Subscribe to RSS - Cybersecurity

Cybersecurity

Top 3 areas shutdown is hitting security the hardest

 - 
Wednesday, January 16, 2019

Day number 26 … it’s the longest shutdown in U.S. history, and with approximately 800,000 federal employees out of work or working without pay, and three or more hours of wait time to clear security in some of America’s busiest airports—Atlanta, Houston, Miami and Washington—security-related vulnerabilities linger. Just by saying the U.S. is “shutdown” seems to give hackers, terrorists, criminals and such the impression that the whole country is weak and now is the time to strike.

Here’s some specific areas the shutdown is hitting security the hardest, and please clcik here to comment on the topic in our News Poll:

Government payment portals and remote access services: Sites such as NASA, the U.S. Department of Justice and the Court of Appeals, among others, are insecure or inaccessible, due to more than 80 expired TLS certificates used on .gov domains. What’s more, only 1 in 20 HTTPS servers implement the security feature that prevents visitors from making unencrypted HTTP connections to a server.
As more security certificates expire during the shutdown and with furloughed IT employees not renewing them, opportunities for a security hack increase.

Click the following links to see examples of expired .gov certificates as of January 16, 2019:
https://ows2.usdoj.gov/
https://rockettest.nasa.gov/

National cybersecurity: It seems “everyone” is furloughed…approximately half of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the employees who protect critical infrastructure, such as banking, water, energy and nuclear; 85 percent of the National Institute of Standards and Technology (NIST) employees and other IT professionals knowledgeable about the latest cyberattacks and how to deal with them most appropriately, according to CNBC.

Security operations, software patching and penetration testing are among the activities not getting done for government sites including but not limited to:
•    Departments of State;
•    Homeland Security;
•    Agriculture, Commerce and Housing and Urban Development;
•    Environmental Protection Agency;
•    Internal Revenue Service (IRS);
•    National Institute of Standards and Technology; and
•    National Park Service.

Weakened airport security: Not only is wait time increasing for passengers to get through security, but personal safety is quickly becoming an issue. On January 2, 2019, a Delta passenger successfully deceived TSA, sneaking a gun past agents and onto a flight headed to Tokyo from Atlanta Hartsfield-Jackson International Airport.

According to USA Today, TSA said they would “hold those responsible appropriately accountable,” as they rejected the assumption that low staffing was to blame. Either way, carelessness or low staffing, security was breached and could have led to dire consequences.

As we see the deterioration of security right before our eyes, what are you most concerned about when it comes to the partial government shutdown and security?

Let’s discuss! Looking forward to your responses.

SSN News Poll: Readers weigh in on cyber trends

60 percent of respondents see end users budgeting more for cyber
 - 
11/20/2018

YARMOUTH, Maine—The Security Industry Association recently released a benchmarking study that outlined potential cyber risks and the emerging technologies that could help protect systems. Security Systems News’ readers shared some of their opinions on end user attitudes and rising threats that were outlined in the report.

Cybersecurity benchmarking study released

 - 
Wednesday, October 17, 2018

A new benchmarking study of the cybersecurity practices and initiatives of global organizations provides insight into the cyber landscape today and moving forward over the next few years. The study, called The Cybersecurity Imperitive, was produced in partnership with ESI ThoughtLab and WSJ Pro Cybersecurity and is sponsored by Security Industry Association (SIA) and several other partners.

“As validated by SIA’s just-released 2019 Security Megatrends—highlighting the top factors influencing both short- and long-term change in the global security industry—security companies see cybersecurity as the dominant trend shaping the industry,” SIA CEO Don Erickson said in an email announcing the study. “Having these clear benchmarks around cybersecurity not only facilitates the advancement of cybersecurity within your own organizations, but it also allows firms like yours to deliver appropriate solutions to your customers.”

One key finding in the study is that digital transformation is exposing companies to higher and more costly cyber risks. For example, those whose cybersecurity practices do not keep pace with their digital transformation initiatives are more likely to see $1 million or more in losses from cyberattacks. The research showed that cyber risks rise dramatically as companies embrace new technologies, adopt open platforms and tap ecosystems of partners and suppliers.

“Companies need to make sure that their cybersecurity programs keep pace with their digital transformation effort,” Lou Celi, CEO of ESI ThoughtLab and director of the study, said in the announcement. “Cybersecurity should not be an afterthought. It needs to be integrated into the fabric of an organization’s growth strategy.”

According to the study, there will be an increase in cyber-threat vectors by 2020, including:
•    Attacks through partners, customers and vendors (247% growth)
•    Supply chains (+146%)
•    Denial of service (+144%)
•    Apps (+85%)
•    Embedded systems (84%)

Surveyed companies see high risks from external threat actors, such as unsophisticated hackers (cited by 59% of firms), cybercriminals (57%) and social engineers (44%), but the greatest threat lies with untrained general staff (87%). Another 57 percent of firms see data sharing with partners and vendors as their main IT vulnerability. Nonetheless, only 17 percent of companies have made significant progress in training staff and partners on cybersecurity awareness.

The study also cites the leading cyber-threat vectors in 2018, which are:
•    Malware (81%)
•    Phishing (64%)
•    Ransomware (63%)
•    Viruses (62%)
•    Attacks from Apps (62%)

Another key finding is companies are boosting their cybersecurity investments. To cope with rising cyber risks, surveyed companies are increasing their cybersecurity investment by 7 percent this year and 14 percent next year. The biggest upsurge will come from platform companies, which are hiking their spending 59 percent this year and 64 percent next year. On average, companies with revenue between $250 million and $1 billion will spend $2.9 million next year; $1-5 billion ($5.7 million); $5-20 billion ($10.7 million); and $20 billion+ ($16.8 million).

According to the study, companies now use a variety of technologies to improve cybersecurity, such as multi-factor authentication (90%), blockchain (68%), Internet of Things (62%) and artificial intelligence (AI) (44%).

Security Systems News’ Class of 2017 “20 under 40” winner Ryan Fritts, CISO, ADT, said, "We are using AI in our access and entitlement management to analyze the behaviors of end-users and determine whether or not their behaviors are risky."

Over the next two years, studied firms indicated they plan to greatly expand the use of the following technology solutions:
•    Behavioral analytics (+1,735%)
•    Smart grid technologies (+831%)
•    Deception technology (+684%)
•    Hardware security and resilience (+114%)

The study also found that as corporate cybersecurity systems mature, the probability of costly cyberattacks declines. Cybersecurity beginners have a 21.1-percent probability of cyberattacks generating over $1 million in losses versus 16.1 percent for intermediates and 15.6 percent for leaders.

"Security is a holistic discipline. You need to manage both physical and cyber risks,” Joseph Gittens, SIA director of standards, and Cybersecurity Imperative study advisor, said in a prepared statement. “You could have the best physical security ever—guards, gates, guns and surveillance—but if someone can access your network from the comfort of their living room, it's not doing anything. The reverse is true as well. You could have a ton of cybersecurity but fail to lock down your physical space."
 

Launch Security rebrands as Defendify

Name change in sync with release of new cybersecurity platform
 - 
07/25/2018

PORTLAND, Maine—Launch Security, a cybersecurity consulting firm started last year by Security Systems News’ “20 under 40” winner Rob Simopoulos, announced a name change to Defendify, a move that is in line with the launch of the company’s new cybersecurity platform.

ADT partners with Cofense to bolster cyber protection

 - 
05/23/2018

BOCA RATON, Fla. and LEESBURG, Va.—ADT and Cofense, a provider of human-driven phishing defense solutions worldwide, announced a partnership to offer phishing detection and response to ADT customers.

PSA, SIA and ISC launch cybersecurity conference

 - 
Wednesday, January 10, 2018

DENVER—Cyber:Secured Forum, a cybersecurity summit focusing on integrated systems, will launch with an inaugural gathering here, on June 4-6, 2018, under a partnership formed by PSA Security Network, the world's largest systems integrator cooperative, ISC Security Events (Reed Exhibitions, the global tradeshow company) and the Security Industry Association (SIA), a leading trade association for global security solution providers.

“Sophisticated cybervulnerabilities and threats are emerging every day, and it is critical for the physical security and systems integration industry to accelerate its delivery of compelling education to help all industry stakeholders mitigate the risk of cyberattacks to business continuity,” SIA CEO Don Erickson said in the announcement.

Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively developed by SIA and PSA Security Network’s education teams and will feature top cybersecurity leaders.

“Cybersecurity is no longer just a threat—it’s a real issue knocking on the doors of security and IT professionals on a daily basis,” Bill Bozeman, president and CEO, PSA Security Network, said in the announcement. “The time for just being in reaction mode is behind us now. As security leaders, we have a responsibility to step forward and be part of the frontline defense when it comes to cybersecurity, just as we have been part of the frontline defense when it comes to physical security issues for decades. The goal of this conference is to empower attendees with real tools and knowledge to do just that.”

The two-day event will provide leaders in the IT and physical security industries with opportunities to connect and share information on risks and liabilities, responding to cybersecurity threats, and establishing security control standards across IT systems and particularly when integrating physical security solutions and devices on IT networks.

Additionally, sponsor exhibits will help showcase solutions related to cybersecurity, integrated systems and physical security solutions.

“At our recent ISC West and ISC East events, the educational sessions on cyber-physical integration and connected security have been in high-demand,” Will Wise, group vice president of the Security Portfolio, Reed Exhibitions. “In-depth education, training and industry collaboration is essential to ensure safe and secure systems for the market. We’re enthusiastic about this partnership with PSA Security Network and SIA to address this important market need.”

For more information about this new event and to be added to the event mailing list, visit cybersecuredforum.com

SSN News Poll: physical security’s place in cybersecurity

Half of respondents say contracting or partnering with a cyber firm is the best step
 - 
12/20/2017

YARMOUTH, Maine—ADT recently finalized its acquisition of DATASHIELD, which will operate under the newly formed brand ADT Cybersecurity. In Security Systems News’ most recent poll, traditional security companies see a space in the cybersecurity world.

Hikvision hires former IBM security pro to lead cyber efforts

Chuck Davis named director of cybersecurity in North America
 - 
10/19/2017

CITY OF INDUSTRY, Calif.—Hikvision USA Inc., a video surveillance products and solutions company based here, announced that Chuck Davis has been named director of cybersecurity for Hikvision North America.

Security experts launch new cyber company

Edgewise Networks to provide network security ‘where firewalls fail,’ company says
 - 
07/12/2017

BURLINGTON, Mass.—Edgewise Networks, a new start-up company backed by $7 million in initial capital, announced its official launch today. The company’s founders, CEO Peter Smith, a cybersecurity entrepreneur, and CTO Harry Sverdlove, former CTO of Carbon Black (formerly Bit9), are looking to provide a fresh take on network security, one that transcends the limitations of available address-centric controls.

Launch Security looks for cybersecurity to take off

SSN ‘20 under 40’ winner Rob Simopoulos starts new company in Maine
 - 
05/31/2017

PORTLAND, Maine—Security Systems News’ “20 under 40” winner from the integrator class of 2015, Rob Simopoulos, along with company partner Andrew Rinaldi, formed Launch Security here last month with the idea of helping organizations improve their overall cybersecurity posture.

Pages