When is the last time your facility was subjected to an electrical power surge? Chances are, you have no idea – for two very good reasons. First, power surges are typically very brief – lasting only a few milliseconds. Secondly, most power surges are relatively small and go unnoticed, unless they are significant enough to make the lights flicker. Even so, they remain dangerous to your systems and should not be ignored – they are a silent killer of your critical electronic equipment.
Think back to 2009 and the phone you owned. While the phone you carry today might not look that different, a smartphone or its equivalent is far more powerful than it was just 10 years ago. While it is relatively easy for businesses to track the evolution of phone technology, have they similarly considered how their own corporate security departments have changed during the same period?
Imagine losing your car keys. It would be inconvenient, as you could be stranded for a while and you would need to find and obtain a replacement key. Now imagine losing a set of work keys. How much disruption could this cause your company? Remember the 2014 Sony breach? It was perpetrated by a group who claimed that they were able to access the movie studio's computer systems because Sony failed to lock their physical doors.
We have been hearing about the “convergence” of physical and cyber security for years, but even today there are still debates about whether it has happened yet (spoiler alert: it hasn’t). Part of the challenge might be that the word convergence itself can apply to more than one kind of activity – for example, some believe it applies to the linkages or integration of IT and security systems, while others believe it applies to IT and security organizational structures and teams.
Do you know who is calling you? In many cases, employees rely on caller ID or a familiar name to allow callers to build trust and potentially exploit them. Vishing (or social engineering) is a practice where verbal communication is used to deceive a potential victim.
New technologies, including cloud computing, the Internet of Things and artificial intelligence, are constantly bringing new opportunities and challenges to attackers and defenders alike. This is not just the age of machines but of machine-scale. As such, IT security analysts need new tools to defend the network.
Last month’s ASUS APT attack doesn’t come as a surprise to any security-conscious industry watcher – this highlights a long-standing flaw in many software supply chains today. Attackers have been engaged in spoofing websites, stealing credentials and gaining unauthorized access for years. Injecting malicious code into legitimate tools that are designed to protect represents the next evolution in putting companies and their customers at risk.
Both the government and the private sector are scrambling for talent. Thousands of information-security jobs are going unfilled as the industry in the U.S. struggles with a shortage of properly trained professionals. By one estimate, there will be 3.5 million unfilled cybersecurity jobs by 2021.
Many enterprises face challenges when choosing the right security partners to implement and maintain their systems. Security management places a premium on their specific physical security strategies, either because of the complexity of their needs, or the specific system demands and compliance regulations associated with their specific business classification. Therefore, the goal should be to partner with suppliers whose focus is to deliver the solutions that best fulfil desired system functionality and operations.
School and campus safety is an ever evolving challenge. New threats emerge almost daily, and administrators and security personnel need a way to respond should students and staff face a dangerous situation. The foundation of any good safety plan is strong communication.