By Wayne Dorris, CISSP
The security industry has changed considerably in recent years, and the line between physical security and cybersecurity is not as clear as it once was. Cameras, door locks, and other security tools are no longer strictly analog. Today, IP cameras upload their data to the cloud, electronic locks can be remotely activated or deactivated, and advanced analytics capabilities have enabled devices to send automatic alerts to the relevant authorities when they detect something out of the ordinary. There is a digital component to just about everything these days — a fact that has not escaped cybercriminals.
As physical security and cybersecurity converge, organizations must understand the potential threats they face — particularly amid a global pandemic that has left many facilities empty as employees engage in remote work. With fewer employees present to deter would-be criminals, many organizations are leaning more than ever on modern security solutions. And while those solutions have provided an unprecedented level of security and visibility, preventing them from being compromised is increasingly critical.
The Price Of Convenience
It’s hard to overstate just how far security technology has come in the past decade. Video surveillance no longer boils down to CCTV cameras sending live video to a giant bank of wall monitors. Cameras can now see well beyond the visual spectrum. Footage can be reviewed in real-time, rather than after the fact. And of course, the addition of audio solutions and advanced analytics have made things possible that would have seemed like miracles not so long ago. Thanks to rapid digitization, it is now possible to perform a range of actions — from remotely disengaging a lock to automatically alerting security personnel if raised voices or aggressive behavior are detected, potentially stopping an incident before it can even start.
These modern conveniences have come with a price: vulnerability. Network cameras, access control stations, facial recognition databases, and other modern security tools are connected to the internet, which is helpful for security professionals. But it also means that skilled cybercriminals can potentially access them as well. Today, every endpoint represents a potential inroad for attackers, which means that a camera with unpatched firmware, an application using unsecure protocols, or a laptop with poor password management could wind up compromising an entire network. And once an attacker has entered the network, it becomes much easier for them to move laterally, accessing different systems and potentially gaining access to protected data — a cybersecurity coner.
A savvy attacker who manages to infiltrate a corporate network via a poorly configured endpoint might be able to not only steal valuable user and financial information, but affect the physical property as well. And while it is hardly ideal to have a cybercriminal unlocking doors or accessing camera feeds, the potential consequences go well beyond that. Businesses utilizing fleet management systems or industrial control systems, for example, might find their operations seriously disrupted or damaged. In today’s world, businesses must recognize that every endpoint needs strong protections.
Strong Security Requires Team Effort
The convergence of cybersecurity and physical security has resulted in a convergence of responsibility, as well. When it comes to keeping devices secure, everyone has a role to play, from the manufacturer and the integrator all the way down to the user. With cybercriminals ready to exploit any potential weakness, everyone must do their part.
Users play a larger role than many may realize. Over time, it is inevitable that certain vulnerabilities will need to be patched. Even if a manufacturer releases such a patch, however, it is up to the user to actually install it. How many people have clicked ‘Maybe Later’ when their laptop or phone wants to install an update? These updates may be annoying, but they close known loopholes — which means attackers are already looking to exploit them. Unfortunately, while increased integration between systems has had many positive effects, it can be an issue in cases where firmware or software is version dependent, sometimes creating a chain reaction of necessary upgrades that places an undue burden on IT teams.
Manufactures, for their part, must continue to support their customers and products. They also have a responsibility to make sure that devices are secure when they ship. Today, devices ship with a unique set of credentials, but manufacturers can also help by including software capable of detecting whether a device has been tampered with between when it is built and when it is activated. Customers must know that the devices they purchase can be trusted from day one.
Integrators, too, have a role to play. As the expert liaisons between manufacturers and customers, they can not only advise customers on the right products to suit their specific needs, but work to avoid the sort of misconfigurations that provide openings for attackers. With the cloud becoming increasingly prominent, misconfigurations are a growing source of worry for security professionals, and responsible integrators can help allay cybersecurity concerns.
The Future Is Bright
A recent survey from Axis Communications found that 45% of security leaders expect end-customers’ acceptance of AI to accelerate, demonstrating a clear understanding of the value of advanced, integrated security solutions. Moreover, the survey found that COVID-19 is fueling customer adoption of more advanced technology. To this point, security professionals cited remote monitoring to lower personal contact (49%), access control for contactless entry (49%), the adoption of analytics for crowd management (35%), reducing high-traffic areas with heat mapping solutions (32%), and curbside pickup with analytics (23%) as increasingly important concerns for customers to address.
As facilities and customers continue to adopt intelligent, integrated solutions, and modern technology and global trends drive the security industry forward, new advancements are enabling security teams to become increasingly proactive rather than reactive when it comes to planning. And while these new tools and devices come with potential vulnerabilities, so too does any piece of technology. The rapid proliferation of connected devices has given businesses exciting new security tools to protect their facilities, and by working together manufactures, integrators, and users can ensure that both the physical world and the digital world remain safer than ever.
Dorris is business development manager, cybersecurity, for Axis Communications, Inc. He is a segment development manager for the company covering the Americas and in this capacity generates awareness, and assists with cyber strategy and demand in Axis products. An industry leader in network video, Axis offers products and services for video surveillance and analytics, access control, intercom and audio systems.
Want more news about facility management and security topics?
Click here to read more news related to security and facility management.