“The threat is blended so the teams need to work together,” said Ellie Hurst, Marcomm and Media Manager for Advent IM at IFSEC International.
Hurst cited numerous attacks where hackers exploited vulnerabilities found in physical systems.
For example, in December, two individuals hacked into the Washington DC CCTV camera network days before Donald Trump’s inauguration. Meanwhile in October, Hangzhou Xionmai Technology, a vendor behind DVRs and internet-connected cameras, inadvertently played a role in a wide-scale DDOS attacks against PayPal, twitter, Spotify and other platforms.
While physical and information security professionals typically work in different departments, they need to find a common language, said Hurst. “Do you know what you have? Do you know what they are built on? What is the life-cycle management of these products and are they patched?” said Hurst. “From there you can decide whether to accept the risk.”
Though rare, some organisations have merged the physical and information security teams, said James Willison, Founder of Unified Security Ltd. “Symantec has merged their team and Barclays is building one SOC for both cyber and physical security,” he said.
All is not lost if your organisation is behind. There are measures every company can take to mitigate the risk, said the presenters at IFSEC.
“Ninety percent of breaches are due to people’s mistakes, poor configuration and maintenance,” said Steven Kenny, Business Development Manager – Architecture & Engineering (A&E) Program, Axis Communications.
“Creating a documented internal policy and increasing employee awareness is important,” said Kenny.
“Training and education is also important. You need to find a training course suitable for those in physical security,” added Hurst.
“At the end of the day, the threat isn’t going to go away. You’ve got to do the training.”
Keep up with the wireless access control market
Download this free report to find out more about:
