Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Hardening physical security against cyberattacks

Issue 1 2023 Editor's Choice, Information Security, Infrastructure

As the world becomes increasingly interconnected through the move to cloud computing and Internet of Things (IoT) devices, cyber-crime has risen steadily, along with tools to combat it. Geopolitical tensions between countries have the potential to rapidly unleash devastating cyberattacks worldwide, escalating the need to be cyber aware.

As conflicts continue and geopolitical tensions rise, public and private sector organisations must be extra vigilant and on heightened alert for malicious cyber activity targeting their networks. Borders do not exist in cyberspace and once malware is deployed, it can infect vulnerable systems worldwide.

Sneak attack

It may seem ironic that a physical security solution designed to protect people and property can provide an entry point for cybercriminals. Because these systems – video surveillance, access control, alarms, communications, and more – are increasingly connected to a range of IoT devices, networks and IT infrastructure, they can be quite vulnerable.

Security teams are regularly on the alert to ward off attacks designed to remotely stop the video feed from a camera, open or lock a door, or disrupt critical building systems, but most cyberattacks are not intended to compromise the physical safety of people or property. Instead, these attacks target applications, files and data managed by IT. An attack that originates in a camera can find its way through the network to block access to critical applications; lock and hold files for ransom; and steal personal data.

An analysis by Genetec (find it via www.securitysa.com/*genetec2) found that many security cameras offer this opening for attack, with nearly seven in ten cameras running out-of-date firmware. Genetec also found that many companies have not changed camera security passwords from the manufacturer’s default.

Cybersecurity risks hiding in physical security systems

Older security devices, especially cameras, can present a significant cyber risk. Hackers know that certain cameras are easy to take over and use as an entry point to the network. Several factors make cameras easy to breach.

• Outdated network design. Historically, security and IT technology have existed in separate worlds, creating a lag in feature and technology integration. Security devices were typically connected in a closed network design, which did not reflect the security demands of internet, Wi-Fi or cellular connections.

• Inadequate maintenance. Many aging physical security devices no longer receive updated firmware from manufacturers. Security management protocols may be similarly outdated, hearkening back to the days when security devices were part of closed systems, and may not follow cyber best practices such as frequent password changes.

• Knowledge gap. Employees who installed and managed physical security systems originally may have left the organisation, leaving a gap in knowledge about devices, configurations, and maintenance.


Closing the gaps

To determine the cyber risk of physical security systems, organisations should conduct a posture assessment, creating and maintaining an inventory of all network-connected devices and their connectivity, firmware version and configuration. As part of the assessment, they must identify models and manufacturers of concern. They should also document all users with knowledge of security devices and systems.

The review can pinpoint devices and systems needing replacement. When developing a replacement programme, organisations should prioritise strategies that support modernisation. One effective approach is to unify physical and cybersecurity devices and software on a single, open architecture platform with centralised management tools and views.

Additionally, while it is a bigger undertaking, it is highly recommended that organisations bring cybersecurity and physical security teams together to work collaboratively and proactively, so they can develop a comprehensive security programme based on a common understanding of risk, responsibilities, strategies, and practices.

Ongoing best practices

Once secure devices and protocols are in place, organisations should follow best practices to keep physical security systems safe and sound.

•Security monitoring. Ensure all network-connected physical security devices are monitored and managed by the IT tools for network and security management. Also check for features in the video management system (VMS) and access control system (ACS) that provide alerts or data for use by the IT’s network and security monitoring tools.

• Protection measures. Use secure protocols to connect devices to the network. Disable access methods that support a low level of security protection, and continually verify configurations of security features and alerts. Of course, replace default passwords with new ones, ensuring password changes on a regular schedule.

• Encryption. End-to-end encryption offers the most security to protect video streams and data as they travel from the physical security device to a management system for viewing. Also, ensure that encryption protects these files and data while in storage.

• Access defences. Strengthen the security of user and device access with a multilayer strategy that includes multifactor access authentication and defined user authorisations.

• Software updates. One management function often overlooked when cybersecurity and physical security teams are separate, is the installation of software updates and patches. Define who is responsible for maintaining awareness of available updates, and who vets, deploys and documents updates on all devices and systems.

• Supply chain. Ensure that all suppliers of hardware and software for your physical security systems – including manufacturers of components within OEM solutions -- consider cybersecurity in the development of their solutions, right from the design stage. They should communicate transparently about their possible vulnerabilities, do everything possible to remedy them, and assume their responsibilities in the event of a breach.

There is no such thing as zero risk when it comes to cybersecurity. By recognising that physical and cyber domains are interdependent, by applying best practices and implementing systematic cyber-hygiene policies, organisations can dramatically reduce risk and strengthen security, even as cyber-threats grow more sophisticated and targeted amidst global political turmoil.

For more information, contact Genetec, Quintin Roberts, +27 79 497 5129, qroberts@genetec.com, www.genetec.com


Credit(s)

Email: qroberts@genetec.com
www: www.genetec.com
Articles: More information and articles about Genetec



Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Global security in 2026
Editor's Choice News & Events Security Services & Risk Management Industrial (Industry) Mining (Industry)
The World Security Report 2026 states: “In a world of increasing volatility, physical security has evolved. It is no longer just a defensive measure; it is a critical driver of corporate value.”

Read more...
Who is to blame for autonomous mistakes?
Editor's Choice Security Services & Risk Management Industrial (Industry) Mining (Industry)
Most supply agreements for AI-integrated equipment still closely resemble plant hire contracts from ten years ago: bilateral, human-focused, and silent on who bears the risk when a machine makes a decision on its own.

Read more...
Industry perspective on industrial cybersecurity
Technews Publishing News & Events Infrastructure Industrial (Industry)
The Industrial Security Harmonization Group has released a joint industry perspective highlighting a critical truth in industrial cybersecurity: secure communication is not determined by protocols alone, but by how they are deployed and managed in real-world environments.

Read more...
Beyond the checkpoint
Veracitech Editor's Choice
For decades, mining corporations have treated employee screening as a necessary friction point, an operational cost to be managed rather than a strategic capability to be optimised. A new generation of full-body X-ray technology, purpose-built for the realities of high-throughput precious-metals environments, is beginning to change that calculus.

Read more...
Persistent surveillance with rapid deployment
Editor's Choice
Sky Robots has introduced an aerial drone system designed to operate as a consistent layer within security environments, addressing long-standing challenges around visibility and response across large or complex sites.

Read more...
The control room problem that nobody wants to talk about
Technews Publishing Editor's Choice
WhatsApp has become the unofficial backbone of security communications across the mining and industrial sectors, but it was never designed to be a security tool.

Read more...
Controlling access for people and vehicles
IDEMIA STid Security Technews Publishing Editor's Choice Access Control & Identity Management Asset Management Industrial (Industry) Mining (Industry)
When it comes to access control, the security requirements of mines and the industrial sector are similar, requiring a layered approach that combines physical barriers, digital authentication, and continuous monitoring to protect personnel, assets, and operational continuity.

Read more...
Claude Mythos wake-up call
Technews Publishing AI & Data Analytics Information Security
AI has crossed a critical cybersecurity threshold and frontier models are accelerating attack lifecycles and will enable attackers to identify and exploit vulnerabilities at scale and speed, through novel methods that were previously the domain of advanced nation-state entities.

Read more...
If you cannot prove identity, you cannot claim security
Access Control & Identity Management Information Security
Cybersecurity planning for 2026 is a structural change in how attacks are executed and how trust is exploited, demanding that companies stop layering tools on top of infrastructure and instead prioritise intelligence and identity.

Read more...
Service robot technology for residential complexes
Suprema AI & Data Analytics Infrastructure Residential Estate (Industry)
Suprema has signed a three-party memorandum of understanding (MOU) with Hyundai Motor Group Robotics LAB and Hyundai Engineering & Construction (Hyundai E&C) to collaborate on advancing residential complexes through service robot technology.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.