April 7 - ISC Week

WHAT’S NEW
MITRE ATT&CK

The MITRE ATT&CK framework is often likened to an extensive and comprehensive handbook, designed specifically for the digital age to combat computer hackers. This framework is a treasure trove of knowledge, shedding light on the shadowy tactics used by cybercriminals to breach and compromise computer systems. It's as if every page reveals new secrets about the cunning methods these digital villains use to infiltrate our digital lives.

Imagine diving into this handbook and discovering a detailed map of the hacker's mind, with their objectives, known as "tactics," laid out clearly. These tactics are their dark ambitions, aiming to stealthily penetrate the digital fortresses guarding our most sensitive data. The framework doesn't stop there; it goes on to outline the "techniques" and "sub-techniques" - the specific methods and even more granular actions hackers employ to achieve their nefarious goals. It's like uncovering a hidden world of digital deceit, where each turn reveals more intricate and sinister plots.

Interestingly, the principles and structured approach of the MITRE ATT&CK framework can be ingeniously adapted for physical security, offering a groundbreaking methodology to protect our tangible assets. Just as the framework maps out the cyber hacker's playbook, it can also guide us in anticipating and countering physical threats to our schools, offices, and public spaces. This adaptation involves identifying the potential tactics and techniques physical intruders might use, from reconnaissance efforts to understand a building’s layout to exploiting weaknesses in access control systems.

For instance, under the adapted framework, security teams can categorize threats like unauthorized entry ("Initial Access") and then drill down into specific techniques an intruder might use, such as tailgating or lock picking. By applying the ATT&CK model’s methodology, organizations can develop layered defense strategies that address not only the immediate physical breaches but also the sophisticated means by which intruders maintain presence and move within facilities. This approach empowers security professionals to devise comprehensive plans that protect against a wide array of physical security challenges, ensuring the safety of people and the security of assets. Through constant updates and community input, the adapted framework can evolve, much like its cyber counterpart, staying ahead of the innovative tactics employed by modern adversaries.

Keep an eye out for this adapted framework later this year.

SECURITY ENVIRONTMENT
Perils of the QR code

QR codes, those little black-and-white squares you scan with your phone, are super handy. They can take you straight to a website, show you a video, or even let you pay for something without touching cash. But, just like with anything cool, there are some risks.

Imagine you're walking around, and you see a QR code stuck to a lamppost with a sign saying, "Free Music Downloads!" You think, "Great!" and scan it. But instead of taking you to a music site, it secretly leads your phone to a sketchy website that can steal your information. That's because not all QR codes are what they seem. Some of them are set up by bad actors to trick people into visiting harmful sites that can install viruses on your phone or steal your personal info like your name, address, or even passwords.

Sometimes these QR codes can trick you into sending money to the wrong place. Say you're using a QR code to pay at a café. A scammer could swap the café's code with their own. When you scan it, thinking you're paying for your coffee, you're actually sending money straight to the scammer.

So, while QR codes are super useful, it's important to be careful. Only scan codes from sources you trust, like official posters in stores or websites you know are safe. And if something seems too good to be true, like free stuff just for scanning a code, it might be a trick. Stay smart and stay safe!

Here is a great video from Kaspersky that can describe it even further.

THE AI SPACE
Prompt Engineering

Prompt engineering is a cool new area that's all about getting the best answers out of AI, like the chatbots or AI models you might use online - Like ChatGPT. It's like knowing exactly how to ask a question to get the answer you need.

for example you can ask an AI “how do I change my wiper blades” or “Could you provide a step-by-step guide, including any necessary tools and safety precautions, for replacing the windshield wiper blades on a specific car? Additionally, tips for selecting the right size and type of wiper blades for different vehicle models would be helpful.”

This is becoming important as more people start using AI for work, personal tasks and more. According to Forrester, 60% of employees will start to get training on prompt engineering in the workplace. As these AIs get smarter, learning the right way to talk to them can help you do amazing things, from creating awesome stories to solving tricky problems. So, as we all start using AI more, getting good at prompt engineering is going to be a big deal, helping everyone get better and more useful answers from their AI friends.

Here is a really great video to get you started. (Link)

THINGS TO WATCH
ISC West - Ambient Ai

Founded in 2017 by CEO Shikhar Shrestha and CTO Vikesh Khanna, Ambient.ai is an AI-powered physical security platform that helps enterprise organizations automate video monitoring, control unauthorized access and speed-up forensic search across their entire camera network. Seven of the top 10 U.S. technology companies, along with multiple Fortune 500 organizations across a variety of industries, leverage Ambient.ai to unify their security infrastructure and shift their security posture from reactive to proactive.

If you are looking to expedite you searches over an entire camera network, go see the team at booth #28099

ISC West - Circadian Risk

If you’re a security technology geek, ISC West (which takes place from April 9-12 in Las Vegas) is the place to be. ISC West is the largest gathering of security technology companies in the U.S. and a hub for security professionals who are focused on technology.

Circadian Risk, the leading digital platform for assessing physical security risks, is excited to be attending ISC West this year. Our tools empower companies to measure, monitor, analyze and remediate risk at the click of a button. 

Over the past couple of years, the focus of ISC West has shifted with evolving technology. Two years ago, attendees were interested in integrations that would streamline their tech stack. Last year, robotics was the hot topic. This year, we expect to see interest in AI. We look forward to connecting with people who are looking for those solutions and having productive conversations about their security needs. 

Our team will be at the RAD/AITX booth (#20131) at ISC West. We’d love to meet with you during the show. Reach out and book a meeting with us today. Book soon; slots are filling up fast!

Links
Current news from around the industry

• Top Israeli spy chief exposes his true identity (Link)

• Gunman kills security guard at Fla. bar (Link)

• US, Britain, Australia weigh expanding AUKUS security pact (Link)

• Critical Security Flaw Exposes 1 Million WordPress Sites (Link)

Want to create your own Newsletter?
Try Beehiiv: Get 20% off and 30 days Free*

If you’re starting a newsletter or looking for a better email service provider, you need to try beehiiv. The growth features, ease of use, and low price are unmatched.

It’s the platform I use and recommend to everyone. *Sign up using my link below to receive a discount and 30 days free trail.