JamesWillison-20

Project & Engagement Manager, IoT Security Foundation

Author Bio ▼

James Willison MA, is a recognised International leader in Security Convergence and Enterprise Security Risk Management. In 2020 IFSEC Global listed James #8 in the top 20 Cyber Security Thought Leaders across the world. Shortlisted in Security Serious Unsung Security Heroes Awards 2018, as a Security Leader/mentor. James is Co Chair, Smart Buildings Working Group, Internet of Things Security Foundation and a member of the ASIS International ESRM Steering Committee. He is founder of Unified Security Ltd, a Vidsys consultant, works with AXIS Communications on cyber security and advises on the IFSEC Converged Security Centre.James was awarded the Imbert Prize for an ‘outstanding contribution to the Security Industry in 2011’ for his work on convergence with ASIS Europe and the Information Security Awareness Forum. He has more than 20 years of management experience in the physical and information security industry, including posts as Advisor on Convergence to the Mitie TSM Board, Senior lecturer in Security Management at Loughborough University and Digital Security Expert with the European Union. He has co-authored three White Papers and a series of new articles with Sarb Sembhi, sponsored by AXIS Communications, on ESRM, GDPR and Smart Buildings and Cities’ Security.
December 11, 2019

Download

State of Physical Access Trend Report 2024

The growing significance of converged security

Converged Security-19

Image from the BBC’s, The Capture

James Willison MA Founder, Unified Security, and Sarb Sembhi CISM, CTO & CISO, Virtually Informed, offer a closer look into why converged security will continue to be a major theme in 2020.

IFSEC International welcomes back the Converged Security Centre in 2020. What is the reason? Well, there continues to be an increasing concern amongst end users of CCTV and access control systems that their physical security devices and systems could cause major problems for the IT network, and they need reassurances that this will not be the case.

The last thing anyone wants is an email from HR highlighting an investigation that identified a GDPR breach had occurred and it was your systems that were used to install malware on the IT network, which in turn led to an invoice being paid by the Finance Director to a cyber fraudster. Whilst such incidents may be rare, it is crucial to be able to identify unusual network behaviour on your CCTV or access control systems.

 

A centralised solution

Since this is a growing concern, it highlights the need for businesses to adopt a converged security centre solution. A central platform brings all your physical security systems together in one place, from any location in your organisation, so that you can see what is happening at all times. It also brings in cyber security feeds and monitoring solutions, including social media.

Security operators can therefore identify whether hackers are in the building, or it is an online attack, in the event of a network disruption. For example, if an employee badges in and the camera indicates that a different person is logging into the network from outside on their PC or even inside, then further access to the network can be quickly denied. If the camera itself has been hacked – an ever more commonplace occurrence, as the BBC’s The Capture programme has portrayed – then this too can be identified. Again, this was emphasised in the show, when the timing of the recording is changed so that the viewer doesn’t see what is happening in real time.

“Six million CCTV cameras in the UK. Almost all of them are online. And if they’re online…They can be hacked.”*

Joining up the dots means that policies in the centre’s software can isolate devices which are acting in unexpected ways. Even those CCTV cameras which have a mature cyber security solution to protect them can be subject to attack, which the centre will detect and send an alert to the security team that it is being controlled by a rogue actor. As an example, the scenario might involve a criminal gang that has gained access to the camera to change its direction, enabling an accomplice to enter the building unnoticed to commit theft.

Whilst we applaud new legislation that ensures CCTV systems are better protected by changing passwords or updating firmware, this doesn’t mean they cannot be controlled by an attacker. It is still crucial to bring all your systems to one place to, offer a more clear and defined overall picture.

 

Proven platform

We were delighted that Vidsys was awarded Security Software Manufacturer of the Year at the IFSEC Security and Fire Excellence Awards in November. The Vidsys solution allows any physical security system and device to be brought to one platform, with no necessity to install additional software across other locations.

It also works with the most advanced Security Information and Event Management (SIEM) solutions,. This means that a cyber attack can be seen on physical systems and bring in any physical device, such as a CCTV or an access control point, to contain the threat and respond accordingly, in line with company policies. At the same time, it monitors attacks in near real time on the IT network. Fraudulent behaviour can therefore be quickly identified and a suspicious insider attack can be stopped before it escalates into a serious, large-scale incident. Fraud remains the most commonly experienced crime in the UK, with an estimated overall cost of £190 billion (cited in NCA 2019 National Strategic Assessment of Serious and Organised Crime).

When you join up physical and logical access monitoring, it provides the security team with a better chance of following a single audit trail and locking out staff while their access rights are checked. While they may be genuine and simply need access updated, if the camera shows a different face to the ID badge being used to log into the payroll system then action can be taken. Since some fraudulent activities can take about two years before they are identified in other ways, using this kind of converged physical logical monitoring is of significant value. Crucially, the Centre not only enables this kind of near real time risk management, but it also produces reports on the data.

Vidsys’ additional integrations with highly sophisticated and advanced Artificial Intelligence is used to make sense of all the cyber physical data and send alerts, in line with company policies and the latest legislation. As it does so, it means the Vidsys solution can produce reports which can be used to verify the action taken, should this be required, by an investigation and possible legal proceedings. As more and more GDPR and NIS Directive fines are issued, the need to monitor and respond effectively is only set to increase in 2020.

Clearly then, it is vital that organisations consider how to evidence their prevention solutions and responses, given the increasing occurrence of legislative fines in the sector – and a converged security centre could well provide the answer.

*Quote courtesy of the BBC’s, The Capture – September 2019 : Episode 4: 25:00

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

VideoSurveillanceReport-FrontCover-23

Related Topics

Subscribe
Notify of
guest
3 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] highlighting for some time, as they call for growing awareness of potential vulnerabilities and the uptake of converged security solutions to cover both cyber and physical […]

trackback

[…] highlighting for some time, as they call for growing awareness of potential vulnerabilities and the uptake of converged security solutions to cover both cyber and physical […]

trackback

[…] practical outcome of a converged security approach will be the building of CONVERGED SECURITY CENTRES. These have been showcased at the Excel Centre in the leading security exhibition, IFSEC […]