Reposted from Security Magazine

During the past decade, many corporate security divisions have made tremendous strides to evolve as a key component of their company's organizational strategy and growth.

Whether a company's security program is in-house, outsourced or a hybrid of both, the leading global security executives and decision-makers are acutely aware of how to effectively leverage the resource capabilities of intelligence professionals within their organization.

Security leaders should consider these five top reasons why intelligence professionals should be embedded into their security program:

1. Optimization

Aristotle once said: "The Whole is Greater than the Sum of its Parts." Intelligence professionals possess valuable tacit knowledge and abilities that can assist security divisions with building synergies across the different business lines and functions within an organization.

For example, the head of operations and other business heads at Company X are considering expanding manufacturing operations into Latin America.

A feasibility study quickly ensues and Company X ultimately decides to expand into the new market because of its cost savings, profit margin potential, above average labor standards and excellent track record with other U.S. firms that previously expanded operations there.

A risk intelligence analyst gets wind of Company X's expansion plans and spends a few days deciphering and analyzing data from a wide array of sources regarding Company X's target market. The analyst produces a concise risk intelligence report and submits it to their boss. The report concludes that entry into the new market is too risky due to burgeoning political instability which would inevitably lead to escalating violence.

The analyst also provides strong supporting evidence that the country has a history of seizing foreign businesses when their governments become unstable and offers alternative markets that would still be financially beneficial for Company X in the long-term.

The intelligence report is well received, but it also proves to be a learning moment for the Head of Operations and other business heads while showing the capabilities of the security division. This strategically places them in a more proactive posture as they are invited to have more input in helping to design organizational strategy going forward.

2. Agility

The success of a company's Corporate Security Division is dependent upon its ability to respond swiftly to impending threats. Failure to do so could result in catastrophic losses in the millions.

As key drivers of the security function, embedded analysts play a key role in developing actionable intelligence for the security team. The security team typically doesn't have the luxury of time or the unique competencies to collect, analyze and synthesize vast amounts of information and distribute it in a meaningful way to help leaders make sound decisions.

Take, for example, a corporate executive who needs to fly out on a moment's notice on an emergency business trip to one of the company’s major global supply chain operations in Kazakhstan. They will require more than just the standard off-the-shelf situational report from his security team.

Rather, an intelligence analyst would need to provide the executive with a comprehensive situational awareness and travel risk assessment report tailored to their travel. The report would highlight key areas such as the current overall threat environment and whether there are any geopolitical or business risks and how that could impact their core business.

Talented intelligence analysts can respond quickly to these unexpected events and produce timely and accurate intelligence reporting that entails a 360-degree analytical review of the country's risk profile and any potential operational impact to the business.

3. Identify Gaps

Effective security leaders must demonstrate a fair amount of finesse in their approach to managing risks. They must make accurate and timely decisions and advise senior leaders on potential business risks of critical importance. They must do so while ensuring that their security policies and recommendations are crafted and implemented in a manner that does not disrupt business operations. Unfortunately, security teams don't always get it right, and sometimes mistakes occur.

Experienced intelligence professionals can help security divisions with developing accurate forecasting models by identifying intelligence gaps that are critical to the various business lines of a company. In other words, if you have sufficient data on a particular area or subject, then where are you deficient?

Let’s say your security team completed an updated risk assessment of a relatively stable country, home to one of its Southeast Asia operations. The assessment suggested that all indicators were in the low- to medium-risk range to operations.

However, while reviewing the risk assessment an analyst discovered that the country's geopolitical risk profile was lacking vital information regarding a pending election that was rumored to cause heavy political instability. The newly discovered gap helped the organization to revamp its security strategy and implement the requisite safeguards to prevent disruption of business operations.

4. Diverse Skill Sets

Adept Intelligence professionals have fundamental analytical skills that can make an immediate impact to an organization's security division. However, the best security divisions employ embedded analysts that can draw upon their expertise to improve the team’s intelligence capabilities.

For example, an analyst that is an expert on a particular region of the world will produce superior intelligence reporting than a generalist practitioner.

Perhaps the analyst had the opportunity to live abroad and became fluent in the language. These are invaluable skill sets that cannot be ignored. Some analysts may have superior computer programming skills and have the capability to write programs that could streamline efficiencies for a security division thus saving them money. 

Security executives must set their priorities on attaining the highest return on their investment when building a global intelligence team.

Intelligence professionals with dual specialties in software programming, data analytics, cybersecurity, foreign languages and business are just a few of the highly desirable skills that security executives should be keenly reviewing when considering which prospective candidates would be the right fit for their program.

5. Forecasting

Distributing intelligence on a threat that has already occurred or that is untimely holds no benefit to key stakeholders and decision makers. Every day, many companies are vulnerable to billions of dollars in losses due to unforeseen threats. The need for developing and disseminating predictive intelligence are primary factors in a company’s ability to stay ahead of emerging threats that may hamper their bottom line.

Risk intelligence platforms which incorporate robust machine learning and data analytic tools coupled with the keen eye of an intelligence analyst will help to enhance situational awareness for your security division and equip them with the capability to respond rapidly to emerging threats.

This is an area that cannot be overstated enough. The strongest security teams of the future will implement augmented intelligence programs (the combination of human and artificial intelligence) into their platforms.

This is an added dimension for intelligence analysts as it will improve their ability to supply decision makers with faster and more accurate real-time and predictive intelligence. Security executives that embrace these emerging platforms, coupled with experienced intelligence analysts in their security architecture, will make the security program extremely valuable to their companies.

Leveraging Intelligence Effectively is an Art

There is no one-size fits all approach to leveraging talented intelligence professionals into your security program.

Security leaders must give careful considerations to budgets. Should the intelligence function be designated as a full-time position, outsourced, or a combination of both? The intelligence function will also be shaped by the level of involvement security leader’s play in helping to formulate organizational strategic objectives.

Building a high-performing security team will require an in-depth resource and capability analysis of your security architecture in helping to guide your selection of the best intelligence professionals with the right blend of complementary skills for your program.

See Original Post

Reposted from Security Magazine

Top password manager products have fundamental flaws that expose the data they are designed to protect, rendering them no more secure than saving passwords in a text file, according to a new study by researchers at Independent Security Evaluators (ISE).

"100 percent of the products that ISE analyzed failed to provide the security to safeguard a user’s passwords as advertised,” says ISE CEO Stephen Bono. “Although password managers provide some utility for storing login/passwords and limit password reuse, these applications are a vulnerable target for the mass collection of this data through malicious hacking campaigns.”

In the new report titled “Under the Hood of Secrets Management,” ISE researchers revealed serious weaknesses with top password managers: 1Password, Dashlane, KeePass and LastPass.  ISE examined the underlying functionality of these products on Windows 10 to understand how users’ secrets are stored even when the password manager is locked. More than 60 million individuals 93,000 businesses worldwide rely on password managers. 

Password managers are marketed as a solution to eliminate the security risks of storing passwords or secrets for applications and browsers in plain text documents. Having previously examined these and other password managers, ISE researchers expected an improved level of security standards preventing malicious credential extraction. Instead ISE found just the opposite. 

Data Stored in Plaintext When Locked

One major finding was that, in certain instances, the master password was residing in the computer’s memory in a plaintext readable format -- no safer than storing it in a document or on the desktop as far as an adversary is concerned. Users are led to believe the information is secure when the password manager is locked. Though, once the master password is available to the attacker, they can decrypt the password manager database -- the stored secrets, usernames and passwords. ISE demonstrated it is possible to extract master passwords and other login credentials from memory while the password manager was locked.

Simple Forensics Can Extract Master Passwords

Using a proprietary, reverse engineering, tool, ISE analysts were able to quickly evaluate the password managers’ handling of secrets in its locked state. ISE found that standard memory forensics can be used to extract the master password and the secrets it’s supposed to guard.

“Given the huge user base of people already using password managers, these vulnerabilities will entice hackers to target and steal data from these computers via malware attacks,” says lead researcher, Adrian Bednarek. “Once they have your master password, it’s game over.”  

 “People believe using password managers makes their data safer and more secure on their computer,” says ISE Executive Partner Ted Harrington. “Our research provides a public service to vendors of these widely-adopted products who must now mitigate against attacks based the discovered security issues, as well as alert consumers who have a false sense of security about their effectiveness.”

ISE recommends that to keep secrets more secure until vendors fix the issues, password manager users should not leave a password manager running in the background, even in a locked state, and terminate the process completely if they are using one of the affected password managers. 

Click here for a copy of the report.

See Original Post

Reposted from TribLive

February 26 marked 26 years since six people were killed and more than 1,000 were injured in the Feb. 26, 1993 attack on New York’s World Trade Center.

At 12:18 p.m., a small group of terrorists detonated about 1,200 pounds of explosives in the underground parking garage below the World Trade Center complex in lower Manhattan by driving a rental van into the space, according to an overview of the attack provided by the 9/11 Memorial and Museum in New York City.

Among those injured were 88 firefighters, 35 police officers and an emergency medical services worker, according to the 9/11 Memorial and Museum website.

It took more than four hours to evacuate about 50,000 people from the complex.

The North Tower lobby filled with smoke, and several areas within the North and South towers lost power. Hundreds of people were trapped in elevators as the emergency power generators, which were damaged in the explosion, failed.

Speaking with radio station WCBS, former New York City Police Department Commissioner Raymond Kelly recalled evaluating the damage with a Port Authority engineer.

“We were looking at the, sort of the base of the building, and he made a statement: ‘These buildings could never come down,’” Kelly said.

A five-story crater below the complex was created by the explosion.

Though several security measures were put in place following the attack, Kelly said more should have been learned.

“Vehicle checks were installed in so many places, the World Trade Center itself received security upgrades, probably over $1 million, but it was all pretty much on the ground,” Kelly told WCBS. “We simply didn’t anticipate attacks by aircrafts.”

Of the six men convicted for the bombing, five are serving their sentences at a maximum-security prison in Colorado, according to the 9/11 Memorial and Museum website. A sixth is serving his sentence at a facility in Indiana. The case remains open because a seventh alleged conspirator was never caught.

See Original Post

Reposted from Artnet News

Authorities evacuated the State Hermitage Museum in Saint Petersburg on Thursday after members of its staff received an anonymous bomb threat over email.

A museum spokeswoman tells Artnet News that the Hermitage was among a number of cultural institutions that received the threatening messages today. They include other museums, the Mariinsky Theatre, universities, schools, as well as shopping mall. The museum’s evacuation began at 1 p.m., she says; it remains closed.

The museum posted a brief notice on social media this afternoon stating that several members of staff had received an email informing them that the museum had been “mined.” While thousands of visitors and many members of staff filed out, its director-general and senior curators remained at their desks.

Press images from a Russian news agency show police on the scene and a crowd of people being turned away at the museum’s main entrance.

It is unclear whether the email was sent as a hoax. Last month, Russia was hit by a wave of fake bomb threats that caused a wave of disruption and forced evacuations at malls, schools, and government buildings.

Saint Petersburg has also suffered fatal terrorist attacks in the recent past. In 2017, a suicide bomber killed 16 people and injured 50 in a blast in the city’s metro. In the aftermath of the attack, the Hermitage stepped up its security, introducing screening of visitors’ bags and regular patrols of the building by the National Guard.

The museum has gone to great lengths to protect its collection before. Its director Mikhail Piotrovsky—who succeed his father, Boris, at the helm of the museum in 1990—grew up at a time when memories of the siege of what was then Leningrad during World War II were still fresh. Boris Piotrovsky worked with hundreds of volunteers to safeguard the collection during the war, putting more than one million artifacts and paintings on trains and evacuating them east, beyond the reach of Hitler’s advancing armies. A skeleton staff remained at the Hermitage to protect the building during the worst of the siege.

See Original Post

Reposted from The Voice

Violence in the workplace, unfortunately, is an issue that is not going away, with reports of incidents at businesses and even schools around the country continuing to lead to tragic results.

While the causes of these incidents may vary, one thing is consistent: A business can take the proper steps to secure the workplace to ensure such incidents are less likely to happen and to minimize damage. One key step on the path toward maximum employee safety is the continued emergence of new technology to improve security.


High-tech surveillance

Long gone are the days when businesses had to review grainy video on a VHS tape to see what was happening at their workplace. It’s all digital now, and video feeds can be monitored and stored online, at all times.

Another innovative move is the trend toward pairing entry badges with the camera system, so you can see exactly who is coming and going at all times. If an employee badge is swiped, you’ll be able to see if a different person is using the badge just by monitoring your video. Alerts can also be set up to warn you of possible situations relating to building access.

These types of advances in technology eliminate some of the loopholes criminals may have been able to exploit in the past.

Protect internally

A stranger or disgruntled customer is not always the person who turns violent. While that may happen on occasion, the reality is that often the threat comes from someone you know and trust.

It could be a family member unhappy about a domestic situation, or an angry co-worker taking out their frustrations. These people would already have access to the building, so what can be done in that scenario to keep things as safe as possible?

The solution is to create safe zones internally. Remotely controlled systems can be set up to close and lock office doors, or remotely close off parts of an office building.

While you never want to have to use them, these internal safe zones can potentially save lives in the most serious circumstances, and should be considered by businesses committed to employee safety.

Physical security is key

Managed service providers like NTM offer multiple package options for access control and video surveillance to fit various-sized businesses, so keeping your employees adequately safe doesn’t need to be cost-prohibitive. In the end, whatever business you are in, nothing matters more than the safety of your employees. Having a strong, high-tech surveillance system is a critical part of an IT plan, and can keep you prepared for even a worst-case scenario in the workplace, especially with the advances in today’s technology.

See Original Post

Reposted from El Pais

Last August, two visitors accidentally damaged sculptures by Iranian artist Nairy Baghramian at her exhibition at the Palacio de Cristal in Madrid’s central El Retiro park. The first accident happened just two days after the exhibition opened, when a tourist tripped over one of the sculptures as she was taking a photo.

“The guard saw it happening and ran to stop her from falling on the work but did not get there in time,” explains Jorge García Gómez-Tejedor, head of art restoration at the Reina Sofía museum, the modern art gallery that organized the exhibition. A day later a report by the museum confirmed that the work had been damaged.

“The artist asked us to urgently fix it. She didn’t want the broken glass to be seen,” explains Gómez-Tejedor. “The works are made from very delicate material. We had to handle them with extreme care. I would not be surprised if this had happened to her before.”

Ten days later another glass sculpture, made of four parts and fixed to the floor to the left of the entrance, was damaged in another accident. “While the guard was talking to the head of security about a separate incident, a girl sat down on the piece, causing it to break and for pieces of it to shatter,” explains the second accident report, which has been seen by EL PAÍS. The child was not injured in the accident.

No insurance

“It’s glass mesh and an aluminum structure. Everything is very delicate. We told [Baghramian] that this could happen. They are very delicate works and the artist played at blending [the works] with the space and camouflaging them within the space. This also didn’t help,” says Gómez-Tejedor. “I don’t like accidents happening like this – they’re serious, not just an anecdote. But an accident can always happen, no matter how much foresight we have,” he adds.

The damage to the works will cost the state coffers €13,700 because they weren’t insured. The artist’s workshop assistant will be responsible for reproducing them. The Reina Sofía Museum says that it signed a contract that covered the cost of producing the specific project for the space, but not for insuring the particulars of the exhibition space. All artworks featured in the other Reina Sofía Museum venues are insured – all except for pieces that appear in the Palacio de Cristal.

The Baghramian exhibition cost  €94,000, including the almost €14,000 for the repairs

Given that the space is located in a park, with openings where birds can fly through and potentially stain the works, the insurance budget would be “extremely high.” “They would also impose a series of conditions on us (such as barriers, paths, etc.), which most artists and curators would not agree to. We make a contract with the artists that states that, if there is any damage, as in this case, the museum will be responsible, assuming a much lower cost,” the museum explains. In the case of the Baghramian exhibition, the project cost €94,000 in total, including the almost €14,000 for the repairs.

“Invisible” artworks

Baghramian’s sculptures play with the glass and metal materials of the Palacio de Cristal. The idea behind the camouflage is to open a debate on privacy and exhibition, the interior and the exterior. During her visit to Madrid, the Iranian artist said that the color of the works, which were inspired by the space, made them “invisible.” According to the Reina Sofía, “her sculptures create organic forms with bulges and cavities.”

The pieces are also fragile and poetic, like the Palacio de Cristal itself, which was built at the end of the 19th century as a greenhouse to display exotic species from the Philippines. Last year, more than 1.6 million people visited the space, which has no entry charge. The central site of the Reina Sofía Museum, the Sabatini Building near Atocha train station, received just 50,000 more visitors.

According to Gómez-Tejedor, days before the exhibition opened the site was reviewed by security to decide how many guards would be needed to handle the visitors. “As a minimum there are two guards and another two people in charge of providing information. But everything depends on the piece.”

The Palacio de Cristal has hosted other exhibitions that involved less risk, such as the piece by Danh Vo that was hung from the roof in 2016, a two-hour audio recording of the Hudson River by German sound artist Lothar Baumgarten, and more recently, an installation by Colombian artist Doris Salcedo, where the names of migrants who had died at sea disappeared and reappeared under water.

See Original Post

Reposted from Allied Universal

Many people who wouldn’t dream of leaving their computer or phone sitting in their unlocked car think nothing of leaving those items in an unattended cubicle at work. If you think your belongings are safe in your office, think again…technological advances have bred a whole new generation of criminals called “office creepers.”

These individuals are dressed like your coworkers or building service personnel and rely on the anonymity of busy office buildings to cover them during their crime. However, you CAN prevent an “office creeper” from becoming successful if you use the following tips as a guide:
  

Recognizing an Office Creeper

• Try to become familiar with most of the coworkers in your immediate area. That way, you can easily identify an individual who may be out of place.

• If you see someone wandering the halls or casually roaming about, ask if you can help her/him. Ask questions like, “May I help you find someone?”

• If your building has an access control policy where visitors must wear a badge, you should notify security immediately if someone is walking around without proper identification.

• If you believe an individual seems suspicious, notify security. Be sure to note details about the person’s appearance so that you can thoroughly describe her/him.
   

Tips To Protect Your Office

• Never share keys or access codes with ANYONE.

• Likewise, don’t leave your office keys unattended.

• Keep personal keys and office keys on separate rings.

• Don’t “hide” your wallets or purses in unlocked cabinet drawers or under your desk. This is the first place an “office creeper” may look!

• Position coat racks and hangers away from doorways so that a thief can’t easily snatch items from the outside.

• When leaving your office, make sure to lock the door and mute the telephone ringer. An unanswered phone is a clue to a thief that your office is empty.

• Talk to management about purchasing a security cable for your laptop. This is an inexpensive locking device that secures your computer to the desk so it can’t be removed.

• Keep an accurate inventory of all office equipment, furniture and devices in a locked, fireproof cabinet or in another location completely (like home).

• Clearly mark all of your personal electronics, like PDAs and cell phones with identification. You can use non-removable tags or an inexpensive engraving pen.

See Original Post

Shared by IFCPP Member Allen Bohnert, CIPM

The Center for Collections Care at Beloit College (C³) provides one-of-a-kind opportunities for hands-on learning and practice for museum, library, archive, and conservation professionals and emerging professionals. Our distinctive resources—two campus museums (Logan Museum of Anthropology and Wright Museum of Art), a vibrant archive, historic costume and natural history collections—situated on the residential campus of a small, liberal arts college, provide unparalleled opportunities to gain new skills, network with other professionals, and better prepare for advancement. 

The Center’s courses are taught by accomplished professionals who are committed to sharing their knowledge and expertise. The Center’s residential learning community of practice offers participants the opportunity to connect with and learn from one another. The real impact of Center for Collections Care at Beloit College training is realized when participants return to their home institutions equipped with the knowledge, skills, and confidence to effect positive change.

Learn More

Reposted from the Huffington Post

Protests erupted inside New York’s Solomon R. Guggenheim Museum Saturday night as demonstrators demanded the museum ditch its ties with the Sackler family ― the owners of Purdue Pharma, manufacturer and marketer of prescription painkiller OxyContin.

The museum’s Sackler Center for Arts Education, which includes multimedia labs and lecture theatres sprawled out over 8,200-square feet, was a gift from the family and opened to the public in 2001.

Footage of the incident uploaded to Twitter show leaflets being thrown from one of the museum’s upper walkways as some protesters staged a die-in.

Designed to look like prescription slips, the leaflets were a response to allegations made in a court filing that a member of the Sackler family had predicted the launch of the opioid painkiller would be “followed by a blizzard of prescriptions that will bury the competition.”

Oxycodone, the drug’s active ingredient, is among the most common painkillers in prescription opioid deaths. Per the Associated Press, Purdue Pharma, its executives and members of the Sackler family were recently accused of deceiving patients and doctors about the risk of opioids and allegedly pushed prescribers of the drug to keep patients on it for longer.

The museum did not immediately respond to HuffPost’s request for comment on the protests.

The latest demonstration comes after protesters targeted the Metropolitan Museum of Art last year for its ties to the family, tossing mock pill bottles into the moat at the Temple of Dendur ― housed in the museum’s Sackler wing ― which were labeled: “Prescribed to you by the Sackler Family.”

The New York Times reports that after leaving the Guggenheim, several of the protesters marched down Fifth Avenue with a barrier that read “Shame on Sackler.”

See Original Post

Reposted from Allied Universal

Whether regional or national, business leaders face the impact of globalization. In today’s world, it is not a question of if a crisis will affect an enterprise, but when. Events, such as a terror attack, data breach, pandemic or travel ban, that happen on the other side of the world can affect business resilience and valuation just as much as those down the street or on premise. 

Threat Intelligence—delivered to key decision makers in a timely manner—is crucial for the safety of everyone. And businesses want the ability to garner relevant threat intelligence from cyber chatter most critical to the organization and report it to internal stakeholders, who can quickly act upon it. A variety of sophisticated technology tools are gaining popularity for their ability to easily integrate with security programs. Such tools aggregate, analyze and report threat intelligence in real time—for proactive security response. 

Via open source data channels, social media, the dark web and other publishing platforms, customers use these types of technologies to form common operating pictures to: 

• Act on real-time alerts of threats such as protest activity, suspicious package, or impending disaster within a radius of interest to facilities or assets.

• Monitor personalized keywords or locations across multiple social media platforms.

• Share a common operating picture dashboard of an incident across their organization for collaboration and response as was the case during Hurricane Harvey.

For example, during the 2018 Winter Olympics in South Korea, TX360, a situational awareness and threat intelligence platform, helped customers stay current with relevant information such as:

• Official alerts and notices of events that could potentially affect transportation

• Protest and boycott information and social media content

• Emergency contact and Olympic information for local law enforcement, U.S. Government departments (Embassy, Department of State) and tourism links

• Mapping of the locations, and photos and videos and games schedules

In another example of situational awareness, PlanetRisk ramped up its alerting and reporting dashboards during recent bombings in Austin, Texas, to support timely updates to local organizations the company serves. The platform:
  

• Provided location accuracy, timeliness, and context to the threats that developed over a three-week period and

• Consistently delivered incident notifications of each explosion faster than larger news conglomerates.

Combined with experienced analysts, these types of services provide relevant data required to identify and understand threats to properties and implement core situational awareness programs that reduce risk and improve ROI for any organization.

By integrating platforms like TX360 and ThreatMinder into their security operation centers, or through Allied Universal’s Global Security Operating Center as a Service (GSOCaaS), customers can leverage threat intelligence in a profound way. 

See Original Post