Editor’s Note: Another version of this article originally appeared on our sister-site Security Sales & Integration on January 28, 2026. It has since been updated for My TechDecisions’ audience.

More system integrators are beginning to recognize that IT departments hold greater influence over technology investments that were once managed solely by security teams, particularly when cybersecurity is involved.

This shift reflects a simple reality: IT is ultimately responsible for managing the organization’s technology risk. When new devices or systems introduce cybersecurity vulnerabilities, IT teams are accountable for identifying and mitigating that exposure.

From an IT perspective, attack vectors can take many forms—not just cameras or software but also smart lighting, access control hardware or other IoT-connected devices.

A 2017 incident in which criminals accessed a casino’s network through a connected fish tank illustrates why IT teams approach new technology with skepticism: even seemingly harmless systems can become entry points for attackers. If they cannot confidently say a system is secure and compliant, the safest option is to say no.

This hesitation is not about being overly cautious. IT leaders are accountable for protecting sensitive assets, including intellectual property, employee records and financial data. Failure to perform due diligence can expose the organization to regulatory penalties, reputational damage and operational disruption.

This shift requires system integrators to move away from feature-driven product discussions and toward platform-level outcomes. Security teams may be excited by new capabilities and technologies but IT teams first want to understand how a platform manages risk.

Integrators should be prepared to explain how a solution reduces complexity, limits liability and minimizes human error by automating routine tasks.

What Security System Integrators Can Consider When Speaking to the IT Buyer

Speaking IT’s language—data governance, network impact, cybersecurity posture—goes a long way toward building trust. Integrators who address IT concerns early can reduce objections, shorten review cycles and build confidence with IT.

In practice, here are a few things system integrators can address:

Compatibility with the existing technology stack

• Open integrations that support single sign-on (SSO), cloud platforms and established systems
• Flexible deployment models that work in on-prem, cloud or hybrid environments
• Built-in interoperability through strong APIs or widely adopted standards

Cybersecurity and regulatory compliance

• Data protection measures such as end-to-end encryption to support confidentiality and privacy
• Compliance capabilities aligned with relevant regulations and standards, depending on region and sector
• Role-based access controls and multi-factor authentication to prevent unauthorized access
• Audit trails and activity logs that support oversight and compliance monitoring
• Recognized cybersecurity certifications and standards for cloud-based services

Reliability and system resiliency

• Defined service level agreements (SLAs) that support continuous operations
• Disaster recovery capabilities, including automated failover and business continuity strategies
• Scalable performance that supports growth without degrading system reliability

Bringing IT and Security Teams Together

Integrators are uniquely positioned to act as a bridge between IT and security, helping both sides understand each other’s priorities. In the IT world, subscription-based software and ongoing maintenance agreements are standard. In contrast, security teams have historically favored one-time system purchases that are maintained internally. Navigating these differences requires clear communication and expectation-setting.

Because many IT buyers do not come from a physical security background, integrators should expect to explain not only what they are proposing but how it will affect IT workloads and responsibilities. This creates an opportunity to reframe the conversation around benefits that matter to IT teams, such as interoperability, scalability, resiliency and long-term maintainability.

Integrators can also look for areas of natural alignment with IT goals, including compliance, data protection and on-prem versus cloud deployment strategies. When a solution includes built-in safeguards—such as cybersecurity hardening guides, security posture scoring or controls that restrict access to authorized users—these should be highlighted early in the discussion.

Automation is another strong point of connection. IT teams are often stretched thin and are drawn to solutions that reduce manual effort through centralized management, automated updates or simplified configuration.

While many IT stakeholders favor cloud-based software-as-a-service models for their continuous delivery of patches and improvements, governance preferences vary. Some organizations want direct control over deployments, while others prefer automatic updates.

Integrators who understand these governance models can recommend solutions that align with how IT teams prefer to work—making approvals faster and deployments smoother.

Get Buy-In Early in the Process

For integrators, working effectively with IT is more critical than ever. It’s no longer enough to simply invite IT to the table late in the process. Integrators need to understand IT’s priorities, preferences, and goals from the outset—and adapt their approach accordingly. Security solutions are far more likely to be approved when they align with the organization’s established IT best practices, governance models and risk tolerance.

Today, there are very few scenarios in which a security deployment would not require IT review and sign-off. Even systems designed to be isolated or air-gapped must be assessed to confirm how they are installed, maintained and updated and to ensure no unintended connections introduce vulnerabilities.

To adapt to this reality, integrators need to build credibility through early and consistent engagement with IT, ideally starting with the very first meeting. Bringing IT into the process early helps ensure that security decision-makers are aligned with current network security, governance and compliance requirements.

Alex Halliday is director of channel enablement, North America, sales, at Genetec.

The post How Security Integrators Can Reach IT Decision-Makers More Effectively appeared first on My TechDecisions.

At the outset of the conversation, Grass reflects on the state of the workforce today. Post-pandemic, workforces continue to be mobile and fluid, with a strong continuing trend of “hoteling” workers who are not tethered to a particular space. “Being able to communicate to those people effectively can be a challenge,” Grass acknowledges. Plus, we continue to see far too many unthinkable situations in workplaces across the country. Sadly, companies need to be prepared to deal with them.

Singlewire Software Helps Integrators Pursue Mass Notification

Singlewire Software, of course, plays a leading role in partnering with integrators exploring the mass notification category. According to Grass, “Our tagline is ‘Detect, Notify and Respond,’ and that’s what we really help customers do. And we help our channel partners work with customers to better detect the issues happening, notify their staff of what’s going on, and better respond and more quickly respond to the issues that might be out there.”

What makes Singlewire Software different, Grass says, comes down to this: It’s really that facility-based communication platform. “We are just software-based. So, we help customers leverage their current infrastructure and maybe infrastructure that they’re looking at purchasing.” So, if a customer is looking to upgrade to IP speakers or wanting to shift to a hosted phone system, Grass says, Singlewire Software can “…help enable those type of technologies to better communicate daily or in the case of emergencies.”

Later in the interview, Grass makes clear that he believes all integrators should be looking at the mass notification category. And he underscores that Singlewire Software stands ready to help channel partners realize more revenue and become stickier with their customers.

Grass particularly highlights abundant opportunity (and need) in healthcare, K-12, retail, manufacturing and other verticals. “Those types of customers really have the need for technology such as this,” he declares.

Watch the full video Q&A below for the whole story on mass notification from Singlewire Software and Jim Grass.

The post Singlewire Software on Mass Notification Solutions appeared first on My TechDecisions.

As part of the process, district administrators and staff reevaluated all infrastructure elements and their approach to campus safety, selecting AtlasIED IPX technology to modernize their intercom, audio announcements, and emergency communications systems.

The district began renovating in phases, prioritizing schools based on the state of the school buildings and the level of urgency of repairs. Before renovations, the schools in the district used similar audio communications technologies that had been in use for 10-20 years, including the public address (PA) system, clocks and blue light systems for emergencies.

However, the systems were siloed and did not integrate. During routine use, such as all-school announcements at the beginning of school days, the system functioned as needed, but during drills, the number of systems in operation caused the schools challenges.

“With the old system, when we conducted a lockdown drill, school staff needed to activate the different systems manually, which created steps and more possibilities for human error,” says Matt Erwin, director of facilities for North Syracuse Central Schools. Erwin manages maintenance and operations, plus security, health and safety, and the capital work for the district.

AtlasIED IPX Series for Campus Audio & Communication System

The district had two primary goals when upgrading the campus audio and communications systems: to improve the audio quality and find a plan to increase the speed at which a school could react and contact first responders during an emergency. They wanted to achieve these goals without having to install a system that was too complicated for staff and personnel.

Because the district used a Cisco phone system, Erwin and his team wanted a platform that integrated with these devices. As they researched and discussed options, their partners at Day Automation, a building automation and security solution provider, introduced them to AtlasIED, which they eventually chose as their long-term audio and communications solution. The AtlasIED IPX Series met all of the criteria for the district.

AtlasIED’s IPX Series features a range of communication endpoints that interconnect. The IPX endpoints integrate multiple functions into single products, including loudspeakers, two-way microphones, flashers, and an LED display for a clock, date, or other text-based messages that can be updated in real-time during an emergency.

Installing IPX Endpoints at Bear Road and Smith Road Elementary School 

Karl W. Saile Bear Road Elementary, known simply as Bear Road Elementary, became the district’s first school to install a new audio and communications system. Originally built in 1958, Bear Road Elementary was one of the district’s oldest buildings. During the Bear Road project, the school renovated half the building at a time to avoid a full closure and completely modernized the interior and infrastructure to accommodate staff and student needs.

The team at Day Automation identified locations for IPX endpoints throughout the school and ran Ethernet cable to each site in preparation to connect the endpoints. The IPX endpoints are Power over Ethernet (PoE+)-enabled, receiving power and network signals through the same IT network the school uses to deliver Internet access. The IPX platform helped simplify the installation process for integrators by reducing the number of cable types needed.

Another NSCSD school, Smith Road Elementary, began its retrofit project in 2022 to update various technologies, including its audio and communications technology systems, and upgrade building infrastructure. Working around class schedules to avoid disrupting students, the school expanded and updated its campus IT network and created plans to locate IPX endpoints.

Once the construction teams pulled Ethernet cabling to predetermined locations in both schools, the contractor teams began installing IPX endpoints, including the dual-sided IP-DDS endpoint mounted from side walls and hung over high-traffic areas like hallways.

They also added IP-SDMF indoor wall-mount endpoints in classrooms, the main office, the cafeterias, the gymnasiums, nurses office, and all rooms to ensure comprehensive building coverage. On the ceilings, the district installed the IP-8SM in multiple locations, which offer a loudspeaker and an omnidirectional microphone to allow two-way communication and monitoring from the speaker location to any PC or phone handset.

Related: How Mass Notification is Evolving to Manage Emergencies

Mass Communications through Singlewire and IPX Devices  

The IPX Series also helped NSCSD incorporate campus safety capabilities with the help of InformaCast Mass Notification Software from Singlewire. Using InformaCast, during an emergency, designated school personnel can initiate the software from a mobile device wherever they are on or off campus. The software then instantaneously sends text messages to faculty, students, parents’ mobile devices, alerts law enforcement, and activates attention-grabbing audio communication, flashing visual alerts and LED text messages on the installed IPX devices throughout campus.

Also, using InformaCast, the IP-8SM ceiling speakers can be configured to allow first responders to communicate with people near the loudspeaker or listen in to that area. The speakers can be critically important when personnel, students, or perpetrators barricade themselves in classrooms or other rooms.

When connected to InformaCast, the loudspeakers become a critical two-way hands-free communications tool for law enforcement or school personnel to deliver directions, provide or receive real-time updates near the speak location, or listen to activities within a space.  The loudspeakers are especially important when staff, students, or perpetrators barricade themselves in classrooms or other rooms.

The district has implemented new routine and emergency safety procedures in the schools with InformaCast and IPX due to the upgraded capabilities offered by the technology. It has begun to train staff regularly to help them become more familiar with operating the equipment. Training staff for both routine operation and operating the system during an emergency when people are under much more stress has the potential to lead to human error. This is why automating the system using pre-recorded messages offered via InformCast can help reduce the chance of human error during a real incident.

While the expectation is that much of the system’s use will be for routine daily announcements, InformaCast software helps automate many of the formerly manual steps in the older system’s procedures.

“Gone are the days when we had to find a panic button or go to a specific location to access the PA system,” says Erwin. “The new AtlasIED systems give us much more functionality at every point within the building. Based on the successful installation at Bear Road and Smith Road, we now look at mass notification across the entire district differently.”

A Better, Safer Experience 

From the district’s experience at Bear Road Elementary and Smith Road Elementary, it plans to install IPX and InformaCast throughout the rest of the district school buildings. As plans develop and ongoing training continues at the schools currently outfitted with IPX and InformaCast, Erwin and his team are eager for additional school buildings to use the new technology and create a better and safer experience district-wide for the students and staff moving forward.

Click ‘View Slideshow’ to see additional photos of the district’s IPX technology upgrade at Bear Road Elementary and Smith Road Elementary schools.

Another version of this article originally appeared on our sister-site Commercial Integrator on November 6, 2023. It has since been updated for My TechDecisions’ audience.

The post North Syracuse Central School District Streamlines Communications with AtlasIED IPX Technology appeared first on My TechDecisions.

As expected from authorities anticipating an increase in threats to the education sector, cyberattacks are continuing to wreak havoc on colleges and universities across the United States. As of the beginning of May, there had already been 27 confirmed ransomware attacks against U.S. institutions. These ransomware numbers only tell part of the story as data breaches, malware attacks, and more account for an even greater number of threats, not all of which are reported to the public as they occur.

The second quarter of 2023 has seen a flurry of cyberattacks strike higher education institutions, including West Virginia’s Bluefield University, Tennessee’s Chattanooga State Community College, and Georgia’s Mercer University, among others. Beyond the obvious consequences of ransom payments and leaked personal data, some of the most severe attacks in recent memory have culminated in the delay and cancelation of classes, as well as the closure of one college in Illinois entirely.

With attacks against higher education on the rise year-over-year, campuses have become one of the top targets for attempted data breaches, ransomware attacks, malware, and more. Feeling the effects of various financial and/or technological hurdles, most schools are not currently equipped with the security controls to adequately defend themselves from increasingly sophisticated cyber threats that continue to hamper the community.

This increase in cyberactivity should serve as a wake-up call for higher education institutions to reevaluate and enhance their cybersecurity postures. Here are some of the top considerations for higher education leaders seeking to plug the gaps in their cybersecurity strategy.

Securing Data

One of the recurring themes in attacks against higher education is the vulnerability of sensitive data. From student, staff, and faculty information to sensitive school records, there are countless data assets that, if breached, can be weaponized against institutions.

Data exfiltration, or unauthorized data transfer, is a leading threat to data security in higher education. To help prevent data loss, colleges and universities need to be able to monitor user and entity behavioral analytics (UEBA) and they need to be able to watch their network using a network detection and response (NDR) tool. This allows schools to detect, qualify, and remediate any anomalous activity at the individual level, as well as malicious or unauthorized attempts at exfiltration.

Managing Access

For colleges and universities, student information, research data, and assessment criteria are all critical to daily operations. However, it can be common for institutions to encounter unauthorized access to these types of crucial information due to a lack of IT resources and necessary safeguards. This can result in the loss of confidentiality, integrity, and availability of technological assets, among other things.

To better facilitate and manage user access to sensitive data, schools should implement an effective IT security strategy intentionally designed to protect critical assets. This strategy should include the compartmentalization of data and provide a least privileged approach to accessing that data. Utilizing a least privileged approach, users are only granted access to the data required for their specific roles. This helps to prioritize the protection of intellectual property that is so valuable to higher education institutions. In doing so, schools can better protect the privacy of their students and employees and their reputations.

Detecting Threats

Even with cybersecurity mechanisms in place, no security threat can be resolved if it falls undetected. Colleges and universities must be able to detect, alert and automate security response capabilities when threats arise. Institutions should consider adopting security orchestration, automation, and response (SOAR) tools to help standardize and scale their incident response.

By relying on SOAR, schools can automate workflows to accelerate various stages of the threat investigation and response processes. Given the severity of a particular threat, it can be escalated to key decision-makers for a manual response or remediated automatically (or semi-automatically) from a playbook of preselected actions. Ultimately, SOAR is intended to help security teams cut through the noise and allow them to prioritize and direct their attention toward the most pressing threats.

Protecting and Prospering

Given the attack patterns of the last two years, cyberattacks in higher education are not going away overnight. Colleges and universities continue to be targeted by malicious actors for a reason. As long as institutions remain underequipped to monitor and respond to cybersecurity threats, they will find themselves with a target on their back.

Regardless of an institution’s budgetary constraints, there are tried and true precautions that can be taken to better protect their campus. Implementing threat detection, stricter access controls, and stronger data security measures are all foundational components of an effective cybersecurity strategy. By solidifying that foundation, colleges and universities can do their part to avoid being next in the line of higher education victims.

Another version of this article originally appeared on our sister-site Campus Safety on August 14, 2023. It has since been updated for My TechDecisions’ audience.

Kevin Kirkwood is Deputy CISO for LogRhythm.

The post Spike in Cyberattacks Exposes Vulnerabilities in University Security Measures appeared first on My TechDecisions.

According to CNN, the C919’s first flight left Shanghai at 10:32 am. Sunday and landed at the Beijing Capital International Airport at 12:31 p.m. This is being hailed as an important moment in China’s strategy to boost domestic manufacturing by 2025 and reduce reliance on foreign companies in the aviation sector.

While manufactured in China, many of the airplane’s components do come from Western companies. Leading to further scrutiny of the aircraft’s development are allegations that a Chinese state-aligned adversar conducted cyber intrusions against several of those companies that make the C919’s components. These allegations are detailed in a lengthy and detailed 2019 report from cybersecurity firm CrowdStrike as well as a series of indictments against both cyber actors and insiders.

CrowdStrike could not be reached for comment, so this article is sourced entirely from the firm’s report and U.S. Department of Justice indictments.

In CrowdStrike’s report, the company says its research corroborates a series of DOJ indictments released over the course of two years during the C919’s development that highly suggests cyber actors from China, company insiders and state directives targeted foreign companies to fill key technology and intelligence gaps to better compete with against the western aerospace industry.

“What follows is a remarkable tale of traditional espionage, cyber intrusions, and cover-ups, all of which overlap with activity CrowdStrike Intelligence has previously attributed to the China-based adversary TURBINE PANDA,” CrowdStrike said in the 2019 report, alleging that the operations can be traced back to China’s Ministry of State Security’s (MSS) Jiangsu Bureau, the alleged perpetrators of the infamous 2015 U.S. Office of Personnel Management (OPM) breach.

Cyberattacks beginning in 2010

According to CrowdStrike, Turbine Panda, conducted cyber intrusions against between 2010 and 2015 against foreign manufacturers of aviation components, including many that were chosen for the C919.

The state-owned enterprise (SOE) Commercial Aircraft Corporation of China announced in December 2009 that it had chosen CFM International’s (a joint venture between U.S.-based GE Aviation and French aerospace firm Safran, formerly Snecma) LEAP-X engine to provide a custom variant engine, the LEAP-1C, for the then-newly announced C919.

Despite the deal, both COMAC and fellow SOE the Aviation Industry Corporation of China were believed to be tasked by China’s State-owned Assets Supervision and Administration Commission of the State Council (SASAC) with building an “indigenously created” turbofan engine that was comparable to the LEAP-X, CrowdStrike says in its report. In 2016, the Aero Engine Corporation of China produced the CKJ-1000AX engine, which bears multiple similarities to the LEAP-1C engine.

While CrowdStrike admitted that it is difficult to assess if the Chinese engine is a direct copy, the cybersecurity firm said it is highly likely that its makers benefitted significantly from the cyber campaign of the Jiangsu Bureau of the MSS (JSSD).

CrowdStrike, citing its own intelligence reporting and U.S. government sources, says the Chinese government uses a “multi-faceted system” of forced technology transfer, joint ventures, physical theft from insiders and cyber espionage to acquire information to fill key knowledge gaps.

One DOJ indictment, CrowdStrike says, describes initial preparatory action that included compromising Los Angeles-based Capstone Turbine servers and later using a doppelganger site as a strategic web compromise (SWC) in combination with DNS … to compromise other aerospace firms.”

From 2010 to 2015, the linked JSSD operators are believed to have targeted a variety of aerospace-related targets … using two China-based APT favorites, PlugX and Winnti, and malware assessed to be unique to the group dubbed Sakula.

Many individuals associated with the campaign are “assessed to have storied histories in legacy underground hacking circles within China dating back to at least 2004,” CrowdStrike says, citing the DOJ.

Indictments

As detailed in CrowdStrike’s report, the U.S. Department of Justice released several indictments from 2017 through October 2018, charging several individuals with activities related to theft of trade secrets and hacking related to the development of the C919.

The indictments were against Sakula developer YU Pingan, JSSD Intelligence Officer XU Yanjun, GE employee and insider ZHENG Xiaoqing, U.S. Army Reservist and assessor JI Chaoqun, and 10 JSSD-affiliated cyber operators.

“What makes these DoJ cases so fascinating is that, when looked at as a whole, they illustrate the broad, but coordinated efforts the JSSD took to collect information from its aerospace targets,” CrowdStrike says in its report. “In particular, the operations connected to activity CrowdStrike Intelligence tracked as TURBINE PANDA showed both traditional human-intelligence (HUMINT) operators and its cyber operators working in parallel to pilfer the secrets of several international aerospace firms.”

Insiders

CrowdStrike and the DOJ also detail how insiders and IT employees helped steal information and coverup the cyber activities, offering new insight into how adversaries leverage a wide variety of tools and techniques to accomplish their goals.

According to CrowdStrike and the DOJ, a GE insider was charged with using “an elaborate and sophisticated means” to steal GE trade secrets after being recruited by a Chinese aerospace official closely aligned with the country’s Ministry of Industry and Information Technology.

In addition, IT employees at the Canada-based International Civil Aviation Organization (ICAO), the United Nations body that sets global aviation standards, allegedly covered up a cyber intrusion by another alleged China state-sponsored actor that had been observed targeting the aviation industry.

CrowdStrike, citing public reporting, says the intrusion at ICAO was “likely designed to facilitate a strategic web compromise (SWC) attack … that would easily provide a springboard to target a plethora of other aerospace-related as well as foreign government victims.”

“Upon being alerted to the breach by the Aviation Information Sharing and Analysis Center (AISAC), the ICAO internal IT investigation staff was reportedly grossly negligent, and the cyber intruders may have had direct access to one of their superuser accounts,” CrowdStrike says in its report. “In addition, a file containing a list of all the potential organizations who were compromised by the incident mysteriously disappeared during further investigations.”

Both the ICAO IT supervisor in charge of the mishandled internal investigation and the ICAO’s secretary general who shelved recommendations to investigate the IT supervisor and his four team members, were both found by CrowdStrike to have ties to China’s aviation industry, CrowdStrike says.

Takeaways from four years later

This article is just a snippet of CrowdStrike’s reporting and what Turbine Panda and other associated groups are alleged to have done to help boost the Chinese aviation sector. But more than that, it tells the tale of how advanced persistent threat (APT) groups and other sophisticated threat actors will go to extraordinary means to accomplish their end goals.

That includes advanced hacking techniques, leveraging insiders, physical theft and collaborating with the massive underground cybercrime community to launch multi-faceted attacks against a particular organization or industry.

The post The Cyberattacks and Insider Threats During The Development of China’s C919 Passenger Jet appeared first on My TechDecisions.

While the FTC only mentions consumer customers, Ring does offer commercial security solutions under its Ring for Business arm. In addition, the allegations in the FTC’s complaint further demonstrate the risks that many IT and security professionals say are inherent in IoT devices. 

Under a proposed order, which must be approved by a federal court before it can go into effect, Ring will be required to delete data products such as data, models, and algorithms derived from videos it unlawfully reviewed. It also will be required to implement a privacy and security program with novel safeguards on human review of videos as well as other stringent security controls, such as multi-factor authentication for both employee and customer accounts.

“Ring’s disregard for privacy and security exposed consumers to spying and harassment,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The FTC’s order makes clear that putting profit over privacy doesn’t pay.”

California-based Ring LLC, which was purchased by Amazon (Nasdaq: AMZN) in February 2018. According to My TechDecisions’ sister-site CE Pro’s 2023 100 Brand Analysis, Ring is the No. 1 video doorbell product installed by integrators with 66% of leading integrators installing the solution.

“Ring’s disregard for privacy and security exposed consumers to spying and harassment.”

— Samuel Levine, Director of FTC’s Bureau of Consumer Protection

In a complaint, the FTC says Ring deceived its customers by failing to restrict employees’ and contractors’ access to its customers’ videos, using customer videos to train algorithms, among other purposes, without consent, and failing to implement security safeguards.

According to the complaint, these failures amounted to egregious violations of users’ privacy. For example, one employee over several months viewed thousands of video recordings belonging to female users of Ring cameras that surveilled intimate spaces in their homes such as their bathrooms or bedrooms. The employee wasn’t stopped until another employee discovered the misconduct. Even after Ring imposed restrictions on who could access customers’ videos, the company wasn’t able to determine how many other employees inappropriately accessed private videos because Ring failed to implement basic measures to monitor and detect employees’ video access.

The FTC also said Ring failed to take any steps until January 2018 to adequately notify customers or obtain their consent for extensive human review of customers’ private video recordings for various purposes, including training algorithms. Ring buried information in its Terms of Service and Privacy Policy, claiming it had a right to use recordings obtained in connection with its services for “product improvement and development,” according to the complaint.

Ring’s Alleged Security Failures

According to the complaint, Ring also failed to implement standard security measures to protect consumers’ information from two well-known online threats—“credential stuffing” and “brute force” attacks—despite warnings from employees, outside security researchers and media reports. Credential stuffing involves the use of credentials, such as usernames and passwords, obtained from a consumer’s breached account to gain access to a consumer’s other accounts. In a brute force attack, a bad actor uses an automated process of password guessing—for example, by cycling through breached credentials or entering well-known passwords—hundreds or thousands of times to gain access to an account.

Despite experiencing multiple credential-stuffing attacks in 2017 and 2018, Ring failed, according to the complaint, to implement common tactics—such as multifactor authentication—until 2019. Even then, Ring’s sloppy implementation of the additional security measures hampered their effectiveness, the FTC said.

 “The FTC’s order makes clear that putting profit over privacy doesn’t pay.”

— SAMUEL LEVINE, FTC

As a result, hackers continued to exploit account vulnerabilities to access stored videos, live video streams, and account profiles of approximately 55,000 U.S. customers, according to the complaint. Bad actors not only viewed some customers’ videos but also used Ring cameras’ two-way functionality to harass, threaten, and insult consumers—including elderly individuals and children—whose rooms were monitored by Ring cameras, and to change important device settings, the FTC said. For example, hackers taunted several children with racist slurs, sexually propositioned individuals, and threatened a family with physical harm if they didn’t pay a ransom.

In addition to the mandated privacy and security program, the proposed order requires Ring to pay $5.8 million, which will be used for consumer refunds. The company also will be required to delete any customer videos and face embeddings, data collected from an individual’s face, that it obtained prior to 2018, and delete any work products it derived from these videos. The proposed order also will require Ring to alert the FTC about incidents of unauthorized access or exposure of its customers’ videos and to notify consumers about the FTC’s action.

The Commission voted 3-0 to authorize the staff to file the complaint and stipulated final order. The FTC filed the complaint and final order in the U.S. District Court for the District of the District of Columbia.

A version of this article originally appeared on our sister site CE Pro. 

The post FTC Accuses Ring of Watching Private Videos, Poor Security Practices appeared first on My TechDecisions.

The property is owned by the City of Memphis and is managed by global sports and entertainment company Oak View Group (OVG), which announced a strategic partnership with Xtract One in October 2022.

Fan Safety Ahead of USFL Season

“As we began preparations for the start of the USFL season, we wanted to optimize our security screening technology,” Thomas Carrier, Oak View Group’s General Manager at Simmons Bank Liberty Stadium, said in a statement.  “At the stadium and across Oak View Group, we prioritize fan safety, while simultaneously leveraging innovation to enhance the fan experience. The kickoff of the new USFL season was a logical starting point to introduce Xtract One’s SmartGateway screening solutions. It is one of many prevention strategies coming to the venue for the safety and security of fans, teams, talent and staff, which we will continue using throughout the year, including during Memphis Tigers games and for the Southern Heritage Classic and AutoZone Liberty Bowl.”

Xtract One SmartGateway System

The SmartGateway system was designed for large, ticketed venues to enable high throughput, but with customizability based on the customer’s individual needs and security requirements. SmartGateway delivers fast, reliable, and accurate patron screening, replacing intimidating metal detectors. This solution unobtrusively scans patrons for guns, knives and other prohibited items as they enter the facility, using AI-powered sensors to detect threats without invading patrons’ sense of privacy and comfort.

“It is important for community and commercial enterprises to work on collaborative solutions that allow guests to focus on fun and togetherness and cheering on their teams,” said Mayor Jim Strickland, in a statement. “The City of Memphis, Oak View Group and Xtract One are together enhancing the safety of the fans and our community.”

Simmons Bank Liberty Stadium will deploy SmartGateways in two phases. Phase one, beginning April 15, will leverage SmartGateways for games of the Memphis Showboats (USFL).

“We are thrilled to have been chosen by Simmons Bank Liberty Stadium, Oak View Group, and the City of Memphis to implement our SmartGateway technology for the safety and security of their patrons. This partnership showcases our commitment to revolutionizing the security landscape, enhancing fan experiences, and streamlining entry processes for large-scale venues,” said Peter Evans, CEO of Xtract One, in a statement. “We look forward to continuing our work with Oak View Group, and providing advanced, unobtrusive security solutions for their growing portfolio of world-class venues.”

The post Xtract One Elevates Fan Experience with SmartGateway, AI Security Screening Technology appeared first on My TechDecisions.

According to the Redmond, Wash. tech giant, Defender for IoT helps organizations manage assets, track emerging threats and control risks across enterprise and mission-critical networks in both connected and air-gapped environments.

In a blog, Microsoft says cloud-powered IoT and OT security solutions offer advantages over traditional solutions, including discovery of assets-end-to-end, detecting and responding to threats in real-time, defending against known and unknown threats, compliance reports, and workflows and integrations that leverage the cloud.

The solution also helps organizations solve OT security issues faster by unifying the security operations center (SOC) for both IT and OT assets, the company says.

“With Microsoft Defender for IoT, you can achieve faster time-to-value, improve agility and scalability, increase visibility, and strengthen the resiliency of your network and infrastructure without making significant changes,” Microsoft IoT and OT security experts write in a blog. “The Defender for IoT cloud is designed to augment your on-premises processing power while providing a source of centralized management for global security teams—raising the bar for OT defense.”

The company gives one scenario showing how Defender for IoT works in which a new vulnerability is published with information that could impact an organization’s OT devices, and threat actors are currently trying to exploit the bug.

“With Microsoft Threat Intelligence, the new CVE is ingested automatically and shared across our cloud-based security services, including Defender for IoT,” the company says.

Organizations can use the Microsoft Azure Portal to monitor for the new vulnerability across all devices and sites, resulting in a faster response time to secure IoT and OT environment.

Other scenarios where security professionals can benefit from Defender for IoT include OT security and compliance audits, attack surface reduction consulting and tabletop exercises, the company says.

The Defender for IoT solution also includes a new device inventory feature that allows SOCs to manage OT devices through the Microsoft Azure Portal. The feature supports unlimited data sources, including manufacturer, type, serial number, firmware, and more, helping organizations gain a complete picture of their IoT and OT assets to address any vulnerabilities.

In addition, Defender for IoT integrates with Microsoft Sentinel to provide security information event management for both OT and IT environments, and the solution also shares threat data with Microsoft 365 Defender, Microsoft Defender for Cloud and other products like Splunk, IBM QRadar and ServiceNow, Microsoft says.

The post Microsoft Launches Defender for IoT Cloud-Managed Platform appeared first on My TechDecisions.

Interface Systems, a Missouri-based provider of security, managed network, communications and business intelligence solutions to distributed enterprises, says retailers should heighten their awareness of organizations retail crime, which the firm says has increased by more than 25% since last year.

In addition, nearly 53% of retailers reported external theft to the National Retail Federation, according to Interface Systems.

Sean Foley, senior vice president of customer success at the managed service provider, says the holiday season brings longer hours, a larger inventory and more crowds to stores, all of which increase risk.

“What should be ‘the most wonderful time of the year for both shoppers and retailers, is becoming increasingly stressful due to an increased risk of theft and violence against employees,” Foley says. “Technology solutions can offer effective deterrents for retailers who face security risks every day.”

Interface Systems recommends investing in digital surveillance technology to help augment loss prevention professionals, such as remote security services leveraging cameras, speakers and microphones. These solutions provide discreet, always-on surveillance without degrading the shopper experience and allow remote security professionals to identify suspicious individuals and alert in-store staff or law enforcement.

In addition, the managed service provider recommends retailers use motion-triggered, AI-powered cameras that can be deployed in conjunction with speakers and lighting systems that can automatically warn loiterers during non-business hours. Designed to be installed in parking lots or loading areas, these solutions can be programmed to play different audio messages based on the context and even alert remote security professionals.

To maximize return on investment, Interface Systems recommends integrating video surveillance and security systems with point-of-sale systems to allow for transactions to be mapped to video recordings to help retailers find instances of theft, including coupon fraud, refunds made without customers, sweethearting and unauthorized price overrides.

As with cybersecurity, employee training and awareness is equally important in physical security, according to Interface Systems.

The company recommends implementing a robust training and communications program to help keep employees and customers safe, including training for both seasonal and existing employees. Training should include role-playing scenarios, drills, and a synopsis of the security technologies deployed. An emergency communication plan should also be clear to all employees.

“Retailers need a comprehensive safety program to prepare and protect their associates from a variety of dangerous situations,” says Tyson John, senior vice president of security monitoring operations at the firm. “When employees know that their safety is the priority, it creates peace of mind and can boost morale and productivity.”

The post Security Technology Tips for Retailers During Holiday Shopping appeared first on My TechDecisions.

The winners of the commercial category are as follows:

• Access Control: Genetec — Genetec Enclosure Management powered Cloud Link Roadrunner
• AV Collaboration: Biamp — Parlé VBC 2500 all-in-one conferencing bar
• Fire/Intrusion: Alula — BAT-Fire
• Video Surveillance: Axis Communications — AXIS M4308-PLE Panoramic Camera
• Miscellaneous: IPVideo — HALO IoT Smart Sensor 3C

Knott also announced the IoT/Connected Product Awards winners in the resident category. They are as follows:

• Home Enhancement: Crestron — Crestron Home
• Lighting: Crestron — Crestron LED Light Fixtures
• Network Communication: Google Nest — Nest Wi-Fi Pro
• Physical Security/Access Control: Doorbird — A1121
• Physical Security/Surveillance: Nest Doorbell (Second Generation)

Total Tech Summit co-locates CE Pro Summit, Commercial Integrator Summit and Security Sales & Integration Summit, all sister brands of TechDecisions. The event thus drives noteworthy progress in the custom, commercial and security integration industries.

Total Tech Summit 2022 is ongoing from October 26 to October 28, 2022 in Orlando, Fla. For more updates on this event, follow Twitter updates from Dan Ferrisi (@DanFerrisiEdit) and Commercial Integrator (@commintegrator), and check out the hashtag #TotalTech22!

This article originally appeared in our sister publication Commercial Integrator. 

The post IoT/Connected Product Awards 2022 Announced appeared first on My TechDecisions.