Showing posts with label Cyber security. Show all posts
Showing posts with label Cyber security. Show all posts

Wednesday, March 1, 2023

Fenced for Perimeter Protection

Fenced for Perimeter Protection 

Securing a private or public building is a complex issue, right from any perimeter and entrance point to internal asset management. Instead, optimal security solutions can only be achieved by going back to basics, understanding individual environments and integrating security systems to achieve unique requirements.

The 2022 Crime Report from the Association of Convenience Stores (ACS) shows that, in the past year, 89% of store staff faced abuse in their job, with 35,000 incidents of violence, 9% those resulting in personal injury.

The perimeter is the first line of defence. It inhibits and delays intruders. Unfortunately, history has taught us that even the most impenetrable perimeter can still be breached.

Therefore, sensitive sites should not be on the fence when it comes to investing in the right security technology for the right application. A genuinely intelligent system is key to a successful security solution.

Delaying the intruder is essential. If it takes a security team five minutes to deploy intervention, but the time to target is three minutes, then a security solution needs to create a delay of at least two minutes. If there are layers in place that take three minutes to penetrate, then the response team will have time to apprehend the perpetrators before they reach their target.

In terms of physical perimeter security, layers of technology should be applied starting with the outer perimeter, such as the fence line; the inner zone perimeter, such as specific buildings or key infrastructure; the building face perimeter, such as the external building shell; and finally, the internal perimeter, such as internal space where restricted access is necessary. Solutions within each layer should help delay, deter, and detect intrusion.

There are a wide range of technologies that make up an intelligent outer perimeter. To deter people from attempting to gain unauthorised access, a site can use signage or physical barriers. Sites requiring a more secure perimeter typically “harden” the physical barrier using high security palisade or welded mesh products. These barriers are designed to delay intruders and serve as a physical deterrent by preventing unauthorised access. Additionally, perimeter fences ensure the safety of the public – protecting people from entering sites where they may unwittingly expose themselves to risk, injury or even death.

However, while many businesses use gates, fencing, and other structures to keep intruders out, these only delay an intrusion. That is why highly secure sites should look to include elevated detection technologies such as monitored pulse, energised fences. A monitored pulse fence both deters and detects criminals or trespassers. A grid of energised wires is often enough to prevent someone from attempting to climb or break through the fence. Monitored pulse fences comply with international safety standards and are designed to deliver a short but safe shock and acts as a highly effective deterrent.

Additional technologies such as full integration with video management systems provides a visual record of events that can be viewed as a live stream and later used as evidence if required. Designing an effective perimeter security solution is a significantly more complex process than it appears at first glance. The consultant, architect, or engineer has many factors they need to consider in the process, including understanding the site requirements and environment, and selecting which technology or combination of technologies will have a direct impact on the success of the system.

For example, a highly secure yet discrete site, where the customer doesn’t want to “advertise” what they do by way of a visually intimidating perimeter, may use discrete technologies such as buried sensors, laser curtains and microwave. The possible intrusion risks balanced against the requirements of the site will determine the type of sensors used – these risks can range from vandalism or protests by activists to criminal theft, espionage, and terrorism.

One of the main requirements from customers when it comes to an intelligent perimeter solution is a high probability of detection and low false alarm rate. For sites requiring higher levels of perimeter protection, like prisons, it is crucial that perimeter security is as sensitive to tampering on the fence line as possible to prevent and detect perimeter breaches. However, a highly sensitive fence line can be subject to false alarms due to factors such as disturbances from wildlife and environmental extremes.

In recent years, there has been a shift to intelligent, integrated perimeter solutions where detailed reporting and configuration can be carried out on the performance of the perimeter technology. While perimeter security is an organisation’s first and arguably best, line of defence, integration with other technologies is key in effectively securing a site. Essentially, a security management system that brings everything together can provide a truly intelligent multi-layered perimeter solution.

An integrated approach provides the control room operator with all the information associated with an attempted attack to their fence line, ultimately assisting with faster response times. On top of that, cyber security threats are becoming a very real risk to perimeter protection and are forcing a rethink in how and what technologies are installed, with a shift towards more intelligent and integrated solutions. An end-to-end approach is vital. A cyber security vulnerability can occur along any of the communication channels, from the fence detector to the device that displays the alarm to the security guard.

Gallagher considers each communication link and device to assure the complete security of a perimeter protection system. Their security solutions are engineered to meet stringent standards that define how high security sites around the world should be protected and are backed by the implementation of government standards to validate their effectiveness. Gallagher undertakes internal and external penetration testing of their products to ensure they are hardened and secured to mitigate the risk of cyber-attacks.

During pandemic, Gallagher supplied perimeter security solutions to ensure protection. Gallagher’s intelligent deterrent and detection technologies continue to be utilised across small to medium commercial and industrial facilities, right through to larger correctional, utility, and high-profile government sites.


Sunday, January 1, 2023

Security Trends in 2023

Security Trends in 2023 

Wishing you a very Happy New Year – 2023. Although some of the worst disruption caused by the global Covid-19 pandemic is hopefully behind us, 2023 is shaping up to be another challenging year for business and society. But this year few states going through partial lockdown case to case basis.

Cyber security in physical security:

Adoption of digital technology and internet have also led to increase in cybercrime incidents. It can be controlled or minimized with care, precaution, awareness and with the use of appropriate tools to secure the information. Indian Cyber Crime Coordination Centre (I4C) under Cyber & Information Security (CIS) Division of the Ministry of Home Affairs, has prepared one manual to disseminate Cyber Hygiene Best Practices for the benefit of Industrial Bodies/General Public/Government Officials.

Many large buyers now provide a cybersecurity questionnaire that integrators and solution vendors must complete, leading to creation of new roles in some companies just to respond to such questionnaires that are required in bid processes. Vendors, integrators and the practitioners themselves are simultaneously chasing cybersecurity talent to add to their employee teams, a challenging proposition given the overall difficulty to hire technically skilled workers of any type. Cybersecurity has to be managed on multiple levels, requiring constantly expanding investments in:

·        Device-level cybersecurity (e.g., cameras, readers, panels)

·        Infrastructure cybersecurity (wiring, networks, switches, etc.)

·        Software and Server cybersecurity

·        Configuration cybersecurity (correct implementation of cybersecurity features)

·        Cloud cybersecurity

·        Mobile device cybersecurity (particularly as security and employee bases become more mobile or remote)

·        User cybersecurity (e.g., social engineering attacks, insider threats, etc.)

Security practitioners today seem to have three general choices when it comes to convergence:-

1. Ignore: Disregard the need to converge—a wholly unwise choice, by most accounts.

2. Strongly Interrelated Teams: Continue to manage security in two, separate but equal channels, but strongly define team relationships such that constant open dialogue and cross-investigation exist between the two specialized teams.

2. Fully Converged: Fully merge security leadership and tactical security management to link cybersecurity protections and physical security protections, given converged threat vectors that impact information, data, people and assets.

Artificial Intelligence (AI):

In 2018, a NITI Aayog report stated that India will hold a late-mover advantage in real world application of artificial intelligence (AI). Worldwide, spending by governments and business on AI technology will top $500 billion in 2023, according to IDC research. Moreover AI applications on top of security solutions helps break the boundaries of our industry’s value to practitioners, by embedding non-security applications that take data from the proliferation of sensors of all types to correlate data points or find trends that can save businesses money or enable them to act more swiftly.

In a pre-event discussion with panel lists from an AI panel held at SNG 2022, the expert panel lists (reflecting integrators, vendors and practitioners) indicated they see sweeping AI frameworks coming, but admitted the industry is not yet prepared to define a framework for AI, noting that the technology’s rate of change is likely outpacing our ability to construct implementation frameworks, particularly ethical frameworks.

 

“IN 2023, ARTIFICIAL INTELLIGENCE WILL BECOME REAL IN ORGANIZATIONS. NO-CODE AI, WITH ITS EASY DRAG-AND-DROP INTERFACES, WILL ENABLE ANY BUSINESS TO LEVERAGE ITS POWER TO CREATE MORE INTELLIGENT PRODUCTS AND SERVICES.”

—TRENDS FUTURIST BERNARD MARR, WRITING FOR FORBES IN NOVEMBER 2022

 

Autonomous Devices:

Autonomous devices are a physical form of autonomous technology. Robots, both functional and humanoids, drones and vehicles are a few examples of autonomous devices. Autonomous devices learn from their surroundings and complete tasks without continued human input.

Automation of repetitive security tasks in lower-risk environments (think robots doing automated patrols in unstaffed facilities) and partly about highly responsive situational awareness (flying a drone to a remote or dangerous location for visual input back to the command post), but the real opportunity being seen for 2023 is connecting improved robotics with AI-embedded intelligence to finally put more “autonomous” in “autonomous devices,” some of which required an operator to previously drive the robot. Notably the International Standards Organization narrowly defines robots to not include remote-controlled solutions such as remote-controlled drones and ground vehicles.

Over half a million industrial robots were installed in 2021 according to the International Federation of Robotics (IFR), and that doesn’t even include robots for security applications, which are outside of the scope of the IFR’s annual World Robotics research.

Workforce development:

Workforce development from the societal centric perspective is defined as initiatives that educate and train individuals to meet the needs of current and future business and industry in order to maintain a sustainable competitive economic environment.

In a survey they found attracting skilled labor is a top concern, and there’s only one solution in today’s hyper-competitive labor market: “We must train our own.” Long established as a factor limiting companies’ growth (especially that of the systems integrators), expanding the workforce has become a key focus of organizations like SIA, which partnered with the Electronic Security Association to cofound the Foundation for Advancing Security Talent (FAST) to drive awareness of security industry employment opportunities.

Smart practitioners, particularly larger corporations with extensive security teams, are also hiring talent from their integrators and vendors in some cases, recognizing that they need internal personnel with the skillsets that they once could wholly outsource. Others are instead outsourcing or embedding integrator talent into their organization.

70% of employees work through mobile devices, with 200 million worldwide using mobile business apps. What’s more, 84% of decision makers plan to increase spending on mobile applications that drive employee productivity, reduce costs and enhance customer satisfaction.

The mobile workplace is a place that offers a host of benefits. Its core objective is to make employees as productive as possible, whether they are at their desks, in the field or working remotely. It’s all about equipping staff with the tools they need to do their jobs more efficiently, putting those tools conveniently at their fingertips, and connecting processes so that everything within a business works more cohesively.
 
Smartphone applications will increasingly be employed in 2023 to control physical security systems. Managers will have fingertip control over who has access to certain zones and facilities, and will be able to set those controls from wherever they happen to be working.
 
Security analytics will collate rich data insights from a suite of IoT connected devices, delivering them into the hands of decision makers via their smart devices, helping to inform security and operational strategies.

Data privacy:

Data privacy is the right of a citizen to have control over how their personal information is collected and used. Data protection is a subset of privacy. This is because protecting user data and sensitive information is a first step to keeping user data private. US data privacy laws are regulated at the federal level. Data privacy is typically applied to personal health information (PHI) and personally identifiable information (PII). This includes financial information, medical records, video footage security, social security or ID numbers, names, birthdates, and contact information. You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation).

By 2024, 75% of the Global Population Will Have Its Personal Data Covered Under Privacy Regulations. Ultimately, the practitioner is responsible for ensuring that their data is protected and that systems are used ethically. This had led to pullback from many practitioners on their pace of adoption for some technologies like facial recognition to ensure that they have not only justifiable use cases but the procedures in place to ensure that advanced systems are used responsibly, and that data is only collected when it is needed.

Contactless security:

Contactless technology has become hugely important post-Covid, due to the strong reaction against physical contact. It’s also about the user experience, with people increasingly wanting things to be instant and simple.


Contactless security is therefore, unsurprisingly, becoming more commonplace. Biometric access, using the likes of fingerprints, iris scans and facial recognition to identify authorised personnel for physical access into a building or specific part of it, is already becoming the norm, whilst other contactless entry technologies that are set to be even more widely adopted during 2023 and beyond include Bluetooth Low Energy (BLE), and smartphone NFC (Near Field Communication) keyless entry, as well as QR code entry for temporary access.


For added security, multi-factor authentication (MFA), the use of more than one method of identification, is likely to become more widely adopted, as organisations batten down the hatches, making it harder for would-be unauthorised entrants to gain access.