Articles Tagged with ''risk management''

The Security Department at the El Centro Regional Medical Center (ECRMC) was put to the test, tasked with supporting the expansion of the hospital’s patient load to 50% above licensed capacity – far beyond any patient census in the hospital’s history. William DuBois, Security Department Manager at ECRMC, led the physical security through the pandemic, ensuring the Department’s updated mission of assuring the safety and security of patients, staff and visitors while maintaining the assets and business continuity of the hospital.

Communication was already a challenge in the security industry with widespread teams or lone personnel in siloed locations. Now that COVID-19 has virtually eradicated in-person interactions and many team members are only working remotely, it is all the more difficult to keep everyone synced. The entire face of security communications has changed, escalating the need to find alternate ways to connect with the growing remote workforce. Internal and external communications are merging as security companies struggle to manage disconnected teams. Remote work now requires mobile communication delivery at an unprecedented level. Security professionals are discovering faster, more effective ways to communicate with simple, plug-and-play digital solutions.

Enterprise security teams need the ability to see, and they need good sound—sound that is clear, intelligible, and understood, every time. Only then can security teams acquire actionable business intelligence, increase operational efficiency, and mitigate safety and security risks. What are some examples within enterprise security where “good sound” and high-definition audio can help security teams to reduce security risks?

ADM and its security team, including Kevin Wujek, Insider Threat Coordinator, tapped into existing data, both inside the company and publicly available, to enable informed decision-making and real-time insight into the company’s COVID-19 pandemic response plan including contact tracing, location insight and information, and facility occupancy.

Almost every American adult knows that cyberattacks and breaches are ubiquitous and have primarily targeted companies and government entities. They might even know that the single most common breach these days is ransomware, a malicious process by which hackers dismantle computer systems and don’t fix them until a ransom is paid. Few, however, are aware that ransomware is targeting a new set of highly vulnerable victims en masse. In recent months, the majority of successful ransomware attacks have struck K-12 schools nationwide, casting a whole new light on the number of Americans highly susceptible to a cyberattack.

Colonial Pipeline, which operates the biggest gasoline conduit to the East Coast, said it has no estimate on when it could restart the 5,500-mile pipeline that it shut Friday after a cyberattack. The company took systems offline to contain the threat, temporarily halting all pipeline operations and affecting some IT system. In a statement, the company said the Colonial Pipeline operations team is developing a system restart plan, and while their mainlines remain offline, some smaller  lateral lines between terminals and delivery points are now operational. 

News quickly spread about a vulnerable call recording app for iPhone named “Call Recorder,” or “Acr call recorder,” as its listing in the Apple App Store states. TechCrunch was the first outlet to flag a design flaw with the mobile application’s API when it obtained call recordings from AWS S3 cloud storage to prove it was insecure and therefore open to API-based attacks. The weaknesses exhibited by the mobile app represent a vital shift occurring in cybersecurity towards the importance of the protection and hardening of APIs. From this instance alone, we can learn a number of valuable lessons as API attacks are set to rise drastically this year. Most of the issues in the Call Recorder vulnerability map directly to the OWASP API Security Top 10, a list that captures the most common API mistakes. This document is a great reference for DevOps and security teams that are looking to implement strong API security that can be applied to both web and mobile application systems, including those in the cloud.

Steven Seiden, president of Acquired Data Solutions (ADS), has been involved in “digital divide issues” for more than 20 years, and he believes broadening inclusion and diversity in the STEM literacy field is one of his purposes. An engineer by trade, Seiden has experienced a shift in the tech world over the years, watching the convergence of technology, IT and IOT and noting the ever-expanding engineering lifecycle that now includes security.