2020 GLPS - Group LP Selfies
Your Team - Your Pride - Our Industry
Building Industry Pride - One Team Selfie at a Time
 

How Retailers Can Leverage their Security Infrastructure
to Improve Operational Efficiency

By Jordan Rivchun, Leader, Retail Solutions & Strategy- Hanwha Techwin America

Retailers today face a number of security challenges, including shoplifting, shrink and theft at the point of sale, protecting the premises after hours, slip and fall lawsuits and much more. Adding complexity to the security challenge is that retailers face these threats in a variety of locations within stores, each of which comes with its own unique requirements.

For example, in the store itself, retailers must monitor register activity for accuracy, theft, fraud or sweet hearting, theft by employees at the cash register, by giving away merchandise to a "sweetheart" customer (friend, family, fellow employee). They must also capture video footage from around the store to ensure that if someone commits a theft, they will be caught on camera, or if someone claims they've slipped and fallen, they will have video evidence. At the same time, this must be accomplished unobtrusively to ensure a positive customer experience. In the back of the house, retailers must protect stock, monitor loading docks and parking lots for intrusion or other crimes. In these locations, however, visibility of security cameras may be more important to serve as a deterrent.

Today's flexible, intelligent surveillance cameras offer a variety of form factors and capabilities that allow them to address the range of security and operational challenges. Read more here
 

Coronavirus Update
 

Coronavirus Map: Tracking the Spread of the Outbreak in the U.S. and Abroad

At least 11 Americans dead from coronavirus; California declares state of emergency

From Homeland Security
World Braces For Months Of Trouble As Virus Pushes West
People around the world braced for months of disruptions from the new virus Thursday as its unrelenting spread brought ballooning infections, economic fallout and sweeping containment measures.

"Countries should be preparing for sustained community transmission," Tedros Adhanom Ghebreyesus, leader of the World Health Organization, said of the 2-month-old virus outbreak. "Our message to all countries is: This is not a one-way street. We can push this virus back. Your actions now will determine the course of the outbreak in your country."

In places around the globe, a split was developing. China has been issuing daily reports of new infections that are drastically down from their highs, factories there are gradually reopening and there is a growing sense that normalcy might not be that far off. Meanwhile, countries elsewhere are seeing escalating caseloads and a litany of cancellations, closures, travel bans and supply shortages.

Desperate to keep a crisis from expanding within their borders, countries have been further tightening travel restrictions.

Still, no country has matched China's willingness to turn to draconian measures to keep the virus from spreading, but around the world, governments took drastic steps.

Worldwide, some 95,000 people in about 80 countries have been infected. homelandsecurity.com

As the coronavirus spreads, one study predicts that even the best-case scenario is 15 million dead and a $2.4 trillion hit to global GDP
While much is still unknown about the virus, a group of Australian experts have estimated that the virus may have severe consequences on global gross domestic product. New modeling from The Australian National University looks at seven scenarios of how the outbreak might affect the world's wealth, ranging from low severity to high severity.

In the low-severity model - or best-case scenario of the seven - ANU researchers estimate a global GDP loss of $2.4 trillion, with an estimated death toll of 15 million. businessinsider.com

What the CFO's are reading:
Three Key Coronavirus-Related Strategic Risks to Consider

While it's too early to measure the impact the disease will have on companies, finance chiefs should be prepared to deal with these risk factors.

The SEC on Feb. 19 asked publicly traded companies with operations in China to disclose any coronavirus (COVID-19) threats or risks in their upcoming financial reporting.

Here are three strategic risks CFOs and other top executives should consider when assessing the threat.

The coronavirus may have an impact on a company's revenue through production slowdowns, difficulties in delivering goods or services to the market, significant drops in demand for the company's goods or services, and delays in customers paying outstanding invoices.

Many companies have in place business interruption or contingency plans for when production is unexpectedly disrupted. CFOs should review the viability of those plans and ensure that the plans are effective over the short, mid-, and long terms for a contingency such as the coronavirus and make any necessary adjustments now.

Visibility into a company's supply chain is crucial to the company's success because it allows responses to unexpected disruptions. Delays or disruptions in receiving materials from suppliers may in turn lead to late deliveries to customers and could strain or end existing customer and supplier relationships.

CFOs should review their business interruption insurance and evaluate what is and is not covered by coronavirus-related production slowdowns. cfo.com

Amazon vows to act on price-gouging on coronavirus goods

Should You Cancel Travel Plans Amid COVID-19 Concerns? Here's What to Consider

Coronavirus concerns lead to hoarding, panic buying to stock 'panic pantries'

Walmart and Amazon truck drivers say their employers haven't provided guidance about how to deal with coronavirus

Coronavirus Outbreak Prompts Employers to Review Sick Leave Policies

Work from home: Essential gadgets and gear for productivity and good health

PCI SSC Statement on COVID-19
 

2020 CSO Summit | 18-19 May | Washington, DC | National Press Club
The role of today's Chief Security Officer is changing in extraordinary ways. In addition to assessing risk across the enterprise and supply chain, it is essential for the CSO to engage and advise executive leaders on best practices and SOPs for business continuity and strategic leadership in all disciplines.

Join leading security executives from the largest and most influential organizations for two days of intensive idea sharing, problem solving, and relationship building you won't want to miss!

Note: This event is open only to CSO Center members and those who are eligible for CSO Center membership. Please see www.csocenter.org for eligibility requirements. Click here to register.
 

Europol: Organized Property Crime
Organized Crime Groups Activity Increasing Throughout the EU

Burglary and theft
Of major concern to EU law enforcement is the steady increase in reported burglaries in recent years. This increase particularly affects business premises, which are targeted much more frequently than before. Burglaries of business premises often involve intrusion into the property via the roof.

Estimates suggest one burglary is committed every 1.5 minutes in the EU, with some Member States registering 1,000 burglaries every day.

Organised crime groups make use of various online services to facilitate their burglaries. This includes checking on social media platforms whether individuals are away from targeted residences, scouting targeted neighbourhoods using free online navigation tools and fencing goods via online marketplaces.

Organised robberies
As security measures have made it more difficult to rob banks and other cash-intensive businesses, commercial premises with less sophisticated security measures in place are increasingly the target of armed robberies by mobile organised crime groups.

Jewelry stores and other businesses selling highly valuable and compact goods also remain popular targets for armed robbers, who use various methods of attack, including smash and grab.

The mandate of Analysis Project (AP) Furtum covers all aspects of property crime such as major burglaries, armed robberies (banks, jewellery, money transporters and depots), motor vehicle crimes, cargo crime, metal theft, organised pick pocketing. europa.eu

Europol: 42 Rolex thieves who stole over 1M euros in jewellery arrested in Spain & Romania
 

"Good Old Boys Club"
Internal Racism Fueled Molson Coors Brewery Shooter/Employee - 5 Deaths
The Molson Coors Brewery in Milwaukee where an employee fatally shot five co-workers and himself last week has reportedly long dealt with workplace racism, including a noose placed on the gunman's locker

The person who put the noose on Ferrill's locker was never found, and there was no security camera footage of the racist act, Molson Coors' chief communications and corporate affairs officer Adam Collins said in a statement.

"We offered HR and security services to the employee, we talked to the brewery leadership team in Milwaukee about the issue and we ensured everyone knew about our confidential paths to share discrimination or harassment complaints," Collins said.

Collins added that Molson Coors still has "more work to do" to foster an inclusive and welcoming workplace, which "we aren't going to shy away from."

A current employee who declined to give his name out of fear of work repercussions described the workplace as a "good old boys club" hostile to women and people of color. huffpost.com

"Live Time Intelligence" - Real-Time Crime 'Solving' Statewide
This Small Company Is Turning Utah Into a Surveillance Panopticon
Banjo is applying artificial intelligence to government-owned surveillance and traffic cameras across the entire state of Utah to tell police about "anomalies."

The state of Utah has given an artificial intelligence company real-time access to state traffic cameras, CCTV and "public safety" cameras, 911 emergency systems, location data for state-owned vehicles, and other sensitive data.

The company, called Banjo, says that it's combining this data with information collected from social media, satellites, and other apps, and claims its algorithms "detect anomalies" in the real world.

The lofty goal of Banjo's system is to alert law enforcement of crimes as they happen. It claims it does this while somehow stripping all personal data from the system, allowing it to help cops without putting anyone's privacy at risk. As with other algorithmic crime systems, there is little public oversight or information about how, exactly, the system determines what is worth alerting cops to.

It offers "artificial intelligence processing" of state-owned audio sensors that "include but may not be limited to speech recognition and natural language processing" as well as automatic scene detection, object recognition, and vehicle detection on real-time video footage pulled in from Utah's cameras.

In July, Banjo signed a five-year, $20.7 million contract with Utah that gives the company unprecedented access to data the state collects. vice.com

Retailers Are Victims Too
UK Minister of Justice Publishes Proposed Revisions to Victims Code
Association of Convenience Stores - ACS - Response
The Ministry of Justice has published proposed revisions to the Victims Code, outlining 12 overarching rights that victims should have when reporting crime.

The revised code, published alongside a six-week consultation, sets out the minimum level of service that victims can expect from the criminal justice system.

In response, ACS chief executive James Lowman said: "Crimes committed in convenience stores have a huge impact on the people who run and work in those businesses. We welcome the proposed revisions to the Victims Code, and will work with the Ministry of Justice on ensuring that victims of crime in our sector get the support and guidance that they need."

In its submission to the Ministry of Justice on proposals for revisions to the Victims Code in September, ACS called on the Government to do more to ensure that businesses are recognised as victims of crime, and that businesses should be offered the opportunity to make an impact statement that communicates the financial, physical or emotional effects of an incident, for every crime that is reported.

ACS will be consulting with members on its response to the consultation on the revised Victims Code. acs.org.uk

The #1 Store Disruptor:
Self-Checkout Is Changing the Retail Landscape
When asked which aspects of the shopping experience they most value, 83% of internet users polled in January by iVend Retail cited a quick and easy checkout.

Some retailers, including Target and CVS, haven't fully developed full cashierless stores, but they have tested the waters by incorporating self-service checkouts within their stores, giving shoppers the option to quickly and easily pay for their goods without needing a cashier to ring them up.

Millennials were more likely than older age groups to use self-service checkouts regularly, though a good number of Gen X (46%) and boomer (39%) respondents did as well.

The number of automated cashierless stores will continue to rise and disrupt the retail industry, thanks in large part to Amazon's push in the space. emarketer.com

7-Eleven CISO Joins Panel Discussion On:
CISO Panel: Tackling the Insider Threat

At RSA Conference, CISOs Share Strategies for Mitigating the Accidental Insider

Technology has enabled a whole new wave of "accidental" insider threats - people who make a mistake or are taken advantage of by attackers. What role can technology now play in improving insider threat detection and response? Three CISOs share their insights.

Joining ISMG's Tom Field to discuss insider threat are: Dawn Cappelli, vice president of global security and CISO of Rockwell Automation; Sujeet Bambawale, CISO of 7-Eleven; Solomon Adote, chief security officer of the state of Delaware; and Tony Pepper, CEO and co-founder of Egress Software Technologies.

In a video panel discussion at RSA 2020, this group addresses:

• The evolution of the insider threat;
• The role of technology in improving detection and response;
• What's needed to help insider threat programs continue to mature.

Prior to joining 7-Eleven, Bambawale spent five years at NetApp and over 10 years with Intuit after working with the information security and risk management teams at Ernst & Young and KMPG. He also led enterprise security at LifeLock, which was acquired by Symantec's Consumer Business Unit shortly after. govinfosecurity.com

Europol Annual IOCTA Report
INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2019 Report
This annual assessment of the cybercrime threat landscape highlights the persistence and tenacity of a number of key threats.

I am pleased to introduce the 2019 Internet Organised Crime Threat Assessment (IOCTA), Europol's annual presentation of the cybercrime threat landscape, highlighting the key developments, threats and trends, as seen by law enforcement authorities across Europe.

Ransomware maintains its reign as the most widespread and financially damaging form of cyber-attack, while criminals continue to defraud e-commerce and attack the financial sector. While ransomware remains the top threat in this report, the overall volume of ransomware attacks has declined as attackers focus on fewer but more profitable targets and greater economic damage.

Phishing and vulnerable remote desktop protocols (RDPs) are the key primary malware infection vectors.

Data remains a key target, commodity and enabler for cybercrime.

In the area of payment fraud, we continue to identify card not present (CNP) fraud as the main priority and continues to be a facilitator for other forms of illegal activity.

Skimming continues to evolve with criminals continuously adapting to new security measures.

Jackpotting attacks are becoming more accessible and successful. europa.eu

INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2019 [PDF]
 

CrowdStrike Global Threat Report Reveals Big Game Hunting,
Telecommunication Targeting Take Center Stage for Cyber Adversaries

The CrowdStrike 2020 Global Threat Report Reveals Troubling Advances in Cybercrime

Report unveils platform data and trends from targeted intrusion activity and attack techniques from both nation-state adversaries and cyber criminals

CrowdStrike observed an increase in incidents of ransomware, maturation of the tactics used, and increasing ransom demands from eCrime actors. Increasingly these actors have begun conducting data exfiltration, enabling the weaponization of sensitive data through threats of leaking embarrassing or proprietary information.

The trend toward malware-free tactics accelerated, with malware-free attacks surpassing the volume of malware attacks. In 2019, 51% of attacks used malware-free techniques compared to 40% using malware-free techniques in 2018, underscoring the need to advance beyond traditional antivirus (AV) solutions.

"This year's report indicates a massive increase in eCrime behavior can easily disrupt business operations, with criminals employing tactics to leave organizations inoperable for large periods of time. It's imperative that modern organizations employ a sophisticated security strategy that includes better detection and response and 24/7/365 managed threat hunting to pinpoint incidents and mitigate risks," said Jennifer Ayers, vice president of OverWatch at CrowdStrike. "CrowdStrike's comprehensive technology, coupled with our visibility into actor motivations and proactive hunting, protects our customers with the critical components needed to stop modern attacks." crowdstrike.com

J.Crew website hacked last year, your sensitive personal info may have been stolen last April, 2019
In an attack last spring, a hacker hit J.Crew's website and accessed sensitive information in some users' accounts, the company disclosed on Tuesday.

J.Crew blamed "an unauthorized party" for the hack and said it happened "in or around April 2019." According to reports from TechCrunch and Bleeping Computer, the accounts were accessed with a method called credential stuffing, which uses compromised login info to automatically break into accounts (made possible, in part, because people so often reuse their passwords).

According to a notice hosted by the Attorney General of California's website, the hacker would have been able to access some users' personal information, including: "the last four digits of credit card numbers you have stored in your account", "the expiration dates", card types, and billing addresses connected to those cards", "order numbers", "shipping confirmation numbers, and shipment status of those orders".

It's not clear why it took the American clothing brand nearly a year to disclose the hack. fastcompany.com

The Next Generation of Micro Data Centers

As edge computing applications diversify, so do the micro data centers
that support them.

Big data and the Internet of Things are among the market and technology trends that have altered the distributed computing landscape. Whereas pockets of network closets traditionally hosted communications switches in office buildings, now, more powerful but compact micro data centers are filling those spaces. And they're making appearances in retail locations, manufacturing sites, warehouses, public administration offices and healthcare clinics of all kinds.

As application areas diversify, new choices and formats of micro data centers are entering the marketplace.

Challenges that accompany the move to edge computing

For end users, these new edge computing solutions address issues that include the need for critical computing in remote locations, higher degrees of physical security, and space savings in facilities already crowded with either devices, people or business supplies.

Fast food restaurants are one example of how the need for more powerful edge compute capabilities is growing. Digital kiosks are beginning to appear in their restaurants. Edge applications will need to be protected in the same manner as critical data center applications if fast food is to remain fast. networkcomputing.com

The Cybercrime Pandemic Keeps Spreading

The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.

In the World Economic Forum's (WEF) "Global Risks Report 2020," which positions cyberattacks as the seventh most-likely and eighth most-impactful risks, and the second most-concerning risk, for global business over the next 10 years. Given that revenue, profits, and brand reputation of major firms are on the line, critical infrastructure is exposed, and nation-states are cyber-warring with each other, the stakes have never been higher.

1 Million People Join the Internet Every Day
According to the WEF report, more than half of the world's population is online. A million additional users hop aboard the Internet daily. Two-thirds of humanity carry a smartphone or some other mobile device.

As a result, data has become the fuel of the digital economy. Cisco's "VNI Forecast 2017 -2022" predicts that by 2021, IP traffic will hit 3.3 zettabytes annually - in gigabytes, that's roughly the same as all the movies ever made zipping through the globe's IP networks every minute. In reality, it means there can be zero tolerance for failure or outages.

To be sure, the modern miracles of 5G networks, quantum computing, artificial intelligence - and the world's growing reliance on the availability of network services and cloud computing - are creating huge opportunities. But they also introduce systemic risks. Large-scale blackouts can have gargantuan consequences, erode trust, dampen economic growth, exacerbate geopolitical rivalries, and create even more yawning gaps in societies.

Cyberattacks Are Expected to Increase This Year
When asked to describe the "short-term risk outlook"("short-term" being the next 12 months) 76.1% of the respondents to the WEF's survey expected cyberattacks to increase in 2020 and named them as one of top five global threats - outpacing even terrorism, which did not make it into the top five. The others were economic confrontations (78.5%), domestic political polarization (78.4%), extreme heatwaves (77.1%), and destruction of natural ecosystems (76.2%).

The WEF assumes that taking down a single cloud provider could already generate between $50 billion and $120 billion in economic harm - comparable to the financial carnage resulting from Hurricane Sandy and Hurricane Katrina.

What's Next?
In the digital age, every business decision will have a cybersecurity implication in one way or another. More collaborative approaches to tackling cyber threats - whether it's a coordinated effort among peers within an industry, or public-private partnerships that support information exchange between law enforcement, the legislative branch, and the private sector. darkreading.com

Request for Comments: Software-based PIN Entry on COTS Standard v1.1

Carnival Corp units say were hit by cyber attack last year