Guest Editorial by Will Plummer, CSO, RaySecur
A growing number of cyberattacks, especially ransomware, have organizations across every industry wondering if they will be next.
Hackers don’t discriminate as food plants, gas pipelines, and hospitals have all recently faced costly disruptions from breaches.
An emphasis on cybersecurity is critical right now, but security professionals can’t afford to ignore physical security and its important role in protecting an organization since those needs are evolving as well.
Broadening Physical Security Landscape
Prior to the pandemic, a company’s physical security mostly pertained to protecting employees, property, and facilities. The scope was much smaller than it is today.
Now, many organizations have implemented permanent or indefinite remote work options and must account for executives and employees working across multiple sites, notably now spanning residential locations.
In an era when U.S. companies are taking emboldened political stances and more than half are implementing controversial vaccine mandates, the risk of threats from remote workers against an organization and its leadership increases.
Seemingly innocent mail and packages can become dangerous weapons in this heated environment. For example, 39 percent of publicly disclosed mail incidents in 2020 targeted businesses or personal residences.
This number is likely to increase as remote work remains the norm. Yet, only a small handful of companies really have a great mail security response plan in place for their actual office, and even fewer for remote workers.
In order to prevent a debilitating attack on plants, people, and offices, security strategy needs to consider both the cyber and physical attack vulnerabilities that exist in their organization.
Physical Security Impacts Cybersecurity Programs
Contrary to the separate labels, physical security and cybersecurity impact each other.
Physical breaches can come in the form of a rogue employee planting a corrupt USB drive into corporate systems, an imposter sneaking into a server room, or a passive electronic device sent in a small package collecting data unnoticed.
In any of these situations, a company’s digital environment is threatened because of a lapse in physical security protocols.
Security programs were high-risk enough before businesses and employees were sent home.
In hybrid work environments, security personnel are less likely to see the same employees each day, and the prevalence of on-demand delivery fleets creates a similar problem for mail and package delivery.
It’s challenging to detect suspicious activity when it’s perfectly normal now to see a personal vehicle deliver a package.
With mail and packages serving as the physical connection for remote work, it’s vital that a company factor robust mail security initiatives into everyday operations.
Whether work-related mail is addressed to corporate headquarters and forwarded to personal mailing addresses or just sent directly, it is the company’s responsibility to keep workers safe.
Warshipping and the Case of “The Thing”
Beyond executive and employee safety, there is also the matter of preventing corporate espionage.
During BlackHat 2019, IBM’s white hat hacker team, X-Force Red team, called attention to a security threat they discovered called warshipping.
This involves a malicious actor sending hardware to a target via the mail or a physical breach on the premises, using IoT networks to control the device.
These small electronic devices create an access point to a company’s network via a cellular connection and can be controlled remotely to facilitate an attack on systems, or compromise sensitive conversations.
One of the most famous examples of this tactic is “The Thing”, a decorative seal gifted to the U.S. ambassador to the Soviet Union.
The device sat unnoticed in the diplomat’s study for almost seven years, before being discovered when a British radio controller heard American voices on a Soviet channel.
(“Revolutionary for its time, a spy device with no electronic components was created by a Soviet inventor, Leon Theremin, the creator of the world’s first electronic instrument. By transforming his musical machine, Theremin created a listening device that evaded American detection for seven years, during the most important period leading up to the Cold War.” Courtesy of DCODE by Discovery and YouTube.)
It’s hard to imagine the volume of sensitive information leaked through the device over the years it was planted.
With today’s technology advancements, warshipping should be top of mind for corporate security practitioners.
Consider someone sending a package with one of these devices that’s left unnoticed in a company’s loading dock for days or weeks.
Just because it seems so simple doesn’t mean it won’t happen. Critical cyber protection can be bypassed by seemingly minor gaps in physical security.
Preventing the Threat
In order to prevent warshipping tactics, all mail and packages that end up in the hands of employees, or within corporate facilities, should be screened for malicious contents.
Unassuming items can disguise potential security threats and compromise an organization, and extra care should be taken with packages going to vulnerable departments like the C-suite, HR, research & development, manufacturing, and IT.
Security leaders should assess their organization’s security needs so that they can invest in the best technology to empower executive protection teams.
For example, if a company has a high-risk executive, this may mean adding smaller, handheld technology that can detect certain threats like bioweapons or other illicit substances.
Additionally, X-ray, the most common technology, isn’t able to see traces of small powders and liquids, which account for the highest number of incidents.
Alternative technologies, such as mmWave, are better options as they can have up to 300x the sensitivity of X-ray to detect powders and liquids.
(Thousands of companies receive mail-borne threats every year. See how they are dealing with them using MailSecur. Courtesy of RaySecur and YouTube.)
Moving Forward
While it’s challenging to control physical security in the work-from-home era, security personnel can’t ignore any blind spots, especially with the e-commerce and shipping growth over the last year and the mainstreaming of third-party shipping services.
Bad actors have a plethora of tactics at their disposal that can compromise an organization via the mail.
It’s not all that difficult to address these physical security gaps in the workplace, but remote work creates a new set of challenges. Security programs now need to account for the various personal locations where key employees live and work.
Much investment and emphasis on cybersecurity can overshadow physical security needs, especially as they are evolving too.
Creating a standard operating procedure around mail and package security is imperative, as is making sure it’s tied into other more common physical security areas, such as video surveillance.
(See how RaySecur helps companies, government agencies, and celebrities to safely enhance mailroom security with next-generation threat detection products and services. Courtesy of RaySecur and YouTube.)
About the Author
Will Plummer is the chief security officer (CSO) of RaySecur, a revolutionary security imaging company with the world’s first-millimeter wave scanners, remote analysis, and threat detection solutions.
In addition to his responsibilities as CSO, Will heads the company’s 24/7 remote Explosive Ordnance Disposal (EOD) support team, EODSecur, to bring the technical knowledge of military-trained technicians into mailrooms to aid detection and interdiction of suspicious objects.
Will is a 25-year veteran of the U.S. Army, where he earned a Bronze Star with Valor as a Master EOD Technician, and commanded multiple Special Operations units with multiple combat deployments.
Will has a BA in Social Sciences from California State University Chico, and a MA in Defense and Strategic Studies from Naval War College.
Related Technologies…
Cellbusters Takes Platinum in 2021 ‘ASTORS’ Awards Program
American Security Today’s Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program, and now in its Sixth Year, continues to recognize industry leaders of Physical and Border Security, Cybersecurity, Emergency Preparedness – Management and Response, Law Enforcement, First Responders, as well as federal, state and municipal government agencies in the acknowledgment of their outstanding efforts to Keep our Nation Secure.
Cellbusters
Best Cell Phone Detection Solution (Tie**)
-
Zone Protector
-
The Zone Protector™ from Cellbusters provides maximum protection for your environment by continuously scanning for cell phone and user-selectable RF transmissions, and is far more sophisticated than JUST a cell phone detector.
-
Comparable to a spectrum analyzer, the Zone Protector™ has the ability to scan user-definable frequency ranges along with the ability to alert, notify, control a third-party device, or simply log as soon as it detects relevant transmission activity.
-
Precise frequency filtering technology, managed and controlled by a 32-bit microprocessor, enables the Zone Protector™ to deliver accurate detection with virtually zero false positives.
-
Once cellular or appropriate RF activity is detected, the Zone Protector™ can be set to activate a choice of alerting options or to silently log all detected activity.
-
Additionally, Cellbusters Zone Protector has now been updated to detect 5G phones, proving a leading edge in the market, and protects investment in this technology for years to come.
(See a quick overview of the Zone Protector and the Zone Manger, both cell phone detection technology from Cellbusters. Courtesy of Cellbusters and YouTube.)
-
*Cellbusters was also recognized in all Six ‘ASTORS’ Awards Programs, respectively.
The Annual ‘ASTORS’ Awards highlights the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition and keep our Nation safe – one facility, street, and city at a time.
The United States was forever changed 20 years ago on September 11th, and we were fortunate to have many of those who responded to those horrific tragedies join us at the 2021 ‘ASTORS’ Awards Luncheon.
In the days that followed 9/11, the critical needs of protecting our country catapulted us into new and innovative ways to secure our homeland – which is how many of the agencies and enterprise organizations that are today ‘ASTORS’ Awards Champions, came into being.
Our keynote speaker featured a moving and informative address from TSA Administrator and Vice-Admiral of the United States Coast Guard (Ret), David Pekoske; to our attendees who traveled from across the United States and abroad, on the strategic priorities of the 64,000 member TSA workforce in securing the transportation system, enabling safe, and in many cases, contactless travel.
Legendary Police Commissioner William Bratton of the New York Police Department, the Boston Police Department, and former Chief of the Los Angeles Police Department was also live at the event, meeting with attendees and signing copies of his latest work ‘The Profession: A Memoir of Community, Race, and the Arc of Policing in America,’ courtesy of the generosity of our 2021 ‘ASTORS’ Awards Premier Sponsors.
The 2021 ‘ASTORS’ Awards Program was Proudly Sponsored by AMAROK, Fortior Solutions and SIMS Software, along with Returning Premier Sponsors ATI Systems, Attivo Networks, Automatic Systems, and Reed Exhibitions.
Why American Security Today?
The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast-changing security landscape.
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State, and local levels of government as well as firms allied to the government.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers’ eyes throughout the story with cutting-edge editorial that provides solutions to their challenges.
Harness the Power of the Web – with our 100% Mobile Friendly Publications
AST Digital Publications are distributed to over 75,000 qualified government and homeland security professionals, in federal, state, local, and private security sectors.
‘PROTECTING OUR NATION, ONE CITY AT A TIME’
AST Reaches both Private & Public Experts, essential to meeting these new challenges.
Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture, and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.
These experts are from Government at the federal, state, and local level as well as from private firms allied to the government.
AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website, and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.
AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.
(See just a few highlights of American Security Today’s 2021 ‘ASTORS’ Awards Presentation Luncheon at ISC East. Courtesy of My Pristine Images and Vimeo.)
To learn more about ‘ASTORS’ Homeland Security Award Winners solutions, be on the lookout for the 2021 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2021 ‘A Year in Review’.
The Annual CHAMPIONS edition includes a review of Annual ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firm’s products and services, including video interviews and more.
It will serve as your Go-To Source throughout the year for ‘The Best of 2021 Products and Services‘ endorsed by American Security Today, and can satisfy your agency’s and/or organization’s most pressing Homeland Security and Public Safety needs.
From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection, and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware and Networking Security – Just to name a few), the 2021 ‘ASTORS’ CHAMPIONS EDITION will have what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.
It will also include featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2021 ‘ASTORS’ Awards Program.
-
For a complete list of 2021 ‘ASTORS’ Award Winners, begin HERE.
For more information on All Things American Security Today, as well as the 2021 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at mmadsen@americansecuritytoday.com.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos