Cybersecurity in the physical security world

Issue 4 2021 Editor's Choice, Information Security, Integrated Solutions, Infrastructure

Hi-Tech Security Solutions hosted a round table discussion in partnership with Milestone Systems on the topic of cybersecurity in the physical security world. A panel of experts from various companies in the cyber, physical security and IoT (Internet of Things) markets was asked to discuss what the real cyber risks we face today are, as well as looking at best practices for dealing with them efficiently without hampering the value and intelligence these systems deliver.

The reason for this particular topic is that security products today are more advanced and more connected than ever before and are basically lumped into the same category as any IoT device – albeit devices with far more technology and capabilities than traditional IoT devices. These devices, however, transmit more information than most IoT devices, especially when it comes to surveillance. This means they are just as vulnerable as your laptop, servers and mobile phones, but without the protection these devices have come to accept as normal. This lack of protection makes these security and IoT devices especially vulnerable if not designed, installed and maintained correctly.

Naturally, we are seeing leading manufacturers of physical security hardware and software putting much more effort into designing security into their solutions, but just like any technology, there is no 100% guarantee that these systems are cyber secure. In addition, just because security is built in on the manufacturing side does not mean users can use them without a care. Security requires everyone to play their role in securing devices, networks and so forth, from the manufacturer to the system integrator as well as the customer and the end users themselves.

The main trends

To start off, we asked each person on the panel to introduce themselves and highlight what, from the perspective of their business focus, the main trends in cybersecurity they have observed and experienced out in the field are.

George Psoulis, sales manager, Africa for Milestone Systems, noted that there is a definite drive to incorporating edge devices (devices at the edge of the network) into management platforms, or to be more accurate, to bring in the vast amounts of data created by these devices into management platforms for analysis and processing. While Milestone develops an open VMS that allows partners to develop almost any plug-ins, the platform is increasingly being used to cater for non-video data and even non-security data. In this respect, he confirms that security devices such as cameras are also being viewed as IoT devices.

With all this data being integrated from local and wide-area networks, Psoulis says there is a great need for cybersecurity to ensure the devices are not hacked and infiltrated by cybercriminals. The real threat in these cases is not so much losing a device, but that it can be used to infiltrate corporate networks to steal information or launch a ransomware attack and commit other nefarious activities.

Ian Shak is the principal solutions architect and information officer at Saicom, a company that offers VoIP (voice-over-IP) and a range of hosted and cloud solutions. The company has long been working on securing VoIP systems, but he says that today there is a more intense focus on the area of compliance, especially PoPIA in South Africa. While compliance is, as Shak notes, seen as the more boring cousin of security, it is a necessary step in making both service providers and consumers more secure.

Charl Ueckermann, CEO, AVeS Cyber Security, sees ‘virtual anywhere’ as the most pressing cybersecurity problem at the moment. With people being dispersed all over the world, especially during lockdowns where remote work surged in a very short period of time and there is a significant problem of not having the necessary security layers in place to protect people and companies from the risks out there. The lack of the relevant layers of security is one of the causes for the surge we’ve seen in ransomware attacks over the past year.

Marcel Bruyns, sales manager, Africa for Axis Communications, notes that although people generally recognise Axis as the IP camera company, it has been expanding its focus over the past few years into areas such as access control and audio solutions. He adds to what Psoulis said, noting that surveillance cameras are no longer only being used for transmitting video, today there are many applications that can be loaded and run directly on the camera, as well as a variety of information that can be sent back to servers and management platforms.

Moreover, Bruyns adds that along with the growth of artificial intelligence (AI) and the intelligence that can be extracted from video footage, there is also the trend to storing this information in the cloud and this opens another pathway through which people can gain access to devices and the network, as well as the information that is being generated and transmitted.

Richard Frost, head of product for network and endpoint security at Vox, says that while the company has specialised in networking from an IT and communications perspective in the past, Vox is seeing many more IoT devices on networks and has launched its own IoT division that incorporates products and services for a variety of needs. It covers a range of products in its IoT endeavours, from surveillance cameras to elder care (panic buttons etc.).

In its cybersecurity services to clients, Vox has done penetration testing on client networks and Frost says there are a number of instances in which they found unsecured surveillance cameras, allowing the testers to access the cameras and view the footage being recorded and even get into the company’s network. As noted, cameras today contain much more data than ever before in terms of video and analytical information, making them critical information assets.

This has a direct impact on PoPIA preparedness in companies as people’s personal information, such as their faces and even the ability to identify people by facial recognition could be compromised by unsecured cameras and insecure links to cloud servers, for example.

Dévique Barkley is a specialist engineer heading up the security department at Cipher Engineering, a company specialising in physical security and safety projects, including automation.

The risks he has seen are varied, but often are the result of integration between security products. In the effort to gain more useable information for security decision makers, integration is critical to be able to collect and collate data from various systems. The problem, Barkley says, is that in the integration process one often places different security processes and users and roles (user permissions) into the same server, which tend to create vulnerabilities unless each user and his/her permissions are evaluated according to what they and the organisation actually require.

In addition, while we are all aware of phishing emails that are used to try to persuade people to click on a link and enter personal information or open an attachment which loads malware onto the user’s system, Barkley says there is also a problem of how people are exploited to get past physical barriers and gain access to physical switches and other critical equipment, which means that simply by being in a certain location (which should be a secure location) these individuals have managed to bypass many of your cybersecurity controls.

There were many more questions and discussion points during the round table discussion and readers are invited to view the full video at*CyberRT (a redirect to Alternatively, simply scan the QR code on this page with your mobile device and it will take you to the YouTube video.

For more information contact:

• Milestone Systems, +27 82 377 0415,,

• AVeS Cyber Security, +27 11 475 2407, ,

• Axis Communications, +27 11 548 6780,,

• Cipher Engineering,,

• Saicom, +27 10 140 5000,,

• Vox, +27 87 805 0000,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Digital transformation in mines
NEC XON Technews Publishing Mining (Industry)
Digital transformation has been hyped to death, but is a reality all companies in all industries need to address, including the mining sector. BCX and NEC XON weigh in on the challenges mines face.

Fire safety in mining
Technews Publishing Mining (Industry)
Clinton Hodgson, Head of the Industrial Fire & Life Safety Division at FS Systems International, provides SMART Security Solutions with his insights into fire safety risks and solutions as they pertain to the mining industry.

Cybersecurity in mining
Technews Publishing Mining (Industry)
One does not usually associate mining with cybersecurity, but as big technology users (including some legacy technology that was not designed for cyber risks), mines are at risk from cyber threats in several areas.

Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Mines require proof of performance
Technews Publishing Mining (Industry)
The relatively hostile environment and remote locations of mining establishments mean that any electronic/technical implementations have to be easily installed, require little or no maintenance and, once commissioned, require no adjustment.

Eight MP dome for harsh environments
Axis Communications SA Surveillance Products & Solutions
Axis Communications announced a marine-grade stainless steel camera that offers performance in harsh environments. Enclosed in an electropolished stainless steel casing, it can withstand the corrosive effects of seawater and cleaning chemicals.

From the Editor's Desk: Something old and something new
Technews Publishing News & Events
      Welcome to the 2024 edition of SMART Security Solutions’ Mining Handbook. Mining is a challenging industry for security professionals, although security is a challenge on this continent, no matter your ...

Enhance control rooms with surveillance and intelligence
Leaderware Editor's Choice Surveillance Mining (Industry)
Dr Craig Donald advocates the use of intelligence and smart surveillance to assist control rooms in dealing with the challenges of the size and dispersed nature common in all mining environments.

A long career in mining security
Technews Publishing Editor's Choice Security Services & Risk Management Mining (Industry)
Nash Lutchman recently retired from a security and law enforcement career, initially as a police officer, and for the past 16 years as a leader of risk and security operations in the mining industry.