4 Reasons Why Cyber Security & Physical Security Need to Work Together

In an increasingly digital world, it’s critical to have a security strategy to protect your systems against both physical and cyber threats. Cameras, door controllers and other physical security devices and systems are smarter and more interconnected than ever. To help you better understand the nuances and responsibilities involved in keeping your systems safe, we’ve prepared this list of 4 reasons why your cybersecurity and physical security should go hand-in-hand.

1. Physical security systems face cyber threats

A poorly secured camera, unencrypted communications between a server and client application, or out-of-date firmware can all be exploited by cybercriminals. The problem is obvious – protecting security systems can’t only be physical. Cyber threats are pervasive as well.

In 2016, a significant manufacturer of IP cameras, using the open-source operating system Linux on its cameras had over a million of its cameras hacked and used to carry out distributed denial of service (DDoS) attacks. In 2014, one of the largest manufacturers of video surveillance equipment globally had its digital video recorders (DVRs) hacked and used to mine Bitcoin.

In August 2019 The Guardian reported that the fingerprints of over 1 million people, facial recognition data, and unencrypted usernames and passwords were discovered on a manufacturer’s publicly accessible database, used by customers, including London’s Metropolitan Police Force.

Because physical security devices, like cameras and card readers used for access control, and security management applications, like Video Management Systems (VMS) and IP Access Control Systems (which can be integrated with logical access systems like Active Directory), are on networks and connected with other business systems they’re a platform for cyber risk.

Although some physical security teams work with their IT departments and security system integrators to prioritise cybersecurity, many organisations still neglect it.

2. Hackers are helped by poor employee cyber hygiene

Let’s qualify what we mean by this. Your employees are prime targets for cyber threats. Their passwords, email accounts and mobile apps are potential access points into your network. The strongest encryption can’t defend your system against weak or compromised passwords.

That’s why management needs to set clear guidelines and implement proper processes, i.e. requiring staff to change – and not duplicate – passwords regularly and put cyber security training programs in place. Employees need to be educated about IT best practices and the potential social engineering techniques they face. For example, starting with simple password creation tips and ways to identify phishing emails from legitimate communications will help mitigate cyber risks. Similarly, failing to install a security update by leaving it to an employee’s discretion is also a risk. Adopt the mindset that you’re constantly under threat and train your employees to look out for suspicious activity and react when a breach occurs. Cybercriminals don’t need to spend time cracking codes when poor employee cyber-hygiene makes it easy to take them.

3. Cyber breaches can affect physical security systems

Nowadays, most building services are connected and managed on a network. There’s a good chance that your heating, ventilation, and air conditioning (HVAC), elevator systems, lighting, perimeter access control, and communication systems are on network infrastructure. Unfortunately, this also means that your facilities’ physical security systems rely on the strength of your cyber defences. Unfortunately, this also means that your facilities’ physical security systems are reliant on the strength of your cyber defences.

Physical security solutions are an entry point that is being used to gain access to the networks of large and small enterprises. It might seem counterintuitive that physical security tools designed to keep people and assets safe can be the focus of a cyberattack. Still, devices such as video surveillance cameras, access control readers, and alarm panels are IoT devices. These devices are simply small computers that run software and may contain cybersecurity vulnerabilities that attackers can exploit as a beachhead for malicious actions.

To counter the threat, physical security professionals must proactively partner with their counterparts in information security to better understand the true limits of the security perimeter and work to develop strong governance and processes to avoid or mitigate cyberattacks.

This requires solidifying a resilient cyber-physical security framework to ensure only trusted devices are integrated into the network and configured, updated and managed throughout their operational life.

Professional system integrators understand this and should work with you to plan against cyber attacks on your network-dependent physical security infrastructure.

4. Hacker Exploits & Vulnerabilities

Beware – not all cameras are the same. A poorly secure camera or a camera running out-of-date firmware is an entry point for a cyber attack. The example of a camera is simple in its elegance because cameras are so ubiquitous, and after all, how could something so familiar to us be used to mount a cyber attack?

In the United States, the federal government has banned the purchase of IP cameras from certain manufacturers for US government video surveillance systems, US government-funded contracts, and possibly for ‘critical infrastructure’ and ‘national security’ usage because of well-known cybersecurity vulnerabilities. The risks are even more significant because of an equipment manufacturing practice known as OEMing. This means that manufacturers offer their products to resellers, who then reskin the cameras with their branding. It’s been reported that the two companies were banned from selling to US government entities and provided their products to at least 80 other companies globally. So, what’s the point of this example? It’s the easiest-to-understand example of why physical security devices and cybersecurity go hand-in-hand and how that relationship can go awry if not appropriately protected. A physical security device, a camera, must be cyber-hardened to eliminate it being used against you.

Ask your security system integrator questions about the cybersecurity of the cameras that they’re offering you. What’s their approach to cyber hardening? What are your responsibilities when physical security devices are put on the network? With more excellent connectivity of systems over the Internet, a vulnerable camera can become a gateway to your organisation’s data and sensitive information.

Conclusion

Cybersecurity and physical security are closely related, and the protection of your security systems is enhanced through successive layers of physical and logical security. Businesses’ reliance on IT to power commerce and the requirement to have this infrastructure physically protected means we stand to lose a lot more than email access in the event of an attack.

JD Security provides agile, world-class security for Australian organisations. Ready to evolve with us? Contact our team to stay ahead in physical security.

Call us on 1300 556 334 or email [email protected] to learn more.

Customers in New Zealand call 0800 345 677 or email [email protected].

Latest Posts

• JD Security is Turning 40!
• Improving Business Intelligence with AXIS Scene Metadata
• JD Security Wins at the AXIS Oceania Partner Summit 2024