Becoming a Cyber Pro
The SAFEid 9-point Program
Blue Cross. Harvard University. Target. Sony. Hilton. The Army National Guard. Scottrade. T-Mobile. Trump Hotels. Office of Personnel Management. Jeep. Ashley Madison. This is just a partial list of companies and organizations that have been hacked, had their data or personnel information stolen, or been otherwise compromised due to a cyber breach in the past two years. Indeed, the Identity Theft Resource Center (ITRC), a nonprofit organization that provides victim assistance and consumer education, found in its report released last January that the number of U.S. data breaches tracked in 2014 hit a record high of 783, a 27 percent increase over 2013; and current numbers for 2015 show only a 2 percent decline from this time last year (but with several states not yet reporting their numbers).
On an individual level the numbers are even higher. “Depending on who is doing the research, there are anywhere from 12 million to 16 million victims of identity theft annually,” says Eva Velasquez, president and CEO, ITRC. “The scope continues to grow and be a devastating crime for people who have to deal with this.”Blue Cross. Harvard University. Target. Sony. Hilton. The Army National Guard. Scottrade. T-Mobile. Trump Hotels. Office of Personnel Management. Jeep. Ashley Madison. This is just a partial list of companies and organizations that have been hacked, had their data or personnel information stolen, or been otherwise compromised due to a cyber breach in the past two years. Indeed, the Identity Theft Resource Center (ITRC), a non-profit organization that provides victim assistance and consumer education, found in its report released last January that the number of U.S. data breaches tracked in 2014 hit a record high of 783, a 27 percent increase over 2013; and current numbers for 2015 show only a 2 percent decline from this time last year (but with several states not yet reporting their numbers).
You can hardly read the news without seeing a new breach at least weekly. With such a fast-growing threat and need for protection, is this something the physical security industry should be involved with preventing and mitigating? Increasingly, a number of security professionals think so. And the research certainly seems to support a link between the products and services many dealers and integrators are now offering and the risk of cyber breaches that go along with them.
According to the “Cyber Security Insights Report,” released in October by AT&T, there has been a dramatic increase — by 458 percent — in the number of times hackers searched Internet of Things (IoT) connections for vulnerabilities. In fact, a September alert by the FBI cited the IoT specifically as a potential threat source for cyber criminals (see chart, page 60). Among the devices listed by the FBI as vulnerable are automated devices that remotely or automatically adjust lighting or HVAC; security systems; thermostats; wearables; and lighting modules. Sound familiar?
Yet the AT&T study also found that nearly 75 percent of businesses do not involve their full board of directors in cybersecurity oversight and more than half (51 percent) are not re-evaluating their information security as a result of these high-visibility data breaches. While many products and services exist to help both individuals and companies with everything from social media monitoring to breach reporting and many vulnerabilities in between, the nature of the threat and the wall of solutions being thrown at it can be confusing — and costly.
“As we move into the IoT and connected devices I can see where it would be very convenient for small business owners particularly to have one entity offering this at a reasonable amount where it is packaged in,” Velasquez says. “At the very least it would bring awareness to that group; because we need to increase awareness that they need something in place. Many of them don’t. If you ask what their cybersecurity budget is they will either say $0, or quote you their anti-virus software.”
Paul Sargenti, president and CEO of SAFE Security, San Ramon, Calif., featured on this month’s cover and as No. 17 on the SDM 100, began paying close attention to these trends and issues a few years ago. Sargenti wondered what his organization, as a trusted provider of physical security for residential and commercial customers, could possibly do to help his customers.
“We have been providing home and business security for almost 28 years; but today these are really not all the threats our customers are being confronted with,” he says. “There is this other threat — identity theft — that is potentially more troubling than even intrusion or fire. Those you can recover from with insurance. Identity theft is a different profile and is much more difficult to track and provide defense against. It can be very damaging to our customers.”
This is a critical time for cyber security, says Tyler Cohen Wood, cyber security advisor for Inspired eLearning, San Antonio, Texas. She has been working in cyber security for about 16 years, including several years at the Department of Defense and a subsequent move to the Defense Intelligence Agency as a senior intelligence officer. “We are in crisis right now,” she describes. “It is almost as if the cyber domain has become the ‘Wild West’ and we have many new technologies that have come to the market such as connected alarm systems, Fitbit, communications systems in vehicles, HVAC systems, and bring your own device (BYOD) technologies. The more we start to rely on these devices and connect them to our corporate networks and integrate them into our lives, the more potential threat vectors there are for perpetrators to hack those devices.”
At the same time, another recent report, “Enterprise Security Market Forecast 2014 to 2019,” by Technology Business Research Inc., found that total revenue for IT security hardware and software products, as well as managed and hosted security services, totaled nearly $50 billion in 2014 and will grow 18.9 percent annually to more than $118 billion by 2019. The report further found that, as cybercriminals and hackers continue to exploit enterprise user endpoints to infiltrate and navigate consumers’ infrastructures, customers will increase their spending for endpoint-based advanced threat detection and response solutions, growing revenue in that segment to an estimated 23.2 percent CAGR through 2019.
Taken as a whole, all of this research and expert advice point to a business opportunity for companies that are able to provide prevention, monitoring and mitigation services. But are physical security dealers and integrators the right ones to offer that? Increasingly, some influential players are saying “yes” — as long as they can determine which services their customers want, partner with the right cyber expert company and roll it out in a way that makes dollars and sense for both the security company and its customers.
A Logical Opportunity
Bill Bozeman, CPP, president and CEO of PSA Security Network, is one industry leader who feels strongly that cybersecurity is something dealers and integrators can’t afford to ignore. In fact, PSA started a cybersecurity program to provide educational resources to integrators, manufacturers and end users.
“Although security integrators differ in opinion on the impact cyber security will have on their business, one thing is a given: cybersecurity will have an important measurable impact on their businesses and the businesses of their customers,” Bozeman says. “The progressive and forward-thinking integrators will take the cybersecurity bull by the horns and not only protect themselves and their customers, but they will also offer cybersecurity products and services to their end users. Some of the cybersecurity offerings security integrators are capable of deploying provide a higher margin than traditional physical security products, and other offerings provide an RMR stream.”
For example, PSA partner Ross Federgreen, CEO, CSR Professional Services Inc., Jensen Beach, Fla., provides breach reporting and data lifecycle management services to companies large and small, and within the past year-and-a-half reached out to the physical security space as a logical outgrowth of that business.
“We call it our ‘alarm/integrator’ vertical,” Federgreen says. “We took the track from the very beginning that for all our channel partners we wanted a natural trust relationship in security, which is why we have been involved with records information, financial services and now alarm/integrators. They are in that position of trust and this expands their business model.”
Federgreen says the alarm vertical, which currently makes up about 5 percent of his company’s business, is a small but growing one, with many benefits for the dealer or integrator.
“How does this help a security alarm company? We sell that company the breach reporting service on a wholesale basis, they mark it up and resell it to their base of end users and potentially make a lot of money,” he explains. Beyond the money, there is another plus, however, he adds. “Data cycle management is the blood of any company that exists. By offering this, the dealer is now functionally part of the customer’s day-to-day operations and the fabric of their end customer. It creates much higher stickiness and facilitates their recognition by their end user base. It really does change the paradigm for them.”
This philosophy is exactly what Sargenti was going for when he and exclusive cybersecurity partner InfoArmor created SAFEid, an extensive nine-point program that incorporates end-to-end cyber security from prevention to reporting and even insurance — all at no additional cost to the customer, at least for now.
“The interesting thing is that security companies already have a customer base that is mindful of their physical security,” Sargenti says. “That means that peace of mind they get from intrusion, fire and other kinds of physical security can be augmented by the most recent threat. For example, when we surveyed our customer base about how many had some kind of subscription service for identity theft protection, 40 percent responded positively. People who have security systems in place are already security conscious.”
The benefit to the customer of getting their identity theft or other cyber security service through a source such as their physical security dealer or integrator is not only that the source is vetted by a security expert, but also economy of scale, Sargenti explains. “One of our employees had individual coverage through LifeLock for [about] $30 a month. If they wanted to put their wife and kids on, the price would go up to almost $40. Now we are talking about a cost equal to the average monitoring cost across all sectors.” By spreading that cost over a large base (or in SAFE’s case eating the initial cost entirely) the dealer can save the customer money and provide the same or better coverage.
Of course for the dealer/integrator, the benefit is often in the promise of increased RMR. This is something Mike Miller, president, Moon Security Services Inc., Pasco, Wash., is particularly excited about. Moon began offering the CSR breach reporting service just six months ago.
“We are in the baby stages of introducing this to our clients so we can’t provide success rates just yet. But we do think it will be more profitable for us and increase the average RMR per client. If we can add even $3 per account we are generating some pretty good increase for the company.”
Jim Wooster Jr., president, Alarm Financial Services, a Corte Medera, Calif.-based financing company that buys RMR contracts from dealers, was the one that approached Miller with the concept after he in turn was contacted by Federgreen for advice on the security market and whether he thought it made sense.
“[CSR] had identified the security industry vertical as one they thought might be a really good fit for the data breach product,” Wooster recalls. “I confirmed their suspicion that this is a good target because I do think it makes sense. We are already stretching the types of security that alarm companies and systems integrators are involved with. When you have not just physical security but data security and network security, in the customer’s mind it’s all security. Why not have as many different offerings as long as they don’t take an integrator or alarm company out of their core competencies? In this case, the alarm company doesn’t have to do anything. They are reselling the service another provides. They don’t need to become an expert on data breaches. At the same time the alarm company brings to the table a pool of commercial customers, who wouldn’t necessarily go out and procure this kind of service on their own.”
Wooster saw the service as a win-win for all and started rolling it out a little more than a year ago. “I like it because it is security related and a natural add-on to what we are already offering our customers. It is an RMR product, so it fits well with our business model. We are looking at it to add 15 to 20 percent to our commercial RMR monthly. That is what our projections are. Tell me another service where a security company could in fairly short order add 15 percent to their commercial RMR without having to ramp up and develop expertise?”
Drew Smith is the founder and CEO of InfoArmor, the business-to-business solution that is partnering with SAFE in an exclusive agreement. When it came to finding a partner, Smith approached various security companies. InfoArmor had had an initial agreement with another industry leader that saw great success, but due to a change in priorities that company decided not to continue. Smith felt this initial foray proved the potential of the model and resolved to find a different partner.
“We know this works. We have this 360-degree monitoring of a person’s virtual assets. We were looking for a company that was already protecting someone’s physical assets and was committed to making this work.”
He found that in SAFE and Sargenti. “I think we are still a little ahead of the traditional marketing thinking today. But I think as folks see the success of these types of programs and the LifeLocks and others, the market will come around because it fits so well. Five years from now I would be surprised if it wasn’t some kind of industry standard. But we are by no means there yet.”
While SAFE isn’t seeing monetary returns due to their method of bringing the service to market, Sargenti says, “Right now it makes us different and we think it will be a very interesting proposition for folks who want to get into our dealer program. It has already brought new customers. The numbers in our dealer program that want to belong have increased because they want to offer this. And referrals from our existing customer base have almost doubled.”
Dealers outside the SAFE network are also starting to pay attention to this, some still in the thinking stages while others are close to roll out. Others have tried it (unsuccessfully) in the past but are coming back to it now.
Guardian Protection, Warrendale, Pa., for example, had an identity theft for residential customers in 2010 but chose to focus on other challenges in the industry, says Joe Colosimo, president and COO. “However, we are currently researching newer and better identity theft products — it is on our ‘roadmap’ to be able to provide more than just credit monitoring for our customers and to offer a solution that speaks to the entire family [and] addresses the many challenges presented by a household’s overall digital footprint. We are currently researching products that will fulfill these goals.”
Vector Security, also based in Warrendale, Pa., will roll out a comprehensive cyber protection program sometime in first quarter 2016, says Art Miller, vice president of marketing. “I do feel it is a trend. I think that when you look at the consumer today, particularly on the residential and even on the business side, this is a new level of breach. Breaches in the past were all about either theft from a store or home. Now everything is electronic and on the network. There is an awareness happening and this is a natural next step. Obviously some will be ahead of it faster than others, but it is something we are very much focused on and ready to take to market.
“One company looking out for a customer [both physically and cyber] is a real strength. It then becomes that ‘blanket of security.’ That is really our heritage as an industry and this is such a natural progression. There are too many other avenues to be just a physical security provider. As an industry we have to ask what additional value we are driving and providing. The security industry and anything related to it has a great proposition for adding tremendous value. We will provide that extra level of attention and security to this type of product,” Miller describes.
Cyber Service Solutions
From breach reporting and individual identity theft protection, to monitoring the customers’ network security, Dark Web monitoring and complete packages of many of these options and more, there is a whole new world of options out there for services that can be resold.
Many dealers today are reselling services to their customer such as individual protections from companies such as LifeLock, LegalShield and others, which can also be purchased directly from the company.
Breach reporting services such as the one from CSR, are a good place to get your “feet wet” in cyber services, Wooster says. Plus they are being driven by regulation, so there is an immediate need. “There is another piece going on with data breach reporting that is not necessarily there with identity theft,” he says. “Businesses are required by law to report it to the appropriate parties in a required timeframe and in a required manner. They don’t have to sign up with a third party to do it, but they do have to do it.”
Federgreen says it is universal. “Regulations have no caveats based on type or size of business. If you have customers, if you use other vendors or have employees, then you have personally identifiable information on someone, somewhere.” And when a breach occurs, there are 22 federal laws and 48 states that have data protection laws or breach reporting laws. “There are literally 300 entities in the U.S. where you might have to file a report if your data is compromised,” he adds.
Regulations also play into another option some dealers and integrators are beginning to offer: network monitoring. Backed by a Cisco Cloud and Managed Services Express Partner certification, Protection 1, Chicago, has been actively designing, installing and monitoring security-only networks for more than a year now. “We are one of the few national integrators to hold a certificate with Cisco,” says Christopher BenVau, senior vice president of enterprise solutions. Protection 1 offers a managed service offering with a full portfolio of RMR-based services. “We are the security department’s IT department,” BenVau says.
While Protection 1 is doing this in-house, there are also services available that can help with this. SecureXperts Inc., NASA/Kennedy Space Center, Fla., provides third-party validation and verification services to ensure that networks and anything on them are deployed correctly and not vulnerable, says Darnell Washington, president and CEO. With a sharp increase in the number of end users that are mandated to have third-party network verification, services like this are becoming more of a “have to” as opposed to a “nice to have.”
In addition to being sold to both manufacturers and integrators for their own networks, this service can be sold through integrators to test the customer’s site on a quarterly or semi-annual basis, he says. The expertise level is higher with this type of service, but for the right company it can provide high returns. Washington says his company’s business has tripled since 2011. “I think that is a leading indicator,” he says.
Protection 1 reports a whopping 500 percent increase in one year. “This is one part of a big puzzle that now has to be secure,” BenVau says. “Everything you plug into a customer’s network is at risk today, and we as integrators plug more things in than almost any other. 1,200 cameras are 1,200 risks.”
For Sargenti, one or two options didn’t seem like enough. “We started to think about security as a 360-degree defense system,” Sargenti says. “We decided two years ago to embark on this process and studied a number of vendors who provide identity theft protection. We found varying and distinctly different types of approaches and settled on a vendor [InfoArmor] we felt was unique and provided more features and protection than some of the others in the marketplace.”
The resulting plan, SAFEid, was rolled out in March and includes identity monitoring; credit monitoring; Internet surveillance, social media monitoring; password storage; Dark Web monitoring; remediation services, theft insurance; and spam reduction for companies, individuals and families, including college-age kids living in a campus environment (see chart, page 51).
Miller, whose company will roll out their comprehensive solution within the next few months, went through a similar thought process. “We were not interested in something many competitors have in terms of just protecting credit cards or offering something after the fact. That is not really where consumers are concerned. They are worried about what else is out there as they share more, as they are forced to share more, as they are on social media. How can they protect themselves and still benefit from technology?
“We talked to providers that had much more in-depth offerings, including going into the Dark Web and really identifying what assets are being compromised, getting ahead of that, alerting the customer and working to resolve it.”
The Dark Web is especially concerning, Sargenti adds. “Honestly when I first heard about it, I didn’t know what it was. But once I found out what the threat was, we absolutely insisted we needed to develop some kind of monitoring of this area of cyberspace in order to protect our customers. The Dark or Deep Web is where all these transactions go. If your credit information is stolen it is going to go into the Deep Web on auction sites for sale. People don’t even use real money. They buy it with Bitcoins.”
With SAFEid, if a customer registers for that service (all of the options are offered a la carte according to what the customer wants), and their name pops up in the Deep Web, an alert will be sent immediately.
One key difference between SAFEid and the upcoming Vector solution is Vector will start out focusing just on residential. “It will be individual and family,” Miller says. “We will also offer things like sex offender monitoring, change of address monitoring and social network monitoring. There is also a cyber-bullying component.”
For Sargenti, while SAFEid also offers company protection, the cyber-bullying was one area that was key to him as well. “This is a big issue with me, with what is going on with kids in schools,” he says. “Our SocialArmor program monitors Facebook, LinkedIn, Twitter and Instagram and sends alerts for reputation damage, bullying, racist or derogatory comments.”
In fact, when the offering was in Beta testing at his own company, Sargenti got almost immediate feedback. “About two weeks in a female employee came to me and told me how cool it was because it really helped her family. She had a daughter in middle school and received an alert that one of her daughter’s friends had called her a [bad word] on Instagram.” The mom was able to talk to both her daughter and the friend’s parents and resolve the situation.”
This can be a tricky service to offer, Cohen Wood says. “Reputation monitoring is really hard to do. People can bad mouth you and you may not know it is happening because of strict privacy settings. You may not be able to catch all things and even if you do, what do you do about it? How do you resolve that issue?”
The way SAFEid and other similar programs typically do this is to monitor for content, not context, Sargenti explains, which led to a funny story one customer shared with him. “One of our customers is in construction and his teen son works for him. During the summer he and his son were on a job and didn’t have radios so they were communicating through Facebook. The son was trying to pull a wire and having trouble getting a good straight path for it, so he sent a Facebook message to his dad, who responded, ‘drill a hole.’ The dad then got an alert, because the search engine read it as a short version of a curse word. He sent me an email and said ‘This works great!’ Everyone was laughing because the algorithm doesn’t understand context, just the words. But the father was pleased.”
Finding Cyber Partners
Dealers or integrators interested in reselling cyber services from others, which is the most common way to approach this new opportunity, need to do their vetting carefully, say those who have gone or are going through this process.
“I think the most important piece is to make sure whoever you are dealing with is highly ethical and legitimate,” Federgreen says. “There are many companies that offer less than vetted and potentially bogus products and there are also a number of ethical players. The siren song is very real here.”
Not only do you need to make sure you pick the right partner from a business standpoint, but also talk to your existing customer to find out exactly what their needs are, Velasquez advises. “Make sure the solution fits the need,” she says. “Companies already providing physical security should look at their own individual customers on the business and consumer end and then look at who is offering what services. The Better Business Bureau is a good resource. So is Yelp. Other than that all the factors that go into how to vet a vendor should still apply. It needs to be about more than just cost.”
Organizations such as ITRC (www.idtheftcenter.org), the National Cyber Security Alliance (www.staysafeonline.org) and many others can also be a potential resource, she adds.
During their almost two-year process that included a year of refining the offer as well as a beta test, Sargenti did an extensive study of potential vendor partners, while at the same time conducting focus groups with customers to listen to what they had to say. And because the service was going to be kept in the hands of the cyber experts, one key question Sargenti asked was about InfoArmor’s own cyber security policies. “Encryption protocols are constantly moving to make them a bad target for hackers,” Sargenti explains.
While the SAFE/InfoArmor agreement is an exclusive one, both companies say that as soon as this solution is firmly established the next step will be to find a way to offer it to other companies in the industry. “We will probably come out in 2016 with a program that would invite others in the security industry to come to us and we can provide them with a channel to offer this to other customers,” Sargenti says.
“Our goal is to protect as many people as possible,” Smith adds. “When it comes to the monitoring of social media, financial service monitoring and other digital media there are others who can help. There are credit bureaus and many ways to get to partial solutions for protecting virtual assets.”
Even if a program as extensive as SAFEid seems daunting, Wooster says there are many choices that could allow a dealer or integrator to find an entry point. “There are all types of data or cyber security offerings that they might want to look into,” he says. “Obviously any time you are considering potential partners you really need to vet them and find out about their experience. Find other companies that have used them. Personally I think the beauty of something like data breach reporting service is it allows you to step into this easily and put a toe in the water of this side of the arena.”
Vector is not in a position to say at this time who they are partnering with for their upcoming launch, Miller says. However, he too stresses the importance of the vetting process, particularly if you want to go deeper in — literally and figuratively. “Honestly I don’t think we can do this ourselves. I had the privilege of meeting with these companies and others here at Vector. We got a demonstration of what was out there and it is pretty scary. It was explained to me that if you picture an iceberg and look at the tip sticking out of the water, that is the Internet everyone knows. The whole Internet is 10 to 20 times the size of what you see and that is the Dark Web. There are several companies that offer cyber solutions, but a much smaller pocket of these are Dark Web monitoring companies. The ones that dig deep and have the credentials to do that are few and far between.
“I think the first step is to have some conversations with your customers and find out what is worrying them about this,” he advises. “The second is do your research. There are plenty of articles and white papers out there. Really look into and have conversations with companies that offer any of these solutions. Get a full understanding of their full breadth of offerings. How do they monitor? How do they get access to that information and what does their infrastructure look like? You have to make sure you are working with a well-established company that has security precautions in terms of their own security. That is critical.” Lastly, he adds, don’t forget to vet your own company in the process. “You have to want to have it as an offering. You have to believe in it, to be honest. Make sure it is something that is really part of your core. If you look at protecting the individual and are starting to look at security in a different way I would say you probably need to get on board.”
And in the end, that is exactly what Sargenti is hoping for, even if that means more competition. “Our hope isn’t so much to make money off this,” he says. “If I could just break even I will be happy and hopefully make a bit of money on it. This is a very important issue. If you ignore this part of your customer’s security you are not doing the right kind of service to your customer who is at risk here.
“We absolutely want others in the physical security industry to look into this and see if it is something they can offer to their customers. As this threat becomes more confrontational, then consumers are either going to have to go outside of their relationship with their security provider, or, if that provider can offer it to them, it is natural to stay with the provider they are comfortable with and feel safe with.”
Pricing & Rolling out Cyber Services
From complimentary to opt-in/opt-out, there is no standard yet for how dealers and integrators are pricing and offering cyber services. But each has specific methods and reasoning for doing it the way they are.
Paul Sargenti, president and CEO of SAFE Security, says that for now the company will not monetize its SAFEid program, but that will eventually change. “This is costing us a fortune,” he says. “This is an investment in our customer base to help with customer retention as well as an opportunity to develop RMR in the future.
“All our new customers in our dealer program are signed up for the life of their initial contract right now,” he says. “But we want to make sure this is viewed as a value to our customers and we have been pleased with the results so far. We are offering it to our customers to distinguish us in the marketplace, as well as creating a future opportunity to monetize this feature. Even then we think customers will be very pleased with the price point of this program, which will be significantly lower than if they tried to buy these services independently.”
A similar service that will be forthcoming from Vector Security in the coming months will be introduced at a basic low cost/no cost as part of their residential packages, says Art Miller, vice president of marketing. “We will be looking at an embedded program for our existing customers that will be an additional RMR. Then there will be additional add-ons if customers want to layer additional levels. We will sell this offering as a standalone online offering as well.”
Mike Miller, president of Moon Security, admits he had some trepidation when he learned that the breach reporting service model his company began selling about six months ago was recommended as an opt-out rather than opt-in program, meaning that customers are automatically signed up for the additional cost service and have to choose to opt out. His company’s other cyber service from LegalShield, which the company began offering about a year ago, was just the opposite.
His provider CSR assured him they typically get a 10 to 15 percent opt-out rate, or an 85 to 90 percent attach rate with the program. “I figured, ‘Let’s try it,’” Miller recalls. “If they don’t want it we won’t fight on that.”
So far, he says, they are getting similar results to those promised. “We think it is going to work pretty well for us based on what our attach rates have been so far. We are pretty excited, but won’t have the exact numbers for six more months.”
Jim Wooster Jr., president of Alarm Financial Services, has been offering the same service for more than a year now. “I wasn’t wary of the opt-out because we give the customer so much information about the service and plenty of opportunity to decline if they want to. The way we handled it was we had a person dedicated to handling any questions. While they might have been initially a little upset perhaps, once we explained it to them, they were very understanding. Some stayed and some dropped, but if you present it clearly up front and make it easy to opt out, you will remove the element of surprise. That is key.”
Get Educated on Cyber Vulnerabilities & Solutions
Sometimes the best protection against cyber threats doesn’t come from a product or service. “The vast majority of hacks and intrusions are actually socially engineered,” says Rob Martens, futurist and director of connectivity platforms for Allegion, Carmel, Ind. “Very few people try to break encryption. They are getting in through social hacks. The key is what data should people not be sharing? What do they need to tell their customers? That would take care of 99 percent of breach possibilities you have. You have to start with the basics.”
These basics include password management, procedures and education, which can be just as important preventive measures and there are many resources for that education. For example, Tyler Cohen Wood, cyber security advisor, Inspired eLearning, just recently joined the online education resource after years as an expert in cyber threats and security with the Department of Defense and the Defense Intelligence Agency.
“I have done a lot of online training courses, but never necessarily believed that was the best way. When I went through these eLearning courses I actually learned new things. I think this really is the future and the way to protect companies and individuals is to educate companies and individuals. When you are educated about the threat vectors, you have the knowledge and power to protect yourself.” Find out more at www.inspiredelearning.com.
PSA is another key resource that is stepping up to the plate, particularly for security manufacturers and integrators. The organization recently published an article on its website called “6 Things Integrators Should Do NOW to Mitigate Cybersecurity Risk and Liability.” The tips included:
1. Conduct a cybersecurity assessment
and make a plan.
2. Educate your team.
3. Purchase cybersecurity insurance.
4. Update your contracts.
5. Choose cyber hardened products.
6. Educate your customers.
Notice two of the six tips start with the word “educate”? PSA is also dedicated to educating the integrator channel about cybersecurity through training, seminars at PSA Tec and webinars throughout the year. Find out more at http://www.psasecurity.com/education/cybersecurity.
The FBI Finds the Internet of Things Poses a Threat for Cybercrime
FBI-defined IoT devices potentially at risk:
- Automated devices that remotely or automatically adjust lighting or HVAC
- Security systems, such as security alarms or Wi-Fi cameras, including video monitors used in nursery and daycare settings
- Medical devices, such as wireless heart monitors or insulin dispensers
- Wearables, such as fitness devices
- Lighting modules which activate or deactivate lights
- Smart appliances, such as smart refrigerators and TVs
- Office equipment, such as printers
- Entertainment devices to control music or television from a mobile device
- Fuel monitoring systems
Source: The Federal Bureau of Investigation Alert Number I-091015-PSA
The number of U.S. data breaches in 2014, a 27 percent increase over 2013
Source: Identity Theft Resource Center
Total revenue for IT security hardware and software products as well as managed and hosted security services predicted by 2019
Source: The “Enterprise Security Market Forecast 2014 to 2019,” by Technology Business Research Inc.
The increase in the number of times hackers searched Internet of Things
(IoT) connections for vulnerabilities
Source: AT&T Cyber Security Insights Report
Business that are not re-evaluating their information security as a result of high visibility data breaches
Source: AT&T Cyber Security Insights Report
The estimated CAGR through 2019 that customers will increase their spending for endpoint-based advanced threat detection and response solutions
Source: The “Enterprise Security Market Forecast 2014 to 2019,” by Technology Business Research Inc.