fbpx
Video Surveillance, Surveillance, Monitoring, Access Control, Security, Liquid Video Technologies, Greenville South Carolina

Video Surveillance and the Evolving Needs

Video Surveillance and the Evolving Needs of the End-User: Update, Integrate, Analyze, Act

Video surveillance has long been a critical component of facility management and security plans, and it is only expected to grow. Being able to use this video surveillance footage in relatively new and helpful ways is becoming more and more important.

The Global Video Surveillance Storage market generated $28.52 billion in 2016 and is projected to grow by 18 percent by 2023. With so many resources being devoted to storing video data, it will be more crucial than ever to maximize returns on that investment by increasing capabilities to use that stored video. Based on the massive amounts of data gathered by surveillance technologies, it is becoming increasingly possible to take informed action grounded in analysis of the information gathered.

Demand for these capabilities is increasing and the market is responding with more innovative video surveillance technology than ever. End-users expect their technologies to protect and optimize their businesses and facilities; however, the path to this transformation is a two-way street. The technologies to support the users’ desired needs exist. It is a matter of investment and proper implementation to arrive at a place of optimization for facility security and operations.

Updating Systems: The First Step

When discussing the improvement of end-user experiences, updating outdated technologies may seem like a rudimentary and even obvious step. However, many facilities still rely on simpler systems such as analog cameras that keep footage only for a limited period of time. A video camera is no longer just a static piece of equipment meant to be monitored in real time. They also do not take the step that many have come to expect of providing actionable insights based on data gathered.

Thirty cameras, during a 24-hour period, throughout 30 days, will record 21,600 hours of video. That is a massive amount of data that goes nowhere and is essentially useless with a ‘traditional’ video surveillance system. There is a real and valuable return to be made in the form of insights that can be gathered from all this data to understanding where customers linger, how to improve workflow and increased security capabilities. These insights can even be monetized for interested parties, such as brands selling products in a store, thereby helping the facility’s bottom line. Updating outdated video surveillance equipment is the first step to unlocking the potential of integration and analytics.

Next Up: Systems Integration

Once systems are updated, it becomes possible to unlock the next steps in the optimization of a facility, resulting in increased overall security and better day-to-day operations.  Integration with other building and security systems such as lighting, HVAC and access control allow for a more complete picture of the “pulse” of the building. It also improves the experience and comfort of occupants, staff and patrons.

Let’s take lighting, for example. There are several ways that lighting and video surveillance can work together—the simple replacement of regular light bulbs with LED bulbs can improve visibility for video surveillance systems, while also driving down energy costs. Add in motion-sensor technology, and the lights and cameras can work to deter intruders and capture their image more effectively for law enforcement. By making these changes, it is no longer on the facility manager to look at grainy, poorly lit footage to try and decipher what is going on in the event of an incident. By integrating lighting and video surveillance, the facility manager is empowered to work smarter, not harder with a basis in intelligent data they can rely on.

Analytics, Security and Operations

The ability to analyze endless hours of video footage in a realistic and intelligent way has completely changed the game. Being able to define search parameters when reviewing footage can turn an hours-long review process into one that takes minutes, saving precious time in the event of an incident and allowing personnel to make the best use of their resources. For example, knowing the gender or clothing color of someone they are hoping to identify and being able to search footage accordingly can shave hours off a search.

By integrating analytics with other systems, such as access control, users can gain insight into things like the flow of occupants through a space and who is attempting to access restricted areas. In addition, these technologies can learn patterns and establish what is the norm for the facility they protect.  When something outside of their learned patterns occurs, such as someone trying to access a building after hours, they can detect it and relay that information, as well.

Security has never been the only use for video surveillance. As analytics are being more widely implemented, operational intelligence gathering has also been affected. Some of the most important uses for video surveillance are improving sales or customer service, examining and managing employee productivity and analyzing customer behavior and patterns. Analytics increase the ability of users to examine traffic flow, wait times, the efficiency of retail floor plans and much more. This information can then be utilized to address vulnerabilities and improve the operations of the facility.

Building on existing video surveillance systems (or implementing them from scratch) gives employees the support from technology they have come to expect in other areas of their life. By prioritizing upgrades and layering in integration and analytic technology, facilities can increase productivity, safety and efficiency, while also seeing significant ROI in the form of valuable, usable data, streamlined operations and a better overall experience. Technology is the first line of defense in many cases, but it can also be a support, enabling security and operations professionals to do their job more effectively and with the knowledge that their actions are driven by data.

Article Provided By: SecurityMagazine

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Drones Stealing Sensitive Data

Drones Stealing Sensitive Data

DHS warns of Chinese-made drones stealing sensitive data

  • Drones contain components that can steal sensitive data and share on a server accessed beyond the company itself.
  • An industry analysis has revealed that nearly 80% of the drones used in the US and Canada are from DJI, which is headquartered in Shenzhen, China.

The US Department of Homeland Security warns that Chinese-made drones might be sharing sensitive flight data to its manufacturers on a server accessible to the Chinese government.

Contents of the alert

The US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has warned that drones are a “potential risk to an organization’s information” and that it contains components that can steal sensitive data and share on a server accessed beyond the company itself.

“Those concerns apply with equal force to certain Chinese-made (unmanned aircraft systems)-connected devices capable of collecting and transferring potentially revealing data about their operations and the individuals and entities operating them, as China imposes unusually stringent obligations on its citizens to support national intelligence activities,” the alert read, CNN reported.

Which drone manufacturers are suspect?

The alert did not specify any manufacturer. However, industry analysis has revealed that nearly 80% of the drones used in the US and Canada are from DJI, which is headquartered in Shenzhen, China.

Key takeaway

Users are warned to be cautious while purchasing drones from China and to take security measures like turning off the device’s internet connection and removing secure digital cards to avoid data theft.

 

By:  Ryan Stewart

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Next Generation Endpoint Security

Next Generation Endpoint Security

Getting Past the Hype of Next Generation Endpoint Security

We’ve heard the same story for years. Antivirus software is not effective in stopping cyber-attacks, as hackers have adapted their techniques to evade signature-based detections. Even next-generation antivirus, which applies techniques such as machine learning and behavioral analytics, is no more effective at protecting an organization than its older sibling. But why? The simple answer is that nearly all AV and NGAV solutions focus their primary value on the prevention of malicious files – an attack vector that is slowly but surely disappearing in favor of file-less capabilities and the subversion of users and trusted applications.

Worse than their hyper-focus on the irrelevant, they continue to rely on historical attack analysis as a basis for future detections which leaves them unable to make high fidelity preventions and detections in real-time. They lack the visibility and threat intelligence necessary to understand an attacker’s tactics and techniques, which means these so-called NGAV solutions lack the confidence in their ability to identify malicious activity. The evidence of this is when they introduce unnecessary latency with cloud and human analysis, which do not function at the speed required to defend against modern threats.

So where does that leave companies in their search for better protection?

A modern endpoint protection strategy must include prevention, detection, and response capabilities. Effective automation of threat intelligence for prevention, along with robust detection and response means security analysts can spend their time improving defenses instead of repeatedly reacting to incidents caused by the same lack of real-time capabilities and unnecessary latency.

The convergence of Endpoint Detection and Response (EDR) into the Endpoint Protection Platform (EPP) can replace core AV/NGAV capabilities, but can also improve protection against the following:

  • Malware variants, including malware-based ransomware
  • Obfuscated malware, unknown malware, and zero-day attacks
  • Malicious scripts that leverage PowerShell, Visual Basic, Perl, Python, and Java/JAR
  • Memory-resident attacks and other malware-less attacks
  • Malicious use of good software

Of the hundred plus endpoint security vendors, Endgame’s endpoint protection platform and single autonomous agent simplifies antivirus replacement through:

  • Earliest Prevention – Protection against exploits, malware, file-less attacks, and ransomware
  • Fastest Detection and Response – Stops all attacks at the earliest stages of the MITRE ATT&CK™ matrix
  • Automated Threat Hunting – Built in discovery, deployment, and dissolvable agent

Endgame’s Artemis, the first intelligent security assistant, elevates and accelerates operators and analysts by responding to plain English questions and commands.  With Artemis, analysts can prioritize, triage, and remediate alerts in minutes across hundreds of thousands of endpoints that would have otherwise taken hours or days with traditional tools.

In an extremely crowded market, endpoint security tools must provide a simple, cost-effective replacement for antivirus while increasing value. With Endgame, your organization can quickly prevent malware and modern attacks across the entire MITRE ATT&CK framework with a single, autonomous agent.

 

Next Generation Endpoint Security  By: Matt Alderman

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cyber Leak: Are You Protected

Cyber Leak: Are You Protected

Hackers publish personal data on thousands of US police officers and federal agents

 

A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned.

The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. The hackers exploited flaws on at least three of the organization’s chapter websites — which we’re not naming — and downloaded the contents of each web server.

The hackers then put the data up for download on their own website, which we’re also not naming nor linking to given the sensitivity of the data.

The spreadsheets contained about 4,000 unique records after duplicates were removed, including member names, a mix of personal and government email addresses, job titles, phone numbers and their postal addresses. The FBINAA could not be reached for comment outside of business hours. If we hear back, we’ll update.

TechCrunch spoke to one of the hackers, who didn’t identify his or her name, through an encrypted chat late Friday.

“We hacked more than 1,000 sites,” said the hacker. “Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites.” We asked if the hacker was worried that the files they put up for download would put federal agents and law enforcement at risk. “Probably, yes,” the hacker said.

The hacker claimed to have “over a million data” [sic] on employees across several U.S. federal agencies and public service organizations.

It’s not uncommon for data to be stolen and sold in hacker forums and in marketplaces on the dark web, but the hackers said they would offer the data for free to show that they had something “interesting.”

Unprompted, the hacker sent a link to another FBINAA chapter website they claimed to have hacked. When we opened the page in a Tor browser session, the website had been defaced — prominently displaying a screenshot of the encrypted chat moments earlier.

The hacker — one of more than ten, they said — used public exploits, indicating that many of the websites they hit weren’t up-to-date and had outdated plugins.

In the encrypted chat, the hacker also provided evidence of other breached websites, including a subdomain belonging to manufacturing giant Foxconn. One of the links provided did not need a username or a password but revealed the back-end to a Lotus-based webmail system containing thousands of employee records, including email addresses and phone numbers.

Their end goal: “Experience and money,” the hacker said.

 

By: Zack Whittaker

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

65% Increase In Cloud Attacks

65% Increase In Cloud Attacks

Proofpoint Research Reveals 65% Increase In Cloud Application Attacks In Q1 2019; 40% Of Attacks Originating From Nigeria.

 

Proofpoint, Inc., a leading cybersecurity and compliance company, today released its Cloud Application Attack Snapshot: Q1 2019 research, which examined over one hundred thousand cloud application attacks aimed at global organizations between September 2018 and February 2019. Overall, targeting attempts increased by 65 percent during that time period with 40 percent originating in Nigeria. China was the second most prevalent country of origin, with 26 percent of attacks originating from Chinese IP addresses.

Cloud application attacks use intelligence driven brute-force techniques (to crack passwords) and sophisticated phishing methods to lure victims into clicking and revealing their authentication credentials to break into cloud applications including Microsoft Office 365 and Google G Suite. If successful, attackers often increase their foothold in organizations by spreading laterally through internal phishing messages to infect additional users, access confidential information, and fraudulently route funds.

“As organizations continue to move their mission-critical business functions to the cloud, cybercriminals are taking advantage of legacy protocols that leave individuals vulnerable when using cloud applications,” said Ryan Kalember, executive vice president of Cybersecurity Strategy for Proofpoint. “These attacks are laser-focused on specific individuals, rather than infrastructure, and continue to grow in sophistication and scope. As a best practice, we recommend that organizations establish a cloud-first approach to security that prioritizes protecting employees and educates users to identify and report these advanced techniques and methods.”

Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts. This industry, and students especially, are highly vulnerable due to their remote nature.

Additional Proofpoint Cloud Application Attack Research Findings

Brute-Force Cloud App Attack Findings:

· IMAP-based password spraying attacks are the most popular and extensive technique used to compromise Microsoft Office 365 accounts. These attacks occur when cybercriminals attempt common or recently leaked credentials across many different accounts at the same time.

· Most brute-force attacks originated in China (53%), followed by Brazil (39 percent), and the U.S. (31 percent).

· Over 25 percent of examined Office 365 tenants experienced unauthorized logins and over 60 percent were actively targeted. Overall, the success ratio in Q1 2019 was 44 percent.

Phishing Cloud App Attack Findings:

· Most phishing cloud app attacks originate from Nigeria (63 percent), followed by South Africa (21 percent), and the United States via VPNs (11 percent).

· Attackers will often modify email forwarding rules or set email delegations to maintain access. They will also use conspicuous VPN services to bypass conditional access and geolocation-based authentication.

To access Proofpoint’s Cloud Application Attack Snapshot: Q1 2019 research, please visit: Q1 Research Link

Learn More Here…

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Keeping Kids Safe Online

Keeping Kids Safe Online

“Here Be Dragons”, Keeping Kids Safe Online

Sitting here this morning sipping my coffee, I watched fascinated as my 5-year-old daughter set up a VPN connection on her iPad while munching on her breakfast out of absent-minded necessity.

It dawned on me that, while daughter has managed to puzzle out how to route around geofencing issues that many adults can’t grasp, her safety online is never something to take for granted. I have encountered parents that allow their kids to access the Internet without controls beyond “don’t do X” — which we all know is as effective as holding up gauze in front of semi and hoping for the best (hat tip to Robin Williams).

More parents need to be made aware that on the tubes of the Internet, “here be dragons.”

First and foremost for keeping your kids safe online is that you need to wrap your head around a poignant fact. iThingers and their ilk are NOT babysitters. Please get this clear in your mind. Yes, I have been known to use these as child suppression devices for long car rides but, we need to be honest with ourselves. Far too often they become surrogates and this needs to stop. When I was kid my folks would plonk me down in front of the massive black and white television with faux wood finish so I could watch one of the three channels. Too a large extent this became the forerunner of the modern digital iBabysitter.

These days I can’t walk into a restaurant without seeing some family engrossed in their respective devices oblivious of the world around them, let alone each other. Set boundaries for usage. Do not let these devices be a substitute parent or a distraction and be sure to regulate what is being done online for both you and your child.

I have had conversations about what is the best software to install on a system to monitor a child’s activity with many parents. Often that is a conversation borne out of fear of the unknown. Non-technical parents outnumber the technically savvy ones by an order of magnitude and we can’t forget this fact. There are numerous choices out there that you can install on your computer but, the software package that is frequently overlooked is common sense.

All kidding aside, there seems to a precondition in modern society to offload and outsource responsibility. Kids are curious and they will click links and talk to folks online without the understanding that there are bad actors out there. It is incumbent upon us, the adults, to address that situation through education. Talk with your kids so that they understand what the issues are that they need to be aware of when they’re online. More importantly, if you as a parent aren’t aware of the dangers that are online you need to avail yourself of the information.

This is by no means that only choice out there but, it is a good starting point. The Internet is a marvelous collection of information but, as with anything that is the product of a hive mind, there is a dark side. Parents and kids need to take the time to arm themselves with the education to help guard against perils of the online world.

If you don’t know, ask. If you don’t ask, you’ll never know.

 

Keeping Kids Safe Online By:  

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Will Anyone Even Know?

Will Anyone Even Know?

If An Infosec Policy Falls In The Forest

When you are building an Information Security practice you need a solid governance structure in place. For those of you who might not be familiar we can look at it a more accessible way. If you are building a house you need a solid foundation otherwise the thing will collapse.
Much in the same vein, if you do not have a solid set of policies, you are destined to fail.

All is not lost as there are all sorts of resources that are available to help you online. The key point to remember is that with anything you find should never be used verbatim. If you cut and paste a policy you find online and swap the letterhead you should just hang up your tin star now. Do not pass go. Do not collect $200.

Why? Well, let’s cut to the chase. No company is the same as the next. You would be doing yourself and your organization a disservice if you are to maintain this perspective. OK, so if you are maintaining the idea that because you work at Bank A and Bob has a job in governance at Bank B that you will not be able to take their policy and simply use it at your own. Realistically you will need to tailor any policy to your own environment.

If you don’t have a proper governance structure in place it can cause you some angst. As an example, how can you remove an employee who is surfing porn on the Internet if you have no framework in place to deal with such an action? That is the simplest example that comes to mind.

To spin it differently, there was a shop that I worked for at which I was told that I could not use a certain piece of software. It was a fairly benign software application so, I couldn’t help but to ask why. Now, bearing in mind I had no argument with being told no. I was just interested in knowing what the rationale was for that decision. The answer I received was, “because $group said no.”

What?

I asked the unforgivable question. I said, “OK, can I see the documentation regarding that decision? I just want to better understand why.” I was greeted with a Jedi hand wave. This isn’t OK. If you don’t have things documented then they do not exist. Pure and simple.
So, when you are tackling the policies for your organization be sure to go beyond the flaming sword of justice approach to governance. It is simply a dead method for dealing with the foundation for your security program. You want to facilitate the business in a safe and secure way to ensure that security is not the “road block” of old while saving the organization from itself.

When you create your policy documents make sure that they receive reviews from senior leadership, legal and human resources departments. Failing to do so will limit the veracity and adoption of a policy.

If you do not communicate your policies within your organization, how can you expect people to abide by them? Communication is a mainstay of any governance program. Go forth and bring the positive word of security to the masses.

If an information security policy falls in the corporate forest…does anyone read it?

 

Will Anyone Even Know?By: Dave Lewis

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cybersecurity Risks Identified

Malware And Malicious Insiders Accounted For One-Third Of All Cybercrime Costs Last Year, According To Report From Accenture And Ponemon Institute.

The cost to companies from malware and “malicious insider”-related cyberattacks jumped 12 percent in 2018 and accounted for one-third of all cyberattack costs, according to new research published today by Accenture (NYSE: ACN) and the Ponemon Institute.

Based on interviews with more than 2,600 security and information technology (IT) professionals at 355 organisations worldwide, Accenture’s 2019 “Cost of Cybercrime Study” found that the cost to companies due to malware increased 11 percent, to more than US$2.6 million per company, on average, and the cost due to malicious insiders — defined as employees, temporary staff, contractors and business partners — jumped 15 percent, to US$1.6 million per organisation, on average.

Together these two types of cyberattacks accounted for one-third of the total US$13.0 million cost to companies, on average, from cybercrime in 2018, an increase of US$1.3 million in the past year. Similarly, the cost to companies from phishing and from social engineering increased to US$1.4 million per organisation, on average.

The study calculated cybercrime costs as what an organisation spends to discover, investigate, contain and recover from cyberattacks over a four-consecutive-week period, as well as expenditures that result in after-the-fact activities — i.e., incident-response activities designed to prevent similar attacks — and efforts to reduce business disruption and the loss of customers.

“From people to data to technologies, every aspect of a business invites risk and too often security teams are not closely involved with securing new innovations,” said Kelly Bissell, senior managing director of Accenture Security. “This siloed approach is bad for business and can result in poor accountability across the organisation, as well as a sense that security isn’t everyone’s responsibility. Our study makes it clear that it’s time for a more holistic, proactive and preventative approach to cyber risk management involving full business engagement across the entire ecosystem of partners.”

Other notable findings of the study include:

In 2018, surveyed companies each recorded an average of 145 cyberattacks — resulting in the infiltration of a company’s core networks or enterprise systems — an 11 percent increase over 2017 and 67 percent higher than five years ago.
Malware is the most expensive type of attack, costing companies US$2.6 million, on average, followed by web-based attacks, at US$2.3 million.
The number of organisations experiencing ransomware attacks increased by 15 percent in 2018, with the costs increasing 21 percent, to approximately US$650,000 per company, on average. The number of ransomware attacks more than tripled in the past two years.
Six in seven companies (85 percent) experienced phishing and social engineering cyberattacks in 2018 — a 16 percent increase over 2017 — and three-quarters (76 percent) suffered web-based attacks.
Automation, orchestration and machine-learning technologies were deployed by only 28 percent of organisations — the lowest of the technologies surveyed — yet provided the second-highest cost savings for security technologies overall, at US$2.9 million.

Companies in the United States experienced the greatest increase in costs due to cybercrime in 2018, at 29 percent, with a cost of US$27.4 million per company, on average — at least double that of companies in any other country surveyed. Japan was the next highest, at US$13.6 million, followed by Germany, at US$13.1 million, and the U.K., at US$11.5 million. The countries with the lowest total average costs per company were Brazil and Australia, at US$7.2 million and US$6.8 million, respectively.

“Increased awareness of people-based threats and adopting breakthrough security technologies are the best way to protect against the range of cyber risks,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Our report not only illustrates our joint commitment with Accenture to keep security professionals informed about the nature and extent of cyberattacks, but also offers practical advice for companies to improve cybersecurity efforts going forward.”

For more information on security investments that can help organisations effectively deal with cyber risks, visit: https://www.accenture.com/us-en/insights/security/cost-cybercrime-study.

Methodology
The study, conducted by the Ponemon Institute on behalf of Accenture, analyses a variety of costs associated with cyberattacks to IT infrastructure, economic cyber espionage, business disruption, ex-filtration of intellectual property and revenue losses. Data was collected from 2,647 interviews conducted over a seven-month period from a benchmark sample of 355 organisations in 11 countries: Australia, Brazil, Canada, France, Germany, Italy Japan, Singapore, Spain, the United Kingdom and the United States. The study represents the annualised cost of all cybercrime events and exploits experienced over a one-year period from 2017 to 2018. These include costs to detect, recover, investigate and manage the incident response. Also covered are costs that result in after-the-fact activities and efforts to contain additional expenses from business disruption and the loss of customers.

About Accenture
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialised skills across more than 40 industries and all business functions — underpinned by the world’s largest delivery network Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With 469,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.

Accenture Security helps organisations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organisations’ valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.

Learn More Here…

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

New Privacy for Facebook

New Privacy for Facebook

A New Privacy Constitution for Facebook

Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferouscritics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public sharing that has long defined the platform, even while conceding that “frankly we don’t currently have a strong reputation for building privacy protective services.”

There is ample reason to question Zuckerberg’s pronouncement: The company has made — and broken — many privacy promises over the years. And if you read his 3,000-word post carefully, Zuckerberg says nothing about changing Facebook’s surveillance capitalism business model. All the post discusses is making private chats more central to the company, which seems to be a play for increased market dominance and to counter the Chinese company WeChat.

In security and privacy, the devil is always in the details — and Zuckerberg’s post provides none. But we’ll take him at his word and try to fill in some of the details here. What follows is a list of changes we should expect if Facebook is serious about changing its business model and improving user privacy.

How Facebook treats people on its platform

Increased transparency over advertiser and app accesses to user data

Today, Facebook users can download and view much of the data the company has about them. This is important, but it doesn’t go far enough. The company could be more transparent about what data it shares with advertisers and others and how it allows advertisers to select users they show ads to. Facebook could use its substantial skills in usability testing to help people understand the mechanisms advertisers use to show them ads or the reasoning behind what it chooses to show in user timelines. It could deliver on promises in this area.

Better — and more usable — privacy options

Facebook users have limited control over how their data is shared with other Facebook users and almost no control over how it is shared with Facebook’s advertisers, which are the company’s real customers. Moreover, the controls are buried deep behind complex and confusing menu options. To be fair, some of this is because privacy is complex, and it’s hard to understand the results of different options. But much of this is deliberate; Facebook doesn’t want its users to make their data private from other users.

The company could give people better control over how — and whether — their data is used, shared, and sold. For example, it could allow users to turn off individually targeted news and advertising. By this, we don’t mean simply making those advertisements invisible; we mean turning off the data flows into those tailoring systems. Finally, since most users stick to the default options when it comes to configuring their apps, a changing Facebook could tilt those defaults toward more privacy, requiring less tailoring most of the time.

More user protection from stalking

Facebook stalking” is often thought of as “stalking light,” or “harmless.” But stalkers are rarely harmless. Facebook should acknowledge this class of misuse and work with experts to build tools that protect all of its users, especially its most vulnerable ones. Such tools should guide normal people away from creepiness and give victims power and flexibility to enlist aid from sources ranging from advocates to police.

Fully ending real-name enforcement

Facebook’s real-names policy, requiring people to use their actual legal names on the platform, hurts people such as activists, victims of intimate partner violence, police officers whose work makes them targets, and anyone with a public persona who wishes to have control over how they identify to the public. There are many ways Facebook can improve on this, from ending enforcement to allowing verifying pseudonyms for everyone — not just celebrities like Lady Gaga. Doing so would mark a clear shift.

How Facebook runs its platform

Increased transparency of Facebook’s business practices

One of the hard things about evaluating Facebook is the effort needed to get good information about its business practices. When violations are exposed by the media, as they regularly are, we are all surprised at the different ways Facebook violates user privacy. Most recently, the company used phone numbers provided for two-factor authentication for advertising and networking purposes. Facebook needs to be both explicit and detailed about how and when it shares user data. In fact, a move from discussing “sharing” to discussing “transfers,” “access to raw information,” and “access to derived information” would be a visible improvement.

Increased transparency regarding censorship rules

Facebook makes choices about what content is acceptable on its site. Those choices are controversial, implemented by thousands of low-paid workersquickly implementing unclear rules. These are tremendously hard problemswithout clear solutions. Even obvious rules like banning hateful words run into challenges when people try to legitimately discuss certain important topics. Whatever Facebook does in this regard, the company needs be more transparent about its processes. It should allow regulators and the public to audit the company’s practices. Moreover, Facebook should share any innovative engineering solutions with the world, much as it currently sharesits data center engineering.

Better security for collected user data

There have been numerous examples of attackers targeting cloud service platforms to gain access to user data. Facebook has a large and skilled product security team that says some of the right things. That team needs to be involved in the design trade-offs for features and not just review the near-final designs for flaws. Shutting down a feature based on internal security analysis would be a clear message.

Better data security so Facebook sees less

Facebook eavesdrops on almost every aspect of its users’ lives. On the other hand, WhatsApp — purchased by Facebook in 2014 — provides users with end-to-end encrypted messaging. While Facebook knows who is messaging whom and how often, Facebook has no way of learning the contents of those messages. Recently, Facebook announced plans to combine WhatsApp, Facebook Messenger, and Instagram, extending WhatsApp’s security to the consolidated system. Changing course here would be a dramatic and negative signal.

Collecting less data from outside of Facebook

Facebook doesn’t just collect data about you when you’re on the platform. Because its “like” button is on so many other pages, the company can collect data about you when you’re not on Facebook. It even collects what it calls “shadow profiles”—data about you even if you’re not a Facebook user. This data is combined with other surveillance data the company buys, including health and financial data. Collecting and saving less of this data would be a strong indicator of a new direction for the company.

Better use of Facebook data to prevent violence

There is a trade-off between Facebook seeing less and Facebook doing more to prevent hateful and inflammatory speech. Dozens of people have been killed by mob violence because of fake news spread on WhatsApp. If Facebook were doing a convincing job of controlling fake news without end-to-end encryption, then we would expect to hear how it could use patterns in metadata to handle encrypted fake news.

How Facebook manages for privacy

Create a team measured on privacy and trust

Where companies spend their money tells you what matters to them. Facebook has a large and important growth team, but what team, if any, is responsible for privacy, not as a matter of compliance or pushing the rules, but for engineering? Transparency in how it is staffed relative to other teams would be telling.

Hire a senior executive responsible for trust

Facebook’s current team has been focused on growth and revenue. Its one chief security officer, Alex Stamos, was not replaced when he left in 2018, which may indicate that having an advocate for security on the leadership team led to debate and disagreement. Retaining a voice for security and privacy issues at the executive level, before those issues affected users, was a good thing. Now that responsibility is diffuse. It’s unclear how Facebook measures and assesses its own progress and who might be held accountable for failings. Facebook can begin the process of fixing this by designating a senior executive who is responsible for trust.

Engage with regulators

Much of Facebook’s posturing seems to be an attempt to forestall regulation. Facebook sends lobbyists to Washington and other capitals, and until recentlythe company sent support staff to politician’s offices. It has secret lobbying campaigns against privacy laws. And Facebook has repeatedly violated a 2011 Federal Trade Commission consent order regarding user privacy. Regulating big technical projects is not easy. Most of the people who understand how these systems work understand them because they build them. Societies will regulate Facebook, and the quality of that regulation requires real education of legislators and their staffs. While businesses often want to avoid regulation, any focus on privacy will require strong government oversight. If Facebook is serious about privacy being a real interest, it will accept both government regulation and community input.


User privacy is traditionally against Facebook’s core business interests. Advertising is its business model, and targeted ads sell better and more profitably — and that requires users to engage with the platform as much as possible. Increased pressure on Facebook to manage propaganda and hate speech could easily lead to more surveillance. But there is pressure in the other direction as well, as users equate privacy with increased control over how they present themselves on the platform.

We don’t expect Facebook to abandon its advertising business model, relent in its push for monopolistic dominance, or fundamentally alter its social networking platforms. But the company can give users important privacy protections and controls without abandoning surveillance capitalism. While some of these changes will reduce profits in the short term, we hope Facebook’s leadership realizes that they are in the best long-term interest of the company.

Facebook talks about community and bringing people together. These are admirable goals, and there’s plenty of value (and profit) in having a sustainable platform for connecting people. But as long as the most important measure of success is short-term profit, doing things that help strengthen communities will fall by the wayside. Surveillance, which allows individually targeted advertising, will be prioritized over user privacy. Outrage, which drives engagement, will be prioritized over feelings of belonging. And corporate secrecy, which allows Facebook to evade both regulators and its users, will be prioritized over societal oversight. If Facebook now truly believes that these latter options are critical to its long-term success as a company, we welcome the changes that are forthcoming.


By: Bruce SchneierAdam Shostack

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cyber Culture

Organizational Approach to Cyber Culture

Organizational Approach to Cyber Culture

Predictions aren’t easy, especially in the chaotic world of cybersecurity. The threat landscape is ever-growing, all thanks to offensive and defensive technologies and nation-state attacks emerging at a fanatic pace with advanced scope and sophistication. The following post emphasizes how one can improve a company’s cyber security culture.

What is a security culture? A facet of the broader corporate culture, it encourages employees to make decisions and fulfill day-to-day duties – while adhering to the organization’s ongoing security policies. By using security best-practices, employees can mitigate cyber risks and improve compliance with even the most severe regulations. A security culture, however, is a healthy mix of knowledge and follow-through.

Why it’s essential to build a healthy security culture?

Do you know what an organization’s culture requires the most? Care and feeding on a daily basis; with security emerging as a critical issue, business owners are investing heavily in promoting a security-aware culture. Now, do you think a sustainable security culture is just a single event? Definitely not! When a security culture is sustainable, chances are it transforms security from a one-time event into a lifecycle that generates security returns forever.

What makes a sustainable security culture? It’s based on four features: It must be deliberate and disruptive. Second, it has to be engaging and fun. Third, it turns out to be rewarding. Fourth, it provides a great return on investment.

Most important of all, a sustainable security culture has to be persistent. Don’t consider it as a one-time investment – it’s embedded in everything you do.

What follows are several tips that can improve a company’s security culture:

Make security accessible

Security constraints and skill shortages are some of the biggest challenges. It’s a common, but misleading, belief that only the most senior executives should handle security.  That’s not the case at all. Instead, everyone should own a company’s security solution and culture.

While this might seem difficult, it’s not impossible. All you need to do is incorporate security at the highest level of your existing environment. Moreover, keep updating software, corporate policies and make sure that security remains a non-negotiable agreement for a lifetime. This means those who have (CISO, CSO) in their titles won’t be the only ones with clear access to security. Access and responsibility is from C-level execs – all the way down to individual managers.

Train employees

Many people may find cybersecurity training quite labor intensive. However, if we view cybersecurity training in the long-term, it’s not so! The good news is there’s a variety of training available – from traditional PowerPoint presentations conducted by an IT team member to more modern options. Another interesting way to foster a security-centric culture is by conducting role-playing games. For example, let employees review security-related cases and decide how to solve specific problems in alignment with your company’s security policy. Using this approach makes learning in a fun, yet practical way to follow security policy – without posing any risk to the organization.

Secure executive support

There is no harm in seeking executive support to create a successful cyber culture. This eventually helps boost profitability to a great extent. In addition, when building support – try to set realistic expectations.

Ask employees to report incidents

Communication is key to success. A company is more like a community of employees that ends up being socially responsible. Here, management should encourage employees to report not just full-fledged incidents, but even the smallest suspicious activities encountered throughout the day. By getting employees on board with reporting, you’ll increase the rate of spotting cybersecurity issues – and hopefully reduce the chance of serious incidents.

Building a strong security culture takes work. As the old expression goes: “Slow and steady always wins the race”. –This means you must continuously promote cybersecurity awareness. Approach information security with the same level of engagement and responsibility as you would with financial and other corporate risks.

Final thoughts

Incorporating an effective security culture can positively change how an organization approaches it. Keep in mind that change takes time, so expecting employees to become pen-testing Ninjas or experts who can write secure code while they sleep is a waste of time. But with the right process and attitude, you’ll eventually get there.

So it’s time to brush up your defense skills that embrace and reward the adoption of good cyber security behavior.

What kind of security culture do you have? 

by Vikash Chaudhary

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

1 2 3 4