Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Hardening physical security against cyberattacks

Issue 1 2023 Editor's Choice, Information Security, Infrastructure

As the world becomes increasingly interconnected through the move to cloud computing and Internet of Things (IoT) devices, cyber-crime has risen steadily, along with tools to combat it. Geopolitical tensions between countries have the potential to rapidly unleash devastating cyberattacks worldwide, escalating the need to be cyber aware.

As conflicts continue and geopolitical tensions rise, public and private sector organisations must be extra vigilant and on heightened alert for malicious cyber activity targeting their networks. Borders do not exist in cyberspace and once malware is deployed, it can infect vulnerable systems worldwide.

Sneak attack

It may seem ironic that a physical security solution designed to protect people and property can provide an entry point for cybercriminals. Because these systems – video surveillance, access control, alarms, communications, and more – are increasingly connected to a range of IoT devices, networks and IT infrastructure, they can be quite vulnerable.

Security teams are regularly on the alert to ward off attacks designed to remotely stop the video feed from a camera, open or lock a door, or disrupt critical building systems, but most cyberattacks are not intended to compromise the physical safety of people or property. Instead, these attacks target applications, files and data managed by IT. An attack that originates in a camera can find its way through the network to block access to critical applications; lock and hold files for ransom; and steal personal data.

An analysis by Genetec (find it via www.securitysa.com/*genetec2) found that many security cameras offer this opening for attack, with nearly seven in ten cameras running out-of-date firmware. Genetec also found that many companies have not changed camera security passwords from the manufacturer’s default.

Cybersecurity risks hiding in physical security systems

Older security devices, especially cameras, can present a significant cyber risk. Hackers know that certain cameras are easy to take over and use as an entry point to the network. Several factors make cameras easy to breach.

• Outdated network design. Historically, security and IT technology have existed in separate worlds, creating a lag in feature and technology integration. Security devices were typically connected in a closed network design, which did not reflect the security demands of internet, Wi-Fi or cellular connections.

• Inadequate maintenance. Many aging physical security devices no longer receive updated firmware from manufacturers. Security management protocols may be similarly outdated, hearkening back to the days when security devices were part of closed systems, and may not follow cyber best practices such as frequent password changes.

• Knowledge gap. Employees who installed and managed physical security systems originally may have left the organisation, leaving a gap in knowledge about devices, configurations, and maintenance.


Closing the gaps

To determine the cyber risk of physical security systems, organisations should conduct a posture assessment, creating and maintaining an inventory of all network-connected devices and their connectivity, firmware version and configuration. As part of the assessment, they must identify models and manufacturers of concern. They should also document all users with knowledge of security devices and systems.

The review can pinpoint devices and systems needing replacement. When developing a replacement programme, organisations should prioritise strategies that support modernisation. One effective approach is to unify physical and cybersecurity devices and software on a single, open architecture platform with centralised management tools and views.

Additionally, while it is a bigger undertaking, it is highly recommended that organisations bring cybersecurity and physical security teams together to work collaboratively and proactively, so they can develop a comprehensive security programme based on a common understanding of risk, responsibilities, strategies, and practices.

Ongoing best practices

Once secure devices and protocols are in place, organisations should follow best practices to keep physical security systems safe and sound.

•Security monitoring. Ensure all network-connected physical security devices are monitored and managed by the IT tools for network and security management. Also check for features in the video management system (VMS) and access control system (ACS) that provide alerts or data for use by the IT’s network and security monitoring tools.

• Protection measures. Use secure protocols to connect devices to the network. Disable access methods that support a low level of security protection, and continually verify configurations of security features and alerts. Of course, replace default passwords with new ones, ensuring password changes on a regular schedule.

• Encryption. End-to-end encryption offers the most security to protect video streams and data as they travel from the physical security device to a management system for viewing. Also, ensure that encryption protects these files and data while in storage.

• Access defences. Strengthen the security of user and device access with a multilayer strategy that includes multifactor access authentication and defined user authorisations.

• Software updates. One management function often overlooked when cybersecurity and physical security teams are separate, is the installation of software updates and patches. Define who is responsible for maintaining awareness of available updates, and who vets, deploys and documents updates on all devices and systems.

• Supply chain. Ensure that all suppliers of hardware and software for your physical security systems – including manufacturers of components within OEM solutions -- consider cybersecurity in the development of their solutions, right from the design stage. They should communicate transparently about their possible vulnerabilities, do everything possible to remedy them, and assume their responsibilities in the event of a breach.

There is no such thing as zero risk when it comes to cybersecurity. By recognising that physical and cyber domains are interdependent, by applying best practices and implementing systematic cyber-hygiene policies, organisations can dramatically reduce risk and strengthen security, even as cyber-threats grow more sophisticated and targeted amidst global political turmoil.

For more information, contact Genetec, Quintin Roberts, +27 79 497 5129, qroberts@genetec.com, www.genetec.com


Credit(s)

Email: qroberts@genetec.com
www: www.genetec.com
Articles: More information and articles about Genetec



Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Who are you?
Access Control & Identity Management Information Security
Who are you? This question may seem strange, but it can only be answered accurately by implementing an Identity and Access Management (IAM) system, a crucial component of any company’s security strategy.

Read more...
Check Point launches African Perspectives on Cybersecurity report
News & Events Information Security
Check Point Software Technologies released its African Perspectives on Cybersecurity Report 2025, revealing a sharp rise in attacks across the continent and a major shift in attacker tactics driven by artificial intelligence

Read more...
Smarter investigations in Security Center SaaS
Genetec Surveillance
Genetec has announced new intelligent automation (IA)-powered investigation capabilities in Security Center SaaS to help operators quickly locate video evidence, understand the context surrounding an event, and close cases in minutes.

Read more...
What is your ‘real’ security posture?
BlueVision Editor's Choice Information Security Infrastructure AI & Data Analytics
Many businesses operate under the illusion that their security controls, policies, and incident response plans will hold firm when tested by cybercriminals, but does this mean you are really safe?

Read more...
What is your ‘real’ security posture? (Part 2)
BlueVision Editor's Choice Information Security Infrastructure
In the second part of this series of articles from BlueVision, we explore the human element: social engineering and insider threats and how red teaming can expose and remedy them.

Read more...
IQ and AI
Leaderware Editor's Choice Surveillance AI & Data Analytics
Following his presentation at the Estate Security Conference in October, Craig Donald delves into the challenge of balancing human operator ‘IQ’ and AI system detection within CCTV control rooms.

Read more...
Onsite AI avoids cloud challenges
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure AI & Data Analytics
Most AI programs today depend on constant cloud connections, which can be a liability for companies operating in secure or high-risk environments. That reliance exposes sensitive data to external networks, but also creates a single point of failure if connectivity drops.

Read more...
Toxic combinations
Editor's Choice
According to Panaseer’s latest research, 70% of major breaches are caused by toxic combinations: overlapping risks that compound and amplify each other, forming a critical vulnerability to be exploited.

Read more...
Kaspersky finds security flaws that threaten vehicle safety.
News & Events Information Security Transport (Industry)
At its Security Analyst Summit 2025, Kaspersky presented the results of a security audit that exposed a significant security flaw enabling unauthorised access to all connected vehicles of one automotive manufacturer.

Read more...
GenAI fraud forcing banks to shift from identity to intent
AI & Data Analytics Information Security Financial (Industry)
The complexity and velocity of modern fraud schemes, from deepfakes to fraud and scams involving social engineering, demand more than just investment in new tools; they need adaptability and expanding the security net.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.