International Security Journal hears exclusively from Mathieu Chevalier, Principal Security Architect, Genetec about approaching cybersecurity and physical security effectively.
The usage of Internet of Things (IoT) devices has benefitted organisations’ ability to improve security and monitor activities in large, distributed spaces.
However, with the benefits of connectivity, accessibility, mobility and data sharing come cybersecurity risks.
Devices such as cameras, access control readers and alarm panels can provide an entry point for cyber-attacks on the networks of large and small enterprises.
In a recent survey conducted by Genetec of over 5,500 security professionals, over a third (31%) of end-user respondents indicated cyber threat actors targeted their organisation in 2023, with some sectors being more effected than others.
73% of respondents in the intelligence and national security sector and 46% of respondents in the banking and finance sector said they were the victims of cyber-attacks.
Conversely, only 21% in the retail sector noted the attack.
Securing these devices is paramount and new strategies for managing access to these devices are critical.
Thankfully, organisations are deploying cybersecurity related tools in their physical security environments.
This is a significant increase compared to last year when only 27% of said they had implemented processes to protect themselves.
What can organisations do to mitigate cybersecurity threats?
Being proactive is the first line of defence. Below are some considerations to take as you seek to protect against cyberthreats to your systems, as well as stay compliant with cybersecurity standards and laws.
1. Partner with a physical security provider who makes cybersecurity a top priority
Select a physical security provider that invests heavily in cybersecurity.
There are several questions to help further identify whether or not they are taking the necessary cybersecurity precautions.
For example, are they certified by a third party? Are they SOC2 compliant? Are they ISO 27001 certified? Are they using IT security best practices?
Consider selecting a physical security provider who makes cybersecurity a priority as a top-down approach in all that they do.
This will include dedicated cybersecurity teams or departments and partnerships with vendors who share the same level of commitment toward cybersecurity.
Certain cybersecurity measures are hard to implement at scale, for example, updating firmware or changing passwords.
A company that is committed to cybersecurity will help you develop the right cybersecurity posture to scale.
Likewise, they will partner with suppliers that place the same level of importance on cybersecurity.
2. Consider solutions with build-in cybersecurity measures
Although a physical security system could be threatened, there are many ways to further mitigate the risk of malicious attacks.
Deciding on a solution requires companies to determine whether the solution is designed with security in mind and has built-in cybersecurity measures.
When a product is designed, built and tested with security by default, essential features such as authentication, authorisation, encryption and privacy are built into the system.
These measures also ensure that only those with set privileges will be able to access specified assets, data and applications.
- Authentication – the process of user authentication is the first level of identity management. This prevents your data from getting into the wrong hands. Modern, multi-factor authentication (MFA) validates the identity of the user so only approved users are able to access information
- Authorisation – Authorisation helps define the access rights of a person or entity. An organisations administrator can define the rights of different individuals and configure access privileges depending on their roles and the level of access they are trying to achieve
- Encryption – Encryption protects the confidentiality of a company’s data both in transit and when stored. When data is encrypted, its rendered unusable unless accessed by authorised users.
- Privacy by design – There doesn’t have to be a trade-off between maximising privacy and security Security solutions that offer privacy protection by design allow companies to have more control over their data. A physical security provider can help their customers define who has access rights to sensitive video footage without hampering the details required to complete their investigations
3. Minimise vulnerabilities by moving to a hybrid or cloud approach
Moving your physical security to the cloud or using a hybrid approach can further mitigate your cybersecurity risks.
Modern cloud systems include many layers of cybersecurity designed not only to protect against malicious actors, but also human error.
Moving to the cloud also helps share the cybersecurity responsibility with your cloud provider.
The providers who take advanced cybersecurity precautions often offer the possibility to streamline maintenance and updates, which is crucial to ensuring secure systems.
By using hybrid or cloud solutions, you’ll always have access to the latest built-in cybersecurity features.
Examples include privacy controls, strong user authentication and various system health monitoring tools.
When the latest versions and updates are available, they’ll be pushed immediately into your system.
Your physical security system remains better protected against vulnerabilities and is actively monitored to detect and defend against cyber-attacks.
Where cyber and physical security meet
To best protect your organisation from cyber-attacks, physical security and cybersecurity go hand-in-hand.
Physical security systems with built in security and privacy-by-design features can better ensure that people, spaces and assets are protected.
Likewise, a trusted provider can offer a team approach to ensure that your entire system is designed, built and managed with your organisations end-to-end security in mind.
