Almost daily there is a new cyber-threat announced, and increasingly they target physical security. A recent Fortinet survey showed that over 50% of CISO’s said their greatest security challenge is the rapid evolution of cyber threats. This should be no surprise, as cybercrime has damaged revenues and reputations at many well-known organizations. In a study from the Ponemon Institute in October 2016 they found the average cost of cybercrime for a company to be $9.5M (up 21% from their 2015 study). It’s pretty clear that cyber-attacks using or manipulating physical security systems are increasing in cost, frequency, and urgency.
Devil’s Ivy is a good example of how cyber threats are rapidly evolving. Just as the physical security community is starting to find ways of addressing denial of service botnets like Mirai and Persirai, along comes a completely different way for hackers to use camera devices for their purposes. If history is any guide, before the end of 2017 there will likely be at least a couple of other physical security attack vectors used by cyber-criminals. The reason is that cyber-criminals need an element of surprise to be successful initially; once their exploit is known organizations will start to defend against it. That’s why organizations need to be constantly verifying and authenticating their infrastructure, and establishing processes and procedures that focus on automation instead of manual. Breaking or ignoring these processes (leaving the company vulnerable) needs to also be detected so that the “shields” never go down.
Auditors by their nature check for compliance; seeing when, where, and how processes and procedures have broken down in order to avoid it happening again. Physical security is becoming more compliance-oriented to address cyber threats. A good example in retail is when it became known cyber-criminals were inserting “skimmers” at point of sale (POS) terminals to capture credit card information, the industry responded by beefing up physical security processes such as requiring that POS terminals always be observed with video surveillance. In other words, controlling that form of cyber-crime became a physical security compliance and audit requirement. If there is a sense of cause and effect it’s that the increase of cyber threats has led to more control and compliance – a trend that will likely continue. If your business already performs regular audits, making sure physical security is part of them is a great way to be better prepared for the next attack.
And where does “60 Minutes” come into play? It’s a long-standing TV news program with a focus on “gotcha journalism”. The style of making the interviewee defensive, or making them explain actions or inactions that when taken out of context are hard to explain and make the interview subject looks guilty, incompetent, or unable to handle the situation. If the 60 Minutes crew showed up on the doorstep of your security integrator or in the office of your CSO, would you be able to answer questions like:
- What new technologies have you brought on board to address these new cyber threats?
- Why are most methods of checking for cyber breaches in your company manual and not automated?
- Are there controls in place to alert you to abnormal behavior in your physical security network?
- What automatically gathered metrics are you using to verify at any moment proper functioning of your physical security network?
Not being able to answer yes to some or all of these questions is potentially disaster for your business. The good news is there is a lot of energy within the physical security industry to conquer these threats. Security integrators are delivering new solutions and methods for verifying physical security systems, and end users are more eager than ever to work with integrators to eliminate cyber threats. Viakoo can help you get started; register today for a free demo account or online demo at www.viakoo.com/start.