Cybersecurity Is Hot, But Don’t Overlook Physical Security

November 9, 2016 Alex Woodie

Cybersecurity played a major role in the run-up to yesterday’s presidential election, as Russian hackers leaked private communications and attempted to influence the outcome of the election. They weren’t successful, largely because elections remain mostly a manual affair in United States. But it did serve as a reminder of the need to protect critical American institutions in both the cyber and physical worlds.

In a recent report, the Department of Homeland Security identified 16 infrastructure sectors that are vital to the safety, security, and health of the United States and its people. You’ll find sectors you’d expect to find there, such as nuclear power operators, defense contractors, and chemical manufacturers.

But the DHS also singled out water treatment plants, hospitals, and food manufacturers as potential targets that must be fortified against physical and cyber attacks. In 2013, President Barrack Obama ordered extra resources be spent to build up security around these critical and largely privately owned infrastructure elements.

Cybercriminals impact our critical infrastructure on a regular basis. Earlier this year, we told you how “hactivists” from the Middle East were able to take control of the AS/400-based supervisory control and data acquisition (SCADA) application of a water district by hacking a Web-based payment system. The criminals were actually able to remotely turn the valves that control the flow of chemicals into the drinking water system for the water district.

Nobody was hurt in the water district incident, but it did show how vulnerable the U.S.’s critical infrastructure actually is. Whether it’s electrical substations protected with just a padlock or dams secured with a chain link fence, it’s clear that physical security shouldn’t be lost in the scramble to bolster cyber security.

One IBM i vendor that’s working to improve physical security is CYBRA. The New York company is best known for its MarkMagic barcode software that runs on IBM i, but it’s been spending much of its time recently building its EdgeMagic products for encoding radio frequency identification (RFID) tags.

Last month CYBRA rolled out its latest RFID product, called Edgefinity IoT. The Java-based product uses RFID technology to track people as they move about a geo-fenced area, while a rules engine generates alerts when specific conditions are met in the real world.

The product uses a network of RFID tags and antennas to automatically track the location and movement of people within a facility, such as a hotel or a water plant. If somebody who’s been given an Edgefinity badge wanders into an area of the facility where they’re not supposed to be, then it sends an alert to the security officer.

CYBRA’s Edgefinity IoT uses RFID to monitor the movement of people in facilities.

The software can also be used to boost worker safety. If the system detects that a worker in a remote facility stops moving, it could indicate that something is wrong. The Edgefinity badges, which are equipped with accelerometers, also have a panic button that the remote worker can press three times to call for help.

CYBRA’s safety and security solutions architect, Ben Jakubovic, designed Edgefinity to address unmet safety and security needs. “There are so many safety and security issues to which organizations are vulnerable,” he says. “Water treatment plants and other utilities, airports, mining facilities, disaster recovery teams, you name it. Any industry or organization that needs to keep track of the safety of employees and security of their facilities will find Edgefinity IoT. . . useful.”

CYBRA is selling versions of Edgefinity IoT for specific industries and enterprises such as schools, mining, utilities, hotels, and hospitals. The software can run on any system capable of running Java and the MySQL database.

The software side of security gets a lot of attention. But it’s clear that physical security shouldn’t be overlooked in the rush to plug security vulnerabilities, in IBM i servers or elsewhere.

Keeping Up With Security Threats To IBM i

Tags:

CYBER-ATTACKS ON THE RISE. PROTECT WITH THE TRIPLE PLAY.

COVID-19 has not only caused a global pandemic, but has sparked a “cyber pandemic” as well.

“Cybersecurity experts predict that in 2021, there will be a cyber-attack incident every 11 seconds. This is nearly twice what it was in 2019 (every 19 seconds), and four times the rate five years ago (every 40 seconds in 2016). It is expected that cybercrime will cost the global economy $6.1 trillion annually, making it the third-largest economy in the world, right behind those of the United States and China.”1

Protecting an organization’s data is not a single-faceted approach, and companies need to do everything they can to both proactively prevent an attempted attack and reactively respond to a successful attack.

UCG Technologies’ VAULT400 subscription defends IBM i and Intel systems against cyber-attacks through comprehensive protection with the Triple Play Protection – Cloud Backup, DRaaS, & Enterprise Cybersecurity Training.

Cyber-attacks become more sophisticated every day. The dramatic rise of the remote workforce has accelerated this trend as cyber criminals aggressively target company employees with online social engineering attacks. It is crucial that employees have proper training on what NOT to click on. Cyber threats and social engineering are constantly evolving and UCG’s Enterprise Cybersecurity Training (powered by KnowBe4) is designed to educate employees on the current cutting-edge cyber-attacks and how to reduce and eliminate them.

A company is only as strong as its weakest link and prevention is just part of the story. Organizations need to have a quick response and actionable plan to implement should their data become compromised. This is the role of cloud backup and disaster-recovery-as-a-service (DRaaS).

Data is a company’s most valuable asset. UCG’s VAULT400 Cloud Backup provides 256-bit encrypted backups to two (2) remote locations for safe retrieval should a cyber-attack occur. This is a necessary component of any protection strategy. Whether a single click on a malicious link brings down the Windows environment or an infected SQL server feeds the IBM i, once the data is compromised, there is no going back unless you have your data readily available.

Recovery is not a trivial task, especially when you factor in the time sensitive nature of restoring from an active attack. This leads to the third play of the Triple Play Protection – DRaaS. Companies have myriad concerns once an attack is realized and a managed service disaster recovery allows employees to keep focus on running the business in a crisis state.

The combination of training employees with secure backup and disaster recovery offers companies the best chance at avoiding financial disruption in an age of stronger, more frequent cyber-attacks.

Reach out to UCG Technologies to discuss your company’s security needs and develop a data protection plan that fits you best.

ucgtechnologies.com/triple-play

800.211.8798 | info@ucgtechnologies.com