Cybersecurity in the physical security world

Issue 4 2021 Editor's Choice, Information Security, Integrated Solutions, Infrastructure

Hi-Tech Security Solutions hosted a round table discussion in partnership with Milestone Systems on the topic of cybersecurity in the physical security world. A panel of experts from various companies in the cyber, physical security and IoT (Internet of Things) markets was asked to discuss what the real cyber risks we face today are, as well as looking at best practices for dealing with them efficiently without hampering the value and intelligence these systems deliver.

The reason for this particular topic is that security products today are more advanced and more connected than ever before and are basically lumped into the same category as any IoT device – albeit devices with far more technology and capabilities than traditional IoT devices. These devices, however, transmit more information than most IoT devices, especially when it comes to surveillance. This means they are just as vulnerable as your laptop, servers and mobile phones, but without the protection these devices have come to accept as normal. This lack of protection makes these security and IoT devices especially vulnerable if not designed, installed and maintained correctly.


Naturally, we are seeing leading manufacturers of physical security hardware and software putting much more effort into designing security into their solutions, but just like any technology, there is no 100% guarantee that these systems are cyber secure. In addition, just because security is built in on the manufacturing side does not mean users can use them without a care. Security requires everyone to play their role in securing devices, networks and so forth, from the manufacturer to the system integrator as well as the customer and the end users themselves.

The main trends

To start off, we asked each person on the panel to introduce themselves and highlight what, from the perspective of their business focus, the main trends in cybersecurity they have observed and experienced out in the field are.

George Psoulis, sales manager, Africa for Milestone Systems, noted that there is a definite drive to incorporating edge devices (devices at the edge of the network) into management platforms, or to be more accurate, to bring in the vast amounts of data created by these devices into management platforms for analysis and processing. While Milestone develops an open VMS that allows partners to develop almost any plug-ins, the platform is increasingly being used to cater for non-video data and even non-security data. In this respect, he confirms that security devices such as cameras are also being viewed as IoT devices.

With all this data being integrated from local and wide-area networks, Psoulis says there is a great need for cybersecurity to ensure the devices are not hacked and infiltrated by cybercriminals. The real threat in these cases is not so much losing a device, but that it can be used to infiltrate corporate networks to steal information or launch a ransomware attack and commit other nefarious activities.

Ian Shak is the principal solutions architect and information officer at Saicom, a company that offers VoIP (voice-over-IP) and a range of hosted and cloud solutions. The company has long been working on securing VoIP systems, but he says that today there is a more intense focus on the area of compliance, especially PoPIA in South Africa. While compliance is, as Shak notes, seen as the more boring cousin of security, it is a necessary step in making both service providers and consumers more secure.

Charl Ueckermann, CEO, AVeS Cyber Security, sees ‘virtual anywhere’ as the most pressing cybersecurity problem at the moment. With people being dispersed all over the world, especially during lockdowns where remote work surged in a very short period of time and there is a significant problem of not having the necessary security layers in place to protect people and companies from the risks out there. The lack of the relevant layers of security is one of the causes for the surge we’ve seen in ransomware attacks over the past year.

Marcel Bruyns, sales manager, Africa for Axis Communications, notes that although people generally recognise Axis as the IP camera company, it has been expanding its focus over the past few years into areas such as access control and audio solutions. He adds to what Psoulis said, noting that surveillance cameras are no longer only being used for transmitting video, today there are many applications that can be loaded and run directly on the camera, as well as a variety of information that can be sent back to servers and management platforms.

Moreover, Bruyns adds that along with the growth of artificial intelligence (AI) and the intelligence that can be extracted from video footage, there is also the trend to storing this information in the cloud and this opens another pathway through which people can gain access to devices and the network, as well as the information that is being generated and transmitted.

Richard Frost, head of product for network and endpoint security at Vox, says that while the company has specialised in networking from an IT and communications perspective in the past, Vox is seeing many more IoT devices on networks and has launched its own IoT division that incorporates products and services for a variety of needs. It covers a range of products in its IoT endeavours, from surveillance cameras to elder care (panic buttons etc.).

In its cybersecurity services to clients, Vox has done penetration testing on client networks and Frost says there are a number of instances in which they found unsecured surveillance cameras, allowing the testers to access the cameras and view the footage being recorded and even get into the company’s network. As noted, cameras today contain much more data than ever before in terms of video and analytical information, making them critical information assets.

This has a direct impact on PoPIA preparedness in companies as people’s personal information, such as their faces and even the ability to identify people by facial recognition could be compromised by unsecured cameras and insecure links to cloud servers, for example.

Dévique Barkley is a specialist engineer heading up the security department at Cipher Engineering, a company specialising in physical security and safety projects, including automation.

The risks he has seen are varied, but often are the result of integration between security products. In the effort to gain more useable information for security decision makers, integration is critical to be able to collect and collate data from various systems. The problem, Barkley says, is that in the integration process one often places different security processes and users and roles (user permissions) into the same server, which tend to create vulnerabilities unless each user and his/her permissions are evaluated according to what they and the organisation actually require.

In addition, while we are all aware of phishing emails that are used to try to persuade people to click on a link and enter personal information or open an attachment which loads malware onto the user’s system, Barkley says there is also a problem of how people are exploited to get past physical barriers and gain access to physical switches and other critical equipment, which means that simply by being in a certain location (which should be a secure location) these individuals have managed to bypass many of your cybersecurity controls.


There were many more questions and discussion points during the round table discussion and readers are invited to view the full video at www.securitysa.com/*CyberRT (a redirect to www.youtube.com/watch?v=0nNdblXw5BI). Alternatively, simply scan the QR code on this page with your mobile device and it will take you to the YouTube video.

For more information contact:

• Milestone Systems, +27 82 377 0415, gep@milestonesys.com, www.milestonesys.com

• AVeS Cyber Security, +27 11 475 2407, info@aves.co.za , www.aves.co.za

• Axis Communications, +27 11 548 6780, terri.miller@axis.com, www.axis.com

• Cipher Engineering, devique@ciphereng.co.za, www.ciphereng.co.za

• Saicom, +27 10 140 5000, ians@saicom.io, www.saicom.io

• Vox, +27 87 805 0000, info@voxtelecom.co.za, www.vox.co.za


Credit(s)








Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Surveillance on the perimeter
Axis Communications SA Hikvision South Africa Technews Publishing Editor's Choice Perimeter Security, Alarms & Intruder Detection
Cameras have long been a feature in perimeter security, with varying reports of success and failure, often dependent on the cameras’ planning, installation and configuration, as well as their integration with other perimeter solutions and centralised management platforms.

Read more...
Onyyx wireless alarm
Technews Publishing Editor's Choice Smart Home Automation
IDS has introduced Onyyx, a wireless alarm system engineered to provide complete system control via the Onyyx app or keyring, as well as seamless installation.

Read more...
Visual verification raises the security game
Videofied SA Technews Publishing Editor's Choice Perimeter Security, Alarms & Intruder Detection
Incorporating alarm signals with live surveillance footage, visual verification enables a human observer in a control room (onsite or offsite) to gain a clear understanding of the situation, thereby facilitating informed decision-making.

Read more...
The AX Hybrid PRO Series offers reliable wired and wireless protection
Hikvision South Africa Editor's Choice Perimeter Security, Alarms & Intruder Detection Products & Solutions
Hikvision has announced the launch of a new AX Hybrid PRO alarm system with innovative Hikvision ‘Speed-X’ transmission technology. This system offers reliable wired protection while delivering expanded flexibility with seamless wireless integration.

Read more...
Intrusion Selection Guide 2024
Technews Publishing Perimeter Security, Alarms & Intruder Detection
The Intrusion Selection Guide 2024 includes the latest products and solutions aimed at small, medium, and large operations that require reliable, easy-to-install, set-up, and use intruder detection technology that reduces false alarms but never misses an actual event.

Read more...
Perimeter Selection Guide
Technews Publishing Perimeter Security, Alarms & Intruder Detection
The Perimeter Selection Guide 2024 includes the latest products, solutions, and management platforms for small, medium, and large operations that require reliable, durable, and integrated perimeter security solutions.

Read more...
Advanced Perimeter Intrusion Detection Systems
XtraVision OPTEX Technews Publishing Modular Communications Perimeter Security, Alarms & Intruder Detection Integrated Solutions Products & Solutions
Making full use of fibre installations around the perimeter by adding Perimeter Intrusion Detection Systems means you can easily add another layer of security to existing surveillance and fencing systems.

Read more...
A critical component of perimeter security
Nemtek Electric Fencing Products Gallagher Technews Publishing Stafix Editor's Choice Perimeter Security, Alarms & Intruder Detection Integrated Solutions
Electric fences are standard in South Africa, but today, they also need to be able to integrate with other technologies and become part of a broader perimeter security solution.

Read more...
SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...