Breaking News:
The Biden-Harris Administration Immediate Priorities Please see our news archive for more breaking news about security solutions, homeland security, and security stocks... click here. |
In The Boardroom With...We continued to innovate in 2020 and launched Symmetry Business Intelligence. Our customers had been asking for a way to track behavior abnormalities, and we delivered an analytics solution that helps identify identities that may pose a high risk to an organization. It also tracks facility occupancy and office usage for high-traffic areas, which provides data needed to help meet occupancy guidelines imposed by governing authorities, enforce physical distancing and determine cleaning schedules. In 2021, we will continue to listen to our customers and develop and enhance our open and diverse product platform. No one in the industry offers such an innovative and comprehensive solution set. It’s important to AMAG to support our customers with solutions that not only protect employees, assets and buildings but also positively impact business operations. We will continue to innovate with AI, analytics and mobile solutions to help mitigate risk, reduce costs and ensure compliance. Digital transformation - the movement of critical computing from the data-center to the cloud - is driving rapid changes in business models and network architectures. It also drives changes in how cybercriminals operate, making it easier for them
to harvest data and launch automated attacks at scale. The mismatch between changes in cybercrime sophistication and the relative stagnation in cybersecurity approaches is apparent as organizations continue to suffer data breaches. According to a
survey presented in AT&T Cybersecurity Insights, 88% of respondents had reported at least one type of security incident or breach in the last year. The root cause? Dispersed networks, an explosion of data, disparate technologies, complex security operations present cybercriminals with gaps or “seams” in organizations’ security postures. Fighting cybercrime requires a coordinated
and collaborative approach orchestrating best-of-breed people, process and technology. In response to the disruption to business that COVID-19 caused, many companies had more questions than resolutions. When we spoke with our customers to understand their risks and concerns, we quickly determined that helping customers through this journey should be a holistic, well thought through process. As a result of the urgent need to slow the spread of the virus and keep employees safe with more stringent protocols than ever before, we saw companies and industry groups push products and solutions to do things they weren't originally designed to do in order to meet immediate needs. For example, the temperature screening industry became a multi-billion dollar industry overnight. Most of the marketed solutions are not compliant to the guidelines that are coming from the FDA, CDC, OSHA, IOS & IEC, and that creates additional risk for our customers, both short and long-term. We've also seen guidelines rapidly change and evolve in a matter of weeks. As a result, we came to understand that without a comprehensive approach or plan, our customers would end up spending the majority of their time responding to immediate market drivers, and wouldn't be able to dedicate resources towards building a longer-term plan.
While some of our competitors were rushing to meet the immediate needs, we paused and took a moment to consider the bigger picture. We did a lot of research, met with strategic partners, reviewed control documents, ideated with customers via our Academy innovation forum and grounded all of that in a "jobs-to-be-done" framework. The end result is a comprehensive approach to helping customers mitigate risks during this pandemic, and also helping them to put process and technology in place that will meet their future needs.
Experience continually reinforces the reality that the human element is the weakest link in cybersecurity. This means the most important proactive strategy of all is to train everybody in a corporation - and I mean everybody - in good cybersecurity practices, along with their contractors and vendors. All employees should not only understand what is expected of them regarding company security policy and good online behavior, but also be trained to spot nefarious or suspicious activity and to conduct periodic tests to ensure best practices are followed.
Plan, plan and plan early. If the C-Suite decides to attend a big event overseas at the last minute, have a basic security plan for large events already organized so all you have to do is fill in the blanks. Use the resources that the U.S. government
provides and the resources that professional security firms provide for these types of scenarios. Use your connections that you’ve made through OSAC, DSAC, ISMA, ASIS or LinkedIn to make your job easier. Additionally, we can help plan your company’s events overseas by utilizing G4S’ Corporate Risk Services large-event security expertise and G4S’ deep reach throughout the different regions of the globe (G4S is one of the largest employers
in the world and is represented in around 90 countries). Finally, I also strongly recommend professionals in our industry join the U.S. Department of State’s Overseas Security Advisory Council (OSAC), which can astronomically increase the safety of your personnel, your facilities and help you protect
information. Please check out OSAC.gov or call (571) 345-2223 if you have any questions. Thank you for providing me this opportunity to discuss a topic I enjoy talking about. If you wish to discuss this topic further or if you need assistance in your company’s security program, I can be reached at: peter.ford@usa.g4s.com, or LinkedIn: https://www.linkedin.com/in/ G4S has a long legacy in the security industry that actually stretches back more than 100 years. During that time, the company has evolved with the industry, growing from a guarding company to the diversified and modern operation that it is today. We are security risk advisors, security software developers, installers and technicians, security officers and personnel who serve clients with deep expertise across most vertical markets. The goal and mission of the ROC is to deliver cost-effective, risk mitigation solutions to our clients. What we've done with the ROC is combine our suite of Corporate Risk Services intelligence/travel risk management offerings, security command and control function with our formerly separate remote video monitoring services into a single location. This streamlines our operations and creates more value for our clients. It also puts us into a leading position in the industry because we have paired elite analysts with the latest AI-driven algorithms and technologies. The result is the early detection and timely response to a wide spectrum of threats the two hallmarks of competent risk management. Today's threat landscape is persistent, complex and I would add that it is constantly evolving. We live in an age where we are flooded with information and clarity means power. Getting our customers what they need to know and when is a critical component of the modern global risk management landscape. That's where our AI platform comes into play by allowing us to separate the noise from the clear indications of risk, to get pertinent information and place it into context quickly so the best possible response can be initiated.
One should think about security under the following framework: Continuous authentication: 100% of fraud occurs inside authenticated sessions. This means that the login function is not really relevant anymore because fraudsters have found ways to bypass it, whether it is password, token or even a physical biometrics. - Dynamic authentication: Most methods of authentication are static. Behavior by definition changes over time so one needs to deploy techniques that cannot be copied, stolen or otherwise used in a replay attack. - Go beyond the endpoint. Applications and active sessions are incredibly vulnerable as fraudsters use social engineering scams and even phishing scams (where the legitimate person defrauds themselves under the influence of a fraudster). - Recognize that humans are the weakest link and design systems accordingly. Thirty percent of participants will still open malicious emails within 30 minutes of phishing training. It only takes one person (the weakest link) to bring down an entire enterprise.
There is no silver bullet. A committed attacker will always find a way. Your best defense is a balance of both protection and detection. When bad things do inevitably happen, your detection capabilities will enable you to find the threat quickly and mitigate the damage. Our focus in Cisco Security is to automate as much of this process are possible for organizations so that once a new threat is identified, it is automatically blocked across not only the enterprise, but also the entire Cisco user-base. In doing so, we multiply the collective wisdom of our customers, partners, and our deep bench of talented threat researchers.
There are three key challenges our clients face today. First, cyber threats are ever-changing and becoming more sophisticated by the day. Cyber terrorism and targeted cybercriminal activities are directly impacting both the public and private sectors. They are persistent and yet, based on our research into exploit trends in 2014, attackers continue to leverage well known techniques to compromise systems and networks. Many vulnerabilities exploited in 2014 took advantage of code written many years ago and adversaries continue to leverage classic avenues for attack against client-side and server-side applications. Anti-virus signatures only catch approximately 45 percent of cyber attacks—a truly abysmal rate. In our review of the 2014 threat landscape, we find that enterprises most successful in securing their environment employ complementary protection technologies. These technologies work best when paired with a mindset that assumes a breach will occur instead of only working to prevent intrusions and compromise from the perimeter. So our clients’ security posture must be agile and responsive to better defend against threats —internal and external—in addition to vulnerabilities, in order to mitigate their risk...
Existing cybersecurity architectures are failing due to two macro trend cloud computing and mobility. The endpoint is inadequately secured and the adversary often has a footprint within one’s perimeter defenses. We must pursue a strategy of intrusion suppression wherein we can decrease dwell time and this detect, deceive, divert and hunt and adversary unbeknownst to the adversary. To achieve this an organization must: employ application whitelisting, employ an endpoint protection platform, establish a Hunt Team and roll out deception grids. Employ Deceptiongrids. Many clients are referred to us for immediate support with onsite impromptu compliance audits from their current customers, prospects or industry compliance authority. Several clients are bidding a federal government or international corporate contract and need assistance responding to the RFP. Yet others are facing a stop work order until they can demonstrate a suitable cyber security posture and compliance with specific regulations. We assist our clients at any stage of their operations and their journey begins with relief upon initial engagement with us. Cyber security can keep you up at night. We take time to care. We listen to understand all the requirements, pain points and urgency clients face. Each client is assigned a strategic risk management team consisting of a privacy lawyer, cyber security expert, business analyst and program manager experienced in the client's industry. The core team leads the strategy for compliance and risk management solution. They also engage additional resources as necessary to support success. We help clients win business. A cyber-attack can cost an organization a fortune in fines, reputation and prison time for executives. Without cyber security companies lose revenue opportunities. We support their targeted growth strategy. The investment in cyber security not only meets compliance but yields a return on that investment
| ||
|