|
Marrying the Digital and the Physical |
Tim Mathews wears two hats: electronic and physical security, including protection of company executives traveling the world. As director of risk management and corporate security at Princeton, N.J.-based Educational Testing Service, he's also responsible for ensuring the integrity of the nonprofit organization's core products: SATs, GREs and other educational tests.
It's a heavy load, and Mathews is constantly on the lookout for technologies that help keep paper and electronic copies of all testing materials under virtual lock and key. For instance, Mathews envisions keeping hard copies of near-final tests from leaving a building by hiding radio frequency identification chips in paper.
Mathews hopes to marry physical security with online access. "We can protect how people get on our network, but if someone can get through a door and into our buildings, then they can look over someone's shoulder and figure out a way of breaching the network," he says. "But if there's a login that shows up for a person [with] no corresponding entry to the building, then that should raise an alarm to security."
One answer rests in technology such as video analytics, where an image of a physical incident is an element of electronic security. Mathews says that if three people try to enter a door with only one security card recorded upon entry, the image from a security camera trained on the door can then alert guards if in fact intruders have entered the building.
Several vendors, including IBM and Cisco, have been working to marry video and electronic security tools, according to Scott Crawford, senior analyst at Enterprise Management Associates in Boulder, Colo.
Yet the concept of melding information security with physical security hasn't taken hold at many midmarket companies. Other chief information security officers say they have enough on their plate in dealing with viruses and hackers without adding the worries of building security, fire safety and guard dogs.
-- J.C.
|
Just how prevalent are multi-vector attacks? "The sense of people deliberately banding together to put some multi-vector threats together is relatively new," says Stephen Fried, vice president for information security and privacy at Milwaukee-based Metavante Corp. "When you take a look at the history of attacks that we've been seeing in the past few years, there has been a lot more talk about multi-vector than we've actually seen in the wild, but I think its day will come."
Multi-vector attacks can take many forms. For instance, an attacker who uses social engineering to gain personal information from users might join forces with someone who uses distributed attacks or distributed spam networks, says Scott Crawford, senior analyst at Enterprise Management Associates (EMA) in Boulder, Colo. "The ability to work together in order to achieve common goals is getting to be a much more serious concern, which raises the bar even further on the ability of IT to be able to cooperate with security and leverage integration across IT to achieve their own common goals."
Several factors set a multi-vector attack apart from the general release of, say, a virus or worm. First, a multi-vector attack targets a specific company, often with the intent to do harm or steal information. It also uses several avenues to gain entrance, with one or more of those attempts often acting as a decoy to divert the security team's attention from the real attack.
"Midmarket companies are exposed to the same types of threats as larger companies, although they probably are more at risk from multi-vector attacks," says Jerry Murphy, vice president and service director at Robert Frances Group. "It used to be that security threats were like high school kids coming by and toilet-papering a house. It was obvious that it happened, and it looked really nasty, but at the end of the day nothing was really damaged. Today, the threats are much more like spies watching from behind the bushes at all the entrances to your house to see where you hide the key so when you're gone they can sneak in and steal stuff."
|
 |
|
|
