Integrators Meet Cybersecurity Challenges Head-on at New PSA Security Network Event
Leading systems integrators took in presentations from cybersecurity experts to get a grip on what they need to do to safeguard their businesses, as well as explore potential opportunities.
WESTMINSTER, Colo. ― Some 150 security industry professionals, most of them systems integrators, were on hand for what may very well be looked back upon as an historic event: PSA’s Cybersecurity Congress. The two-day conference was the first of its kind to focus solely on how cyber threats and attacks affect physical security integrators’ businesses and networked technology solutions. Attendees were engrossed and at times unnerved as expert speakers and panelists weighed in on numerous issues ranging from hacking and vulnerabilities to liabilities and insurance to best practices for good cyber hygiene to new revenue and partnering opportunities. The overriding message integration company owners and managers took away from the seminar ― of which Security Sales & Integration and its sister publication ChannelPro served as exclusive media partners ― was at a bare minimum to immediately and proactively implement formal cyber policies within their own firms.
Following are some highlights from the presentations …
Spanning the Scale of Cyber Threats: Critical Issues Facing the Senior Leader (Bosch Security Systems Technical Engineer David Brent and SecureXperts President & CEO Darnell Washington) ― Brent introduced the concept of Cyber Incident Response Teams (CIRT), saying “Everyone should have one.” An organization’s CIRT should include personnel from executive management, IT, information security, physical security, legal, human resources, public relations and IT and financial auditors. “Laws are not keeping up with what is happening today,” Brent said. “You need to do penetration testing and physical security audits to find your weaknesses. And run regular back-ups.” Use of the cloud came up during the session, bringing a difference of opinion among the presenters. While Brent advised avoiding the cloud, Washington offered another vantage point. “The cloud has risks like any other platform,” he said. “But there is a maturity plan and it is the direction businesses are going to take due to its many advantages.”
RELATED: It’s Time to Take Cybersecurity Seriously
Legal Liability: Uncovering and Mitigating Hidden Risks (Titan Info Security Group Attorney David Willson) ― Willson provided some very interesting perspectives from his firsthand experiences regarding corporate cultures and dynamics often at play that can negatively affect shoring up cybersecurity within organizations. “The C-level pushes cyber threats and security off to IT because they don’t want to deal with it, and IT does not want to admit they are ill-equipped to deal with it and cause waves,” he said. “So both sides are often in denial.” Willson pointed out how it is largely possible to place a monetary figure on breaches, by calculating losses due to downtime, and the time/money to rebuild. However, sometimes even more significant but difficult to quantify is the damage it can inflict upon a business’ reputation. Willson also spoke of the vulnerabilities workers pose and the ineffectiveness of antivirus programs. “Employees are the weakest link for a business,” he said. “And antivirus programs are only effective up to 20% of the time, because they cannot keep up with the inundation of threats.”
Nine Steps to Manage the Insider Threat (Raytheon Cyber Products Senior Program Manager for Insider Threat Daniel Velez) ― Velez advised a continuous cycle of auditing and monitoring internal processes and activities to maintain cybersecurity, and he (as did others) highly recommended taking applicable courses through Carnegie Mellon University. The nine steps he detailed were: 1) Start the program; 2) Make the business case clear; 3) Build the staff to support it; 4) Determine who should be involved; 5) Obtain insider education; 6) Uphold governance and oversight; 7) Document the activity; 8) Select a tool that fits; 9) Develop implementation plan.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.