Reposted from Royal Pharmaceutical Society

The president of the Royal Pharmaceutical Society (RPS) has expressed his shock following the “disgraceful” theft of the president’s chain of office from the society’s headquarters in London.

The chain, which is engraved with the names of all past RPS presidents from between 1841 and 1968, was stolen by a lone intruder from a museum cabinet at the RPS’s London headquarters on 11 November 2018. Usually known as the ‘first president’s chain’, there is a second chain that is worn by the current president.

The emergency services were alerted to the theft after the intruder alarm was sounded at 7am.

Amber Butcher, facilities manager at the RPS, said the facilities team attended the site as soon as possible after the alarm to find that two doors leading into the office’s main reception area had been smashed.

“When the police entered they saw that a museum case had been damaged and then when they looked a bit further they saw that the item was missing.”

She added that nothing else from the RPS museum’s collection had been taken.

The chain, which dates from 1901, is comprised of 58 18-carat gold panels.

Ash Soni, president of the RPS, said that although the chain was insured, “things like that are irreplaceable”.

He added: “It’s such a disgrace that it’s the [necklace that was stolen] and [it is] very odd in some ways.

“Of all the things to take from all the various display cabinets, it’s the one thing that’s probably the most recognizable from the RPS perspective because it’s got names of [all past presidents] on it and it’s clearly something which represents the profession. It just seems peculiar.”

Michael Bonne, head of information and facilities at the RPS, added that the police investigation is ongoing with “the primary objective” to recover the chain.

He said: “As with any item in our museum, it is unique and special to the Society and so any loss of this kind is unfortunate and rare.”

See Original Post

Reposted from the Colorado Springs Independent

On July 20, 2012, a former med 
student, James Holmes, shot and killed 12 people and injured 70 at the Century 16 movie theater in Aurora. 

On June 12, 2016, Omar Mateen sprayed the Pulse nightclub in Orlando with bullets, killing 49 and wounding 53. 

On May 22, 2017, Salman Ramadan Abedi set off a bomb in the foyer of London’s Manchester Arena during pop singer Ariana Grande’s concert, killing 23 and wounding 139.

All were carried out in enclosed entertainment venues where people seek enjoyment and a respite from the confusion of an often violent and unpredictable world. 

Increasingly, local entertainment venues, mirroring a nationwide trend, are adding new security measures they hope will prevent attacks — such as banning standard purses and bags, and only allowing “clear bags.” But it’s far from certain that having such measures at security checkpoints at venue entrances deters the bad guys. Holmes, for example, entered an exit door, and the bomber in Manchester waited for the concert to end and set off a bomb in the foyer as guests were leaving.

Consider the record of the Transportation Safety Administration. When tested in 2015, the TSA, which guards the nation’s airports, failed to detect contraband, including weapons, 95 percent of the time. The TSA has since beefed up training, including sending all TSA agents through a training academy. But to this day, some argue the agency gears its policies to past terrorist plots (shoe-bomber, anyone?), rather than anticipating a new ruse.

Some security experts say it’s anyone’s guess whether some measures truly protect the public. One of those is Bruce Schneier, an international security expert, author and chief technology officer with IBM Resilient who’s also a fellow at Harvard University. He says the $7 billion spent on the TSA should be reallocated to intelligence, investigations and emergency response.

He also calls the new bag policies at venues “security theater,” adding, “Any search that doesn’t physically embarrass you is not very effective. When you get arrested and get searched by the police, it is invasive. It is embarrassing. That doesn’t happen when you walk into a football stadium.”

But others say the mere presence of a screening program deters would-be attackers. That’s the idea behind so-called “clear bag policies” and similar bans, representatives at local venues that have enacted the rules say. One of those is Colorado College, which has barred large bags from events unless they’re physically checked by security personnel. But director of campus safety Maggie Santos acknowledges the ban isn’t foolproof.

“If we wanted to be absolutely secure, we would put a box on campus and make it secure, but is it a place you want to be?” she asks.

The Broadmoor World Arena allows only see-through bags and hand-sized purses (clutches), a policy that’s evolved as more entertainers and acts ask that bags be forbidden, says Dot Lischick, general manager. She couldn’t point to a specific incident that triggered the ban, but noted several artists who perform at the 8,100-seat center, as well as the Colorado College hockey team, asked the arena to ban large bags.

“NO large bags, backpacks, or purses will be permitted into the venue,” the arena’s website says, noting exceptions include small clutch bags the size of a hand; clear plastic bags and medically necessary items that have been inspected by security.

“The climate of what’s happening in the world, it’s something that’s on everyone’s mind, and it’s becoming more and more of the norm,” Lischick says.

She also says the World Arena uses a metal detector more frequently than it used to, in keeping with advice from experts who consult with venues across the country. Pikes Peak Center, also overseen by Lischick, is moving toward more screenings, although at present, security ramps up only when an artist or event requests it, she says.

The Pepsi Center in Denver bans all oversized bags and backpacks but allows personal-size bags and containers no larger than 14 inches by 14 inches by 6 inches, though they’re subject to search, the center’s website says. It also notes those without bags can use the “No Bag Line,” which moves quicker. The center also boasts it was the first professional venue in Colorado to install “Walk-Through Metal Detectors” as a permanent security practice.

Similarly, Madison Square Gardens “strongly discourages” guests from bringing bags and backpacks, its website says, noting that all bags are subject to screening.

Movie theaters, too, have adopted no-bag policies. As of February 2018, Cinemark, which owns Century 16 theaters, prohibits bags or packages larger than 12 inches by 12 inches by 6 inches, according to its corporate website. But while any bag can be inspected before entry, there’s no methodical checkpoint procedure to screen everyone.

At CC, Santos reports that guests at events at campus venues — such as the Cornerstone, Armstrong and Celeste theaters — can bring in larger bags, but they must be cleared by security before entry.

“As events happen at these large venues, everybody becomes a little more wary,” Santos says.

She admits the strategy wouldn’t intercept every threatening item.

“There is a certain level of security we can provide,” she says. “We can’t stop everything. We’re providing a level of security, not 100 percent security. I’m not going to do strip searches or cavity searches. I’m not going to do that to provide 100 percent security.”

Bucking the trend, except for specific high-profile events, the University of Colorado at Colorado Springs doesn’t have a standard security policy. That means it allows purses and bags at events, says spokesperson Jared Verner. “We have officers from UCCS Police present at most events where we expect crowds, like at the Ent Center and athletic events,” he says via email, “but we’re not screening people as they come in.”

He adds, though, that certain events warrant higher security, including checking bags, such as the 2017 visit by provocateur Milo Yiannopoulos and the visit by then-presidential candidate Donald Trump in 2016.

Some might view the no-bag policy as unfairly targeting women, who tend to carry purses, since there are few female mass shooters.

But as Santos notes, “How do you know she’s not with a shooter? I don’t want to judge who is or who is not going to do something. If you have one rule across the board that protects everybody, that’s the way to go.”

But Schneier, the security expert, says bag policies might “make you feel better but it’s not going to stop the behavior [of a mass shooter].

“Ask any teenager how to smuggle alcohol into a concert,” he says, adding that a hollow “beer belly” can be strapped on and alcohol concealed inside.

In a blog, he notes the U.S. has 5 million commercial buildings. “It’s impossible to defend every place against everything, and it’s impossible to predict which tactic and target terrorists will try next.”

See Original Post

The Performing Arts Readiness (PAR) project is excited to offer two new training opportunities. Crisis Communication and Reputation Management for Performing Arts Organizations is a new free webinar that will be presented on Nov. 27. Emergency Preparedness 101 is a new live class that will be presented in Pittsburgh, Pennsylvania on December 13.

Crisis Communication and Reputation Management reviews elements of strategic communication that are essential before, during, and after crisis events. This webinar examines how your organization can best prepare to respond to a crisis and restore your organizational reputation. More information and the registration form is here.

Emergency Preparedness 101 is a half-day workshop designed for organizations of all sizes with varying years of operation and at all stages of preparedness planning. The session will cover an introduction to disaster and business continuity planning, risk assessment exercises, information on the PAR project, as well as other available resources. This workshop will be held at The Alloy Studios in Pittsburgh, PA and the registration fee is $50. More information and the registration form is here.

Reposted from Campus Safety Magazine

Thermal imaging cameras equipped with onboard video analytics are capable of classifying human or vehicular perimeter intrusions, resulting in fewer false alarms.

The objective of security is to protect people, locations and assets, and for the threats organizations face daily, early detection of potential problems is crucial. Security staff and third-party monitoring providers rely on alerts generated by intrusion detection technologies as the lifeblood of security.

As helpful as these alerts can be, the unfortunate reality is they are often pain points. The number of false alerts from intrusion detection solutions can quickly become overwhelming for central station operators and law enforcement, especially for outdoor monitoring situations. Weather, animals, foliage and other factors can easily generate false positives.

The best approach to mitigate false alarms is to ensure accurate identification, which not only helps identify valid threats but also increases the effectiveness and efficiency of response. The sooner a response can be put into action, the more likely it is that an organization can mitigate or avert a potential risk.

Unfortunately, verification is another major pain point that creates significant challenges for organizations using many of the available intrusion detection technologies, delaying and hindering critical response.

With these issues in mind, it is important security professionals and end users properly evaluate and select technologies that will augment security by reducing the number of false alarms and increasing both detection and identification. This will help ensure responders are only dispatched for true alarms, maximizing resources and streamlining first response efforts.

A burgeoning means to reduce nuisance alarms through accurate intrusion classification and visual alarm assessment is the application of remote monitoring with thermal analytics. Read on to learn why thermal cameras, especially when combined with other security technologies, are fast becoming attractive options for installing security contractors and central stations.

Heat Signature Advantage

There are a number of technologies typically deployed for intrusion detection, including visible light cameras and motion detection technologies like fence-mounted sensors, microwave and more. While each has its strengths, there are also a number of drawbacks to using any one of these solutions in a standalone capacity.

The main advantage of cameras that create images using visible light, such as conventional surveillance or IR-illuminated cameras, is the images they create are recognizable and easy to interpret. This familiarity makes them a more comfortable choice for end users. However, when it comes to detection, customers face a number of challenges.

The primary drawback to these cameras is their reliance on the amount of available light. In sunshine or a brightly lit scene, visible light cameras perform fairly well. But in shadows, at night or in another situation where lighting is less than ideal, objects can appear faint — if they appear at all.

Another limitation of these cameras is visual contrast. Because they capture only visible light, they can easily be fooled by visual camouflage or situations where similar patterns or colors blend together to obscure people and objects. Similarly, these cameras are also susceptible to being fooled by naturally occurring phenomena such as trees, shadows, animals and other factors.

Traditional motion detection technologies like microwave, radar, fence-mounted sensors and radio-frequency identification (RFID) often fare quite well for detecting potential intrusion. However, as standalone solutions, they are essentially blind compared to surveillance cameras.

For example, when a motion sensor is tripped, security personnel would still require additional information to assess the nature of the alarm, determine whether it is valid, and plan an appropriate response. Without a visual of the scene, there simply is no way to know whether motion on a fence is an intruder, an animal or a tree branch.

Another notable perimeter application technology increasingly deployed across all sectors is thermal imaging. By utilizing thermal cameras, facilities can detect intruders from greater distances regardless of light and environmental factors, giving security forces more time to react and respond.

The reason for this is that thermal imaging cameras don’t suffer the same problems as visible light, IR-illuminated cameras and motion-detection solutions. Thermal cameras clearly “see” the invisible heat that radiates from everything we encounter in our daily lives, creating images from these heat signatures.

This allows thermal imaging to provide clear visuals in complete darkness. And because thermal radiation can penetrate visible barriers like smoke, dust, fog and other phenomena, thermal imaging is largely immune to their presence. For these reasons, thermal imaging is one of the most effective 24/7 surveillance technologies available today.

For example, an intruder located in a densely wooded area would be difficult to detect using a visible light or IR-illuminated camera. With a thermal imaging camera, on the other hand, the person would be clearly visible because of their heat signature.

Thermal security cameras let people see what their eyes can’t: invisible heat radiation either emitted or reflected by all objects, regardless of lighting conditions. Because they see heat, not light, thermal cameras are effective tools in any security setting. They can easily detect intruders and other potential hazards in any weather, as well as day and night.

See Original Post

Reposted from The Guardian

The Vatican Museums are considering putting a cap on visitor numbers amid fears among tour guides that overcrowding could provoke a stampede unless security policy is changed.

The museums, a sprawling structure of 54 galleries containing a vast collection of treasures gathered by pontiffs over the centuries, draw in more than 6 million people a year. But unlike other major Rome landmarks, such as the Colosseum, they currently have no daily limit on visitors.

Speaking to the Guardian on condition of anonymity, tour guides claimed that at least 10 visitors fainted each day as slow-moving crowds filed through the long and narrow corridor that leads to the most popular attraction, the Sistine Chapel, while others have suffered injuries and panic attacks. One visitor was saved by a guard after having a heart attack in February.

The tour guides, who each pay €250 a year for a licence to work there, say conditions are most perilous during peak summer season, when visitor numbers can swell to more than 30,000 a day and temperatures reach as high as 40C. Only the Sistine Chapel has air conditioning.

The building contains a number of emergency exits, but there are only two along the mile-long Sistine Chapel passageway – one at either end.

“The situation is slowly getting back to normal as the high season is over, but from March to October, it is hellish,” said one of the guides.

“Safety is the main problem, because when inside you feel completely trapped, you can barely see your feet. Crowds are one of the most dangerous things; look at what happened in Mecca. It might never happen at the Vatican, but then again it might. That’s what scares me.”

About 3,000 guides work at the museums. Another said she fainted last year and broke her foot. “It’s dangerous for the tourists, for the patrimony and for us,” she added. The same guide looked into suing the Vatican, but lawyers told her it was impossible due to the state having its own set of rules surrounding building security.

In response to the claims, Barbara Jatta, who Pope Francis appointed as director of the museums in late 2016, told the Guardian: “Together with the Vatican governorate, we are strongly working towards fixing the right number from 2019.”

Jatta added that a Spanish firm had been hired to improve the ticketing system and security measures, while work on extending air conditioning to the Raphael Rooms and Borgia Apartments would begin in November. There are also plans to open a second entrance to ease congestion and to extend opening hours on the busiest days of the year. An extra 20 custodians have been hired, enabling previously closed-off galleries to open, while tour guides receive training, with the emphasis on them steering their customers towards lesser-known parts of the complex, such as the Gregorian Etruscan Museum, which will be reachable by elevator from Christmas.

“There are seven miles of corridors – I would advise the guides to take people somewhere instead of the Sistine Chapel,” said Jatta.

But this is the first hint of the Vatican governorate showing serious signs of limiting the number of visitors to its biggest earner. The museums bring in an estimated €100m (£88m) a year, of which half goes to the Vatican state.

The museums also represent the Catholic faith, and the church has in the past been reluctant to close the door to pilgrims who may have traveled to Rome from poorer countries on a once-in-a-lifetime trip, but without booking tickets in advance online. A regular ticket costs €17-€20, while a guided tour that lasts three to four hours is around €70. Private tours can be taken an hour before the museum opens for around €400 per person.

Museum custodians have also complained about safety conditions, writing a letter expressing their concerns to the Vatican’s governorate in 2016.

“They were reprimanded,” said a source at a tourism association in Rome. “At the Vatican Museums the problem is scandalous, but it’s not like situations in Italy where one can protest. We have asked several times for things to change, but they say they have their rules, and so they decide.”

Visitor numbers rose rapidly from 2011 alongside the growth in mass tourism. Antonio Paolucci, the previous director, determined 6 million a year as the upper limit and suggested a cap if the situation became intolerable.

Jatta recognises the huge challenge of ensuring a safe and enjoyable experience for all and protecting the art works from the dust, humidity and perspiration that comes with millions of visitors a year, but also the difficulty of improving conditions in a centuries-old building.

“I understand how difficult it is for tour guides but all our efforts are focused on giving them the best [conditions] in the museums, as it’s also in my interest that they work well and securely,” she said. “We are strongly working towards this.”

See Original Post

Reposted from MIT News

On March 22, the city of Atlanta was hit by cyberattackers who locked city-wide systems and demanded a bitcoin ransom. Many city systems still have not recovered, and the cost to taxpayers may have reached as high as $17 million.

Also in March, the U.S. Department of Justice indicted nine Iranian hackers over an alleged spree of attacks on more than 300 universities in the United States and abroad. The hackers stole 31 terabytes of data, estimated to be worth $3 billion in intellectual property.

And recently engineers at Facebook detected the biggest security breach in Facebook's history. It took the company 11 days to stop it.

The FBI reports that more than 4,000 ransomware attacks occur daily. Large private sector companies routinely grapple with cybersecurity and fending off cybercrime, and corporate security isn't getting better fast enough. Cyber risk has emerged as a significant threat to the financial system: A recent IMF study suggests that average annual losses to financial institutions from cyber-attacks could reach a few hundred billion dollars a year, potentially threatening financial stability. Hacker attacks on critical infrastructure are already alarming, and the security of our cyber-physical infrastructure — the computer-controlled facilities that produce and deliver our energy, water, and communications, for example — are dangerously exposed.

This imminent danger is the subject of study by Stuart Madnick, founding director of the Cybersecurity at MIT Sloan Initiative. In a recent article for The Wall Street Journal, Madnick warned of weakest link in the defense against cyberattacks: people.

“Too many companies are making it easy for the attackers to succeed,” Madnick writes. “An analogy that I often use is this: You can get a stronger lock for your door, but if you are still leaving the key under your mat, are you really any more secure?”

In today’s landscape of escalating cybercrime, resiliency calls for a new kind of leadership and cybersafe culture, requiring the active engagement of both technical and non-technical management. This holistic approach is all the more urgent given the shortage of cybersecurity personnel; in the U.S. alone, 1 to 2 million cyber security analyst roles will go unfilled this year. This holistic approach is the focus of a new MIT Sloan Executive Education program taught by Stuart Madnick and his colleagues Keri Pearlson and Michael Seigel: Cybersecurity Leadership for Non-Technical Executives.

Cybersecurity issues are not purely a technology problem — they are multi-headed hydras that need to be addressed with a multi-disciplinary approach. This timely new program provides general managers with frameworks and best practices for managing cybersecurity-related risk. It also addresses the element common among many of the attacks that strike organizations every day — in particular, attacks that start as phishing or “spearphishing” emails. They rely on people falling for them.

“Such gullibility … is the result of a cyberculture where people are willing to share all kinds of information and try new things all the time,” writes Madnick in his recent WSJ article. “There are lots of good things about that, but also much that is dangerous. So now is the time for companies and institutions to change that culture. It won’t be easy, and it will take some time. But it’s crucial if we want our companies and information to be safe from cybertheft. We have to start now, and we have to do it right.”

The first session of Cybersecurity Leadership for Non-Technical Executives will occur Nov. 6-7.. The program will be offered again in April and July of 2019.

See Original Post

Reposted from Associations Now 

No organization wants to imagine a scenario where its staff are threatened by violence, but it’s important to be prepared. Here are a few security measures associations can take to reduce risk at the workplace.

Along with fire and tornado drills, students now participate in lock-down drills at their schools, where they practice huddling together quietly, away from doors and windows, in the event of an active shooter emergency.

To be honest, it’s always a little unnerving to hear my children talk about those drills, but I remind myself practice helps keep them safe.

Like schools, workplaces should also be helping their employees prepare for emergency situations. For example, CNN’s New York City offices were evacuated yesterday after the cable network received a suspicious package.

“There’s no way to eliminate risk; there’s no way to eliminate any type of security breach,” said Jon Olmstead, co-head of the nonprofit and association practice group at commercial real estate services company Cushman & Wakefield. However, according to Olmstead, associations can mitigate risk by ensuring their buildings are equipped with certain security measures.

An association might have different security needs depending on where its office is located. For instance, Olmstead said that organizations are choosing to move from high-priced rent areas in Chicago, New York, and Washington, DC, to older buildings outside big cities, where there might be less of a police presence and fewer security amenities in the buildings themselves.

At a minimum, associations should ensure that access to the office is controlled with key cards, Olmstead said. Another measure is an office panic button, which can be installed at the reception desk or in other areas to alert the police of a dangerous situation. Some panic buttons can also trigger certain office doors to close, ensuring that the employees within those closed-off areas are safe. Ensuring that building lobbies and other common areas are monitored with security cameras is another smart move.

There are other things to consider as well, said Olmstead. If your association is moving into a building with other tenants, it’s wise to learn as much as you can about them. For instance, if another tenant represents a controversial issue, it could be worth considering a different space in a different building to mitigate any bystander risk that comes from working beside that organization. It’s also crucial to ensure your association is on the same wavelength with its landlord when it comes to security. “But, on the flip-side, those tenants could move out or a tenant could move in that has an issue that you can’t control,” Olmstead said. “Or a building is sold, and you have a new landlord with a different perspective and attitude toward security, so it’s about being prepared and safeguarding as much as you can.”

What security measures has your association taken to ensure staff safety?

See Original Post

Reposted from the Associated Press

Their anger is all over social media for the whole world to see, with rants about minorities, relationships gone bad or paranoid delusions about perceived slights.

The perpetrators of mass shootings often provide a treasure trove of insight into their violent tendencies, but the information is not always seen by law enforcement until after the violence is carried out. In addition, rants and hate speech rarely factor into whether someone passes a background check to buy guns.

The massacre at a Pittsburgh synagogue, the pipe bombing attempts from last week and the Florida high school shooting this year have underscored the dilemma of law enforcement around the country in assessing the risk of people making online rants at a time when social media has become so ubiquitous.

“We can go out on Twitter and there are loads of people saying insane stuff, but how do you know which is the one person? It’s always easy after the fact, to go: ‘That was clear.’ But clearly everyone spouting their mouth doesn’t go and shoot up a synagogue,” said David Chipman, a retired agent of the federal Bureau of Alcohol, Tobacco, Firearms and Explosives and now senior policy adviser for the Giffords Center.

Robert Bowers, the man accused of opening fire at a synagogue in Pittsburgh, expressed virulently anti-Semitic views on a social media site called Gab, according to an Associated Press review of an archived version of the posts made under his name. The cover photo for his account featured a neo-Nazi symbol, and his recent posts included a photo of a fiery oven like those used in Nazi concentration camps during World War II. Other posts referenced false conspiracy theories suggesting the Holocaust was a hoax.

It was only just before the shooting that the poster believed to be Bowers seemed to cross the line, posting: “I can’t sit by and watch my people get slaughtered. Screw your optics, I’m going in.” Authorities say Bower killed 11 people and injured six others, including four officers who responded.

Keeping tabs on social media posts has been used for years by law enforcement to try to identify potential threats. The task is enormous and it’s an inexact science. The volume of posts is significant and the question arises: Is something a true threat or free speech?

They are mindful of the fact that the First Amendment protects Americans’ right to express even speech that many in society find abhorrent — and have to make often-subjective decisions about what crosses the line.

Among more than 550 police departments across the country surveyed several years ago by the International Association of Chiefs of Police, about three-quarters said they regularly searched social media for potential threats.

Lt. Chris Cook, spokesman for the Arlington, Texas, Police Department, said the searches are often done manually, using keywords to try to identify troubling posts.

“It’s very time consuming, it’s very staff and resource intensive and you have humans involved in the process so there is the potential that law enforcement can miss something,” Cook said, adding that departments can’t rely on social media alone. The community needs to be involved to report any suspicious behavior.

“Everyone has to be our extra eyes and ears out there,” he said.

In one case where vigilance paid off, authorities say a black woman received troubling racist, harassing messages on Facebook from a man she didn’t know, prompting her to call police. The tip from the New Jersey woman led Kentucky police to a home where they found Dylan Jarrell with a firearm, more than 200 rounds of ammunition, a bulletproof vest, a 100-round high-capacity magazine and a “detailed plan of attack.” He was arrested just as he was leaving his driveway.

Bowers is not alone among alleged mass shooters in making racist or bigoted comments online.

Dylann Roof, convicted of the 2015 slaying of nine black churchgoers in South Carolina, had posted a 2,000-word racist rant and posed in photos with firearms and the Confederate flag. Nikolas Cruz, the teenager charged in the slaying of 17 students and adults at a high school in Parkland, Florida, hurled online slurs against blacks and Muslims, and went so far as to state he wanted to be a “professional school shooter.”

The rants did not affect their ability to buy guns. When purchasing a firearm, criminal background checks only look for any records showing a criminal past or mental health problems that led to an involuntary commitment.

“I always felt as an ATF agent, the way our laws were structured, ATF stood for ‘After the Fact’,” Chipman said.

There have been some changes, however, to make it easier to alert authorities to warning signs. “Red flag” laws have been enacted in 13 states in the past couple of years, allowing relatives or law enforcement with concerns about a person’s mental health to go to court and seek to have firearms removed at least temporarily.

But Erich Pratt, executive director of Gun Owners of America, cautioned against using social media content to deny someone the constitutional right to own a firearm.

“I abhor hateful comments by the left or the right but I don’t think you lose your rights for simply uttering,” Pratt said.

He likened it to the Tom Cruise movie “Minority Report,” about law enforcement in the future using psychic technology to nab murderers before they commit a crime.

“It’s dangerous to go down this road of Minority Report with pre-crime,” he said. “Nobody should lose their rights without due process.”

See Original Post

Reposted from Computer Business Review

“Organizations are increasingly adopting the zero-trust approach, whereby only trusted users and devices can access sensitive and restricted files and applications”

For the last two decades, most enterprises have relied on an outward-looking approach to security with a strong corporate firewall to prevent external intruders from entering the network. However, with staff increasingly working outside the standard enterprise perimeter, security has become much more complicated: firewall-centric strategies are at risk of being overrun by attackers who can evade defenses without raising the alarm and cause serious damage once they are inside.

The post-perimeter era requires a new approach in which ‘zero-trust’ is the foundation of security.  It’s a model which gives workers more flexibility regarding when and where they log on, but also means that security departments can retain control by verifying everything – and everyone – that tries to connect to systems, before granting access.

Perimeter Security: Gaps in the wall

The boom in remote and more flexible working practices has been powered by increasingly accessible and affordable cloud applications and mobile devices. Even a modest IT budget can incorporate multiple cloud services that will enable workers to access vital files and applications from anywhere in the world and, indeed, it is not unusual for new businesses to be entirely cloud-based.

With staff now potentially just as productive in a coffee-shop between meetings halfway around the world as they are at their desk, the new remote working paradigm is delivering powerful business benefits. However, it has also made perimeter-based security even more untenable; an attacker using stolen login credentials, or a compromised machine, could easily slip through the net and organisations who are unable to differentiate friend from foe will be left wide open to a serious breach.

The degree to which working practices are changing was evident in the 2018 Duo Trusted Access Report, which analysed data from nearly 11m devices and a half a billion logins per month. The report found that 43 percent of requests to access protected apps and data now come from outside the office and network. Between 2017 and 2018 there was a 10 percent increase in the average number of unique networks that customers and enterprise organisations are authenticating from, representing the fact that more work is being conducted from potentially unsecured Wi-Fi networks.

Remote Risks

The threat of a security breach is exacerbated by poor security practices for mobile devices connecting to the corporate network. In particular, our research found that a massive 90 percent of Android devices analysed were running outdated operating systems, followed closely by 85 percent of Chrome OS devices.

A device that has fallen behind on security patches and OS updates represents an easy target for a hacker, who can go on to use a compromised device to spread their attack to the enterprise network. The intruder can also raid the device itself for login credentials, a serious threat as weak and compromised credentials are one of the leading causes of serious security incidents. Any confidential data on the machine, connected corporate network and cloud-based applications can also be stolen or manipulated with impunity.

Trust no One, Verify Everything

With the old perimeter security wall crumbling, it is no longer safe to trust a user simply because they are inside the network. Instead, organisations are increasingly adopting the zero-trust approach, whereby only trusted users and devices can access sensitive and restricted files and applications. Users who cannot prove their identity or the health of their device to a sufficient degree will not be granted access, regardless of whether their request is coming from a presumably trusted location.

Verifying user identity can be achieved through measures such as two-factor authentication, which will prevent an attacker impersonating a legitimate user with stolen credentials. Alongside this, the device must be running current OS updates and security patches and must be free of any malware.

Zero-trust security is best managed with a risk-based approach which revises access requirements based on the potential risk to the business, and external factors that point to suspicious behavior. If a user is logging in from a well-patched, corporate managed device to a work application, they are provided full access without any additional steps. However, if the same user is logging in from an out-of-date personal device, they are required to further prove their identity or are provided limited access.

This process need not be onerous for the user. The flexibility provided by a risk-based approach means an organisation can implement a zero-trust strategy without creating unnecessary barriers for legitimate users that will prevent them from getting on with their jobs as quickly and easily as if they were in the office.

While the age of the traditional perimeter may be at an end, organisations can still protect themselves from attackers by using a zero-trust approach to ensure that only genuine, trusted users are guaranteed access to the network.

See Original Post

Reposted from the Hill

Two separate studies found a notable increase in anti-Semitic images and other posts on Twitter and Instagram over the past year, despite content policies on both platforms supposedly banning hateful content against minority groups.

A study released Friday by the Anti-Defamation League (ADL), an organization that tracks anti-Jewish sentiment, reported the existence of “online propaganda offensives” containing anti-Semitic content designed to intimidate Jewish people and Jewish journalists ahead of the 2018 midterms.

The study also names social media platforms such as Twitter as "key facilitators" of "anti-Semitic harassment."

“The themes of this online harassment against the Jewish American community, especially against journalists and prominent members of this group, have been carried from the 2016 presidential election to the 2018 midterm content,” ADL fellow and Harvard scholar Samuel Woodley wrote in the study.

Nearly 30 percent of the more than 7.5 million tweets analyzed were revealed to be from "bots," or automated accounts, designed to push anti-Semitic content which researchers agreed was “worse on Twitter than on Facebook," according to the ADL.

“Online hate is not some idle threat that just lives online and can be ignored. Technology companies need to work harder and faster to curb the vicious violence-inducing harassment on their platforms,” the ADL's CEO Jonathan Greenblatt said in a news release.

A separate study from Columbia University professor Jonathan Albright found Instagram searches for "George Soros," a Jewish American billionaire Democratic mega-donor turned up impostor accounts often containing anti-Semitic smears of the businessman, according to NBC News. Similar images and posts could be found by searching "#Soros" on the platform.

“What was shocking to me for this Soros tag were the nature of the images and the prevalence of hate speech in the captions,” Albright told NBC News. “Especially this close to the 2018 election, and in spite of what happened last time around.”

On Twitter, Albright suggested solutions the tech platform could follow to cut down on anti-Semitic content.

"My recommendation to @Instagram: shut these hashtags down. Seriously," he wrote. "[A]nd please, for once, stop autofilling and suggesting queries for controversial topics."

In a statement to NBC, Instagram said it was reviewing Albright's findings but said the company had not noticed a noticeable increase in prohibited posts related to Soros.

"We are working closely with Facebook to understand the false content they are seeing, and applying those insights to Instagram to detect any policy-violating behavior. Any content which violates our Community Guidelines, for example hate speech, will be removed," an Instagram spokesperson told NBC.

See Original Post