Going to stay home or at the office during this year’s Black Friday sales binge and do your shopping online? Beware. Tara Seals on the Threat Post blog advises that “cyberattackers have geared up to victimize them (you).”

“As the Black Friday post-Thanksgiving buying bonanza looms, in all of its door-busting and elbow-throwing glory, many are opting to stay at home and take advantage of the same deals online. But they may get an unwanted extra with their purchase. Banking trojan malware families Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye are targeting online shoppers.

“According to Kaspersky Lab, these and other banking trojans have spiked in detections lately, and are hunting for user credentials such as user names, passwords, payment-card numbers and phone numbers. At least 14 malware families have been found actively targeting a total of 67 consumer e-commerce sites between them, the firm said.

“This includes 33 clothing, footwear, gifts, toys, jewelry and department-store sites, eight consumer-electronics sites, eight entertainment and gaming sites, three popular telecom sites, two online payment sites and three online retail platforms.”

Sufficiently warned?

The nation’s cybersecurity defenses appear to be coming to a focus in the Department of Homeland Security,  a press release from DHS indicates.

“On November 13,” the release reads,  “the United States House of Representatives voted unanimously to pass legislation creating the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS).  The CISA Act (H.R. 3359), which passed the Senate in October and now heads to the President’s desk to be signed into law, would reorganize DHS’ National Protection and Programs Directorate (NPPD) into a new agency and prioritize its mission as the Federal leader for cyber and physical infrastructure security.”

Physical and cyber security call for pretty much the same practices, though on different scales. At heart, they involve the same management disciplines, as a post on Ingram Micro Advisor from earlier this year indicates.

The post lists the core disciplines as:

• Establish layers of physical security.

•Make the most of third-party integrations.

• Train employees effectively.

•Secure all access control data.

The basic message is that effective security begins within an organization, in the attention that management and staff pay to a timeless, yet ever-changing, discipline. Technology is key, but awareness comes first.

U.S. firemen are preparing themselves for doing more than responding to fires. How about “hazardous materials response, technical rescue and first response to terrorist events and mass casualty incidents”?

Such duties include training and responding to security threats in a fire department’s locale. A post on In Public Safety advises that “U.S. government agencies and communities are struggling with handling terrorist-style events that result in multiple casualties. We are still determining the best methodologies to plan for and respond to the newest types of terrorist-style events.”

“The United States Fire Administration (USFA),” the post adds, “should be commended for the new focus on research and the use of fire grant dollars to fund research. However, this has only occurred in earnest in the last decade.”

The post has been prepared by Dr. Randall W. Hanifen, a Shift Captain for the West Chester Fire Department in Ohio and a fire service consultant.

Cyber security is a piece of overall access control security and there’s a town in rural Michigan that’s staking much of its future on that reality.

“Pinckney is a rural town in southeastern Michigan with a population of 2,427. Located in the rolling hills and vast stretches of farmland of Livingston County, Pinckney seems like an odd place for a cyber hub.

Yet, “In the summer of 2016, the Merit Network announced that Pinckney Community High School had been selected as a Cyber Range Hub. The Pinckney Cyber Training Institute and Sentinel Center officially opened that December.”

“The 5000-square-foot institute caters not only to high school and college students but also to working adults and IT professionals who need cyber certifications to stay current or to advance their career.”

So, you never know how awareness of security realities in today’s world will factor into educational and economic development.

Paris, for one, is cutting the odds against terror by vehicle – a weaponized truck or car – by adding barriers between traffic and people, even at the Eiffel Tower. It’s unfortunate that this is advisable, a post on Citylab notes,  but security comes first.

“Cities have so far responded to this new threat in an ad-hoc manner,”  the post explains. “Many have begun to erect physical barriers between the walkers who define their urban spaces and the multi-ton vehicles whose drivers pose a growing threat.

“But while some physical barriers are necessary, government officials need to create and adhere to core principles in protecting their residents, workers, and visitors. Anti-terror infrastructure should ease walking, biking, and public transit use, not impede it.”

Examples are provided of how that can be done.

Here is the Department of Homeland Security’s appraisal of the human caravan  making its way toward the U.S. border, including an explanation of why U.S. troops are being sent to the border.

“Our nation,” DHS explains, “is experiencing an unprecedented crisis on our Southern Border that is the result of loopholes that prevent the detention and repatriation of illegal alien minors and family units.  FY18 is the highest number of family unit apprehensions on record – it is more than 40% higher than any previous year on record.”

The apparently deplorable state of affairs in parts of  Central and South America  is adding motive power to the caravan. That would seem to be a concern for the U.S. State Department too.

DHS says it expects the caravan to arrive at the U.S. border “between four days and two weeks (from October 31) depending on the mode of transportation and whether they make any prolonged stops.”

The U.S. Air Force is providing lessons on identifying and responding to terrorist threats. In the Dayton, Ohio, Daily News, we learn of “Eagle Eyes, the Air Force’s anti-terrorism program (which) is designed to bring the eyes and ears of all Airmen to bear on terrorism prevention by teaching about the typical activities that terrorists engage in to plan their attacks.

“The areas of interest include surveillance, elicitation, tests of security, acquiring supplies, observing suspicious persons out-of-place, dry runs and deploying assets.

“The third item – tests of security – are any attempts to measure reaction times to security breaches or to penetrate physical security barriers or procedures to assess strengths and weaknesses. . . An example could include an individual shaking the base perimeter fence, or even scaling the fence, to see how long it takes for Security Forces to respond. They would also be able to see the scope of the security in the number of vehicles or personnel responding.”

Security, the Air Force is acknowledging, begins with awareness of potential threats and developing plans to counter them should they arise.

Yet another warning about keeping industrial control systems (ICS) and other forms cyber security up-to-date comes from the Security Ledger in advising of the 2019  “Global ICS & IIoT Risk Report” – “A data-driven analysis of vulnerabilities in our industrial and critical infrastructure.”

“Many of these networks were designed decades ago when cybersecurity was not a primary design consideration,” Phil Neray, vice president of industrial cybersecurity at CyberXAs, told Security Ledger. “As a result, they are rife with ‘insecure by design’ vulnerabilities such as unencrypted protocols, legacy Windows boxes, vulnerable firmware in controllers–e.g., in embedded web servers–and lack of network segmentation.”

“These vulnerabilities leave ICS networks wide open to attacks from nation-states such as Russia, Iran and North Korea, who are constantly probing them for weaknesses so they can establish footholds, he said.”

“Constantly probing” – yes, cyber security has become a consant search to avoid vulnerability to attacks on critical data points.

Writing on the Security blog, Tony Brownyard notes that school administrators may be feeling frustrated over difficulties they’re having in finding insurance for armed security officers in their school(s).

One course Brownyard urges is hiring an off-duty or former law enforcement officer for security in a school setting. “Because law enforcement personnel receive extensive screening and training, they are better equipped to de-escalate challenging or deadly situations,” he notes.

Brownyard acknowledges that he never wanted armed officers in his own children’s schools. “However,” he adds,  “as we face the reality of continued school shootings, I now believe we need to equip schools with the knowledge they need to retain highly qualified armed officers and we need to equip these officers with the knowledge and resources they need to best serve the next generation.”

Yes, the possibility of an armed intruder is a sad reality in today’s schools, but one that needs consideration.