We are on the verge of a crisis in Cyber Hygiene. Not only are millions of IoT devices (like physical security cameras) unprotected and vulnerable, the methods to harden and protect them (sustainable cyber hygiene) have often been done manually and require physical presence onsite. Automated solutions like Viakoo can help change this dynamic.
The Security Industry Association's Primer: Minimize Risk by Protecting Privacy is an important first step in changing the profile of physical security solutions from having significant cyber vulnerabilities to being trustworthy.
The recommendations published are the association's (and perhaps the industry's) effort at having manufacturers build component-level cyber features within their products.
This is critical as enterprise customer RFPs are starting to require physical security products be trustworthy. Further, they are demanding transparency documenting cyber hygiene for passwords and firmware.
Specific to the physical security market, a recent study by Palo Alto Networks' Unit 32 found that while security cameras account for only 5% of IoT devices, they represent 33% of the cyber risk, concluding "the general posture of IoT devices is declining."
Since IoT devices are not IT devices, IT tools do not work to secure them. Uniquely, Viakoo's Cyber Hygiene Suite is an OT or operational technology solution providing customers enterprise-wide cyber solutions for physical security and broader IoT applications at scale.
To learn more about this important issue write firstname.lastname@example.org, or visit https://www.viakoo.com/cybersecurity-solutions-physical-security/
In talking with several end users and security integrators this week, one thing is clear: we are facing severe limitations on being able to service and maintain physical security systems. Many end users are not letting people onsite, and in some parts of the country there are shelter-in-place orders that limit the ability of technicians to do their normal work. Yet, especially for healthcare and other people working at the frontlines to combat COVID-19, this is a time when they need to know that they and their facilities are secure. In other words, it’s time for the industry to get serious about using digital connections and automation to ensure security systems are always operating as they should.
According to a recent report from the research firm IDC entitled Data Age 2025, more than 33 zettabytes of data were generated in 2018. (A zettabyte is one sextillion bytes – or 1000 to the 7th power) Within seven years IDC predicts that number will explode to an incredible 175 zettabytes, with more than 30 percent of that data requiring real-time processing. Where will all this data be held, processed, and stored?
Access control is one of the most prevalent physical security technologies deployed, and not surprisingly it is getting a lot more complicated. Many organizations operate within a facility or controlled area, with an access control system used to protect the perimeter and enable appropriate access inside the facility. In recent years the combination of environmental design (e.g. “man traps” designed into entrances), need for fast response time when breaches occur, and the need to communicate with first responders with accurate information have placed new data reporting burdens on operators of access control systems.
Earlier this summer the Center for Cyber and Homeland Security (CCHS) at Auburn University in conjunction with the International Security Management Association (ISMA) released a new survey that reflected how the C-suite views the evolving roles of cyber and physical security risks and mitigation strategies within their organizations. As October is National Cybersecurity Awareness Month, the timely findings of the research highlight the fact there has been a seismic shift in how organizations approach the relationship between the cyber and physical security threats they face.
Physical security systems can be managed and operated in a variety of ways – some methods lead to flawless operation, and some lead to quite the opposite. But when having an operational physical security system is critical – for life safety, business impact of a failure, or other unacceptable outcomes – then it becomes important to know that the system is in fact operating exactly as it should. This is the domain of compliance.
If you’re responsible for physical security, then you might be familiar with the concept of “mean time to innocence”. It’s an IT term that highlights how the network is often blamed for problems, and how the IT team needs to quickly get to the real root cause in order to show that the network is “innocent”. Same thing happens in physical security; for example, if video is not recording properly it often is blamed on the camera device when the root cause may be an issue with storage.
Many organizations are implementing, or have already implemented, cloud-based physical security services to supplement or replace instances of on-premises software and processing. The trend to make everything into “as-a-Service” has brought us popular cloud services including CRM systems such as Salesforce, communication systems such as GoToMeeting, and shared storage such as Box. Security systems “as-a-Service” are also rapidly growing, including cloud-based identity management, access control, and video surveillance, among others. With more than 20,000 cloud services available, consumers and businesses alike have quickly become accustomed to their advantages, including greatly improved access from any connected location, and greatly improved collaboration with other contributors.
This past week I was fortunate to attend the Campus Safety Conference in Las Vegas as a sponsor, and to meet with many education safety professionals. School safety has been around for as long as schools have, but the last few years have changed the nature of it – a lot more focus now is on shootings (in particular) and dealing with traumatic incidents (in general). In no particular order here’s what really stood out to me: