Halt, who goes there?

March 2019 Editor's Choice, Cyber Security

This way of thinking may have been relevant many years ago, but times and technology have changed in leaps and bounds and the two separate species have been forced to morph into a new hybrid, ‘FrankenSecurity’ for lack of a better word.

Craig Rosewarne.
Craig Rosewarne.

This way of thinking may have been relevant many years ago, but times and technology have changed in leaps and bounds and the two separate species have been forced to morph into a new hybrid, ‘FrankenSecurity’ for lack of a better word.

Physical security is a critical factor in an organisation’s defences, especially smaller businesses that do not have the vast resources to devote to personnel and equipment. IoT (Internet of Things) devices have stepped into the gap to assist in securing physical security. However, they bring with them their own inherent dangers. As devices become cheaper and more available, suppliers are rushing them into the market place without fully ascertaining any flaws that could be available to hackers and intruders.

Any Internet connected device is a potential point of entry into your organisation’s most valuable asset, data. CCTV cameras are invaluable in monitoring human traffic to restricted areas and are vital in providing forensic evidence during and after an incident where security has been breached. Security surveillance cameras have been used for many years, and early models are particularly vulnerable to a hacking attack. In many cases they are well over their end-of-life phase and there are no patches or updates available to keep them operating reliably.

Securing all entry points is not as simple as it sounds. It would take vast amounts of human resources to achieve this and, as we know, humans are also fallible. Security gates and doors requiring access cards and the like go a long way in alleviating the risk of unwanted guests. Biometrics add an additional layer of protection in protecting your company’s assets.

Again, however, all these devices being wireless and Internet based are vulnerable to attack. When one considers that a motor vehicle can be hacked and taken control of, simple IoT devices are a walk in the park.

An organisation’s sever room is the mind, heart and soul of the business and needs to be especially well protected both physically and using the best cyber defences. Here again, security gates requiring access cards and/or biometrics, CCTV cameras and alarms are crucial in protecting the ‘Crown Jewels’. Access needs to be severely curtailed to only those personnel vital to maintain the system. However, all personnel need to be trained in security awareness and foster an awareness of both physical and cybersecurity.

It’s all at risk

So what is at risk in a modern business complex? Well, basically everything. An innocent looking thermostat in a casino fish tank was recently hacked and access was gained into the system. As we seek to make our lives and running a business easier, people are turning to the Internet to take over many mundane functions.

A building relies on its HVAC (heating, ventilating, air conditioning) to keep its workers climatically comfortable. Most are connected wirelessly to a central control panel. Ditto with all video surveillance feeds. Even the humble irrigation and sprinkler systems pose a risk to an organisation from those seeking to gain access into the heart of the company or simply to make life unpleasant for those working there. Unfortunately there are very few standards that these devices are required to meet, making hackers lives a lot easier.

The convergence of physical and cyber- security has been around for a while now since the first attacks started. However, according to Scott Borg, director of the U.S. Cyber Consequences Unit: “As long as organisations treat their physical and cyber domains as separate, there is little hope of securing either one. The convergence of cyber and physical security has already occurred at the technical level. It is long overdue at the organisational level.” (http://fedtechmagazine.com/article.asp?item_id=512)

• The lack of a comprehensive fusion of both systems can lead to many challenges for businesses and organisations.

• Tampering with systems is more difficult to detect due to the lack of adequate physical and logical devices.

• There is a noticeable increase in the threat of theft of both financial and information assets.

• No single system is available to identify a person’s true identity.

• There is a lack of best practices applied to IT management and physical security devices.

The next time you are attending a company meeting, think of who else could be attending in abstentia and happily gathering future prospects, intellectual property and other company secrets. Your voice, video and data transmissions are not secure! It is estimated that there will be 22 billion IoT devices connected to the Internet by 2020.

Yes, that’s next year folks.

For more information contact Wolfpack Information Risk, +27 11 794 7322, info@wolfpackrisk.com, www.wolfpackrisk.com



Credit(s)





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Tips on secure remote working
Issue 3 2020 , IT infrastructure, Cyber Security
NordVPN advises how to stay secure while working from home during the coronavirus outbreak.

Read more...
Integrating security with financial operations
Issue 3 2020, Technews Publishing, Hikvision South Africa, Cathexis Technologies, Axis Communications SA , Financial (Industry)
Hi-Tech Security Solutions approached a number of companies to find out what they are doing to enhance the value their security technology provides to financial companies.

Read more...
Four financial risks for the future
Issue 3 2020, CA Southern Africa , Editor's Choice
Gregory Dellas, security presales consultant at CA Southern Africa, highlights four areas of cyber-risk the financial industry will face in 2020 onwards.

Read more...
From the Editor: The lockdown issue
Issue 3 2020, Technews Publishing , News
Welcome to the first (and hopefully, only) issue of Hi-Tech Security Solutions that was put together in lockdown.

Read more...
Events
Issue 3 2020, Technews Publishing , News
Hi-Tech Security Solutions has endeavoured to confirm the dates of the events below, however, due to the COVID-19 crisis, please check the event websites to confirm the events are still taking place and/or ...

Read more...
Securex postponed to August 2020 due to COVID-19
Issue 3 2020 , Editor's Choice
Specialised Exhibitions has opted to reschedule its Securex South Africa, A-OSH Expo and Facilities Management Expo trade shows to 18 to 20 August 2020.

Read more...
Pima’s Force Series
Issue 3 2020, Technews Publishing , Perimeter Security, Alarms & Intruder Detection
Pima recently launched its latest alarm system, the Force Series into the South African market.

Read more...
Leaders in risk & security: Yesterday’s achievement, tomorrow’s standard
Issue 3 2020, Technews Publishing , Editor's Choice
Jack Edery ran a successful security distribution company and developed a team that was the envy of his competitors.

Read more...
The impact of the COVID-19 virus on security
Issue 3 2020, Leaderware , Editor's Choice
The social and personal implications of the COVID-19 Corona virus has already had a devastating impact on countries, social institutions, communities, businesses and individuals.

Read more...
85% of South African businesses are vulnerable to disruption
Issue 3 2020 , Editor's Choice
Disruption is an inescapable and growing threat across industries in South Africa. Accenture’s 2020 Innovation Maturity Index shows that the majority of South African companies are vulnerable.

Read more...