In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories from the past week.
Cybersecurity
Why Cannabis Brand Leaders Should Prioritize Cybersecurity Measures to Guard Against Ransomware
This piece from RollingStone shines a light on a security risk which isn’t getting enough attention within the cannabis industry. “While most cannabis companies put physical security at the top of their priority lists to prevent the more common armed robbery from occurring, they should understand that cyberattacks pose a serious threat.” The article notes upcoming research from Ben Goodman, founder and CEO of CyRisk, a U.S.-based cyber risk analytics platform which found that half of the cannabis companies they analyzed had moderate to poor security. The threat of cyberattacks to retail and e-commerce is discussed, but so is the potential for breaches to cultivation operations through their automated operations. Growers who feel they may be protected would be wise to review this article from Wired where a French hacker says he found half a dozen hackable vulnerabilities in the internet-of-things systems used in a capsule hotel he stayed at in 2019. They allowed him to hijack the controls for any room at the hotel to mess with its lights, ventilation, and even the beds in each room that convert to a couch, all of which are designed to be managed by networked systems linked to an iPod Touch given to every guest. Threat actors taking control of automated systems that are not adequately protected could have devastating impacts on crops. The article concludes with many of the same best practices we have shared in previous blog posts, and we highly recommend all operators reading this article.
Spear-phishing now targets employees outside the finance and executive teams, report says – Malwarebytes Labs
According to Barracuda’s latest report entitled “Spear Phishing: Top Threats and Trends”, 77 percent of employees who are in roles considered as “low profile” are now favorite spear phishing targets. Some of these employees are members of IT, who receive an average of 40 phishing emails per year, and the sales department, who receive 1 in every 5 BEC phishing emails sent the company’s way. “Due to the nature of their role, sales reps are used to getting external messages from senders they haven’t communicated with before. At the same time, they are all connected with payments and with other departments including finance,” says the report. “For hackers, these individuals could be a perfect entry point to get into an organization and launch other attacks.” This report is so important as a reinforcement why all members of your organization need to be trained in cybersecurity best practices, especially frontline workers who may have less experience and do not fully grasp the impact that a data breach can have. We have shared the statistics before, but 60% of small businesses go out of business within six months of being hacked, and with the stakes that high, it’s imperative that every member of the organization understands the risks involved.
Physical Security
No Arrests in Imperial Pot Heist Attempt, Owner is Suspicious
A driver for Supreme Greens Collective of Calexico was a victim of the attempted robbery in which the assailants reportedly fired a gunshot at the driver as he sped away from the scene in the Savannah Ranch subdivision of Imperial on Thursday night, July 29. “The suspects in this case were not successful in taking any items from the delivery driver, and we have ruled it an attempted robbery,” Imperial police Capt. Max Sheffield said on Tuesday, Aug. 3. “The firearm (that was) discharged has not been recovered, but it has been confirmed by multiple neighbors that they heard a gunshot. Investigations has made this case a priority.” The owner of Supreme Greens Collective noted that such robbery attempts are not uncommon for Supreme Greens’ drivers, adding “every two or three months a driver gets assaulted but never shot at.” While the industry will certainly need to innovate in order to minimize these types of situations as delivery becomes more prevalent, driver and customer safety must always be at the forefront. This article from Cannabis Business Times reviews “Three Steps to Help You Survive an Armed Robbery.”
Tennessee Workplace Shooting.
A 22-year-old employee of a SmileDirectClub warehouse opened fire on Tuesday at the facility in Tennessee, injuring three people before being shot and killed by responding officers, authorities said. The employee had worked at the warehouse since June, and had also had another short stint with the company in the winter of 2019. No specific motive has been released yet, but the attack did occur during a shift change, which could indicate that the shooter had conducted some level of pre-planning to know that time would provide for the highest amount of potential casualties. As the U.S. has seen multiple workplace shootings this year, any security plan should consider when an organization is most vulnerable for a mass casualty event. A few resources to consider related to workplace violence and active shooters:
- CISA Active Shooter Workshop
- DHS Active Shooter: How to Respond
- Tennessee Emergency Management Agency Active Shooter Preparedness
On Thursday, August 19 1:00 – 2:30 EDT, our friends at Gate 15 will provide a free webinar on Hostile Event Preparedness. You can register for the event here. In this presentation, you will learn how to:
- Recognize types of Hostile Events, to better prepare for and react to an event
- Recall event statistics and profiles of perpetrators, to better prepare for and react to an event
- Identify indicators of potential violence, to possibly avert a hostile event from occurring
- Take proper actions during a hostile event, to increase the chance of survival if an event occurs
- Identify the basics of an Emergency Action Plan (EAP), in order to begin development of an EAP
- Identify the components of Hostile Event training and exercises, in order to develop a training program appropriate for your organization
- Identify resources available, to take the next steps in Hostile Event preparedness
Be sure to check back every Tuesday as we publish our Library Card Series where we highlight one of the resources available in our library!
Check out the latest blog!
Tweet