Cybersecure Physical Security High on End Users’ Radar

A majority of organizations say that cybersecurity is the primary challenge when it comes to managing employee and visitor safety.

Cybersecure Physical Security High on End Users’ Radar

Systems integrators have an opportunity to engage business stakeholders and help mitigate concerns around cybersecurity and responsible use of the network.

Genetec recently conducted a survey of more than 3,700 physical security leaders from around the world for the third annual State of Physical Security report. The report revealed the top considerations, concerns and trends in the physical security industry. A recurring theme was the increased emphasis on the cybersecurity of physical security systems.

Cybersecurity has become a top priority for physical security leaders worldwide. Driving this shift is the increase in remote work along with the adoption of Cloud-based technologies and Internet of Things (IoT) devices. Likewise, there’s growing involvement of information technology (IT) personnel in decision-making related to physical security technologies. Teams are collaborating to ensure the cyber resiliency of their network.

Key learnings from the report related to cybersecurity include:

  • Almost half of those surveyed had implemented enhanced cybersecurity strategies in the past year.
  • More than a third are looking to invest in cybersecurity tools to improve their physical security environment in the next 12 months.
  • Increasingly, security departments are teaming up with internal and external IT and cybersecurity experts to devise new methods to implement and maintain a strong cybersecurity strategy.

Based on the results of the survey, systems integrators have an opportunity to engage business stakeholders and help mitigate concerns around cybersecurity and responsible use of the network.

Remote Working Drives Cloud

The shift to remote and hybrid work has brought cybersecurity concerns to the forefront. Remote work reduced corporate control over the technology infrastructure used by employees and disrupted tried-and-true firewalls and intranet access controls.

Increased remote work forced businesses to rethink how they assess cybersecurity risk. Remote workers can be located anywhere outside the organization. In addition to home offices, public spaces such as libraries, coffee shops, and other locations that offer public WiFi have become common remote work environments.

cybersecure-chart1

Figure 1.

IT departments must contend with new potential vulnerabilities. For example, an employee might have an infected computer or IP security camera at home. While connected to a public network, someone may download files from suspicious sources, or the network might not have the same security measures in place.

As pandemic restrictions have eased, remote work has declined. Despite this, the top challenge faced by all respondents when managing employee and visitor safety remained cybersecurity. Of all respondents, 49% indicated that an improved cybersecurity strategy had been activated by their organization this year (see Figure 1).

Key Cybersecurity Targets

As Figure 2 indicates, most companies today are focusing cybersecurity efforts on access control (40%), cyber-hardening of security software (39%), and strong password protection (37%).

cybersecurity-fig2

Figure 2.

It makes sense that cybersecurity of access control is an increased priority for many companies today. The technology and hardware used by legacy access control systems often don’t have the cyber resilience of modern systems and may have known vulnerabilities.

Even though vulnerabilities are well known, the cost of replacing access control systems is often seen as significant — especially for larger companies.

To alleviate some of that cost, customers can consider an open-architecture system. It allows them to transition from a legacy system to a modern system in phases. They can possibly even use some existing hardware and not replace their entire system. Likewise, an open-architecture system allows organizations to take advantage of new access control technologies as they develop.

Combination of Physical Security & IT

In addition to highlighting where cybersecurity efforts are focused, the survey also indicated an increased collaboration between physical security and IT teams.

Physical security and cybersecurity are no longer separate domains. IT departments are getting much more involved on the physical security side of things. And physical security teams are becoming more aware of cybersecurity principles.

This can even translate into employee policies. For example, modern cybersecurity solutions are increasingly taking security fatigue into account. Password policies that require employees to change passwords often introduce frustration because it makes it hard for people to remember their passwords. As a result, many people reuse passwords or use the same root password.

This underscores the importance of multifactor authentications, using either something you know, something you have, or something you are. Techniques include one-time password (OTP) authentication, hardware token or biometric profile. Physical security and IT teams can help implement a better approach to help prevent compromised password attacks.

Yet, even with these safeguards and policies in place, there are ever-evolving ways a system can be compromised. A “zero-trust” philosophy is key. This means trust nothing without verification. Organizations can’t rely on a singular measure to ensure protection against cyberattacks. Multiple layers of protection are best. That way the system remains resilient even if one element is compromised.

Benefits of Cloud Solutions

The State of Physical Security report also found the perception of Cloud technology (see Figure 3) among security professionals remains conservative. The physical security industry is still somewhat behind other industries in its adoption of the Cloud.

cybersecurity-figure3

Figure 3.

Often customers see offline systems as more secure. The perceived cybersecurity risks of the Cloud were ranked as the most prominent reason for slowing Cloud adoption. This could be viewed as a somewhat self-fulfilling barrier and isn’t necessarily the case.

Systems that are housed and managed on-premises must be secured and defended from cyber threats using internal resources. With a Cloud solution, the software provider assumes part of the responsibility. Cloud solutions have the benefit of the collective knowledge of the solution provider. This can often offer better security, as the provider is well versed, and even has assessments and audits attesting to their cybersecurity acumen.

As more customers learn the cybersecurity measures in place for Cloud-based solutions, there’s beginning to be a shift toward hybrid solutions. These combine the best of on-premises and Cloud.

Most end-user respondents (82%) surveyed indicated they mainly stored video footage in on-premises storage devices. Just 6% indicated they use either public or private Cloud for this purpose.

Almost two-thirds of all respondents, however, indicated that their organization will move to managing or storing more of their physical security data in the Cloud over the next two years.

cybersecurity-figure4

Figure 4.

As Figure 4 indicates, while over 76% said that 0%-25% of their system is currently Cloud or hybrid-Cloud, in excess of half of end users indicated they were moving towards a blend of on-prem and Cloud-based solutions. This compares to 28% who planned to move everything to the Cloud (see Figure 5). Just 18% of those surveyed said they had no plans to adopt Cloud-based solutions.

All things point to hybrid-Cloud deployments being the way forward for enterprises so they can rationalize their costs, concerns and approach to migrating to the Cloud.

The bigger the organization, the more friction is involved in keeping systems secure from cyber threats. Updating passwords on 10 cameras is one thing, but many organizations today now have hundreds or even thousands of cameras connected to their video management system (VMS). Strategies that can automate the process of rotating camera passwords, batch updating firmware and managing SSL certificates can improve security.

cybersecruity-figure5

Figure 5.

Using a Cloud-based solution, teams can see a reduction in time-consuming tasks such as monitoring for cybersecurity threats, patching vulnerabilities, updating software and managing certificate lifecycles.

New Challenges & Opportunities

The growth of physical security networked connected devices has increased not only the potential attack surface but the overall visibility of cybersecurity threats in the physical security space. Now, physical security and IT teams have overlapping goals and can often unite to provide a strong defense against attacks.

With cyberattacks increasing, organizations are looking to implement effective measures. You can help in that process by collaborating with your customer’s physical security and IT teams to develop a coordinated strategy for hardening systems. Choose solution partners that put a strong emphasis on cybersecurity as well.

These trends present new challenges, but also many exciting opportunities for you to share expertise and develop deeper, long-term relationships with customers.

Matthew Fabian is National Director, Sales Engineering – U.S., for Genetec.

 

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters