INTERNATIONAL FOUNDATION FORCULTURAL PROPERTY PROTECTION
The security insight you need…right at your fingertips! Here is your monthly recap of Allied Universal blog posts. Don’t wait for this email. Receive your industry updates as soon as they are available! Subscribe here.
Staying Prepared All Year Long
By Katy Samaha
The theme for the 2017 National Preparedness Month, observed in September, was “Disasters Don’t Plan Ahead. You Can.” Though the official observance has passed, it shouldn’t deter businesses from adopting plans to be prepared all year long. Whether natural or man-made, emergencies can wreak havoc and result in loss of lives and property. However, not all emergencies become disasters—the difference is in how effectively people respond. For security professionals, emergency preparedness training is critical for high profile events and localized situations including civil disturbances, medical emergencies, hazardous material release and power failures.
Extending Your Options and Quality of Work through Collaboration
By Jonathan Kassa
Safety and security on a college or university campus is critical. The right blend of resources can create a dynamic security program that helps campus community members feel safer, deter crime, improve safety awareness and control costs. The Clery Center video, Part of the Fabric, describes the role of campus security professionals as integral stakeholders in a comprehensive campus community-based public safety model. It’s one of a suite of free 5-10 minute videos with accompanying companion guides that assist institutions of higher education to deliver consistent, pertinent training for their public safety and security professionals.
Featured Blog Topics ...
Managing Tabletop Exercises for Improved Preparedness
By Paul Caruso
You have real opportunities to improve your organization’s readiness to manage a crisis. Developing emergency preparedness plans is critical, but a challenge arises when the planning efforts end with the plan creation. While it is better to have a plan than to be completely unprepared, a constant state of readiness is only possible if the plan is challenged and practiced. Tabletop drills are an excellent way to practice, evaluate – and ultimately, improve – an emergency preparedness plan.
Risk and Resilience in the Security Sector
William J. Powers, III, CPP, CIPM II, CIPIIFCPP Advisory Board Member & Sergeant at Arms
William J. Powers, III, CPP is director of facilities at the Clark Art Institute in Williamstown, Massachusetts. The Clark’s 140-acre campus includes five buildings that house museum galleries, an art history library, an auditorium, research facilities, a sophisticated physical plant, and offices. The campus also has an expansive landscape, including a reflecting pool, woodland meadows, and walking trails. The Clark’s permanent collection includes American and European art amassed during the first half of the 20th century by Francine and Sterling Clark.
To secure this eclectic campus, Powers oversees 12 full-time employees and a 60-person contract security staff. In his 22 years at the Clark, Powers has seen much growth in the institute’s programs and facilities, including a recent $170 million expansion and renovation. “I worked very closely with the security consultant on product selection,” says Powers. “I am proud to say that the installation and implementation of the choices were seamless.” The result, he adds, is a system that is a model for other institutions.
Powers’ biggest challenge is responding to HVAC alarms. “The museum requires very stable climate control 365 days a year,” he says. “I have found that if you follow acknowledged best practices you can have peace of mind.” He credits his affiliation with ASIS International for giving him access to the latest best practices, as well as subject matter experts.
Two achievements helped Powers reach his current status. The first was completing his master’s degree. At the time, Powers was supporting two children in college, and attaining that degree seemed impossible. But he applied for and was selected as a recipient of an ASIS/University of Phoenix scholarship. The second was when Powers received his Certified Protection Professional© (CPP) certification. “These two events really lifted my confidence and proved that I was a true professional,” he says.
Powers was an ASIS volunteer leader for many years before pursuing the CPP, and knew peers who had their CPPs. As past chair of the ASIS Cultural Properties Council and current member of the Awards Committee, “I wanted to be recognized that I am in those positions for a reason.” Studying for the CPP also pushed Powers to review guidelines and best practices that he otherwise might have overlooked. In his position, he must understand all facets of security—physical, electronic, and cyber. By earning his CPP, he says, “I confirmed my competence in all aspects of security management,” he adds.
Powers never expected to be in his current position. A trained auto mechanic, his first job was in the facilities department of a museum. He eventually became director of facilities at that institution, which included oversight of security.
Today, Powers mentors young professionals coming into the field, reminding them that private security can provide a career path that is personally and financially rewarding if they work towards professional certifications. To that end, Powers advises taking a CPP review course and investing time in studying for the test. The payoff, for Powers, is obvious: “I am now a more effective, well-rounded security professional.”
Reposted from ASIS
See Original Post
Reposted from Slate.com
Climate-resilient design is on the rise. Museums, seeking to protect their priceless art, are on this cutting edge.
When Superstorm Sandy ripped through New York City in October 2012, it did not discriminate. At the construction site of the new Whitney Museum of American Art, chief operating officer John Stanley recalls “mechanical equipment bobbing like corks” in the floodwaters. And at the Rubin Museum of Art, a few blocks uptown, and upland, the museum lost power—a necessity for preserving the artifacts from environmental damage—and the backup generators weren’t enough to keep the facility running. “We thought if we do lose power, in the history of New York City, it would be for a day or two,” executive director Patrick Sears says. “No one really anticipated we could go without power for a week.”
But as once-rare storms like these become more common and more consequential (Sandy caused an estimated $70 billion in damage, behind only Hurricane Katrina), coastal communities are reorienting to a world where they might be underwater at a moment’s notice. And museums are leading the charge when it comes to bolstering up in the face of extreme weather—after all, financially speaking, they might have the most to lose. Along the Eastern Seaboard, from Miami to Manhattan, curators are going to extremes to safeguard their art. And in doing so, they’re testing out ideas and processes that might later be adopted by everyone else who lives on the coast.
Looking back, Stanley says the timing of Superstorm Sandy was actually fortuitous for his museum, the Whitney. Because it was early enough in construction, the team was able to revise its plans with water in mind. “We searched the world for flood experts and engineers,” he says. With the help of WTM Engineers in Hamburg, Germany, the Whitney design team re-evaluated the entire site and, as the Atlantic reported in 2015, built one of the most flood-resilient structures in town.
All along the Eastern Seaboard, from Miami to Manhattan, curators are going to extremes to safeguard their art.
As a result of lessons learned in Sandy, the museum is waterproof up to 16½ feet thanks to its raised elevation and carefully selected materials. It’s also got walls galore: A 500-foot-long mobile wall can be constructed in less than seven hours to protect the museum from a storm surge’s impact, and a 14-by-27-foot flood door can withstand the force of a semitruck floating (or flung) across the West Side Highway. Stanley says it cost just $10 million more to disaster-proof what was, in total, a $220 million project. And though the safeguards haven’t been tested the hard way, he’s confident they’ll rise to the occasion if—or rather, when—another disaster unfolds.
Some museums farther south on the Atlantic seaboard have already lived to see their hurricane-resistant designs tested by storms. Employees at the Salvador Dalí Museum in St. Petersburg, Florida, recently weathered Hurricane Irma with little damage. Back in July, a videographer for the Washington Post filmed inside the “surreal shelter from the storm.” To protect the precious collection, the Dalí relies on 18-inch-thick walls, which are built to withstand the winds of a Category 5 storm, and fortified glass, which can hold up under the pressure of Category 3 winds. As with so many other museums, the Dalí’s decision to gird its infrastructure seems financially sound: If its walls were breached, the largest collection of Salvador Dalí paintings in the world, priceless and carefully preserved over the past century, could be lost in an instant.
The architectural features that make the Whitney, Dalí, and similar spaces so safe have recently begun to proliferate far and wide, thanks in part to consumer demand and new municipal standards. Perhaps the purest emblem of this surge-priced survival model is the new residential American Copper Buildings. Like the Whitney, these structures sit in Evacuation Zone 1, but on Manhattan’s eastern shore. While it seems damage from another hurricane is all but guaranteed, the waiting list for a unit in one of the American Copper towers is long.
That’s due primarily to the fact that the $650 million buildings, which were started before Sandy hit, reportedly go beyond even the city’s newest resilient design codes—and look great doing it. Connected by a three-story skybridge, the two towers have an elevated lobby that makes them virtually waterproof. The building is also served by rooftop backup generators that promise enough energy to run the elevators plus one fridge and one electrical outlet in each apartment indefinitely. In January, the New York Times wrote this glowing report:
There is a breathtaking view of the mid-Manhattan skyline, pierced by the Empire State Building, from the 48th floor of the taller of two new copper-clad apartment towers along the East River, just south of the United Nations.
No plutocrat will enjoy it, however. This impressive penthouse aerie is hogged by five emergency generators. The window is already blocked by a bank of electrical switchgear. For the developers, giving up premium space to machinery is insurance against an ominous future: They want tenants in the towers’ 760 apartments to be able to live in their apartments for at least a week, no matter how high floodwaters may reach nor how long the power is out.
Sure, in the face of an impending storm, residents will still have to get the hell out just like any other New Yorker adhering to evacuation mandates. But American Copper promises them a return to a clean, safe, and electrified home.
Only 39 percent of Americans have a disaster preparedness plan.
Though JDS Development Group, which owns American Copper Buildings, may have been leading the charge on resilient design, the rest of New York City’s new construction is quickly catching up. After Sandy, the Mayor’s Office of Recovery and Resiliency set about studying the metro area’s weather and climate vulnerabilities and crafting solutions. Recently, the city began implementing new building codes, and all new construction is now held to these updated resiliency standards. “We’re not just doing one-off resilience projects. We’re baking resilience into the entire capital program,” the city’s chief resilience officer Daniel Zarrilli says.
Even with the support of the city, resilient design can be hard to scale. Retrofitting old buildings is harder than raising more capital to bolster new designs, according to many architects. Raising an existing single-family home on stilts, as many thousands of East Coasters have done since Sandy, can cost more than $100,000—on a house that’s maybe only worth $400,000. That means that while the Whitney’s resilience costs were less than one-twentieth of the new project cost, the owner of an existing home is looking at resilience costs as high as one-fourth of their total property value. While some local and federal support has been made available to storm victims, the costs of these programs have quickly ballooned—even after many withdrew their applications due to overwhelming bureaucracy and out-of-date flood maps.
It’s clear that equitable resilience will take not just effort and money, but time. “There will just be a slow changeover of the entire housing stock in New York City that slowly meets these codes,” Simon Koster of JDS Development Group says. Given that 66 percent of New York City’s buildings were built before 1960 and aren’t likely to change over in the near future, this doesn’t seem particularly hopeful.
But other less intensive measures are being taken to ensure New Yorkers weather the next storm—and museums can serve as a model here, too. The Rubin, which showcases art from the Himalayan region, didn’t have the budget to undertake big post-Sandy capital improvement projects. While the board paid for a few big-ticket items like a stronger, waterproof roof, it’s poured most of its efforts into better training and communication. “We’re thinking about manual ways, simple ways, things you can buy on Amazon,” Sears says. One of his favorite investments is a windup cellphone charger that doesn’t require an electricity source.
Unlike 18-inch concrete walls, disaster plans like these can be constructed by anyone. But a 2015 Federal Emergency Management Agency survey showed only 39 percent of Americans have their own plan in place. The Rubin, which has a disaster plan 153 pages long, believes this has to change. Other museum strategists agree: “You can call it paranoia, or you can call it strategy,” says Kathy Greif of the Dalí Museum. “I prefer to call it strategy.”
If museums are so prepared, could they help the rest of us—literally? Not really. Unsurprisingly, you won’t be weathering the next hurricane from inside the Met. Though all of the museum leaders I spoke with agree that human lives matter more than paintings, serving as a shelter still seemed to compromise their central mission, which is protecting their collections. Even if it could theoretically provide reprieve, the Whitney sits on the leading edge of Evacuation Zone 1, which means people should be headed out of the neighborhood, not into even the most disaster-proof buildings. The Rubin, meanwhile, wouldn’t physically have the space to serve as a shelter during a flood, as art typically hung in lower-level galleries would be moved into many of the hallways and upper galleries. In the end, its strategies like these that will save the precious artwork. But it’s clear they’ll limit room for, well, people.
Reposted from ASISOnline
Active shooter simulation exercises are undoubtedly the most effective way to prepare for a real-life scenario. These scenarios mimic the stress and chaos of an actual event and reinforce the principles of survival taught in active shooter training programs.
But in recent years, some companies have taken that idea to the extreme, conducting surprise active shooter drills on unsuspecting employees, students, and teachers.
Michelle Meeker, an employee at a Colorado nursing home, filed a federal lawsuit against a local law enforcement officer and her workplace in July 2014 for being taken hostage during one such drill. Meeker had no idea it was a simulation, according to The Wall Street Journal, and tearfully begged for her life as the “gunman” forced her into an empty room. She sued for damages after being so traumatized from the event that she quit her job.
Similarly, an Oregon teacher filed suit against her workplace after a man dressed in a black hoodie and goggles burst into her classroom and brandished a gun loaded with blanks, then pulled the trigger. “You’re dead,” the gunman said to her, and walked away. The teacher believed she might have really been shot and was going to die, OregonLive.com reported in April 2015.
At a middle school in Winter Haven, Florida, teachers and students alike were terrified when two armed police officers swept through classrooms with weapons drawn in November 2014. Parents were outraged, the principal was suspended, and the school resource officer reassigned in the aftermath, according to The Washington Post.
And these aren’t just recent phenomena. Security Management has reported on these types of incidents for at least 20 years.
Such training methods cause unnecessary panic and trauma. While the simulations themselves are a critical part of any effective active shooter training program, these kneejerk reactions to the proliferation of mass shootings accomplish nothing, as the focus in the aftermath is on people’s confusion and anger. Rather, the most effective way to prepare for a potential active shooter event is to combine announced simulated exercises with training materials that constantly reinforce the principles of the program.
The chief goals of these programs are to eliminate the threat and to teach victims to survive. However, as an attack is taking place, no training will completely ensure the safety of those involved or guarantee that the shooter will be taken down.
The human factor is unpredictable—but with proper training and repetition, an effective response will become ingrained in the actions of employees. Certain movements will become a part of one’s muscle memory, thus aiding the individual during an actual shooter event. The benefits of such programs can aid participants in a number of real-life emergencies, not just active shooter situations.
Program components. An active shooter scenario will put any crisis plan to the test, and its success or failure rests in how well and how often people are trained to respond to an incident. Conducting a simulated exercise that mimics an active shooter event is the best way to acclimate employees to the factors involved in these crises.
Hiring specialized companies that facilitate training and simulation can help organizations close the gaps that they may not have otherwise noticed. These firms bring with them both expertise and experience that businesses lack.
To develop effective response tactics, security personnel should understand what environmental and human factors typically occur during a shooting, which they can then simulate in training exercises. Loud noises—including gunshots, screams, breaking glass, alarms, and public address announcements—are to be expected. Consulting companies can provide such noises over speakers during the simulations to heighten the stress and reality of the scenario. The physical environment will be in disarray as high concentrations of people flock to exits or seek cover. There is also the possibility of visual trauma, including seeing the shooter as well as wounded or deceased victims.
The duration of the event should be considered when conducting training. While the length of the active shooter event may last anywhere from minutes to hours, police response and investigation may require witnesses and victims to be involved for up to several hours.
Psychological stress is also inevitable. Each person will process the shooting in different ways, and the nervous system response will kick in and possibly override any training received. Similarly, physical stresses may be imposed upon the body, including having to run, navigate stairs, lift or push heavy items, or possibly carry a wounded victim to safety.
To ilustrate this, active shooter training programs in corporate, educational, and religious settings often include a 150-pound dummy that trainees practice dragging to experience the unaccustomed physical exertion.
Given the various scenarios that have occurred in real-life active shooter situations, simulations should vary so that participants can’t anticipate the gunman’s actions. Having him enter from different points and take various routes through the facility will keep the trainings fresh.
The drills can be conducted as often as quarterly or as infrequently as once a year, depending on the size and capabilities of the company. Fire, police, and EMS personnel should be involved in at least one training per year. Tabletop exercises among key staff are also a good option to refresh critical decision making skills.
These simulations should be supplemented with training materials that reinforce the principles practiced during simulation. Reminders about the importance of awareness and preparedness can be placed in company newsletters or on websites. Classroom trainings to introduce basic concepts that will be practiced during the programs are encouraged, but they need not be repeated as often as the training scenarios.
The same training and preparedness principles deployed by these programs apply to other emergencies, like severe weather or medical events. During an earthquake, for example, similar physical stressors and environmental conditions are present, and there can be panic, confusion, and communication issues. Active shooter programs will apply and reinforce responses to a range of possible scenarios.
A community center in the California Bay Area recently set up an effective active shooter program. The center’s campus includes about five buildings and a school. The center formed a crisis response team from its core employees, and everyone on the team has a distinct role in the event of an active shooter or any emergency, including a severe weather event or medical crisis. The team rotates every few months so each person receives training for every role.
As part of the active shooter training, the center purchased communication equipment, including radios, to deploy in case cellular towers go down. The company also established a command post during simulation trainings where team members could wait for police response. Redundancy is built into the roles so that if one person falls victim to the active shooter or emergency event, someone can step in and fulfill that person’s response protocols.
Popular protocols. One popular active shooter response protocol is the U.S. Homeland Security Department’s “Run, Hide, Fight” program. It was designed as a simple means for people to recall what to do during an event in just three verbs, but this approach may oversimplify the human response mechanism.
Running at the first sign of gunfire may not always be the best option depending on where the shooter is, how far one has to go to reach safety, and whether there are small children in tow, for example. To hide or shelter in place can be a lifesaving response, provided that the room can be locked and barricaded with heavy furniture to offer cover from potential gunfire.
Hiding below a desk or on the floor does not guarantee cover if the shooter breaches the door. Hiding adjacent to a door, not in front of it, is recommended. This way, if a responder needs to engage the shooter in a fight by positioning himself or herself near the door, the shooter can be taken by surprise. If the door isn’t locked or barricaded well and the shooter comes in, a responder may have to improvise and find something to throw at the shooter.
It’s possible that there isn’t sufficient cover in a room. Such was the case in the mass shooting at a health department in San Bernardino, California, in December 2015 that left 14 people dead. Survivors reported that they deployed the skills they had learned earlier in an active shooter training course by hiding behind tables and chairs, but the large room was mostly open space without much cover. In these scenarios, attempting to stay outside of the line of sight, in the peripheral vision of the shooter, is the best cover.
To fight back against the shooter, responders must be able to identify and take advantage of improvised weapons in their environment and use them as the shooter enters the room. If not practiced previously in a live realistic setting, the fight phase can end horribly for the responder. Expecting someone to fight back against an armed assailant if they have never practiced that before is unreasonable.
Due to these concerns, as well as the unpredictable nature of active shooter events, organizations implementing “Run, Hide, Fight” should carefully consider supplementing it with extensive training tactics in their active shooter programs.
Program costs. Several firms offer active shooter response programs and training for organizations. The cost of active shooter programs will vary based on factors such as the number of participants, number of buildings on the campus, and number of drills coordinated with first responders.
A flat fee of $5,000 for a small organization may cover a day’s training plus educational materials, such as posters, booklets, online tools, and assessments. Offering ongoing training as part of an onboarding hiring process will incur recurring fees but will help the organization be better prepared.
Some programs offer to certify people as active shooter response instructors for $500 and more. There are other providers that offer armed response training for the cost of $1,500 per person.
The steps outlined in this article will help an organization set the groundwork for establishing an effective active shooter response program. Companies should tailor the program to their individual needs and ensure that all employees are trained on proper protocols.
If a thorough risk assessment is completed, incident response plans are put in place, and trainings and simulations are carried out on a regular basis, the organization’s efforts may ultimately save lives.
Reposted from SCMagazine.com
The threat is huge. The response? Not so much. Or at least the response isn't on par with the threat when it comes to ransomware.
Even as ransomware continues to threaten industries, costing organizations an estimated $1 billion in 2016 and predicted to be even more expensive this year following WannaCry, Petya and other high profile outbreaks, many organizations skip out on some obvious steps that could help them prevent future infections, such as properly training employees on online safety, actively monitoring their networks, ensuring systems are patched, and properly backing up important files to name a few precautions, do.
Until IT departments start taking these threats seriously and taking a more proactive approach, organizations will continues being hit with otherwise preventable attacks. Known vulnerabilities with available patches are providing gateways for criminals to infect entire networks such as with WannaCry and it's crucial that organization ensure they're systems are up to date to prevent repeats.
WannaCrypt ransomware was distributed through the EternalBlue Windows SMB vulnerability, a flaw that was patched in March 2017 but was heavily exploited in the May 2017 WannaCry attacks and June 2017 NotPetya attacks. The attacks didn't have to be as damaging as they were.
SiteLock Web Researcher Michael Veenstra told SC Media that beyond the ever-present need for strong data loss contingencies, the most important thing an administrator can do is maintain effective security policies across the board that ensure systems are maintained and patched in a timely fashion.
“The EternalBlue vulnerability was patched on all supported Microsoft operating systems two months prior to the WannaCry outbreak, and one month before the existence of the vulnerability was publicized by a leak from the Shadow Brokers,” Veenstra says. “Organizations affected by this attack would have been saved countless dollars – between paid ransoms, incident response, and immaterial costs like the loss of customer trust – if the servers on their network were kept up-to-date.”
Ignorance of how ransomware attacks work also contributes to the spread of ransomware infections. Employees often aren't aware of best practices to prevent attacks. Human errors can prove just as dangerous, if not more so, as unpatched systems, meaning that organizations should work to better educate employees on how to spot phishing attacks and admins should enable backups and contingency plans in the event of mistakes, researchers say.
“According to Verizon's DBIR Report, the use of social actions, like personalized phishing emails, increased from 8 percent to 21 percent of malware incidents in 2016,” Cyberbit Chief Technology Officer Oren Aspir tells SC Media. ”By training employees to avoid phishing emails the majority of ransomware will be avoided.”
There's an added bonus for putting effort into training. Preventing phishing attacks can also curb other cyberattacks as well, Shalabh Mohan, vice president, products and marketing, at Area 1 Security
“Phishing is the root cause for a majority of all cybersecurity incidents; and that includes ransomware breaches,” Mohan says. “In order to truly protect against ransomware, organizations should look towards stopping phishing attacks comprehensively for their end users, irrespective of what attack vector it may be coming from.”
STEALTHbits Technologies Chief Technology Officer Jonathan Sander told SC Media the while there are very good platforms that can ramp up user awareness of these threats, the real trick is to find ways to keep the damage to a minimum in the case where ransomware does get in.
Experts agree, Dean Ferrando, SE Manager – (EMEA) at Tripwire told SC Media “organizations should continually test their backups and implement a streamlined restoring process to reduce the impact an attack will have on trade” in case an infection slips through.
One of the biggest ways to reduce the damage of a ransomware attack is by ensuring all important files are frequently backed up in a safe place in the event of a compromise.
“Fresh backups are key to remediating after a ransomware attack, and destructive attacks more generally,” Chris Doman, a security researcher at AlienVault, tells SC Media. “It's also important that the backups are located somewhere that the ransomware can't touch” since it's possible for ransomware to infect backups as well.
It's also important to understand that cloud storage can also become corrupted and plan accordingly to prevent cloud backups from becoming compromised as well. As more organizations move to the cloud, researchers warn organizations to keep track of the blind spots that could arise from using these platforms.
“In the cloud, you get huge advantages in agility but it's also harder to maintain an accurate assessment of your entire environment,” Tim Prendergast, CEO at Evident.io., says. “New functionality is turned on, updates are deployed, and default settings run counter to your policies; no one organization can see and respond to everything going on.”
Prendergast says ransomware in the cloud takes advantage of unprotected data, services and servers operating in company cloud environments and that once the malware has infiltrated the environment through one of many potential weakness, it locates and encrypts unprotected data and systems to fuel ransom demands for Bitcoin, Ethereum, or other digital currencies.
“An organization that carries out an effective data-backup strategy for servers and for user-endpoints is far more likely to successfully recover from a ransomware event than the organization that puts their faith in the criminal's ability to assist in a recovery,” says Scott Keoseyan, threat intelligence leader at Deloitte Risk and Financial Advisory Cyber Risk Services.
Organizations should also ensure they have the proper tools to effectively monitor their networks and spot potential attacks before they can cause major damage.
Keoseyan saysa comprehensive vulnerability management program that provides a continuous monitoring outlook of an organization's publicly-exposed assets, is critical and that the information gathered must be fed into a remediation process that includes timelines and SLAs for mitigation and remediation.
“Incident response, disaster recovery and business-continuity planning had been moving in the direction of understanding things like ‘how to acquire bitcoin to pay ransoms' but it is critical that these key cyber-security and IT processes be adapted to account for scenarios where recovery via ransom is not an option.” Keoseyan says. “This means that an organization that carries out an effective data-backup strategy for servers and for user-endpoints is far more likely to successfully recover from a ransomware event than the organization that puts their faith in the criminal's ability to assist in a recovery.”
Some researchers recommend going above and beyond, if possible, to ensure their systems are protected. Eldon Sprickerhoff, founder and chief security strategist at eSentire, says the majority of his clients have taken better-than-usual precautions against ransomware which include the technical hardening of systems, improved analysis of attachments through upstream email services, local firewall/mail server, hardening of workstations including improved patch rigor, restricted access, removal of local administrator, disabling macros through GPO, endpoint solutions, and more.
Sprickerhoff says these measures were coupled with coupled with a better sense of what's appropriate from a backup/restore perspective. He notes that even with training employees can still be at risk in which one of his clients was tasked with opening another employee's email since the other employee was on vacation and almost exposed the network to malware.
“Even though they had ransomware-specific training, they disabled all of the protections and became infected when they opened an email with ransomware.” Sprickerhoff says. “We identified and shot down the attack immediately, and the client restored quickly from backup.”
He says these types of scenario underscore the necessity for a multi-pronged approach that includes technical precautions, training, eyes-on-glass, rapid incident response and backup/restore capabilities.
Sander had a similar experience that testifies to the importance of monitoring networks for unusual activity and taking alarms seriously. As soon as an alarm went off signaling unusual activity everyone including the Engineer though it was a mistake but soon they learned it wasn't and found themselves in an all-out ransomware attack. Ultimately the attack didn't spread far and the firm only lost a few files on the first machine that was hit with the attack which belonged to a user who clicked a malicious link. And most of that user's files had already been backed up which minimized loses even more.
And while it's important to take every measure to prevent and minimizing attacks, researchers emphasized there is no silver bullet to preventing ransomware attacks and that firms have to remain diligent against the threats.
"There is no fool-proof method to completely avoid ransomware attacks, you can only try to prevent some from succeeding, minimize the damage of those that succeed and reduce the time and effort of recovering from such an attack.” Mounir Hahad, senior director of Cyphort Labs, says, adding that you can't afford the time to decide if you should pay the ransom or not as you are under attack.
Other experts agree. Ilia Kolochenko, CEO of web security company High-Tech Bridge, contends “we'll hardly invent any groundbreaking techniques to fight ransomware without following cybersecurity fundamentals.”
Until companies “perform holistic risk assessments to establish a cybersecurity strategy with a priority-based roadmap, any “local” solutions will likely fail or give temporary relief,” Kolochenko says. “Comprehensive inventory of all your digital assets, their proper maintenance and patch management, security hardening and continuous monitoring - are among the pivotal processes, essential to reliably preventing ransomware.”
Prevention is key and using tools like AV, Sandbox, IDS, spam filtering, Threat Intelligence feeds in addition to frequently backing up systems will help organization remain resilient against ransomware attacks.
“Once an adversary encrypts your data, your options to deal with the attack get very limited, very fast,” Sanjay Kalra, co-founder and chief product officer at Lacework, tells SC Media. “The most important defense against a ransomware attack is to be prepared before it happens.”
Reposted from WestCampus.Yale.edu
Over 200 members of the Yale community gathered October 26th for a symposium and reception marking the 10-year anniversary of Yale’s West Campus. The campus was purchased in 2007 from Bayer Pharmaceuticals and today is home to the Yale School of Nursing, seven research institutes, and numerous partners from across Yale.
“We want to recognize the work of the faculty, students and staff who have given so much to shape a vision for the West Campus in such a short time,” said Scott Strobel, Vice President for West Campus Planning and Program Development.
The symposium featured talks on cancer biology, energy science, chemical biology, cultural heritage, nursing, microbial science, systems biology and nanobiology, spanning the breadth of Yale’s scientific focus on the challenges of human sustainability.
Introducing the symposium, former Yale President Richard Levin recalled the early negotiations on what was referred to as the ‘deal of the century.’
“It was like Yale’s Louisiana Purchase,” he said of the decision to add a third to Yale’s real estate outside of New Haven. “We knew it was an incredible investment in Yale’s future, and to see what has happened already is incredible.”
Strobel recalled the “massive emptiness” of the campus before the first Vice President, Michael Donahue, convened thought leaders from across Yale to brainstorm ideas to put the space to use, including the concept of creating institutes and supporting Yale’s collections.
A Pioneer Council was convened in 2008, with Janie Merkel (Yale Center for Molecular Discovery), Shrikant Mane (Yale Center for Genome Analysis), Tim White (Yale Peabody Museum of Natural History) and Carol DeNatale (Yale University Art Gallery) and others driven to make the new space work by the growing needs of their own programs.
Through the constancy of key staff such as Kelly Locke, Chris Incarvito, Amy Mulholland and Keith Draghi, and with the Yale Dining team of Donna Hall, Chris Jamilkowski, Lisa Hopkins and Tiffany Moore anchoring the Conference Center as a central gathering space, West Campus Administration set to hiring faculty and transforming the former pharmaceutical facility into open plan science and art conservation space.
The West Campus Institutes today connect 41 faculty laboratories with attendant graduate students and post-docs across health science, cultural heritage, and energy science.
The August 2013 “tipping point” for the campus was the relocation of the entire Yale School of Nursing from New Haven, almost doubling the campus population. “Nursing is a STEM science, and also a STEAM science. We know that work is going on right here at West Campus, across the Institutes and at the School, where we have the opportunity to take that to the next level,” said Dean Ann Kurth.
In 2016, the Yale Landscape Lab was created to open up the total 136 acres of campus to connect scholars from across Yale for sustainability-related research and learning.
A community of almost 1700 people now occupies the 17 buildings that make up Yale’s West Campus. “I want to thank everyone for making the West Campus a success,” concluded Scott Strobel. “We’re not done yet. Some buildings are still empty. We still have room to grow and programs to build, to imagine what is possible in addressing the world’s biggest challenges.”
Reposted from Trade Show News Network
It goes without saying that meeting security is at the top of everyone’s minds right now. After the recent incident in Las Vegas, planners need to make sure that they – and their venues – are as prepared as possible to handle any emergency that may take place.
The Exhibitions and Meetings Safety and Security Initiative (EMSSI) was launched in 2016 by the International Association of Venue Managers (IAVM), the International Association of Exhibitions and Events (IAEE) and the Exhibition Services & Contractors Association (ESCA).
EMSSI’s mission is to protect the $283 billion U.S. meetings industry and the millions of people who attend meetings, conventions and exhibitions. Its supporters, which include more than 60 leading industry associations, hope to do this through the establishment of national guidelines for convention centers and related venues around the U.S., as well as alignment with the Department of Homeland Security (DHS) and the Safety Act office.
“We live in a very dynamic threat environment,” Mark Herrera, director of education for IAVM, said during a recent webinar sponsored by Destinations International and empowerMINT.com. “It’s critical that we all come together to find ways to mitigate the risks.”
Planners should work with their venues and suppliers to ensure there are safety and security protocols in place, and that everyone is well educated on how security measures will be implemented. It’s vital for planners to be aware of the process and procedures and have a good understanding of credentialing and access control measures.
Best practices for ensuring an event security plan include:
According to John Cychol, vice president of meeting sales at the Fort Worth Convention and Visitors Bureau, CVBs can add value for planners concerned about meeting security. He stressed that each destination should have its own crisis management and communication plan, but added that the common denominator is the knowledge and relationships that each CVB already has in place.
“(CVBs) are the voice of the industry for meetings, conventions, events and trade shows in each of our communities and we are the best resources for the meeting professionals,” Cychol said.
He continued, “We serve as a liaison and a conduit – we will know what is going on and can provide customers with timely communications that they can then share with their attendees,”
Examples of the types of question planners should ask event venues include:
As new threats emerge, the best thing that planners, venues and suppliers can do is work more closely together to maintain the highest possible safety and security standards.
The initial phases of EMSSI are focused on convention centers but are being expanded to include hotels and other types of meeting venues. The American Hotel and Lodging Association (AHLA) has recently become more involved in moving the initiative forward.
“(EMSSI) is the industry’s voice - it is developed for the industry by the industry,” said David DuBois, president and CEO of IAEE. “Together we can make our industry safer,”
To learn more about EMMSI, go HERE.
Reposted from The Globalist, by Markus Hilgert
A museum director’s reflections on vexing global issues such as identity, tolerance, conflict and war.
Culture is the expression of how we perceive the world, how we interpret our environment and assess the people we meet. Our personal interpretation of what we perceive is guided by such diverse factors as affections, convictions, preconceived notions, beliefs and values.
In other words, culture is about positioning yourself within your environment and your community. At the same time, however, culture can also be about distancing or separating yourself from individuals or communities.
How culture provides orientation and stability
When culture aids us in positioning ourselves within our environment, it provides orientation and creates identities. However, just as cultures, identities are not very stable.
Material culture and cultural materials are so powerful and attractive to us, because they are potentially more stable than human identities and social communities.
Buildings and monuments may last for hundreds, if not for thousands of years. Some valuable family heirloom may be passed down from generation to generation, a ring, a watch, a painting, a hand-written letter.
And even though cultural objects do not possess a meaning by themselves, they literally are what we make of them and what we see in them.
For that reason, cultural objects – be they movable or immovable – give us a sense of stability, of duration and lasting values, something that many human beings long for, especially in times of growing uncertainties.
In addition, cultural objects frequently are an expression of achievement, of prosperity, of success. They are tangible and visible proof that a society commands the resources, the capacities and the expertise to produce these objects.
Culture and otherness
Cultural objects always and invariably point to the past and evoke history. In fact, they are the material anchors of all of our narratives about the past. Thus, cultural objects aid us in the creation of lasting identities. They frame historical narratives and are material witnesses to past greatness or failure. For some, they even embody values and beliefs.
When cultural objects are considered by communities to represent something special, something related to the chosen identity of that community, they become heritage, cultural heritage.
As much as cultural heritage is an expression of identity for any community, it is also a material expression of difference for anybody who does not belong to that community.
In that case, cultural heritage and culture as a whole may be perceived as a symbol of the “other,” or even as a threat to one’s own identity. It is through culture, in particular through cultural heritage, that “otherness” becomes palpable and that differences may be emphasized and reinforced, or mitigated, mediated, or overcome, as the case may be.
Cultural objects as beacons of conflict and war
This is the reason why throughout history, cultural heritage has been a target during wars and periods of pronounced power asymmetries, such as imperial or colonial domination.
At the same time, culture and cultural heritage are powerful instruments for rehabilitation in post-conflict societies. Thus, when you destroy or displace the culture of a community, you erase its history, you negate its achievements, you take away its common point of reference, its orientation.
But there is something else: By destroying or displacing the cultural heritage of a community, you also reduce its chances for sustainable development, cultural diversity, post-conflict rehabilitation and reconciliation.
The history of humankind abounds with examples for the willful destruction of cultural heritage as a strategy of war. The earliest recorded cases reach all the way back to Ancient Mesopotamia, the latest are the acts of cultural cleansing committed by Daesh in Iraq and Syria.
Dealing with the displacement issue
In addition, power asymmetries in the late 19th and early 20th century have led to the displacement of large amounts of cultural objects brought to Europe and North America. This was done for the purpose of doing research and establishing “universal” museums.
Not all of these displacements were illegal or violent, as is often claimed. But it is true that we are still a long way off from understanding in detail under what circumstances these objects were displaced and what their future status might be.
Yet, there can be no question that both destruction and displacement of cultural objects are equally harmful for any society affected by them.
Today, as we are more acutely aware of the social, political and economic power of culture and cultural heritage, we must do all we can to protect, promote and share cultural heritage.
It is by protecting and sharing culture that we enable orientation and identification. Culture is a synonym for diversity. When we promote culture, we foster tolerance, the ability to accept the own and to embrace the other.
At any given time in human history, culture has been an instrument for rehabilitation and reconciliation. Caring for their cultural heritage enables communities to overcome differences and to strengthen social cohesion.
Reconciliation across borders
In countries like Iraq and Syria, rehabilitating in particular the pre-Islamic cultural heritage will provide the opportunity to promote the much-needed processes of dialogue and reconciliation across social and confessional borders.
What does all that mean for us, our way of dealing with culture and our responsibility to protect cultural heritage? Naturally, answers to this question will vary according to expertise and capacity.
On an institutional level, expert institutions like the Ancient Near East Museum at the Pergamon Museum may use their considerable expertise in the area of archaeo-logical cultural heritage to contribute to its protection through:
• capacity building projects
• research on illicit trafficking in cultural objects
• the development of procedures and standards for the 3D digitization of archaeological heritage, and
• awareness-raising initiatives.
Establishing accountability and transparency
At the same time, museums created through the displacement of cultural objects in the past need to make all necessary efforts to establish accountability and transparency as to the history of their collections.
States have the responsibility to provide adequate legal frameworks for the protection of cultural heritage including effective laws against the illicit traffic in cultural goods.
Last but not least, the international community has the duty to provide aid to those countries that do not possess the means to protect or care for their cultural heritage. This is particularly true in situations of conflict or disaster.
A practical example
One great example for an innovative initiative is the international public-private partnership ALIPH, the “International Alliance for the Protection of Cultural Heritage in Conflict Zones”.
Initiated by the governments of France and the United Arab Emirates in March 2017, the global fund ALIPH is certain to set new standards in providing financial support for emergency action and long-term research in the area of cultural heritage protection.
Especially at a time, when pluralism, free speech, democracy, human rights and equal development opportunities are threatened around the world, we need culture and cultural heritage more than ever.
Culture and cultural heritage are not just a “symptom” of strong, resilient societies. Culture and cultural heritage are the key to strong, resilient societies.
Reposted from Nebraska.tv
Sales from artwork sold at the Museum of Nebraska Art's holiday gift boutique is helping in a new effort to protect pieces of Nebraska history.
Right through the MONA’s doors, Nebraska artists fill the room with the state’s history as the museum continues to tighten their security.
"The works that we have been around for hundreds of years and we want to make sure we maintain those artworks,” said MONA marketing coordinator Gina Garden.
From paintings, to sculptures and pictures, all of these pieces share a story about Nebraska.
"People tend to forget you can’t recreate these things. We can’t have John James Audubon, and draw the Sandhill and the whooping crane. We just want to make sure that we are preserving the artwork,” Garden said.
The museum is raising funds to make sure everyone keeps a safe distance while learning about our state.
"We want to encourage people to interact with the artwork, but not quite that closely interact with them. We want to engage, not necessarily touch because the oils from your fingers and that type of thing can damage the artwork. People tend to forget about that, but it’s not out of malice or anything it’s just they get so engrossed they want to touch it,” Garden said.
As MONA staff work to protect these pieces of history, artist Roger Nyffeler is happy the staff is making a push to protect these pieces of history.
"So people can walk in and walk through and look at the material and look at the art work and much of it is very, very expensive and we want to keep it looking that way,” Nyffeler said.
Larry Peterson, one of the founders of the MONA said times have changed.
"When we started out 41 years ago we didn't have any art, so it wasn't a problem and we just had a few pieces, but now that we have 5, maybe 5,000 pieces it gets more complex and we have to take precautions and have more security,” Peterson said.
The MONA has just one person guarding the entire gallery at a time but it hopes hire more people with money raised at events like this one..
Reposted from The Wall Street Journal
The appearance of white nationalist Richard Spencer at the University of Florida sparked a declaration of a state of emergency by Florida’s governor. The event ended up generating little more than shouting and a few arrests. There was no violence.
Still, the massive preparations for potentially violent civil disobedience came with a hefty price tag. The school estimates it will have spent more than $500,000 on security—more than it pays for football games at a stadium that holds 90,000 people. The cost is part of a growing toll this year as a wave of right-wing speakers faces off against left-wing protesters.
That $500,000 will cover the hundreds of officers on campus from at least 44 agencies, some from as far away as Miami, command centers, technology, room and board for officers and extra barricades, said University of Florida spokeswoman Janine Sikes.
The Gainesville Police Department, which beefed up security in their jurisdiction, incurred additional costs, she said. Among those arrested were three men, who were charged with attempted homicide after they shot at a group of people protesting the speech. The police said at least two of the three men have shown connections to extremist groups.
Security for speakers at the University of California at Berkeley has cost the school more than $2 million this calendar year, compared with less than $200,000 a year for security at special events over the past several years; and Mr. Spencer’s appearance at Texas A&M University last December cost the school $60,000, according to the schools.
“This is not sustainable, this is absolutely not sustainable,” said University of Florida’s Ms. Sikes. “Public institutions cannot continue to pay this kind of money.”
Experts say the recent wave of speakers—beginning with an appearance in February at Berkeley of the former Breitbart News editor Milo Yiannopoulos that prompted a riot—has changed the dynamic of such campus events.
“What happened at Berkeley was really a watershed moment,” said Sue Riseling, executive director of the International Association of Campus Law Enforcement Administrators. “There has been a paradigm shift.”
To be sure, high-profile speakers have always carried some security cost. When then-President Barack Obama spoke at Rutgers University in May 2016, the New Jersey school spent around $275,000 on security and traffic concerns, according to the school.
Schools have struggled to come up with a consistent answer to requests to speak, pitting their free-speech ideals against security concerns.
This month, Ohio State University rejected a request by Mr. Spencer to speak. The University of Cincinnati accepted his request. Texas A&M allowed Mr. Spencer to speak last year but rejected his request last month. The University of Florida initially rejected an event that Mr. Spencer was supposed to hold on campus, then changed course and allowed him to speak on Thursday after a judge reversed Auburn University’s rejection of Mr. Spencer.
Some schools are limiting the people who can invite speakers to those with an affiliation to the university. For instance, Mr. Spencer was invited to speak at Texas A&M last year by a former student with no active affiliation with the school. The university has since changed policies to limit those who can invite speakers to current students and faculty.
Amy Smith, spokeswoman for Texas A&M, said the school was torn about cancelling Mr. Spencer’s September event.
“We feel strongly about freedom of speech here, but at the same time it was clear there was a safety concern,” she said. “This is a national problem for public universities especially, right now we’re developing strategies in real time but there’s nothing conclusive about how to manage our security costs as we go forward.”
At the University of Virginia in Charlottesville, a group tasked with reviewing the school’s response to the “Unite the Right” rally in August that left one counterprotester dead, and a march on campus the night before, found school leaders had missed a “paradigm shift.”
“University officials’ frame of mind was shaped by a decades-long history of non-violent protests on Grounds that led them to approach the march with the assumption that it was constitutionally protected and should be accommodated with minimal police intrusion,” the report said. The result was “misaligned” judgments and an insufficient response, it said.
“What has changed is a recognition that some events may be motivated by a desire to incite a reaction that could turn violent,” said Peter McDonough, vice president and general counsel for the American Council on Education, which represents nearly 1,800 college and university presidents.
The costs to schools for the speakers this year are dramatically higher than the schools’ security expenses for prior high-profile speakers, said Dan Mogulof, a Berkeley spokesman. “It’s apples and oranges,” he said.
When a president speaks at the university, for instance, most of the security is handled by the Secret Service and any costs to the school are minimal. In the past three years, the school’s security costs for demonstrations have totaled less than $200,000 a year. Its biggest tally in recent years was $1.6 million in fiscal 2009, when a group of protesters were expelled from a grove of oak trees targeted to be cut down. The costs in fiscal 2012 was $744,000 and $619,000 in fiscal 2013.
In February, the school spent about $200,000 on security for an event for Mr. Yiannopoulos, the conservative commentator, then another $60,000 cleaning up after protesters ripped down light poles and tossed Molotov cocktails.
In April, when Ann Coulter was scheduled to speak at the school spent in excess of $600,000 for law enforcement to prevent another riot, said Mr. Mogulof. Of that amount, $414,000 was slated for outside law enforcement and $96,006 for equipment, room and board, according to the school.
This fall, the school shelled out another $600,000 more for security when conservative commentator Ben Shapiro spoke on campus and then more than $1 million when Mr. Yiannopolous scheduled a free speech week. That series of events fizzled when most of the scheduled speakers didn’t show. Still, the school was stuck with the bill.
Berkeley has convened a commission to determine how the school will balance security costs with free-speech protections going forward.
“We have a non-negotiable commitment to provide safety and security for our guests and the public at large and we have an equally unwavering commitment to free speech,” said Mr. Mogulof. “That puts us between a rock and a hard place; we can’t step back from either one.”
ConferenceMembershipTraining & CertificationDonate to IFCPP
TRAINING & EVENTS
1305 Krameria, Unit H-129, Denver, CO 80220 Local: 303.322.9667
Copyright © 2015 - 2018 International Foundation for Cultural Property Protection. All Rights Reserved