Halt, who goes there?

March 2019 Editor's Choice, Information Security

This way of thinking may have been relevant many years ago, but times and technology have changed in leaps and bounds and the two separate species have been forced to morph into a new hybrid, ‘FrankenSecurity’ for lack of a better word.

Craig Rosewarne.
Craig Rosewarne.

This way of thinking may have been relevant many years ago, but times and technology have changed in leaps and bounds and the two separate species have been forced to morph into a new hybrid, ‘FrankenSecurity’ for lack of a better word.

Physical security is a critical factor in an organisation’s defences, especially smaller businesses that do not have the vast resources to devote to personnel and equipment. IoT (Internet of Things) devices have stepped into the gap to assist in securing physical security. However, they bring with them their own inherent dangers. As devices become cheaper and more available, suppliers are rushing them into the market place without fully ascertaining any flaws that could be available to hackers and intruders.

Any Internet connected device is a potential point of entry into your organisation’s most valuable asset, data. CCTV cameras are invaluable in monitoring human traffic to restricted areas and are vital in providing forensic evidence during and after an incident where security has been breached. Security surveillance cameras have been used for many years, and early models are particularly vulnerable to a hacking attack. In many cases they are well over their end-of-life phase and there are no patches or updates available to keep them operating reliably.

Securing all entry points is not as simple as it sounds. It would take vast amounts of human resources to achieve this and, as we know, humans are also fallible. Security gates and doors requiring access cards and the like go a long way in alleviating the risk of unwanted guests. Biometrics add an additional layer of protection in protecting your company’s assets.

Again, however, all these devices being wireless and Internet based are vulnerable to attack. When one considers that a motor vehicle can be hacked and taken control of, simple IoT devices are a walk in the park.

An organisation’s sever room is the mind, heart and soul of the business and needs to be especially well protected both physically and using the best cyber defences. Here again, security gates requiring access cards and/or biometrics, CCTV cameras and alarms are crucial in protecting the ‘Crown Jewels’. Access needs to be severely curtailed to only those personnel vital to maintain the system. However, all personnel need to be trained in security awareness and foster an awareness of both physical and cybersecurity.

It’s all at risk

So what is at risk in a modern business complex? Well, basically everything. An innocent looking thermostat in a casino fish tank was recently hacked and access was gained into the system. As we seek to make our lives and running a business easier, people are turning to the Internet to take over many mundane functions.

A building relies on its HVAC (heating, ventilating, air conditioning) to keep its workers climatically comfortable. Most are connected wirelessly to a central control panel. Ditto with all video surveillance feeds. Even the humble irrigation and sprinkler systems pose a risk to an organisation from those seeking to gain access into the heart of the company or simply to make life unpleasant for those working there. Unfortunately there are very few standards that these devices are required to meet, making hackers lives a lot easier.

The convergence of physical and cyber- security has been around for a while now since the first attacks started. However, according to Scott Borg, director of the U.S. Cyber Consequences Unit: “As long as organisations treat their physical and cyber domains as separate, there is little hope of securing either one. The convergence of cyber and physical security has already occurred at the technical level. It is long overdue at the organisational level.” (http://fedtechmagazine.com/article.asp?item_id=512)

• The lack of a comprehensive fusion of both systems can lead to many challenges for businesses and organisations.

• Tampering with systems is more difficult to detect due to the lack of adequate physical and logical devices.

• There is a noticeable increase in the threat of theft of both financial and information assets.

• No single system is available to identify a person’s true identity.

• There is a lack of best practices applied to IT management and physical security devices.

The next time you are attending a company meeting, think of who else could be attending in abstentia and happily gathering future prospects, intellectual property and other company secrets. Your voice, video and data transmissions are not secure! It is estimated that there will be 22 billion IoT devices connected to the Internet by 2020.

Yes, that’s next year folks.

For more information contact Wolfpack Information Risk, +27 11 794 7322, [email protected], www.wolfpackrisk.com



Credit(s)





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Deepfakes and digital trust
Editor's Choice
By securing the video right from the specific camera that captured it, there is no need to prove the chain of custody for the video, you can verify the authenticity at every step.

Read more...
A new generational framework
Editor's Choice Training & Education
Beyond Generation X, and Millennials, Dr Chris Blair discusses the seven decades of technological evolution and the generations they defined, from the 1960’s Mainframe Cohort, to the 2020’s AI Navigators.

Read more...
From the editor's desk: Showtime for Securex
Technews Publishing News & Events
We have once again reached the time of year when the security industry focuses on Securex. This issue includes a short preview, with more coming online and via our special Securex Preview news briefs. ...

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
Key design considerations for a control room
Leaderware Editor's Choice Surveillance Training & Education
If you are designing or upgrading a control room, or even reviewing or auditing an existing control room, there are a number of design factors that one would need to consider.

Read more...
Digitising security solutions with AI and smart integration
Regal Security Distributors SA Technews Publishing Integrated Solutions
The Regal Projects Team’s decades of experience and commitment to integration have brought the digital security guard to life as a trusted force for safer, smarter living.

Read more...
From the editor's desk: We’ve only just begun
Technews Publishing News & Events
The surveillance market has expanded far beyond the analogue days of just recording and/or monitoring screens. The capabilities of surveillance technology today extend to black screen monitoring with ...

Read more...
The future of the surveillance channel
Duxbury Networking Technews Publishing Elvey Security Technologies SMART Security Solutions Surveillance
The video surveillance market has evolved from camera-based specifications to integrated solutions that solve customers’ problems. Moreover, the growth of AI and cloud has changed the channel even more, with more to come.

Read more...
CCTV control room operator job description
Leaderware Editor's Choice Surveillance Training & Education
Control room operators are still critical components of security operations and will remain so for the foreseeable future, despite the advances of AI, which serves as a vital enhancement to the human operator.

Read more...
AI means proactive surveillance
DeepAlert Technews Publishing SMART Security Solutions AI & Data Analytics Surveillance
SMART Security Solutionsasked DeepAlert for some insight into how AI is transforming video surveillance, even to the extent of it being taught to protect the privacy of those in the cameras’ view.

Read more...