Report: Some Clients Are Still Slow to Adopt the Cloud

June 13, 2024 Pete Cavicchia

Over the past decade, integrated cloud solutions have been central to any modern security system.

Now, a recent deep dive report from Craig MacCormack in Security Sales & Integration reveals that there are still some holdouts among end-point users to turn over their data and embrace the cloud. Leading security integrators are making these holdouts come around to the tech, which is indispensable to any effective physical security approach.

MacCormack writes that, despite some stubborn hesitance, security systems integrators “are starting to have more success in getting their clients to transition to cloud-based access control and video surveillance services.” This may entail systems that are located on site, offsite, or a hybrid combination of the two. MacCormack speaks with a range of experts in the field, who offer a comprehensive snapshot of where the industry is today with cloud adoption.

A growing trend

“People are seeing that you’re starting to use cloud solutions for their operations, so they’re more open to it…having a Software-as-a-Service (SaaS) offering from Genetec on the market could help Infynia’s quest to increase its penetration into cloud-based installations,” says Alexander Reid, president of physical security firm Infynia, based out of Montréal, Québec. “We were kind of missing that in the past…Now, we’re leading with cloud when we do a pitch, so we’re getting more traction than we used to in the past. We’re seeing more opening, but there’s still some resistance from our client base.”

One way that the company has been able to convince clients that the cloud is the way to go is to provide concrete evidence that cloud-based, integrated security systems “will be separate from the customer network.”

Some of the resistance stems from today’s increasingly more complicated tech-centric world. Rob Hile, director of commercial business for GC & E Systems Group, tells MacCormack that when discussing integrated cloud systems, the industry has moved beyond just “passing data packets.”

Instead, it’s about leveraging high-frame-rate video, analytics, and other AI-fueled data. All of this requires very robust cloud systems.

“Traditionally, I can get your access control events to go to the cloud. I can get your basic video to go to the cloud. But when you start layering on the AI and the advanced analytics and third-party plugins and integrations. That’s not ready yet,” Hile says of one reality of currently available systems.

How to sell the cloud to clients

From the vantage point of firms trying to sell clients on adopting these cloud systems, Hile tells MacCormack that a very specific skill set is required to get the deal done.

“When you talk about an on-prem system, you’re talking about sizing the server accordingly, making sure that the server has enough horsepower for the analytics and the cameras, making sure everything is on prem,” Hile adds. “When you look at the cloud and you look at a cloud deployment, you kind of take that whole model and you turn it on its head…The server infrastructure is infinitely scalable. You don’t have a prem server, so you don’t have to have rack space. You don’t have to have a lot of this stuff that we have to design into the premise-based system.”

It may seem like a brave new world for the physical security industry, but to keep a company’s data safe and secure and make the most of access control systems and connected security cameras, the cloud is the way to go.

For MacCormack’s complete article, with insights from additional industry leaders, read the full piece here.

Researchers: Malware-Fueled Blackouts in Ukraine Offer a Physical Security Warning

May 30, 2024 Pete Cavicchia

Right now, Russia’s war in Ukraine dominates much of the world’s headlines. Not only is it a pressing global concern, but the conflict also illustrates troubling realities that physical security stakeholders are reckoning with.

A report that was presented May 20 at the IEEE Symposium on Security and Privacy examines the physical security implications of malware attacks in Ukraine by bad actors. The research was led by a team of UC Santa Cruz students who shed a spotlight on “Industroyer One and Two” — two infamous malware attacks that took place in 2016 and 2022, respectively.

That first 2016 attack saw Ukrainians live through what is believed to be the first known blackout caused by pernicious malware. That attack targeted the country’s power grid, resulting in one-fifth of Kyiv citizens to live in total darkness. The second 2022 attack took place during the current war.

“Malware attacks against physical infrastructure have long been a looming threat in the realm of cybersecurity, but these two in Ukraine were the first attacks of their kind, and have received little attention from the academic community,” reads a UC Santa Cruz press release announcing the research.

Alvaro Cardenas is an associate professor of computer science and engineering, who advised the student research team. He says in the release that, while current physical infrastructure systems are very vulnerable, not much is said about the threat malware can pose. This is a problem that should worry every country, not just Ukraine.

“When you see a nation state designing malware to take down the power grid of another country, that seems to be a big deal. Our critical infrastructures are vulnerable to these kinds of attacks, so we need to be better prepared to defend,” Cardenas says.

Cardenas and his team of student researchers say bringing attention to these attacks can help governments and private entities know how to fortify their systems against future attacks. The researchers point out that malware attacks are only becoming “stealthier.”

This means that not only do security stakeholders need to be more educated on how these cyber-attacks can directly impact physical safety and wellbeing, but they also must think outside the box to devise advanced systems to halt these bad actors in their tracks.

To that end, Cardenas and his students are creating a “honeypot” decoy software that will give off the impression that it is a “working system” and could attract malware attacks, alerting security officials that an outside hacker is trying to target their systems. While the conflict in Ukraine might seem a world away, Cardenas says that this is something people in the United States must be aware of.

“The attacks could happen here [the U.S.], or pretty much anywhere in the world,” he says in the release. “Systems are now all controlled by computers and have pretty much the same technology.”

Physical Security Market Report Shows Surge in Global Terror Attacks 2024 to 2032

May 1, 2024 Pete Cavicchia

A new report on the projected overall outlook of the global physical security market shows that escalating threats that have been brewing in recent years will sadly only continue. This reality is bleak, but it also means there will be great gains for the physical security industry. New innovations will only continue to be developed to address these shifts.

The new report from Research and Markets was just released, according to a press release published by Yahoo Finance.

Among the top-line findings, the report shows that, while the physical security market scaled to a high $123 billion in the year 2023, look for that number to hit an astonishing $211.4 billion within the next decade — by the year 2032.

This is partly due to the increased presence of threats like terror attacks, which have reached a fever pitch around the world.

Attacks have escalated in nearly every region of the world. That means governments and private entities alike have had to make investments in improved video surveillance and access control systems, according to the report. They cite advanced drones, smart fence sensors, as well as “mass notification systems” (MNS) at large communal events and official government proceedings as being drivers for growth and innovation in the physical security sector.

“Apart from this, the integration of artificial intelligence (AI) to identify potential areas of compromise while analyzing images, videos, and other data to differentiate threats from standard activities are providing an impetus to market growth. Moreover, the increasing awareness about physical security solutions in residential spaces owing to the increasing theft and robbery incidences is acting as another growth-inducing factor,” reads the release. “Furthermore, the installation of automated home security solutions for door locking and intruder, fire, and LPG gas leakage detections are positively influencing the market growth.”

These high-tech physical security responses also mean more personnel must be hired and trained. Essentially, the necessity to better respond to terror threats can be an economic and workforce driver.

The report also spotlights the implementation of cloud-based data storage and the “rising demand for video surveillance” technology as factors that are contributing to the current — and future — physical security boom.

In a world where global threats to everyone’s safety and wellbeing become ever more sophisticated, private, and public stakeholders have to do everything they can to harness the most advanced tools available to them. Reports like this one only underscore how innovative and creative physical security solutions are driving a revolution in how people, cities, and even governments at large stay safe and secure.

For Physical Security Managers, It’s Time to Embrace a Hybrid-Cloud Model

April 24, 2024 Pete Cavicchia

When it comes to modern physical security approaches, the necessity of the cloud can’t be minimized. Tried and true traditional models for on-site security options are needed, too.

This is where modern innovation enters the conversation.

In a new piece for Security Magazine, Laurent Villeneuve writes that cloud technology has created “faster, easier, physical security deployments,” which have meant that hybrid-cloud programs are becoming the norm. Villeneuve, of Genetec, points to research from his firm that reveals 60% of today’s companies “are moving towards a blend of on-premises and cloud-based solutions.”

The benefits of hybrid models

This blended approach has several benefits. First, hybrid-cloud models give companies flexibility in bringing their plans for security to fruition. Villeneuve writes that businesses that have several locations must harness the cloud to offer tailored approaches to each building’s unique needs.

“They might run some larger density sites on local infrastructure, monitor global deployments in a. Fully hosted environment, and set up smaller remote sites with direct-to-cloud devices,” Villeneuve adds.

If there are multiple systems stemming from local devices or tethered to the cloud, companies can streamline them all — connecting everything to a “central head end.” This improves efficiency and gives security managers a greater sense of control and peace of mind, knowing everything goes back to one central hub.

“With hybrid-cloud solutions, security teams no longer need to travel to various locations to manage infrastructure or check system health. Cloud-based physical security software providers invest significant time and resources in cybersecurity, upholding various standards and certifications around the world,” Villeneuve writes. “They monitor the latest threats and initiate regular third-party penetration testing and auditing. Thus, operators get immediate access to the latest updates and benefit from continuous innovation. This helps teams quickly address issues and strengthen their organization’s cyber posture.”

Yes, the cloud is safe and secure

Among the many myths and concerns potential cloud adopters have is the inaccurate perception that the cloud just isn’t safe. Villeneuve writes that this isn’t the case.

“Cloud solutions come with myriad built-in cybersecurity features and tools that help automate processes and stay on top of threats,” he writes. “Hybrid-cloud systems allow organizations to leverage their investment in [on-premises] security devices and infrastructure, while adopting cloud technology such as video and access control as-a-service at their own pace, and to accommodate specific sites or use cases. They provide a cost-effective way to leverage the benefits of both technologies and stay flexible to changing requirements across an organization.”

For more of Villeneuve’s recommendations for applying a hybrid-cloud approach to modern physical security, read the full article here.

Community Security Camera Registries Could be Key to Improved Public Safety

April 12, 2024 Pete Cavicchia

In this current age, safety concerns in public, exposed, urban spaces are vastly complex.

Modern technology, pandemic-fueled cultural shifts, and challenges that have hit local police departments have all contributed to a new physical security reality for the world’s cities.

In a recent piece for Security Magazine, Phil Malencsik, strategic account executive at Genetic, Inc., writes that an integrative, collaborative approach between public and private entities is needed to bolster physical security in 21st century urban spaces. What worked just 10 years ago no longer makes sense for 2024.

One of the major reorientations in public spaces rests in shifts in law enforcement at large. He explains that while community safety is top of mind for everyone, police departments face a range of challenges from budget cutbacks to staff shortages.

This has left something of a physical security and public safety vacuum. To fill this gap, Malencsik states that traditional law enforcement needs to foster community-driven partnerships.

Improvements in information gathering

“To make a smart city a safe city, law enforcement teams can incorporate information gathered from physical security systems from both the private and public sectors,” he writes. “Such solutions not only achieve security goals but also improve emergency preparedness, increase situational awareness and enhance operational efficiency.”

He points to a community camera registry program as one example. This type of program would “streamline police access to video evidence” by way of privately operated security cameras.

“Without a camera registry, officers must look for possible sources of video evidence, track down the owners, request access to the footage, and download the data. They then transfer it to another computer before beginning to view and analyze the contents. Each step takes time and is vulnerable to disruption or delay. The threat of data loss or tampering is also a concern,” he explains.

The power of security camera registries

Malencsik views these registries as a method for making citizens feel safer in general. He says the public will feel “empowered to contribute to proactive problem solving” through collaboration with police departments.

This level of partnership could also benefit small business owners, who could boost their own security capabilities, taking advantage of increased remote monitoring.

“Community policing initiatives like these also strengthen relations with stakeholders and are a practical way to improve services without expanding security budgets. For police departments, increasing situational awareness improves officer safety. Investigation cycles are shorter, and the ability to access and analyze data from more sources makes it possible to gain new insights and allocate resources more efficiently,” Malencsik concludes.

Essentially, to address the wide range of threats that impact our public safety on a daily basis, law enforcement and the public at large have to work together to make cities safer and more secure. Creative solutions will make the difference between communities that are left on edge by crime, and those where businesses and pedestrians feel safe.

The Importance of Making Safety Central to Any Business

March 19, 2024 Pete Cavicchia

Right now, the world is full of many threats to one’s physical health and wellbeing. The COVID-19 pandemic revealed just how vulnerable so many aspects of modern society are. One big event can completely reorient people’s perspectives on safety.

That certainly extends to the workplace.

In today’s climate, any business that wants to thrive has to make safety a central tenet of its mission. In a new piece for Security Magazine, Kelly Johnstone writes about the importance of emphasizing “duty of care” in the workplace.

The term refers to “the moral and legal obligations of employers to their employees, contractors, volunteers, and related family members in maintaining their well-being, security, and safety when in the workplace,” Johnstone writes. She points to the fact that 75% of organizations surveyed in the International SOS 2024 Risk Outlook Report said that the corporate world can “expect an increase in duty of care expectations from their employees this year.”

Essentially, employees want to know they are in a safe environment.

Companies can institute a duty of care-friendly environment through a multi-pronged approach:

Leadership has to commit — Given that a company’s leadership establishes a baseline tone for a business’s identity, Johnstone emphasizes that managers have to lead by example. This involves setting aside resources to improve safety protocols and holding people within a given company accountable if they violate the firm’s established code of conduct.
Perform risk assessments and audits— All companies and firms have to perform risk assessments to establish the biggest potential vulnerabilities and threats their employees face. Once the major physical security risks are defined, protocols have to be established. Johnstone adds that regular reviews and audits should become the norm to ensure that standards are upheld.
Train the team — A company can perform all of the needed risk assessments and put in place thoughtful leadership but nothing could ever be secure without proper staff and employee training. All businesses should offer employees education in hazard recognition and emergency response procedures. “It’s also important to encourage ongoing learning and skill development or enable effective handling of diverse situations and ensure duty of care is a priority of all employees, not just leaders within the organization,” Johnstone adds.
Open up lines of communication — Staff at all levels of leadership and employment have to have clear lines of communication throughout a company. This entails creating lines of communication like anonymous reporting systems and individual team member reviews. If employees are calling out specific physical security threats that they are either experiencing or are wary of, management must be receptive and listen to feedback.
Institute support programming at your company — A good leader in today’s modern office must institute support programs that can foster positive mental and physical health. This could mean putting in place wellness programs, team building activities, and having counseling and mental health services readily available on campus. This can prevent burnout and boost morale.

For Johnstone’s complete recommendations, head to the link here.

New Report Spotlights Perils of Hacked Video Doorbells

March 14, 2024 Pete Cavicchia

Video doorbells — Internet-connected devices that use LED sensors that give homeowners a sense of security so that they know who is approaching their front doors and ringing their bells — are a popular modern physical security tool. They are fairly affordable and available by way of major retailers like Walmart, Lowe’s, and Amazon.

Now, a new investigative report sheds light on some of the security risks that come with some of these devices. It gives consumers a conception of what they should be on the lookout for in choosing products — and when to be wary.

A disturbing trend — video doorbells sold with inherent flaws

In late February, Consumer Reports (CR) revealed that common video doorbells found at retailers like Sears and Walmart were sold with embedded security flaws making them prone to hacks.

These devices also lacked a visible ID issued by the Federal Communications Commission (FCC) that’s required by the agency’s regulations, making them illegal to distribute in the U.S.,” according to CR reporters Stacey Higginbotham and Daniel Wroclawski.

"Big e-commerce platforms like Amazon need to take more responsibility for the harm generated by the products they sell,” Justin Brookman, director of technology policy for CR, said in the article. “There is more they could be doing to vet sellers and respond to complaints. Instead, it seems like they’re coasting on their reputation and saddling unknowing consumers with broken products.”

The flaws were revealed due to CR staffers performing routine product ratings.

Some brands to look out for

These problematic products hailed from two brands— Eken and Tuck.

These devices are almost identical in design and packaging. CR found that online searches yield 10 additional “seemingly identical video doorbells” that were “sold under a range of brand names.”

All these devices are controlled by way of one mobile app: Aiwit, owned by Eken.

CR outlines the serious threats these devices pose. For instance, an estranged abusive partner could stalk their intended target by way of hacking the connected doorbell. They could view them through the doorbell camera feed on their smartphone or other connected device.

The hacker in question could watch as an intended victim enters and exits their home. In essence, this undermines the very purpose of having one of these doorbells in the first place — to feel safer in one's own home.

How to stay safe

"Products like these, by failing to prioritize trust and safety, put domestic violence victims at risk. Without question, the one place a victim needs to be safe is in their home,” Adam Dodge, CEO of EndTAB, told CR. “Devices designed to make someone feel safe at home, while actually doing the opposite, shouldn’t be allowed on the market.”

CR reports that these video doorbells expose a person’s home IP address and WiFi network name without any encryption. Beyond being spied on, this could expose the consumer to even more threats if the company’s servers were ever hacked.

What can a consumer do? CR recommends that if a person has purchased a doorbell from one of these brands, disconnect it from WiFi right away and remove it from the door.

The consumer publication recommends that one should opt for vetted brands like SimpliSafe, Logitech, and Ring, instead.

For more of the publication’s probing look at these security risks, read the full report here.

Personal Safety: Tips to Keep You Secure

March 8, 2024 Pete Cavicchia

In our fast-paced world, personal safety is paramount. Whether you’re walking down a dimly lit street, commuting on public transportation, or working late at the office, being prepared and vigilant can significantly reduce risks. Here are some practical tips to enhance your safety:

1. Street Precautions

Stay Alert: Always be aware of your surroundings, especially when alone or in the dark. Make eye contact with people around you.
Travel with a Friend: Whenever possible, walk with a companion. There’s safety in numbers.
Well-Lighted Areas: Stick to well-lit paths and avoid alleys, doorways, and dark parking lots.
Secure Your Purse: If you carry a purse, hold it securely between your arm and body. Prioritize personal safety over material possessions.
Avoid Distractions: Don’t use devices like iPods that hinder your vision or hearing.

2. Car Safety

Lock Your Doors: Always lock your car doors after entering or leaving your vehicle.
Choose Well-Lit Parking Spots: Park in well-lit areas to deter potential criminals.
Be Vigilant: Check your car’s interior for intruders before getting in.
If Followed: If you suspect you’re being followed, drive to a public place or a police station.
Car Breakdowns: If your car breaks down, open the hood and attach a white cloth to the antenna. Stay in your locked car and ask for help.

3. Bus Safety

Stay Aware: Be alert at bus stops and avoid isolated ones.
Prep Before Boarding: Have your bus pass or money ready before boarding.
Onboard Safety: Ride near the bus operator during off-hours. Change seats if someone makes you uncomfortable.
Secure Your Belongings: Keep your wallet inside your coat or front pocket.

4. Office Security

Keep Valuables Hidden: Don’t leave your purse or wallet in plain view. Avoid leaving cash or valuables at the office.
Late Hours: If you work late, find a coworker or security guard to walk out with you.
Elevator Safety: Be aware of the distress alarm in elevators. Watch out for pickpockets.
Report Suspicious Activity: Notify office management or law enforcement of any unusual behavior.

5. Stay Informed

Know Your Area: Understand crime rates in your vicinity. Sign up for safety alerts.
Emergency Numbers: Program local or campus police contact information into your phone.
Safe Rides: Keep a cab or safe ride number handy.

Remember, personal safety is everyone’s responsibility. By following these tips, you can better protect yourself and discourage criminal activity. Stay safe out there!

Sources: