Security Systems News Welcomes “40 Under 40” Class of 2019 Winners

Security Systems News is excited to bring you this year’s inaugural “40 under 40” class of 2019, made up of a diverse and talented mix of young professionals representing the next generation of leaders in security.

Opening the award up to consultants for the first time added new depth and perspective to this year’s class, bringing all winners - consultants, integrators, monitoring professionals and end users - together into one “40 under 40” class. Prior to this year, the award was called “20 under 40” and included two classes, comprising 20 end users and 20 integrators. This year’s “40 under 40” class includes 14 end users, 11 integrators, 10 consultants and 6 monitoring professionals.

Below are some of the winning security executives. Click each picture to read more about them.

For a full list of all the winners, click here: securitysystemsnews.com

Randy Guarneri, 39, Vice President of Loss Prevention, Fresh Value Supermarket	Joseph Biffar, 38, Director of Loss Prevention, Security & Digital Fraud Mitigation, Chico's FAS	JT Mendoza, 40, Deputy Director, Air Force Insider Threat Hub
Trenton Pinson, 27, Physical Security Support Engineer 11, Security Integration Group, Amazon	Deric Morrow, 37, Commercial Account Executive, Johnson Controls	Michael Castillo, 32, Enterprise Security Risk Group (eSRG) Manager, Aronson Security Group (ASG)/ADT Commercial

Video Recap: Profitect P.A.C.T. User Group 2019

Amber Bradley, owner of the Calibration Group, went on-location to cover Profitect's P.A.C.T. User Conference in Orlando, Florida. This was Profitect's sixth annual Prescriptive Analytics Collaborative Training event. Check out why retailers attend this event and see what it's all about!

The Security Industry Is Ripe for Disruption & Drones Might Be What Does It
The security industry’s use of drones has exploded in the past 12 months, making adoption lightning-fast for an industry known as a bit of a dinosaur.

In April 2018, SDM published an article exploring to what extent unmanned systems would be used in the security industry. “If you were to poll security systems integrators across the country, you would probably find few if any that are selling or promoting drones and robots as a solution or a means of profit,” Tim Scally writes in the article, “Is It Time for Security Drones and Robots?”

Oh how things have changed in just 19 months.

Today, if you haven’t explored offering drones as a security service, you’re already late to the party. The technology has taken off like a rocket, with new security drone start-ups popping up every day. Most large systems integrators are already involved with drones in some capacity. ISC West has hosted an Unmanned Security Expo within the larger conference for three years now. And to make adoption of this new technology easier, the regulations the government places on drones have become more lenient. sdmmag.com

Opioids in the Workplace: Impairment, Illicit Substances, and Insider Threat
Opioid dependencies are affecting the workplace. A 2019 survey from the National Safety Council found that 75 percent of U.S. employers have been directly affected by opioids, but only 17 percent feel extremely well prepared to deal with the issue. Thirty-one percent reported an overdose, an arrest, a near-miss, or an injury because of employees’ opioid use.

Opioids were not the only substance at work in these incidents, but the level of opioid use across the United States is a cause for concern for security and workplace safety professionals alike. The National Survey of Drug Use and Health found that 4.3 percent of respondents older than 18 reported illicit opioid use within the past year, and two-thirds of these self-reported users were employed full- or part-time.

Safety, Security & Crime

According to the National Institute on Drug Abuse, between 21 and 29 percent of patients prescribed opioids for chronic pain misuse them, and between 8 and 12 percent develop an opioid use disorder. As prices for opioids climb, however, opioid-dependent people may turn to cheaper choices for pain management, such as heroin or fentanyl.

Highly addictive drugs such as opioids drive users into a cycle of addiction, where the clock is ticking between doses. Addicts will do almost anything to find and pay for the next dose before they become sick from withdrawal symptoms, Giuffre adds. When someone’s tolerance to opioids drives them to need $300 worth a day, he says, the person begins to turn to criminal methods to fund his or her addiction, including theft or fraud.

Security professionals should also be wary of the insider threat element of the opioid crisis. The workplace is a safe environment with trust between employees, and everyone knows when payday is and the approximate pay scale, making it an ideal place to sell drugs.

Mark Giuffre, CPP, director at security consultant firm Hillard Heintze and a former U.S. Drug Enforcement Administration (DEA) agent cites a DEA operation in which an individual - a member of a Mexican cartel - was storing drugs in his locker at work. Security and law enforcement personnel confiscated a stash of pure fentanyl which, if employees had been exposed to it through the ventilation system, could have proven deadly to thousands of people.

Compromised individuals can be targeted by transnational crime groups that take advantage of their addiction to pressure inside information or assets out of them or coerce them to carry drugs with them on business travel or to the workplace.

“It’s easy for employees who are in positions of trust to be compromised because of dependency,” Giuffre says. asisonline.org

Three Strategies To Counter Negative Employee Reviews
Your organiation's good name is a critical asset for recruiting new talent, so you can't ignore negative online reviews by former employees. Here are some strategies for protecting your organization's reputation as an employer.

In the social media age, a single negative message can do a lot of harm. And with the emergence of employer reviews on sites like Glassdoor and LinkedIn, or even in unstructured formats like Twitter, a few bad reviews can have an outsize effect on your organization's reputation as a good place to work.

How seriously should you take negative reviews by past employees? Very. According to a report from the HR technology firm CareerArc [registration], 55 percent of job seekers said they decided against working for a company based on negative reviews. In fact, those negative reviews can be so bad that they dissuade people from using that company's services entirely.

What can you do if your organization receives bad reviews as an employer? A few ideas:

Pay attention to employer-review sites. The first step is awareness. Employers ignore sites like Glassdoor at their peril, and those that actively keep an eye out for negative reviews can deploy a response strategy. "If you're a company just waking up to Glassdoor, you can definitely move the needle," "Talent acquisition leaders are understanding that this is not a nice-to-have. It's the new norm."

Ditch the defensive posture. An employers' defensive response to a bad review can undermine a dozen good ones. The better strategy is to treat each review as an opportunity for action, writes Inc. contributor Adam Robinson. "When employees share negative or constructive feedback, outline steps you can take toward improvement at your organization," he says. "For example, if an employee says they don't see growth opportunities on your team, outline a plan to develop more defined career paths."

Create a workplace where others want to speak for you. When an employer with a few bad reviews tries to counter them by asking current employees to post rosier ones, the approach can come off as transparently superficial. ZipRecruiter columnist Matt Krumrie notes that it's better to foster an environment where employees are motivated to defend the organization on their own. "In some cases ... employees of companies take the lead and respond to negative reviews before a social media team or reputation management plan is put in place," Krumrie writes. "That is, of course, with the employer's blessing." associationsnow.com

National Restaurant Association: Restaurant Industry 2030 Report
Restaurant industry sales expected to reach $1.2 trillion by 2030
The report, “Restaurant Industry 2030: Actionable Insights for the Future,” examines the key indicators shaping the future of the industry, identifies the most and least likely developments over the upcoming decade, and considers possible disrupters outside the industry that could transform it. The findings are based on input from a variety of restaurant sector experts, futurists, and government statistics.

FOOD SAFETY & SECURITY: Food safety will continue to be a mission-critical area for restaurants.

The growing interest in on-demand food is likely to up the game, to ensure no reputational risks as delivery and takeout foods increase. Technology will be a game-changer in food safety, the Delphi panel says. As consumers increasingly expect transparency, restaurant inspection reports are likely to be publicly available. Food-safety certification and comprehensive food safety management systems will be critical components of enhancing food safety. Supply-chain technologies such as bar coding and blockchain will help create digital records of a product’s journey from farm to table. The dramatic increase in data from across the supply chain will quickly identify the source of foodborne-illness outbreaks and remove potentially contaminated foods.

More automation, robotics and AI should improve food safety and security.
Download the full Restaurant Industry 2030 report at Restaurant.org/Restaurants2030.

California hits Philly-area Amazon seller with $1.6 million sales-tax bill
Brian Freifelder, who sells clothing, shoes, and groceries on Amazon.com out of a small warehouse in Bensalem, is caught in what his tax lawyer called “an interstate commerce speed trap.”
The 36-year-old Bucks County resident recently received a jaw-dropping notice from California that he could owe as much as $1.6 million for sales tax that he didn’t collect from consumers who bought his goods through Amazon. That’s just for the first six months of this year. “It’s absurd. I haven’t sold enough inventory over time to warrant a tax bill like that. You could take every sale I’ve ever done. You could take the biggest sellers on Amazon, and I don’t think they would have a bill like that. They’re trying to scare people,” Freifelder said last week. inquirer.com

The POS Shift
Touchpoints: The New Point of Sale
"Traditionally, the cash register has been the most important part of the store tech stack. It should be the least important," Ed Dzadovsky, Circle K's vice president of North America IT, told NACS Show attendees. "We need to be focused on data and a transaction engine that enables customers ... wherever they are."

To his point, POS touchpoints provide lots of data, and retailers are finding value in consolidating data from multiple touchpoints in one place. The traditional back-office solutions they use are often being supplemented by new-to-industry data management and analytics solution providers. Difficulty in extracting historical data from back-office systems and software as a service (SaaS) opportunities to help smaller independent operators manage cigarette rebates are some of the drivers leading to implementation of these new and extended back-office solutions. cstoredecisions.com

Why one stormy weekend could make an already tough holiday season worse
Mastercard expects the busiest days for holiday spending will be Black Friday, followed by Dec. 21, Dec. 14, Dec. 20, Dec. 7 and Dec. 13.

Mastercard SpendingPulse expects U.S. retail sales excluding automobiles to grow 3.1% from Nov. 1 to Dec. 24. Compared to 5.1% in 2018.

It looks like holiday spending might not be as robust this year as last year, and one snowy December weekend could make matters much worse for retailers.

Growth of 3.1% - or a 3.8% increase excluding gasoline in addition to automotive sales - is "in line with the solid performance" thus far in 2019, Mastercard said.

To top that off, there's a shift in the calendar year, putting six fewer days between Thanksgiving and Christmas compared with a year ago. That's actually the shortest holiday calendar possible.

"I think what you're going to get is a little more pressure on those weekends in between Thanksgiving and Christmas," Steve Sadove, senior advisor for Mastercard and former CEO and chairman of Saks, said in an interview with CNBC. "If you get a [bad] weather event of some kind, that's even more risk." cnbc.com

How Toys 'R' Us Went Bankrupt:
The real story from the beginning
For decades, Toys "R" Us was not only one of the top toy retailers in the United States, it was one of the top retailers period. Until it suddenly wasn’t. Toys “R” filed for bankruptcy in 2017 and liquidated six months later. This is the story of how Toys "R" Us went bankrupt.

Watch the 12-minute deep-dive video from Wall Street Journal here: wsj.com


CVS will shutter 75 stores next year

Fort Myers-based Chico’s lays off 49 corp. employees in latest round of restructuring

UPS Teams With CVS For Drone Delivery Of Prescriptions

Zebra Technologies Completes Acquisition of Cortexica Vision Systems

Allied Universal Acquires Advent Systems


Quarterly Results

CVS Q3 comp's up 3.6%, revenue up 2.9%
Red Robin Q3 comp's up 1.7%, sales down 0.2%
Tapestry Q1 global net sales down 2%
   Coach comp's up 1%, sales up 1%
   Kate Spade comp's down 16%, sales down 6%
   Stuart Weitzman sales down 9%
Office Depot Q3 comp's down 3%, total sales down 4%
Fiesta Restaurant Group Q3 comp's down 3.8% at Pollo, down 4.8% at Taco Cabana, total sales down 6%
 

The State of Email Security and Protection
Phishing and ransomware top the list of security risks
that organizations are not fully prepared to deal with

Email security continues to be top of mind for organizations as attackers become more devious in how they conduct their attacks. Companies face evolving threats, which are often extremely personalized and mimic common real-world emails they receive. To better understand the climate of email security, Barracuda surveyed 660 IT professionals across various industries and locations on the impact of phishing.

An Increased Sense of Confidence
Sixty-three percent of professionals report that their organization's data and systems are more secure than they were one year prior. Among the three regions surveyed — America; Europe, the Middle East, and Africa (EMEA); and the Asia-Pacific region (APAC) — APAC reported the highest sense of security (70%), while EMEA reported the lowest (52%). Although this rise is likely caused by an increased security presence and education practices, if an organization lacks the tools to detect these threats, it may be superficial.

Despite an overall positive outlook, phishing and ransomware top the list of security risks that organizations are not fully prepared to deal with, along with spearphishing, malware, viruses, data loss, spam, smishing (that is, phishing via text message), email account takeover, and vishing (phishing via phone).

Only 7% of organizations are not worried about any of these risks. In fact, email threats continue to proliferate and have a major impact. On average, 82% of organizations claim to have faced an attempted email-based security threat in the past year, although the figures differ slightly by global region.

Loss from a Breach Is More Than Financial
In addition to 74% of organizations reporting that email security attacks have had a direct business impact, they are also affecting the personal lives of IT security professionals, with nearly three-quarters experiencing higher stress levels, worrying outside the office, and being forced to work nights and weekends.

In addition, an overwhelming 78% of organizations say the cost of email breaches is increasing, with one-fifth saying they are increasing dramatically. Identifying and remediating threats, communicating with those affected, business interruptions, and IT productivity losses are all factors, as well as potential data loss, regulatory fines, and brand damage.

As a result, 66% of respondents claim that attacks have had a direct monetary cost on their organization in the last year. Nearly a quarter (23%) say attacks have cost their organization $100,000 or more. darkreading.com

Phishing campaign delivers data-stealing malware via fake court summons emails
But the cyber criminals forgot to do their homework...

A newly uncovered hacking campaign is targeting employees in the insurance and retail industries with phishing emails, claiming to be from the Ministry of Justice, that infect the victim with information-stealing malware. Uncovered by researchers at cybersecurity company Cofense, the phishing emails have the subject 'Court' and feature UK Ministry of Justice logos. They claim to provide information about 'Your Subpoena', and ask the victim to click a link because they've been ordered to attend a law court and have 14 days to comply. There's no information about what the court case supposedly relates to.

Shock tactics like telling a potential victim they have a court date is a regular trick used by cyber criminals, designed to scare people into clicking phishing links and downloading malware. However, there's a prominent clue that all is not right with this message -- and it's not just the strange email address.

The message refers to a subpoena. The term is regularly used in the United States, but the UK court system hasn't used 'subpoena' since 1999, when the relevant term was changed to 'witness summons'. The email's phrasing therefore suggests that while the cyber criminals are using UK imagery in an attempt to dupe victims, they're not familiar with the details of the local system. zdnet.com

Researchers develop machine learning-based detector
that stops lateral phishing attacks
Whereas in the past attackers would send phishing scams from email accounts external to an organization, recently there’s been an explosion of email-borne scams in which attackers compromise email accounts within organizations, and then uses those accounts to launch internal phishing emails to fellow employees – the kind of attacks known as lateral phishing.

And when a phishing email comes from an internal account, the vast majority of email security systems can’t stop it. Existing security systems largely detect cyber attacks that come from the outside, relying on signals like IP and domain reputation, which are ineffective when the email comes from an internal source.

To alleviate this growing problem, Data Science Institute member Asaf Cidon helped develop a prototype of a machine-learning based detector that automatically detects and stops lateral phishing attacks. The detector uses several features to stop attacks, including detecting whether the recipient deviates from someone an employee would usually communicate with; whether the email’s text is similar to other known phishing attacks; and whether the link is anomalous. helpnetsecurity.com

CISOs Search for Startup Gold in Mountain of Cybersecurity Pitches
Chief information security officers are inundated by pitches from small cybersecurity companies, but they increasingly find they can’t ignore them because they need the niche services that high-quality startups offer. The trend is driven by a shortage of in-house cybersecurity experts and startups’ use of artificial intelligence to address specific problems.

When considering pitches from startups, corporate cybersecurity professionals should ask for details about security practices, including how long it takes the company to patch security problems after receiving alerts from software and hardware providers. wsj.com

Cyber Security Evaluation Tool 9.2 released
The Cybersecurity and Infrastructure Security Agency (CISA) has released version 9.2 of its Cyber Security Evaluation Tool (CSET). CSET is a desktop software tool that guides asset owners and operators through a consistent process for evaluating control system networks as part of a comprehensive cybersecurity assessment that uses recognized government and industry standards and recommendations. us-cert.gov

Chinese police arrest operators of 200,000-strong DDoS botnet

Japanese media company Nikkei hit by BEC scammers, loses $29 million

Robberies & Burglaries

● C-Store - Mississauga, ON - Robbery
● Electronic Store - Mississauga, ON - Robbery
● Electronic Store - Aurora, ON - Robbery
● Electronic Store - Brampton, ON - Robbery
● Jewelry - St. John's, NL - Robbery/Assault
● Variety Store - London, ON - Armed Robbery

The NRF LP Effort & Value
- Protect 2018 Update

Bob Moraca, VP LP , NRF
Dan Faketty, VP AP, Southeastern Grocers

Bob Moraca, Vice President of Loss Prevention, NRF, tells us about the evolution of the NRF Protect conference over the years and what’s new this year, the role and value of the NRF LP Council and its Committees, and the new research studies and preparedness guides the NRF publishes.

Dan Faketty, Vice President of Asset Protection, Southeastern Grocers, talks about the importance of continuing education, networking, and why LP/AP executives should get involved and engaged with the NRF.

Episode Sponsored By

 

James City County, VA: Two women charged with embezzling as much as $110,000 from Belk
Jessica Bartlett, 41 and Tamniqua Fields, 36, were charged with felony embezzlement and conspiring to commit larceny. On Nov. 1, both women were interviewed by James City County investigators and admitted in separate interviews they had worked together to steal merchandise from the Belk store at the WindsorMeade Marketplace. Fields told police she had stolen about $30,000 worth of merchandise and Bartlett said she had worked with Fields to take about $80,000 worth of merchandise since Nov. 1, 2018. Both women told police they had worked out a scheme where Fields would buy items Bartlett wanted, Bartlett would give Fields money, and then Bartlett would not ring up all the items. The department store’s loss prevention team was able to track $4,406.23 worth of transactions, according to the court filings. If convicted, each woman faces as much as 40 years in jail and $2,500 in fines, according to Virginia Code. dailypress.com

Omaha, NE: Police arrest 7 people in multiple shoplifting cases across the city; 5 businesses in the span of over 3 hours
Detectives said several suspects targeted the same stores at different times, in separate cases. Lt. Charles Casey with OPD's burglary unit said he credits quick thinking by store employees and better communication in helping catch the suspects quickly. "[The stores] do have good teams of personnel. They know what to look for. They, again, are stores that routinely communicate with us. They do a good job, so it's not surprising that they're identifying what's going on," Casey said. Casey said Omaha organized dedicated operations to catch shoplifters in the act this past year. He said his unit plans to keep the pressure on potential criminals, especially as the holiday season approaches. ketv.com