cameras can help typical motion monitor safety by detected in dangerous factory. it takes to monitoring by
CYBER SECURITY
A guide to the technologies and trends shaping the market
Security Analytics & Intelligent Alerts Explained
Visual data, video analytics and intelligent alerts can streamline security and improve operational efficiency. There are a variety of powerful tools available on the marketplace, so we have put together a quick and easy guide to help you decide how to run smarter operations.
Object left behind
This feature analyzes images to look for abandoned objects. It is often used to alert staff in public transit terminals, subway trains, outside government buildings, and public areas.
This feature serves a wide variety of other industry-specific applications including runway debris detection at airports and much more. Object left behind alerts are used both for security and safety.
Detection
Using people detection on outdoor cameras can help reduce false alerts when compared to typical motion detection. It can also be used to monitor safety by sending alerts when people are detected in dangerous areas, like heavy machinery at a factory.
This solution can also reduce the time it takes to investigate an event or streamline live monitoring by filtering-off footage without people.
Vehicle Detection
This is commonly used at gates, loading areas, and parking lots. Alerts at gates are usually set every time a vehicle is present. Alerts in parking lots or loading areas are often set on schedules and trigger alerts after typical work hours.
This solution can be used as an early warning to alert staff of suspicious activity.
People
ASIS Ottawa panel tackles technology trends
The Ottawa Chapter of ASIS International recently convened a roundtable discussion to examine a variety of topics stemming from the pandemic, as well as issues that were already on the security industry’s radar such as technology, leadership and convergence.
The panel included Tom Stutler, vicepresident of security operations, Cadillac Fairview; Susan Munn, assistant regional vice-president (ARVP), ASIS Women In Security; and Sherri Ireland, vice-chair, ASIS Toronto chapter. I also participated as a panelist, representing Canadian Security The panel was moderated by Dr. Sue AbuHakima, chair of the Ottawa chapter.
The format of the panel provided each speaker 10 minutes to highlight a topic of interest — the remainder of the hour-long session comprised open discussion.
As the opening speaker, I provided an overview of some of the major trends resulting from, or accelerated by, the pandemic. Most, if not all, of those trends have been covered in Canadian Security and sister publication SP&T News, as well as the half-dozen virtual summits we have hosted as an organization since the pandemic began over a year ago.
having to touch anything along the way.
“People don’t leave home without their phone,” he said. “It makes a lot of sense for the next year or two for all companies to take a hard look at the user experience: the journey of the employee, the journey of the visitor, the journey of the delivery person, and really take it to the next level.”
“Remote management, in some form, is here to stay.”
I broke those down into three major categories: technology (such as touchless access control, temperature sensing equipment, mass notification, video monitoring and smart buildings); rethinking the approach to pandemic planning and plan implementation; and the work trends that have affected security departments such as work-from-home policies.
— Susan Munn,ASIS International
Susan Munn, next to speak, reminded attendees that many of the central tenets of professional security — such as securing facilities and preventing thefts and frauds — have not gone away during the pandemic. However, some modes of leadership have had to adapt to new circumstances. “Remote management, in some form, is here to stay,” said Munn, referring to employee decentralization. “You’re going to really have to work as leaders to stay connected to your organization, where it’s going and what the business is all about.”
addressed one of the major industry talking points of the last several years: the convergence of physical and IT security. “Now, more and more, the physical security team is merged with the IT team and mostly because we’re protecting assets,” she said. “What’s one of the most valuable assets right now? Obviously an organization’s data.”
But as much as these two aspects have become inter-related, they are still individual disciplines with subject matter experts that tend to lean in one direction or the other. A top level security professional may have jurisdiction over both the physical and logical, but within the department there is still room for specialization, said Ireland.
Across the tone of the entire panel discussion was a recognition of the importance of mental health in the workplace.
In his opening remarks, Stutler asked attendees “not to let the lessons of COVID slip, because we’ve got some opportunities here.” Expanding on the topic of touchless access control, he outlined the capabilities of mobile credentials, describing how it’s possible to enter a building and navigate all the way to an office space without
Leadership isn’t only conferred by title or company position, added Munn — it’s an attitude and approach that can be adopted at any level of seniority, from CEO to entry level. “You can always have the opportunity to lead. You have to think with that mindset,” she said.
Ireland, the final speaker of the session,
Stutler commented that the pandemic has brought about an “awakening” in terms of the importance of good mental health practices and the removal of some of the stigma of mental health as a conversation topic.
Munn commented that “we’re finally busting down the mental health barriers in society. There is a lot of underlying stress... I encourage everybody to take care of your health, both emotionally and physically.”
— Neil Sutton
HBC takes top spot in cyber skills competition
Canadian retailer the Hudson’s Bay Company recently took first place in the International Cyber League (ICL), organized by Cyberbit, a cyber skilling platform headquartered in Ra’anana, Israel.
operations centre senior analyst, at Hudson’s Bay Company, in an emailed response. “Cyberbit is an excellent simulation platform that provides hands-on practical experience.”
CALENDAR
July 19-21, 2021
ISC West Las Vegas, Nev. www.iscwest.com
August 16, 2021
17th Annual IAHSS Ontario Chapter Golf Challenge Woodbridge, Ont. www.iahss.org
The Cyberbit platform delivers a “Zero to Hero” skilling, training and assessment solution ondemand. Stephen Burg, director of product marketing at Cyberbit, says ICL was conceived as an idea sometime at the beginning of 2019.
“We had said we wanted to start the Cyber League to find the world’s best cybersecurity team,” said Burg.
Analysts, incident responders, forensic investigators, threat hunters, and other specialized roles can be broadly classified under the category of “blue team.” Their purpose is to defend an organization from cyber-attacks and respond in the least possible time against such attacks. The “red team” consists of penetration testers and vulnerability assessors.
“There are no judges — the judge itself was the platform,” Burg explained. “The top six teams who knew how to communicate with each other, who had to work together without spoken communication but knew exactly what their partners were doing, created a much more time-efficient experience. That’s why these were our top teams — they could work together and they can talk together; they knew each other’s skills.”
Burg said the team from Hudson’s Bay excelled in all of the cyber skilling platforms.
“The Hudson’s Bay Company SOC and incident response team is thrilled and humbled to have recently won the title of Best Cyber Defence Team in the Americas,” said Omer Odabasi, security
Burg was impressed by the quick response the Hudson’s Bay cybersecurity team demonstrated.
“These were people who were able to quickly identify an attack. They knew exactly what steps to take during an investigation,” Burg said. “Even though the steps were different for every scenario, they were able to identify the behaviours to the investigation and mitigate the attack in a very time efficient way, which is exactly what you want from your cyber defence team.”
August 22-26, 2021
BICSI Fall Conference and Exhibition Las Vegas, Nev. www.bicsi.org
September 27-29, 2021 Global Security Exchange Orlando, Fla. www.gsx.org
October 4-6, 2021 ESA Leadership Summit Frisco, Tex. www.esaweb.org
October 7, 2021 Canadian Security Honours Online www.canadiansecuritymag.com
The experience studying and preparing for the stimulated attacks was one that helped the team at Hudson’s Bay to build on their cyber skills and internal communication, according to Odabasi.
“The ICL was a priceless experience for me, especially working with my teammates Erik Mercado and Jorge Lozada,” Odabasi shared. “Live fire exercises are essential to help blue teams prepare for real cyberattacks. We look forward to continuing our hard work, and we thank ICL for recognizing our efforts.”
With over 100 organizations participating in this year’s competition, Burg hopes that next year’s ICL will expand to Europe and Asia, in addition to another competition in the Americas.
“We’re going to bring on more organizations, and we’re going to bring on new content,” Burg said. “Next year it’s going to be all new scenarios and an even bigger competition.”
— Alanna Fairey
October 26-27, 2021 Securing New Ground Online securityindustry.org
November 3-4, 2021 Sector Toronto, Ont. www.sector.ca
November 8-10, 2021 IAHSS Annual Conference and Exhibition Myrtle Beach, S.C. www.iahss.org
November 17-18, 2021 ISC East New York City, N.Y. www.isceast.com
December 1-3, 2021 PM Expo Toronto, Ont. www.pmexpo.com
December 2, 2021 Focus On Healthcare Security Online www.canadiansecuritymag.com
Stephen Burg, Cyberbit
Omer Odabasi, HBC
THE ACCIDENTAL THREAT
Insider risks are sometimes perpetrated innocently by employees, but there are remedies that can limit an organization’s exposure
By Alanna Fairey
While there have been many examples over the years of disgruntled or malicious workers intentionally subverting the confidentiality and integrity of their companies, some employees may be doing harm without even realizing it.
Lina Tsakiris, a security professional who currently works with one of Canada’s major financial institutions, explains that an insider risk — whether malicious or non-malicious — commits an untoward action that could negatively impact the organization from either a financial, reputational or operational impact.
“While it’s typically perpetrated by proprietary employees, contractors, third- and fourth-party suppliers are also considered insiders as well,” Tsakiris says. “When external threat events have internal impact, such as malware, this is also considered an insider risk-related threat.”
Well-known security compromises, such as those carried out by Edward Snowden and Chelsea Manning, have highlighted a much wider issue of insider threats.
“Unfortunately, when a compromise occurs, it could become front page news and it can damage the reputation of the affected organization,” says Victor Munro, security industry expert and PhD student at Carleton University’s Norman Paterson School of International Affairs. “Accidental insider threats are occurring all the time, and these are threats that are coming from well-intentioned, nonmalicious employees.”
It does not take a great deal of sophistication to send an employee a realistic looking email or text, prompting them to provide sensitive information or access to the network.
According to Derek Manky, chief of security insights, global threat alliances, FortiGuard Labs, cybercriminals attempt to trick employees to get access.
“The most common tactic used is
phishing, which are cleverly disguised communications that appear to come from a trusted source asking victims to share information or download a malicious file,” Manky says. “We even see adversaries creating fake social media profiles to befriend victims while posing as a current or former coworker, job recruiter or someone with a shared interest.
“Their goal is to trick the victim into providing sensitive information or downloading malware to their device.”
Employees can also unwittingly become insider risks in a moment of innocent forgetfulness. Tsakiris says that something as simple as an employee not locking a work computer screen when walking away from their desk can also leave them susceptible.
“Having a mindful approach to good security hygiene practices is important to mitigate insider risk,” Tsakiris stresses.
With employees working remotely because of the COVID-19 pandemic, they are more susceptible to becoming
an insider risk, especially if they are working with a personal laptop.
“With so many more people working from home and perhaps unable to quickly check with someone on the veracity of an email or file sent to them, people are more susceptible,” Manky explains. “Our FortiGuard Labs research shows criminals understand this, which is why we’ve seen a surge in these kinds of attacks since the onset of the pandemic.”
Unfortunately, a small error on the part of an employee can have huge consequences for the organization that they work for.
Manky explains that for an employee, unknowingly becoming an insider risk may mean compromised personal data, such as banking information. “For their employers, it can give criminals access to sensitive data or provide the basis for a ransomware attack, leaving the company unable to function the way it needs to until they meet the financial or other demands of attackers,” he says.
Culture of prevention
Increasingly, the accountability is being shifted away from employees and more towards security and IT professionals to adequately equip them to deal with these issues and understand what the implications are. Reviewing the reasons for the shift, there are two issues that stick out in Manky’s mind.
“Ultimately, security professionals are tasked with ensuring adequate levels of security and protection across the organization and of course they have a great deal of responsibility in preventing attacks,” Manky says. “However, we also know that there’s a chronic, global shortage of cybersecurity professionals and Canada is no exception. Security teams often find themselves stretched or under resourced as a result.”
The second issue, according to Manky, is that even the best-trained security professionals cannot overcome outdated technology. “There are risks that come with using aging security solutions or networks that don’t take advantage of the latest technology,
including things like AI to provide automation and real time monitoring that reduces the pressure on IT teams,” he says.
However, Manky says that assigning blame in the workplace is not productive. “It is better to focus on a cohesive strategy to combat social engineering,” he says.
Better together
To prevent incidents of accidental insider risk, an organization must create an environment with a strong foundation in security, according to Tsakiris.
“Accidental insider threats are occurring all the time … from well-intentioned, non-malicious employees.”
— Victor Munro, PhD., Carleton U.
To educate employees on how to better protect their information and avoid becoming an insider risk, Tsakiris stresses the importance of creating a culture of prevention, which she says applies to everything security professionals do.
“It’s a continued philosophy of what we believe as security practitioners,” Tsakiris says. “We leverage our employees to be our ears and eyes as we cannot be everywhere at all times. We use all available conduits to report suspicious activity and behaviour.”
Tsakiris adds that she is seeing more insider risk initiatives in the private sector as a way to formalize a program within the corporate security or IT department.
Continuing the theme of maintaining good security hygiene practices, Manky says that companies should get the basics right and implement or refresh their training.
“It’s critical that people know what they need to do and how to spot fraudulent communications,” Manky stresses. “It doesn’t have to be hard or expensive,” he says, adding that Fortinet offers a free NSE Institute to help educate workers on the threat landscape.
Employers are also encouraged to have their employees take a look at all the devices they use — including those they own and use when working from home — and ensure they are patched and up to date.
“Now is also the perfect time to reinforce basic password best practices too,” Manky says.
“Good security hygiene includes creating a culture of prevention, providing the right level of training and awareness so employees understand what untoward activity may look like in the workplace,” Tsakiris says. “Employers need to help employees by giving them the appropriate reporting conduits to be able to escalate any concerns that they may have.”
With more industry initiatives emerging, such as Insider Threat Awareness Month in September, Munro says that this is a step in the right direction. “These are positive things because they’re heightening the potential seriousness of the issue to corporate culture,” Munro says.
“Whether public or private, insider risk is an issue and, at the very least, we should be talking about it.”
While there has been a call to security and IT professionals to ensure that employees are protecting their information, it is imperative that all levels of an organization are better educated on security measures.
In Manky’s view, senior staff must set an example for their employees.
“Often, IT teams are left to carry the security message alone and there is a risk that the message gets lost amid other day-to-day priorities and the seriousness of the issue is not conveyed,” Manky says.
“Make senior leaders — not just IT — the vocal champions of cybersecurity, reminding employees in clear communications that cyber hygiene is critical to the successful operation of the business and an expected part of everyone’s job description.”
Fortinet Security Fabric
The Industry’s Highest Performing Cybersecurity Platform
As organizations accelerate their digital innovation initiatives, ensuring their security can keep up with today’s complex and fast-evolving threat landscape is critical. What used to be known as the “network perimeter” is now splintered across the infrastructure due to the explosion of network edges, work from anywhere, and multi-cloud models. It’s common for organizations to “bolt on” disparate security tools to protect a function or one segment of the network in isolation. However, this practice makes maintaining organization-wide visibility and consistent policy enforcement next to impossible. As attack sequences get more complex and innovative, organizations struggle to deliver the expected secure high-performing user-to-application connection.
The Fortinet Security Fabric
The Fortinet Security Fabric is the industry’s highest-performing cybersecurity platform, powered by FortiOS, with a rich open ecosystem. It spans the extended digital attack surface and cycle, enabling self-healing security and networking to protect devices, data, and applications.
The Fabric is built on three key attributes:
• Broad – Reduce risk and manage the entire digital attack surface. Our broad portfolio enables coordinated threat detection and policy enforcement across the entire digital attack surface and lifecycle with converged networking and security across edges, clouds, endpoints, and users.
• Integrated – Close the security gaps and reduce complexity. Integrated and unified security, operations, and performance across different technologies, locations, and deployments enables complete visibility. It also tightens security of all form factors including hardware appliances, virtual machines, cloud-delivered, and X-as-a-Service. Fabric-ready Partner products are included in the Fabric ecosystem.
• Automated – Faster time to prevention and efficient operations. A context aware, self-healing network and security posture leverages cloud-scale and advanced AI to automatically deliver near-real-time, user-to-application coordinated protection across the Fabric.
The Key Pillars of the Fortinet Security Fabric
One operating system drives the Fortinet Security Fabric, which supports more deployment models than any other solution. These include physical, virtual, cloud, and X-asa-Service environments. And it encompasses the industry’s broadest ecosystem and product portfolio, spanning endpoints, networks, and clouds.
• Security Driven Networking - Security-Driven Networking enables digital innovation with the convergence of networking and security into a single, integrated system that can expand to any edge. Fortinet was named a Leader in both the November 2020 Gartner Magic Quadrant for Network Firewalls and the September 2020 Gartner Magic Quadrant for WAN Edge Infrastructure. Our FortiGate next-generation firewall is the single product that achieved Leader status in both reports.
• Zero Trust Access - Fortinet Zero Trust Access (ZTA) supports taking a zero-trust approach, verifying who and what is on your network. With the new updates in FortiOS 7.0 every FortiGate customer using the FortiClient Agent can now employ zero trust network access (ZTNA) capabilities right out of the box. Management is simplified by using the same adaptive, application access policy whether users are on or off the network.
• Adaptive Cloud - Consistent, cloud native security with auto-scaling is provided across and within multicloud environments. Adaptive Cloud Security allows for effective usage of resources with auto-scaling, dynamic load-balancing, and application user experience visibility. In addition, our context-aware policy is extended into these environments providing coordinated threat response via integration with FortiGuard AI-powered security services.
To learn more about the Fortinet Security Fabric please visit: https://www.fortinet.com/solutions/enterprise-midsizebusiness/security-fabric
Why financial service organisations may have a false sense of cloud security
Antoine Saikaley, Technical Director, Trend Micro Canada
Most organisations were hit by surprise when the pandemic struck back in early 2020. But the enterprises that adapted best were those already investing in cloud-centric transformation projects. Cloud native applications and infrastructure offer them the opportunity to become more agile, support a mobile workforce and deliver enhanced customer experiences faster. As organizations embrace cloud digital transformation, there is cyber-risk to consider also. As we discovered in a study of IT decision makers across all industries including financial services, there’s a significant disconnect between headline confidence in their security strategy and the day-to-day reality.
The good news is that tools exist today to make cloud security more integrated, easier and a lot more effective than many IT leaders in the financial sector believe. Finding the right security partner now, is more important than ever.
Driving digital growth
Global financial services organisations have been enthusiastic adopters of digital technology during the pandemic. The vast majority claimed that the crisis had considerably (46%) or somewhat (42%) accelerated their cloud migration plans. Most (86%) feel completely or for the most part where they need to be with adoption projects.
The same organisations even believe that migration has in itself focused their minds more on cybersecurity (51%). A majority (58%) also revealed that they’ve implemented information security training policies to mitigate any risk of user error impacting the business. This confidence extends to the security posture. Most said they feel fully (36%) or mostly (55%) in control of securing the remote working environment, and a similar number (87%) were confident about securing the future hybrid workforce. What’s more, over two-thirds feel certain they’re able to get visibility into data flows as business-critical information is sent from corporate systems to remote workers.
The bad news
All of this seems pretty reassuring. But on closer inspection, we began to notice some vulnerabilities which may indicate
more deep-seated challenges. Despite confidence in their security strategy, nearly half (48%) of respondents claimed privacy and security challenges represent a “very significant” or “significant” barrier to cloud adoption. Only 10% felt there was no such roadblock on digital transformation. They singled out setting consistent policies, a lack of integration with on-premises security tech and patching and vulnerability management as the top three operational security headaches in this area.
Also of concern is awareness around the shared responsibility model, which defines how far protection from providers (CSPs) extends and what the customer is responsible for. Almost all (99%) of those we polled said their CSP provides “more than enough” or “sufficient” data protection. Most (90%) were also very or somewhat confident in their understanding of the model itself. Unfortunately, the reality is somewhat different. Responsibility for data security is 100% the customer’s responsibility in IaaS and PaaS environments.
Cloud security that works
We were also concerned to see that a greater number of financial sector IT leaders believe cloud security adoption makes life more complicated and expensive for them than those who do not. Over a quarter (27%) think it can also create more siloes, when in fact the right tools can bring IT security and developer teams closer together, for example.
Fortunately, cloud security has advanced considerably in recent years and today there are Cloud Security Platforms that protect cloud infrastructure, cloud native applications, cloud governance and extended detection and response for existing SOC teams which integrate into the major CSP platforms. That means powerful, streamlined security and compliance with a high degree of automation to simplify protection whilst mitigating risk and taking the heat off stretched IT security teams. The financial services firms quickest to familiarise themselves with this new reality will be those in pole position for secure digital transformation and growth as they exit the pandemic.
CYBERSECURITY CAN BE BEAUTIFUL.
Cyber threats are malicious, dark, and intrusive.
As the world becomes increasingly complex, you need connected solutions and visibility across your entire IT infrastructure.
Trend Micro enables you to protect, detect, and respond to threats faster—so you can be more resilient. Because when you can see the big picture, cybersecurity can be beautiful.
That’s The Art of Cybersecurity. TheArtofCybersecurity.com
by artist Brendan Dawes
