Cybersecurity in the physical security world

Issue 4 2021 Editor's Choice, Cyber Security, Integrated Solutions, IT infrastructure

Hi-Tech Security Solutions hosted a round table discussion in partnership with Milestone Systems on the topic of cybersecurity in the physical security world. A panel of experts from various companies in the cyber, physical security and IoT (Internet of Things) markets was asked to discuss what the real cyber risks we face today are, as well as looking at best practices for dealing with them efficiently without hampering the value and intelligence these systems deliver.

The reason for this particular topic is that security products today are more advanced and more connected than ever before and are basically lumped into the same category as any IoT device – albeit devices with far more technology and capabilities than traditional IoT devices. These devices, however, transmit more information than most IoT devices, especially when it comes to surveillance. This means they are just as vulnerable as your laptop, servers and mobile phones, but without the protection these devices have come to accept as normal. This lack of protection makes these security and IoT devices especially vulnerable if not designed, installed and maintained correctly.


Naturally, we are seeing leading manufacturers of physical security hardware and software putting much more effort into designing security into their solutions, but just like any technology, there is no 100% guarantee that these systems are cyber secure. In addition, just because security is built in on the manufacturing side does not mean users can use them without a care. Security requires everyone to play their role in securing devices, networks and so forth, from the manufacturer to the system integrator as well as the customer and the end users themselves.

The main trends

To start off, we asked each person on the panel to introduce themselves and highlight what, from the perspective of their business focus, the main trends in cybersecurity they have observed and experienced out in the field are.

George Psoulis, sales manager, Africa for Milestone Systems, noted that there is a definite drive to incorporating edge devices (devices at the edge of the network) into management platforms, or to be more accurate, to bring in the vast amounts of data created by these devices into management platforms for analysis and processing. While Milestone develops an open VMS that allows partners to develop almost any plug-ins, the platform is increasingly being used to cater for non-video data and even non-security data. In this respect, he confirms that security devices such as cameras are also being viewed as IoT devices.

With all this data being integrated from local and wide-area networks, Psoulis says there is a great need for cybersecurity to ensure the devices are not hacked and infiltrated by cybercriminals. The real threat in these cases is not so much losing a device, but that it can be used to infiltrate corporate networks to steal information or launch a ransomware attack and commit other nefarious activities.

Ian Shak is the principal solutions architect and information officer at Saicom, a company that offers VoIP (voice-over-IP) and a range of hosted and cloud solutions. The company has long been working on securing VoIP systems, but he says that today there is a more intense focus on the area of compliance, especially PoPIA in South Africa. While compliance is, as Shak notes, seen as the more boring cousin of security, it is a necessary step in making both service providers and consumers more secure.

Charl Ueckermann, CEO, AVeS Cyber Security, sees ‘virtual anywhere’ as the most pressing cybersecurity problem at the moment. With people being dispersed all over the world, especially during lockdowns where remote work surged in a very short period of time and there is a significant problem of not having the necessary security layers in place to protect people and companies from the risks out there. The lack of the relevant layers of security is one of the causes for the surge we’ve seen in ransomware attacks over the past year.

Marcel Bruyns, sales manager, Africa for Axis Communications, notes that although people generally recognise Axis as the IP camera company, it has been expanding its focus over the past few years into areas such as access control and audio solutions. He adds to what Psoulis said, noting that surveillance cameras are no longer only being used for transmitting video, today there are many applications that can be loaded and run directly on the camera, as well as a variety of information that can be sent back to servers and management platforms.

Moreover, Bruyns adds that along with the growth of artificial intelligence (AI) and the intelligence that can be extracted from video footage, there is also the trend to storing this information in the cloud and this opens another pathway through which people can gain access to devices and the network, as well as the information that is being generated and transmitted.

Richard Frost, head of product for network and endpoint security at Vox, says that while the company has specialised in networking from an IT and communications perspective in the past, Vox is seeing many more IoT devices on networks and has launched its own IoT division that incorporates products and services for a variety of needs. It covers a range of products in its IoT endeavours, from surveillance cameras to elder care (panic buttons etc.).

In its cybersecurity services to clients, Vox has done penetration testing on client networks and Frost says there are a number of instances in which they found unsecured surveillance cameras, allowing the testers to access the cameras and view the footage being recorded and even get into the company’s network. As noted, cameras today contain much more data than ever before in terms of video and analytical information, making them critical information assets.

This has a direct impact on PoPIA preparedness in companies as people’s personal information, such as their faces and even the ability to identify people by facial recognition could be compromised by unsecured cameras and insecure links to cloud servers, for example.

Dévique Barkley is a specialist engineer heading up the security department at Cipher Engineering, a company specialising in physical security and safety projects, including automation.

The risks he has seen are varied, but often are the result of integration between security products. In the effort to gain more useable information for security decision makers, integration is critical to be able to collect and collate data from various systems. The problem, Barkley says, is that in the integration process one often places different security processes and users and roles (user permissions) into the same server, which tend to create vulnerabilities unless each user and his/her permissions are evaluated according to what they and the organisation actually require.

In addition, while we are all aware of phishing emails that are used to try to persuade people to click on a link and enter personal information or open an attachment which loads malware onto the user’s system, Barkley says there is also a problem of how people are exploited to get past physical barriers and gain access to physical switches and other critical equipment, which means that simply by being in a certain location (which should be a secure location) these individuals have managed to bypass many of your cybersecurity controls.


There were many more questions and discussion points during the round table discussion and readers are invited to view the full video at www.securitysa.com/*CyberRT (a redirect to www.youtube.com/watch?v=0nNdblXw5BI). Alternatively, simply scan the QR code on this page with your mobile device and it will take you to the YouTube video.

For more information contact:

• Milestone Systems, +27 82 377 0415, [email protected], www.milestonesys.com

• AVeS Cyber Security, +27 11 475 2407, [email protected] , www.aves.co.za

• Axis Communications, +27 11 548 6780, [email protected], www.axis.com

• Cipher Engineering, [email protected], www.ciphereng.co.za

• Saicom, +27 10 140 5000, [email protected], www.saicom.io

• Vox, +27 87 805 0000, [email protected], www.vox.co.za


Credit(s)








Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cyber resilience is more than cybersecurity
Technews Publishing Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

Read more...
Compact, lightweight bullet cameras with support for analytics
Axis Communications SA Products CCTV, Surveillance & Remote Monitoring
Axis Communications announced two new outdoor-ready bullet-style cameras featuring deep-learning processing units for analytics based on deep learning on the edge.

Read more...
A key to urban transport challenges
Axis Communications SA Transport (Industry) CCTV, Surveillance & Remote Monitoring Integrated Solutions Logistics (Industry)
There are many enabling technologies that can impact transportation in South Africa, but a good place to start is by considering the applications for smart physical technology with the ability to collect and respond to data.

Read more...
From the editor's desk: Security and resilience
Technews Publishing News
It’s often said that South Africans are a resilient bunch, and history has proven this correct. When it comes to security, both cyber and physical, resilience is key to an effective defensive plan. ...

Read more...
Hikvision aims for solutions
Technews Publishing Hikvision South Africa Editor's Choice CCTV, Surveillance & Remote Monitoring News Integrated Solutions Conferences & Events
Hikvision recently held a roadshow titled Industry X, where the company highlighted its latest products and solutions, supported by partners and distributors.

Read more...
ADI Expo returns to South Africa
Technews Publishing ADI Global Distribution News
September saw the return of the ADI Expo to South Africa. The Johannesburg event was held at the Focus Rooms and the Durban event, two days later, at the Southern Sun Elangeni & Maharani.

Read more...
Technoswitch Awards dinner for 2022
Technews Publishing News Fire & Safety
Technoswitch hosted its fifth awards dinner at Montecasino in September, where customers and suppliers celebrated a year of success.

Read more...
Reliable, low-maintenance video appliances
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring News IT infrastructure Products
Symetrix, part of the Agera Group, has added the AES range of video recording servers, storage appliances and workstations to its portfolio.

Read more...
Technology and the future of security installation in South Africa
Editor's Choice Integrated Solutions Security Services & Risk Management
What are the technologies and trends shaping installation, service and maintenance teams globally, and how will they shape South African businesses today and in the future?

Read more...
Upgraded security and AI monitoring at upmarket estate
Watcher Surveillance Solutions Editor's Choice CCTV, Surveillance & Remote Monitoring Integrated Solutions Residential Estate (Industry)
Estate upgrades and enhances its security through a partnership between surveillance specialist Watcher and the incumbent guarding company.

Read more...