Most physical security experts have not known much about cyber security. However, as physical security continues to merge with the IP world, cyber security training should be on the agenda for each and every one of us.
Google Australia recently felt the pain of using security technicians who were not trained in cyber security. Google’s Wharf 7 office was hacked using default login credentials to gain control of the building’s access control system. The company that had installed the system connected it to the Internet to allow for remote access, but it left the administrator login as the default. Researchers easily hacked into the system and gained access to confidential floor plans and control of all the doors.
It is an embarrassment for the physical security industry, but how can we prevent this from happening again?
You do not have to connect everything to the Internet. I have been to countless sites that have devices connected to a network or to the Internet simply because they can be connected. The end user may never access the system remotely, but the integrator (with every good intentions) connected it to the network anyway. If the client does not need remote access or decides not to use it, disconnect the system from the network.
Keep the software up to date. Google’s access control system was easily hacked because of a flaw in the software that prevented anyone from changing the system’s default password. However, the ultimate failure in this case was not the default password lock, but the fact that there was a software patch to fix the flaw. The patch, of course, had not been installed. Keeping software up to date is a critical yet simple step in protecting against cybercrime.
Communicate with IT. Communicate with your client’s IT staff. Many security professionals avoid this step. It is not out of ignorance but out of intimidation. In-house IT professionals have a wealth of knowledge. Some will gladly share their knowledge with you, while others will not. But it never hurts to ask. Let them know what you are doing, and ask if there are any specific security measures their organization uses. Educate yourself on the most common Internet security practices, so that you will be able to follow the conversation. In doing so, you will earn their trust. If a hack should ever occur, they will have confidence that you are not to blame.
As physical and digital security continue to overlap, integrators and installers need to educate themselves on the basics of cyber security. By developing installation practices built around cyber security, along with a simple understanding of the threats, physical security professionals can avoid being embarrassed by events like this one.
Related post:
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
