| |
Constant Vigilance Inc. : America's Security Guard Business is Booming
Washington Post (11/04/14) Samuels, Robert
Since the Sept. 11 terror attacks, the private security industry has boomed in the U.S. to the point that private security guards now outnumber police officers three to one. The private security industry has seen its labor participation rate grow nearly four times as fast as the broader private sector labor market over the last ten years. More than 680,000 people work in the field today, according to federal labor statistics, a 20 percent increase since 2004. The first major boom followed 9/11, but growth in the industry slowed during the recession until a spate of high-profile mass shootings including the killings in Aurora, Colo., and Newtown, Conn., created a widespread demand for more security everywhere from schools to warehouses. The growth of the industry is also being fed by a high volume of veterans leaving the military as U.S. ground operations in Iraq and Afghanistan have wound down. Shawn Scarlata, who founded Blueline Security Services in Maryland in 2008, says that between returning veterans and the slow labor market, he has his pick of highly-qualified and experienced workers.
Survey of Risks and Competencies Released
Security Management (11/14) Longmore-Etheridge, Ann
The Security Industry Survey of Risks and Professional Competencies has been released by the ASIS Foundation and the University of Phoenix. The survey exposes the talent and training needs of the security industry. In the survey, security leaders labeled cybersecurity as the top security risk likely to affect enterprises in the next five years. The next biggest risks were crime, mobile technology, natural disasters, and globalization. The survey also found that the seven most critical competencies for security professionals are decision making, oral communication, anticipatory thinking, maximizing the performance of others, collaboration, self-regulation, and persuasive influencing. "Despite the increasing need for skilled security professionals, the industry is without a complete set of industry-endorsed competencies and skills that professionals will need to adequately respond to the emerging risks facing the global economy," said James Marks, the executive dean of the University of Phoenix College of Criminal Justice and Security. "Relevant education and training aligned to industry requirements is crucial to protecting and growing the infrastructure of businesses in the United States and globally."
El Paso and Juarez: Securing the Sister Cities
Security Management (11/14) Chapa, Lilly
Directly across the border from one another, El Paso, Texas, and Ciudad Juarez, Mexico, became something of a paradox between 2008 and 2010 when Mexico's raging drug war came to Juarez: the Mexican city became one of the deadliest in the world as gangs struggled for domination, while El Paso remained one of the safest cities in Texas. The experience changed the way security is performed, most notably by causing private security operations to step up their game and coordinate with the spectrum of local and federal law enforcement that operate in both cities. In particular, the security forces of the maquiladoras--the manufacturing facilities on the Mexican side of the border that power the local economy--found themselves forced to adapt. While the maquiladoras themselves did not become targets of the violent gangs, their employees did and so the security forces found themselves expanding their operations beyond the confines of their facilities to coordinate with local law enforcement and community groups to keep workers safe around the clock. This included providing dedicated buses for transportation and keeping workers apprised of potential security threats in their neighborhoods. The information flow also worked the other way: in El Paso, private security forces were the ones that alerted local law enforcement to a spree of criminals disguising themselves as cops to shakedown motorists.
Back to Basics for Lobby Security
Security Magazine (11/14) Ludwig, Sarah
Good lobby security is vital for any organization, since lobbies are a buffer between public and private areas, says Tim Sutton, a security consultant at Sorenson, Wilder & Associates. Effective lobby security should involve a security vulnerability assessment to identify assets and shortcomings and use best industry guidelines, Sutton says. He recommends that organizations make sure their lobby is arranged so that people must go through its security measures, which may be as simple as moving a receptionist's desk. A lobby ideally should have two doors, with a receptionist or security officer between them to better monitor who comes and goes, and to control access to the second door. Organizations may also consider a visitor management system that registers visitors and creates badges for them. This allows security personnel to know how many people are in the building and who they are. Organizations must have written, enforced policies and procedures for access and security, and should train their personnel to diffuse a situation or notice suspicious activity, says Patrick Ketchum, the director of the Office for Insurance and Benefits at the Diocese of Springfield, Ill. The diocese recently overhauled its lobby security, implementing access cards for employees and requiring visitors to be buzzed in by a receptionist. The diocese also plans to place the front desk behind glass so visitors can approach it to announce themselves.
Jim Sawyer: Embracing Authentic Customer Service for the Ultimate Security Strategy
Security Magazine (11/14) Ritchey, Diane
As security director for Seattle Children's Hospital, Jim Sawyer often faces hostile situations that require special techniques to diffuse. Parents not only face stress from having a sick child, but also may be experiencing family difficulties and financial challenges, which can contribute to anger and hostility. Because of the stress people experience, having a zero-tolerance policy for violence at healthcare facilities is "nonsense," Sawyer says. The hospital instead employs what Sawyer calls a "zero incidents philosophy," which is focused on ensuring violent incidents do not occur. This philosophy involves the use of 75 security officers who receive training in customer service as well as how to perform assessments of the client and situation. Sawyer's team employs different methods to prevent hostile individuals from becoming violent, such as "restatement for clarification," which involves listening to a complaint and then restating it to show that the person is being listened to. In addition, Sawyer has set a goal of having all security incidents resolved in a non-violent manner. A review of security incidents is performed each month to determine if that goal is being met. The hospital's approach to security also includes issuing ID badges and greeting and authenticating people at the entrance.
U.S. Strike in Syria Reportedly Kills Key Bomb-Maker
CNN (11/06/14) Starr, Barbara; Cruickshank, Paul
A U.S. airstrike in Syria on Wednesday reportedly killed David Drugeon, a French citizen and al-Qaida bombmaker considered to be one of the terror network's most potentially dangerous operatives. Drugeon joined al-Qaida in Afghanistan in 2010 but left the country sometime in late 2013 or early 2014 along with other members of the Khorasan Group, a collection of al-Qaida's senior leaders and operatives who are now headquartered in Syria. The group has reportedly been developing plans for organized terror attacks against the U.S. and other Western countries involving sophisticated bombs. These include clothing dipped in explosive solutions and bombs concealed in personal electronic devices. Drugeon may have been involved in these efforts, including transferring technology from Ibrahim al Asiri, a master bombmaker with al-Qaida's affiliate in Yemen. The strike that reportedly killed Drugeon was one of five announced by the U.S. military Thursday that targeted Khorasan vehicles and buildings.
U.S. Drone Strike Kills Leader of Al-Qaeda in the Arab Peninsula (AQAP)
Homeland Security News Wire (11/06/14)
A man who has been called one of the most dangerous al-Qaida-affiliated terrorists was killed in a U.S. drone strike in Yemen on Wednesday. The strike was carried out against Shawki al-Badani, the leader of al-Qaida's Yemen affiliate, al-Qaida in the Arabian Peninsula. Al-Badani has been linked to least two planned attacks against the U.S. Embassy in the Yemeni capital of San'a as well as a suicide bombing in the city that killed over 100 soldiers in 2012. Al-Badani's death comes several months after the Yemeni government placed a $100,000 bounty on his head. The same drone attack that killed al-Badani also killed Nabil al-Dahab, the leader of the al-Qaida in the Arabian Peninsula affiliate Ansar al-Sharia. The U.S. government has not commented on the attack, in keeping with its policy of not publicly discussing drone strikes and their targets. Meanwhile, at least 10 suspected al-Qaida fighters are believed to have been killed in a U.S. drone strike that occurred in central Yemen on Tuesday.
Obama Could Get Some Republican Backing in Fight Against Islamic State
Wall Street Journal (11/05/14) Barnes, Julian E.
The new Republican majority in the Senate could potentially make it easier for President Obama to secure a new authorization for military force against the Islamic State. In September, administration lawyers determined that the existing authorization dating back to the aftermath of the 9/11 terror attacks was sufficient to cover the proposed campaign against IS, but since then the evolving nature of that campaign and emerging legal questions have caused the administration to seek a new authorization tailored specifically to the conflict with IS. However, Democrats in the Senate were making obtaining such an authorization more challenging, insisting on conditions such as an explicit time limit. However, Republicans are much more receptive to the idea of a new authorization and are not likely to call for such restrictions, meaning a fairly straightforward authorization of force against IS could pass the new Republican-majority Senate. However, the Republican majority is not likely to be as helpful to the administration on other important foreign policy issues, like negotiations over Iran's nuclear program and the closure of the Guantanamo Bay detention facility.
Norway Police Say Terror Attack is Likely
Wall Street Journal (11/05/14) Hovland, Kjetil Malkenes
Norway will be at a heightened risk of a terrorist attack in the next year due to the Syrian civil war, the conflict between the Islamic State and the U.S.-led coalition in Iraq, and the continued rise of that terrorist group, a terrorism assessment prepared by the Norwegian Joint Counter Terror Center notes. The Norwegian Police Security Service (PST) issued a statement on the assessment Wednesday, saying that these factors will likely result in terrorists threatening to attack or actually attempting to attack Norway in the next 12 months. Such attacks could target Norwegian military personnel, police, and policy makers, a statement from PST said. However, PST noted that the increased risk of terrorism is not limited to Norway, as conflicts in the Middle East over the last several years have made several other Western nations more prone to terrorism as well. PST says it plans to consider taking steps to address this threat, as will Norway's national police and military. The terrorism assessment and PST's statement about it follows a call issued by the Islamic State in September for attacks against countries participating in the U.S.-led coalition in Iraq. Norway is one of those countries.
Homeland Security Tightens Screening of Foreign Air Travelers
Los Angeles Times (11/03/14) Bennett, Brian
Homeland Security officials on Monday tightened their screening of people who travel to the United States with Western passports, out of concern that Europeans who join extremist groups in Iraq and Syria may try to stage terrorist attacks. The new security measures are aimed at learning "more about travelers from countries from whom we do not require a visa," Homeland Security Secretary Jeh Johnson said. Citizens of these "visa-wavier" countries may enter the United States by completing an online form called the Electronic System for Travel Authorization (ESTA). Homeland Security has expanded ESTA by requiring applicants to list the names of their parents, city of birth, contact information, employer information, national identification number, aliases, and any other types of citizenship. Since 2011, more than 3,000 Europeans, many of them originating from countries such as the U.K., France, and Germany, have traveled to Syria and Iraq to fight with militant groups.
Home Depot Traces Credit Card Data Hack to Supplier Compromise
ComputerWeekly.com (11/07/14) Ashford, Warwick
Home Depot has provided an update on the investigation into its recent data breach, saying the attack was carried out by stealing the username and password an unidentified third-party supplier used to access its systems. According to Seculert CTO Aviv Raff, the attacker was then able to move from the supplier's network to Home Depot's systems by exploiting a zero-day vulnerability in Windows. That allowed the attacker to steal 53 million e-mail addresses, in addition to the 56 million payment card records that were previously said to have been compromised. However, customer passwords and other sensitive information is not believed to have been compromised in the attack. The discovery that tens of millions of e-mail addresses were compromised in the breach has sparked concern that the affected Home Depot customers could begin to receive phishing e-mails that attempt to trick them into revealing personal information. Meanwhile, the latest revelations about the Home Depot breach are highlighting the need for new security measures that can protect against cyberattacks in which attackers gain access to a supplier's systems before moving into a retailer's network. One security measure that could reduce the risk of such attacks is version 3.0 of the Payment Card Industry's Data Security Standard (DSS), which takes effect on Jan. 1 and includes requirements for third-party risk management and outlines steps third party suppliers need to take to ensure the security of their systems.
Mobile Security Breaches Impacted 68 Percent of Organizations
Help Net Security (11/05/14)
Sixty-eight percent of organizations have been affected by mobile security breaches in the last 12 months, according to a new BT survey of IT decision makers. About half of those respondents that said they had been affected by a security breach also said they had experienced more than four incidents in the last year. Ninety-three percent of organizations were found to allow employees to use personal or corporate-owned devices for work purposes. Despite that, only 40 percent had an active bring-your-own-device policy in place. A third of organizations lacked any sort of mobile device policy and a similar number allowed personal or corporate-owned devices full access to internal networks and sensitive data. Only 25 percent said their organization had sufficient resources to prevent mobile security breaches. One in three reported their organization does not employ password protection, and less than half said they have widespread security training efforts in place. One of the biggest issues remains staff attitudes, with 74 percent reporting employees do not take mobile security seriously. Another 69 percent said their CEO does not take security issues very seriously.
Open Source, Dark Web and Internet of Things Spell Disaster for Business
V3.co.uk (11/04/14) Stevenson, Alastair
There are three primary cybersecurity issues organizations need to be concerned with in the next year and beyond, according to a new Trend Micro report. Those issues include vulnerabilities in open source software, the growing use of the dark Web by cybercriminals, and security flaws in devices that constitute the Internet of Things. Trend Micro found cybercriminals will continue to search for vulnerabilities in certain platforms, protocols, and software, just as they did when they found the Heartbleed and Shellshock vulnerabilities in OpenSSL and Unix's Bash code, respectively. These vulnerabilities could be exploited by cybercriminals to break into business systems, Trend Micro says. The report also notes organizations need to be concerned about the growing use of the dark Web, since this will require security firms and law enforcement agencies to make larger investments and devote more resources to the effort to track and take down cybercriminal gangs using such services. Trend Micro calls on security firms to help address this issue by continuing to provide law enforcement with the threat intelligence they need to catch cybercriminals, while noting lawmakers need to come to an agreement on what cybercrime is so law enforcement can bring cybercriminals to justice more easily. Finally, the report predicts cybercriminals will begin using ransomware and scareware to target users of devices that make up the Internet of Things beginning as early as next year.
Banks Ready New Defense Against Hackers
Wall Street Journal (11/04/14) Huang, Daniel; Glazer, Emily
A group backed by the nation's biggest banks plans to launch the Soltra Edge platform on Dec. 2 to enable financial firms to more quickly communicate about potential cyber breaches. The Soltra platform -- which has been in the works for more than a year -- underscores that banks increasingly are sharing information. Soltra, a partnership between the Financial Services Information Sharing Analysis Center and the Depository Trust & Clearing Corp., could reduce response times from an average of seven hours to just a few seconds. The effort is being funded by 16 banks, including JPMorgan Chase, Citigroup, U.S. Bancorp, and BB&T Corp. Experts say the anonymity the FS-ISAC provides to the banks helped spur collaboration. According to BB&T Chairman and CEO Kelly King, "Defending against today's cyber threats and attacks often takes more than any one organization." As of Oct. 1, the FS-ISAC's cyberthreat repository had 12 million indicators, marking a five-fold jump over the past year.
Survey: Cybersecurity Priorities Shift to Insider Threats
Federal Times (11/03/14) Boyd, Aaron
The security concerns of federal IT managers in both the civilian and defense sectors have shifted from outside threat actors to insider threats and the need to better train and educate employees, according to a Market Connections survey. The survey queried 200 federal IT managers about the challenges and opportunities they see in the cybersecurity realm. Failures by staff to follow proper cyber hygiene policies was ranked as the top concern by the respondents, with just over half identifying it as a prolific threat. It was followed by phishing campaigns, malware, spam, and accidental leaks, which were ranked as prolific threats by 49, 47, 42, and 39 percent of respondents, respectively. Market Connections says this is a major shift from 2012, when cyber espionage was considered the biggest threat, with 59 percent identifying it was a prolific threat. In the current study, new security systems were a top investment priority for 66 percent of respondents, followed by employment training and new policy implementation at 61 percent and 57 percent, respectively. Defense managers were more likely to consider end-user training a top priority than civilian managers, 71 to 55 percent.
Abstracts Copyright © 2014 Information, Inc. Bethesda, MD |
No comments:
Post a Comment