Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Will Wise
Will Wise
Connect Directly
E-Mail vvv

Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach

As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.

Since the start of the coronavirus pandemic, one thing has been clear: Protecting the health, safety, and security of individuals is increasingly challenging and a core priority for helping the US get safely back to business and back to school, as well as for a sense of well-being. And all of this amid a changing view of the future of work and the core factors for quality of life.

Related Content:

Why We Need to Pay Attention to Attacks on the Smart-Built Environment

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective

Early on in the urgent attempt to prevent the spread of the virus, stay-at-home mandates swept the nation as restaurants and retailers were forced to close their doors, and employees were adjusting to a new work remote/work-from-home lifestyle. As a result, several organizations, including the World Health Organization, experienced a dramatic rise in attempted cyberattacks on the workforce. The FBI reported a 400% increase in cybersecurity complaints compared with before the pandemic. Now, as both public and private spaces are opening up — and offices are inviting employees back slowly and in reduced capacity — the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.

Physical Security & Safety in a Pandemic Era
Early on in the pandemic, many businesses were vacant and therefore more susceptible to crime and theft. This spiked demand for security systems such as alarms and monitoring, especially for small and midsize businesses, including bars, restaurants, and retail.

Responsible use of facial recognition technology is also being further developed and put to use in modernized airports and for public safety and access control uses. There has been concern about people wearing masks being a barrier to effective identification. Fortunately, there are facial recognition technologies available that are not hindered by masks. The technology can still verify an individual's credentials, and as a result, enable a number of contactless solutions (such as touchless sign-in and payment) and access monitoring. In addition, if an individual enters a venue, office, or store without wearing a mask, or is not wearing it correctly, facial recognition technology can be used to help detect the individual and discreetly alert staff.

Regarding personal safety, which has been affected by the pandemic, individuals are very aware of their health and safety needs and are adapting to social distancing rules. There is also increased demand for contactless access control solutions. For example, pre-COVID, many employees would be granted access to their office building by a simple key fob or key card. However, post-COVID, this won't be enough. In fact, many office buildings already have been experimenting with access control technology that prevalidates individuals who are permitted to enter the building, utilizes mobile phones, and can also ensure that capacity limits are being followed.

Product development is underway for integration of security and health technology, including access control systems that combine functionality of identity verification and temperature checks. We are also rapidly seeing this with multipurpose use of video technology, across the spectrum of surveillance for threat detection, temperature checks, and capacity counts. While these are effective steps for this phase, to establish large-scale reopenings, real-time testing needs to be deployed pervasively while work continues on producing a safe vaccine and distribution process.

Rethinking Cybersecurity for Employees: Rise of Vishing Fraud
As professional workers continue to do their jobs remotely, even as offices are reopening, bad actors have been clever during these COVID times with tailored campaigns designed to prey on consumers' increasing vulnerability. Recently, the FBI and the US Cybersecurity Infrastructure Security Agency (CISA) issued an alert regarding vishing (voice phishing) scams aimed at workers. Here's a quick look at how vishing works:

First, a bad actor compiles every bit of information he or she can on an employee via public website information and social media. Next, that person calls the employee pretending to be an IT staff member with some excuse about troubleshooting an issue and subsequently ask the staff member to use a new — and fake — virtual private network (VPN) page to access company servers. Ultimately, if an employee obliges, this provides the fraudster credentials and access to private information.

There are a number of actions an organization can take to prevent social engineering attacks like this, including but not limited to employee software that can actively scan and monitor for unauthorized access and anomalous activity. Above all else, employees must be educated on these new threats, get training on how to spot malicious access attempts, and be provided clear instruction on how to flag them via the proper channels.

Cybersecurity, Physical Security, and Health Tech: The Pandemic Trio
One of the biggest takeaways for the security community as we continue to emerge through the pandemic is that cybersecurity along with physical security and health tech safety must be prioritized together.  Industry professionals have to be wary of increasingly sophisticated cybersecurity threats, and quickly deploy proper physical and health safety protections and solutions that will address all equally and with strong collaboration.  

In the last four years, this trend of organizational collaboration emerged due to increasingly pervasive connectivity and Internet of Things-enabled devices. Now with health issues being a long-term, front-burner priority, this will further stimulate the need for cross-departmental communications and a command center approach. Physical security, facilities, operational technology, IT, and HR professionals have a core essential role to take the lead to ensure the safety of employees, customers, and the public. 

Will Wise is Group Vice President, Security Events, at Reed Exhibitions. He oversees ISC Security Events, ISCnews.com, ITS America Events, CNP/CardNotPresent.com, Natural Disaster & Emergency Management Expo, and G2E Events and G2E Insider. View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-02
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is &...
PUBLISHED: 2021-03-02
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing...
PUBLISHED: 2021-03-02
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messag...
PUBLISHED: 2021-03-02
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
PUBLISHED: 2021-03-02
A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands.