IoT running wild compromises security

1 May 2017 Editor's Choice, Surveillance, Information Security

At the Genetec IP security seminar held in Midrand, Johannesburg recently, regional sales manager, Brent Cary said, “While Internet of Things (IoT) is growing at an unprecedented rate, new opportunities to access compromised data for cyber criminals is increasing due to a lack of network security.

Brent Cary – Genetec.
Brent Cary – Genetec.

“Constant connectivity and the rapid flow of information may offer new and convenient ways to do business and create value, but it also places the corporate network at significant risk. The reality is that your network is only as secure as the weakest piece of hardware or software on it,” says Cary.

Quoting the founder of Linux, Linus Torvalds, Cary added that ‘the only way real security is done is by a network of trust.’ He says there are four physical security actors, all of whom play a vital role in this network of trust:

• The end user, who will have an IT policy in place, should be conducting their own supplier risk assessment to know exactly what devices are sitting on their IT network.

• The consultant, who should be conducting the manufacturer risk assessment and informing the end-user of any possible risks associated with the suppliers.

• The system integrator should be following the Manufacturer Configuration Recommendations and Guides to Hardening Your Security System. (Free Genetec Download at https://www.genetec.com/about-us/news/blog/a-guide-to-hardening-your-security-center-system, short URL: www.securitysa.com/*genetec1.)

• And finally, the manufacturer, who has the responsibility to ensure they are secure by default; have a security development lifecycle; provide secure coding and testing procedures; offer a product security policy (security versus usability) and help educate their fellow actors as to how they are contributing to a more secure network.

Cyber criminals want valuable assets and intellectual property. Physical security data is not on the top of the assets at risk (e.g. video recording) and this might be the reason why, in the past, physical security systems placed less importance on cyber security. This is a weakness as the physical security system could be the entry point to access more critical assets.

“The loss is not just financial, cybercrime leads to a loss in confidence; brand compromise, loss of integrity and loss of customers. There is also the possibility of lawsuits and legal exposure, even ransom demands,” says Cary.

Globally, the threat has made itself real and Cary says that organisations are starting to take network security seriously. A recent PWC ‘Global State of information Security’ report found that over 91% of respondents follow a risk-based cybersecurity framework, but what was most interesting is the fact that 69% are moving to a cloud-based cybersecurity service.

“Companies are handing the responsibility to trusted advisors as opposed to trying to do it themselves. The reality is that there is a shortage of skills with service providers that are not adequately equipped to manage the complexity of a corporate network and increased cybercrime,” explains Cary.

He says Genetec is turning twenty years old this year and believes that the threat hasn’t changed, rather it has just evolved. But in South Africa there is work to be done: “Local businesses need to pay more attention to what the risks are on their IT networks. Very few, if any end-users have driven the conversation regarding cybersecurity, I have only had this brought up twice with the last 100 customers. This is way too few and is why education is critical to the market. The more people understand where the weaknesses are, the easier it is to secure the network.

“We are seeing growth within the subscription economy across all technologies, enabling customers to manage their security requirements on a Software-as-a-Service (SaaS) basis, which also includes support. This approach is encouraging interest from businesses in a variety of sectors and improving overall network security.”

For more information contact Brent Cary, Genetec, bcary@genetec.com, www.genetec.com



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Pentagon appointed as Milestone distributor
Elvey Security Technologies News & Events Surveillance
Milestone Systems appointed Pentagon Distribution (an Elvey Group company within the Hudaco Group of Companies) as a distributor. XProtect’s open architecture means no lock-in and the ability to customise the connected video solution that will accomplish the job.

Read more...
Data security and privacy in global mobility
Risk Management & Resilience Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Read more...
Re-imagining business operations with the power of AI
AI & Data Analytics Surveillance
inq., a Convergence Partners company, has introduced a range of artificial intelligence (AI) solutions to assist organisations across industry verticals in optimising business operations and improving internal efficiencies.

Read more...
Enhance control rooms with surveillance and intelligence
Leaderware Editor's Choice Surveillance Mining (Industry)
Dr Craig Donald advocates the use of intelligence and smart surveillance to assist control rooms in dealing with the challenges of the size and dispersed nature common in all mining environments.

Read more...
A long career in mining security
Technews Publishing Editor's Choice Mining (Industry) Risk Management & Resilience
Nash Lutchman recently retired from a security and law enforcement career, initially as a police officer, and for the past 16 years as a leader of risk and security operations in the mining industry.

Read more...
A constant armed struggle
Technews Publishing XtraVision Editor's Choice Integrated Solutions Mining (Industry) IoT & Automation
SMART Security Solutions asked a few people involved in servicing mines to join us for a virtual round table and give us their insights into mine security today. A podcast of the discussion will be released shortly-stay tuned.

Read more...
Risk management: There's an app for that
Editor's Choice News & Events Risk Management & Resilience
Zulu Consulting has streamlined the corporate risk management process with the launch of Risk-IO, a web-based app designed to consolidate and guide risk managers through the process, monitoring progress as one proceeds.

Read more...
Integrated information platform for risk management
Editor's Choice News & Events Risk Management & Resilience
Online Intelligence recently launched version 7 of its CiiMS risk and security platform. Speaking to SMART Security Solutions after the launch event, the company’s Arnold van den Bout described the enhancements in version 7.

Read more...
Unlocking Africa's AI potential
Editor's Choice News & Events AI & Data Analytics
Africa's AI market is set to grow exponentially; by investing in AI education, training, and ethical practices, African nations can harness the power of AI to transform the continent and create a brighter future for its people.

Read more...