Cybersecurity in the physical security world

Issue 4 2021 Editor's Choice, Cyber Security, Integrated Solutions, IT infrastructure

Hi-Tech Security Solutions hosted a round table discussion in partnership with Milestone Systems on the topic of cybersecurity in the physical security world. A panel of experts from various companies in the cyber, physical security and IoT (Internet of Things) markets was asked to discuss what the real cyber risks we face today are, as well as looking at best practices for dealing with them efficiently without hampering the value and intelligence these systems deliver.

The reason for this particular topic is that security products today are more advanced and more connected than ever before and are basically lumped into the same category as any IoT device – albeit devices with far more technology and capabilities than traditional IoT devices. These devices, however, transmit more information than most IoT devices, especially when it comes to surveillance. This means they are just as vulnerable as your laptop, servers and mobile phones, but without the protection these devices have come to accept as normal. This lack of protection makes these security and IoT devices especially vulnerable if not designed, installed and maintained correctly.


Naturally, we are seeing leading manufacturers of physical security hardware and software putting much more effort into designing security into their solutions, but just like any technology, there is no 100% guarantee that these systems are cyber secure. In addition, just because security is built in on the manufacturing side does not mean users can use them without a care. Security requires everyone to play their role in securing devices, networks and so forth, from the manufacturer to the system integrator as well as the customer and the end users themselves.

The main trends

To start off, we asked each person on the panel to introduce themselves and highlight what, from the perspective of their business focus, the main trends in cybersecurity they have observed and experienced out in the field are.

George Psoulis, sales manager, Africa for Milestone Systems, noted that there is a definite drive to incorporating edge devices (devices at the edge of the network) into management platforms, or to be more accurate, to bring in the vast amounts of data created by these devices into management platforms for analysis and processing. While Milestone develops an open VMS that allows partners to develop almost any plug-ins, the platform is increasingly being used to cater for non-video data and even non-security data. In this respect, he confirms that security devices such as cameras are also being viewed as IoT devices.

With all this data being integrated from local and wide-area networks, Psoulis says there is a great need for cybersecurity to ensure the devices are not hacked and infiltrated by cybercriminals. The real threat in these cases is not so much losing a device, but that it can be used to infiltrate corporate networks to steal information or launch a ransomware attack and commit other nefarious activities.

Ian Shak is the principal solutions architect and information officer at Saicom, a company that offers VoIP (voice-over-IP) and a range of hosted and cloud solutions. The company has long been working on securing VoIP systems, but he says that today there is a more intense focus on the area of compliance, especially PoPIA in South Africa. While compliance is, as Shak notes, seen as the more boring cousin of security, it is a necessary step in making both service providers and consumers more secure.

Charl Ueckermann, CEO, AVeS Cyber Security, sees ‘virtual anywhere’ as the most pressing cybersecurity problem at the moment. With people being dispersed all over the world, especially during lockdowns where remote work surged in a very short period of time and there is a significant problem of not having the necessary security layers in place to protect people and companies from the risks out there. The lack of the relevant layers of security is one of the causes for the surge we’ve seen in ransomware attacks over the past year.

Marcel Bruyns, sales manager, Africa for Axis Communications, notes that although people generally recognise Axis as the IP camera company, it has been expanding its focus over the past few years into areas such as access control and audio solutions. He adds to what Psoulis said, noting that surveillance cameras are no longer only being used for transmitting video, today there are many applications that can be loaded and run directly on the camera, as well as a variety of information that can be sent back to servers and management platforms.

Moreover, Bruyns adds that along with the growth of artificial intelligence (AI) and the intelligence that can be extracted from video footage, there is also the trend to storing this information in the cloud and this opens another pathway through which people can gain access to devices and the network, as well as the information that is being generated and transmitted.

Richard Frost, head of product for network and endpoint security at Vox, says that while the company has specialised in networking from an IT and communications perspective in the past, Vox is seeing many more IoT devices on networks and has launched its own IoT division that incorporates products and services for a variety of needs. It covers a range of products in its IoT endeavours, from surveillance cameras to elder care (panic buttons etc.).

In its cybersecurity services to clients, Vox has done penetration testing on client networks and Frost says there are a number of instances in which they found unsecured surveillance cameras, allowing the testers to access the cameras and view the footage being recorded and even get into the company’s network. As noted, cameras today contain much more data than ever before in terms of video and analytical information, making them critical information assets.

This has a direct impact on PoPIA preparedness in companies as people’s personal information, such as their faces and even the ability to identify people by facial recognition could be compromised by unsecured cameras and insecure links to cloud servers, for example.

Dévique Barkley is a specialist engineer heading up the security department at Cipher Engineering, a company specialising in physical security and safety projects, including automation.

The risks he has seen are varied, but often are the result of integration between security products. In the effort to gain more useable information for security decision makers, integration is critical to be able to collect and collate data from various systems. The problem, Barkley says, is that in the integration process one often places different security processes and users and roles (user permissions) into the same server, which tend to create vulnerabilities unless each user and his/her permissions are evaluated according to what they and the organisation actually require.

In addition, while we are all aware of phishing emails that are used to try to persuade people to click on a link and enter personal information or open an attachment which loads malware onto the user’s system, Barkley says there is also a problem of how people are exploited to get past physical barriers and gain access to physical switches and other critical equipment, which means that simply by being in a certain location (which should be a secure location) these individuals have managed to bypass many of your cybersecurity controls.


There were many more questions and discussion points during the round table discussion and readers are invited to view the full video at www.securitysa.com/*CyberRT (a redirect to www.youtube.com/watch?v=0nNdblXw5BI). Alternatively, simply scan the QR code on this page with your mobile device and it will take you to the YouTube video.

For more information contact:

• Milestone Systems, +27 82 377 0415, gep@milestonesys.com, www.milestonesys.com

• AVeS Cyber Security, +27 11 475 2407, info@aves.co.za , www.aves.co.za

• Axis Communications, +27 11 548 6780, terri.miller@axis.com, www.axis.com

• Cipher Engineering, devique@ciphereng.co.za, www.ciphereng.co.za

• Saicom, +27 10 140 5000, ians@saicom.io, www.saicom.io

• Vox, +27 87 805 0000, info@voxtelecom.co.za, www.vox.co.za


Credit(s)








Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

FortiGuard labs reports disruptive shift of cyber threats
Issue 1 2021 , Editor's Choice
Threat intelligence from the second half of 2020 demonstrates an unprecedented cyber-threat landscape where cyber adversaries maximised the constantly expanding attack surface to scale threat efforts around the world. Adversaries proved to be highly adaptable, creating waves of disruptive and sophisticated attacks.

Read more...
The year resilience paid off
Issue 8 2020 , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions spoke to Michael Davies about business continuity and resilience in a year when everything was put to the test.

Read more...
Retail solutions beyond security
Issue 8 2020, Axis Communications SA, Technews Publishing, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring
The need for security technology to deliver more than videos of people falling or stealing from retail stores is greater than ever.

Read more...
Did they bite off more than they could chew?
Issue 4 2021 , Editor's Choice
For a long time, ransomware gangs were mostly focused on Microsoft Windows operating systems, however, several ransomware gangs are now experimenting with writing their binaries in the cross-platform language Golang (Go).

Read more...
Stops and destroys a 6-ton truck
Issue 4 2021 , Editor's Choice
Delta Scientific's single shallow-foundation bollard gets M30 rating by stopping and destroying a 6804 kg test truck with -2,69 m of static penetration and -1,1 m of dynamic penetration.

Read more...
Beating cybercriminals at their own game with AI
Issue 4 2021 , Editor's Choice
AI is a powerful technology that holds great potential for exploitation by cybercriminals; the only way that security leaders can stay ahead is by gaining a true understanding of how this technology can be weaponised.

Read more...
TOA’s new IP horn speaker
Issue 4 2021, TOA Electronics , Products, Integrated Solutions
TOA’s new IP-A1SC15 IP Horn Speaker (15 W) easily integrates video and audio systems to assist in responding immediately to an emergency situation by means of a live announcement.

Read more...
AVeS launches cybersecurity awareness campaign
Issue 3 2021, AVeS Cyber Security , News
Amidst rising cybercrime, ongoing lockdowns and the Protection of Personal Information Act (PoPIA) deadline in South Africa, organisations and their employees are facing a staggering increase in cyber risks.

Read more...
PoPIA: De-identifying, matching and filing
Issue 3 2021 , Editor's Choice, News, Security Services & Risk Management
Three of the crucial areas in organisational PoPIA compliance that must be discussed include de-identifying, information matching programmes and filing systems.

Read more...
Keeping MICE safe and compliant in a new environment
Issue 3 2021 , Commercial (Industry), IT infrastructure
The meetings, incentives, conferences and exhibitions (MICE) sector has been challenged with massive change over the past year, first Covid-19 and now the Protection of Personal Information Act.

Read more...