IP security cameras and other security devices are by their very nature connected to the internet. That’s what lets users access them remotely to check in on their business, and what lets manufacturers update device software without having to make a house call. But this feature can also be their Achilles’ heel. When not secured properly, any camera or access control device in the so-called Internet of Things (IoT) can be accessed remotely by just about anyone, not just those with whom you want to share access. Similarly, unencrypted communications between a server and client application, or out-of-date firmware can all be exploited by cybercriminals, potentially putting an entire organization’s network at risk.
And that’s a big problem for the physical security industry.
According to industry analyst firm, Gartner, by 2020 more than 25 percent of cyberattacks in enterprises will involve IoT devices. And yes, that includes the very devices that are supposed to help keep us safe. More than 60 percent of cyberattacks are currently on small to medium-sized businesses and small businesses are particularly vulnerable to these threats. Sixty percent of small companies are unable to sustain their business beyond six months following a major cyberattack.
Attacks on large businesses are also enormously expensive. According to a 2018 study by IBM and the Ponemon Institute, the average data breach costs companies $3.86 million and large-scale breaches can surpass $350 million.
You simply cannot afford to take any risks when it comes to protecting your physical security system against cyberthreats. The good news is you have help in the fight. Reputable physical security manufacturers and software developers have established a multitude of ways to protect against cyberthreats. And those that are most trusted don’t just stop there. They literally “attack” themselves in an effort to determine if their products really provide the protection they say they do. Another key partner that can help you protect against cyberthreats: trusted systems integrators who are in the field recommending and installing these physical security solutions.
How do cybercriminals gain access to a security system?
A poorly secured camera, unencrypted communications between a server and client application, or out-of-date firmware can all easily be exploited by cybercriminals. Ransomware attacks are particularly costly, and have been known to target systems running common, but outdated software.
All too often, people are the weakest link when it comes to cybersecurity breaches. Employees not changing default passwords on IoT devices is an easy way for opportunistic cybercriminals to gain access to your system. Brute force attacks consist of criminals guessing passwords, packet sniffing captures network traffic, and man-in-the-middle attacks eavesdrop on communications between two systems, using the gained information to their advantage.
Most physical security solutions are a work in progress with new devices being added to expand the system or to replace outdated or broken products. The process of adding new equipment – perhaps from a different manufacturer with less secure standards – is another opportunity for a vulnerability.
Emboldened cybercriminals may have increased the scope of their attacks, but that doesn’t mean you are defenseless against cyberattacks.
What elements must a cybersecurity solution have?
One of the most important ways to combat cyberthreats is with a plan. Companies must develop training and educate their workforce as to the importance of best practices and the diligence in adhering to company policy. Choosing a systems integrator that recommends only the most trusted manufacturers and emphasizes the importance of cybersecurity is a good start. Together, you’ll need to develop a solution that implements multiple layers of cybersecurity including encryption, authentication, and authorization to your critical business and security systems.
Encryption is the process through which data is encoded so that it remains hidden from or inaccessible to unauthorized users. It helps protect private information, sensitive data, and can enhance the security of communication between client apps and servers. When your data is encrypted, even if an unauthorized person, entity, or cybercriminal gains access to it, they will not be able to read or understand it.
Authentication is the process of first determining if an entity-user, server, or client app is who or what they claim to be, followed by verification of if and how that entity should access a system. Depending on the setup, authentication can occur on either the client-side or server-side, or at both ends. Client-side authentication uses username and password combinations, tokens, and other techniques while server-side authentication uses certificates to identify trusted third parties. Two-factor authentication refers to two forms of authentication used in combination. Authentication is an important tool for keeping your data from getting into the wrong hands. It prevents unauthorized access and ensures that your security personnel are, in fact, the ones accessing your system when they log in. This means hackers can’t pretend to be a security server in order to take control of, manipulate, or copy your valuable and sensitive data.
Authorization is the function that enables security system administrators to specify user or operator access rights and privileges. Administrators restrict the scope of activity on a system by giving access rights to groups of individuals for resources, data, or applications and defining what users can do with these resources. When administrators manage what their personnel can see and do, they are ensuring the security of the data transmitted and stored within the security system. This is a key way to increase the security of the system as a whole, as well as enhance the security of the other systems connected to it.
You can never be complacent when it comes to cybersecurity
With almost daily reports of another hack or security breach, many are starting to suffer from cyber security awareness fatigue. However, nobody can afford to become complacent in the war against cybercriminals. Once you’ve strategized and invested in a cybersecurity strategy to protect your physical security investment, it’s important to remain vigilant.
1. Only choose trusted and reputable security product manufacturers who are committed to protecting your organization from cyberthreats. There are a number of governmental and organizational compliance requirements when it comes to information protection and privacy. Be sure to choose a company that takes these requirements seriously.
2. A company that’s serious about cybersecurity will also conduct its own penetration testing. Penetration tests should be done on a recurring basis to catch any vulnerabilities that could have been missed during product development.
3. When working with a systems integrator to develop or maintain a physical security solution, it’s important to share your concerns about cybersecurity at the onset. A systems integrator must consider cybersecurity a top priority and should only recommend products from trusted manufacturers who are also committed to protecting your system.
4. To mitigate the financial risk of cyberattacks, some companies are also turning to cyber liability insurance. It’s a relatively new type of coverage offered by insurance companies to protect businesses against Internet-based threats and data breaches. While not a “get of our jail free” card, cyber liability insurance will give integrators peace of mind and allow companies to access funds to manage a cyberattack response and keep the business running.
Cybersecurity is becoming one of the top business risks for organizations of all sizes. Everyone has a role in protecting your physical security system from cyberattacks. Be sure to choose trusted vendors who use multiple layers of defense such as encryption, authentication, and authorization, as well as penetration testing. Only work with systems integrators who are committed to providing continuous protection against cyberthreats. The success of your business may depend on it.