Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Hardening physical security against cyberattacks

Issue 1 2023 Editor's Choice, Information Security, Infrastructure

As the world becomes increasingly interconnected through the move to cloud computing and Internet of Things (IoT) devices, cyber-crime has risen steadily, along with tools to combat it. Geopolitical tensions between countries have the potential to rapidly unleash devastating cyberattacks worldwide, escalating the need to be cyber aware.

As conflicts continue and geopolitical tensions rise, public and private sector organisations must be extra vigilant and on heightened alert for malicious cyber activity targeting their networks. Borders do not exist in cyberspace and once malware is deployed, it can infect vulnerable systems worldwide.

Sneak attack

It may seem ironic that a physical security solution designed to protect people and property can provide an entry point for cybercriminals. Because these systems – video surveillance, access control, alarms, communications, and more – are increasingly connected to a range of IoT devices, networks and IT infrastructure, they can be quite vulnerable.

Security teams are regularly on the alert to ward off attacks designed to remotely stop the video feed from a camera, open or lock a door, or disrupt critical building systems, but most cyberattacks are not intended to compromise the physical safety of people or property. Instead, these attacks target applications, files and data managed by IT. An attack that originates in a camera can find its way through the network to block access to critical applications; lock and hold files for ransom; and steal personal data.

An analysis by Genetec (find it via www.securitysa.com/*genetec2) found that many security cameras offer this opening for attack, with nearly seven in ten cameras running out-of-date firmware. Genetec also found that many companies have not changed camera security passwords from the manufacturer’s default.

Cybersecurity risks hiding in physical security systems

Older security devices, especially cameras, can present a significant cyber risk. Hackers know that certain cameras are easy to take over and use as an entry point to the network. Several factors make cameras easy to breach.

• Outdated network design. Historically, security and IT technology have existed in separate worlds, creating a lag in feature and technology integration. Security devices were typically connected in a closed network design, which did not reflect the security demands of internet, Wi-Fi or cellular connections.

• Inadequate maintenance. Many aging physical security devices no longer receive updated firmware from manufacturers. Security management protocols may be similarly outdated, hearkening back to the days when security devices were part of closed systems, and may not follow cyber best practices such as frequent password changes.

• Knowledge gap. Employees who installed and managed physical security systems originally may have left the organisation, leaving a gap in knowledge about devices, configurations, and maintenance.


Closing the gaps

To determine the cyber risk of physical security systems, organisations should conduct a posture assessment, creating and maintaining an inventory of all network-connected devices and their connectivity, firmware version and configuration. As part of the assessment, they must identify models and manufacturers of concern. They should also document all users with knowledge of security devices and systems.

The review can pinpoint devices and systems needing replacement. When developing a replacement programme, organisations should prioritise strategies that support modernisation. One effective approach is to unify physical and cybersecurity devices and software on a single, open architecture platform with centralised management tools and views.

Additionally, while it is a bigger undertaking, it is highly recommended that organisations bring cybersecurity and physical security teams together to work collaboratively and proactively, so they can develop a comprehensive security programme based on a common understanding of risk, responsibilities, strategies, and practices.

Ongoing best practices

Once secure devices and protocols are in place, organisations should follow best practices to keep physical security systems safe and sound.

•Security monitoring. Ensure all network-connected physical security devices are monitored and managed by the IT tools for network and security management. Also check for features in the video management system (VMS) and access control system (ACS) that provide alerts or data for use by the IT’s network and security monitoring tools.

• Protection measures. Use secure protocols to connect devices to the network. Disable access methods that support a low level of security protection, and continually verify configurations of security features and alerts. Of course, replace default passwords with new ones, ensuring password changes on a regular schedule.

• Encryption. End-to-end encryption offers the most security to protect video streams and data as they travel from the physical security device to a management system for viewing. Also, ensure that encryption protects these files and data while in storage.

• Access defences. Strengthen the security of user and device access with a multilayer strategy that includes multifactor access authentication and defined user authorisations.

• Software updates. One management function often overlooked when cybersecurity and physical security teams are separate, is the installation of software updates and patches. Define who is responsible for maintaining awareness of available updates, and who vets, deploys and documents updates on all devices and systems.

• Supply chain. Ensure that all suppliers of hardware and software for your physical security systems – including manufacturers of components within OEM solutions -- consider cybersecurity in the development of their solutions, right from the design stage. They should communicate transparently about their possible vulnerabilities, do everything possible to remedy them, and assume their responsibilities in the event of a breach.

There is no such thing as zero risk when it comes to cybersecurity. By recognising that physical and cyber domains are interdependent, by applying best practices and implementing systematic cyber-hygiene policies, organisations can dramatically reduce risk and strengthen security, even as cyber-threats grow more sophisticated and targeted amidst global political turmoil.

For more information, contact Genetec, Quintin Roberts, +27 79 497 5129, qroberts@genetec.com, www.genetec.com


Credit(s)

Email: qroberts@genetec.com
www: www.genetec.com
Articles: More information and articles about Genetec



Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

New commercial and technical appointments at Veeam
News & Events Infrastructure
Veeam Software has announced two senior appointments in its South African business as it continues to invest in local market growth and partner and customer engagement.

Read more...
What’s in store for PAM and IAM?
Access Control & Identity Management Information Security
Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in the coming year, driven by evolving cybersecurity realities, hybridisation, AI, and more.

Read more...
The challenges of cybersecurity in access control
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security
SMART Security Solutions summarises the key points dealing with modern cyber risks facing access control systems, from Mercury Security’s white paper “Meeting the Challenges of Cybersecurity in Access Control: A Future-Ready Approach.”

Read more...
Access as a Service is inevitable
Technews Publishing SMART Security Solutions ATG Digital Access Control & Identity Management Infrastructure
When it comes to Access Control as a Service (ACaaS), most organisations (roughly 90% internationally) plan to move, or are in the process of moving to the cloud, but the majority of existing infrastructure (about 70%) remains on-premises for now.

Read more...
Securing your access hardware and software
SMART Security Solutions Technews Publishing RBH Access Technologies Access Control & Identity Management Information Security
Securing access control technology is critical for physical and digital security. Every interaction between readers, controllers, and host systems creates a potential attack point for those with nefarious intent.

Read more...
Privacy by design or by accident
Security Services & Risk Management Infrastructure
Africa’s data future depends on getting it right at the start. If privacy controls do not withstand real-world conditions, such as unstable power, fragile last-mile connectivity, shared devices, and decentralised branch environments, then privacy exists only on paper.

Read more...
Phishing and social engineering are the most significant risks
News & Events Information Security
ESET Research found that phishing accounted for 45,7% of all detected cyberthreats in South Africa, with higher-quality deepfakes, signs of AI-generated phishing websites, and short-lived advertising campaigns designed to evade detection.

Read more...
Access trends for 2026
Technews Publishing SMART Security Solutions RR Electronic Security Solutions Enkulu Technologies IDEMIA neaMetrics Editor's Choice Access Control & Identity Management Infrastructure
The access control and identity management industry has been the cornerstone of organisations of all sizes for decades. SMART Security Solutions asked local integrators and distributors about the primary trends in the access and identity market for 2026.

Read more...
Access data for business efficiency
Continuum Identity Editor's Choice Access Control & Identity Management AI & Data Analytics Facilities & Building Management
In all organisations, access systems are paramount to securing people, data, places, goods, and resources. Today, hybrid systems deliver significant added value to users at a much lower cost.

Read more...
Zero Trust access control
Technews Publishing SMART Security Solutions CASA Software NEC XON Editor's Choice Access Control & Identity Management Information Security
Zero Trust Architecture enforces the rule of ‘never trust, always verify’. It changes an organisation’s security posture by assuming that threats exist both inside and outside the perimeter, and it applies to information and physical security.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.