The Security Week That Was: A Recap - April 7-13, 2007

April 13, 2007
SIW Editor Geoff Kohl gives a weekly surveillance of news shaping your profession

It's 3:57 a.m. and two thieves, Elroy and Leroy, just smashed in the back window of one of your remote offices. Using the bare minimum of lights left on when the cleaning crew left hours ago, they're in your business looking for things they can easily resell on the street to get a little money for a bad meth habit. In your office, Elroy spots two things that grab his eye: 1) a 50-inch plasma screen that your engineers use when demonstrating your newest whiz-bang technology and 2) a laptop left in an unlocked filing cabinet in an unlocked office. He's got to make a choice quickly on what to grab; he knows that thanks to your contract for alarm system monitoring, the police are probably only 15 minutes away.

If the pair slugs that plasma screen out the office, you're out about $2,500 to replace it. The laptop is an old Dell X200 worth about $240 on eBay. It is on its last legs, but a database admin uses the laptop when she's working in the office, and it happens to have an unencrypted merged database of employees from HR as well as a current database of your new customers' credit applications. If Elroy and Leroy grab the old laptop, you might not know it, but you could be out millions.

Do these kinds of scenarios keep you up at night? If not, when you look at the recent costs of data breaches, as reported in major news media, they should.

First, our apologies to your sleep therapist, but in the last day, we received two very interesting tidbits of information that can help keep you up at night. The information included one well compiled tool from Darwin Professional Underwriters that seeks to give estimates on the cost of data security breaches. It handily estimates things like legal fees, your cost to provide post-incident credit monitoring for your employees, call center costs, certified mail notifications, and a lot more. The shocking thing about this calculator is how quickly the business costs of a data breach can add up.

The second item of business is a report released this week from the Identity Theft Resource Center, which compiled a list of 76 data breaches (using news reports) that have occurred just in the first quarter of 2007. What will worry you again (Tylenol PM should sponsor this news, I think, especially since it coincides with Friday the 13th) is that it's not soley small companies who don't have enterprise security programs in place who are being affected. It is companies and organizations like Medicaid, U.C.-San Francisco, WellPoint, Fruit of the Loom and a lot of other big names.

Now, in response to this, I'll probably receive press calls from a dozen network security device and software vendors telling me how their unit will block hackers. However, it seems that more often than not, there was a physical security breach involved such as a card skimmer or a stolen laptop. There is only so much that CCTV and national account monitored intrusion systems can do. In response, if any of you would like to share general rules and policy regarding laptops and physical IT assets, I'd be happy to share those with the group. Email me via [email protected].

Industry News of the Week
NBFAA recognizes leaders, ADT & the Great White Shark, TWIC fire smoulders

Okay, enough with trying to keep you up at night…our industry has been making some news this week and you deserve an update.

The NBFAA recognized four of its own. George De Marco was given the President's Award for his service to the organization; also recognized for leadership were Counte Cooley, Dave Koenig and Mike Miller. Also on the alarm business side of our house, you should know that the next time you see golf legend Greg Norman, the shark logo might also be accompanied by the classic blue-and-white stop sign logo of ADT. ADT has hired on Norman to help market their security services, especially their high-end custom residential services group.

TWIC, the Transportation Worker Identification Credential project that would give a security clearance ID card for workers in our nation's ports, is moving at the speed of molasses, and the Democrats in the Senate aren't happy. They've targeted attacks at the President's office, but it's pretty clear this is just being used for political gain, rather than to drive the technology requirements and specs that are needed to actually get this project moving. As one prominent card access company told me at last year's ASIS show in San Diego when asked if they could provide a clear update on what was happening with TWIC: "I wish we could, but the project seems to have lost momentum."

In the world of vendors, it was a notable week as Honeywell/ADI acquired Burtek from Richardson, expanding their (already large) footprint in security products distributing. OnSSI joined Panasonic's Solution Developer Network. Chamberlain bought the Edko gate operator business, and Mango DSP announced that it has been working with ObjectVideo and TI's DaVinci chip technology to release a reference design for camera manufacturers.

What's New with SIW
Newly launched video network, plus an upcoming webinar

Just before ISC West, we finished building our SecurityInfoWatch.com Video Network, where you can watch videos of product demos, video analytics, and a lot more. Stay tuned; we have a number of new videos to appear here in the next couple weeks, including actual incident footage of security breaches. We're building this to be something like a YouTube for the security industry, and you're more than welcome to contact me directly regarding videos you'd like us to consider for broadcast.

You can get to the video network directly at www.securityinfowatch.com/videonetwork

We're also hosting a webinar, "Converging Smart Card Programs: How PricewaterhouseCoopers and the RWE Group did it," on May 10th at 1 p.m. EST. We're going to have 3 very neat presentations, including PricewaterhouseCoopers' 1,200-person card program, the RWE Group's 100,000-person card program, and some tips on implementing converged smart card/ID programs from consulting firm Cosmo-ID. Smart card technology firm LEGIC Identsystems will be our presenting sponsor. Registration is free, and the content will be especially applicable for physical and IT security directors, as well as integrators and access control software and hardware vendors working in this space. The registration page is now live.

Register for this webinar here: www.securityinfowatch.com/webinars/legic/

Finally, here's a look at our most popular stories of the week, and as always, thanks for making SecurityInfoWatch.com the #1 security portal on the Net.