Day: July 2, 2021

Used in cyberattacks that can paralyze organizations, ransomware is malicious software that encrypts a computer system’s data and demands payment to restore access. To help organizations protect against ransomware attacks and recover from them if they happen, the National Institute of Standards and Technology (NIST) has published an infographic offering a series of simple tips and tactics. NIST’s advice includes: To use antivirus software at all times and make sure it’s set up to automatically scan e-mails and removable media (e.g., flash drives) for ransomware and other malware. To keep all computers fully patched with security updates. To use security products or services that block access to known ransomware sites on the internet. To configure operating systems or use third-party software to allow only authorized applications to run on computers, thus preventing ransomware from working. To restrict or prohibit use of personally owned devices on the organization’s networks and for telework or remote access unless the user is taking extra steps to assure security. NIST also advises users to follow these tips for their work computers: Use standard user accounts instead of accounts with administrative privileges whenever possible. Avoid using personal applications and websites, such as email, chat and social media, on work computers. Avoid opening files, clicking on links etc., from unknown sources without first checking them for suspicious content. For example, one can run an antivirus scan on a file, and inspect links carefully. Unfortunately, even with protective measures in place, eventually a ransomware attack may still succeed. Organizations can prepare for this by taking steps to ensure that their information will not be corrupted or lost, and that normal operations can resume quickly. NIST recommends that organizations follow these steps to accelerate their recovery: Develop and implement an incident recovery plan with defined roles and strategies for decision making. Carefully plan, implement and test a data backup and restoration strategy. It’s important not only to have secure backups of all the important data, but also to make sure that backups are kept isolated so ransomware can’t readily spread to them. Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement. NIST has also published a more detailed fact sheet on how to stay prepared against ransomware attacks. One can find this material and more on ransomware at the NIST and CISA websites. These materials were produced by staff members in NIST’s Information Technology Laboratory and National Cybersecurity Center of Excellence. NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. NIST is a non-regulatory agency of the U.S. Department of Commerce.    

An app launched by INTERPOL will help identify stolen cultural property, reduce illicit trafficking, and increase the chances of recovering stolen works and artefacts. INTERPOL’s ID-Art app enables users ranging from law enforcement to the general public to get mobile access to the INTERPOL database of stolen works of art, create an inventory of private art collections and report cultural sites potentially at risk. Using cutting-edge image-recognition software, ID-Art is free to download from the (Android or Google) Play Store and the (Apple) App Store. “In recent years we’ve witnessed the unprecedented ransack by terrorists of the cultural heritage of countries arising from armed conflict, organized looting and cultural cleansing,” said INTERPOL Secretary General Jürgen Stock, “This new tool is a significant step forward in enhancing the ability of police officers, cultural heritage professionals and the general public to protect our common heritage.” Search INTERPOL’s database Publicly available, the app will boost real-time access to INTERPOL’s stolen works of art database, the only global database containing certified police information on stolen and missing art objects. Police, customs officers, private collectors, art dealers and art enthusiasts can instantly check to see if an object is among the more than 52,000 items currently registered as stolen. Searches against the database via the app can be carried out by taking or uploading a photo, or by entering search criteria manually. Create an inventory Using international standards known as Object ID, museums and private collectors can capture images and record features of their works of art on the app to help keep track of their collections. In the event of a theft, these records can be provided to law enforcement, greatly enhancing the chances of recovery. The President of the International Council of Museums (ICOM), Alberto Garlandini said, “Heritage worldwide is at risk from natural disaster, looting or conflict. By facilitating on-the-go access to INTERPOL’s stolen works of art database, and by using ICOM’s Object ID to create cultural property inventories, INTERPOL is providing museum professionals and private citizens alike with a much needed and innovative tool to protect heritage at risk.” Report sites at risk The app allows those on the frontlines of protecting heritage to document the state of heritage sites, including historical monuments and archaeological sites. It also enables users to record the geographical location, a detailed description and images in order to capture the condition of a site. The resulting ‘site cards’ can then be used as evidence or basis for reconstruction if ever the site is looted or destroyed. “Interpol’s new ID-Art App is a major milestone in the international fight against the illicit trafficking of cultural property. Indeed it is both preventive and reactive as it allows everyone to record cultural objects and sites into the app. This has the potential to improve due diligence practices with potential buyers of cultural artefacts,” said Ernesto Ottone, UNESCO’s Assistant Director General for Culture. Early successes During the app’s pilot phase earlier this year, in Italy the Carabinieri’s unit for the protection of cultural heritage identified two stolen statues put on sale on a commercial platform thanks to the mobile application, resulting in a judicial inquiry. In addition, authorities in The Netherlands recovered two stolen paintings after the Dutch Art Crime Unit identified the paintings thanks to ID-Art, following checks on an online sales catalogue involving an Amsterdam auction house. ID-Art is available in INTERPOL’s official languages – Arabic, English, French and Spanish – and is funded by the INTERPOL Foundation for a Safer World.  

To keep pace with the ever-evolving security industry, ASIS International released an update to the Protection of Assets (PoA) reference set. Refreshed to reflect the changing times and keep security professionals on the leading edge of best practices in the field, this collection is to assist security management directors and professionals responsible for corporate asset protection. This refreshed reference set, which was first published in 1974, constitutes recommended reading for all four of ASIS’s certifications. Teams of subject matter experts across the security continuum volunteered to write, edit, and update the PoA – including Tim Sutton, CPP, senior security consultant, Guidepost Solutions. “Since its first iteration, the PoA is and has been the ultimate reference for the security profession,” says Sutton, “I have used the PoA as an encyclopedia for security, referencing it for countless projects across all industry verticals – including healthcare, commercial real estate, education, manufacturing, and cannabis. The latest version addresses modern challenges and practices, making it now more than ever the go-to reference for the security industry.” Available individually or as a bundle, the PoA includes vital learning on the following aspects of asset protection: Business principles – including the fundamentals of security business operations, management, and leadership. Crisis management – including emergency management, business continuity, and crisis communications. Personnel – including security officer operations, employee drug testing, executive protection, and spotting problem behavior. Physical security – including design principles and practices, tools and techniques to satisfy protection objectives, and practical project management guidance. Investigations – including interviews and interrogations, undercover investigations, due diligence, preemployment background screening, evidence collection, and expert testimony. Security management – including theft and fraud prevention, security standards, loss reporting, methods, and enterprise security risk management (ESRM).  

A lack of transparency in COVID-19 vaccine trials and secrecy over deals between governments and drug companies risks the success of the global pandemic response, new research from Transparency International Global Health and the University of Toronto warns. For Whose Benefit? is an indepth study of the development and sale of the world’s top 20 COVID-19 vaccines, including those developed by AstraZeneca, Moderna and Pfizer/ BioNTech. Through detailed analysis of clinical trial data and nearly 200 contracts for vaccine sales up to March 2021, the report reveals a pattern of poor transparency and a disturbing trend of governments censoring key details of their orders from drug companies. Clinical trial transparency is the only way to monitor the safety and efficacy of vaccines and is a key safeguard against selective reporting of results or manipulation of data. Despite this, analysis of the registered clinical trials for the top vaccines reveals that results from just 45 per cent of these trials had been announced. Of this figure, 41 per cent had provided only top-level results via a press release or press conference, with the full data not made available for media scrutiny or academic review. Clinical trial protocols had been published for just 12 per cent of trials. There were no publicly accessible protocols for 88 per cent of the registered trials in our analysis and, therefore, no way of knowing the conditions under which they were carried out. Jonathan Cushing, Head of Transparency International’s Global Health Programme, said, “These results make for worrying reading and carry important implications not just for the COVID-19 response, but also for future health emergencies. The lack of transparency of many clinical trials combined with the huge financial incentives for producing effective treatments leaves the door wide open for selective reporting of results or outright data manipulation. The lack of publicly accessible data creates space for misleading and potentially dangerous half-truths, disinformation, and conspiracy the ories, which in turn contribute to vaccine hesitancy.” The research also highlights poor transparency in contracts between drug companies and governments. Of the handful of contracts that had been published, almost all include significant redactions of key information such as total price paid, price per dose and delivery schedules. Analysis of 183 contracts for 12 different COVID-19 vaccines reveals that only 7 per cent of vaccine contracts between developers and governments were published through official channels. Just one contract (0.5 per cent) was published without redactions. Most feature entire pages of redactions which obscure information of critical public interest. There are large disparities in the price paid. For the Oxford/ AstraZeneca-developed vaccine, upper-middle income economies like South Africa are paying an average of 25 per cent more per dose than high-income economies like the European Union. “Equally as disturbing is the lack of transparency over the contracts between governments and vaccine developers,” Cushing said, “Hiding contracts from public view or publishing documents filled with redacted text means we don’t know what governments have signed up to. Given the huge amounts of public money invested in research and development around the world, citizens have the right to know everything about the vaccines their taxes helped to fund.” With recent polling showing that one third of the world’s population – 1.3 billion people – are unwilling to take a coronavirus vaccine, transparency is vital to build confidence. Transparency International Global Health calls on: National governments to adopt and enforce legislation requiring the pre-registration of all clinical trials and the publication of summary results within 12 months of their completion. All governments that have bought vaccines should also follow the lead of the United States and publish their contracts. Vaccine developers to publish their clinical trial protocols on a publicly accessible registry (if they have not done so already). Developers should also only use media to announce clinical trial results in tandem with data analysis published in a peer-reviewed medical journal, trial registry or as a pre-print article.