Halt, who goes there?

March 2019 Editor's Choice, Cyber Security

This way of thinking may have been relevant many years ago, but times and technology have changed in leaps and bounds and the two separate species have been forced to morph into a new hybrid, ‘FrankenSecurity’ for lack of a better word.

Craig Rosewarne.
Craig Rosewarne.

This way of thinking may have been relevant many years ago, but times and technology have changed in leaps and bounds and the two separate species have been forced to morph into a new hybrid, ‘FrankenSecurity’ for lack of a better word.

Physical security is a critical factor in an organisation’s defences, especially smaller businesses that do not have the vast resources to devote to personnel and equipment. IoT (Internet of Things) devices have stepped into the gap to assist in securing physical security. However, they bring with them their own inherent dangers. As devices become cheaper and more available, suppliers are rushing them into the market place without fully ascertaining any flaws that could be available to hackers and intruders.

Any Internet connected device is a potential point of entry into your organisation’s most valuable asset, data. CCTV cameras are invaluable in monitoring human traffic to restricted areas and are vital in providing forensic evidence during and after an incident where security has been breached. Security surveillance cameras have been used for many years, and early models are particularly vulnerable to a hacking attack. In many cases they are well over their end-of-life phase and there are no patches or updates available to keep them operating reliably.

Securing all entry points is not as simple as it sounds. It would take vast amounts of human resources to achieve this and, as we know, humans are also fallible. Security gates and doors requiring access cards and the like go a long way in alleviating the risk of unwanted guests. Biometrics add an additional layer of protection in protecting your company’s assets.

Again, however, all these devices being wireless and Internet based are vulnerable to attack. When one considers that a motor vehicle can be hacked and taken control of, simple IoT devices are a walk in the park.

An organisation’s sever room is the mind, heart and soul of the business and needs to be especially well protected both physically and using the best cyber defences. Here again, security gates requiring access cards and/or biometrics, CCTV cameras and alarms are crucial in protecting the ‘Crown Jewels’. Access needs to be severely curtailed to only those personnel vital to maintain the system. However, all personnel need to be trained in security awareness and foster an awareness of both physical and cybersecurity.

It’s all at risk

So what is at risk in a modern business complex? Well, basically everything. An innocent looking thermostat in a casino fish tank was recently hacked and access was gained into the system. As we seek to make our lives and running a business easier, people are turning to the Internet to take over many mundane functions.

A building relies on its HVAC (heating, ventilating, air conditioning) to keep its workers climatically comfortable. Most are connected wirelessly to a central control panel. Ditto with all video surveillance feeds. Even the humble irrigation and sprinkler systems pose a risk to an organisation from those seeking to gain access into the heart of the company or simply to make life unpleasant for those working there. Unfortunately there are very few standards that these devices are required to meet, making hackers lives a lot easier.

The convergence of physical and cyber- security has been around for a while now since the first attacks started. However, according to Scott Borg, director of the U.S. Cyber Consequences Unit: “As long as organisations treat their physical and cyber domains as separate, there is little hope of securing either one. The convergence of cyber and physical security has already occurred at the technical level. It is long overdue at the organisational level.” (http://fedtechmagazine.com/article.asp?item_id=512)

• The lack of a comprehensive fusion of both systems can lead to many challenges for businesses and organisations.

• Tampering with systems is more difficult to detect due to the lack of adequate physical and logical devices.

• There is a noticeable increase in the threat of theft of both financial and information assets.

• No single system is available to identify a person’s true identity.

• There is a lack of best practices applied to IT management and physical security devices.

The next time you are attending a company meeting, think of who else could be attending in abstentia and happily gathering future prospects, intellectual property and other company secrets. Your voice, video and data transmissions are not secure! It is estimated that there will be 22 billion IoT devices connected to the Internet by 2020.

Yes, that’s next year folks.

For more information contact Wolfpack Information Risk, +27 11 794 7322, info@wolfpackrisk.com, www.wolfpackrisk.com


Credit(s)





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

TAPA: The role of an effective treasury function in business risk management
June 2019, Technews Publishing , News
Neil Le Roux, the Founder of Diligent Advisors will speak at the TAPA SA (Transported Asset Protection Association) annual conference on 26 July 2019.

Read more...
Platforms are us
September 2019, Technews Publishing , News
A conversation I had at the recent Residential Estate Security Conference Hi-Tech Security Solutions hosted in August (which will be reviewed in the October issue) got me to thinking about the security ...

Read more...
Constructive CCTV contributions to research
September 2019, Leaderware , Editor's Choice, CCTV, Surveillance & Remote Monitoring
Study leads to understanding that we need more recognition and reward for constructive participation in society.

Read more...
TAPA conference 2019 explores layered approach to security
September 2019, Technews Publishing, TAPA (Transported Asset Protection Association) , News, Transport (Industry)
The Transported Asset Protection Association (TAPA) held its annual South African conference at Emperors Palace in Johannesburg on 26 July 2019.

Read more...
Ensuring a seamless ultra-wideband ecosystem
September 2019 , Editor's Choice, IT infrastructure
FiRa consortium ensures an interoperable ultra-wideband technology ecosystem across chipset, device and service infrastructure through standards and certifications.

Read more...
Check Point appoints new regional director for Africa
September 2019 , News, Cyber Security
Check Point Software Technologies has appointed Pankaj Bhula as regional director for Africa.

Read more...
ISO standard for protecting personal data
September 2019 , News, Cyber Security
Tackling privacy information management head on: first ISO standard for protecting personal data has been published.

Read more...
The hunt for the Carbanak group
September 2019 , Editor's Choice, Cyber Security, News
Tomorrow Unlocked has released a free four-part documentary that tells the story of the notorious Carbanak APT group and its $1 billion bank heist.

Read more...
Genetec to integrate CylancePROTECT
September 2019, Genetec , Editor's Choice, CCTV, Surveillance & Remote Monitoring, News
Genetec has announced it is partnering with Cylance, a business unit of Blackberry, to bring AI-based antivirus protection to its appliance customers.

Read more...
Building automation vulnerable to hacks
September 2019 , News, Cyber Security
New vulnerability revealed in Internet-connected building automation devices at the DEF CON IoT Village that could impact critical building systems.

Read more...