Keeping our changing environment secure

Residential Estate Security Handbook 2019 Editor's Choice, Security Services & Risk Management

Electronic security started with the development of CCTV systems made of analogue cameras where information was recorded on to VHS tapes and stored in the security centre. As the acronym points out – it was a closed-circuit TV system.

In this digital technology age, we assume that wherever we are we can have permanent connectivity to the Internet via a variety of electronic devices and use them for viewing cameras, unlocking doors, accessing data, communicating with other people and so on. Every time we use a device, we are entering the realm of cyberspace. It is not a controllable physical space.


Rob Anderson

A whole new set of opportunities have been discovered by those who have bad intentions and are keen to exploit us and our connectivity to enrich themselves at our expense. We have a new challenge.

The digital age relies mostly on the expertise of the IT specialists. This is complicated and difficult to others. The fact that the electronic equipment being used has to be installed, programmed and maintained by IT specialists, has meant that the whole security solution has migrated, in a large part, to being under the control of the IT specialists.

This has not been a good idea from the point of view of those who understand criminology and good security practice.

What needs to be done is for the criminology and security specialists to take back control of the part which they understand instead of being frightened off by the apparently complex IT issues.

How will they do this?

For a crime to take place there needs to be a victim and a criminal who sees an opportunity. For a cybercrime to take place we need the same set of circumstances, although the participants may now be called an unaware user and a hacker looking for an opportunity.

The basic principles of CPTED (Crime Prevention Through Environmental Design)/Designing out Crime, have been well documented and discussed. Instead of re-inventing the wheel, would it not be a good idea to take these basic principles and apply them to the digital environment. As a reminder, these principles are as follows:

1. Surveillance and visibility.

2. Territoriality.

3. Access and escape routes.

4. Image and aesthetics.

5. Defensible space and target hardening.

Applying these to the digital age, we can define the following principles.

Vigilance and responsibility

Surveillance and visibility becomes vigilance and responsibility. This means we must all not be unaware users. We should not make use of our security access to ‘quickly check emails while we are online’, especially those who have Administrator privileges on the network. This would give cyber criminals the opportunity to change the network settings for their own purposes.

We should be aware that ‘phishing’ emails are one of the biggest problems. As the user, it would be your responsibility to report anything you think is suspicious to those who are responsible for the network.

The target is continually moving. As well as user vigilance and responsibility, a network surveillance system can be installed to monitor the network and to detect any unusual activity. This could be a place for the use of AI (artificial intelligence) techniques. It can never be said that there is a point where the risk is zero, so there must be a recovery plan in place for the possibility that a cyber-attack takes place.

Territoriality

This principle does not need to be re-defined. The common thread is OWNERSHIP. For this reason, fragmented solutions where there are no clear responsibilities defined for IT people and security people, cannot work. There is no pride in ownership by either.

The IT service providers must maintain and upgrade the network and communicate with the security service providers. The limitations and possibilities of the network structure and the respect for systems and procedures in place to maintain the integrity of the installation should be communicated to the users.

The users can communicate operational requests to the network managers. They should expect to receive adequate and ongoing training in the use of the equipment. This approach should provide for a harmonious working solution.

Access and escape routes

This can be as simple for users as:

• Password management.

• Don’t share your password or access privileges with anyone.

• Don’t plug other people’s memory sticks into your computer.

Having accessed your network and carried out the attack, the criminal can escape into cyber space, not into the local area. The effect of the attack may not be apparent for a while. The criminal did not leave you an audit trail of CCTV images and bare spaces where your possessions have been removed. You cannot see what has been stolen or how it was done. There is a possibility for the criminal to return multiple times.

Image and aesthetics

This is part of designing out crime. The easier to use the interface between user and network/digital mechanism is, the more willingly compliance can be achieved.

Those who are using the screen interface for their security surveillance work, for example, should be able to log in securely, carry out their assigned tasks without being stressed by difficult-to-follow commands and instructions, and log out at the end of their session. This in place and good training will ensure that all data has been safely captured for reporting and investigation.

Communication is a key factor again, this time between the software designers and the security solution advisers.

Defensible space and target hardening

The manufacturers are applying themselves to this problem to make sure that their devices and systems are as secure as possible, on an ongoing basis. They have had to introduce research and development programmes to address these issues since the target is always moving.

Those maintaining the network should make sure that all updates and patches issued are installed. The security network should never be part of a general IT solution for the site. The installation of antivirus software and the secure storage of information to comply with data protection regulations, also forms part of defending your space and making it more difficult to target your network.

It will be easier, as in the case of physical crime, to move on and find someone who has not been so vigilant.

In conclusion

Now that it can be seen that crime, whether in the physical space or cyberspace, is still crime and that the basic elements for committing the crime – opportunity, target and of course a criminal – can be analysed and dealt with by doing our best to apply CPTED principles and work on designing out crime as best we can.

To be able to apply all this means we have to have a starting point to define what we need to address. The importance of the risk assessment can never be underestimated. Risk assessments will always address the issues of target and opportunity so that the area of interest for the criminal can be defined and the necessary target hardening can be introduced to reduce access to the opportunity.

Appropriately completed with objective analysis of the results and the application of a solution which addresses the risks of the time, as far as possible, is the best we can do. Regular re-assessment and re-evaluation without knee-jerk responses to isolated incidents, but thorough investigation and analysis will be the best that any security solution designer can do.

Each system must have an owner who understands the mechanism of crime and the IT space, take responsibility for outcomes and: Be Aware and Beware.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Read more...
Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.

Read more...
AI enables security solutions to define business strategies
Regal Distributors SA Editor's Choice
While allowing technologies to do exactly what they should do with even more efficiency and precision, AI is also empowering these same technologies to break through their traditional boundaries and create an ecosystem where one interface delivers outcomes across highly segmented verticals.

Read more...
Putting cyber into surveillance
Dallmeier Electronic Southern Africa Cathexis Technologies Technews Publishing Editor's Choice
Cybersecurity has become an essential part of the physical security industry. However, unlike other IoT technologies, of which security products are a part, surveillance technologies have more to protect.

Read more...
2024 State of Security Report
Editor's Choice
Mobile IDs, MFA and sustainability emerge as top trends in HID Global’s 2024 State of Security Report, with artificial intelligence appearing in the conversation for the first time.

Read more...
Cyberthreats facing SMBs
Editor's Choice
Data and credential theft malware were the top two threats against SMBs in 2023, accounting for nearly 50% of all malware targeting this market segment. Ransomware is still the biggest threat.

Read more...
Are we our own worst enemy?
Editor's Choice
Sonja de Klerk believes the day-to-day issues we face can serve as opportunities for personal growth and empowerment, enabling us to contribute to creating a better and safer environment for ourselves and South Africa.

Read more...
How to spot a cyberattack if you are not a security pro
Editor's Choice
Cybersecurity awareness is straightforward if you know what to look for; vigilance and knowledge are our most potent weapons and the good news is that anyone can grasp the basics and spot suspicious activities.

Read more...
Protecting IP and secret data in the age of AI
Editor's Choice
The promise of artificial intelligence (AI) is a source of near-continuous hype for South Africans. However, for enterprises implementing AI solutions, there are some important considerations regarding their intellectual property (IP) and secret data.

Read more...
Super election year increases risks of political violence
Editor's Choice
Widening polarisation is expected in many elections, with terrorism, civil unrest, and environmental activism risks intensifying in a volatile geopolitical environment. Multinational businesses show an increasing interest in political violence insurance coverage in mitigation.

Read more...