Security Leadership and Management

RSS

Noted security expert Mathy Vanhoef recently discovered a Wi-Fi security vulnerability, that if exploited, it would allow an attacker within radio range to steal user information or attack devices. The security vulnerability, known as FragAttacks - fragmentation and aggregation attacks - are design flaws in the Wi-Fi standard and therefore affects most devices. In addition, Vanhoef discovered several other vulnerabilities that are caused by widespread programming mistakes in Wi-Fi products. 

Just like about everything else in the world, the loss prevention/asset protection space has been hugely affected by the pandemic and the “traditional” threat landscape for security professionals in this area has evolved over the past year and half. Let’s take a look at pain points, best practices and COVID-19’s impact on loss prevention.

HP Inc. released its HP Wolf Security Blurred Lines & Blindspots Report, a comprehensive global study assessing organizational cyber risk in an era of remote work. The report shows that changing work styles and behaviors are creating new vulnerabilities for companies, individuals, and their data.

COVID made “flatten the curve” a household phrase in 2020, but did you know the concept also applies to vulnerability exploits? It turns out that what’s past is prologue in exploit trends. By tracking which attacks are being exploited the most, organizations discover important information to help proactively determine their vulnerability and risk. But it is also important to track attacks where activity has increased the most within a specified timeframe. It only takes one critical exploit to cause significant damage and, once inside the network, the attacker will need to move laterally and probably deploy additional exploits. That’s why understanding which exploits have the greatest likelihood of arriving on the network’s doorstep helps organizations prioritize patch management and risk assessment. This remains top of mind as cyber adversaries continue to maximize vulnerabilities, as we have recently seen with DearCry ransomware, for example.

Enterprise security risk management is an approach where organizations should consider the risks versus potential impact in order to dictate when and how often they assess risk. The ESRM approach to risk management and security is meant to keep a security program agile and responsive. Learn about the keys needed to implement an efficient ESRM program.

The Security Department at the El Centro Regional Medical Center (ECRMC) was put to the test, tasked with supporting the expansion of the hospital’s patient load to 50% above licensed capacity – far beyond any patient census in the hospital’s history. William DuBois, Security Department Manager at ECRMC, led the physical security through the pandemic, ensuring the Department’s updated mission of assuring the safety and security of patients, staff and visitors while maintaining the assets and business continuity of the hospital.

Communication was already a challenge in the security industry with widespread teams or lone personnel in siloed locations. Now that COVID-19 has virtually eradicated in-person interactions and many team members are only working remotely, it is all the more difficult to keep everyone synced. The entire face of security communications has changed, escalating the need to find alternate ways to connect with the growing remote workforce. Internal and external communications are merging as security companies struggle to manage disconnected teams. Remote work now requires mobile communication delivery at an unprecedented level. Security professionals are discovering faster, more effective ways to communicate with simple, plug-and-play digital solutions.

Enterprise security teams need the ability to see, and they need good sound—sound that is clear, intelligible, and understood, every time. Only then can security teams acquire actionable business intelligence, increase operational efficiency, and mitigate safety and security risks. What are some examples within enterprise security where “good sound” and high-definition audio can help security teams to reduce security risks?