Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
May 10, 2023


Lithium-Ion batteries. A guide to the fire risk that isn’t going away but can be managed

Cyber security

Taking a proactive approach to protecting physical security systems from cyber-attacks

In a recent survey conducted by Genetec, 36% of respondents globally said they were looking to invest in cyber security-related tools to improve their physical security environment in the next 12 months.

Paul Dodds_GenetecHere, Paul Dodds, Country Manager UK and Ireland at Genetec, offers three pieces of advice for physical security professionals looking to protect their systems and devices from cyber-attacks.

In an industry where cyber security has not always been top of mind, the results of the survey demonstrate that respondents are starting to recognise that these cyber threats are real and their physical security systems are a potential platform for cyber-attacks.

The usage of IoT devices has benefited organisations’ ability to improve security and monitor activities in large, distributed spaces. However, with the benefits of connectivity, accessibility, mobility, and data sharing – come cyber risks.

Devices such as video surveillance cameras, access control readers, and alarm panels can provide an entry point to gain access to networks of large and small enterprises via their physical security systems.

Securing these devices is paramount, and new strategies for managing access to these devices are critical. Companies are increasingly recognising the importance of proactively protecting against cyber threats and the potential vulnerability of their IoT devices.

What can organisations do to mitigate cyber security threats?

Being proactive is the first line of defence. Here are some considerations to take as you seek to protect against cyber security threats to your systems, as well as stay compliant with cyber security standards and laws.

1) Partner with a physical security provider who makes cyber security a top priority

Select a physical security provider that invests heavily in cyber security. There are several questions to help further identify whether or not they are taking the necessary cyber security precautions.

  • Are they certified by a third party?
  • Are they SOC2 compliant?
  • Are they ISO 27001 certified?
  • Are they using IT security best practises?

Consider selecting a physical security provider who makes cyber security a priority as a top-down approach in all that they do. This will include dedicated cyber security teams or departments and partnerships with vendors who share the same level of commitment toward cyber security.

Certain cyber security measures are hard to implement at scale, for example, updating firmware or changing passwords. A company that is committed to cyber security will help you develop the right cyber security posture to scale.

They can vet their suppliers and partners of IoT devices to ensure they have the maturity and longevity to meet your cyber security needs both now and as your organisation grows. Likewise, they will partner with suppliers that share the same vision of the importance of cyber security.


2) Consider solutions with built-in cyber security measures

Although a physical security system could be threatened, there are many ways to further mitigate the risk of malicious attacks. Deciding on a solution requires companies to determine whether the solution is designed with security in mind and has built-in cyber security measures.

When a product is designed, built, coded, and tested with security by default, essential features such as authentication, authorisation, encryption, and privacy are built into the system. These measures also ensure only those with set privileges will be able to access specified assets, data, and applications.

Authentication – the process of user authentication is the first level of identity management. This prevents your data from getting into the wrong hands. Modern, multi-factor authentication (MFA) validates the identity of the user so only approved users are able to access information.

Authorisation – authorisation helps define the access rights of a person or entity. An organisation’s administrator can define the rights of different individuals and configure more or less restrictive access privileges depending on their roles and the level of access they are trying to achieve.

Encryption – encryption protects the confidentiality of a company’s data both in transit and when stored. When data is encrypted it is rendered unusable unless accessed by authorised users.

Encryption can’t be effective without authentication and therefore ensures you are sharing your data with authorised users. When your physical security provider has built-in encryption, sensitive data is protected by default.

Privacy by design – there doesn’t have to be a trade-off when it comes to maximising privacy and security. Security solutions that offer privacy protection by design allow companies to have more control over their data to meet regulations and securely store that data.

A physical security provider can help their customers define who has access rights to sensitive video footage without hampering the details required to complete their investigations.

3) Minimise vulnerabilities by moving to a hybrid or cloud approach

PhotoStock-VideoSurveillanceCameras-CCTV-23Moving your physical security to the cloud or using a hybrid approach can further mitigate your cyber security risks. Modern cloud systems include many layers of cyber security designed not only to protect against malicious actors but also human error.

Moving to the cloud also helps share the cyber security responsibility with your cloud provider. The providers who take advanced cyber security precautions often offer the possibility to streamline maintenance and updates – which is crucial to ensuring secure systems.

By using a hybrid or cloud solution, you’ll always have access to the latest built-in cyber security features, including privacy controls, strong user authentication, and various system health monitoring tools. As soon as the latest versions and updates are available, they’ll be pushed immediately to your system.

This helps your physical security systems remain protected against vulnerabilities and stay actively monitored to detect and defend against cyber-attacks.

Where cyber and physical security meet

To best protect your organisation from cyber-attacks, physical security and cyber security go hand-in-hand.

Physical security systems with built-in security and privacy-by-design features can better ensure people, spaces, and assets are protected. Likewise, a trusted provider can offer a team approach to ensure your entire ecosystem is designed, built, and managed with your organisation’s end-to-end security in mind.


Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.


Related Topics

Notify of
Inline Feedbacks
View all comments