As security professionals you may be an attack vector to your client if you do not maintain basic online security controls. At the very least you should be in a position to provide basic advice to your clients in order to help them stay secure.
Now, someone may think, and an alarming number of people do, since John X is not networking from the company’s Y social media account but from his own, there is nothing wrong and no harm done. WRONG. Anyone who works for you and has his work title/position linked to your company, represent your brand and is responsible for your reputation and can also be a liability for you and considered as the weak link of your company or someone who’s online activities are such that your competitors can use it against you. A bad security operative working for you shows the public how low your standards may or may not be and degrade the standards you appear to have when hiring people and how, apparently, you do not care about ethical considerations and personality traits.
It is inevitable if you work within the security sector that at some point, you will have has a radio thrust in your direction for you to use as your primary form of communication.
Yet many of you will not have received any significant training on it, yet this one tool that may just save your life.
In this article, we’re covering some of the things you might have missed.
Whether you’re a seasoned cybersecurity professional or are looking to transition into the industry, it’s hard to know how to grab the attention of hiring managers and ultimately improve your chances of making it to the next stage.
Here are eight top tips from Renana Friedlich-Barsky, Director and Global Head of Cybersecurity Operations at PayPal, a proven leader in this space who’s reviewed more than her fair share of applications over the years.
Effective crisis management invariably involves social media, whether the organization is a large multi-national or a small hometown business. When a crisis erupts, the effective use of social media should be seen as a key priority to counteract the crisis.
Especially while many people are still remote, technology has become more and more central to people’s lives, and we are talking about ways that things will or will not return to normal. As we hear about more and more cyber security incidents, each supposedly carried out by ‘sophisticated threat actors with unprecedented capabilities’, it’s time to talk about the mystique of cyber security and the problem it has with public perception.
Most people are not aware of the real impact and threat of ransomware campaigns going on almost constantly. While I’m sure everyone knows of the ransomware attack on the Colonial pipeline and the more recent similar attack on JBS, these are only the latest and most visible in a continuous stream of attacks. These are just the tip of the iceberg. The true scale is hidden not only by the media but also by a reluctance to talk about the problem.
Is technology effective as a security solution or is it simply being misused? In this article, Ivor Terret shares his philosophy of the four pillars of effective and practical security and how they can only work together in conjunction – not as silos.
All the techniques of steganography share one core concept, trying to hide a message. When children draw stick figures as secret messages to each other, they are practicing steganography. Modern steganography is usually a lot more malicious. It is used in malware command and control and the exchange of illicit information and material. If you do not know where to look it is frighteningly hard to detect.
Smart home technology is a rapidly growing consumer and business product. Here are some figures that show projections for the growth of these devices, as well as current numbers
If you are a security professional with significant high-threat worldwide protective services experience, you know that depending on the client, it may not be a matter of if your client or a family member is kidnapped, but when. You also understand that it is likely that you may not even be directly providing protection for the client at the time it happens and unable to prevent it, especially when they are alone and most vulnerable.
Maybe you’re a close protection officer, trying to arrange a safe route through a dangerous location, or a surveillance specialist trying to communicate with others in your team.
Perhaps you just don’t trust the local government. Whatever the situation, it’ll almost certainly be easier to focus on the task at hand if you aren’t worrying about whether your messages were possibly subject to being intercepted.
Surprisingly, many people who took part in the thread commented, saying that they don’t find anything wrong with it. Some of them even named their own old clients. Others tried to justify the practice of name-dropping by saying it was a former client, or that they didn’t reveal anything personal about the client, or that they had the client’s approval to post that picture or to name the client. And finally, some said their client is already pretty well-known and paparazzi are always getting pictures of them together so why hide it? Essentially, they are good guys, and how dare we criticize people we don’t know. These were a number of the comments from individuals who either work in the security industry as operatives or own companies and hire agents to represent them.
It often comes as a surprise just how much is available and the nefarious uses it can be put to. OSINT can be applied towards defensive purposes, but this article will only be covering the malicious purposes (i.e. how a bad guy might get access to your client’s sensitive information and data).
One of the biggest challenges of OSINT is not merely recognising it as a threat, but encouraging the behavioural change needed to protect against it widely enough. It is not simply enough for a principal to stop posting Instagram pictures of their travels in order to hide them. Their colleagues, friends, family, and employees also need to be aware and cautious with information which could be misused.
They are only of limited relevance today, but as the technologies involved become more widespread and implemented into every facet of life they will only become more prevalent. While it sounds like the stuff of science fiction, these threats exist now and are not going to go away.
For simplicity, we’ll say that a ‘smart’ device is anything which connects to the internet (or a network) and is not intended to be a computer interface. Intended is the key word there, as many of these devices are insecure for the simple reason that they are a computer. The problem is that it is now cheaper and easier to put a general purpose computer into a device and run some software to, for example, turn lights on and off than it is to design a single-purpose lightbulb which also connects to a network.
Many newcomers in the protection business have a completely different idea of what the profession is, based on what they have heard or what Hollywood tells them it is. This lack of “truth” either leaves them disappointed or leaves them vulnerable to making mistakes while on duty.
It is common in our industry to see many of our colleagues posting pictures on the internet social media sites of “selfies” taken in first-class airline seats or the client’s private jet. More selfies show them with their feet up on a suitcase claiming ‘’another flight”, or posting from 5 and 6-star hotel rooms, or fine-dining restaurants, or next to a limousine parked in front of a private jet.
Some readers may have guessed at the participants in the above scenario or even been a part of such a detail in the past. No matter what, it’s plain to see that helicopters are an amazing tool to have at your disposal for your motorcade movements. They can advance the route in real time from a bird’s eye view, which is a great way to go from the known to the known with a good idea of the terrain you will be encountering.
However, the truth is, the simulated communications you just read were not with a helicopter, but instead were between an Executive Protection team, and it’s FAA (Federal Aviation Administration) Licensed and experienced UAV (Unmanned Aerial Vehicle) Pilot. Executive Protection is evolving every day, and one of the areas out front is technology. Developing are new forms of detection, tactical hearing and visual aids, vehicle security and transport, radio systems, and now UAV’S.
In this article, I’ll take a look at artificial intelligence, particularly the machine learning area, a basic overview of how it works, and the dangers of over-reliance on an algorithmic approach to analysis.
The Circuit Magazine held a Virtual Learning and Development Forum on September 4, 2020, that was attended by Executive Protection specialists and experts from around the globe, including the UK, US, Europe, Latin America, Middle East and West Africa.