IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Paul Dodds, Country Manager Genetec UK & Ireland explains the key questions physical security teams should be asking themselves to assess whether their current infrastructure is secure and guards against cyber vulnerabilities.
Paul Dodds, Country Manager Genetec UK & Ireland
Securing an organisation has evolved beyond hanging cameras, managing access, and protecting perimeters. Alongside physical intrusions, end users and installers must also consider the cyber threats we are facing. This is often where older proprietary security technologies are found lacking.
Legacy systems and devices often weren’t designed with cyber security in mind. They simply can’t support the IT security and privacy fundamentals of ensuring data confidentiality integrity, and availability.
The following questions will help you assess whether your current infrastructure is impeding your cyber security posture.
Do you know how much time is spent each month on keeping physical security systems secure?
Cyber security is a shared responsibility and physical security solutions are increasingly being used as an entry point for hackers. To remain secure IoT devices such as video surveillance cameras, and access control readers must regularly have their software and firmware updated. Otherwise, they quickly become vulnerabilities that can be exploited.
Presently, many organisations opt to bring separate physical security solutions together solely via integration, which involves combining disparate systems with varying levels of communication and interoperability. Without a unified platform underpinning it, integration can quickly become both time consuming and costly. It requires hours or even days every month to upgrade the different software/firmware and manage cyber security practices across each independent system.
Moreover, the lack of a unified platform decreases visibility, making it easier to overlook a possible weak point in an organisation’s cyber security. Unified tools and services help address this by alerting the operator to potential vulnerabilities and streamlining the process of installing updates. They also bring useful functionality such as single sign-on capabilities with multifactor authentication, meaning that the maintenance of strong password policies doesn’t come at the expense of observability and immediate data access.
Are you proactively working with IT to improve overall security?
To counter cyber threats and boost efficiencies, information security professionals must proactively partner with their counterparts in physical security to better understand the vulnerabilities in their system and work to develop strong governance and processes to avoid cyber attacks.
This means combining both physical and cyber security under a unified cyber-physical security framework, ensuring that only trusted devices are integrated in the network and subsequently configured, updated and managed throughout their operational life. By implementing a single, global data protection and privacy strategy, companies gain access to the latest versions and fixes as soon as they become available. Ensuring that physical security systems are always up-to-date and protected against vulnerabilities.
There are many things that can be done to build resilience into a physical security deployment. It’s vital to take a layered approach so that the business remains protected if an individual security precaution fails. Information security professionals can advise on the most appropriate layers for a specific deployment. However, encryption, authentication and authorisation are three layers that should underpin any physical security system.
“To counter cyber threats and boost efficiencies, information security professionals must proactively partner with their counterparts in physical security to better understand the vulnerabilities in their system and work to develop strong governance and processes to avoid cyber attacks.”
Encryption ensures that all data sent from devices to a server or workstation is unreadable to unauthorised users. When it comes to video surveillance specifically it’s essential to use strong encryption methods for data in transit and at rest.
Authentication is a process that validates the identity of a user, server, or client application before granting them access. Deploying multiple forms of authentication for example, a physical security token alongside a username or password, adds additional safeguards.
Authorisation is the process that allows an organisation to set specific user privileges based on an employee’s seniority and job role. This might be related to when and what types of information can be viewed or shared externally and how long they have access to data for.
Are you maximising data potential?
At its core, unified security is a suite of products developed as one unit, integrating multiple data sources to create a powerful user experience. Such a solution allows for unprecedented customisation for operators to add licenses and modules as needed – without having to worry about compatibility issues.
The centralisation of this data makes it much easier to leverage in a secure and consistent manner. This consolidation of data grants operators a greater awareness of all available sensors, allowing for the immediate access of relevant information around a security alert, such as bringing up the video feed to provide visual context for an alert triggered by the access control system. By having all physical security functions displayed as one seamless experience, operators are then able to make predictions and identify vulnerabilities within their premises, which in turn increases efficiency in incident response and decision-making.
Additionally, by offering organisations a comprehensive view over all relevant data, a unified platform can take full advantage of advanced analytics to gain actionable insight. Such insight empowers decision makers to make operational adjustments to boost business performance.
Unified security systems are a futureproof, cost-effective solution. Moving forward, businesses need to be creative about how they use, update and redeploy security systems. By combining disparate security systems into a single platform, unification offers the efficiency and flexibility needed to realise the full potential of all systems and data, protecting against threats within and without the business.
EBOOK: Lessons from IFSEC 2023 – Big Tech, Martyn’s Law and Drone Threats
Read IFSEC Insider’s exclusive IFSEC eBook and explore the key takeaways from the 2023 show!
Navigate the impact of Big Tech on access control, gain insights from Omdia’s analysts on video surveillance trends, and explore sessions covering topics like futureproofing CCTV networks, addressing the rising drone threat, and the crucial role of user proficiency in security technology.
There's also an exclusive interview with Figen Murray, the driver behind Martyn's Law legislation.
Why a unified security approach offers an easier, more effective way to protect dataExploring the key questions physical security teams should be asking themselves to assess whether their current infrastructure is secure.
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources
Related Topics
Bringing balance to security risk management – “Let’s fix the wobbly chair!”
How do you protect access management systems in a connected environment? With a converged security centre of course…
What is credential theft and why should physical security professionals care?
