School Security: Beyond the Headlines – Security Cares at GSX 2018

Experts from the ASIS International School Safety and Security Council discuss active shooter and the conditions that can lead to these acts of violence; soft target hardening; technology and procurement assessment; and the use of data and analytics in prevention. Panelists look to provide clear and concise recommendations for school security stakeholders to take back and discuss within their districts to implement positive changes.

https://livestream.com/SecurityGuyTV/


The Top 9 Network Security Threats of 2019

The last couple of years have seen some of the most frequent and severe cyber security attacks ever recorded against businesses in a variety of industries. As security professionals prepare for another record-breaking year of network breaches and data security risks, it is imperative that companies make themselves aware of the latest cyber threats in circulation to ensure their security countermeasures are up to par.

While we can’t predict the emergence of new threats, here is a list of the top nine network security threats we expect in 2019 and how your enterprise can stay protected.

1. Viruses and Worms

Computer viruses and worms are destructive malicious programs designed to infect core systems, destroying essential system data and making networks inoperable. Viruses are attached to a system or host file and can lay dormant until inadvertently activated by a timer or event. Worms are more general – infecting documents, spreadsheets and other files, sometimes by utilizing macros. Once either one enters your system, it will immediately begin replicating itself, infecting networked systems and inadequately-protected computers. Viruses and worms form the building blocks for many more advanced cyber threats.

Installing anti-malware solutions on all networked devices and systems can significantly reduce the possibility of contracting these viruses or allowing them to spread. By recognizing the threats early and containing them, these solutions enable admins to detect malicious programs and remove them before they inflict any damage. In addition, IT professionals must aggressively keep software up to date, both on the end-user systems and on core system computers. With more infrastructure in the cloud, protective strategies must be extended to protect both local and cloud-resident data. And users must be trained to avoid the human engineering aspects of attacks, such as phishing attacks. This multi-faceted approach is known as defense-in-depth.

2. Drive-by Download Attacks

Network Security ThreatsIn the past, a simple way to ensure that you didn’t contract a computer virus was to not download files from any source you didn’t trust. Easy right? Unfortunately, today it’s not that easy. A drive-by download is a form of attack that allows malicious code to be downloaded from an internet site through a browser, app, or integrated operating system without any action on the user’s part. These URLs are designed to look and act like real websites, but in fact, they are breeding grounds for several different types of malicious code in hopes that one of them will get through your system’s security.

Keeping your browser up-to-date is one of the best ways to help identify these malicious sites before you visit them. You can also use a safe search tool, designed to filter potential threats and ensure you’re not able to navigate to them.

3. Botnets

Botnets are powerful networks of compromised machines that can be remotely controlled and used to launch attacks of massive scale, sometimes including millions of Zombie computers. Botnets are controlled by Command and Control (C&C) networks, which are run by the hacker. They can be used to launch Distributed Denial of Service (DDOS) attacks, to make a target website so busy that it can’t process legitimate requests. In fact, DDOS attacks are sometimes able to completely crash the targeted site, and relief may be offered only if the target website owner pays a ransom. Botnets can also be used to attack secure systems, with each bot operating at a low attack frequency to evade detection, but the aggregate performing a large brute-force attack.

The first defense against botnets is to keep your own machines from becoming botnet “Zombies,” by using techniques for preventing infection from worms and viruses, including using antivirus software and keeping operating software up to date. But even if all machines in your enterprise are kept clean, you can be attacked when outside machines are directed to attack your web server or infrastructure. Because of the scale, defense in this case requires a cooperative approach including working with your ISP, system software vendors, and law enforcement agencies.

4. Phishing Attacks

Phishing attacks are a form of social engineering attack that is designed to steal user logins, credit card credentials, and other types of personal financial information. In most cases, these attacks come from a perceived trusted source, when in fact they’re designed to impersonate reputable websites, banking institutions, and personal contacts. Once you reply to these messages and use your credentials or enter your financial details, the information is then sent directly to the malicious source.

To adequately combat phishing attacks, vigilance is critical. Unfortunately, these attempted attacks are hard to avoid, but as a rule of thumb, you should train your users to always be cautious when reading and opening all emails. Before clicking an external email link, you should look at the actual URL, as it may be different than the text in the email. Enter the URL manually, or be 100% sure of the source and delete any emails that seem to be fraudulent.

5. Exploit Kits

Over the years, hackers have looked for more automated ways to exploit users systems. These kits are self-contained and sold on the dark web. The attack is planned to work in several stages starting with a scan of the user’s system once they navigate to a landing page. If vulnerabilities are discovered, the compromised website will then divert web traffic to an exploit and eventually the malicious payload.

Exploit kits are designed to be discreet, so discovering them as they are executed requires the same techniques used to defend against other sources of worms and viruses. Software solutions include antivirus and intrusion preventions systems, and human solutions include anti-phishing training for users.

6. DDoS (Distributed Denial of Service)

A very damaging form of cyber attack that is regularly being used against businesses today is DDoS (Distributed Denial of Service) attacks. The purpose of these attacks is to overwhelm the hosted servers of their targets with requests for data, making them completely inoperable. This form of attack can be disastrous for companies that sell their products and services online, causing thousands if not millions of dollars in lost revenue a day.

Early detection is vital to protect your network effectively against a DDoS attack. WAFs (Web Application Firewalls) are a great tool to use against these attacks as they give you more control over your web traffic while recognizing malicious web exploits. Using these security solutions, you can create custom rules that enable you to block common attack patterns and can deploy countermeasures within minutes of recognizing network discrepancies.

Because DDOS attacks can be so large they can overwhelm your connection to the Internet, a cooperative approach including your service provider is often required. When your site is hosted in the cloud, some measure of protection should be included in your cloud service.

7. Ransomware

Among all of the latest cybersecurity threats that have been discovered over the years, none create as much fear and uncertainty as ransomware attacks. 67% of businesses attacked by ransomware have permanently lost part of or all of their company data. By infecting secure database systems, encrypting data, and threatening deletion or corruption of files unless a hefty ransom is paid, ransomware is a very dangerous form of malware. The massive increase in ransomware was triggered by the creation of crypto-currencies like Bitcoin, which allow ransom demands to be paid anonymously.

As ransomware is a form of malware, the same defensive strategies are required – antivirus software, keeping software updated with the latest security patches, and training employees to recognize phishing attacks. But there is an additional protection which is essential – reducing the impact of a loss of data by having a backup and ransomware recovery strategy or by keeping data in multiple, replicated locations. This way, the business can continue uninterrupted, without needing to pay ransom.

8. Cryptojacking

With the rise in popularity of cryptocurrency mining, hackers have found ingenious ways of utilizing hardware resources from unsuspecting victims for their financial gain. By tricking their victims into loading mining codes onto their computers, hackers can use their target’s CPU processing resources to mine for cryptocurrency, significantly impacting the performance of their systems. Without understanding the cause of these performance slowdowns, companies can incur real costs trying to source performance solutions or replacing system hardware to resolve the issues.

To defend against these malicious resource attacks, IT teams should have methods to continuously monitor and diagnose CPU usage and alert to changes over time. Cryptojacking attacks are similar to worms and viruses, except that the end goal is to steal CPU resources not to corrupt data. As such, the same preventative measures are required as with other malware attacks.

9. APT Threats

APTs (Advanced Persistent Threats) are a form of cyber attack where an unauthorized attacker code enters an unsuspecting system network and remains there for an extended period undetected. Rather than inflicting damage to these systems, APTs will quietly sit, stealing financial information and other critical security information. APTs use a variety of techniques to gain initial access, including malware, exploit kits, and other sophisticated means. Once login credentials are discovered, APTs can scan and infect deeper parts of the infected system, inevitably compromising all forms of data and easily navigating between connected networks.

While these forms of attack are difficult to detect, there are some key indicators that system administrators can notice to help identify and counter APTs, including looking for unusual patterns in network activity or large amounts of data access, outside the normal range for the business. In addition, IT professionals can improve defense by segmenting the network to isolate critical data, using honeypots to trap internal attacks, and using application-specific white lists to limit data access to only the few applications that should be allowed.
The Outlook

Constant improvements in computer and network technology are often matched or exceeded by rapidly advancing hacker attacks. It’s a cat and mouse game and unfortunately there’s no end in sight.

Remaining educated on the latest cyber threats is the first step in improving your security processes and combating these malicious attacks. By keeping all of your system hardware and software up-to-date, actively monitoring your network usage, and utilizing the internet security measures that anti-malware and anti-virus solutions provide, you can ensure that your business is ready to battle whatever cybersecurity risks the new year brings.


Police handing out free security cameras — but they come with a catch

DEKALB COUNTY, Ga. – DeKalb County is partnering with home surveillance company Ring to hand out 70 free security cameras to homeowners to cut down on crime — but they come with a catch.

Police would have access to video from the cameras.

The county unanimously approved the partnership Tuesday

Channel 2’s Sophia Choi was at police headquarters in Tucker, where Ring donated the cameras. Police will determine where they’ll go in high-crime areas.

About 50,000 homes and businesses in DeKalb County have the cameras, but the county plans to extend the camera network in the future.

“We’ll utilize our crime analysis and determine the areas that would be most beneficial to the county,” DeKalb Police Chief James Conroy said.

In Atlanta, private businesses donated a lot of cameras to help deter crime, especially downtown, but that is not the case in DeKalb.

Officers say the new plan allows them to get cameras to residents without being intrusive. Police want residents to upload videos to the Ring Neighbor Portal. Detectives will then use the video to help solve crimes.

“We cannot access the camera, we cannot view things through the camera,” Conroy said. “Once they upload it to the portal, then they can view that.”

Still, some residents are concerned about their privacy.

“My privacy concerns are that they are going to look through the camera,” Pat Mahony said. “They’re going to see what I’m doing, see what my habits are.”

Conroy says the cameras are safe and help to get criminals off the street.

“My administrative assistant, she has Ring,” Conroy said. “She said, ‘Hey look at this video. Somebody posted of somebody running through the yard’…Exactly at this time, there was a burglary two doors up. So we were able to determine that was the suspect in the burglary.”

In the near future, police hope to partner with other home surveillance companies like Nest and expand this program. The new partnership with Ring will last one year with an option to renew for two more.


Security Cameras: They are a Great for Keeping up with History

One of the things we hear a lot from companies is they have no need for physical security because they have cameras. Cameras are a great way to see what has happened in the past, but they can’t really help with events happening in real time. Even with cameras in place weather and power outages can lead to no real ability to see who the is causing trouble and what happened. One of our clients had cameras up to catch theft from parked vehicles only to find out the hard way that heavy rain rendered the video unwatchable. Just watching the news each night will also show that they are not deterrents for people who want to do illegal things. Although cameras can be useful for information purposes, there is no replacement for having professional guards on site watching over your property.


Don’t Panic, Be Prepared

Recently we had an interesting case study in being prepared. On January 13th Hawaii was awash in the sounds of alarms warning them that nuclear missiles were on the way. In a panic, people were left to try and figure out what they were supposed to do. Families bid tearful goodbyes to each other, and people were seen running around the cities trying to figure out where to go. by many accounts there was a complete lack of organization. Luckily, this was a false alarm and there was no immediate danger to the people of Hawaii. It did, however, serve as a wake up call to everyone about the dangers of not being prepared. When people find themselves in situations they are not prepared for they panic, and panic can lead to bad decisions which can then lead to injury and death. The lesson here, be prepared. Think about the potential dangers you may face and have a plan. Although this was an extreme case, it is a good one to study.


Gwinnett Place CID increasing security patrols to keep holiday shoppers safe

According to the Gwinnett Place CID, patrols of the Gwinnett Place CID by Paradigm Security Services have helped to lower the crime rate by 39%. This and other great information can be found in the article below.

 

http://www.gwinnettdailypost.com/local/gwinnett-place-cid-increasing-security-patrols-to-keep-holiday-shoppers/article_afd53698-6733-52bc-99c5-7b8b15cada53.html

 


2017 Pinnacle Award Winner

Small Business of the Year: 25+ Employees – Paradigm Security Services, Inc.

Paradigm Security Services (PSS) partners with their clients to provide the finest security services and
products available in the marketplace. This enables PSS clients to run their operations with minimal
effort and concern for the safety and security of their properties, employees and residents. PPS partners
with their employees, who they believe are ultimately responsible for their success. This environment is
promoted through superior training, benefits, job satisfaction, recognition and advancement
opportunities.


Security can be a Dangerous Profession

The job of security officers is to protect the client’s interest, be it physical property, personnel, or both. If you haven’t had any security issues at your business yet, it is probably something you don’t think about. The question to ask yourself is, what would you do if a situation arose that put your people or property in danger?

The link below is to a story from January this year when a security guard was shot while on duty. The jobs are demanding and sometimes dangerous, which is why we make sure our guards are so highly trained.

http://www.gwinnettdailypost.com/local/tip-from-media-leads-to-arrest-of-suspect-accused-of/article_d92ca58a-1c6d-56f1-97bd-4768ab4713f9.html


Violence and the Atmosphere it Creates

A quick search of Wikipedia brings some interesting results when it comes to terror attacks in 2017. According to their numbers, there have been 1,147 terror attacks committed around the world through August of this year. That is an average of 143 attacks per month over the first 8 months of 2017. (Note drug and cartel violence are not of these numbers) Although these attacks are spread out over the entire globe and not all of them led to massive casualties or deaths, it is still a stark look at the world we live in today. People are living in a constant state of uncertainty and fear which is effecting the way they deal with issue in their lives. Tempers are shorter, and people seem to be more willing to act out on their frustrations. The constant coverage of these events all over TV, the radio and the internet make it impossible to ignore the violence. So the question is, are you ignoring the signs in your workplace? Have you communicated to your employees how important it is to pay attention to the people around them? What has your organization done to better prepare your employees to deal with violence?