The Security Industry’s Cyber Problem

This article appears in the September issue of SDM Magazine. You can read the full post here

IST’s Chief Strategy Officer Michael Ruddo was interviewed by SDM Magazine to discuss the convergence of cyber and physical security. “Today’s physical security systems are connected to an IT network, making cybersecurity a foundational element of any on-site security protocol,” says Ruddo. Read more on https://www.sdmmag.com/articles/99859-the-security-industrys-cyber-problem.

SIA 2019 Security Megatrends 9 & 10 – What You Need To Know

This post wraps up our series that took a deeper dive into SIA’s comprehensive 2019 Security Megatrends report. Megatrends 9 & 10 both bring the future home with high technology devices that will allows us even greater security, both in our homes and offices.

Megatrend 9: Going Biometric for Access Control
We are on the edge of the tipping point with biometric access control. Voice recognition and sound are increasingly integrated into physical security. The residential market is embracing this change, and the commercial market will soon follow.

Going biometric for access control brings with it the same questions that the IoT, AI and other new technologies pose: how do you effectively balance security with privacy and convenience? For the residential consumer, ease of use continues to outweigh concerns about security. On the commercial side, the perspective shifts, as security safeguards are put in place to achieve compliance, meet regulations and follow standards. Convenience often falls by the wayside. A balance must be struck.

The good news is that biometrics are becoming more reliable and cost-effective. For years, smart phones have unlocked through facial recognition. And since everyone likes to keep their phones on them at all times, the smartphone has the potential to be the credential of choice, a virtual certificate identifying who you are.

Smarter Smart Phones
Smart phones have a number of advantages for seamless “frictionless access control,” free-flowing, yet secure access to a space. This system is almost instant. It requires little interaction and doesn’t interfere with users unnecessarily. It also negates the need for tokens like badges and PIN numbers. Biometrics, radio frequency and Bluetooth technology can all be frictionless. However, this type of access also opens up cybersecurity concerns; if your phone is compromised for instance, your entire identity can be at risk.

Recent facial recognition improvements may make this a reality sooner than we think. One survey respondent noted that “A single digital identity that transcends logical and physical environments via sensor fusion (software that intelligently combines data from several sensors for the purpose of improving application or system performance) may emerge. It’s not a question of if anymore, it’s just a question of when biometric access control becomes our credential of choice.

Megatrend 10: 3 Ways DIY is Revolutionizing the Security Space
In the last megatrend of the report, change in the physical security space continues at unimaginable speeds. Consumer electronics companies are taking the physical security industry by storm by introducing new DIY systems into the residential market. Not only are consumers more aware of the technology, but big names like Amazon make them more comfortable jumping into their own DIY security systems.

The Move to DIY
Consumers usually start by implementing video and then grow their network from there. They often choose to forgo professional monitoring, choosing to do that DIY too. As Amazon expands with its purchase of the Ring Protect system and acquisition of Blink, which produces wireless cameras, this market will continue to expand. In 2016, Statista research recorded $107.1 billion spent in the U.S., which is the largest consumer electronics market on the planet, especially when it comes to connected smart devices. Convergence is the largest trend in the country in this regard, as more connected devices and telematics in the IoT come onto the scene.

When asked how much of an impact the consumer technology giants will have on the industry’s bottom line in residential market, most SIA surveyed respondents agree that this trend will change the security market significantly.

Who will win this high stakes competition? Big companies with the infrastructure already in place, like Amazon and Google, are poised to claim the largest market share. Consumers already rely on their smart speakers and voice control devices, Alexa and Google Home; these will become the main points of entry into their homes and serve as the main interface with the residents.

As Mike O’Neal, President of Nortek Security & Control, explains, “This isn’t a space anymore for small companies to dominate the industry. We have huge players with large infrastructures who have the ability to invest in technology and change the models. Comcast’s Xfinity Home is a disruptor having a major impact on the smaller companies.”

Here are three ways that this DIY trend is revolutionizing the security space:

  1. Opening Up Opportunities: ADT and Amazon have a strategic partnership that integrates the new Alexa Guard feature with ADT Pulse’s security system. Alexa can listen for breaking glass and smoke or carbon monoxide alarms and alert ADT.
  2. Providing a Disruption or an Opportunity: This DIY change is viewed two ways. Many see the opportunity for the subscriber to gain more valued services or a new level of service, while others feel that this rapid change may be hard to manage and the industry may not be able to keep up effectively.
  3. Delivering Disruption: Since smart phones are such easy interfaces, early adopters rely on them to check on their pets and kids, monitor their homes and even provide remote caregiver services. They’re not thinking about handing these tasks over to professional security experts. However, as the population ages, they may leverage professionals for connected health services and personal emergency responses.

Both biometrics and DIY security devices continue to shake up the industry and create a large paradigm shift. Both will have us relying on our ever-present, indispensable smart phones even more. As the year unfolds, it will be interesting to note how this plays out. Will smart phones be our sole credential? Will physical security move fully to a Google/Amazon DIY model, or even a new one? And how will the current security market adapt to these changes and continue to thrive?

We’ll check back later in the year and let you know.

This completes our dive into the SIA 2019 Security Megatrends report. We’ll continue to monitor these trends throughout the year as they play out in real time. If you have any questions about how they affect your business, please let us know!

SIA 2019 Security Megatrends 1 & 2 – What You Need to Know

The next set of blog posts will explore the SIA’s forecasted 2019 Security Megatrends in order of importance. We are going to dive into Megatrends #1 and #2 in our first post.

Megatrend 1: 8 Smart Ways to Integrate Physical and Cybersecurity
Cybersecurity’s impact on physical security moved from the number two spot in 2018 to claim the number one security concern in the new year. This year will continue the escalating arms race between security professionals and cybersecurity criminals.

Several newer cybersecurity threats are forecast to dominate the landscape. According to “The Cybersecurity Imperative” produced by ESI ThoughtLab and WSJ Pro Cybersecurity in partnership with the SIA and other organizations, AI, the IoT and blockchain technologies, in conjunction with the proliferation of open platforms, will be the largest risk factors in cybersecurity. This comprehensive report also foresees most risks coming through electronic interactions with partners, customers, vendors and supply chains as businesses become more interconnected.

How do you secure both your physical and cyber assets against these growing threats? The following provides 8 ways to best integrate physical and cybersecurity:

  1. Nix default passwords in your software and equipment: This is one of the top ways for hackers to install malware, phish for information or deploy ransomware, all potentially devastating ways to access your network.
  2. Test and test some more: Software, hardware and other products, whether they be IoT or another, benefit from a thorough testing period. Ideally, you should test multiple times and have a third party test them as well.
  3. Know your risks: Use a monitoring program that tracks and reports vulnerabilities, or hire a security company to help you with this important task. Then prioritize the list and devise a plan for addressing all risks.
  4. Dive into your software and firmware: Are your updates up to date? Do you know who’s using your software and firmware? Run regular reports to catch any vulnerabilities and only grant access to authorized users.
  5. Designate a central command: Create a security resource center for your customers and security integrators to keep everyone on the same page. Where there are communication gaps, seek to fill them. Silos can breed security breaches.
  6. Educate, educate, educate: Ensure that your security training program is up to speed and that all employees receive ample and ongoing training.
  7. Start early with cybersecurity: Build cybersecurity into every product development cycle. When you integrate it early, you can find holes.
  8. Repeat: Cybersecurity risks aren’t going away. As they get stronger, your security needs to be strengthened too. Stay ahead of the curve. Keep learning, tweaking and improving.

These steps go a long way towards securing both physical and cyber spaces.

Megatrend 2: Top Challenges and Opportunities as the IoT and Big Data Converge
Big data is big business. A recent Accenture study showed that 79% of enterprise executives believe that companies that do not embrace big data will lose their competitive positions and even face extinction. On the flip side, 83% are embracing big data to gain a competitive edge.

Data continues to mount as more and more devices join this data collection party. From drones to robotics, to SaaS to the IoT, connected devices and platforms are generating data at an alarming speed, which makes it difficult to properly protect. When it comes to crucial information like healthcare, financial or other sensitive information, security becomes the ultimate challenge. How do we keep this data safe as the Iot and big data converge so that we can use both to benefit our businesses as well as our lives?

Let’s break down the challenges and opportunities:

Challenge: By 2020, Statista predicts that there will be between 6.6 and 30 billion IoT connected devices. With more data comes the need for more ways to communicate that data to the end user and responding authorities efficiently and securely.
Opportunity: Analytics and AI to the rescue. With these superpowers, it’s infinitely easier to parse and digest big data. As more devices collect information, these newer technologies can help enterprises put the information to work. On the security front, this equates to faster response times for security system users and the responding authorities.

Challenge: The IoT and other smart platforms provide an easy way in for potential hackers to breach the physical-cyber security connection. Any connected devices are at great risk, and open connections make them even more vulnerable.
Opportunity: If set early, the enabling data analytics function yields safer and more productive data generation. For instance, certain types of dashboarding and IoT enablement facilitate this. With better built in protection, these devices can counteract various threats.

2019 promises to be a year of big changes for as IoT and big data converge. The companies that seize these trends and the opportunities that go with them will be the ones that come out ahead.

Physical Security at Your Business – Do You Need to Up Your Game?

What Is Physical Security?

The statistics are scary. Every year, almost two million American workers are subject to violence at their workplace, with as many as 25% more incidents that go unreported. There are a number of precautions you can take to ensure that your workplace has physical security solutions in place to proactively deter these threats. There are also tools you can use to report an incident and to get help.

What is physical security and why is it important?

Physical security denotes the protection of the people, data and property at your offices from damage or harm. Each needs to be secured, from your employees and customers, to your computers and networks, to the various pieces of equipment within your property lines.

Fortunately, a few simple steps can help you significantly up your game and increase your office security through physical detection and physical deterrence strategies:

1. Assess the situation to determine which specific threats you’re up against.The USDA provides this list to help you cover your bases:

  • Identify how likely you are to be targeted. Have there been threats or incidents of violence in the past?
  • What is your company’s prevailing attitude toward security?
    • Who handles overall security?
    • How are security policies enforced?
  • When was your emergency preparedness plan developed (including fire, power failure and disaster)?
    • What are your local resources for police, fire and medical attention and how quickly can they respond?
  • What physical security systems do you employ?
    • Do these security resources, policies and procedures meet the potential threat?

2. As you address your findings, there are a number of security solutions you can implement:

Have a Plan

  • Crisis Communication Plan: If there is an incident, who are the main players that need to be informed? Equip them with intercoms, phones, alarms or other concealed communication devices. Create a plan B back-up, too; a two-way radio can work in the event of a phone failure.
  • Emergency Executive Information File: To be kept by security officials for use in an emergency, this secure file contains contact information for employees, their families, close relatives, schools, medical doctors, local emergency services and any important passwords.

Secure All Entrances

  • Parking Lots: If your security needs require you to check visitors in at the parking lot, consider a gate equipped with a card reader or a security guard. You may also need to place traffic bollards in front of your building to deter and prevent ramming. Spike barriers are strong deterrents as well, and a well-lit parking lot is less likely to be targeted.
  • All Exterior Doors (And Some Interior): Protect your first line of defense into the building. Set up key card access at the main entrances and other important doors. Distribute access control badges that feature photos for enhanced security. Consider using a biometric system for even greater security. Intercom systems can help you manage access. If you’re using manual locks, be sure to protect your keys by locking the master and spare keys in a secure place.

Maintain Surveillance
Keep an eye on your people, property and data. Leverage video management systems to monitor entrances and other sensitive areas and to generate a record of any incidents. These serve as powerful deterrents to crime as well as effective surveillance devices. Check all lighting to ensure that it’s working well. Video surveillance is only as good as the picture it can provide.

Fortify the Office

  • Secure Setup: The layout of your office matters, too. Consider placing any important offices that house expensive equipment or other desirable items away from the outside of the building to keep them safer and away from prying eyes. Set a designated waiting area so visitors are greeted and kept in a safe and visible place. In case of an attack, you can prepare a secure area with steel doors and a protected ventilation system, stocked with emergency supplies like a first aid kit, phones, blankets, tool kits, food, clothing, flashlights and batteries.
  • Day-to-Day Deterrence: Be smart about your office operations. Critical papers should be stored in safes or other secure areas. Discard your trash regularly and take care when opening packages from unknown senders. Lock closets, service openings, telephone and electrical closets. Arm utility areas and critical communications devices with alarm systems. Lock publicly accessible restrooms.

Being prepared not only provides peace of mind, but is itself a strong deterrent against crime. IST has been helping companies secure their office spaces for over 20 years. We can help you assess your space and up your security game, too.