company logo
29 DecBlog

10 physical security predictions for the new year

To view the original article click here

Hard to believe it is that time again, but in a few short days the calendar will flip and we will be in 2022. I have been fortunate to work with virtually all parts of the physical security industry, from A&E firms, integrators, manufacturers, and multiple types of end users (ranging from multiple Fortune 100 organizations to a family-owned self-storage company); all which shared valuable insights throughout 2021.In this column, I’d like to share my perspective of what will likely be the key issues and challenges we all will face in 2022. 

1. Cyber will bring physical security issues into the boardroom 

Gartner predicts that by 2024, 75% of CEOs will be personally liable for cyber incidents.  Cyber incidents involving physical security and IoT devices are on the rise, and the trend in threat actors exploiting these systems are headed toward more devastating consequences. Efforts like SIA’s recent certification program on cybersecurity (SICC) is a good start towards your team being prepared for those board-level discussions, but in 2022 security leaders must also ensure that they have data, processes, and tools to support cross-functional board-level interactions. 

2. Bringing IT skills into physical security teams drives hiring

Clearly more IT skills are needed with modern physical security systems, but also clearly there are labor shortages that present challenges in accomplishing this. In 2022, this may force a new tier of physical security worker, with pay and responsibilities that are competitive with the broader IT market. Such workers will be needed to bring physical security into broader IT initiatives like Zero Trust. By creating career paths within physical security tied to the broader IT market will attract new talent that otherwise may have felt physical security to be too limited for them. If your organization is already doing this or headed in this direction, let others know about it through LinkedIn or at industry events.  

3. New service models will emerge

The industry’s direction toward more managed services will continue and become a differentiator between integrators. Whether it is remote guarding, cyber hardening, service assurance, or compliance, the variety and “a la carte” managed services offerings will bring new customers to integrators. Many organizations that manage physical security with internal resources will see the benefits of offloading specific functions, like firmware updating, to an integrator offering that as a service. In 2022, the “as-a-service” concept should be evaluated across all parts of the physical security landscape, as it will lead to less expensive and more efficient ways of deploying and managing security operations.   

 

4. Deepfakes will get more attention 

Fundamental to use of video surveillance is the ability to use that data as evidence and being able to prove a chain of custody. The growing sophistication of deepfakes combined with lax procedures over that chain of custody is a recipe for 2022 to call into question whether video data can be trusted. To prepare for this organizations must ensure their devices and data have not been tampered with, including replacing real data with fake data. Methods that can track the integrity of the data being stored (and that the data is kept unchanged for the required retention period) will be needed to keep video surveillance data relevant and effective. 

5. More focus on knowing your physical security asset inventory 

As physical security teams become closer partners with the cybersecurity, IT and compliance functions within their company, the starting point for those relations is having a strong handle on what assets they have and what the status of those assets are. We saw in 2021 the need to remove certain brands from being used (under NDAA 889), and the difficulty in determining if those brands were present because of the multiple OEM and other rebadging of equipment that goes on. Even seemingly innocuous devices like inexpensive badge printers purchased on Amazon could be the Achilles Heel in your physical security network. It is imperative you know the source and integrity of every single device that is plugged into your network. In 2022, organizations should be better prepared by having up to date inventories including firmware versions being used and original equipment manufacturer. 

6. More mandates from U.S. federal government that impact physical security

In 2021, there were multiple directives and mandates that touched physical security (NDAA 889, CMMC, CISA directives, etc). Likely in 2022 these will be added to, especially around firmware updates and password management. The fact that many physical security devices are not updated (let alone still use default passwords) creates an opportunity for them to be used in exploits like phishing attacks, delivery of ransomware and malware, and planting of deepfakes.  The threats from this go beyond any single company, so having more government action and focus on these attack vectors will likely bring more requirements to operators of physical security systems. Prepare by making sure you’re able to update firmware quickly and have a process to track the firmware versions in all your devices.

7. Slowdown on facial recognition

2022 will likely be a year where organizations carefully evaluate and implement facial recognition solutions as the legal and operational aspects of this technology still get worked out.  Facebook’s decision to shutter its facial recognition software (but still continue technology development of it) speaks to the need to match privacy and societal concerns to the deployment of new security technologies. However, there has been a marked rise in the development and deployment of face as a credential solution for highly accurate and secure touchless personal identification and authentication. In addition, laws like Europe’s GDPR (General Data Protection Regulation) put responsibility onto physical security operators to be able to remove or limit information on a specific individual – a task best served by the automation provided by facial recognition.  If you don’t already, consider if your company needs a policy on legal and ethical use of facial recognition.

 

8. Training and certification of physical security salespeople will gain momentum

As physical security systems become more complex, so does the knowledge required to specify and sell systems. The front line of those efforts is the salespeople working with customers to define the best possible system for their needs. More focus on training and credentialing salespeople will become a differentiator between security integrators, and a path to ensuring physical security professional development for more people within the profession. If you’re an end user, ask your integrator if they’ve considered this, or if you’re involved with SIA and ASIS, recommend they pursue this. 

9. More focus (and revelations) about who has backdoors in physical security equipment

For many years the source of physical security device components, who designed them, and how they are combined with software to make products like IP cameras and card access systems has been a non-issue. Yet in almost all parts of the supply chain there is now greater scrutiny over where and how vulnerabilities are introduced, making it likely that in 2022 there will be more revelations on what really is designed into physical security systems. The past couple of years there have been active bans on equipment from specific manufacturers because they are known to contain backdoors.  Prepare for this by establishing a “zero tolerance” policy and by implementing fundamental best practices like changing default passwords on devices and updating firmware, to protect your existing investment in physical security cameras and other endpoints.

10. Insurance will incorporate physical security data in policy pricing 

Many organizations have been faced with a significantly higher amount of data requested by insurers in order to price (or even be offered) cybersecurity and general business liability insurance; in 2022 this will also encompass physical security information and standard operating procedures (SOPs). For many organizations who work with integrators, engaging with them now and discussing how to maintain current information needed for insurers can help to get ahead of this issue.  Best way for organizations to be prepared is to prepare documented SOPs, detailed inventories of devices, and metrics around their operations to show that your organization is in control.

Read More
22 DecBlog

What, exactly, is information technology?

Click here to view the original article

Information technology professionals provide hardware, software, and one-on-one device support. Although most people’s interactions with IT involve computer issues, the work extends far beyond that. IT departments usually have three areas of responsibility –- operations, infrastructure and maintenance, and management. IT operations generally encompass engineering, database administration, or development. 

IT roles include:

  • Operations engineers: Operations engineers install, run, and manage networks, servers, and external services such as cloud computing. 
  • Database administrators: These professionals create and maintain systems that store information.
  • Development operators: DevOps engineers combine software engineering with coding skills to build software, improve it, and perform software deployments.

Does IT include cybersecurity?

Some people within and outside of technology-related careers consider cybersecurity an IT-related job. As with other professions, job titles and responsibilities sometimes overlap. As a result, IT and cybersecurity workers may collaborate or handle some of the same responsibilities. 

But when analyzing essential job skills and responsibilities, IT and cybersecurity professionals take different approaches to safeguard digital information. Cybersecurity tends to focus more on protecting the data itself than the infrastructure supporting it. As with cybersecurity, the number of people responsible for IT depends on a company’s resources. One person may handle multiple responsibilities –– or even everything IT-related.

Information technology jobs

More than 12 million Americans worked in the IT sector in 2019. The net employment of people in technology-related jobs grew by 307,000 workers, up 2.6% from 2018. Some IT positions require advanced degrees, while others have entry-level opportunities. Here we’ve featured some of the most popular information technology jobs.

CHIEF INFORMATION OFFICER

CIOs typically hold executive-level status and manage an organization’s overall IT functions. Their responsibilities include directing the IT staff to ensure technology and cybersecurity functions stay efficient, safe, and up to date. If there is no chief information security officer at the organization, the CIO may also oversee cybersecurity staff.

CLOUD ARCHITECT

These professionals design and implement cloud-based IT infrastructure for organizations. As part of that work, cloud architects must work closely with others to make sure the services meet an organization’s needs. They’re also responsible for cloud security and risk management.

COMPUTER SUPPORT SPECIALIST

Computer support specialists provide one-on-one technical assistance for computer users in an organization. People who do this job walk people through resolving computer issues. They may also provide support for overall IT or cybersecurity functions.

DATABASE DEVELOPER

Database developers create and operate computer databases that process and securely store information. They work with others to design database systems that support an organization’s needs. This may involve using coding to design systems and performing troubleshooting and maintenance.

IT SECURITY ANALYST

IT security analysts work to protect computer systems from cyberattacks by creating and implementing security strategies. Their responsibilities may include installing firewalls to protect digital data and developing disaster recovery plans in case of a major data breach or loss. They may also work with penetration testers to identify system vulnerabilities.

NETWORK ADMINISTRATOR

Network administrators are responsible for operating an organization’s computer networks. Their duties include installing and maintaining an organization’s digital networks. Their work also includes managing devices that use the network, and keeping apps, like email, working.

SYSTEMS ANALYST

Also known as system architects, computer systems analysts study an organization’s computer systems and procedures. Their responsibilities include setting up new hardware and software and working with managers to ensure IT is meeting the organization’s needs. A key part of this job involves ensuring the organization’s IT systems meet business needs.

WEBMASTER

Also known as web developers, webmasters are responsible for a website’s overall look and function. That includes designing the site’s user interface and handling technical aspects, like writing code or integrating graphics or video. Additional responsibilities include creating test versions of websites and updating published content. Entry-level work in this role typically requires a bachelor’s degree.

In conclusion

Information technology is a broad, diverse, and growing field. Although IT professionals might help reset an account password or install a new printer, their responsibilities extend far beyond these important but basic tasks. IT workers use a variety of skills and apply their knowledge to develop real-world solutions for all types of corporate and personal technology concerns.

What are some jobs in information technology?

Common jobs in information technology include database administrators, web developers, computer programmers, network architects, and computer research scientists.

Which IT jobs are in demand?

In-demand IT jobs for 2021 include database administrators, systems analysts, and mobile application developers. Other top jobs include software developers, network administrators, and help desk specialists.

Read More
15 DecNews

Compulink VP, Denise Arboleda Awarded as City & State’s 2021 Responsible 100

Compulink Technologies, Inc. has been an active member in both the New York State & City communities for over three decades. We take pride in the community that we serve and, we are proud to honor our Vice-President, Denise Arboleda for being recognized as a 2021 City & State responsible 100. 

The responsible 100 is a list of leaders in the private sector who are actively seeking to help New Yorkers make our state a better place. The list is a seasonal reminder that giving back to the community and helping others is just as rewarding as running a successful business and earning profits.  

Denise serves on multiple community boards, participates in internship programs for high school students associated with the Boys and Girls Club and HANAC Youth Services and has spent her time serving government agencies serving across NYC. Denise is also a vocal and prominent advocate for women and minorities in business and has helped guide and mentor emerging MBE’s and MWBE’s through her own experience so they are positioned for future success. 

We have all learned how important it is to have a strong community throughout 2020 and 2021. There were many difficulties and hardships that businesses and individuals faced. We are proud to see Denise recognized for her efforts to strengthen the NYC community through her volunteering, leadership, advocacy and mentorship. Thank you for fighting the good fight!

 

To view the list of responsible 100 and to learn more about Denise, click here

Read More
08 DecBlogNews

Compulink Technologies, Inc. Attends 2021 Women of the Channel Conference

Our Vice-President, Denise Arboleda just attended the Women of the Channel Leadership Summit over the last two days to connect with women IT channel leaders and to learn more about ways to galvanize more female leadership in tech. 

The Women of the Channel Leadership Summit East is the meeting place for women from across the IT channel who are looking to advance organizational diversity, make unmatched connections, and empower and cultivate women leaders. Attendees benefit from best-in-class thought leadership, motivational keynotes, channel trends, stimulating workshops, interactive peer panels and energizing networking opportunities ─ all focused on navigating the workplace and helping them develop their professional, corporate and personal goals”

Previous
Next
Read More
01 DecNews

Gartner analyst: 12 technologies to accelerate growth, engineer trust and sculpt change in 2022

CEOs have three priorities for 2022: growth, digitalization and efficiency, and CIOs add value to those with force multipliers, creative technology and scalable foundation. Gartner research vice president David Groombridge announced the top strategic technology trends that organizations need to explore in 2022 during a session at Gartner IT Symposium/Xpo Americas Monday.

CEOs and boards are striving to grow and are willing to spend for digital investments to make direct connections with customers, Groombridge said. He cited 12 technologies that can enhance organizational efforts to accelerate growth, engineer trust and sculpt change.

Gartner
  1. Generative Artificial Intelligence – A new artificial intelligence coming to market is generative AI, which is the use of machine learning methods that learn about content or objects from their data and use it to generate new, completely original, realistic artifacts.

    Most AI models today are trained to drive conclusions, Groombridge said. Generative AI learns about artifacts from data. It could disrupt creative processes in engineering, manufacturing, architecture and design, he said.  

    Generative AI can be used in many ways, including creating software code, identifying new products, facilitating drug development and targeted marketing. It can also be misused for scams, fraud, political disinformation, forged identities and more. By 2025, Gartner expects generative AI to account for 10% of all data produced, up from less than 1% today.

  2. Data Fabric –The number of data and application silos has surged in the last decade, while the number of skilled personnel in data and analytics teams has either stayed constant or even dropped, Groombridge said. Data fabrics–flexible, resilient integration of data across platforms and business users–have emerged to simplify an organization’s data integration infrastructure and create a scalable architecture that reduces the technical debt seen in most D&A teams due to the rising integration challenges.

    The real value of data fabric is its ability to dynamically improve data usage with its built-in analytics, cutting data management efforts by up to 70% and accelerating time to value, according to Gartner.

  3. Disrupted Enterprise – With the rise in remote and hybrid working patterns, traditional office-centric organizations are evolving into distributed enterprises composed of geographically dispersed workers.

    “This requires CIOs to make major technical and service changes to deliver frictionless work experiences, but there is another side to this coin: the impact on business models,” Groombridge said. Every organization must reconfigure its delivery model to embrace distributed services, he said. “The world didn’t think they’d be trying on clothes in a digital dressing room two years ago.”

    Gartner is projecting that by 2023, 75% of organizations that exploit distributed enterprise benefits will realize revenue growth 25% faster than competitors.

  4. Cloud-Native Platforms – To truly deliver digital capabilities anywhere and everywhere, enterprises must turn away from the familiar “lift and shift” migrations and toward CNPs. CNPs use the core capabilities of cloud computing to provide scalable and elastic IT-related capabilities as a service to tech creators using internet technologies, which deliver faster time to value and reduced costs.

    Consequently, Gartner predicts that cloud-native platforms will serve as the foundation for more than 95% of new digital initiatives by 2025—up from less than 40% in 2021.

  5. Autonomic Systems –

    As enterprises grow, traditional programming or simple automation will not scale, according to Groombridge. Autonomic systems are self-managing physical or software systems that learn from their environments. Autonomic systems can dynamically modify their own algorithms without an external software update, enabling them to rapidly adapt to new conditions in the field. 

    Autonomic systems will become common in robots, drones, manufacturing machines and smart spaces, he said.

  6. Decision Intelligence – Decision intelligence is a discipline used to improve decision-making by explicitly understanding and engineering how decisions are made, and outcomes evaluated, managed and improved by feedback. Gartner predicts that in the next two years, one-third of large organizations will be using decision intelligence for structured decision-making to improve competitive advantage.
  7. Composable applications – Demand for business adaptability is required in today’s continuously changing business environment. This requires technology architecture that supports fast, safe and efficient application change, Groombridge said. Composable application architecture empowers this adaptability, and those who have adopted a composable approach will outpace the competition by 80% in the speed of new feature implementation, he said.
  8. Hyperautomation – Hyperautomation enables accelerated growth and business resilience by rapidly identifying, vetting and automating as many processes as possible.

    Gartner’s research shows that the top-performing hyperautomation teams focus on three key priorities: improving the quality of work, speeding up business processes and enhancing decision-making agility, Groombridge said.

  9. Privacy-Enhancing Computation –Besides dealing with maturing international privacy and data protection legislation, CIOs must avoid any loss of customer trust resulting from privacy incidents, he said. Gartner expects 60% of large organizations to use one or more privacy-enhancing computation techniques by 2025.

    PEC techniques protect personal and sensitive information at a data, software or hardware level. They securely share, pool and analyze data without compromising confidentiality or privacy, according to Gartner.

  10. Cybersecurity Mesh –  Data is only useful if enterprises can trust it,” Groombridge said. “Today, assets and users can be anywhere, meaning the traditional security perimeter is gone. This requires a cybersecurity mesh architecture.”

    CSMA helps provide an integrated security structure and posture to secure all assets, regardless of location, he said. By 2024, organizations adopting a CSMA to integrate security tools to work cooperatively will reduce the financial impact of individual security incidents by an average of 90%, according to Gartner.

  11. AI Engineering – IT leaders struggle to integrate AI within applications, wasting time and money on AI projects that are never put in production or struggling to retain value from AI products once released.

    So-called fusion teams working on AI will create a real differentiator for their organizations if they can continually enhance value through rapid AI change, Groombridge said. They need composable apps, which are built for modular components, he said. This will increase the efficiency of fusion teams.

    Composable apps are built from packaged business capabilities. PBCs create reusable business models that these teams can use to rapidly create a composed app integrated into a data fabric with UI over it, Groombridge said. “PBCs are the molecules, and fusion teams are the scientists creating them.”

    Using composable apps increases the number of apps delivered while cutting delivery time, he said.

    Already, companies including Georgia Pacific, Unity Health and Axon are operationalizing AI, he said. But for AI to be accepted “its ethics must be beyond exception,” Groombridge added.

  12. Total Experience – TX is a force multiplier for a growth strategy that combines customer experience, employee experience, user experience and multi-experience disciplines, Groombridge said. He advised organizations to leverage that by forming fusing teams with executive sponsors.

    Under the total experience approach, all discipline leaders should be equally responsible for meeting the combined needs of employees and customers, he said. Groombridge added that “traditional management approaches will not scale.”

    The goal of TX is to drive greater customer and employee confidence, satisfaction, loyalty and advocacy.

    The top strategic technology trends for 2022 will drive significant disruption and opportunity over the next five to 10 years, according to Gartner.

Read More
17 NovBlog

Most Common IT Help Desk Issues

Have you tried refreshing your browser? Try turning it off and turning it back on again. Clear your cache and see if that works. 

You’ve probably heard these phrases doled out as advice from an IT help desk specialist after calling for help, and that’s because those solutions actually work most of the time. We decided to put together a list of the most common help desk issues to shed light on the most common issues IT help desk support receives so you know what do in case you run into any of these issues. 

  1. Slow Internet – A slow Internet connection can be indicative of a few problems such as having too many tabs open in your browser, ransomware & spyware protection using too much memory, your ISP, or Internet speed. To fix these, simply close your tabs on your open browser, run a speed test to see if it’s a slow internet connection or open your task manager to see how much memory your antivirus protection is using. If all these fail to speed things up, then call your help desk support specialist and they can work their magic. 
  2. Can’t Connect to Network – Is your caps lock button on? We’re not trying to be rude, you’d be amazed how common that scenario is. If that isn’t the case, then it could be that the account was suspended or you were locked out, both not ideal scenarios. 
  3. Printer Issues – Is the printer connected to a power source? Again, we are not trying to be rude. It’s more common than you would think. It could also be that you are selecting the wrong printer from the list of devices when you go to print. If you still cannot get to the root of the issue, then a desktop support specialist is required to investigate. Absolutely DO NOT try to solve the issue in-house as this can lead to more problems. 
  4. Blue Screen of Death – One of the most dreaded computer issues is the aptly named ‘Blue Screen of Death.’ Most people freak out when they see the infamous blue windows screen with a frownie face and some text underneath. Not to worry- a simple computer reboot is usually all it takes to have your computer functioning again. 
  5. Computer Shuts Off At Random – This issue can usually be attributed to overheating from a an overaccumulation of dust and debris. Have you ever taken a look at your dusty windowsill? Dust and dirt accumulate fast on objects that are sedentary. It’s not an issue (unless you have bad allergies!) for everyday objects, but computers have to cool down when they are running, and if there is a large collection of dust, this can cause frequent outages and other problems for your PC. Another problem that causes this issue is a faulty laptop charger that shuts off the power whenever it is disconnected from its charging port.
  6. Lost Important Files  – Don’t Panic. Yes, that’s also a famous quote from ‘The Hitchhiker’s Guide to the Galaxy,’ but it is also advice to not freak out too much if you have accidentally deleted or lost important files. The first place to check is the recycling bin to look and see if there is a way to recover the files. If you are unable to recover the files in your recycling bin, it is in your best interest to contact a help desk support representative to see if they can recover the files by using a backup file.
  7. USB Port Not Working – Have you tried checking to see if the other USB port works with the device you are using? Also check if the device works with another machines? Still nothing? It could be the device is faulty, 
Read More
09 NovBlog

Cisco at Web Summit 2021: Elevating Female Founders and Driving Small Business Success

This blog article was originally published by Cisco. To view the original article, click here

Small businesses make up 99% of the world’s business population, yet women-led start-ups received only 2.3% of Venture Capital funding in 2020, according to Harvard Business Review. This is particularly concerning in today’s business landscape, where much of the economy’s recovery rests upon small business’ own return to growth.

Cisco at Web Summit 2021: Powering a More Inclusive Future for All

At Cisco, our company purpose is to power an inclusive future for all. Ensuring equitable access to opportunities for all is in our DNA and so naturally, we want to be part of solving this problem.

This month, Cisco attended Web Summit, a global forum that brings people and companies together at the intersection of technology, people and culture. Attendees continue to search for ways to redefine business and the global technology industry whilst driving inclusion. Cisco contributed to this conversation with our focus on hybrid work and demonstrated that by bringing people together no matter where they are, we can bring more voices to the table and be more inclusive.

I was also thrilled to see the ever-growing number of female speakers at the event this year, and had the honour to be part of the incredible line-up. Cisco hosted a Masterclass Session where we heard female founders’ perspectives and gained insights into the hustle behind creating successful lifestyle brands. Attendees were treated to stories, insights and tips from Hannah Mitchell, CEO and Founder of mywimble.com and Hayze Bridal, and Bianca Bridges, CEO and Founder of Breakfast London and Sweathouse.

Hannah and Bianca shared how they’ve leveraged technology, combined with their grit and entrepreneurial spirit, to get to where they are today. Attendees loved the opportunity to connect with like-minded founders, were inspired to take new and bold steps with their business, and met accountability partners to include as part of their personal network to keep them on track with commitments. I’m excited to see how our impact and commitments we made together will continue as attendees connect again with their new accountability partners on November 19th for Women’s Entrepreneurship Day.

You can learn more about Cisco’s presence at Web Summit here.

Read More
04 NovBlogNews

Happy Birthday to the ‘Father of Fiber Optics’

If you went to do a Google search today, you probably noticed there was a Google-doodle for Nov. 4 honoring Charles K. Kao’s (known as the ‘Father of Fiberoptic) birthday. Having started as a fiberoptic network cabling company, Compulink would just like to say, happy birthday to the man who pioneered one of the biggest innovations in technology and information sharing over the last 100 years. 

To celebrate, we have compiled a few facts about Charles’ life and impact on the IT world:

  1. Charles was born in 1933 in Shanghai, China
  2. Charles K. Kao received the Nobel Prize in Physics for his “groundbreaking achievements concerning the transmission of light in fibers for optical communication.”
  3. In 1966, Kao and fellow engineer, George Hockham proposed that fibers made of ultra-pure glass could transmit light for distances of miles without a total loss of signal, and in 1970, the first fiber-optic cable was successfully created.
  4. Kao is nicknamed as the “godfather of broadband” as well as the “father of fiber optics”
  5. Kao was knighted by Queen Elizabeth II for his “services to fiber optics 
Read More
25 OctNews

Russian SolarWinds hackers have a new target: the global tech supply chain

This Article was originally published on Fortune.com. Click here to view the original article.

Microsoft Corp. said the hackers behind the SolarWinds cyberattack are engaged in a fresh campaign to compromise global networks by targeting the tech supply chain, including resellers and providers of cloud technology.

Microsoft attributes the coordinated attack, which was first observed in May, to a group called Nobelium, the same state-sponsored Russian hackers who used sophisticated intrusion techniques in 2020 to infect with malware as many as 18,000 customers of Texas-based software company SolarWinds Corp. More than 140 technology service providers and resellers have been notified as recent targets of the hackers and 14 of them are believed to have been compromised, Microsoft said in a blog on Monday.

Nobelium was also behind an attack on IT companies, governments, think tanks and financial service entities earlier this year that spanned 36 countries, Microsoft announced in June.

When they met in Geneva in the summer, U.S. President Joe Biden said he gave Russian President Vladimir Putin a list of 16 critical sectors that shouldn’t be hacked to deter a cyber response from the U.S. government, but the attacks have continued. The Kremlin, for its part, has repeatedly denied responsibility for any hacking attacks.

This time, between July and October this year, “we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits,” Microsoft Corporate Vice President of Customer Security and Trust Tom Burt wrote. 

The Redmond, Washington-based company said this activity was another indicator that “Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain, and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government.”

The White House, which issued an executive order in May this year urging the private sector to bolster its cyber defenses, said it was increasing its intelligence sharing and other measures to protect against cyber threats.

The attacks described in the Microsoft blog were unsophisticated operations attempted daily by Russia and other foreign governments. The attackers weren’t attempting to exploit any flaws or vulnerabilities in software but instead using “well-known” techniques to steal credentials, the blog said.

Read More
19 OctNews

Comptroller Stringer: Annual Making the Grade Report Reveals City Fails to do Business with More Than 80 Percent of M/WBEs

(New York, NY) – Today, New York City Comptroller Scott M. Stringer released the eighth annual “Making the Grade: New York City Agency Report Card on M/WBEs” report, finding that 84 percent of M/WBEs still do not have access to City spending. The share of M/WBEs receiving City dollars has never exceeded 22 percent since FY 2015. The Comptroller announced that the City fell to a “C-” Grade for M/WBE Spending in FY 2021 after two consecutive passing “C” grades. This year’s report examined the rollout of Chief Diversity Officers across the country, after years of advocacy led to an Executive Order appointing Chief Diversity Officers within every New York City agency.

“Over the last eight years, my office has given voice to solutions from M/WBEs directly on how the City can better connect them with opportunities, which has led to real change. But there is still room for significant improvement,” said Comptroller Stringer. “As this administration prepares to leave office, it is clear that the City, from the next Mayor and Comptroller to the next City Council, have abundant opportunities to address the systemic inequities experienced by communities of color especially as we continue to rebuild our economy amid the COVID-19 pandemic.”

“Making the Grade,” published annually since 2014 by the New York City Comptroller, evaluates the performance of the City’s M/WBE program and makes recommendations for its improvement. “Making The Grade” assesses 32 City agencies – and the City overall – on progress in spending with minority and women-owned businesses (M/WBEs) and is a diagnostic tool for agencies to improve performance and transparency in M/WBE spending, increase competition in City procurement and save taxpayer dollars.

Highlights in the 2021 “Making the Grade” report include:

  • The City awarded $30.4 billion in contracts in FY 2021, of which only $1.166 billion (equal to 3.8 percent) were awarded to M/WBEs.
  • The City has nearly tripled the number of certified M/WBE firms since FY 2015. However, of more than 10,500 certified M/WBEs, 8,886—84 percent—did not receive City spending in FY 2021. The share of certified M/WBEs receiving City dollars has never exceeded 22 percent since FY 2015.
  • The City spent $1.27 billion with M/WBEs, an additional $261 million from FY 2020 and an increase of more than $900 million since FY 2014. The City earned a “C-” grade for M/WBE spending in FY 2021.
  • Since 2014, the City has improved its grades with Asian Americans, Hispanic Americans, and women-owned businesses, but it has been unable to improve its “F” grade with African American-owned businesses over the last eight years. In FY 2021, the City earned a “B” grade with Asian American-owned businesses, a “D” with Hispanic American- and women-owned businesses, and an “F” with African American- owned businesses.
  • Two mayoral agencies: The Commission on Human Rights and Department for the Aging earned their fifth consecutive “A” grades; both spent more than 50 percent of their Local Law 1-eligible dollars with M/WBEs.
  • The Department of Transportation received an “F” grade, spending less than five percent of its Local Law 1-eligible dollars with M/WBEs.
  • In FY 2021, eleven grades remained the same, three agencies improved their grades, and 18 agency grades- over half- declined from FY 2020.
  • The Comptroller’s Office earned its third consecutive “A” grade. Over the last eight years, the Comptroller’s Office increased its M/WBE spending from 13 percent in FY2013 to approximately 53 percent in FY2021.
  • In 2020, Comptroller Stringer announced that the Office’s registration process would now include a rigorous review of M/WBE goals on City contracts. Between November 2020 and May 2021, the Comptroller’s Office registered 63 contracts subject to Local Law 1. Of these, 42 contracts, or about 67 percent, had M/WBE goals below 30 percent.

The Future of Chief Diversity Officers in the Public and Private Sectors

For six years, Comptroller Stringer called for a Chief Diversity Officer (CDO) in City Hall and every City agency to serve as executive-level strategists, driving the representation of people of color and women across government. In July 2020, Mayor Bill de Blasio signed an executive order to appoint Chief Diversity Officers in every City agency. Although there is still no CDO with a citywide portfolio in City Hall, Comptroller Stringer finds growing implementation of the role across the public and private sector:

  • Thirty-six of the 50 most populous cities across the U.S. have appointed CDOs, and more than half of them report to the Mayor or City Manager.
  • Several federal agencies and the Executive Office of the U.S. President have implemented executive-level equity efforts.
  • Hiring of CDOs tripled between December 2019 and March 2021 within the S&P 500.
  • However, just 14 of the City’s top 50 vendors—which have collectively received over $5 billion from the City of New York—have publicly announced CDOs.

Utilization of M/WBEs during COVID-19

In July 2020, Comptroller Stringer’s Office surveyed 500 M/WBEs on the impact of COVID-19, finding that 85 percent of M/WBE firms projected less than six months of survival. A follow up survey from the Comptroller’s Office found that 50 percent of M/WBEs were forced to lay off or furlough employees. This report examines City spending with M/WBEs, finding that:
This report follows up on that survey, finding that:

  • Between March 2020 and July 2021, the City spent over $3.5 billion in COVID-19-related goods and services, and just 16 percent, or $554 million, went to M/WBEs.
  • Specifically, the City spent about $308 million, or about nine percent with women-owned businesses; $161.2 million, or about five percent, with Asian American-owned businesses; $43.2 million, or about one percent, with African American-owned businesses, and $41.2 million, or about one percent, with Hispanic American-owned businesses.
  • Two agencies alone made up more than 40 percent of the City’s total pandemic-related dollars. The Department of Citywide Administrative Services spent over $803 million and just ten percent went to M/WBEs. By contrast, the Department of Sanitation spent more than $732 million, and M/WBEs received 25 percent of those dollars.

Recommendations

Each year, Comptroller Stringer puts forth recommendations meant to reduce barriers and increase opportunities for M/WBEs. These recommendations are informed by needs identified by the Comptroller’s COVID-19 survey, the City’s M/WBE spending data, a series of focus groups with M/WBEs, and the Comptroller’s Advisory Council on Economic Growth through Diversity and Inclusion. As this administration prepares to leave office, we urge the next cohort of citywide leadership to prioritize diversity, equity, and inclusion within their first 100 days of office.

All incoming Citywide officials should appoint executive-level Chief Diversity Officers. The mayoral CDO should oversee the rollout of the City’s programs designed to increase diversity and inclusion within the City, and they should also play a role in the City’s Budget and should have oversight over agency Chief Diversity Officers to ensure a unified citywide inclusion effort In addition, the City Council should consider implementing CDOs, who should conduct racial impact analyses when legislation being considered, where appropriate. Other city officials should also consider implementing CDOs, including the Borough Presidents, the New York Public Advocate, and District Attorneys.

The next City leaders should adopt the Rooney Rule to ensure that their cabinets are diverse, and that they engage with communities of color, including M/WBEs, to develop their administrations’ goals. The Comptroller’s Office worked with more than 30 public companies to adopt the Rooney Rule, which requires them to include women and people of color in every future CEO search, as first adopted by the National Football League. In light of the success of this policy, the City should consider adopting the Rooney Rule for every cabinet-level position.

The next Comptroller should conduct a racial equity audit of the City’s agencies. With the signing of President Biden’s Executive Order On Advancing Racial Equity and Support for Underserved Communities Through the Federal Government, all federal agencies have been mandated to perform an equity assessment to address systemic barriers erected by government which have adversely impacted communities of color. The next Comptroller should mirror this federal effort citywide through an audit of all City agencies. The audit should examine supplier diversity gaps, workforce diversity gaps, pay equity gaps, and agency policies and practices that are systemically biased against communities of color.

The next Mayor should create a plan to close the gap between certification and receiving City spending for M/WBEs. Over the course of the last eight years, the City has almost tripled its list of certified M/WBEs from just 4,000 to almost 11,000 businesses. However, no more than 2,000 M/WBEs have ever received City contract dollars in a given year. Within their first 100 days, the next Mayor should create a plan to close the gap between the number of people in the program and the number of M/WBEs that win contracts.

The New York City Council should reassess M/WBE legislation with a targeted focus on goals. One of New York City’s most powerful tools in creating opportunities for M/WBEs is subcontracting. However, this report has shown that almost 70 percent of Local Law 1-eliglble contracts in FY 2021 were assigned goals below the City’s standard of 30 percent. This translated into just 437 M/WBEs receiving subcontracting dollars in FY 2021 – less than five percent of all certified firms. The next City Council should reassess M/WBE legislation with a targeted focus on goals. The Council should review ways that the City can use its full purchasing power to set aggressive M/WBE goals wherever there is M/WBE availability. For example, it should also explore more flexibility when it comes to criteria for granting waivers, including considerations of market availability of M/WBEs and industry standards around subcontracting. In addition, City Council should also utilize the next disparity study to expand the universe of businesses able to participate in the goals program, such as firms with LGBTQIA+ and disabled owners, immigrant-owned firms, and cooperatives.

To read Comptroller Stringer’s eighth annual “Making the Grade: New York City Agency Report Card on M/WBEs” report, click here.

Read More