Sponsored by:
Presented by:
COMMISSIONAIRES IS YOUR PROVEN PARTNER
PROVIDING HEALTHCARE SECURITY SERVICES ACROSS CANADA
COUNT ON COMMISSIONAIRES
Healthcare facilities across Canada rely on the security expertise of Commissionaires to create safety programs as well as provide guarding and mobile patrol, patient watch, reception, threat risk assessments, and parking services.
Well-trained and dedicated healthcare security professionals understand the unique needs of healthcare facilities. The security guards and management teams are continuously trained and aware of these needs. Through the provision of tailored programs, Commissionaires aims to mitigate your specific security risks and/or concerns. The safety and security of patients, their families and healthcare staff are of paramount importance.
Through mandatory, ongoing training, commissionaires are prepared to respond to various medical emergency situations and alerts as necessary. Each security officer is trained to provide medical personnel with support and assistance to ensure they can do what they do best save lives.
COMMISSIONAIRES PROVIDES THE FOLLOWING SERVICES:
INCLUDING:
// Emergency response
// Patrol officers (mobile patrol)
// Parking enforcement and vehicular traffic management
// Access control
// Security guarding
// Receptionist/visitor screening
// Facility, property and asset protection
Protect your hospital environment. Keep your patients, property, staff and visitors safe with Commissionaires' team of dedicated security professionals.
As Canada’s premier security partner and the only national notfor-profit security provider, Commissionaires works to support healthcare facilities across Canada. This includes (but is not limited to) maintaining public order, site safety and security; providing support and assistance to patients, visitors and staff; responding to emergency codes; and managing parking services.
OUR PEOPLE
Commissionaires are trained to respond and provide support during emergencies—from critical injury support and medical response to conflict resolution and incidents requiring police and fire intervention.
Many commissionaires are veterans of the Canadian Armed Forces and the RCMP. With established leadership, specialized skills and expertise, healthcare clients are certain to receive the highest level of security services from our professionals.
LEARN MORE commissionaires.ca/healthcare
COUNT ON COMMISSIONAIRES
COMMISSIONAIRES IS YOUR PROVEN PARTNER
PROVIDING HEALTHCARE SECURITY SERVICES ACROSS CANADA
Healthcare facilities across Canada rely on the security expertise of Commissionaires to create safety programs as well as provide guarding and mobile patrol, patient watch, reception, threat risk assessments, and parking services.
Well-trained and dedicated healthcare security professionals understand the unique needs of healthcare facilities. The security guards and management teams are continuously trained and aware of these needs. Through the provision of tailored programs, Commissionaires aims to mitigate your specific security risks and/or concerns. The safety and security of patients, their families and healthcare staff are of paramount importance.
Through mandatory, ongoing training, commissionaires are prepared to respond to various medical emergency situations and alerts as necessary. Each security officer is trained to provide medical personnel with support and assistance to ensure they can do what they do best save lives.
COMMISSIONAIRES PROVIDES THE FOLLOWING SERVICES:
INCLUDING:
// Emergency response
// Patrol officers (mobile patrol)
// Parking enforcement and vehicular traffic management
// Access control
// Security guarding
// Receptionist/visitor screening
// Facility, property and asset protection
Protect your hospital environment. Keep your patients, property, staff and visitors safe with Commissionaires' team of dedicated security professionals.
//
Commissionaires offers a complete suite of services including threat-risk assessments, monitoring and response, mobile patrol, guarding and digital fingerprinting.
As Canada’s premier security partner and the only national notfor-profit security provider, Commissionaires works to support healthcare facilities across Canada. This includes (but is not limited to) maintaining public order, site safety and security; providing support and assistance to patients, visitors and staff; responding to emergency codes; and managing parking services.
OUR PEOPLE
Commissionaires are trained to respond and provide support during emergencies—from critical injury support and medical response to conflict resolution and incidents requiring police and fire intervention.
Many commissionaires are veterans of the Canadian Armed Forces and the RCMP. With established leadership, specialized skills and expertise, healthcare clients are certain to receive the highest level of security services from our professionals.
LEARN MORE commissionaires.ca/healthcare
BUILDING THE KNOWLEDGE BASE
Lina
Tsakiris
champions a partnership with academia to develop a better understanding of one of the major risks facing Canadian organizations
By Neil Sutton
The classic model of a successful security department is one that recognizes and anticipates potential threats to an organization and mitigates them in the name of protecting people, property and assets.
But those potential threats can occur both inside and outside of an organization.
Lina Tsakiris is one of the leading experts in a growing field of professional security that recognizes risks can arise from within. But how and why those risks flare up are questions not easily answered.
Tsakiris has spearheaded additional study, working with corporate and academic partners in an effort to create more knowledge and understanding around the phenomenon, particularly its impact on Canadian enterprises.
front line role for a national Canadian contract security firm. At the time, she was earning money towards her postsecondary education — the criminal justice program at Toronto’s Centennial College.
She says she sometimes found herself working in high-risk environments — placed there due to her self-defence training and a background in competitive martial arts (see sidebar).
Upon graduation, Tsakiris attended McGill University in Montreal, majoring in sociology. She had planned to move on to law school, but her education ambitions were cut short due to an unanticipated illness.
2021 SECURITY DIRECTOR OF THE YEAR
When she recovered, she rejoined the workforce — again in contract security but this time in a more senior role.
redefine herself as a security professional and “to really build my brand, step out into the industry and start doing some volunteering.”
For her contributions to the study of insider risk and in recognition of an impressive security career built over decades, Tsakiris was named Security Director of the Year 2021 by Canadian Security’s editorial advisory board.
Tsakiris began her career in a
After a few years in that environment she says she sought “a different kind of challenge” and was intrigued by the prospect of a role in the financial sector. “I found that corporate security offered different attributes I was interested in and opportunities that might be a better fit.”
Tsakiris took the opportunity to
She joined the ASIS International Toronto chapter and earned her Certified Protection Professional (CPP) designation “at the earliest opportunity that I could qualify. Those two things gave me the tools to really compete for a role within the financial services industry.”
Tsakiris joined Royal Bank of Canada’s (RBC) corporate security department in 2005, working with one
Photo: Sandra Strangemore
of her earliest mentors Ric Handren. (Handren is also a Security Director of the Year recipient, recognized in 2009 while he was RBC’s director of protection services. Tsakiris submitted his award nomination.)
“We had an incredible journey as a team. We operated as a close-knit unit,” says Tsakiris. “That was really the first time I was able to see how the security sector worked on a global platform. My role there took me to several different countries. That, for me, was really an education.”
Tsakiris left RBC to join TD Bank in
2011 as senior manager, global physical operations. In 2014, she accepted a role with her current employer, CIBC.
Her initial role with CIBC was rooted in physical security operations, where she was responsible for the creation and management of several global security risk management programs including threat risk assessment, physical security technology, robbery prevention and major event management, such as the 2015 Pan Am Games, for which CIBC was a title sponsor.
Six months into the role, she accepted
a secondment with a Canadian public sector organization for a year, related to risk management and relationship enhancement of private and public sector engagement.
Tsakiris moved into a new position at the bank two years ago as director of strategic security partnerships.
“It’s really about actively engaging with a spectrum of information-sharing communities that are active in the risk mitigation space,” she says, describing a wide group that includes the intelligence community, law enforcement, academia, and professional organizations as well as business partners, such as the other Canadian charter banks and financial institutions globally.
“What we aim to do as a collective is lead and collaborate on key security issues, topical security matters, and develop good guidance practices and exchange that information. The idea is to remain proactive — not wait for a tangible threat event to occur and simply respond to it, but actually have these conversations,” explains Tsakiris. “What I do in my current mandate is connect all these dots.”
Tsakiris underlined one of those connections by championing a partnership with Ottawa’s Carleton University to develop a focused research project on insider risk and insider threats through the Norman Paterson School of International Affairs (NPSIA). The partnership was formed in an effort to provide more research, guidance and understanding of insider risk in all its forms — including physical and cyber risks.
While there is an established body of knowledge on the subject, little of it is focused on Canada. Tsakiris engaged with NPSIA’s graduate students, working with professor Alex Wilner and his Canadian National Security Policy course, to develop a homegrown understanding of insider risk.
This research has examined known instances of insider threat, breaking down factors that contributed to each case, including political, economic, social, technological and environmental variables. The research was undertaken within the context
of the Canadian landscape, and a methodology developed that could help identify insider threats for a decade to come.
In a testimonial that was included in her Security Director of the Year nomination, Wilner describes Tsakiris as “a superbly insightful security practitioner, more than willing to spend the time needed to help academics and students alike wrap their hands around evolving security considerations. Her involvement should be considered a gold standard for private-academic partnerships… the unique opportunities she provided to my students — including invitations to brief high level personnel and managers on their research findings — will help prepare and motivate Canada’s emerging generation to take up the mantle of security preparedness and decision making.”
Tsakiris says the partnership with the Norman Paterson School has been an incredible opportunity to tap into a rich vein of new research on insider risk and work with a talented and inquisitive group of academics.
“The results were exceptionally successful and illuminating. It really captured what we were looking for,” she says.
According to Tsakiris, insider risk is one of the top three security threats faced by Canadian organizations today. She says the number of known insider
threat events has tripled in the last few years, resulting in the creation of more corporate security programs designed to recognize and counter them.
The research indicates that there is no single best method to mitigate insider threats and a comprehensive approach is required, taking numerous factors into account such as employee training, mental health and organizational culture.
“We
available as part of ASIS International’s Global Security Exchange (GSX) conference, held in September.
intend on continuing our journey to bring more of this topical research to light for all organizations.”
There is also a very strong correlation between employee disgruntlement and potential threats, says Tsakiris.
“We find this discovery to be exceptionally helpful because it punctuates the importance of ensuring organizations continue to build a positive and supportive work culture.”
Tsakiris describes the research as “groundbreaking for Canadian organizations … we intend on continuing our journey to bring more of this topical research to light for all organizations.”
Some of the research has already been shared through professional security associations. Tsakiris also recently participated in an insider risk panel discussion that was made
In terms of her future career goals, Tsakiris plans to keep pushing the envelope on security research and continue collaborating with her professional network, including her executive volunteer roles with ASIS International. As the recipient of mentorship early in her career, she has made it a priority to mentor young security professionals as they build their own careers.
“It’s important to pay that forward but also build for tomorrow’s leaders,” she says.
Tsakiris urges young professionals to be mindful of their own well-being as they strive for career development and approach every role, large or small, with integrity.
“What I encourage young professionals to do is really be clear about what matters to them and then find a role that reflects that value system,” she says. “I always say to my mentees, how you do anything is how you do everything. It’s about bringing your worlds together, developing that value system and sticking to it.” | CS
PEDAL POWER
Lina Tsakiris can converse quite happily for hours on a range of topics related to professional security, but she’s equally at home when she’s hiking trails or long-distance cycling.
A natural athlete, Tsakiris joined a Ju-Jitsu club run by a Toronto Police constable at age 15 — her first real experience of security and law enforcement, she says — and trained to a competitive level.
In 2015, Tsakiris participated in a CIBC-sponsored Charity Challenge — a 400 km off-road cycling trek across Tanzania. Their collective efforts (another CIBC team climbed Mt. Kilimanjaro) raised $114,000 for the Canadian Cancer Society.
Tsakiris says she’s looking forward to more adventure travel as soon as pandemic restrictions begin to lift and it’s safe to do so. | CS
Three Ways Banks Can Benefit from AI-Powered IP Cameras
Over the past 15 years, security cameras have evolved from offering basic video motion detection to offering analytics powered by Artificial Intelligence (AI). AI analytics provide greater accuracy than those of the previous generation because machine learning algorithms are applied to the video, allowing the camera to detect specific objects.
So how exactly can AI analytics benefit a bank? Here are a few examples: Loitering detection: Many banks have issues with loitering, particularly in ATM vestibules. With IP cameras with an AI-powered loitering detection analytic, you can be notified when there is suspicious behavior near your bank machines. You can do this by configuring a defined zone around the ATM and a timeframe (the length of time you would consider to be loitering). For example, if your branch closes at 8 p.m., you can have the analytic trigger when a person is near the ATM after 8 p.m. for more than 10 minutes. You’ll be alerted immediately so you can investigate right away.
Learn about suspicious vehicles: When your drive-thru ATM cameras are equipped with an AI-powered stopped vehicle analytic, you can detect when a vehicle has been sitting idle for too long. For example, if you notice a car sitting at the drive-thru ATM for more than 10 minutes, you can be alerted. With a sophisticated video surveillance system, you can get alerts sent to your phone any time of day so you can get a clear shot of the car and its licence plate.
Get alerts for zone breaches and wrong direction: IP cameras with AI analytics can alert you if a person has
entered an area that’s off limits, as well as if someone is moving in the wrong direction – for example, not following the designated flow of foot traffic. The same analytics can be applied outside the branch. For example, you can be notified immediately if a vehicle has entered the drive-thru ATM from the wrong way, or if a person or vehicle has entered a zone that’s normally off limits – for example, near your branch’s back door.
Beyond security analytics, today’s IP cameras offer many other great features that can help banks improve security and investigations. Cameras offering Digital Overlap High Dynamic Range (DOL-HDR), for example, are great for the challenging lighting conditions found in many branches. Banks often have glass windows and glass doors that can make capturing clear surveillance video particularly challenging.
Using a high-resolution (6MP or
camera with DOL-HDR, you’ll be able to pick up a person’s face or a vehicle’s licence plate in great detail, even in dynamic lighting. Sometimes ATM vestibules have very harsh lighting and using a standard security camera can result in a person’s face being blurred when camera exposures are mixed. With DOL-HDR, multiple exposures are blended, so you get the best balance of lighting possible.
A focus on security and compliance is paramount for banks. IP cameras with AI analytics can make this job much easier, reducing both false alarms and the burden on branch staff so you can instead focus on your bank’s business.
AI-powered video surveillance for banks.
Get more from your security solution with March Networks. Our AI-enabled products and video-based business intelligence software integrate with your branches’ ATM/teller data, delivering powerful fraud-fighting capabilities, as well as new insights into your branch operations and customer service.
See why more than 600 banks trust March Networks.
Window on Security
By Kevin Magee
Kevin Magee is the chief security officer at Microsoft Canada (microsoft.ca).
The economics of ransomware
Long gone are the days of the fullstack cybercriminal sole proprietor, or as Hollywood would say the “lone hacker.”
Today, organizations face not just individuals or small, unorganized criminal gangs phishing for random victims and conducting virtual smashand-grabs, but an entire cybercriminal industrial complex buoyed by thriving darknet marketplaces peddling criminal-to-criminal products and services.
Ransomware originally began as a nuisance cybercrime more akin to a virtual pickpocket than the alarming national security threat that it is today. Back then, it was sheer volume, not sophistication, that was the key to success for cybercriminals who sent out thousands upon thousands of generic and low-quality phishing emails hoping to lure a small percentage of us into clicking on a malicious link.
For the few who did click, rogue code would immediately encrypt the files on their computer and lock up their system, accompanied by a splash screen demanding a standard ransom amount. It was essentially a low-margin retail operation with limited ability to scale. And all of this could theoretically be defeated by simple antivirus technologies (assuming they were installed and kept updated) and fundamental se-
curity awareness because the basic economics of ransomware at scale essentially still favoured the defender.
Today, however, the ransomware racket has evolved beyond its consumer-focused roots to become a low-cost, high-margin, immensely scalable and automated cybercriminal business model with very low barriers to entry.
Ransomware gangs now act more like professional intelligence operations than their common criminal predecessors. Once they gain access, rather than immediately mounting an attack, they perform detailed research on their target victims including reviewing financial documents and insurance policies to determine an optimal ransom demand and then use exfiltrated data as extra leverage or for additional extortion opportunities and profits.
While the complexity of ransomware attacks has increased, the associated costs and barriers to entry have actually fallen to next to nothing. Today, an aspiring cyber-criminal mastermind whose lack of
technical skills is holding them back can simply tap into the booming criminal-to-criminal market where the average price of a compromised PC is only $0.13 to $0.89 and passwords are a steal (pardon the pun) at just $0.97 per 1,000 or $450 for a bulk purchase of 400 million, as detailed in our latest Microsoft Digital Defense Report. Ransomware has become so easy and so lucrative that many cybercriminal gangs now operate with budgets similar in size to that of nation states.
So, what is the best way to stop ransomware? Its success is driven by economics that favour the attacker, therefore the best way to stop it is to change the economics.
A great place to start for any organization is by implementing Zero Trust, which is a security strategy that has gained considerable adoption and momentum since the start of the pandemic and can be implemented rapidly and effectively leveraging cloud-based platforms along with proven frameworks and maturity models.
It includes three main principles:
Verify explicitly. Make it harder and more expensive for cybercriminals to get in by always authenticating and authorizing based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.
Use least privileged access. Limit cybercriminal returns by restricting user access with justin-time and just-enough-access. Apply and enforce risk-based adaptive polices and data protection to help secure both data and productivity.
Assume breach. If and when cybercriminals do get in, minimize the damage they can do by segmenting access and verifying end-to-end encryption as well as using analytics to provide better visibility, drive threat detection and improve defences.
Implementing a Zero Trust strategy immediately begins to impact cybercriminals where it hurts the most — their own bottom lines. When augmented by a highly skilled and aptly trained security team as well as a cyber-aware leadership and a cyber-vigilant workforce, a Zero Trust strategy can significantly increase the security posture of an organization. As more and more organizations begin to adopt this model, the pickings become slimmer and slimmer for cybercriminals which in turn begins to change the fundamental economics of cybercrime to favour the defender once again. | CS