High-Tech Hackers -- Security Today

Companies meet the threat of online fraud head-on

High-Tech Hackers

By Mike Paquette
Nov 05, 2007

Driven by the age-old lure of easy money, many of today’s criminals are using high-tech cyber crimes and sophisticated building entry methods to commit identity theft and financial fraud. Organizations need to invest in information management and security technology to protect themselves against the evolving threat landscape.

Security has long focused on preventing break-ins to physical facilities and the IT infrastructure. However, instead of a reactive approach to improving security in the face of experienced threats, organizations are now being more proactive in establishing security policies. Companies are building systems that integrate all of an organization’s physical and logical security to better defend the business and protect the privacy of customers and employee data.

Contrary to conventional wisdom, these culturally and technologically disparate worlds of physical access control and IT network protection are closely linked, and existing assets are currently being leveraged in a converged solution.

Data Leakage
The role of security is changing dramatically. As technological capabilities have finally caught up with security theory, many organizations are experiencing the convergence of physical and IT security for unified enterprise security management. And as these companies are realizing its benefits, the industry is beginning to redefine the role of security. Why the renewed push for convergence in security structures? How are physical and IT security related, and how will one affect the other in the long run?

The driver behind today’s movement toward converged IT and physical security is the realization that a data breach can be extremely costly to an organization. Hardly a day goes by when a high-profile data breach that has compromised the personal information of employees, citizens or customers isn’t in the headlines. A recent study shows that the majority of these breaches are enabled by the theft or loss of physical property, such as laptop computers and portable storage devices (e.g., USB drives). However, computers compromised by malicious software, called malware, are another leading cause of a data breach. Organizations must create a unified security policy that addresses the physical security of computing systems and portable storage media and the IT security policy for the kind of data that can reside on these media.

On the IT security side, organizations must decide whether to require hard-drive encryption on all employee laptop computers or to install software that prohibits the use of USB drives on company computers. In addition, information control policies should specify clearly what kind of information may be stored on laptop computers.

On the physical security side, traditional and new loss protection steps must be employed. Laptop cable locks should be used not only in hotels and meeting spaces, but also when the laptop is locked in the car. USB drive use should be prohibited or, at least, controlled. It’s possible for organizations to install RFID systems on USB drives for employees who are authorized to use them.

Within the organization’s IT infrastructure, network security issues are changing daily, and it is often difficult to keep up with the current threat landscape. Attacks are becoming more sophisticated, and organizations are facing new and increasingly dangerous security threats. Random threats that once plagued the enterprise are not what they used to be—as attacks are evolving into clever, targeted schemes that are finding ways to compromise computers, steal data and seriously affect network systems. To combat these new threats, security strategies need to evolve at the same rate—with organizations being more proactive in their security strategies, moving beyond simple detection to implementing technologies and techniques that proactively block malicious traffic—without degrading network quality.

Security Siblings
Both sides of security each strive for greater, tighter controls across an enterprise while still enabling business. The physical aspect protects organizations by preventing entry from unauthorized users and by protecting the loss of property. The IT side protects intellectual property and customer data by deploying technologies such as firewalls, network admission control and intrusion prevention systems to prevent network attacks. It only makes sense that these two seemingly different systems can work together to not only enhance a company’s security posture, but also protect the continued operation of the enterprise.

Network security and physical security are similar in nature, so much so that they can be characterized as siblings separated at birth.

IT network security almost always starts with a network firewall, which provides controls of whose computer can access which systems. The firewall is like a receptionist with a door buzzer in the physical realm. The receptionist “signs you in” if you don’t look like a bad guy (authentication), “buzzes you in” afterward (access control), but then doesn’t know what you’re doing while you’re behind the closed door. If you appear to be untrustworthy, or do not have your badge, then the receptionist does not allow you access to the facility.

The IT network intrusion detection system is very much like a closed-circuit video camera system. It’s useless for protection unless there is a diligent and insightful staff to watch it all the time. Such staff can see activity—who’s coming or going and if they’re trying to pick the lock or break down the door.

Organizations are now deploying network IPS in their IT infrastructures. These devices operate similarly to a firewall, but with much more thorough inspection of the traffic coming into and out of the network.

In the physical security world, the IPS would be best represented by the previously-mentioned receptionist followed by a metal detector, a bomb-sniffer, an X-ray machine and a pat-down searcher. Only after a thorough inspection is the visitor allowed to gain access into the facility. In addition, visitors are scanned upon exit of the facility, as well.

The Need to Converge
As the threat landscape changes, the critical threat of the data breach is driving a need to converge physical and network security. No longer is it sufficient to make sure that physical property is not stolen from the facility. It also is important to help employees secure laptops at home, in transit and at remote office locations.

Securing company data requires proactive steps from both the IT security and the physical security elements of an organization. A unified security policy, covering both IT and physical security, is the effective way to reduce risks and losses associated with a data breach.

Securitas Technology Launches Sustainability Initiative
09/19/2024
Allied Universal Security Professional Frederick Tucker Honored for Life-Saving Actions During Library Shooting
09/16/2024
PureTech Expands Integrated Solutions with Axis Communications
09/13/2024
ISC East Announce Keynote Speakers and Education Track for 2024 Conference
09/12/2024
ASSA ABLOY Acquires Level Lock
09/12/2024
Genetec Expands Security Center SaaS With Launch of Operations Center
09/11/2024
Research: 12 Percent of CISOs Faced Budget Reductions in 2024
09/10/2024
Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution
09/05/2024

Featured

It Always Rains in Florida

Over the years, and many trips to various cities, I have experienced some of the craziest memorable things. One thing I always count on when going to Orlando is a massive rainstorm after the tradeshow has concluded the first day. Count on it, it is going to rain Monday evening. Expect that it will be a gully washer. Read Now
- Industry Events
Live from GSX 2024 Preview

It’s hard to believe, but GSX 2024 is almost here. This year’s show runs from Monday, September 23 to Wednesday, September 25 at the Orange County Convention Center in Orlando, Fla. The Campus Security Today and Security Today staff will be on hand to provide live updates about the security industry’s latest innovations, trends, and products. Whether you’re attending the show or keeping tabs on it from afar, we’ve got you covered. Make sure to follow the Live from GSX page for photos, videos, interviews, product demonstrations, announcements, commentary, and more from the heart of the show floor! Read Now
- Industry Events
Elevate Your Business

In today’s dynamic business environment, companies specializing in physical security are constantly evolving to remain competitive. One strategic shift these businesses can make to give them the advantage is a full or partial transition to a recurring revenue model, popularly called a subscription service. This approach will bring numerous benefits that not only enhance business stability but also improve customer relationships and drive innovation. Recurring monthly revenue (RMR) or recurring annual revenue (RAR) are two recurring cadence choices that work simply and effectively. Read Now
- Dealers and Integrators
Playing a Crucial Role

Physical security technology plays a crucial role in detecting and preventing insider cybersecurity threats. While it might seem like a stretch to connect physical security with cyber threats, the two are closely intertwined. Here’s how physical security technology can be leveraged to address both external and internal threats. Read Now
- Dealers and Integrators

Webinars

Napco Access Pro, Eagle Eye Networks Inc, Occupational Health & Safety, Security Today

The Security and Safety Summit
Salient Systems, Hanwha Vision (formerly Hanwha Techwin), Omnilert, Eagle Eye Networks Inc, HID Global, i-PRO Americas Inc., Arcules, Napco Access Pro

Before And After The School Bell Rings: K-12 Life Safety is 24-7-365
Hanwha Vision (formerly Hanwha Techwin), Eagle Eye Networks Inc, Salient Systems, Alcetel-Lucent Enterprise, IPVideo Corporation

Smart Buildings: Focus on Networking and Video Surveillance

Whitepapers

Securitas Technology

Optimizing Security and Business Performance
American Funding Solutions

Securing Cash Flow: How Invoice Factoring Helps Security Companies Grow
Arcules

Physical security shift happens

New Products

Mobile Safe Shield

SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3
HD2055 Modular Barricade

Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3
Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3