Cybersecurity involves a variety of risks and vulnerabilities to the enterprise, from distributed denial of service (DDoS) attacks to phishing to USB drives. Companies may also be at risk from use of interactive kiosks, or even from cyberattacks against traveling executives.

Preventing phishing and cyberattacks

The 'Management Hack' service is designed for C-level executives, such as CEO, CFO or event CIO

Phishing is a fraudulent attempt to gain sensitive information such as user names, passwords or credit card details by disguising as a trustworthy entity in an electronic communication. These are among the most dominant forms of social engineering attacks.

To avoid phishing attacks, NTT Security has expanded their suite of phishing attack simulation services using special social engineering techniques to check whether senior executives pose a security risk. The 'Management Hack' service is designed for C-level executives, such as CEO, CFO or event CIO. These executives are more likely to have unrestricted access to highly confidential company data, which makes them a valuable target.

Simulated, personalised social engineering attacks are carried out, with the individuals involved unaware they are being targeted. NTT then analyses how executives respond, identities weaknesses, and recommends appropriate measures such as awareness training.

Phishing is a fraudulent attempt to gain sensitive information of users by disguising as a trustworthy entity in an electronic communication
Cybersecurity helps deter phishing and DDoS attacks

ADT Cybersecurity partners with Cofense phishing defense solutions to offer phishing detection and response. Cofense Triage is a phishing-specific automated incident response platform that works as part of ADT Cybersecurity managed services. The system focuses on thwarting phishing attacks before they can cause damage by moving detection of such attacks up the kill chain.

Data breaches caused by cyberattacks on networks are plaguing businesses of all sizes. The median time of compromise to discovery is 80 days, with the average cost of data breach costing organizations $3.62 million.

Managing endpoint security

There is a need for cybersecurity to extend beyond the firewall

Another cybersecurity vulnerability for companies is the unauthorised use of USB ports. There is a need for cybersecurity to extend beyond the firewall, which requires restricting access to a system’s USB ports as a means of managing 'endpoint security.' However, blocking all USB ports can restrict productivity, and employees are not as efficient as they should be.

A solution is the use of more encrypted USB drives to combine the productivity advantages of allowing USB access while protecting the information on the drives. Kingston Technology offers hardware-based encrypted USB drives that uses AES 256-bit encryption in XTS mode to ensure that if anyone finds a USB drive, they cannot access the information.

Illustrating the value of encrypted drives was an incident when a USB drive from Heathrow Airport was found on a London street. It contained confidential information about accessing restricted areas at the airport and security measures used to protect the Queen.

Data security and interactive kiosks

Another possible cybersecurity vulnerability is use of interactive kiosks, which are computer terminals that feature specialised hardware and software that provide access to information and applications. Kiosks are typically placed in high foot-traffic environments such as retail stores, hospitals, banks, hotels, airports, courthouses, libraries and railway stations.

A kiosk is particularly attractive to attackers because they know the security might not be as tight as it should be. Making kiosks more secure could be the difference between you being breached and remaining safe.

Interactive kiosks, which are computer terminals that feature specialised hardware and software, provide access to information
A kiosk is attractive to attackers because they know the security is not very tight

Executives who travel are another vulnerability to be considered. The international cybersecurity landscape has grown increasingly dynamic, with threats posed by government authorities (in some countries), terrorists, insurgents, and criminals, requiring travelers to be proactive and vigilant. U.S. citizens, particularly executives of U.S.-based technology companies, must be aware that they are considered high-value targets for nation-state intelligence services and criminally-motivated bad actors.Traveling executives should avoid using public Wi-Fi services—unless they use private VPN service for encryption

WiFi and wireless connectivity

There has been a shift from 'thrill hacking,' to an increase of 'hacking as a business' (through credential compromise and ransomware), to an increase in 'hacking for harm' - with the rise of 'nuke ware' and ransomware without a clear financial motivation. Traveling executives should avoid using public Wi-Fi services—unless they use private VPN service for encryption. They should also increase the privacy setting on technical devices and disable location identifiers.

Other precautions include creating a new (unlinked) email for internet correspondence and use of temporary (i.e., burner) phones to protect data and contacts. Travelers should also consider purchasing international MyFi devices to decrease the risk of getting Personal Identification Information (PII) or Protected Healthcare Information (PHI) stolen.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Larry Anderson Editor, SecurityInformed.com & SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SourceSecurity.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SourceSecurity.com's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Which technologies will disrupt the security industry in the second half of 2020?
Which technologies will disrupt the security industry in the second half of 2020?

The first half of 2020 has been full of surprises, to say the least, and many of them directly impacted the physical security market. The COVID-19 pandemic created endless new challenges, and the physical security market has done our part to meet those challenges by adapting technology solutions such as thermal cameras and access control systems. In the second half of 2020, we can all hope for a return to normalcy, even if it is a “new normal.” In any case, technology will continue to play a big role. We asked this week’s Expert Panel Roundtable: Which technologies have the greatest potential to disrupt the security industry in the second half of 2020?

What do you need to know about thermal imaging cameras?
What do you need to know about thermal imaging cameras?

As businesses, schools, hospitals and sporting venues look to safely reopen in a COVID-19 world, thermal imaging systems will play a critical role in helping to detect and distinguish skin temperature variations in people. Thermal surveillance, a mainstay of traditional physical security and outdoor perimeter detection, is now being deployed to quickly scan employees, contractors and visitors as part of a first line of defense to detect COVID-19 symptoms. In the coming weeks and months, the security industry will look to implement thermal camera solutions for customers, yet many questions remain as to the differences between different system types and how to properly install thermal imaging cameras. In this Q&A, Jason Ouellette, Head of Technology Business Development for Johnson Controls, answers several of these questions. Q: What are some of the different thermal imaging solutions available in the market to detect an elevated temperature in a person? For the general market, there are three types of these thermographic screenings. There is the handheld device, which is typically lower cost, very portable, and very easy to use. Typically, this is a point and shoot type of device, but it requires you to be three feet or less from the person that you're screening, which, in today's world, means the user needs to wear protective personal equipment. For the general market, there are three types of these thermographic screenings The second type of solution would best be described as a thermal camera and kiosk. The advantage of this system over a handheld device is this can be self-service. An individual would go up to and engage with the kiosk on their own. But many of these kiosk type solutions have some integration capability, so they can provide some type of output, for either turnstiles, or physical access control, but not video management systems (VMS). Some of the downside of this type of system is that it’s less accurate than a thermographic solution because it does not have a blackbody temperature calibration device and the readings are influenced by the surrounding ambient temperature, called thermal drift. So instead of being able to achieve a ±0.3ºC accuracy rating, this system probably provides closer to ±0.5ºC at best. Some of these devices may be classed as a clinical thermometer with a higher degree of one time accuracy, but do not offer the speed and endurance of the thermographic solution for adjunctive use. And then there are thermal imaging camera systems with a blackbody temperature calibration device. These types of systems include a dual sensor camera, that has a visual sensor and a thermal sensor built right into the camera, along with a separate blackbody device. This provides the highest degree of ongoing accuracy, because of the blackbody and its ability to provide continuous calibration. These systems can provide much more flexibility and can offer integrations with multiple VMS platforms and access control devices. Q: When installing a thermal imaging camera system what is the most important element to consider? Camera placement is critical to ensure the system works as expected, however the placement of the blackbody device which verifies the correct calibration is in place is equally as important. If the customer wants to follow FDA medical device recommendations for camera placement, both the height of the camera and the blackbody as well as the distance between these devices should comply with the product installation instructions. This takes into account the device focal range and calibration parameters in addressing the distance from the person undergoing the scan. Also, integrators should minimise camera detection angles to ensure optimal accuracy and install cameras parallel with the face as much as possible, and again in compliance with installation instructions. Integrators should minimise camera detection angles to ensure optimal accuracy The blackbody should be placed outside of the area where people could block the device and located more towards the edges of the field-of-view of the camera. You need to keep in mind the minimum resolution for effective thermographic readings which is 320 by 240 pixels as defined by the standards. To achieve this, you would need to follow medical electrical equipment performance standards driven by IEC 80601-2-59:2017 for human temperature scanning and FDA guidelines. Within that measurement, the face needs to fill 240 x 180 pixels of the thermal sensor resolution, which is close to or just over 50 percent of the sensor’s viewing area typically, meaning a single person scanned at a time in compliance with the standards for accuracy.  Along with height and distance placement considerations, the actual placement in terms of the location of the system is key. For example, an expansive glass entryway may impact accuracy due to sunlight exposure. Installations should be focused on ensuring that they are away from airflow, heating and cooling sources, located approximately 16 feet from entry ways and in as consistent of an ambient temperature as possible between 50°F and 95°F. Q: Once a thermal imaging camera system is installed, how do you monitor the device? There are several choices for system monitoring, depending on whether the solution is used as standalone or integrated with other technologies, such as intrusion detection, access control or video systems. For standalone systems, the ability to receive system alerts is typically configured through the camera’s webpage interface, and the cameras include abilities such as the live web page, LED display for alerting, audio alerts and physical relay outputs. When done right, these features will all follow cybersecurity best practices which is important for any network solution today, including changing default passwords and establishing authentication methods. The ability to receive system alerts is typically configured through the camera’s webpage interface These types of thermal cameras can also integrate with turnstile systems, VMS platforms and access control systems. This is typically done through the integration of a relay output, activated by a triggered temperature anomaly event on a thermal imaging camera which can then be used for activities such as locking a turnstile, or through access control and video systems to send an email or provide an automated contagion report for contact tracing. These capabilities and integrations extend the monitoring capability above that of the standalone solution. The camera can be configured to monitor a specific range of low and high alerts. Users can determine the actions that should be taken when that alert exceeds the preset low or high threshold. These actions include things like a bright and easy-to-see LED can provide visual notification through pulsing and flashing lights as an example. Q: What about system maintenance? Does a thermal imaging camera require regular service in order to operate accurately? First it’s important to make sure the system is calibrated. This can be done after the unit stabilises for at least 30 minutes to establish the initial reference temperature source known as the blackbody. Calibrations conducted before this warm up and stability time period can throw off accuracy. Also, as part of your system maintenance schedule you will want to perform a calibration check of the blackbody device every 12 months, along with following recommendations of the FDA and IEC. If you install the solution and don’t perform maintenance and the blackbody calibration certificate expires, over time there’s a risk that the device will experience drift and a less accurate reading will result. There’s a risk that the device will experience drift and a less accurate reading will result Q: What final pieces of advice do you have for either an integrator who plans to install a thermal imaging camera system or an end user who plans to invest in this solution? Before you buy a thermal imaging camera check to see if the manufacturer ships the camera with a calibration certificate. Also, become familiar with FDA’s guidance released in April 2020, Enforcement Policy for Telethermographic Systems During the Coronavirus Disease 2019 (COVID-19) Public Health Emergency. This document places thermal/fever products for adjunctive use under the category of a Class I medical devices and subject to its regulatory control. Driven by these regulations and categorisation, users need to understand specifically what is required to meet the required level of accuracy for successful detection. While thermal imaging camera systems are more complex than traditional surveillance cameras, they can prove to be a valuable resource when set up, configured and maintained properly.

Recognising the importance of security officers to promote safety
Recognising the importance of security officers to promote safety

The general public doesn’t give much thought to the important role of security officers in creating and promoting safer environments. The low-profile work of security officers is vital to protecting people, places and property. During the pandemic, newer aspects to that role have emerged. Security personnel have been called on to perform diverse tasks such as managing queues at the supermarket, safeguarding testing centres and hospitals, ensuring food deliveries, and supporting police patrols. The British Security Industry Association (BSIA) and two other organisations in the United Kingdom are joining forces to raise awareness of the work of security officers and to recognise the vital importance of the duties they perform. BSIA, a trade association, includes members who are responsible for 70% of privately provided UK security products and services, including security guarding, consultancy services, and distribution and installation of electronic and physical security equipment. BSIA, the Security Institute and the Security Commonwealth Joining BSIA in the awareness campaign are the Security Institute, a professional security membership body; and the Security Commonwealth, which is comprised of 40 organisations from across the security landscape with common objectives to build professionalism, raise standards and share best practices. “The recognition of security officers as key workers is the start of a re-appraisal of what service they provide to the community in keeping the public safe and secure,” says Mike Reddington, BSIA Chief Executive. “As we exit lockdown and have to navigate public spaces again, [security officers] will have a crucial role in supporting public confidence. We are working closely with the Police and all other public bodies to find the best way to achieve this.” Security officers acknowledged as key workers The campaign will showcase security professionals as a respected, valued, professional service provider and a key worker that is acknowledged and embedded in daily lives. The British Security Industry Association (BSIA) and two other organisations in the United Kingdom are joining forces to raise awareness of the work of security officers “Great effort has been invested in the professional standards and capabilities of frontline [security] officers, and they have proven their worth during the coronavirus crisis in the UK,” says Rick Mounfield, Chief Executive, the Security Institute. “They, along with the wider security sector, deserve to be recognized, respected and appreciated for the safety and security they provide across the United Kingdom.” “[We are working to] build professionalism, raise standards and share best practices, and I hope this campaign can make more people recognise the changes we have all made and continue to make,” says Guy Matthias, Chairman of the Security Commonwealth (SyCom). The industry will be reaching out to companies, professionals, and organisations in the sector to participate in the campaign. The hope is that, over the coming weeks as lockdown is eased, the industry can play its part to ensure that the country emerges with confidence to start to recover and build for the future. Private security more important than ever The campaign will showcase security professionals as a respected, valued, professional service provider Across the pond in the United States, law enforcement professionals are facing a crisis of confidence during a time of civil unrest as protestors call to “defund the police” and to otherwise undermine and/or recast law enforcement’s role in preserving the peace and ensuring public safety. If an upshot is that public policing is starved of resources, the role of private security to supplement their mission is likely to increase. In short, the role of private security is more important than ever on both sides of the Atlantic. Public recognition of that role is welcome, obviously. In any case, the importance of their role protecting people, places and property has never been greater.