Halt, who goes there?

March 2019 Editor's Choice, Cyber Security

This way of thinking may have been relevant many years ago, but times and technology have changed in leaps and bounds and the two separate species have been forced to morph into a new hybrid, ‘FrankenSecurity’ for lack of a better word.

Craig Rosewarne.
Craig Rosewarne.

This way of thinking may have been relevant many years ago, but times and technology have changed in leaps and bounds and the two separate species have been forced to morph into a new hybrid, ‘FrankenSecurity’ for lack of a better word.

Physical security is a critical factor in an organisation’s defences, especially smaller businesses that do not have the vast resources to devote to personnel and equipment. IoT (Internet of Things) devices have stepped into the gap to assist in securing physical security. However, they bring with them their own inherent dangers. As devices become cheaper and more available, suppliers are rushing them into the market place without fully ascertaining any flaws that could be available to hackers and intruders.

Any Internet connected device is a potential point of entry into your organisation’s most valuable asset, data. CCTV cameras are invaluable in monitoring human traffic to restricted areas and are vital in providing forensic evidence during and after an incident where security has been breached. Security surveillance cameras have been used for many years, and early models are particularly vulnerable to a hacking attack. In many cases they are well over their end-of-life phase and there are no patches or updates available to keep them operating reliably.

Securing all entry points is not as simple as it sounds. It would take vast amounts of human resources to achieve this and, as we know, humans are also fallible. Security gates and doors requiring access cards and the like go a long way in alleviating the risk of unwanted guests. Biometrics add an additional layer of protection in protecting your company’s assets.

Again, however, all these devices being wireless and Internet based are vulnerable to attack. When one considers that a motor vehicle can be hacked and taken control of, simple IoT devices are a walk in the park.

An organisation’s sever room is the mind, heart and soul of the business and needs to be especially well protected both physically and using the best cyber defences. Here again, security gates requiring access cards and/or biometrics, CCTV cameras and alarms are crucial in protecting the ‘Crown Jewels’. Access needs to be severely curtailed to only those personnel vital to maintain the system. However, all personnel need to be trained in security awareness and foster an awareness of both physical and cybersecurity.

It’s all at risk

So what is at risk in a modern business complex? Well, basically everything. An innocent looking thermostat in a casino fish tank was recently hacked and access was gained into the system. As we seek to make our lives and running a business easier, people are turning to the Internet to take over many mundane functions.

A building relies on its HVAC (heating, ventilating, air conditioning) to keep its workers climatically comfortable. Most are connected wirelessly to a central control panel. Ditto with all video surveillance feeds. Even the humble irrigation and sprinkler systems pose a risk to an organisation from those seeking to gain access into the heart of the company or simply to make life unpleasant for those working there. Unfortunately there are very few standards that these devices are required to meet, making hackers lives a lot easier.

The convergence of physical and cyber- security has been around for a while now since the first attacks started. However, according to Scott Borg, director of the U.S. Cyber Consequences Unit: “As long as organisations treat their physical and cyber domains as separate, there is little hope of securing either one. The convergence of cyber and physical security has already occurred at the technical level. It is long overdue at the organisational level.” (http://fedtechmagazine.com/article.asp?item_id=512)

• The lack of a comprehensive fusion of both systems can lead to many challenges for businesses and organisations.

• Tampering with systems is more difficult to detect due to the lack of adequate physical and logical devices.

• There is a noticeable increase in the threat of theft of both financial and information assets.

• No single system is available to identify a person’s true identity.

• There is a lack of best practices applied to IT management and physical security devices.

The next time you are attending a company meeting, think of who else could be attending in abstentia and happily gathering future prospects, intellectual property and other company secrets. Your voice, video and data transmissions are not secure! It is estimated that there will be 22 billion IoT devices connected to the Internet by 2020.

Yes, that’s next year folks.

For more information contact Wolfpack Information Risk, +27 11 794 7322, info@wolfpackrisk.com, www.wolfpackrisk.com


Credit(s)





Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

From the editor’s desk: Presenting … how you were hacked
May 2019, Technews Publishing , News
“It’s all fun and games until you hit the wall.” Someone said that to me once (an American, so I don’t know if that’s a common saying in the US). At the time I thought he watched too much reality TV. These ...

Read more...
TAPA 2019 conference: A layered approach to cargo security
May 2019, Technews Publishing , Calendar of Events
26 July 2019 Emperors Palace, Gauteng TAPA members: no charge (maximum of three delegates per member company), Non-TAPA members: R1780 excl VAT. The South African chapter of the Transported Asset Protection ...

Read more...
iLegal 2019
May 2019, Technews Publishing , Calendar of Events
iLegal 2019    Johannesburg, South Africa    12 September 2019 iLegal, hosted by Dr Craig Donald and Hi-Tech Security Solutions, returns in 2019 with another full-day event covering insights and advice into ...

Read more...
Securex Preview 2019
Securex Preview 2019, Technews Publishing , Conferences & Events
Securex is upon us once again and Hi-Tech Security Solutions is here with another brief preview of what the show has to offer.

Read more...
Platforms and community lead the future
May 2019, Milestone Systems , Editor's Choice, CCTV, Surveillance & Remote Monitoring, News, Integrated Solutions
Milestone Systems took a look into the future of open platforms and the power of community at MIPS EMEA in Copenhagen in March this year.

Read more...
30 years of business continuity
May 2019, ContinuitySA, Technews Publishing , Editor's Choice, Security Services & Risk Management
ContinuitySA is celebrating its 30th anniversary this year and Hi-Tech Security Solutions spoke to CEO Michael Davies about the changes he has seen in the business continuity and disaster recovery markets.

Read more...
The consequences of false alerts
May 2019, Leaderware , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Craig Donald discusses the impact of false alarm rates on the utility of intelligent security technology systems.

Read more...
The enemy within – insider ­security threats
May 2019, Wolfpack Information Risk , Editor's Choice, Cyber Security, Financial (Industry)
Insider threats in today’s financial world are insidious and destructive and your defence against insiders should start long before the person assumes his/her position.

Read more...
Protecting people’s money, and their data
May 2019, Cathexis Technologies, CA Southern Africa, IDEMIA , Editor's Choice, Integrated Solutions, Financial (Industry)
The temptations inherent to the banking sector, and financial institutions more generally, pit them in an eternal and increasingly high-tech battle to secure themselves against threats from within and without.

Read more...
Access authentication with a wave
May 2019, IDEMIA , Editor's Choice, Access Control & Identity Management, Integrated Solutions, Financial (Industry), Commercial (Industry)
Financial organisations are making the move to contactless fingerprint biometrics in order to meet the increasing burden of regulatory and compliance demands.

Read more...