As professional security integrators, we understand how to do physical security containment. We build moats with hungry alligators that have pet piranha . . . maybe in my dreams. Actually we do fencing, outdoor monitoring and detection, guards, locked doors, access control, video and alarm systems; stuff we can see, touch and feel. Stuff we can sell by the pound. The castle walls are now secure! The job is done, so what else could possibly go wrong? Plenty!
New interlopers have moved into the kingdom and have brought their extended family with them, consisting of poachers, scalawags and rogue nations that are intent in doing your customers harm. They are not well mannered and don’t bend their knees at the court of physical security. They are giants and can easily penetrate the castle walls by simply stepping over them. They do this through tactical communication links, flattery, fanning the flames of curiosity and preying on our digital world of instant connectivity. They choose social engineering to be invited across the drawbridge through open gates, and failing that they will use muscle and brute force.
No Company Safe From Potential Devastation
Paul, what the heck are you rambling on about? Cybersecurity awareness, of course. Specifically, our role in becoming more proactive to protect our client’s kingdom from these devious and dangerous attackers. Ah, but hold on, you say. “Not my problem. Not my job. Not my concern. Not our expertise.” Well, not so fast.
Here are two words to consider: Target hack. This is THE object lesson for an unfortunate HVAC integrator who inadvertently opened the drawbridge to the hordes that invaded the Target castle. Poor internal cybersecurity practices coupled with electronic payment connectivity to Target’s network provided the path that routed Target’s customers’ credit cards.
The impact? Customer, banking and credit card processor lawsuits against Target, as well as the loss of reputation, brand strength and shareholder value. The mechanical contractor was the victim of a sophisticated “Citadel” E-mail phishing attack that stole login credentials of an employee. They did not have active malware protection; relying instead on a free, on-demand, single user’s license software solution. The contractor connected with Target for project management updates, con-tract/proposal submissions and electronic payment — all things that deliver better customer service, right?
Does this send a shiver up your spine? It should. What happened to Target and its fallout could happen to your company (and your customers) if you don’t become more aware and pro-active about cybersecurity and your responsibilities of being a professional security integrator. The threat of cybersecurity attacks is increasing in sophistication, number and severity. It is well-funded and professional. It is also a rogue nation state sup-ported by using military personnel and infrastructure to hack information. If you have “security” anywhere in your business name, you have probably been targeted and probed for weakness. Don’t believe it? Then take a look at your firewall or router logs for last week. Just don’t do this with a hot cup of coffee in your hands, it could get messy.
Be Protective and Proactive Against Threats
So what should you do about these barbarians at the gate? Start with some simple steps to fortify your fortress.
1. Educate, educate, educate your employees about spear phishing attacks. These are cunningly designed to seem real, nonthreatening and familiar to E-mail readers. One wrong click and the gate has been opened wide, and the hordes very quietly tiptoe into the kingdom. Always be skeptical, be slow on the mouse button, and check back with the sender before clicking.
2. Get real-time, professional malware that has multiseat licenses to protect everyone using E-mail at your company.
3. Make sure your IT support team is up to date in their training, awareness, tools and focus. Ask how they are monitoring network activity and alerts. Like physical security solutions, the longer it takes to know that a cyber event is occurring, the worse the outcome is likely to be.
4. Attend cybersecurity-focused industry events to arm yourself with knowledge and awareness. PSA-TEC in May would be a great place to start.
The biggest takeaway is, don’t fall asleep on the wall. As protectors of the kingdom we want you on that wall, we need you on that wall and . . . you can handle the truth!