My business development team at AMAG Technology is 100% dedicated to the security consultant community and architects and engineers. This community is the backbone of the security industry. They have power, much more than meets the eye, to drive some of the most meaningful work in the security space. The industry works collectively as a wheel that keeps churning with the ultimate goals of saving lives and protecting properties and assets. We have security end users that have a business to run and security plans to operate and execute on. We have technology developers, such as ourselves at AMAG, that provide innovative solutions the end user can rely on to optimize their security programs. And we have the systems integrators who bring the systems to life and maintain their health and long-term functionality. But what sets the wheels in motion is the physical security consultant.
Organizations are in various states of assessing their workforce needs as they start to bring employees back to the office. Every company is looking at the situation through a prism of their own needs. From a security perspective, I tell our clients that they need to have a heightened awareness of the mental state of their staff. The pandemic has increased tensions and stress levels. For example, some employees are stressed about rules around vaccinations and mask-wearing in the office.
If you are in charge of security, it’s now more important than ever that you carefully evaluate your people, process, and technology in this new normal and be prepared for potential disruptions. Some of these situations could escalate into violence. Secondly, we have to consider the security of remote workers. What security risks are in their home? Is there the possibility that your workers are leaving sensitive documents in the open? Are they locking their home office? Do they have a shredder? Are they following good cybersecurity hygiene? Or are they creating a massive vulnerability for someone to access sensitive corporate information?
Global Director of Innovation and Product Development for Security Prosegur Global Risk
Prosegur’s strategy is focused on two important concepts. We must Perform by offering our customers the very best service in our traditional businesses such as guarding. And we must Transform by offering our customers new and innovative security solutions that are unique to Prosegur and the security industry. Our innovation strategy is focused on new product development. When developing new products we analyze their desirability, feasibility, and scalability. But we don’t just concentrate on the traditional security industry. We look to adjacent industries that we know are equally important to our customers, such as business continuity and safety. And our Security Operations Centers (SOCs) around the world are the hub of innovation for our company.
The traditional alarm monitoring market operates under a business model where high margin recurring monthly revenue is used to subsidize initial costs (primarily hardware and installation costs). The traditional model has been very successful in landing (typically for no upfront fee or a small fee up-front fee) and keeping long-term customers for years that pay monthly recurring fees. In the last several years, we have seen a surge in the IoT and Home Automation markets. The problem with IoT and Home Automation, while growing rapidly, is that they have lacked an integrated offering with a compelling service model thus, there has been limited recurring revenue.
We believe IoT and Home Automation providers are beginning to move to an Alarm Monitoring business model (with limited upfront fees but with the customers signing long-term contracts). This shift can be observed with recent companies like Latch Inc (LTCH – Not Rated) and Smart Rent (Not Rated) both offering services to multifamily facilities with high recurring fees (we will discuss Latch in further detail later in this report). We are also observing traditional alarm companies moving further into IoT and Home automation like ADT and Monitronics/Brinks Home Security experiencing solid growth and higher retention through a broader offering to its end user. Finally, we see multinational security companies like Prosegur expanding its offerings from guard/alarms/cash management to video monitoring and home automation to increase RMR or recurring monthly revenues.
AMAG Technology delivers a powerful, unified and open security platform that empowers businesses to effectively secure their facilities, transform their operations and meet compliance. The Symmetry Security Management system encompasses access control, video, identity management, analytics, mobile, intrusion, visitor management, command and control and incident management. Symmetry’s scalable, resilient and integrated security solutions provide operational insights and intelligence to improve business today and tomorrow.
AMAG is known for providing enterprise access control hardware and software. Over the last 5 years we have added a range of supporting products that integrate directly with the access control platform, providing a complete physical security solution, capable of managing all aspects of a well rounded security program.
I have served in healthcare security and police management for more than 30 years. For the past four years, I have served as Vice President of Healthcare for Allied Universal®. Just prior to that, I served as Director of Hospital Police, Security and Transportation at the University of North Carolina in Chapel Hill. I have been privileged to hold the position of Chief of Campus Police and Public Safety with WakeMed Health and Hospitals in Raleigh, North Carolina, and Chief of Police and Public Safety with Eastern Virginia Medical School in Norfolk, Virginia.
Currently, I am a Vice Chair of the ASIS Healthcare Community Steering Committee and the Chair of the ASIS GSX Presentation Selection Committee. Because of these amazing affiliations, I have been fortunate to collaborate with some of the world’s greatest minds in healthcare, security, and policing. I have attempted to share some of those strategies and lessons learned for successfully preventing and mitigating violence in two of my books: “Preventing Violence in the Emergency Department” and “The Active Shooter Response Toolkit for Healthcare Workers.”
A Covid credential presentation would be an excellent use case for what we are doing, whether it is a Covid test result or a Covid vaccination proof. A Service Provider like an airline before boarding, a rental car agency before renting a car, or a hotel before checking in, should be able to check the validity of the presented credential, that it belongs to the person who is showing it, that it is the latest data, that it comes from the actual source, and that the source can actually be trusted -- that it is a genuine facility, and not a fake credential provider. Digital Trust Network’s Digital Identity Interchange is a perfect vehicle to achieve this. Further, the issuing sources will be part of the value chain when the credential is verified. This system protects user privacy, invalidates fraudulent certificates and credentials, and provides the latest information.
Group Vice President Security,
Public Safety, Transportation
& Casino Gaming Reed Exhibitions
There has been positive momentum over the last month which is creating renewed optimism and a clear road map to get back to in person trade shows in Las Vegas by June this year. The COVID case numbers have been decreasing significantly, and US vaccine rollouts have been scaling up rapidly, including all tiers of citizens 18 years+ to be eligible by May 1.
We continued to innovate in 2020 and launched Symmetry Business Intelligence. Our customers had been asking for a way to track behavior abnormalities, and we delivered an analytics solution that helps identify identities that may pose a high risk to an organization. It also tracks facility occupancy and office usage for high-traffic areas, which provides data needed to help meet occupancy guidelines imposed by governing authorities, enforce physical distancing and determine cleaning schedules.
In 2021, we will continue to listen to our customers and develop and enhance our open and diverse product platform. No one in the industry offers such an innovative and comprehensive solution set. It’s important to AMAG to support our customers with solutions that not only protect employees, assets and buildings but also positively impact business operations. We will continue to innovate with AI, analytics and mobile solutions to help mitigate risk, reduce costs and ensure compliance.
When the entire live in-person conference industry came to an immediate halt, my team and I quickly created a series of Cyber Security Briefings to help maintain its goal in educating executives called the “Power Hour”. Similarly to their live events they featured experts from The FBI, The US Secret Service and Dept. of Homeland Security / CISA. Hosted on one of the most secure and trusted virtual platforms, Cisco WebEx; these complimentary, invitation-only webcasts offered senior level business executives information on the latest cyber threats facing their companies as they worked from home during the peak of this pandemic. In addition they provided insight on best practices and technical solutions from top companies such as IBM, Google, Artic Wolf, Proofpoint, Mimecast, Duo Security, Check Point, Darktrace, KnowBe4 and more.
Digital transformation - the movement of critical computing from the data-center to the cloud - is driving rapid changes in business models and network architectures. It also drives changes in how cybercriminals operate, making it easier for them
to harvest data and launch automated attacks at scale. The mismatch between changes in cybercrime sophistication and the relative stagnation in cybersecurity approaches is apparent as organizations continue to suffer data breaches. According to a
survey presented in AT&T Cybersecurity Insights, 88% of respondents had reported at least one type of security incident or breach in the last year.
The root cause? Dispersed networks, an explosion of data, disparate technologies, complex security operations present cybercriminals with gaps or “seams” in organizations’ security postures. Fighting cybercrime requires a coordinated
and collaborative approach orchestrating best-of-breed people, process and technology.
Experience continually reinforces the reality that the human element is the weakest link in cybersecurity. This means the most important proactive strategy of all is to train everybody in a corporation - and I mean everybody - in good cybersecurity practices, along with their contractors and vendors. All employees should not only understand what is expected of them regarding company security policy and good online behavior, but also be trained to spot nefarious or suspicious activity and to conduct periodic tests to ensure best practices are followed.
One should think about security under the following framework:
Continuous authentication: 100% of fraud occurs inside authenticated sessions. This means that the login function is not really relevant anymore because fraudsters have found ways to bypass it, whether it is password, token or even a physical biometrics.
- Dynamic authentication: Most methods of authentication are static. Behavior by definition changes over time so one needs to deploy techniques that cannot be copied, stolen or otherwise used in a replay attack.
- Go beyond the endpoint. Applications and active sessions are incredibly vulnerable as fraudsters use social engineering scams and even phishing scams (where the legitimate person defrauds themselves under the influence of a fraudster).
- Recognize that humans are the weakest link and design systems accordingly. Thirty percent of participants will still open malicious emails within 30 minutes of phishing training. It only takes one person (the weakest link) to bring down an entire enterprise.
There is no silver bullet. A committed attacker will always find a way. Your best defense is a balance of both protection and detection. When bad things do inevitably happen, your detection capabilities will enable you to find the threat quickly and mitigate the damage. Our focus in Cisco Security is to automate as much of this process are possible for organizations so that once a new threat is identified, it is automatically blocked across not only the enterprise, but also the entire Cisco user-base. In doing so, we multiply the collective wisdom of our customers, partners, and our deep bench of talented threat researchers.
There are three key challenges our clients face today. First, cyber threats are ever-changing and becoming more sophisticated by the day. Cyber terrorism and targeted cybercriminal activities are directly impacting both the public and private sectors. They are persistent and yet, based on our research into exploit trends in 2014, attackers continue to leverage well known techniques to compromise systems and networks. Many vulnerabilities exploited in 2014 took advantage of code written many years ago and adversaries continue to leverage classic avenues for attack against client-side and server-side applications. Anti-virus signatures only catch approximately 45 percent of cyber attacks—a truly abysmal rate.
In our review of the 2014 threat landscape, we find that enterprises most successful in securing their environment employ complementary protection technologies. These technologies work best when paired with a mindset that assumes a breach will occur instead of only working to prevent intrusions and compromise from the perimeter. So our clients’ security posture must be agile and responsive to better defend against threats —internal and external—in addition to vulnerabilities, in order to mitigate their risk...
Existing cybersecurity architectures are failing due to two macro trend cloud computing and mobility. The endpoint is inadequately secured and the adversary often has a footprint within one’s perimeter defenses. We must pursue a strategy of intrusion suppression wherein we can decrease dwell time and this detect, deceive, divert and hunt and adversary unbeknownst to the adversary. To achieve this an organization must: employ application whitelisting, employ an endpoint protection platform, establish a Hunt Team and roll out deception grids. Employ Deceptiongrids.
Many clients are referred to us for immediate support with onsite impromptu compliance audits from their current customers, prospects or industry compliance authority. Several clients are bidding a federal government or international corporate contract and need assistance responding to the RFP. Yet others are facing a stop work order until they can demonstrate a suitable cyber security posture and compliance with specific regulations. We assist our clients at any stage of their operations and their journey begins with relief upon initial engagement with us. Cyber security can keep you up at night. We take time to care. We listen to understand all the requirements, pain points and urgency clients face. Each client is assigned a strategic risk management team consisting of a privacy lawyer, cyber security expert, business analyst and program manager experienced in the client's industry.
The core team leads the strategy for compliance and risk management solution. They also engage additional resources as necessary to support success. We help clients win business. A cyber-attack can cost an organization a fortune in fines, reputation and prison time for executives. Without cyber security companies lose revenue opportunities. We support their targeted growth strategy. The investment in cyber security not only meets compliance but yields a return on that investment
IRS Will Soon Require Selfies for Online Access
>More
Cyber world is starting 2022 in crisis mode with the log4j bug
>More
Unpatched HomeKit Vulnerability Exposes Apple iPhones, iPads to DoS Attacks
>More
Stay safe online this year with these cyber security tips
>More
Ape Theft Is an Expensive Way to Learn About Crypto’s Security Philosophy. People are losing their valuable NFTs to scams. Should platforms be held responsible?
>More
Google buys Israeli security startup Siemplify for $500 mln
>More
Predictions: SecurityWeek's 2022 Cybersecurity Outlook
>More
Portugal Media Giant Impresa Crippled by Ransomware Attack
>More