This Week in Security: How Hackers Attack Physical Security Systems, A New Way Forward in School Security & more!

Each week, the marketing team at ESA gathers the latest news from the security industry for our weekly integrator round up!

This week we look at Facial Authentication: Removing Big Brother from the Equation, ESA Revamping Certified Alarm Technician 1 Training and more...

Don’t Miss Out on the Latest News and Technology

How Hackers Attack Physical Security Systems — and How Integrators Can Help

We know about some of the common field implementation errors that can lead to the cyberhacking of a physical security system, but how exactly do the hackers attack such systems?

We asked these same experts that question to get a sense of what they’ve seen in the field.

Bruce Webbe of Meta’s security team said that, unfortunately, there’s not just one common attack vector to look for.

“I don’t know that there is a limit to the imagination of the attackers and their methods for attempting to gain access to these systems,” said Webbe. “There are many facets to which compromise can happen. Unfortunately, we need to guard against them all, which can seem a bit overwhelming at first.”

“The methods used by bad actors will be based on their goals and what has been found to be most successful: Are they attempting to gain access? Are they attempting to disrupt? Not knowing who they are and what their goals are makes it very difficult to anticipate what methods they may be likely to use. So, we must take the approach that a threat can come from anywhere at any time. Even intentional or unintentional internal threats need to be assessed.”

As Webbe said, “The weak link tends to be us humans.”

Allied Universal’s Rachelle Loyear agrees.

“It’s still most often the human part that’s the most vulnerable,” she says, explaining why hackers have such a high success rate.

“Phishing and social engineering attacks, like spear phishing, are designed to steal credentials or deploy malware by tricking users into providing sensitive information, so educating users about the dangers of phishing and how to recognize suspicious emails is crucial. Credential sharing and poor password practices, such as using weak passwords, can lead to unauthorized access, so implementing policies for strong, unique passwords and using multi-factor authentication can mitigate this risk. Additionally, even with all the best access control in the world, piggybacking, where unauthorized individuals gain access to secure areas by following authorized personnel, can compromise physical security, making it vital to train employees to recognize and prevent such activities.”

i-PRO Americas’ Will Knehr would concur that it’s humans and their accidental oversights which can lead to hackers finding a way to snag their proprietary information. He tells the story of a simple human process failure that led to a significant privacy breach.

“There was one customer we worked with that didn’t change the passwords on the camera system after an employee was let go,” said Knehr. “He used the remote login to the video system to watch them before they finally figured it out. He would send text messages to his old coworkers about events that had happened at work. They couldn’t figure out how he knew.”

Read the Full Article - How Hackers Attack Physical Security Systems — and How Integrators Can Help - Security Sales & Integration

A New Way Forward in School Security

This year marked the 25th?anniversary of the Columbine High School shooting in the Denver suburb of Littleton, Colo., which claimed the lives of 13 people and left more than 20 others injured. Although there had been instances of mass shootings and other acts of violence on both K-12 and higher education campuses before Columbine, the massacre marked what many people felt was a watershed moment for school security. However, real substantive conversations on what was needed to address security gaps in our nation’s schools adequately were quickly bogged down in the political hot potatoes of gun control and arming teachers rather than placing the focus on risk mitigation.

Unfortunately, in the years since Columbine, there has been a litany of other school and community names that have been seared into the memories of everyday Americans. Sandy Hook, Virginia Tech, Uvalde, and Parkland: The list seems to grow with new names regularly added. And each time, this same process of finger-pointing and trying to assign blame plays itself out repeatedly while little is done to address real security threats.

The Search for True Innovation

Ironically enough, this uptick in school violence that started with Columbine has also coincided with foundational changes to security technology and the industry over the same time. For example, network video was in its infancy stages at that time, but today, deploying IP technology is standard for much of the market. There had also been little innovation regarding weapons detection, as one of the most common solutions for schools was and still is metal detection – be it of the walk-through or wand variety or some combination of the two. Today, however, spurred by 9/11 and other terror attacks around the world, there are a multitude of weapon detection modalities that can be deployed to prevent weapons from making their way onto campuses.

Additionally, during this time span, the first wave of video analytics rose to prominence. While they may have overpromised and under-delivered, this first generation of analytics laid the groundwork for this brave new world of video intelligence we find ourselves in today. Advancements in machine learning and neural network training have resulted in the development of what many people call artificial intelligence or AI-powered solutions today.

In fact, between the analog-to-IP migration, advances in mobile devices, the rise of cloud services, new weapon screening modalities, and AI, the industry has experienced a proverbial sea change in technology that is still underutilized in much of the education market. With that in mind, the real question becomes how school leaders can begin to take advantage of some of these advanced solutions while still navigating some of the challenges that have plagued schools historically.

Read the Full Article - A New Way Forward in School Security | Security Info Watch

Facial Authentication: Removing Big Brother from the Equation

In today's digital landscape, facial authentication is emerging as a game-changer in the realms of privacy and commerce. This cutting-edge technology, powered by artificial intelligence and deep learning algorithms, is revolutionizing how businesses verify user identities while prioritizing data protection.

As cybersecurity concerns continue to grow, facial authentication offers a secure and user-friendly solution that aligns with stringent privacy regulations like GDPR. It can influence various sectors, from finance to retail, and it enhances user experience by providing password-free access while bolstering security measures.

The problem is, many end-users and the security-uninitiated recoil at the thought of facial biometrics. Facial recognition has earned a poor reputation in the press and among users and the general public; thus, it is vital for integrators to stress the difference between facial authentication and facial recognition when specifying and recommending this technology.

Facial Authentication vs. Facial Recognition

While often (incorrectly) used interchangeably, facial authentication and facial recognition are distinct processes.

Facial authentication emphasizes user consent and data security to address concerns about unauthorized surveillance. Facial authentication is more applicable to access control – involving a one-to-one or one-to-many match verification process to verify a person's identity for specific access purposes.

Facial recognition is a much broader process focused more on video surveillance footage to identify individuals in a (for the most part) non-consent environment for a wide spectrum of uses. Law enforcement agencies, for example, use facial recognition for identification and apprehension of known criminal targets or for post-incident forensic investigations. These are just a few examples of use cases.

The key difference between the two lies in user consent and participation. Facial authentication systems allow for higher identity assurance and regulatory compliance because the user actively participates in the enrollment process. This approach aligns with data protection regulations like GDPR, emphasizing user privacy and consent in biometric data usage.

It is critical for integrators to ascertain and then explain to customers which facial biometric modality is being used and why it matters for each purpose.

Read the Full Article - Facial Authentication: Removing Big Brother from the Equation | Security Info Watch

ESA Revamping Certified Alarm Technician 1 Training:? Training Today’s Technicians for Modern Challenges

ESA’s Certified Alarm Technician Level 1 is the standard for technicians in the industry and has become THE most widely recognized certification for authorities having jurisdiction over state licensing. We take pride in how influential it is for the thousands of technicians worldwide who are training each year to install vital technologies to help keep people, places, and property safe. ?

We do not take this responsibility lightly. Staying ahead on the latest technology, regulations, and best practices is crucial for professionals who design, install, and maintain electronic security and life safety systems.??

ESA adheres to a strict reviewal and curriculum update schedule for this certification. Therefore, this year we are not only routinely revising modules to stay up to date with technological and industry standards, but we are also adding learning modules in key areas. Additionally, we are revamping the certification’s delivery to keep pace with how today’s learners engage with educational content online.?

Given the constant advancements in both technology and industry standards, our training programs must remain current. Here’s what you can expect from ESA’s Certified Alarm Technician Level 1 training next year: In addition to the regularly made updates modernizing technology modules, codes, and standards, we’ll take a deep dive into these areas for revision and addition.

Read the Full Article - ESA Revamping Certified Alarm Technician 1 Training (esaweb.org)

And that’s all for this week, but don’t forget to follow us on LinkedIn, Facebook and Instagram for real-time announcements of all our news content!

Sources: Security Sales & Integration and SDM Magazine