During the pandemic, emergency communication tools are taking on a much larger role
Commissionaires offers a complete suite of services including threat-risk assessments, guarding, mobile patrol, digital fingerprinting and cyber security solutions.
By Neil Sutton
By Alanna Fairey
By Georgios Depastas and Kathy Liu
By Neil Sutton
The pandemic has forced us all to innovate
s I write this, I’m putting the final preparations together for our annual Security • Police • Fire Career Expo, which will be held on March 4, in cooperation with my colleagues, the editors at Blue Line and Firefighting in Canada
Together, our three publications will be co-presenting and hosting the expo, which is designed to offer skills development with established professionals and networking opportunities with companies and organizations looking to hire.
“Maybe the issue isn’t a lack of talent but one of inclusion.”
This year, the event will be virtual. The enormous benefit of this is the ability to remove travel and cost barriers, making the opportunity available to all Canadians interested in career development in each of the three fields.
It has also required us, as the organizers, to rethink our approach and come up with some innovative ways to share content and make connections. Our past four Canadian Security events (health care, cannabis, business recovery and our CS Honours awards) were all virtual as well and I can honestly say I’ve learned a lot through that process. I’m looking forward to the day when in-person events are viable again, but I know we will carry forward many of the lessons learned through these virtual experiences.
Adapting to change is perhaps the unofficial theme of this issue (and arguably the security industry as a whole right now), particularly as it relates to skills development. Feature article “Breaking into Cyber” questions some of the accepted practices around hiring for cybersecurity roles. The cybersecurity talent shortage has been well-documented, but as the authors Georgios Depastas and Kathy Liu discuss, maybe the issue isn’t a lack of talented or qualified people but one of inclusion. Those without the traditional cybersecurity education or background have a lot to contribute to this growing global threat — it’s a matter of challenging some of the assumptions about the most effective ways to address it.
Our cover story on mass notification is a variation on that theme. I think the popular view of mass notification tools is that they are beneficial in terms of reaching people in the event of a crisis. But when that crisis stretches into a year or more, as it has for all of us with the current pandemic, it’s time to rethink that view.
With a significant percentage of the global workforce now operating out of their own homes, effective communication takes on a new urgency. As Claudia Dent of Everbridge points out in the article, the regular office meetings and interactions we all took for granted a year ago just aren’t there any more. In their absence, crisis communications isn’t necessarily about a specific threat, but about checking in with your staff to make sure they’re OK and keeping them tethered to organizational culture. These are crucial lessons that should carry on well beyond the pandemic, regardless of what our work-from-home schedules look like in the future.
Reader Service
Print and digital subscription inquires or changes, please contact
Barb Adelt, Audience Development Manager
Tel: (416) 510-5184
Fax: (416) 510-6875
Email: badelt@annexbusinessmedia.com
Mail: 111 Gordon Baker Rd., Suite 400, Toronto, ON M2H 3R1
Group Publisher Paul Grossinger pgrossinger@annexbusinessmedia.com
Associate Publisher Jason Hill jhill@annexbusinessmedia.com
Editor Neil Sutton nsutton@annexbusinessmedia.com
Associate Editor Alanna Fairey afairey@annexbusinessmedia.com
Media Designer Graham Jeffrey gjeffrey@annexbusinessmedia.com
Account Coordinator Kim Rossiter krossiter@annexbusinessmedia.com
COO Scott Jamieson sjamieson@annexbusinessmedia.com
Editorial and Sales Office 111 Gordon Baker Rd, Suite 400, Toronto, ON M2H 3R1 (416) 442-5600 • Fax (416) 442-2230 Web Site: www.canadiansecuritymag.com
Canadian Security is the key publication for professional security management in Canada, providing balanced editorial on issues relevant to end users across all industry sectors. Editorial content may, at times, be viewed as controversial but at all times serves to inform and educate readers on topics relevant to their individual and collective growth and interests. Canadian Security is published four times per year by Annex Business Media.
Publication Mail Agreement #40065710
Printed in Canada I.S.S.N. 0709-3403
Subscription Rates
1 Year $43.00 + HST;
Annex Privacy Officer Privacy@annexbusinessmedia.com Tel: 800-668-2384
contents of Canadian Security are copyright by ©2021 Annex Publishing & Printing Inc. and may not be reproduced in whole or part without written consent. Annex Business Media disclaims any warranty as to the accuracy, completeness or currency of the contents of this publication and disclaims all liability in respect of the results of any action taken or not taken in reliance
With Mobile Threat Defense from Bell, the only carrier-based mobile security solution in Canada
How Mobile Threat Defense keeps your data safe:
Detects, analyzes and removes threats across your network, apps and devices.
Integrates with existing device management platforms for a seamless experience.
Better enforces corporate security to help keep company and client information safe.
Automates threat defense processes and frees up IT resources.
Why choose Bell for Mobile Threat Defense?
Trusted by over 700 public organizations and over 1,400 financial institutions.
Recognized as an IDC Market Space security services leader 4 years in a row.
Help protect your corporate data and devices.
Visit bell.ca/MTD to learn more.
By Neil Sutton
The ASIS Toronto chapter recently formed a new Diversity, Equality and Inclusiveness (DEI/EDI) committee as a means to build awareness on diversity issues amongst chapter members and the security community the chapter serves.
Launched in December, the committee is made up of eight volunteers: Brian Mitchell (cochair), Vivian Chiu (co-chair), Chelsey Herman (secretary), Matthew Bergeron, Jason Conley, Colin Adeyemi, Jaspreet Sidhu and Nike Coker.
Pride, a DEI advocacy group for 2SLGBTQ law enforcement professionals, and still teaches a DEI course at the Ontario Police College.
Mitchell, who is the manager of campus safety and security at Appleby College in Oakville, Ont., joined ASIS just over a year ago. A former police officer, Mitchell was the president of Serving with
March 4, 2021
Security • Police • Fire Career Expo Online www.emergencyservicesexpo.com
June 22-25, 2021
IACLEA Annual Conference and Exhibition Atlanta, Ga. www.iaclea.org
July 19-21, 2021 ISC West Las Vegas, Nev. www.iscwest.com
October 7, 2021
Canadian Security Honours Online www.canadiansecuritymag.com
November 8-10, 2021
IAHSS Annual Conference and Exhibition Myrtle Beach, S.C. www.iahss.org
November 17-18, 2021 ISC East
New York City, N.Y. www.isceast.com
December 2, 2021
Focus On Healthcare Security Online www.canadiansecuritymag.com
In terms of headline makers in 2020, diversity was second only to the COVID-19 pandemic. While those headlines might be an effective starting point, they are only the beginning of the discussion. “There’s a lack of true focus on EDI, where EDI has become more of a nice-to-have as opposed to a must-have,” says Mitchell. His approach to this new Toronto committee (Mitchell also serves on the ASIS Global ED&I Committee and the ASIS Unconscious Bias Workgroup) is one of education and knowledge building.
According to the Toronto committee’s mission statement: The ASIS DEI committee vision is to create a safe, respectful and an inclusive environment where the diverse members of the ASIS Toronto community are encouraged to
openly share experiences, skills and knowledge. This vision will be realized through a strong focus on education, advocacy and holding our community accountable.
“I’m majorly focused on training. I trained over 6,000 people at the Ontario Police College and I continue to go out there three times a year,” says Mitchell. “Training is key. You can’t have active conversations in the workplace about diversity, equity and inclusion if you don’t have the knowledge, terminology and background to be able to facilitate those conversations.”
Mitchell is a relative newcomer to the ASIS organization — “I’m still learning the ropes at ASIS… Lots of interesting stories,” he says — but he’s keen to see ASIS, at the chapter and international levels, actively engage in an EDI dialogue with education as the driving force.
“We need to build something that will have longevity,” he says, “but at the same time providing folks with knowledge to actually have these conversations.”
TheCanadian Security podcast library includes interviews with a wide variety of security professionals from across Canada.
Over the last year, guests have included Pat Patton, director of security operations at the University of Regina (and a Security Director of the Year winner); Lorne Lipkus, founding partner, Kestenberg Siegal Lipkus LLP; Victoria Pelletier, vicepresident of talent and transformation, IBM; Denis Lachaine, security director, Gordie Howe International Bridge; and Owen Key, director of advisory services and risk consulting, KPMG.
Canadian Security currently produces two ongoing series: Security Women, hosted by Silvia Fraser, director of transformation, workplace strategies, ModernTO (and also a Security Director
of the Year recipient); and Security Leaders, hosted by Canadian Security editor Neil Sutton.
Collectively, these two series have explored topics covering education, cannabis, critical infrastructure, cybersecurity, privacy, training and career mobility, insider threats, anticounterfeiting, and the pandemic — all through the lens of professional security.
Visit www.canadiansecuritymag.com/ podcasts to listen to archived presentations and check back for new episodes scheduled to appear in 2021.
The Ontario government recently announced it is offering an online testing option for those who wish to obtain a security guard or private investigator licence.
In a statement, the government noted that the option will remove the need for applicants to travel to a testing facility during the current COVID-19 pandemic outbreak and into the future.
“Expanding to online testing for security guards and private investigators is another step forward in our government’s work to modernize frontline services and programming for Ontarians,” said Solicitor General Sylvia Jones in the statement.
“Online testing will help expand Ontario’s capacity to train and qualify these critical professionals who are essential to public safety and the wellbeing of communities.”
“Online testing will help expand Ontario’s capacity to train and qualify these critical professionals.”
— Sylvia Jones, Solicitor General
Launched on Jan. 18, applicants who select the online testing option will be able to choose from a range of dates and times. The expectation is that the online service will enable more individuals to be tested and improve overall accessibility. Each online testing session can accommodate eight candidates with one examiner overseeing the process. Up to 12 sessions will be offered daily in both English and French. A pilot project
Areport released in January by Cisco indicates that Canadian businesses spent an average of US$3 million in 2020 on privacy protections, compared to a global average of US$2.3 million.
The results are part of the company’s fourth annual Data Privacy Benchmark Study, which it says, “highlights the enhanced importance of privacy protections during the pandemic, as well as the increasing benefits for businesses that adopt strong privacy measures.”
The pandemic has caused “mass-scale shifts” in the way humans interact and engage with each other, according to the company, which has also resulted in data privacy challenges for organizations, particularly with increased concerns from the public about how their data is used. The Cisco study also reports that 90 per cent of Canadian organizations said their customers will not buy from them if their data is not well protected.
“Privacy has come of age — recognized as a fundamental human right and rising to a mission-critical priority for
for online testing was launched in October 2020 with provider Serco Canada. According to feedback from participants in the pilot, the online option has received strong support.
“The government’s move to enable security recruits to conduct the provincial tests online is a constructive and positive measure for security services in Ontario,” said Tim Saunders, senior vice-president and chief development officer, G4S Secure Solutions (Canada), who was quoted in the Ontario government release.
“This change will allow for more security guards at key locations where they are providing an essential and vital service, especially in these challenging times.”
In-person testing for both guards and private investigators will continue to be offered at Ontario DriveTest locations.
executive management,” said Dave Lewis, advisory chief information security officer, Cisco Canada, in a company statement. “And with the accelerated move to work from anywhere, privacy has taken on greater importance in driving digitization, corporate resiliency, agility and innovation.”
The anonymized global study included responses from 4,400 security and privacy professionals in 25 countries.
Global findings included:
• 90 per cent of organizations are now reporting privacy metrics to their C-suites and boards
• 60 per cent of organizations said they weren’t prepared for the privacy and security requirements involved in the shift to remote work
• 87 per cent of consumers expressed concerns about the privacy protections of the tools they needed to use to work, interact and connect remotely
• 93 per cent of organizations turned to their privacy teams to help navigate these challenges
By Winston Stewart
Frontline excellence is so much more than the security fundamentals
It’s not just about guarding. That’s the point I make to any security professional who aspires to move up the ranks in our industry. While protecting people, property and assets is a central part of what a guard does, it’s the service aspect of our business that differentiates those who excel. It’s the ability to represent and embody a client’s brand, while also ensuring their safety and security, that creates lasting relationships and delivers truly meaningful results.
Anyone can monitor a camera or make sure that a door stays locked. Security professionals who add real value also create a positive customer service experience.
So, what does it take to progress from a rank-and-file guard to a team leader — or even a position with a police service or as a senior corporate security officer? It starts by being part of a strong security company with a good training program. Those programs should be as progressive and organized as they are comprehensive.
Organizations that promote based on tenure alone often miss the mark — merit isn’t usually marked by years of service. Guards who are typically eligible for promotion are those who advance their training and who work to build industry accreditation and experience. It takes serving in various different locations, for different clients and taking the initiative to problem-solve in challenging and potentially stressful situations to gain promotion. Ours is very much an industry where expertise is built by taking a hands-on approach.
But transforming yourself into a leader requires even more. Good supervisors have great communication skills. They can motivate, adapt and defuse contentious situations. They have a knack for managing client relations — be they retail, residential, industrial or commercial customers — and doing what it takes to ensure their complete satisfaction. They also go above and beyond the call of duty. When monitoring or patrolling a building, for example, they do what it takes to understand every aspect of the property, from its mechanical equipment
and various features (and any nuances that could impact operations) to the people who occupy it. That could be as straightforward as understanding how to use entrance turnstiles and smart elevators to knowing emergency evacuation procedures and having the skillset to work with technicians and troubleshoot building issues.
Many of these problem-solving skills are the same as those leveraged by police officers on a daily basis, which explains why many supervisors in our industry eventually decide to take the two-year police foundations course at college to either apply to a police service, or simply use that certification to build a career in the private sector. Either way, having a strong security background, particularly at the management level, sends a clear signal to police recruiters or corporate HR departments that a supervising guard’s interest in the profession is more than fleeting.
The key to sustained success is for guards to work to further their education and experience in the field. That means taking various certificate programs that enhance their appeal to hiring managers. Some of those programs will cover diverse subject matter well beyond the traditional bounds of security.
It’s fair to say that career advancement for security guards is a factor of ambition. Those candidates who have it and are willing to put in the hard work and dedication needed to move up the ladder have a far greater chance of achieving their goals. But it’s also about being strategic in terms of the supplemental education opportunities they pursue and the positions they take to build their resumes. In our industry today, employers are looking for candidates with dynamic expertise who can help them adapt and respond to threats ranging from cybersecurity vulnerabilities to incidents of workplace violence and developing and enforcing workplace health and safety programs (a necessity during the COVID-19 crisis).
Guarding may be at the heart of what many security professionals do, but it’s no longer the limit of what a guard should be prepared to do if they want to advance in their career.
Winston Stewart is the president and CEO of Wincon Security (www.wincon-security.com).
Custom Branded Organizational App
All AppArmor Safety apps are white labelled to the organization. The app will be downloaded 50-100 times more than other apps in market; your sta trust your brand.
In-App Self Assessment Forms
Provide your users with a step by step in-app COVID-19 assessment tool that confirms if they should or shouldn’t return to premises. The user and the organization are provided a record.
Over 50 Additional Features
The AppArmor Safety pla orm has many more powe ul features including unlimited push notifications, Friend Walk, o line-ready emergency plans and much more.
Quick and Easy Implementation
AppArmor will provide you with a dedicated and well experienced team member who will assist in unlimited project management, training, and support inquires.
Privacy is Paramount
We take end user privacy extremely seriously; that’s why all our systems are secure, data is hosted in appropriate jurisdictions and the organization owns all the data.
Seamless Integration with Existing Systems
We're always open to exploring integrations with your existing systems. Whether it’s your active directory, incident reporting, or mass notification system, we’re happy to make it work.
Dec. 31, 2020 was a highly anticipated date.
We were going to put the old, pandemic ridden year behind us and embrace all that 2021 was to bring. And then January happened.
We’re dealing with the aftermath of a massive information security breach and an insurrection at the U.S. Capitol Building — security failures that placed networks, intellectual property, lives and democracy at risk.
Are we still in 2020, the Director’s Cut?
to security. We can’t just assume the controls we selected and installed a while ago are still the best option to reduce risks today. We saw what can happen when we don’t maintain this vigilance. Let’s not forget this lesson as we lean into the new year.
“The goal is not to be alarmist but to be realistic in our assessments.”
There will be significant resources expended on these, and other, incidents. The SolarWinds breach will continue to be diagnosed and more warnings will be issued — on top of what already has been advised by experts across the globe.
The assault on the U.S. Capitol will be dissected as a colossal security and intelligence failure. As I write this article, I’m listening to news outlets update the world on the lack of inter-agency communication and questioning how local law enforcement agencies did not pick up on the chatter broadcast days before Jan. 6.
What these events — and all of 2020 — have emphasized for me is to continually focus on risk, communication and resilience. As security professionals, we need to learn (again) from these events and bring those lessons back to our organizations.
We need to spend more time assessing the controls we have in place to reduce risks. We must start checking these controls on a regular basis to see if they’re working as expected, and still offering the protection against the risks we initially identified. It means more work for security professionals, but this needs to become a part of our overall risk-based approach
Communication needs to be increased between security professionals, law enforcement agencies, and executives within organizations. I’ve taken this task on within my organization. I’m spending more time with external agencies and other security departments across Canada to share information on threats we’re facing and plans we’re putting into place to reduce risk. It’s going to take time, but the value of developing these relationships and creating this information-sharing approach will benefit all of our organizations. This includes the relationships I’m developing with law enforcement in my city and others.
Increasing our communication with executive leadership is another avenue we must all explore. We need to update our executives on the risks we’re discovering if we’re not doing this already. The goal is not to be alarmist but to be realistic in our risk assessments and objective in our presentation of potential likelihoods and impacts. Getting our executives onboard with our risk management program is critical to keeping them, and all our assets, secure.
Finally, I found myself thinking more about resilience for this first part of 2021. Recovering from a breach — whether it’s logical or physical — is something we all hope our organizations can achieve. Hope isn’t a plan, though. This is the time we need to collaborate within our teams, other departments and agencies to walk through our incident response plans and how we’ll recover from an incident. We need to be flexible, agile, open-minded and diligent in our incident planning process.
We survived 2020. We can get through 2021. I promise!
Tim McCreight is the acting chief security officer for The City of Calgary (www.calgary.ca).
Delivering educational programs to the security industry since 1998
Over 280,000 personnel trained
Over 3.1M courses completed
By Tony Dong
A businessfirst mentality helps close the gap between security and the C-suite
There exists a strong trend today where security professionals of all ages, occupations and career stages pursue continued education whether formally through an educational institution, privately through a certification body, or informally via online resources and personal mentorships.
By far, security professionals do an admirable job enhancing their knowledge of the job and industry.
The number of professionals holding an ASIS International APP/ PSP/PCI/CPP designation continues to increase by the day, as does the number of individuals attending security-focused professional graduate degree programs such as the master of science in security risk management offered by the University of Leicester and even the professional doctorate in security risk management offered by the University of Portsmouth.
and economics will serve as a strategic career differentiator for the average security professional and produce satisfactory returns.
“A deeper understanding of finance and economics will significantly enhance your ability as a key decision maker.”
A deeper understanding of finance and economics will significantly enhance your ability as a key decision maker and contributor to the bottom line of the business. The goal of any enterprise is to create and preserve value for its shareholders. Without an understanding of the financial variables that underpin these principles, security concepts are left meaningless, being applied without context or justification in regards to the bottom line.
Without building a financial case for your security proposal, the executive suite will not see you as a business enabler, but rather as a negative outflow of cash with no tangible return realized.
I’m hoping to make a strong case here for pursuing other avenues of education, outside of the topics commonly explored in security — whether they be crime prevention, systems integration, guard management, business continuity or emergency preparedness.
I am of the opinion that a strong knowledge and understanding of finance
For that reason, it is important for security professionals to understand concepts such as the time value of money (how much is my security plan proposal worth today based on the savings it generates in the future?) and the internal rate of return (which can be applied to predict the annual rate of growth in your department based on any number of years and budget investment).
Some security specific financial ratios include:
• Non-billable overtime / billable hours;
• Non-billable hours / billable hours;
• Revenue / # of employed guards.
No. 1 measures your company’s ability to directly reduce NBOT, often the largest impact on margins for contract security (are the operational risks that increase NBOT and decrease our margins being properly managed?). No. 2 measures your company’s ability to be efficient with training requirements (are we using our non-billable hours for training requirements as little as possible?). No. 3 measures your company’s ability to derive maximum value from the current employee pool (how much revenue does the average guard contribute to the organization’s bottom line?).
It is also important for you to understand
financial statements, including the balance sheet, income, cash flow and statement of shareholders’ equity. This narrows the gap between you and the other members of the executive committee, and gives you credibility when discussing enterprise level risks because you can frame them in the context of the enterprise current financial state.
For example, if I notice on the balance sheet that the company has significant amounts of long-term debentures, deferred tax liabilities and bonds becoming due soon, I may hold off on any proposals for capital expenditure in security for the time being.
Finally, an understanding of economic trends such as cycles, leading/ coincident/lagging indication and inflation will help you become a better strategic planner and optimize your long-term decision making.
For example, construction starts are a common leading indicator of economic activity, signalling any residential/ commercial projects that are slated to begin at the start of any quarter.
By observing and tracking this indicator, you can anticipate the amount of business that could be headed your way. If you know a lot of projects are about to be built, you can safely assume that most, if not all of them, will require security services as part of their insurance coverage, creating an opportunity for you to proactively develop your sales strategy and execute it before competitors.
Other lagging indicators, like inflation, will help you calculate the right increase in bill and pay rates to keep your margins healthy and employees happy. For example, if the inflation rate for 2019 in Canada was calculated from the consumer price index (CPI) to be 1.95 per cent, I should attempt to raise my bill and pay rates by at least this amount, if not more.
By doing so, I protect my margins and the purchasing power of my employees’ wages from the effects of inflation, keeping my business profitable and my employees happy.
The security professional of the 2020’s must become a business executive
with a security concentration. Whether that means pursuing an MBA, taking a management role outside security temporarily, or pursuing continued education in the financial sector, the goal is the same: to diversify your skillset and differentiate your value as a key hire, hedge your job security against changing trends in the security industry (automation, IoT, mergers and
acquisitions), or innovate new ways of doing business, selling services and creating products that advance the industry as a whole. The future is yours for the taking — if you take the time to get educated.
Tony Dong is a student in the Masters of Science (M.S.) Enterprise Risk Management (ERM) program at Columbia University.
6,800 kg vehicle brought to sudden halt from 80km/h by one K-12 rated Bollard.
Shallow Foundation: The 275 K12FB bollard only requires a 600mm embedment.
Stand Alone Protection: A single 275 K12/FB bollard is certified to K12 standards.
Versatile: Available in fixed and removable mounts.
Aesthetics: Brushed stainless steel or powder coated in any RAL colour.
Available in Canada from Ontario Bollards.
Contact Ontario Bollards today 1-844-891-8559 www.ontariobollards.com
By Kevin Magee
Connected cars are not new, but the implications of their continued development pose many security questions
To my generation, especially for those of us who grew up in isolated and small communities, being able to drive a car meant boundless mobility and freedom limited only by how much gas money was available.
To my parent’s generation, their “first car I ever owned” story is the stuff of legend. They still enjoy attending car shows, wandering nostalgically among the classics, viewing them as works of art. For younger drivers, technological conveniences are often more important than horsepower, and choosing fuel efficient or electric vehicles can be a personal priority. Regardless of what generation you may belong to, it’s safe to say that we have a relationship with our cars unlike that of any other device or technology.
But with all the advances from the Model T to the current line-up of hybrid vehicles available today, fundamentally little has changed about what makes a car a car. Even with features such as power steering, cruise control, heated seats and delayed wipers, a car is still fundamentally a car, right? Well, perhaps not for much longer. Today, the advent of autonomous and connected vehicles is changing both our perception as well as the physical and practical nature of what a car is. What is also fundamentally changing is how we assess the risks associated with this new and rapidly evolving mobile-computing
platform to best inform our approach and ability to properly secure it.
Similarly, different concepts of vehicle ownership, such as leasing and the introduction of ride-sharing services, are affecting our buying habits. Proprietary control systems and mandatory software updates are altering the nature of what vehicle ownership might mean as well. These changes introduce new security, compliance and privacy challenges and in some cases ethical questions that are entirely unique.
As security professionals, we have therefore come to an interesting crossroads where we have the opportunity to introduce physical and cybersecurity by design into the evolution of vehicles, as well as the automotive industry, at a critical point in time. The consequences of remaining idle are sure to result in decades of retrofitting and reactive response.
But where do we begin? The answer is likely that we need to start challenging our premises by asking the right questions such as, “What are the risks associated with the evolution of autonomous and connected vehicles,” and “How do we secure a car?”
Is a car simply another mobile endpoint, a single enclosed hardware platform running software, much like a laptop but on wheels? Or is it a rolling data centre with multiple segmented networks? Are autonomous
vehicles controlled by AI evolving to the point where the car itself can be held accountable for its actions? If so, should a car also be bestowed with independent legal rights?
How will vehicles significantly increase and introduce new potential attack surfaces as they are connected to critical infrastructure such as sensors embedded in streetlights and other cars on the road via mesh networks to enable safer and autonomous driving?
What vulnerabilities and opportunities for cybercrime will we introduce by integrating with financial systems to allow vehicles themselves to seamlessly pay for tolls, parking and perhaps drive-thru transactions?
What additional opportunities for ransomware emerge when physical theft of a vehicle is no longer necessary if cybercriminals can potentially disable your car right in your own driveway and then ransom the return of its use?
How could this threat extend beyond consumer targets to corporate fleets of vehicles, public transportation, ambulances, fire and police vehicles? Or could autonomous vehicles potentially be used to create physical Denial of Service attacks with hijacked or bricked vehicles creating intentional traffic jams or mass accidents?
There are also many concerns related to vehicle ownership emerging. Most smartphones are replaced within a year or so and most personal or work computers within a three to five year time span. Will drivers who like to keep their cars for longer periods of time be allowed to license and operate an “out of support” vehicle and if so, will there be legal restrictions or personal insurance penalties associated? Additionally, what will the future of independent mechanics be and our right to choose who services our vehicles? Will cars become closed and proprietary systems
in which opening the hood will void the warranty? Will we retain the “right to repair” our own vehicles and what will be the legal view of “jail breaking” our cars to make modifications, or install non-authorized and custom third-party applications or parts?
While the road ahead for automotive cybersecurity contains many obstacles and challenges, it also presents an extraordinary opportunity for security professionals to provide early influence as to where we are headed.
Unlike the internet, the mobile phone or other paradigm shifting technologies, we have the opportunity to not just come along for the ride but perhaps in many cases, to have our turn in the driver’s seat as well.
Kevin Magee is the chief security and compliance officer for Microsoft Canada (aka.ms/CISOCentral) and a board member of the Automotive Parts Manufacturers’ Association.
www.saltosystems.ca/
Mass notification technology has played an increasing role for workplaces fractured by the pandemic
By Neil Sutton
Mass notification tools have played an important role during the ongoing COVID-19 saga, from the initial shock of a pandemic declaration to the implementation of work-from-home policies, still in place almost a year later.
Traditionally seen as an emergency management alerting system, the use of the technology has changed as different stages of the pandemic rolled out over time.
The tone of the pandemic has been that of a sustained state of emergency over many months, but the first few weeks were a
total unknown to most people as they grappled with a scenario they may have only read about or seen in movies.
“In the beginning, the whole idea of mass notification for COVID was around informing the community on a regular basis. People were scared. It was all new,” says Claudia Dent, senior vice-president of product marketing at Burlington, Mass.-based Everbridge.
“The cadence was incredibly rich in the beginning. There were some public organizations that were communicating twice a day with regular reminders on ‘wash your hands,’ etc. Then it evolved a little bit more.”
Organizations began to use their emergency communications platforms more frequently as means to stay in touch with a dispersed and frequently isolated employee population, says Dent. In the absence of office culture and regular gatherings, employees can lose touch.
“We saw messaging traffic during the last year balloon,” she says. “It wasn’t because of an emergency evacuation or fire or
We power the mission of hospitals to deliver superior patient experiences with safe, efficient and optimized environments.
To find out more today please contact Danny Zavaglia: Danny.Zavaglia@jci.com or 416.629.3508
a blizzard coming… [those are] moments in time, so to speak. This was an ongoing set of communications across both public and corporate [networks] to really keep everybody engaged.”
A message sent over a mass notification system may have more resonance than those sent over email or text, which are easier to set aside or ignore, argues Caroline Kilday, director of marketing at Alertus Technologies, based in Beltsville, Md.
She says the most common users of mass notification systems have traditionally been large institutions like higher education, health care and enterprises, but the pandemic has certainly widened the appeal of the technology. Adoption rates were already climbing “but I feel like the pandemic has expedited that even more so,” she says. “It’s not just for emergency alerts but for organizational communications.”
In many cases, organizations might be dealing with split populations with some, or most, employees working from home while essential workers are on site, necessitating a multi-pronged approach to communications. Kilday advises
With the pandemic about to enter its second year, crisis consultant Suzanne Bernier urges organizations to offer steadfast support to their employees.
Compliance that was the norm in the early months of the pandemic may be waning due to apathy (or “COVID fatigue”) and the hope on the horizon that a vaccine will readily available. But this is exactly the time when vigilance and awareness is needed most, says Bernier, president of SB Crisis Consulting.
The pandemic plans that were formed in the early 2000s didn’t account for these kinds of variables, she says. We may be in the midst of a second wave of the virus right now, but we will likely see a third, according to Bernier.
“There’s still going to be some challenges and we’re still going to have to mask up,” she says. “We need to keep driving the message that they need to wear their masks, they need to wash their hands with soap and water.”
What is also required is a plan to provide mental health resources for employees, she adds, “and steering them to the right places to get that support.”
If the pandemic has taught organizations anything, it’s that they need to be prepared for the next emergency and have an effective communication plan in place.
“The pandemic itself is something that we’re going to get over with several vaccines coming,” says Bernier. “But that doesn’t mean we’re not going to get another pandemic or some kind of epidemic or something else that’s of concern within the next few years. Hopefully not, but we need to stay vigilant about it.”
users to make use of different templates or colours to ensure that messaging is understood and there is a clear delineation between an organizational message and an emergency one.
One aspect of the pandemic where mass notification has really come into its own is health assessments.
Dent says that Everbridge introduced packages enabling customers to send out daily wellness checks to their employees who were still coming into work. Depending on the system configuration, employees could respond to questions via a system of checkmarks or in other cases generate a QR code which would then be used via a mobile device to gain entry into a building for the day. The system can also be tied into capacity counting to determine on-site occupancy. “That’s been leveraged very heavily across all our corporate customers,” says Dent.
Building capacity tolerances could change due to updates in local COVID-19 restrictions, and the system has to flex accordingly. “But we could manage all that over time,” she says.
Pandemic policies can also vary quite widely jurisdiction to jurisdiction and nation to nation. Likewise, privacy regulations are also going to differ based on location, which will affect how personal health information is gathered and processed. Users are able to send different messages to different areas of the globe so they can be in compliance with local regulations, says Dent. “The people in France get one message, the people in Toronto get another, the people in London get another — but they were all wellness checks.”
Ottawa-based Genasys Communications Canada (which was Amika Mobile prior to its acquisition by Genasys last October) is currently working with the Canadian federal government to help test new capabilities to enforce its quarantine rules.
Utilizing its Situation Commander and Mapper products, the emergency communication and notification company is helping the government keep track of COVID-19 cases and anyone they may have come into contact with. The software manages this data privately and securely, says Dr. Sue AbuHakima, who is the company’s vice-president of operations and business development and also chairperson of ASIS International’s Ottawa chapter.
During the pandemic, “I think the most critical use of our product has been around all the COVID-19 messaging and the government agency alerts,” says Abu-Hakima, who adds that she has also seen an increased overall demand for mass notification solutions over the past year.
“The enterprise is still issuing messages to their employees, even though they’re remote,” she says. “[They’re] trying to keep their hand on their pulse, to make sure they’re healthy and safe.”
But while the mass exodus from workplaces has reduced the likelihood of some types of emergencies, it hasn’t negated them all. There are now more lone workers in facilities that were previously full of people, argues Abu-Hakima. “They may be more at risk [so] you’re still having to maintain an eye on that,” she says.
The pandemic may be an ever-present and persistent
situation, other but emergencies can still arise. Civil unrest and riots, particularly in the U.S., are examples where mass messaging has been deployed “to keep people safe and let them know what’s going on and enforce lockdowns and curfews. There have been other factors, I think, that have continued in the world that have still required that the technology be leveraged to some extent,” says Abu-Hakima.
Mass notification has come a long way in recent years, says Abu-Hakima. Part of a larger trend where there is an increasing degree of convergence between physical and logical security systems, mass notification can be integrated with access control, gunshot detection, panic buttons, intrusion detection and other security tools, she says. There is also increased interest in tying more alerting systems into border crossings, adds Abu-Hakima, since international travel has come under heavy scrutiny as a key variable in the spread and containment of COVID-19.
it seems unlikely to disappear after the virus has been squashed. Assuming that the work-from-home trend persists well into the future, mass notification can continue to serve as a lifeline to keep staff engaged.
“We saw messaging traffic during the last year balloon.”
— Claudia Dent, Everbridge
Companies may also be more likely to hire staff who live in other cities or provinces. “Now that everyone’s remote, you can also leave a company and go to a new company more easily,” says Dent. “We’ve hired people at Everbridge without them even coming to an office… and I know this is happening all throughout the industry. Our customers are doing the same thing.”
The notion of “duty of care” is also changing in response to these shifts in organizational structure, adds Dent. Employees could be working in a facility, travelling overseas or simply be at home most of the time. Mass notification tools offer a “continuum of communication,” she says, covering a diversity of locations as well as situations that could range from employee outreach and check-ins to natural disasters to cybersecurity alerts.
While the pandemic can’t last forever, it’s impact on work habits and lifestyle is likely to be felt for years to come.
Remote work may be an essential precaution right now but
“I think there was a bit of a narrower view of what a mass notification system could do for an organization,” adds Kilday. “The pandemic has broadened that scope.”
Count on the experts at GardaWorld to secure every step of the vaccine supply chain, from the warehouse to the vaccine clinic or healthcare facility.
• Access control, video surveillance and loss prevention services
• Security escort during vaccine transportation
• Proactive security guards trained in health and safety regulations, crisis management, and more
• Continuous monitoring from GardaWorld’s Emergency Operations Control Centres
To learn more about our services or receive a free quote: garda.com/healthcare
Insider risks are sometimes perpetrated innocently by employees, but there are remedies that can limit an organization’s exposure
By Alanna Fairey
While there have been many examples over the years of disgruntled or malicious workers intentionally subverting the confidentiality and integrity of their companies, some employees may be doing harm without even realizing it.
Lina Tsakiris, a security professional who currently works with one of Canada’s major financial institutions,
explains that an insider risk — whether malicious or non-malicious — commits an untoward action that could negatively impact the organization from either a financial, reputational or operational impact.
“While it’s typically perpetrated by proprietary employees, contractors, third- and fourth-party suppliers are also considered insiders as well,” Tsakiris says. “When external threat events have internal impact, such as malware, this is also considered an
insider risk-related threat.”
Well-known security compromises, such as those carried out by Edward Snowden and Chelsea Manning, have highlighted a much wider issue of insider threats.
“Unfortunately, when a compromise occurs, it could become front page news and it can damage the reputation of the affected organization,” says Victor Munro, security industry expert and PhD student at Carleton University’s Norman Paterson School of International Affairs. “Accidental insider threats are occurring all the time, and these are threats that are coming from well-intentioned, nonmalicious employees.”
It does not take a great deal of sophistication to send an employee
a realistic looking email or text, prompting them to provide sensitive information or access to the network.
According to Derek Manky, chief of security insights, global threat alliances, FortiGuard Labs, cybercriminals attempt to trick employees to get access.
“The most common tactic used is phishing, which are cleverly disguised communications that appear to come from a trusted source asking victims to share information or download a malicious file,” Manky says. “We even see adversaries creating fake social media profiles to befriend victims while posing as a current or former coworker, job recruiter or someone with a shared interest.
“Their goal is to trick the victim into providing sensitive information or downloading malware to their device.”
Employees can also unwittingly become insider risks in a moment of innocent forgetfulness. Tsakiris
says that something as simple as an employee not locking a work computer screen when walking away from their desk can also leave them susceptible.
“Having a mindful approach to good security hygiene practices is important to mitigate insider risk,” Tsakiris stresses.
With employees working remotely because of the COVID-19 pandemic, they are more susceptible to becoming an insider risk, especially if they are working with a personal laptop.
Manky explains. “Our FortiGuard Labs research shows criminals understand this, which is why we’ve seen a surge in these kinds of attacks since the onset of the pandemic.”
“Accidental insider threats are occurring all the time … from well-intentioned, non-malicious employees.”
— Victor Munro, PhD., Carleton U.
“With so many more people working from home and perhaps unable to quickly check with someone on the veracity of an email or file sent to them, people are more susceptible,”
Unfortunately, a small error on the part of an employee can have huge consequences for the organization that they work for.
Manky explains that for an employee, unknowingly becoming an insider risk may mean compromised personal data, such as banking information. “For their employers, it can give criminals access to sensitive data or provide the basis for a ransomware attack, leaving the company unable to function the way it needs to until they meet the financial
or other demands of attackers,” Manky says.
Increasingly, the accountability is being shifted away from employees and more towards security and IT professionals to adequately equip them to deal with these issues and understand what the implications are.
Reviewing the reasons for the shift, there are two issues that stick out in Manky’s mind.
“Ultimately, security professionals are tasked with ensuring adequate levels of security and protection across the organization and of course they have a great deal of responsibility in preventing attacks,” Manky says. “However, we also know that there’s a chronic, global shortage of cybersecurity professionals and Canada is no exception. Security teams often find themselves stretched or under resourced as a result.”
The second issue, according to Manky, is that even the best-trained security professionals cannot overcome outdated technology. “There are risks that come with using aging security solutions or networks that don’t take advantage of the latest technology, including things like AI to provide automation and real time monitoring that reduces the pressure on IT teams,” he says.
However, Manky says that assigning blame in the workplace is not productive. “It is better to focus on a cohesive strategy to combat social engineering,” he says.
To educate employees on how to better protect their information and avoid
becoming an insider risk, Tsakiris stresses the importance of creating a culture of prevention, which she says applies to everything security professionals do.
“It’s a continued philosophy of what we believe as security practitioners,” Tsakiris says. “We leverage our employees to be our ears and eyes as we cannot be everywhere at all times. We use all available conduits to report suspicious activity and behaviour.”
Tsakiris adds that she is seeing more insider risk initiatives in the private sector as a way to formalize a program within the corporate security or IT department.
too,” Manky says.
Ultimately, to prevent further incidents of accidental insider risks, an organization must create an environment with a strong foundation in security, according to Tsakiris.
“It’s critical that people know what they need to do and how to spot fraudulent communications.”
— Derek Manky, FortiGuard Labs
Continuing the theme of maintaining good security hygiene practices, Manky says that companies should get the basics right and implement or refresh their training.
“It’s critical that people know what they need to do and how to spot fraudulent communications,” Manky stresses. “It doesn’t have to be hard or expensive,” he says, adding that Fortinet offers a free NSE Institute to help educate workers on the threat landscape.
Employers are also encouraged to have their employees take a look at all the devices they use — including those they own and use when working from home — and ensure they are patched and up to date.
“Now is also the perfect time to reinforce basic password best practices
“Good security hygiene includes creating a culture of prevention, providing the right level of training and awareness so employees understand what untoward activity may look like in the in the workplace,” Tsakiris says.
“Employers need to help employees by giving them the appropriate reporting conduits to be able to escalate any concerns that they may have.”
With more industry initiatives emerging, such as Insider Threat Awareness Month in September, Munro says that this is a step in the right direction. “These are positive things because they’re heightening the potential seriousness of the issue to corporate culture,” Munro says.
“Whether public or private, insider risk is an issue and, at the very least, we should be talking about it.”
While there has been a call to security and IT professionals to ensure that employees are protecting their information, it is imperative that all levels of an organization are better educated on security measures.
In Manky’s view, senior staff must set an example for their employees.
“Often, IT teams are left to carry the security message alone and there is a risk that the message gets lost amid other dayto-day priorities and the seriousness of the issue is not conveyed,” Manky says.
“Make senior leaders — not just IT — the vocal champions of cybersecurity, reminding employees in clear communications that cyber hygiene is critical to the successful operation of the business and an expected part of everyone’s job description.”
teamsoftware.com/canadiansecurity
A Montreal-based project takes an inclusive approach to new talent, exploring the value of non-technical backgrounds for future cybersecurity professionals
By Georgios Depastas and Kathy Liu
In Canada, cybersecurity is positioned to be the fastest adopted technology, and top five emerging job.1
Yet we have all seen the numbers: an approximate 3.5 million global cyber talent shortage.2 But, is this gap really about a shortage of sufficiently skilled people, or are we not tapping into the right talent and investing in upskilling?
There is a perception that cybersecurity is arduous to
break into for the non-technically initiated. The equivalence between cyber and IT is reinforced by pop culture, and even self-inflicted. The accepted dogma is that one has to enter cybersecurity job-ready, with the alphabet-soup of certifications indexed in most job posts.
In reality, job posts often profile a non-existent candidate. By 2022, core skills required to perform most roles will, on average, change by 42 per cent.3 We must therefore recognize the potential of transferable skills from non-technical disciplines, and fortify cross-training and upskilling.
In this article, we showcase our Montreal-based award-winning project that is combating these perceptions, and the real-life journeys of six political sciences graduates thriving in cyber roles.
Cybersecurity is a career that offers job security (no pun intended), but is also incredibly meaningful. It is as much about the people and processes interacting in the ecosystem as it is about the technology. Cyber roles are also astonishingly diverse;
as you will see, our political science graduates work across a mosaic of jobs. So how do we communicate this face of cybersecurity to the general public?
Our Inclusive Cyber project started as a gritty grassroots effort with an audacious ambition for systems change. The project is underpinned by the singular belief that we can no longer limit our cyber recruitment to individuals with technical backgrounds, because in doing so, we leave behind talent that are traditionally underrepresented in IT, namely women and immigrants.
The project’s secret sauce, our transferable skills mapping, charts skills from 15+ education disciplines (e.g., finance, English) to best-fit cybersecurity roles, benchmarked to the internationally-recognized NIST industry framework. These mappings empower non-IT and marginalized talent’s transition to cybersecurity, through igniting confidence in the value of their existing skills. Our project was recently selected as one of Canada’s Top 100
Recovery Projects by Future of Good.
We are trailblazing the project through the Global Shapers Montreal Hub, which is part of the Global Shapers Community, an initiative of the World Economic Forum. We are a global network of 10,000+ young leaders driving change in more than 200 countries.
“Cybersecurity is as much about the people and processes interacting in the ecosystem as it is about the technology.”
Our grassroots approach leverages local knowledge and networks to reach students within universities, cyber recruiters, cyber curriculum instructional designers and community organizers. We have impacted over 600 community members and students through our #CYBERWOMEN International Women’s Day panel, workshops at McGill University and the University of Toronto, and collaborations with The Refugee Centre.
Going forward, we look to automate our skills mappings with the use of Artificial Intelligence, by tapping into career-related data. We envision this toolkit to empower hiring managers and recruiters to identify cyber roles’ essential skills, beyond the technical. Additionally, we expect it to continue to offer key insights to non-technical graduates and
university career services, in determining the best-fit cyber roles for one’s transferable skills. However important this framework approach is, we know change and passion are often kindled by real-life stories.
Case study: political science graduates
We spoke to six political science graduates about their journeys to cybersecurity and the roadblocks along the way.
These journeys parallel patterns we gleaned from other nontechnical graduates. Their first brushes with cybersecurity began in distinct and often inadvertent ways, underscoring that there is no guaranteed path to discover cybersecurity.
Rachel Babins, a cyber threat intelligence (CTI) analyst at a financial institution first learned about cybersecurity through lectures on counter-terrorism. James Tay, a senior threat researcher at HYAS, satisfied a childhood curiosity on global information flows through lectures at The Citizen Lab. For Farah Ng, a cyber awareness manager at a financial institution, and co-author Kathy Liu, a cyber consultant, external data breaches first spotlighted cybersecurity attacks. A chat with a political science graduate in cybersecurity illuminated the possibility of a cyber career pivot for Josh Darby MacLellan, senior CTI analyst.
One interviewee, a chief information security officer (CISO), noted the emergence of the cybersecurity threat landscape as a distinct battlespace.
perceptions of technical shortcomings. In fact, we validated our hypothesis that a prevailing catalyst for this “confidence gap” is the way cyber companies hire today, due to HR departments becoming more clerical and check-list oriented. Although there is merit in standardizing a procedure, when this process becomes rigid “[employers] miss out on very talented individuals who could do the same job, if not better; for instance by analyzing beyond the ‘ones and zeros’ to understand cybersecurity through socio-political contexts,” as Tay states. Another interviewee further worries that “with the emergence of cybersecurity diplomas, there is now a new misunderstanding that these courses cover 100 per cent of cybersecurity knowledge.” For a wide range of cyber roles, technical elements can and should be constantly learned on-thejob and through personal study because the knowledge-base evolves rapidly.
Finally, the lack of representation in one’s environment is critical. Many interviewees lamented not knowing fellowpolitical science students in cybersecurity, therefore networking was imperative. Most reached out to countless cyber professionals for coffee meetings. Internal networking in one’s current workplace is also an option, and one can more easily access an organization’s cybersecurity activities. Cultivating such networks allows most non-IT professionals to land their first cybersecurity job. Babins urges, “Don’t wait for a job posting to come up that matches your skillset exactly. Cold email, cold message and cold call.”
Beyond networking, our findings also show one should heavily invest in learning. Familiarizing oneself with basic cyber terminologies is a fundamental first step before graduating to complex concepts. Certifications and formal training is another way to further understand the topic area, but also to signify subject matter engagement. There is a growth mindset that permeates the industry: “Passionate cybersecurity professionals are usually pretty excited to talk about their work with someone willing to learn,” as Ng highlights.
For all, when they encountered cybersecurity, there was a distinguishable “aha” lightbulb moment, yet they struggled with internal doubts concerning the feasibility of entering the industry without formal training. As Darby MacLellan put it, “I held the misconception that unless you studied IT or cybersecurity in school, your chances of being laughed out of a cybersecurity interview were extremely high.”
The barriers extend beyond lack of awareness and
These learnings should be built upon one’s transferable skills, which constitute the cornerstone of our very project. We start each skills mapping by asking individuals to map their self-reported skills and knowledge gained from their field of study. When it comes to political science, we found three primary transferable skills: communications, strategic thinking and analytical thinking.
Communications consistently came up as the top transferable skill. Political science graduates process large amounts of information and translate complex concepts into understandable language for decision-makers in various media forms. They are also big picture strategic thinkers who understand organizations, whether a state, society or a business, and their institutions and power, and are therefore able to identify the decision-makers and evaluate the impact of cybersecurity on the larger organization.
Analytical thinking can also be measured by their research skills. They know how to conduct original practical research and analyze the “so what” from a broad range of resources, distilling what is coherent and actionable in business-ready terms. Of
Transferable skills that political science graduates can leverage in cybersecurity
course, these transferable skills are not sufficient by themselves. Being a successful cyber professional also requires “an inherent interest and drive in learning about cyber,” as an interviewee notes.
The COVID-19 pandemic accelerated digital transformations worldwide, widening the cybersecurity risks, which can only be addressed by an equally diverse workforce. The cyberskills challenge will remain until there is a mindset shift in recruitment. In this article, we explored the barriers that people passionate about cyber faced in the absence of an IT degree, and how they overcame them. If you are from a nontechnical background and curious about cybersecurity, or want to contribute to our project, feel free to get in touch with the Global Shapers Montreal on social media.4
Kathy Liu is a cybersecurity consultant, and the founder of the Inclusive Cyber Talent project (www.weforum.org/agenda/authors/kathy-liu). Georgios Depastas is a data privacy and security entrepreneur, and drives product efforts at the Inclusive Cyber Talent project (www.linkedin.com/in/gdepastas).
1. 2020 Future of Work Report, World Economic Forum, http://www3.weforum.org/docs/ WEF_Future_of_Jobs_2020.pdf
2. https://www.forbes.com/sites/emilsayegh/2020/09/22/as-the-end-of-2020-approachesthe-cybersecurity-talent-drought-gets-worse/?sh=5cb2b1535f86
3. http://www3.weforum.org/docs/WEF_2019_Strategies_for_the_New_Economy_Skills. pdf
4. Global Shapers Montreal contact information: Project email: inclusivecyber.mtl@gmail.com Facebook: @globalshapersmtl Twitter: @shapersMTL Instagram:@shapersMTL
LinkedIn: Global Shapers Montreal
Matt Tyrer is the Ottawa-based senior manager, solutions marketing for the Americas, Commvault (www.commvault.com).
1. Deep fake technologies will drive growth of the data integrity testing and verification market
AI has developed to the point where deep fake AI technologies can produce realistic images and videos of people doing things they have never done. These technologies can be used for fun — for example, by making Tom Holland and Robert Downey Jr. the stars of Back to the Future.
However, they also pose a risk. These technologies make it harder than ever for enterprises to ensure their images, video and other data streams have not been secretly manipulated by AI.
For companies making important decisions based on this data, the risk of making the wrong decision after being deceived by a deep fake or other AImanipulated data increases by the day.
To reduce the risk that they might deceived by AI-manipulated data, expect companies in 2021 to start demanding data integrity and verification solutions that allow them to detect images, video and other data streams altered by AI. And in response to this demand, expect both established IT leaders and start-ups to introduce new data integrity and verification solutions that allow these companies to avoid being fooled by deep fakes.
Security, governance and other data analytics come to the cloud
I expect over the next six months we will see more than one company that
jumped unprepared into the cloud suffer a ransomware attack, data breach, be hit with a major fine for lax data privacy compliance, or similar incident.
This is not because the cloud is inherently insecure or hard to govern. However, while most companies have in place at least some technologies and processes to secure, govern and otherwise intelligently manage the data found between the four walls of their data centres, many do not have the same technologies and processes in place for the data they now have on multiple clouds.
That is why I am hearing extensively from customers that one of their priorities in the new year will be the extension of their core data centre security, governance and other analytics services to cloud. And it is why I expect that in 2021 we will see strong growth for data analytics solutions that allow companies to audit their data, comply with data privacy regulations, secure data from ransomware and other cyberattacks, and rapidly recovery their data after a disaster, whether this data is located on-premises or in the cloud.
3. Organizations finally realize they need a business continuity plan for ransomware
As recent ransomware attacks on hospitals that halted radiation treatments for some cancer patients demonstrate, despite organizations’ best efforts, it is impossible for security solutions to be 100 per cent effective. As organizations finally come around to realizing that no security system is perfect, they are now asking themselves not what they will do if a ransomware or other cyberattack locks or destroys their data, but when.
The answer to this question is to have a business continuity plan in place that accounts for a ransomware or other cyberattack, allowing the organization to recover from the attack quickly, so that any disruption
to their operations is minimal.
This year, expect to see organizations finally start working to ensure they have in place the business continuity processes and disaster recovery solutions they need to rapidly recover not just from natural disasters, but malicious cyberattack disasters as well — helping them transform ransomware attacks from three-car pileups into mere bumps in the road.
4. As more people work from home, intelligent endpoint data management emerges as a priority for IT
The COVID-19 pandemic resulted in employers around the world asking millions of employees to work from home that had not done so before. However, one drawback facing companies whose employees are working from home is that they have much less control over data protection, data privacy regulatory compliance, and other aspects of data management than they do when these employees connect their laptops to their office’s corporate network.
At the same time, ransomware and other cyberattacks are increasing, while governments are implementing and enforcing stricter data privacy regulations.
Because of this, this year, expect to see more companies deploy solutions that allow them to intelligently protect, govern, and otherwise manage the data on their employees’ laptops and other endpoints.
In particular, expect to see growth of intelligent data management solutions that use AI and similar technologies. Using these technologies, these solutions can detect anomalous behaviour indicating a ransomware attack, or private customer information stored in a place or manner it should not be, allowing companies to nip ransomware, data privacy and similar data management problems in the bud.
Hanwha Techwin
Hanwha Techwin America announced an occupancy monitoring system and mask detection analytic for its P series AI cameras. The licence-free occupancy monitoring solution uses AI to accurately detect and count people entering and exiting premises from multiple entrances while dynamically displaying the current occupancy level for customers and staff. Mask detection analytics detect if masks are worn or worn improperly and send out alerts including customizable audio messages directly from the cameras. The Occupancy Monitoring System is a serverless design and runs completely in-camera, on the edge. www.hanwha-security.com
Johnson Controls
DITEK announced the launch of a new electrical surge protection solution for fire alarm systems. The DTK-120X12 combines protection for 120V system power with protection for up to 12 low voltage circuits to eliminate unnecessary damage caused by electrical surge events. The DTK-120X12 base is designed to be wall mounted and hardwired, and includes the 120VAC power surge protection unit with dry contacts for remote monitoring of surge protection status. The 120VAC module also has LEDs for visual confirmation of status, as well as a loud audible alarm that sounds if protection has been compromised.
www.diteksurgeprotection.com
TrueAlarm sensors use sophisticated algorithms to analyze particles and determine whether they are generated by an actual fire rather than smoke or steam from cooking. Sensor alarm points can be programmed for timed, multi-stage operation per sensor. A lower percentage alert can cause a warning prompt to investigate the issue while a higher programmed percentage will initiate an alarm. The ability of the redesigned TrueAlarm sensors to intelligently differentiate between high-risk fires and burning food or steam is especially important for commercial spaces such as hotels, dormitories, hospitals and other facilities that are prone to nuisance alarms. The new 7th edition compliant TrueAlarm sensors are available for the Simplex product line.
www.johnsoncontrols.com
Dahua Technology
SafetyTemp (DHI-ASI7213X-T1) is a thermal temperature monitoring station that quickly measures skin temperature without the need for personal contact and provides an accurate temperature reading to help businesses and schools assess employees, customers, students and other visitors for elevated body temperature. Developed in response to the COVID-19 pandemic, the SafetyTemp system features a simple, portable setup that consists of a seven-inch screen and a camera with dual, 2MP, CMOS sensors. Different installation options, such as floor and desktop mounts, make SafetyTemp a versatile solution for shops, restaurants, schools, and factories that need a method to assess temperatures of employees, customers, students and other visitors. www.dahuasecurity.com
Allied Universal 32 www.ausecurity.ca
AppArmor 9 www.apparmor.com
Bell 5 www.bell.ca
Commissionaires 2 www.commissionaires.ca
Garda Canada Security Corp. 19 www.garda.com/healthcare
Johnson Controls 17 www.johnsoncontrols.com
The Exit Sign Damage Stopper offers protection for signs against vandalism and accidental damage. Constructed of tough, 9-gauge steel wire coated with corrosion resistant polyester, the wire guard helps reduce maintenance costs. The cage is suited for areas where abuse is severe or it is imperative devices continue to operate for the safety of building occupants. Suggested for gymnasiums, exit signs in remote locations, unsupervised areas and more, the guard helps decrease maintenance costs, reduces time spent replacing broken or stolen units, waiting for parts to arrive, etc., says the company. Four models are available. www.sti-usa.com
Potter Electric
Potter Electric Signal Company announces the integration of Potter fire alarm systems with the IntelliView Dashboard. The web-based dashboard allows the user to monitor their Potter fire alarm control panels in addition to the IntelliGen nitrogen generators from anywhere in the world. A mobile app is also available in the iOS and Google Play stores and provides increased functionality. A free standard version of IntelliView for fire alarm systems is available with limited features that allow for high level panel status and information. The premium version integrates with the mobile app to send push notifications for any off normal signal, give access to all signals on all fire panels, provide system data, and display historical activity. In addition, the premium version supports a one-person walk test that can control the panel and provide the needed data for NFPA reports. www.PotterIntelliView.com
Ontario Bollards 13 www.ontariobollards.com
Paragon Security 11, 25 www.paragonsecurity.ca
Salto Systems Inc. 15 www.saltosystems.ca
STANLEY Healthcare 31 www.stanleyvisibility.com
Team Software 23 www.teamsoftware.com/canadiansecurity
Winsted 21 www.winsted.com
