As more and more security surveillance solutions become IP-based, the threat of cybersecurity is becoming increasingly critical. Recent months have seen increasing numbers of attacks that have exploited various vulnerabilities in operating systems and given hackers access to sensitive information that included surveillance data. And if such malicious attempts were not enough to cause panic, there was also the ransomware attack that infected thousands of computers and sent cybersecurity specialists scrambling for answers.
In this context, it is reassuring to see that several physical security companies are coming forward to take steps to ensure that their solutions are as safe as possible from hackers and malware.
Potential weak links
Physical access control systems are sophisticated IT applications in their own right. They communicate on the network and feature all the hardware and software components that can be vulnerable to cyber-attacks, unless cyber protective measures are an integrated part of the design.
A typical access control system can consists of several different kinds of devices that could be of varying age, model etc. scattered throughout a building. For several organizations there is great potential to improve unmanaged, and therefore unsecure, weak links to an access control system.
In addition, physical access control really should be one of the first lines of cyber defense. This means that security of the security system should be a high priority. And don’t forget: people can often be the weakest link, no matter how sophisticated your security system is.
Most underestimated security risks
Despite the recent cyberattacks and the warnings that have followed it, there are still several organizations that are yet to take the security of physical security systems seriously. In fact, the most underestimated security risk is not having a combined IT and physical security strategy. Underestimating the fact that physical security systems need to have the same “end to end” security protection as other business critical systems could be a real vulnerability.
Physical security system owners and operators are generally not from the IT security department and they have different work-streams and objectives. Therefore, they tend to see a different set of risks. For physical security, IT may be just a part of getting things connected - which can be a challenge in its own right - and they do not demand that IT should determine policy for security of the device or system being connected.
Perhaps most importantly, with the policy of combining IT and physical security, there needs to be a process in place that will ensure what cyber-secure system features are expected and how they will be maintained without getting outdated. It requires a combined physical and cyber approach, bringing together the knowledge and expertise of each. This joint approach should also apply to suppliers by the way.
In short, as far as end users and systems integrators are concerned, cyber security threats should be as serious as a physical security threat. Neglecting this could turn out to be disastrous for an organization.
Source: a&s Magazine