Keeping our changing environment secure

Residential Estate Security Handbook 2019 Editor's Choice, Security Services & Risk Management

Electronic security started with the development of CCTV systems made of analogue cameras where information was recorded on to VHS tapes and stored in the security centre. As the acronym points out – it was a closed-circuit TV system.

In this digital technology age, we assume that wherever we are we can have permanent connectivity to the Internet via a variety of electronic devices and use them for viewing cameras, unlocking doors, accessing data, communicating with other people and so on. Every time we use a device, we are entering the realm of cyberspace. It is not a controllable physical space.


Rob Anderson

A whole new set of opportunities have been discovered by those who have bad intentions and are keen to exploit us and our connectivity to enrich themselves at our expense. We have a new challenge.

The digital age relies mostly on the expertise of the IT specialists. This is complicated and difficult to others. The fact that the electronic equipment being used has to be installed, programmed and maintained by IT specialists, has meant that the whole security solution has migrated, in a large part, to being under the control of the IT specialists.

This has not been a good idea from the point of view of those who understand criminology and good security practice.

What needs to be done is for the criminology and security specialists to take back control of the part which they understand instead of being frightened off by the apparently complex IT issues.

How will they do this?

For a crime to take place there needs to be a victim and a criminal who sees an opportunity. For a cybercrime to take place we need the same set of circumstances, although the participants may now be called an unaware user and a hacker looking for an opportunity.

The basic principles of CPTED (Crime Prevention Through Environmental Design)/Designing out Crime, have been well documented and discussed. Instead of re-inventing the wheel, would it not be a good idea to take these basic principles and apply them to the digital environment. As a reminder, these principles are as follows:

1. Surveillance and visibility.

2. Territoriality.

3. Access and escape routes.

4. Image and aesthetics.

5. Defensible space and target hardening.

Applying these to the digital age, we can define the following principles.

Vigilance and responsibility

Surveillance and visibility becomes vigilance and responsibility. This means we must all not be unaware users. We should not make use of our security access to ‘quickly check emails while we are online’, especially those who have Administrator privileges on the network. This would give cyber criminals the opportunity to change the network settings for their own purposes.

We should be aware that ‘phishing’ emails are one of the biggest problems. As the user, it would be your responsibility to report anything you think is suspicious to those who are responsible for the network.

The target is continually moving. As well as user vigilance and responsibility, a network surveillance system can be installed to monitor the network and to detect any unusual activity. This could be a place for the use of AI (artificial intelligence) techniques. It can never be said that there is a point where the risk is zero, so there must be a recovery plan in place for the possibility that a cyber-attack takes place.

Territoriality

This principle does not need to be re-defined. The common thread is OWNERSHIP. For this reason, fragmented solutions where there are no clear responsibilities defined for IT people and security people, cannot work. There is no pride in ownership by either.

The IT service providers must maintain and upgrade the network and communicate with the security service providers. The limitations and possibilities of the network structure and the respect for systems and procedures in place to maintain the integrity of the installation should be communicated to the users.

The users can communicate operational requests to the network managers. They should expect to receive adequate and ongoing training in the use of the equipment. This approach should provide for a harmonious working solution.

Access and escape routes

This can be as simple for users as:

• Password management.

• Don’t share your password or access privileges with anyone.

• Don’t plug other people’s memory sticks into your computer.

Having accessed your network and carried out the attack, the criminal can escape into cyber space, not into the local area. The effect of the attack may not be apparent for a while. The criminal did not leave you an audit trail of CCTV images and bare spaces where your possessions have been removed. You cannot see what has been stolen or how it was done. There is a possibility for the criminal to return multiple times.

Image and aesthetics

This is part of designing out crime. The easier to use the interface between user and network/digital mechanism is, the more willingly compliance can be achieved.

Those who are using the screen interface for their security surveillance work, for example, should be able to log in securely, carry out their assigned tasks without being stressed by difficult-to-follow commands and instructions, and log out at the end of their session. This in place and good training will ensure that all data has been safely captured for reporting and investigation.

Communication is a key factor again, this time between the software designers and the security solution advisers.

Defensible space and target hardening

The manufacturers are applying themselves to this problem to make sure that their devices and systems are as secure as possible, on an ongoing basis. They have had to introduce research and development programmes to address these issues since the target is always moving.

Those maintaining the network should make sure that all updates and patches issued are installed. The security network should never be part of a general IT solution for the site. The installation of antivirus software and the secure storage of information to comply with data protection regulations, also forms part of defending your space and making it more difficult to target your network.

It will be easier, as in the case of physical crime, to move on and find someone who has not been so vigilant.

In conclusion

Now that it can be seen that crime, whether in the physical space or cyberspace, is still crime and that the basic elements for committing the crime – opportunity, target and of course a criminal – can be analysed and dealt with by doing our best to apply CPTED principles and work on designing out crime as best we can.

To be able to apply all this means we have to have a starting point to define what we need to address. The importance of the risk assessment can never be underestimated. Risk assessments will always address the issues of target and opportunity so that the area of interest for the criminal can be defined and the necessary target hardening can be introduced to reduce access to the opportunity.

Appropriately completed with objective analysis of the results and the application of a solution which addresses the risks of the time, as far as possible, is the best we can do. Regular re-assessment and re-evaluation without knee-jerk responses to isolated incidents, but thorough investigation and analysis will be the best that any security solution designer can do.

Each system must have an owner who understands the mechanism of crime and the IT space, take responsibility for outcomes and: Be Aware and Beware.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

FortiGuard labs reports disruptive shift of cyber threats
Issue 1 2021 , Editor's Choice
Threat intelligence from the second half of 2020 demonstrates an unprecedented cyber-threat landscape where cyber adversaries maximised the constantly expanding attack surface to scale threat efforts around the world. Adversaries proved to be highly adaptable, creating waves of disruptive and sophisticated attacks.

Read more...
The year resilience paid off
Issue 8 2020 , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions spoke to Michael Davies about business continuity and resilience in a year when everything was put to the test.

Read more...
Retail solutions beyond security
Issue 8 2020, Axis Communications SA, Technews Publishing, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring
The need for security technology to deliver more than videos of people falling or stealing from retail stores is greater than ever.

Read more...
Smart healthcare
Issue 2 2021 , Editor's Choice
In the past year, hospitals, elder care and other healthcare facilities have found themselves overwhelmed with new patients, COVID-19 regulations and other side effects of the pandemic. As efforts focused ...

Read more...
Platform-based access management solution
Issue 2 2021, ASSA ABLOY South Africa , Editor's Choice
Available in South Africa and throughout sub-Saharan Africa, new Incedo Business connects all your security software and hardware within one platform. You can easily scale it up or down, based on your needs, to keep your people moving and your business growing.

Read more...
FS Systems celebrates 50 years
Issue 2 2021 , Editor's Choice
This year, FS Systems celebrates 50 years in the fire detection and enterprise security market, successfully executing projects in over nine countries in Africa and LATAM.

Read more...
Formative AI and distributed cloud among four megatrends revealed at MIPS 2021
Issue 2 2021, Milestone Systems , Editor's Choice
Almost 4000 participants representing end customers, technology partners and media from across the globe attended the first virtual MIPS conference, held over two days in March 2021.

Read more...
Kiss passwords G00dby3
Issue 2 2021 , Editor's Choice
Cisco Secure has unveiled infrastructure agnostic, passwordless authentication by Duo which enables enterprise users to skip the password and securely log into cloud applications via security keys or biometrics built into modern laptops and smartphones.

Read more...
200 000 daily access transactions
Issue 2 2021, Impro Technologies , Editor's Choice
The University of KwaZulu-Natal’s legacy access control system was suffering from increasingly limited support, both in terms of hardware and software, with maintenance becoming a pressing concern as it on-boards approximately 9000 new students each year across five campuses.

Read more...
Do not take the bait
Issue 2 2021 , Editor's Choice
Banks are unable to fully protect consumers from falling prey to the tactics used by fraudsters to obtain confidential information such as banking details, card information and one-time-pins.

Read more...