Everything is connected

March 2018 Information Security, Security Services & Risk Management

Physical security is no longer just a case of a high fence and security guards. Everything is interconnected and reliant on readily available information and visibility in order to maintain security installations.

 John Mc Loughlin.
John Mc Loughlin.

Most businesses have access control systems that are connected to a computer, which often sits outside of the rest of the network. This is part of a bigger network of CCTV, proximity sensors and similar technologies along with the high fences and security guards acting as physical patrols.

All aspects of security are driven by information, and all of this is digital – so by not ensuring that you have the correct cyber-security programme in place all can be lost to a smart cyber-attack. Internet Protocol (IP) phones, cameras, access control are all connected to the Internet. Do you know how much of your footprint is visible to the outside world… and is it secured?

An important point to get out of the way is the ongoing mention of IT security. The name itself is incorrect; if we continue to focus on the words IT security, it means that this field sits purely within IT. This is not the case today. Cybersecurity cannot be done just by IT, it is a specialist field. You would not get an ice cream manufacturer to handle your physical security, so why ask an IT professional to manage your cybersecurity. Both could do the job, but would the outcome be desirable?

Cybersecurity threats are growing exponentially and this is because they are very difficult to trace with a far lower risk while still yielding very high returns.

We have seen many enterprises that have excellent physical perimeter security which includes access control systems, cameras and smart licence scanning at the gates. Access control systems contain sensitive and confidential information of all staff and contractors. These machines are usually attached to the network and accessible from the Internet to maintain a central database or report to HR. Another aspect is that sometimes these machines are not managed and therefore remain unpatched – or run an obsolete operating system such as Windows XP.

I have been told in several meetings that these access control machines are not very important because they just let people in and out, and the information is then used for payroll. This includes biometric data of all staff and visitors; the information that allows direct access into your property. Additionally, with this information a very focused and targeted social engineering or phishing attack on your staff could be launched. When you add personal information security requirements contained in legislation such as PoPIA, it is critical that all these systems are carefully managed and monitored.

Vulnerabilities in systems, especially those considered Internet of Things (IoT) devices, appear almost every day. Yet, most businesses do not even know that their CCTV control system should be updated or patched regularly – let alone what is accessible from the outside world. Many of these systems have direct Internet access and many installers never bother to change the default usernames and passwords. This is because cybersecurity is not thought of during the installation phase of these projects, and this step is then forgotten even after it is live.

A lack of cybersecurity visibility means that there is very easy access to all the information on your systems, including personal information, usernames and passwords. Open access to actual video feeds is also quite easily achieved through compromised or unsecured equipment. A simple Google search can give us access to thousands of camera feeds, images and login details from businesses all over the world.

The reality is that in today’s ever-evolving threat landscape, physical security is only one aspect of an overall requirement to secure businesses. Everything is hyper-connected and constant cybersecurity monitoring is critical – of computer networks and devices, but also the equipment used for physical security.

It is all well and good to have smart devices to scan a licence disc on entry, but without knowing that systems are secure and up to date you stand the risk of suffering a massive cyber breach. Reputational damage alone can destroy a business and lead to personal loss. An unsophisticated attack on a non-secured physical security environment can leapfrog onto other business systems, exposing confidential information, routes, customers, packages or even discount models – all of which can have a major impact on the business or be used to plan a heist or strike a ransomware attack.

The truth of the matter is that it is not only corporate servers and PCs which require cybersecurity monitoring and reporting, but this is also a massive requirement for security systems, cameras, IP phones and all other Internet connected equipment. Without visibility and monitoring you will never know where your cyber risks are.

For more information contact J2 Software, +27 (0)87 238 1870, john@j2.co.za, www.j2.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cybersecurity needs actual intelligence before artificial intelligence
Information Security AI & Data Analytics
Cybersecurity depends on interpretation. A tool can tell you that something unusual has happened, but people need to determine whether it is a genuine risk, the business impact, and how to respond without causing unnecessary disruption.

Read more...
Duxbury Cybersecurity sharpens reseller offering
Duxbury Networking Information Security News & Events
Duxbury Networking has strengthened its Duxbury Cybersecurity business unit by adding WatchGuard and Cynet, giving South African resellers broader, more integrated coverage for the security risks customers are now asking them to address.

Read more...
Echoes of 2018? Follow-up on Woolworths explosions
Technews Publishing News & Events Security Services & Risk Management Retail (Industry) Facilities & Building Management
SMART Security Solutions follows up with Jimmy Roodt to find out more about an old connection to the Woolworths bombings from 2018. The investigation remains ongoing.

Read more...
NEC XON detects and stops ransomware attack
NEC XON Information Security IoT & Automation
Ransomware attacks rarely begin with chaos. More often, they start quietly, with probing, mapping, and patient reconnaissance inside a target’s network. That was the situation facing a global recruitment firm when cybercriminals attempted to navigate its systems.

Read more...
Next-generation cash-in-transit vehicle
News & Events Security Services & Risk Management
Fidelity Services Group has unveiled a new, purpose-engineered Cash-in-Transit (CIT) vehicle designed to redefine crew protection, deter threats, and enhance operational resilience in an increasingly complex criminal environment.

Read more...
Sara AI Pentesting available in South Africa
Information Security News & Events
Synack and Wolfpack Information Risk are offering Sara AI Pentesting to organisations across South Africa, helping companies move from point-in-time testing to continuous security validation with AI and human expertise.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
AURA partners with Discovery to launch Discovery 911
News & Events Security Services & Risk Management
AURA has announced a partnership with Discovery Insure to power the security-response component of its new Discovery 911 virtual panic-button offering, which is available through the Discovery Insure app.

Read more...
Cybersecurity in a digitally connected security industry
SA Technologies Information Security IoT & Automation
As more organisations move towards digital visitor management, cloud-based access control, mobile applications, biometric verification, and connected security platforms, cybersecurity must be viewed as part of the full security environment.

Read more...
Enterprises must prepare for digital conflict
Information Security
Cyberattacks can be launched remotely and at scale. A coordinated attack launched from anywhere in the world can disrupt supply chains, shut down utilities, or expose millions of customer records within minutes.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.