Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/30/2020
10:00 AM
Will Wise
Will Wise
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach

As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.

Since the start of the coronavirus pandemic, one thing has been clear: Protecting the health, safety, and security of individuals is increasingly challenging and a core priority for helping the US get safely back to business and back to school, as well as for a sense of well-being. And all of this amid a changing view of the future of work and the core factors for quality of life.

Related Content:

Why We Need to Pay Attention to Attacks on the Smart-Built Environment

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective

Early on in the urgent attempt to prevent the spread of the virus, stay-at-home mandates swept the nation as restaurants and retailers were forced to close their doors, and employees were adjusting to a new work remote/work-from-home lifestyle. As a result, several organizations, including the World Health Organization, experienced a dramatic rise in attempted cyberattacks on the workforce. The FBI reported a 400% increase in cybersecurity complaints compared with before the pandemic. Now, as both public and private spaces are opening up — and offices are inviting employees back slowly and in reduced capacity — the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.

Physical Security & Safety in a Pandemic Era
Early on in the pandemic, many businesses were vacant and therefore more susceptible to crime and theft. This spiked demand for security systems such as alarms and monitoring, especially for small and midsize businesses, including bars, restaurants, and retail.

Responsible use of facial recognition technology is also being further developed and put to use in modernized airports and for public safety and access control uses. There has been concern about people wearing masks being a barrier to effective identification. Fortunately, there are facial recognition technologies available that are not hindered by masks. The technology can still verify an individual's credentials, and as a result, enable a number of contactless solutions (such as touchless sign-in and payment) and access monitoring. In addition, if an individual enters a venue, office, or store without wearing a mask, or is not wearing it correctly, facial recognition technology can be used to help detect the individual and discreetly alert staff.

Regarding personal safety, which has been affected by the pandemic, individuals are very aware of their health and safety needs and are adapting to social distancing rules. There is also increased demand for contactless access control solutions. For example, pre-COVID, many employees would be granted access to their office building by a simple key fob or key card. However, post-COVID, this won't be enough. In fact, many office buildings already have been experimenting with access control technology that prevalidates individuals who are permitted to enter the building, utilizes mobile phones, and can also ensure that capacity limits are being followed.

Product development is underway for integration of security and health technology, including access control systems that combine functionality of identity verification and temperature checks. We are also rapidly seeing this with multipurpose use of video technology, across the spectrum of surveillance for threat detection, temperature checks, and capacity counts. While these are effective steps for this phase, to establish large-scale reopenings, real-time testing needs to be deployed pervasively while work continues on producing a safe vaccine and distribution process.

Rethinking Cybersecurity for Employees: Rise of Vishing Fraud
As professional workers continue to do their jobs remotely, even as offices are reopening, bad actors have been clever during these COVID times with tailored campaigns designed to prey on consumers' increasing vulnerability. Recently, the FBI and the US Cybersecurity Infrastructure Security Agency (CISA) issued an alert regarding vishing (voice phishing) scams aimed at workers. Here's a quick look at how vishing works:

First, a bad actor compiles every bit of information he or she can on an employee via public website information and social media. Next, that person calls the employee pretending to be an IT staff member with some excuse about troubleshooting an issue and subsequently ask the staff member to use a new — and fake — virtual private network (VPN) page to access company servers. Ultimately, if an employee obliges, this provides the fraudster credentials and access to private information.

There are a number of actions an organization can take to prevent social engineering attacks like this, including but not limited to employee software that can actively scan and monitor for unauthorized access and anomalous activity. Above all else, employees must be educated on these new threats, get training on how to spot malicious access attempts, and be provided clear instruction on how to flag them via the proper channels.

Cybersecurity, Physical Security, and Health Tech: The Pandemic Trio
One of the biggest takeaways for the security community as we continue to emerge through the pandemic is that cybersecurity along with physical security and health tech safety must be prioritized together.  Industry professionals have to be wary of increasingly sophisticated cybersecurity threats, and quickly deploy proper physical and health safety protections and solutions that will address all equally and with strong collaboration.  

In the last four years, this trend of organizational collaboration emerged due to increasingly pervasive connectivity and Internet of Things-enabled devices. Now with health issues being a long-term, front-burner priority, this will further stimulate the need for cross-departmental communications and a command center approach. Physical security, facilities, operational technology, IT, and HR professionals have a core essential role to take the lead to ensure the safety of employees, customers, and the public. 

Will Wise is Group Vice President, Security Events, at Reed Exhibitions. He oversees ISC Security Events, ISCnews.com, ITS America Events, CNP/CardNotPresent.com, Natural Disaster & Emergency Management Expo, and G2E Events and G2E Insider. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29458
PUBLISHED: 2020-12-02
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
CVE-2020-29456
PUBLISHED: 2020-12-02
Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in ...
CVE-2020-5423
PUBLISHED: 2020-12-02
CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.
CVE-2020-29454
PUBLISHED: 2020-12-02
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
CVE-2020-7199
PUBLISHED: 2020-12-02
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access,...