3 Jun 2019

Editor Introduction

Cybersecurity has become the ultimate buzzword in the physical security market. And it also represents one of the industry’s most intractable challenges. Several years ago, the problem with cybersecurity was lack of awareness among physical security practitioners. It’s now safe to say that awareness has increased. Everyone today talks about cybersecurity, but has it helped the larger problem? We asked this week’s Expert Panel Roundtable: Is greater awareness helping to increase the cybersecurity of physical security systems?

I could not agree more that greater awareness is a key contributor to the increase in attention to the cybersecurity of physical security systems. The main takeaway from this cyber revolution is that the more we learn about the cloud and the Internet of Things (IoT), the more capable we are of strengthening them to meet the demands of today’s risk landscape. Manufacturers are factoring in cybersecurity more and more to a product’s design, with a layered approach across its lifecycle for consistent protection, which would likely not have happened without the cybersecurity awareness we’ve seen emerge. The demand from end users for a solution they can trust has increased significantly as the knowledge of cybersecurity has risen, which we can expect to see continue moving forward.

Hank Monaco Johnson Controls, Inc.

Facility managers and owners are concerned now more than ever about securing their building systems against cyber threats, especially their physical security systems. As systems integration plays a larger role in a smarter, safer and more connected building strategy, physical security solutions are at a greater risk to fall victim to cyber-attacks if there isn’t a cybersecurity strategy in place. For example, access control, which can house occupant information via a badge system, must be properly protected from malicious software and hacker threats or else occupant data is never fully secure. Whether protecting sensitive data or reducing system risk, security integrators must stay abreast of the latest cyber trends to help address potential threats and proactively mitigate cyber-related problems for their customers.

Drew Alexander STANLEY Security

On a daily basis, we hear of widely publicized cybersecurity incidents which affect our customer’s businesses, peace of mind, and assets. This new world is one the physical security industry has not been familiar with. What follows these well-publicized events is frustration and confusion, particularly for small and medium-sized businesses. Confusion then leads to application of ineffective security tools or, worse, inaction. The physical and network security industries continue to converge. Our customers will change, and the overall security budget will continue to be shared between addressing physical space security requirements (door access, video surveillance, intrusion detection, and fire monitoring) and delivering a continuous solution for overall network security. Those who choose to educate themselves on the problem(s), as well as the proper tools, will be leaders in serving their customers most effectively. The integrator channel should deliver both physical and network security at an efficient, cost-effective level.

The cybersecurity threats of today are complex and sophisticated, which means reactivity is no longer an acceptable response. With the high-stakes task of keeping data, people, and property safe from a potential breach, a proactive approach is essential to avoid business disruption and catastrophic damage to an organization's reputation. Yes, awareness is helping increase cybersecurity, but more must be done to achieve measurable results. When designing security infrastructure, most solutions are based on dozens of separate systems that produce an overwhelming amount of siloed data. Because of a lack of integration, organizations can struggle to create connections between multiple security sensors to glean useful intelligence. By building information security operations centers (ISOCs) that collect and transform data within a unified platform, operators can obtain insights they need to establish a proactive approach that can guide investigations and identify and remedy cyber-attacks to minimize damage and ultimately prevent them from occurring.

As we've seen over the last several years, cybersecurity is at the top of everyone's concerns. But it wasn't until organizations started to feel the effects of cyber-attacks that the industry started paying attention to the processes by which solutions were built and protected. This, in part, can be attributed to greater awareness and the negative repercussions of significant breaches. While in some cases, manufacturers have addressed these concerns within physical security systems, it's an ever-evolving issue that no one can ever truly “solve.” The solution — aside from continued awareness — is that we as an industry have to keep focusing on it and trying to work toward the protection of our networks, day in and day out. Of course, challenges will continue to be presented with regard to strengthening cybersecurity protocols, so we all have to keep evolving and moving forward in a concerted effort to thwart threats.

Cybersecurity has many moving parts, so increased awareness of vulnerabilities is a great first step. However, a heightened awareness does not necessarily equate to an increase in best practices. People certainly have a different attitude toward aspects of cybersecurity compared to five years ago, but there are so many different facets to it that it is impossible to say that increased awareness increases the cybersecurity of physical security systems in general. For example, people seem to use passwords more correctly than they have in the past, but that is just one small aspect of keeping things secure. Awareness is great, but an increase in best practices all around is what will really combat cybersecurity threats.

Brandon Reich Pivot3, Inc.

Globally, there's been increasing awareness about cyber threats and the potential damage that can be caused by not addressing cybersecurity concerns from a very early stage. As a result, it has become more vital than ever to protect physical security systems such as video surveillance to ensure critical and sensitive information is secure and safeguarded from unauthorized use. One step in achieving this is through the deployment of infrastructure solutions that employ advanced cybersecurity technologies. A threat could enter from anywhere in an organization’s ecosystem, and regardless of the nature of the attack, the cyber criminal’s goal is to exploit vulnerabilities quickly and profit from them. Therefore, we as an industry need to provide products and services that deliver resilient protection methods, align with current IT processes, and take advantage of modern technology such as data encryption— all of which will become more prominent as cybersecurity awareness rises.

In an age where most of our personal data is held online, you would like to think there is greater awareness of the need for diligent cybersecurity, but I suspect the weak point for many systems is the humans using them! A recent survey by the NCSC (National Cyber Security Centre – part of the UK Government Communications Headquarters, GCHQ) showed that many people still use easily-guessed passwords and only 15% say they know a great deal about protecting themselves online. Unfortunately, there seems to be an urgent need for more education on the importance of good password protection. Linking cybersecurity and physical security is still the best approach, as it allows security and management teams to oversee all the protected areas and to act quickly during an incident. However, any security system can be compromised if individuals or the organization as a whole are lax with password protection.

Alex Johnson Verint Systems

Greater awareness of cybersecurity threats is absolutely improving the cybersecurity of physical security devices. As a result, we see increased focus on the mitigation of IT threats from both manufacturers and the end users. Manufacturers are adding additional encryption to their solutions, as well as conducting third-party penetration testing to improve the security of their solutions. From both the hardware and software side, we are also seeing product vendors working together to develop comprehensive cybersecurity solutions to create a multi-layered cyber defense strategy. End users are employing a similar approach by architecting networks to be more secure as well as adding additional layers of cybersecurity threat protection. Overall, the growing awareness of cyber risks is propelling organisations to take a more proactive approach to risk management — and that is a great thing for our industry.

Editor Summary

The first step to solving any challenge is to know it exists. Relating to cybersecurity challenges in the physical security market, it is safe to say that the first step has been achieved. We are all talking more about cybersecurity than ever before, and that awareness is also driving realistic approaches to address the bigger problem. However, as our Expert Roundtable Panelists point out, there is much still to be done.