Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Wednesday, 17 August 2022 08:59

Hardening physical security to protect against cyberattacks

By George Moawad, ANZ country manager at Genetec
George Moawad, Country Manager - ANZ, Genetec George Moawad, Country Manager - ANZ, Genetec

GUEST OPINION: As the world has become increasingly interconnected through the move to cloud computing and Internet of Things (IoT) devices, cyber-crime has risen steadily, along with tools to combat it. However, geopolitical tensions between countries have the potential to rapidly unleash devastating cyberattacks worldwide, escalating the need to be cyber aware.

As conflicts continue and geopolitical tensions rise, public and private sector organisations must be extra vigilant and on heightened alert for malicious cyber activity targeting their networks. Borders do not exist in cyberspace and once malware is deployed it can infect vulnerable systems worldwide.

It may seem ironic that a physical security solution designed to protect people and property can provide an entry point for cybercriminals. But because these systems – video surveillance, access control, alarms, communications, and more – are increasingly connected to a range of IoT devices, networks and IT infrastructure, they can be quite vulnerable.

While security teams are regularly on the alert to ward off attacks designed to remotely stop the video feed from a camera, open or lock a door, or disrupt critical building systems, most cyber-attacks are not intended to compromise the physical safety of people or property. Instead, these attacks target applications, files and data managed by IT. An attack that originates in a camera can find its way through the network to block access to critical applications; lock and hold files for ransom; and steal personal data.

Closing the Gaps

To determine the cyber risk of physical security systems, organisations should conduct a posture assessment, creating and maintaining an inventory of all network-connected devices and their connectivity, firmware version and configuration. As part of the assessment, they must identify models and manufacturers of concern. They should also document all users with knowledge of security devices and systems.

The review can pinpoint devices and systems that should be replaced. When developing a replacement program, organisations should prioritise strategies that support modernisation. One effective approach is to unify physical and cybersecurity devices and software on a single, open architecture platform with centralised management tools and views.

Additionally, while it’s a bigger undertaking, it is highly recommended that organisations bring cybersecurity and physical security teams together to work collaboratively and proactively, so they can develop a comprehensive security program based on a common understanding of risk, responsibilities, strategies, and practices.

Ongoing Best Practices

Once secure devices and protocols are in place, organisations should follow best practices to keep physical security systems safe and sound.

Security monitoring. Ensure all network-connected physical security devices are monitored and managed by the IT tools for network and security management. Also check for features in the video management system (VMS) and access control system (ACS) that provide alerts or data for use by IT’s network and security monitoring tools. 

Protection measures. Use secure protocols to connect devices to the network. Disable access methods that support a low level of security protection, and continually verify configurations of security features and alerts. Of course, replace default passwords with new ones that are changed on a regular schedule. 

Encryption. End-to-end encryption offers the most security to protect video streams and data as they travel from the physical security device to a management system for viewing. Also ensure that encryption protects these files and data while in storage. 

Access defenses. Strengthen the security of user and device access with a multilayer strategy that includes multifactor access authentication and defined user authorisations. 

Software updates. One management function that can be overlooked when cybersecurity and physical security teams are separate is installation of software updates and patches. Define who is responsible for maintaining awareness of when updates are available, and who vets, deploys and documents updates on all devices and systems. 

Supply chain. Ensure that all suppliers of hardware and software for your physical security systems – including manufacturers of components within OEM solutions -- take cybersecurity into account in the development of their solutions, right from the design stage. They should communicate transparently about their possible vulnerabilities, do everything possible to remedy them, and assume their responsibilities in the event of a breach.

There is no such thing as zero risk when it comes to cybersecurity. By recognising that physical and cyber domains are interdependent, by applying best practices and implementing systematic cyber-hygiene policies, organisations can dramatically reduce risk and strengthen security, even as cyber-threats grow more sophisticated and targeted amidst global political turmoil.

Read 1450 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News