• Home
  • Blog
  • Facebook
  • LinkedIn
  • Twitter
Menu

Peter Cavicchia

Street Address
City, State, Zip
Phone Number

Your Custom Text Here

Peter Cavicchia

  • Home
  • Blog
  • Facebook
  • LinkedIn
  • Twitter

Why Companies Need to Zero in on Employee-Tied Threats

July 12, 2024 Pete Cavicchia

Often, external physical security threats are the focal point when news comes out about physical security threats facing modern companies. The focus is often on active shooters, for instance. 

In a recent article for Security Magazine, Alan Saquella writes about a range of employee-specific threats that often go under the radar but cause legitimate day-to-day problems for many companies. Disgruntled former employees — whether laid off or fired on bad terms — pose a range of threats from physical violence to vandalism of a company’s office complex. 

A broad range of threats

“The prevalence of non-violent acts perpetrated by former employees is often underreported and underestimated, yet their impact can be just as devastating, if not more so, both financially and in terms of public safety,” Saquella writes. “For example, consider the case of a terminated telecommunications employee who sabotaged a fiber trunk line, resulting in a catastrophic communications outage that not only incurred millions of dollars in damages and fines but tragically led to the loss of a life due to the inability to reach emergency services. Similarly, deliberate tampering with natural gas distribution lines by a former employee of a gas company led to unsafe conditions and significant financial losses.”

In addressing this very broad range of rather complex, employee-specific security threats, Saquella explains that a holistic approach must be embraced — there isn’t a one-size-fits all way to handle these kinds of threats. Key among them is fostering a supportive and positive workplace environment in the first place mitigating any potential for future employee-directed violence.

 Some concrete solutions 

Saquella points to “post-termination monitoring” as one key component to making sure these kinds of retaliatory ex-employee threats don’t escalate further. This refers to discreetly monitoring former employees who might exhibit “red flag behaviors” on social media, for one example. 

Beyond this, he points to “robust softeners” like generous severance packages, continuation of benefits, and available counseling services to prevent resentments from forming. It’s better to end an employer-employee relationship positively — even if the staffer in question was far from ideal — than create a situation that can spiral out of control. 

As with any physical security threat, vigilance is key. 

“By adopting a proactive and comprehensive approach to addressing workplace violence, organizations can better safeguard their employees, assets and reputation. Collaboration between security, human resources and leadership is essential in identifying, assessing and mitigating potential threats at every stage of the employment lifecycle. From pre-termination assessments to post-termination monitoring, it’s imperative to remain vigilant and responsive to evolving risks,” he concludes. 

For more of Saquella’s recommendations, check out the full article here. 

Tags Alan Saquella, Security Magazine

Tips for Bolstering Physical Security in Corporate Spaces

July 7, 2024 Pete Cavicchia

Having a clear physical security strategy is crucial for any corporation in today’s environment. Threats from a range of bad actors endanger modern businesses. By being physical security-compliant, companies can minimize risk and bolster success.

In a new piece for SecurityInfowatch.com, two industry leaders — Cathal J. Walsh, VP and CSO at Guidepost Solutions, and John Bekisz, associate VP of physical security at Guidepost Solutions — outline best practices for how companies can mitigate physical security risks in their corporate spaces, like branch offices and headquarters. The two security executives point out that “security lapses in regulated industries can have severe consequences.” If security isn’t shored up, it can radiate out to impact the company and its clients and customers at large. This means robust security practices must be embraced from the executive level all the way down to staff on the ground.

“Amidst the myriad tools available to evaluate threats and risks, it's empowering to know that contemporary security risk management practices have evolved. These practices now emphasize proactive measures, including coordinating with internal and external parties to ensure a compliant risk-based solution is deployed and regularly maintained,” they write. "This enhanced approach to risk management bolsters our ability to stay ahead of potential threats, giving us a sense of control in an otherwise unpredictable environment.”

Walsh and Bekisz explain that security systems have to be centralized. Large-scale video surveillance camera systems need to be centrally connected, which means that remote access and cloud computing systems should be put in place. Disconnected, scattered technologies that fail to have any cohesion can result in major vulnerabilities and blind spots.

A major component of a unified approach involves staff training. At all levels of a given corporation, proper security protocols have to be hammered home. Staff at one facility can’t be familiar with one element of a corporation’s security approach that varies from the expertise of staff at another location.

“Although there is no prescriptive solution to mitigate all forms of physical security risks in the corporate environment, a security program can be deployed in alignment with the organization’s risk appetite with adequate planning. A layered approach starting at the perimeter and moving inward, incorporating a defense-in-depth strategy with various detection zones, aids the organization in its risk reduction efforts,” Bekisz and Walsh conclude. “Referencing industry-accepted frameworks anchored in asset protection principles, including operational, technology, and physical security elements, guides the practitioner to ensure a comprehensive program is incorporated into the design.”

Read the full article — which includes use case examples — here.

Tags SecurityInfoWatch, Cathal J. Walsh, John Bekisz

Report: Some Clients Are Still Slow to Adopt the Cloud

June 13, 2024 Pete Cavicchia

Over the past decade, integrated cloud solutions have been central to any modern security system. 

Now, a recent deep dive report from Craig MacCormack in Security Sales & Integration reveals that there are still some holdouts among end-point users to turn over their data and embrace the cloud. Leading security integrators are making these holdouts come around to the tech, which is indispensable to any effective physical security approach. 

MacCormack writes that, despite some stubborn hesitance, security systems integrators “are starting to have more success in getting their clients to transition to cloud-based access control and video surveillance services.” This may entail systems that are located on site, offsite, or a hybrid combination of the two. MacCormack speaks with a range of experts in the field, who offer a comprehensive snapshot of where the industry is today with cloud adoption. 

A growing trend

“People are seeing that you’re starting to use cloud solutions for their operations, so they’re more open to it…having a Software-as-a-Service (SaaS) offering from Genetec on the market could help Infynia’s quest to increase its penetration into cloud-based installations,” says Alexander Reid, president of physical security firm Infynia, based out of Montréal, Québec. “We were kind of missing that in the past…Now, we’re leading with cloud when we do a pitch, so we’re getting more traction than we used to in the past. We’re seeing more opening, but there’s still some resistance from our client base.”

One way that the company has been able to convince clients that the cloud is the way to go is to provide concrete evidence that cloud-based, integrated security systems “will be separate from the customer network.” 

Some of the resistance stems from today’s increasingly more complicated tech-centric world. Rob Hile, director of commercial business for GC & E Systems Group, tells MacCormack that when discussing integrated cloud systems, the industry has moved beyond just “passing data packets.” 

Instead, it’s about leveraging high-frame-rate video, analytics, and other AI-fueled data. All of this requires very robust cloud systems. 

“Traditionally, I can get your access control events to go to the cloud. I can get your basic video to go to the cloud. But when you start layering on the AI and the advanced analytics and third-party plugins and integrations. That’s not ready yet,” Hile says of one reality of currently available systems. 

How to sell the cloud to clients

From the vantage point of firms trying to sell clients on adopting these cloud systems, Hile tells MacCormack that a very specific skill set is required to get the deal done. 

“When you talk about an on-prem system, you’re talking about sizing the server accordingly, making sure that the server has enough horsepower for the analytics and the cameras, making sure everything is on prem,” Hile adds. “When you look at the cloud and you look at a cloud deployment, you kind of take that whole model and you turn it on its head…The server infrastructure is infinitely scalable. You don’t have a prem server, so you don’t have to have rack space. You don’t have to have a lot of this stuff that we have to design into the premise-based system.”

It may seem like a brave new world for the physical security industry, but to keep a company’s data safe and secure and make the most of access control systems and connected security cameras, the cloud is the way to go. 

For MacCormack’s complete article, with insights from additional industry leaders, read the full piece here.

Tags Craig MacCormack, Alexander Reid

Researchers: Malware-Fueled Blackouts in Ukraine Offer a Physical Security Warning

May 30, 2024 Pete Cavicchia

Right now, Russia’s war in Ukraine dominates much of the world’s headlines. Not only is it a pressing global concern, but the conflict also illustrates troubling realities that physical security stakeholders are reckoning with.

A report that was presented May 20 at the IEEE Symposium on Security and Privacy examines the physical security implications of malware attacks in Ukraine by bad actors. The research was led by a team of UC Santa Cruz students who shed a spotlight on “Industroyer One and Two” — two infamous malware attacks that took place in 2016 and 2022, respectively.

That first 2016 attack saw Ukrainians live through what is believed to be the first known blackout caused by pernicious malware. That attack targeted the country’s power grid, resulting in one-fifth of Kyiv citizens to live in total darkness. The second 2022 attack took place during the current war.

“Malware attacks against physical infrastructure have long been a looming threat in the realm of cybersecurity, but these two in Ukraine were the first attacks of their kind, and have received little attention from the academic community,” reads a UC Santa Cruz press release announcing the research.

Alvaro Cardenas is an associate professor of computer science and engineering, who advised the student research team. He says in the release that, while current physical infrastructure systems are very vulnerable, not much is said about the threat malware can pose. This is a problem that should worry every country, not just Ukraine.

“When you see a nation state designing malware to take down the power grid of another country, that seems to be a big deal. Our critical infrastructures are vulnerable to these kinds of attacks, so we need to be better prepared to defend,” Cardenas says.

Cardenas and his team of student researchers say bringing attention to these attacks can help governments and private entities know how to fortify their systems against future attacks. The researchers point out that malware attacks are only becoming “stealthier.”

This means that not only do security stakeholders need to be more educated on how these cyber-attacks can directly impact physical safety and wellbeing, but they also must think outside the box to devise advanced systems to halt these bad actors in their tracks.

To that end, Cardenas and his students are creating a “honeypot” decoy software that will give off the impression that it is a “working system” and could attract malware attacks, alerting security officials that an outside hacker is trying to target their systems. While the conflict in Ukraine might seem a world away, Cardenas says that this is something people in the United States must be aware of.

“The attacks could happen here [the U.S.], or pretty much anywhere in the world,” he says in the release. “Systems are now all controlled by computers and have pretty much the same technology.”

Tags IEEE Symposium on Security and Privacy

Physical Security Market Report Shows Surge in Global Terror Attacks 2024 to 2032

May 1, 2024 Pete Cavicchia

A new report on the projected overall outlook of the global physical security market shows that escalating threats that have been brewing in recent years will sadly only continue. This reality is bleak, but it also means there will be great gains for the physical security industry. New innovations will only continue to be developed to address these shifts.

The new report from Research and Markets was just released, according to a press release published by Yahoo Finance.

Among the top-line findings, the report shows that, while the physical security market scaled to a high $123 billion in the year 2023, look for that number to hit an astonishing $211.4 billion within the next decade — by the year 2032.

This is partly due to the increased presence of threats like terror attacks, which have reached a fever pitch around the world.

Attacks have escalated in nearly every region of the world. That means governments and private entities alike have had to make investments in improved video surveillance and access control systems, according to the report. They cite advanced drones, smart fence sensors, as well as “mass notification systems” (MNS) at large communal events and official government proceedings as being drivers for growth and innovation in the physical security sector.

“Apart from this, the integration of artificial intelligence (AI) to identify potential areas of compromise while analyzing images, videos, and other data to differentiate threats from standard activities are providing an impetus to market growth. Moreover, the increasing awareness about physical security solutions in residential spaces owing to the increasing theft and robbery incidences is acting as another growth-inducing factor,” reads the release. “Furthermore, the installation of automated home security solutions for door locking and intruder, fire, and LPG gas leakage detections are positively influencing the market growth.”

These high-tech physical security responses also mean more personnel must be hired and trained. Essentially, the necessity to better respond to terror threats can be an economic and workforce driver.

The report also spotlights the implementation of cloud-based data storage and the “rising demand for video surveillance” technology as factors that are contributing to the current — and future — physical security boom.

In a world where global threats to everyone’s safety and wellbeing become ever more sophisticated, private, and public stakeholders have to do everything they can to harness the most advanced tools available to them. Reports like this one only underscore how innovative and creative physical security solutions are driving a revolution in how people, cities, and even governments at large stay safe and secure.

Tags Terror attacks, Global security

For Physical Security Managers, It’s Time to Embrace a Hybrid-Cloud Model

April 24, 2024 Pete Cavicchia

When it comes to modern physical security approaches, the necessity of the cloud can’t be minimized. Tried and true traditional models for on-site security options are needed, too.

This is where modern innovation enters the conversation.

In a new piece for Security Magazine, Laurent Villeneuve writes that cloud technology has created “faster, easier, physical security deployments,” which have meant that hybrid-cloud programs are becoming the norm. Villeneuve, of Genetec, points to research from his firm that reveals 60% of today’s companies “are moving towards a blend of on-premises and cloud-based solutions.”

The benefits of hybrid models

This blended approach has several benefits. First, hybrid-cloud models give companies flexibility in bringing their plans for security to fruition. Villeneuve writes that businesses that have several locations must harness the cloud to offer tailored approaches to each building’s unique needs.

“They might run some larger density sites on local infrastructure, monitor global deployments in a. Fully hosted environment, and set up smaller remote sites with direct-to-cloud devices,” Villeneuve adds.

If there are multiple systems stemming from local devices or tethered to the cloud, companies can streamline them all — connecting everything to a “central head end.” This improves efficiency and gives security managers a greater sense of control and peace of mind, knowing everything goes back to one central hub.

“With hybrid-cloud solutions, security teams no longer need to travel to various locations to manage infrastructure or check system health. Cloud-based physical security software providers invest significant time and resources in cybersecurity, upholding various standards and certifications around the world,” Villeneuve writes. “They monitor the latest threats and initiate regular third-party penetration testing and auditing. Thus, operators get immediate access to the latest updates and benefit from continuous innovation. This helps teams quickly address issues and strengthen their organization’s cyber posture.”

Yes, the cloud is safe and secure

Among the many myths and concerns potential cloud adopters have is the inaccurate perception that the cloud just isn’t safe. Villeneuve writes that this isn’t the case.

“Cloud solutions come with myriad built-in cybersecurity features and tools that help automate processes and stay on top of threats,” he writes. “Hybrid-cloud systems allow organizations to leverage their investment in [on-premises] security devices and infrastructure, while adopting cloud technology such as video and access control as-a-service at their own pace, and to accommodate specific sites or use cases. They provide a cost-effective way to leverage the benefits of both technologies and stay flexible to changing requirements across an organization.”

For more of Villeneuve’s recommendations for applying a hybrid-cloud approach to modern physical security, read the full article here.

Tags Laurent Villeneuve, Genetec

Community Security Camera Registries Could be Key to Improved Public Safety

April 12, 2024 Pete Cavicchia

In this current age, safety concerns in public, exposed, urban spaces are vastly complex.

Modern technology, pandemic-fueled cultural shifts, and challenges that have hit local police departments have all contributed to a new physical security reality for the world’s cities.

In a recent piece for Security Magazine, Phil Malencsik, strategic account executive at Genetic, Inc., writes that an integrative, collaborative approach between public and private entities is needed to bolster physical security in 21st century urban spaces. What worked just 10 years ago no longer makes sense for 2024.

One of the major reorientations in public spaces rests in shifts in law enforcement at large. He explains that while community safety is top of mind for everyone, police departments face a range of challenges from budget cutbacks to staff shortages.

This has left something of a physical security and public safety vacuum. To fill this gap, Malencsik states that traditional law enforcement needs to foster community-driven partnerships.

Improvements in information gathering

“To make a smart city a safe city, law enforcement teams can incorporate information gathered from physical security systems from both the private and public sectors,” he writes. “Such solutions not only achieve security goals but also improve emergency preparedness, increase situational awareness and enhance operational efficiency.”

He points to a community camera registry program as one example. This type of program would “streamline police access to video evidence” by way of privately operated security cameras.

“Without a camera registry, officers must look for possible sources of video evidence, track down the owners, request access to the footage, and download the data. They then transfer it to another computer before beginning to view and analyze the contents. Each step takes time and is vulnerable to disruption or delay. The threat of data loss or tampering is also a concern,” he explains.

The power of security camera registries

Malencsik views these registries as a method for making citizens feel safer in general. He says the public will feel “empowered to contribute to proactive problem solving” through collaboration with police departments.

This level of partnership could also benefit small business owners, who could boost their own security capabilities, taking advantage of increased remote monitoring.

“Community policing initiatives like these also strengthen relations with stakeholders and are a practical way to improve services without expanding security budgets. For police departments, increasing situational awareness improves officer safety. Investigation cycles are shorter, and the ability to access and analyze data from more sources makes it possible to gain new insights and allocate resources more efficiently,” Malencsik concludes.

Essentially, to address the wide range of threats that impact our public safety on a daily basis, law enforcement and the public at large have to work together to make cities safer and more secure. Creative solutions will make the difference between communities that are left on edge by crime, and those where businesses and pedestrians feel safe.

Tags Phil Malencsik, Genetic

The Importance of Making Safety Central to Any Business

March 19, 2024 Pete Cavicchia

Right now, the world is full of many threats to one’s physical health and wellbeing. The COVID-19 pandemic revealed just how vulnerable so many aspects of modern society are. One big event can completely reorient people’s perspectives on safety.

That certainly extends to the workplace.

In today’s climate, any business that wants to thrive has to make safety a central tenet of its mission. In a new piece for Security Magazine, Kelly Johnstone writes about the importance of emphasizing “duty of care” in the workplace.

The term refers to “the moral and legal obligations of employers to their employees, contractors, volunteers, and related family members in maintaining their well-being, security, and safety when in the workplace,” Johnstone writes. She points to the fact that 75% of organizations surveyed in the International SOS 2024 Risk Outlook Report said that the corporate world can “expect an increase in duty of care expectations from their employees this year.”

Essentially, employees want to know they are in a safe environment.

Companies can institute a duty of care-friendly environment through a multi-pronged approach:

  • Leadership has to commit — Given that a company’s leadership establishes a baseline tone for a business’s identity, Johnstone emphasizes that managers have to lead by example. This involves setting aside resources to improve safety protocols and holding people within a given company accountable if they violate the firm’s established code of conduct.

  • Perform risk assessments and audits— All companies and firms have to perform risk assessments to establish the biggest potential vulnerabilities and threats their employees face. Once the major physical security risks are defined, protocols have to be established. Johnstone adds that regular reviews and audits should become the norm to ensure that standards are upheld.

  • Train the team — A company can perform all of the needed risk assessments and put in place thoughtful leadership but nothing could ever be secure without proper staff and employee training. All businesses should offer employees education in hazard recognition and emergency response procedures. “It’s also important to encourage ongoing learning and skill development or enable effective handling of diverse situations and ensure duty of care is a priority of all employees, not just leaders within the organization,” Johnstone adds.

  • Open up lines of communication — Staff at all levels of leadership and employment have to have clear lines of communication throughout a company. This entails creating lines of communication like anonymous reporting systems and individual team member reviews. If employees are calling out specific physical security threats that they are either experiencing or are wary of, management must be receptive and listen to feedback.

  • Institute support programming at your company — A good leader in today’s modern office must institute support programs that can foster positive mental and physical health. This could mean putting in place wellness programs, team building activities, and having counseling and mental health services readily available on campus. This can prevent burnout and boost morale.

For Johnstone’s complete recommendations, head to the link here.

Tags Security Magazine, Kelly Johnstone
← Newer Posts Older Posts →