statically assign an IP address
Statically assign IP address for each camera, subnet mask and leave gateway blank or 127.0.0.1, if this is allowed in gateway fields to be entered. If the firmware does not allow blank or 127 subnets, just point gateway to an unused dedicated IP address.
This way, cameras will not be able to send the information off the local company network.
Step 2: Assign DNS servers
Assign DNS servers that are local to cameras and force only your domain to be present with zero forwarding DNS servers.
This way, if a camera tries to do name resolution, it will come up blank. Not being able to find the IP address of the main server (mother ship), cameras won’t be able to connect to it.
To stay safe you can order your own DNS servers, locked down to your addresses only.
Block your camera network’s access to the Internet
Blocking your camera network’s access to the Internet is a good way to make sure hackers won’t be able to get access to the footage and other confidential data. Any dual-homed system touching your camera network should be blocked from Internet access. This way all systems in the same subnet won’t have access to the Internet from that box.
Always use DNS because firewall rules tend to be easy to hack, while DNS that is internal is not expected and stops systems from resolving names you do not wish to be translated, like talking back to the mothership of a bad program.
Monitor your system for traffic spikes
One of the tricky things about hacker attacks is that there are no warnings. In most cases hackers would penetrate your system without any signs or symptoms of an attack, and it isn’t until you face consequences (like leaked footage or hackers manipulating cameras) when you realize something is wrong. It may be days or even months between the hacker attack and the time you realize the system has been compromised.
Monitoring dual-homed systems for bandwidth spikes could be a good way to spot a hack resulting in the leakage of confidential data like images or video. There are a number of traffic monitoring tools available to private and corporate users that can manage and sniff the network or just monitor them.
Facial blur in archived footage
Blurring people’s faces when archiving in surveillance camera video streams is a great tool, allowing you to comply with privacy laws and make the footage useless to hackers even if they manage to successfully hack your system.
These recommendations will allow you to lower the risk of hackers breaking into your security camera network, detect the hack if it has occurred already, and to protect yourself from possible consequences if camera footage was stolen.
The modern working world has evolved dramatically over the last few decades - from how and when we work, to the places we work from. Widespread internet connection advances, alongside the growth of cloud-based shared working platforms, have not only created the possibility for increasingly flexible working arrangements, but also fueled a desire to do so – particularly among millennials.
The preference for flexible working has now created a widespread need for more agile workforces, saddling IT departments around the world with the task to maintain ‘business as usual’ without compromising corporate privacy.
With flexible working forecasted to stay for the long haul and passwords increasingly under scrutiny, evaluating alternative secure authentication methods to keep companies’ data and networks safe is important to protect these ‘new normal’ ways of working.
The end of the humble password?
A recent report by Raconteur found that the most common method of authentication for securing the digital aspects of workplaces is passwords.
Unfortunately, however, between phishing, hacking and simple guesswork, passwords are easily compromised – a problem that is only getting worse, with IT professionals reporting an increase in phishing attacks in the last few years. Once compromised, passwords can be used to enter untrusted apps or websites and, worst and most commonly of all, give rise to even greater data breaches.
Between phishing, hacking and simple guesswork, passwords are easily compromised
Alongside security concerns, 6 in 10 people worry about forgetting their passwords and, according to a recent Balbix study, 99% of people reuse the same password across different work accounts. This, undoubtedly, is a side effect of the increasingly complex character requirements implemented by many enterprises. This stress and effort leads to frustrated employees, but, more worryingly, forgotten passwords can also cost IT departments millions of dollars a year.
In our flexible, hyper-connected world, it is clear then that the humble password is no longer effective. Additional or alternative layers of authentication are needed to help enterprises maintain their workplace security in a more convenient and cost-effective way.
Smarter workplace authentication with biometrics
Often, hacking incidents involve the use of stolen credentials. One authentication solution that could bring an end to these large-scale hacking attacks is biometrics, as unique biological traits are extremely hard to steal and spoof.
In addition to being a more secure method to authenticate users and prevent fraud in companies’ networks, it is also possible to layer biometric modalities to create a highly convenient and secure multi-modal authentication solution for sensitive areas or information. Spoofing two biometric modalities, such as fingerprint and iris, in the same attack is virtually impossible, but that doesn’t mean this level of security needs to impair the UX. After all, you can put your finger on a touch sensor, while at the same time glancing at a sensor.
For businesses, biometrics can be used in a wide variety of use cases, from securing laptops and applications to authenticating employees at secured access and entry points. It can also be used to add frictionless layers of additional security to any aspect of current security systems, such as key fobs or USB sticks, or to access personalized settings or employee accounts when using shared devices, such as a printer system. This way, beyond playing a role in securing the modern workplace, biometrics can also give employees greater flexibility and convenience over how, when and where they work.
Privacy and biometrics - explained
Many employers and employees worry about safeguarding privacy in the workplace. Considering biometric data is highly personal, it is no wonder, then, that many are concerned about collecting this data for the purpose of workplace security and what liabilities this may expose them to.
For businesses, biometrics can be used in a wide variety of use cases, from securing laptops and applications to authenticating employees
Employers must adhere to the relevant workplace privacy laws, such Europe’s GDPR, and this duty extends to biometrics, of course. But, providing biometrics is implemented in line with best practice, it can actually protect employees’ privacy far more effectively than its predecessor, passwords.
When employers use an on-device approach, their employees can rest assured no one will be able to access or steal their biometric data, as all biometric data is stored and processed on the device - whether that is a laptop, smartphone, USB stick or key fob. Removing the need for data to ever enter the cloud, this also removes the technical and legal complexities of managing a biometric database and, if a key fob is lost for example, all parties can rest assured there is no chance of anyone else being able to use it. A win-win.
Precisely because biometric data is so difficult to steal and spoof, adding biometric authentication to end-point devices can considerably reduce data breaches to keep both sensitive employee and corporate data safe and secure.
Reimagining workplace security
As people work more flexibly, systems are shared more frequently, and attacks get smarter, it is clear to see that passwords alone are no longer enough to secure the modern-day workplace.
Adding biometric authentication to end-point devices can considerably reduce data breaches
Now is the time to reassess the physical and logical access control infrastructure. To keep personal and corporate data safe, it is crucial to add new and additional authentication methods to the security infrastructure. Luckily, the benefits of biometrics are often far simpler to realize than many enterprises imagine.
The beauty of biometrics is its combination of both security and convenience. Compared to other forms of authentication, biometrics offers considerably stronger protection and an enhanced UX that can easily be integrated into existing enterprise security infrastructure – without the need for huge biometric databases to manage or fear.
So, whether to replace outdated passwords or as part of a multi-modal authentication system, biometrics can play an important role in pushing workplace security into a new era for both physical and logical access control.
COVID-19 has been a thorn in the side of countless companies within the security industry and far beyond. Here, we speak with Richard Huison, Regional General Manager for the UK and Europe at Gallagher Security, who summises his personal experience from these recent months and how Gallagher has adapted in the face of pandemic-induced adversity.
How has the COVID-19 crisis impacted Gallagher on a day-to-day basis?
Gallagher was actually well placed as a result of work already in progress with a number of visionaries and innovators within our business, such as our CIO Neville Richardson. They are determined to put the business on the front foot, making it more digital and proactive in delivering high speed change and we had already been migrating to Microsoft Teams before COVID-19 first reared its ugly head. It’s part of our philosophy to make our business and the solutions we create as stable, reliable and resilient as possible.
Gallagher has adapted to the new way of operating fairly seamlessly, while still working alongside the evolving guidance from governments around the world
It means Gallagher has adapted to the new way of operating fairly seamlessly, while still working alongside the evolving guidance from governments around the world. When lockdown was imposed, we set about prioritising our clients’ needs and delivering on our commitments as a critical supplier. The Gallagher leadership team quickly rolled out the means to stay connected, positive and safe as each region went into isolation. Effective communication, both internally and externally, has always been a critical success factor for our business. That hasn’t changed with the more remote and virtual nature of our communication now and, if anything, it’s even more important both for business continuity and for the personal wellbeing of each and every one of our colleagues.
We’ve quickly adapted to this new way of working and have even become quite adept at recognizing people’s contributions and acknowledging a job well done in new ways, such as using the emojis on Microsoft Teams.
Perhaps the most striking example of this is our new European marketing manager Bethan Thompson, who joined Gallagher on 1 April, little over a week after lockdown was imposed in the UK. She has enjoyed the richest and most comprehensive introduction to the business from the safety of her own home armed with just a laptop and Teams.
What can be the benefits of having employees working from home?
There are many benefits of working remotely with productivity right up the top of the list. By reducing the unproductive time spent commuting and traveling to meetings, we are able to get much more done in a day. Add to this the reduction in stress and improved work-life balance and it makes for an impressive formula of happier, healthier and more motivated colleagues. And it’s still easy to measure results no matter where someone is working.
We’ve quickly adapted to this new way of working and have even become quite adept at recognizing people’s contributions and acknowledging a job well done
To be honest, before COVID, we didn’t disconnect enough, close the laptop, switch off our technology and allow ourselves NOT to respond instantly. But trust is an integral part of our culture at Gallagher and we can easily and effectively continue to champion the right balance and support for the team moving forward.
How can employees ensure they keep a healthy work/life balance?
Working from home can require some personal discipline around taking regular breaks and disconnecting from technology. I encourage all my colleagues to stay active and get regular exercise during the day. Taking time out allows you to process ideas with greater clarity, to be more creative, to plan your day and use your time more effectively – all of which is part of achieving that balance.
And it’s important that we do switch off and close our laptop at the end of the day, which requires some discipline when you work for a business headquartered in New Zealand, where they are 11 hours ahead.
It’s good to cultivate hobbies and welcome distractions that you are passionate about, to switch off from work more effectively. Personally, I love to be outside on a long dog walk with no technology. It’s liberating.
Are you seeing that businesses are already beginning to think differently about their security?
We have to remember why security is important. We all have a different view on how we should maintain business continuity. Yes, properties need a reliable detection and defense solution to resist the opportunist. With the mass migration to work remotely, business leaders are concerned that their IT systems are vulnerable to attack and we read daily about the growth in cyber-attacks. It’s common sense to protect your business with a suitable access control and intrusion detection system and the pandemic has proven to business the value of being truly resilient and able to still operate whatever circumstances ensue.
What will be the biggest security challenges facing businesses over the next six months?
In that timeframe, I don’t see us returning to how things were prior to the pandemic, so businesses will have to adapt to a new normal. We will have to adopt a more holistic view of security, encompassing safety, security and wellbeing, with our teams at the heart of that. In the new world, how can we maintain our teams’ safety at home, or limit them to certain floor space or introduce rotas for office attendance and keep surfaces virus free while they’re there? We need to be alert to where the next threat will come from and mitigate risk against both cyber and biological threat as we’ve seen a virus in either domain can be devastating.
How is Gallagher meeting the evolving demands of the market?
To be honest, Gallagher has always been ahead of the curve. We’ve been talking about competencies, compliance and resilience for decades, long before cyber became the buzzword. Everything we do is related to business resilience and continuity and security is baked in to our products and solutions at source, providing confidence and reliability for all of our customers.
Within days, a rule will take effect that bans from U.S. government contracts any companies that “use” video products from Chinese companies Hikvision and Dahua. The Federal Acquisition Regulation (FAR) rule implements the “blacklist” (or “Part B”) provision of the National Defense Authorization Act (NDAA), which is understood in the security industry as prohibiting dealers and integrators that do business with the federal government from selling Chinese-made video products to any of their customers (even for non-government projects).
The rule, which is officially still interim, states: “On or after August 13, 2020, [federal] agencies are prohibited from entering into a contract, or extending or renewing a contract, with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”
Within days, a rule will take effect that bans U.S. government contracts any companies that “use” video products from Chinese companies Hikvision and DahuaFederal agencies issuing the rule are the Department of Defense (DoD), the General Services Administration (GSA) and the National Aeronautics and Space Administration (NASA). GSA provides centralized procurement for the federal government.
Because the COVID-13 crisis delayed issuance of the rule, the usual 60 days will not be allowed for public comment before the rule is implemented. However, public comments are welcome and will be addressed in subsequent rulemaking.
“Telecommunications equipment” refers to equipment or services provided by Huawei Technology or ZTE Corp, both Chinese telecommunications giants. The rule also specifies that it applies to “certain video surveillance products or telecommunications equipment and services produced or provided by Hytera Communications Corp., Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of those entities).” Hytera is a Chinese manufacturer of radio systems. Hikvision and Dahua are major international manufacturers of video surveillance equipment.
Limits and prohibitions
The rule states: “This prohibition applies to the use of … equipment or services, regardless of whether that use is in performance of work under a Federal contract.” In the industry, this clause is taken to mean that integrators that “use” any of the covered equipment are prohibited from selling to the government. “Use” presumably covers an integrator deploying the equipment in their own facilities and/or selling it to other customers. The rule also prohibits “service … related to item maintenance,” which in the case of a security integrator would include providing service contracts on previously installed systems.
Security Industry Association (SIA)
The Security Industry Association (SIA) comments: “Due to applicability [of the rule] to uses by entities with federal contracts even unrelated to their federal work, this broad interpretation is expected to have widespread impact on the contracting community across many sectors, as covered video surveillance equipment is some of the most commonly used in the commercial sector in the United States.”
Security integrators that do business with the federal government have largely anticipated the new rule and already switched their Chinese camera lines for NDAA-compliant competitors. However, as SIA points out, extensive common uses of the Chinese equipment in various commercial sectors raises additional concerns.
Easing compliance burdens
The interim rule adopts a “reasonable inquiry” standard when an offeror (government contractor) represents whether it uses covered equipment. “A reasonable As SIA points out, extensive common uses of the Chinese equipment in various commercial sectors raises additional concerns. inquiry is an inquiry designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity. A reasonable inquiry need not include an internal or third-party audit.” SIA notes that this provision may be aimed at easing the compliance burden by suggesting that contractors only need to inquire based on what information they already possess.
The new rule covers Paragraph (a)(1)(B), which has informally been referred to as the “blacklist” provision of the NDAA, the John S. McCain National Defense Authorization Act for fiscal year 2019. However, the “Chinese ban” provision [Paragraph (a)(1)(A)] already went into effect a year after the law was signed by President Trump (August 13, 2018). “Part A” covers use of Chinese-made products in fulfilling government contracts.
A growing threat
Seeking to justify the new restrictions, the FAR rule states: “Foreign intelligence actors are employing innovative combinations of traditional spying, economic espionage, and supply chain and cyber operations to gain access to critical infrastructure and steal sensitive information and industrial secrets. The exploitation of “Telecommunications equipment” refers to equipment or services provided by Huawei Technology or ZTE Corp, both Chinese telecommunications giantskey supply chains by foreign adversaries represents a complex and growing threat to strategically important U.S. economic sectors and critical infrastructure.”
SIA has urged a delay in implementing the “Part B” provision, stating: “The federal government estimates that it will cost contractors well over $80 billion to fully implement this prohibition on the use of certain Chinese telecommunications and video surveillance equipment, yet endless delays in publishing the rule now mean that federal suppliers have just weeks to understand and comply with the new rule, which raises as many questions as it answers.”
SIA continues: “Federal suppliers across a wide range of industries have increasingly concluded that Part B is unworkable without clarification of the scope and meaning of key terms in the provision, which the rule does not do enough to define. For example, Part B bans agencies from contracting with a provider that “uses” any covered equipment or service. This term is not clearly defined in law or regulation, yet contractors must certify compliance beginning Aug. 13, 2020.”
The Part B rule, which only applies to prime contractors, enables agency heads to grant a one-time waiver on a case-by-case basis, expiring before Aug. 13, 2022.
The global pandemic caused by the novel coronavirus is changing work environments to an unprecedented degree. More employees than ever are being asked to work remotely from home. Along with the new work practices comes a variety of security challenges.
Without the proper precautions, working from home could become a cybersecurity nightmare, says Purdue University professor Marcus Rogers. “Criminals will use the crisis to scam people for money, account information and more,” he says. “With more people working from home, people need to make sure they are practicing good cybersecurity hygiene, just like they would at work. There is also a big risk that infrastructures will become overwhelmed, resulting in communication outages, both internet and cell.”
Concerns about the coronavirus have increased the business world’s dependence on teleworking. According to Cisco Systems, WebEx meeting traffic connecting Chinese users to global workplaces has increased by a factor of 22 since the outbreak began. Traffic in other countries is up 400% or more, and specialist video conferencing businesses have seen a near doubling in share value (as the rest of the stock market shrinks).
Basic email security has remained unchanged for 30 years
Email is a core element of business communications, yet basic email security has remained unchanged for 30 years. Many smaller businesses are likely to still be using outdated Simple Mail Transfer Protocol (SMTP) when sending and receiving email. “The default state of all email services is unencrypted, unsecure and open to attack, putting crucial information at risk,” says Paul Holland, CEO of secure email systems provider Beyond Encryption.
“With remote working a likely outcome for many of us in the coming weeks, the security and reliability of our electronic communication will be a high priority,” says Holland. The company’s Mailock system allows employees to work from any device at home or in the office without concerns about data compromise or cybersecurity issues.
Acting quickly and effectively
As the virus spreads, businesses and organizations will need to act quickly to establish relevant communication with their employees, partners and customers surrounding key coronavirus messages, says Heinan Landa, CEO and Founder of IT services firm Optimal Networks. Employers should also enact proper security training to make sure everyone is up to speed with what’s happening and can report any suspicious online activity.
Reviewing and updating telework policies to allow people to work from home will also provide flexibility for medical care for employees and their families as needed.
Scammers, phishing, and fraud
An additional factor in the confusing environment created by the coronavirus is growth in phishing emails and creation of domains for fraud. Phishing is an attempt to fraudulently obtain sensitive information such as passwords or credit card information by disguising oneself as a trusted entity. Landa says homebound workers should understand that phishing can come from a text, a phone call, or an email. “Be wary of any form of communication that requires you to click on a link, download an attachment, or provide any kind of personal information,” says Landa.
Homebound workers should understand that phishing can come from a text, a phone call, or an email
Email scammers often try to elicit a sense of fear and urgency in their victims – emotions that are more common in the climate of a global pandemic. Attackers may disseminate malicious links and PDFs that claim to contain information on how to protect oneself from the spread of the disease, says Landa.
Ron Culler, Senior Director of Technology and Solutions at ADT Cybersecurity, offers some cyber and home security tips for remote workers and their employers:
When working from home, workers should treat their home security just as they would if working from the office. This includes arming their home security system and leveraging smart home devices such as outdoor and doorbell cameras and motion detectors. More than 88% of burglaries happen in residential areas.
When possible, it’s best to use work laptops instead of personal equipment, which may not have adequate antivirus software and monitoring systems in place. Workers should adhere to corporate-approved protocols, hardware and software, from firewalls to VPNs.
Keep data on corporate systems and channels, whether it’s over email or in the cloud. The cyber-protections that employees depended on in the office might not carry over to an at-home work environment.
Schedule more video conferences to keep communication flowing in a controlled, private environment.
Avoid public WiFi networks, which are not secure and run the risk of remote eavesdropping and hacking by third parties.
In addition to work-from-home strategies, companies should consider ways to ensure business cyber-resilience and continuity, says Tim Rawlins, Director and Senior Adviser for risk mitigation firm NCC Group. “Given that cyber-resilience always relies on people, process and technology, you really need to consider these three elements,” he says. “And your plan will need to be adaptable as the situation can change very quickly.”
Employees and their employers
Self-isolation and enforced quarantine can impact both office staff and business travelers
Self-isolation and enforced quarantine can impact both office staff and business travelers, and the situation can change rapidly as the virus spreads, says Rawlins.
Employees should be cautious about being overseen or overheard outside of work environments when working on sensitive matters. The physical security of a laptop or other equipment is paramount. “It’s also important to look at how material is going to be backed up if it’s not connected to the office network while working offline,” says Rawlins.
It’s also a good time to test the internal contact plan or “call tree” to ensure messages get through to everyone at the right time, he adds.
HID Global is introducing a new “flagship” line of access control readers as successors to the iCLASS line. The new HID Signo readers will support 15 different credentialing formats and communicate using the latest NFC (near field communication), BLE (Bluetooth Low Energy) and OSDP (Open Supervised Device Protocol) standards. HID Global says the new readers will simplify integration to more secure and mobile credentials.
HID Global has invested in a “future-proof” approach that both accommodates a variety of current market needs and can adapt to embrace new technologies as they come onto the market. The new line incorporates “all the hardware you need,” combining the capabilities of older generations of readers into a single product.
Simplifying the choice of readers
The new reader line seeks to simplify the choice of readers in a time when a variety of trends is complicating the access control market, from cloud systems to mobile access to identity management.
“We are simplifying the way we bring our products to market, and baking it all into our readers,” says Harm Radstaak, HID Global Vice President and Managing Director. “If an installer takes a reader out of the box and mounts it on the wall, it just works.”
We are simplifying the way we bring our products to market"
In designing the product, HID sought feedback from channel partners, installers, consultants and end users on how the new readers would function. In addition, the company sought advice from architects on the design of the product. Aesthetics and industrial design elements were a priority because they ideally reflect the quality and “promise” of how the product will perform.
Cybersecurity is another emphasis. The readers store cryptographic keys and process cryptographic operations on certified EAL6+ secure element hardware, and custom authentication keys can be used for organizations who prefer that level of control. EAL6+ certification is a designation of the Evaluation Assurance Level of an IT product or system (the highest score is EAL7). Signo also includes a velocity checking feature designed to mitigate and thwart brute force attacks.
“The new Signo line is a continuation of the journey we have been on,” says Radstaak. “It is the natural succession of what we have been doing for years, and it underlines our position in the market.” By natively supporting mobile credentials, the new product line reinforces HID’s commitment to mobile systems, which the company first brought to market in 2014. Signo readers also include Enhanced Contactless polling to support mobile credentials in Apple Wallet.
Embracing the OSDP standard, which was created in 2008, also addresses the growing customer need for bi-directional, secure communications. There is built-in support for OSDP Secure Channel as well as legacy Wiegand communication for organizations seeking to transition.
Signo incorporates support for most credential technologies globally, including Seos, credentials with HID’s Secure Identity Object, and a variety of 125kHz legacy technologies such as Indala and Prox.
The flexibility and openness of Signo is a response to the acceleration of new technologies entering the access control market. “If you look at new technologies in general, our market has been slow in adopting them,” says Radstaak. “However, with new entrants in the market, new technologies, new device manufacturers and artificial intelligence (AI), I believe the market is adopting new technologies much faster than before. Users are much savvier.”
Administrators will be able to remotely configure and diagnose readers
Radstaak says he expects market adoption of the new readers will be fast. “Customers have been waiting for this platform,” he says. “This has been a tremendous investment for HID Global, and it underlines our position in the market with its open platform, simplicity and future-proofing. We are prepared for whatever comes next technology-wise.”
With Signo readers, administrators will be able to remotely configure and diagnose readers as well as monitor status through a centrally managed and connected reader ecosystem.
As a member of the FiRA Consortium, HID Global has advocated bringing new technology to market based on the “fine ranging” capabilities of ultra-wideband (UWB) technology, which has applications in detection of the precise location or presence of a connected device or object. It’s the kind of technology that Signo platform’s “future-proofing” approach is geared to accommodate. “As the capability unfolds, we will be there to adapt,” says Radstaak.
Sonitrol, the globally renowned provider of verified electronic security solutions, has announced that CMS Corporation, an award-winning construction contractor, relies on one of Sonitrol’s newest offerings, Sonitrol Network Protection.
CMS Corporation’s scope of services encompasses new construction, renovations, fueling systems, and energy and sustainability projects for a wide range of commercial and federal government clients. The company’s projects are approximately 70% Federal and 30% civilian undertakings.
Upgrading network security
According to CSO Online, the average small business loss when a network has been breached is US$ 170,000
According to CSO Online, the average small business loss when a network has been breached is US$ 170,000. CMS Corporation’s management knew that they needed to upgrade their network security in an effective, comprehensive and cost-effective manner.
Matthew Wilson, Director of Information Technology at CMS Corporation, was impressed with Cisco’s reputation, and he was aware of their Cisco Meraki software. He chose Sonitrol Network Protection as the preferred network security solution because it offered a world-class solution provided by a known and trusted provider, Sonitrol.
SB/MBEs more vulnerable to cyber-attacks
The company, CMS Corporation’s Bargersville, Indiana Office is a two-story administrative space with a large workshop and fabrication area, and a large detached workshop/storage area. Small Business and Minority-Business Enterprises (SB/MBEs), like CMS Corporation, are particularly vulnerable to cyber-attacks, because their relatively small size means that they have a lower IT budget and resources.
Furthermore, with CMS Corporation’s large number of federal government contracts, effective cyber security is essential to the company’s continued growth and success.
Cybersecurity Maturity Model Certification compliance
Due to upcoming Cybersecurity Maturity Model Certification (CMMC) compliance, federal contractors are required to tighten their network security to protect Controlled Unclassified Information (CUI).
“Cisco Meraki products enable us to have proactive insight into our network activity to help ensure compliance with current and new federal regulations,” Matthew Wilson explained.
Sonitrol Network Protection
Wilson was attracted to Sonitrol Network Protection’s ease of deployment, auto mesh VPN and seamless scalability
Wilson was attracted to Sonitrol Network Protection’s ease of deployment, single pane of glass administration, auto mesh VPN, and seamless scalability. These features are powered by the Cisco Meraki products and solutions, installed by CMS Corporation, which include: MX68CW, MS120-8 FP switch, and four MR36 access points. They also have a handful of Z1 and Z3 devices in remote construction trailers that are able to support the software.
In addition to topline network protection from potentially daily cyber-attacks and ransom-ware attacks, Wilson and his colleagues are now learning post-deployment that Sonitrol Network Protection offers a host of additional security features and benefits.
Cisco Meraki and Sonitrol intregation
Wilson noted, “Cisco Meraki and Sonitrol are a winning combination and Sonitrol’s knowledgeable, courteous installation staff made the transition to our powerful, new network protection quick and easy.”
Sonitrol Network Protection, powered by Cisco Meraki, can protect any size company’s network, devices, and data from daily cyber-threats and attacks.
Firewall and intrusion protection
The solution provides firewall protection, intrusion protection and prevention, ransom-ware protection, anti-phishing, malicious file scanning and more, thereby protecting businesses from huge monetary and data losses. It is cloud-based and managed from a single dashboard GUI, making managing ones network easy.
Sonitrol Network Protection solution also provides robust business management tools: content/URL filtering, application-aware traffic control, guest WIFI access, analytics and heat mapping, and custom reporting options. The technology stays current with automatic firmware and security patches, and it works within a connected ecosystem, delivering security on Day 1 of implementation.
Global professional services provider Equiom has 14+ offices across the globe with more than 600 employees. In 2014, Equiom employed just 200 people across two offices in two jurisdictions and had ambitious plans to grow into a global business.
But while the business had plans to scale, its infrastructure was that of a small business and not able to support its ambitions. As such, the company undertook a review of its entire IT infrastructure, including the network, software, and servers, with a key focus on cybersecurity, to develop systems that could support the business’ growth strategy.
External vulnerability testing
Furthermore, Equiom believed its security had to be robust enough to provide peace of mind to regulators, investors, and shareholders. To address this challenge Equiom wanted to work with a specialist cybersecurity partner that could both help identify any weaknesses and vulnerabilities within the infrastructure and provide recommendations and training for improving its security posture.
Equiom selected SureCloud to provide services globally including cybersecurity penetration testing services
Following a competitive process Equiom selected SureCloud to provide services globally including cybersecurity penetration testing services, internal and external vulnerability testing and management, social engineering including simulated phishing exercises and simulated ransomware attacks and physical social engineering. All services were delivered as part of our Pentest-as-a-Service, which provides a centralized platform for managing of all elements of the projects, including Equiom’s vulnerability remediation program.
Stephen Roberts, Global Chief Information Officer for Equiom Group, commented: “SureCloud was the obvious choice as the team is extremely knowledgeable, and the company had invested heavily in its cloud-based platform to create a technical solution that is far more developed than anything else in the marketplace.”
“We felt working with SureCloud would enable us to provide a single snapshot of our security posture at any given time. Ultimately, the platform offered us the ability to simplify the overall management process, which was a key differentiator for us. SureCloud takes what is, in reality, a highly complex set of requirements and makes it as simple as possible.”
Accurately monitor progress
“Through centralization of all reports and data, including output from penetration tests, vulnerability scans and social engineering exercises, we have complete visibility over our infrastructure and can develop remediation action plans and accurately monitor progress in real time,” said Roberts.
SureCloud provides peace of mind to our stakeholders and customers"
“As we continue to grow, SureCloud provides peace of mind to our stakeholders and customers. When we compare new acquisitions to those parts of our business that have gone through the SureCloud process, we can see a very clear difference in the respective postures. This is a testament to SureCloud’s success in keeping our security posture in excellent health,” commented Roberts.
Overall security posture
“We have also worked with SureCloud to address additional challenges in the business. We are currently using its GDPR application, which feeds data back into the platform enabling us to assess our compliance status against our overall security posture. Now we have complete oversight of our infrastructure,” said Roberts.
“The fact that SureCloud is easy to use and highly scalable means that as we work to triple the size of the business over the next four years, we can do so while confidently relying on the platform to ensure that security is not compromised during that process. Through SureCloud we have raised our security posture to a level where our systems can help detect threats so that we can prevent attacks before they impact the business”, concluded Roberts.
ISONAS Inc., a globally renowned IP access control and hardware solutions provider, and part of the Allegion family of brands, has announced that the ISONAS Pure IP access control solution has been installed at a new flagship distribution center for Premier Packaging, an international packaging solutions company, with facilities in 14 locations nationwide.
ISONAS Pure IP access control
In the summer of 2018, Premier Packaging was looking to implement an access control system to help secure their brand-new 320,000-square-foot facility in Louisville, Kentucky. After working closely on a recent project with Orion Networks, a trusted IT infrastructure provider, Premier Packaging relied on their recommendation to implement a cutting-edge access control solution from ISONAS.
With no access control system in place at any of their 14 locations and a combination of office workers, support staff, truck drivers and warehouse employees entering and existing the building daily, a process to control access was a necessity.
Monitoring and tracking visitors to distribution center
A major challenge facing the new distribution center was truck drivers, who came into the facility, were not company employees. With on average 250 people coming in and out of the new facility in Kentucky daily, monitoring and tracking who those people were and if they belonged there was imperative.
They were also looking for the flexibility to manage the locking and unlocking of doors remotely, rather than having to rely on physical keys. “After comparing ISONAS to other access control systems out there, we knew that ISONAS was the right flexible access control solution to meet Premier Packaging’s security needs,” states Brock Jamison, VP and Director of Sales at Orion Networks.
ISONAS RC-04 reader-controllers installed
ISONAS Pure Access software was implemented to give the packaging company remote access capabilities
The initial project consisted of 18 ISONAS RC-04 reader-controllers installed at their new distribution center in Louisville. The RC-04 reader-controllers from ISONAS delivers advanced technical functionality with an easy installation process.
In addition to the ISONAS hardware, the ISONAS Pure Access software was implemented to give the packaging company remote access capabilities.
Pure Access, ISONAS’s industry-renowned software, is a cloud-based access control application that provides users the ability to manage their access control from anywhere at any time, on any device.
“We are extremely happy that our unique access control solution could help Premier Packaging improve safety and security at their new distribution center seamlessly,” states Jonathan Mooney, ISONAS Sales Leader.
ISONAS cloud-based platform
By using both the ISONAS hardware and software solution together, Premier Packaging was able to improve security and keep employees safe. With the ISONAS cloud-based platform, Premier now required all Louisville employees to enter the building using their ID badges to gain access.
If an employee was not in the database and verified, then access would be denied. Future plans include rolling out the ISONAS access control solution to additional buildings and possibly integrating it with other security systems.
With Razberi Monitor™, security professionals can securely and remotely monitor their physical security network during a time of social distancing. IT professionals can quickly review the cyber posture data in case of a cyber-breach. Razberi Monitor™ provides secure, remote visibility into the availability, performance, and cyber posture of servers, storage, cameras, and other networked security devices.
The tool simplifies the monitoring and support of a multi-site enterprise security system, predicts and prevents problems for security professionals while providing a centralized view that benefits both IT and Physical Security departments.
We have listened to the surveillance industry and created our software platform to enhance relationships"
According to Tom Galvin, Chief Product Officer, Razberi Technologies, "We have listened to the surveillance industry and created our software platform to enhance relationships and align Physical Security and IT departments. Razberi Monitor allows security professionals to be proactive by predicting problems."
Aligning network and surveillance departments
Razberi Monitor's software platform, paired with Razberi's video recording and switch appliances, has enabled Tropical Shipping to save on the cost of sending maintenance crews to check on potential issues in their US and Caribbean facilities.
"Our network is highly distributed across the US and Caribbean with up to 125 users viewing camera feeds at one time. Razberi Monitor has helped us increase our camera uptime assurance and align our network and surveillance departments," said Chad Nelson, Director of Security, Facilities and Cargo Compliance, Tropical Shipping. "They now have a clear view of all operations, and it puts me in the driver's seat to be able to provide specific alerts to each port remotely, quickly and more efficiently than sending a tech to troubleshoot."
Protecting the oil and gas market is key to a thriving economy. The list of security challenges for oil and gas requires the best technology solutions our industry has to offer, from physical barriers to video systems to cybersecurity. We asked this week’s Expert Panel Roundtable: What are the security challenges of the oil and gas market?
We are all more aware than ever of the need for cybersecurity. The Internet of Things is a scary place when you think about all the potential for various cyber-attacks that can disrupt system operation and negatively impact a customer’s business. Because most physical security systems today are IP-based, the two formerly separate disciplines are more intertwined than ever. We asked this week’s Expert Panel Roundtable: How can cybersecurity challenges impact the physical security of a company (and vice versa)?
Cloud systems are among the fastest-growing segments of the physical security industry. The fortunes of integrators can improve when they embrace a recurring monthly revenue (RMR) model, and cloud systems are expanding the services and features manufacturers can provide, from remote diagnostics to simplified system design. But for all the success of cloud systems, there remains confusion in the market about the exact definition of “cloud.” Or does there? We asked this week’s Expert Panel Roundtable: What is “the cloud?” Is there agreement in the market about what the term means?