We are on the verge of a crisis in Cyber Hygiene. Not only are millions of IoT devices (like physical security cameras) unprotected and vulnerable, the methods to harden and protect them (sustainable cyber hygiene) have often been done manually and require physical presence onsite. Automated solutions like Viakoo can help change this dynamic.
The Security Industry Association's Primer: Minimize Risk by Protecting Privacy is an important first step in changing the profile of physical security solutions from having significant cyber vulnerabilities to being trustworthy.
The recommendations published are the association's (and perhaps the industry's) effort at having manufacturers build component-level cyber features within their products.
This is critical as enterprise customer RFPs are starting to require physical security products be trustworthy. Further, they are demanding transparency documenting cyber hygiene for passwords and firmware.
Specific to the physical security market, a recent study by Palo Alto Networks' Unit 32 found that while security cameras account for only 5% of IoT devices, they represent 33% of the cyber risk, concluding "the general posture of IoT devices is declining."
Since IoT devices are not IT devices, IT tools do not work to secure them. Uniquely, Viakoo's Cyber Hygiene Suite is an OT or operational technology solution providing customers enterprise-wide cyber solutions for physical security and broader IoT applications at scale.
To learn more about this important issue write firstname.lastname@example.org, or visit https://www.viakoo.com/cybersecurity-solutions-physical-security/
Earlier this summer the Center for Cyber and Homeland Security (CCHS) at Auburn University in conjunction with the International Security Management Association (ISMA) released a new survey that reflected how the C-suite views the evolving roles of cyber and physical security risks and mitigation strategies within their organizations. As October is National Cybersecurity Awareness Month, the timely findings of the research highlight the fact there has been a seismic shift in how organizations approach the relationship between the cyber and physical security threats they face.
If you’re responsible for physical security, then you might be familiar with the concept of “mean time to innocence”. It’s an IT term that highlights how the network is often blamed for problems, and how the IT team needs to quickly get to the real root cause in order to show that the network is “innocent”. Same thing happens in physical security; for example, if video is not recording properly it often is blamed on the camera device when the root cause may be an issue with storage.
Because they model a part of the real world, “digital twins” are quickly becoming important business tools for organizations that deploy Internet of things (IoT) devices. Digital twins can help maintain industrial processes, explore new business opportunities, and develop new and enhanced connected products and services. They are particularly applicable to distributed systems such as physical security systems that include many IoT devices, where they can help solve operational issues more quickly and effectively than field diagnostics.
A few years ago at physical security industry conferences the word I heard the most was “convergence”. At that time the meaning of it was how Physical Security and IT were coming closer together, and it was a hot topic because analog technology was quickly giving way to IP-based approaches. With access control becoming tied to identity management, and surveillance being managed, stored, and analyzed on computer networks, it’s easy to see now why that convergence was critical for the industry and one that required rethinking old approaches.
The now infamous Target data breach was transacted by malware being placed on the HVAC system servers. A casino had its “high roller” database stolen by leveraging the network connection of an aquarium thermostat to export the file from the internal network. Leveraging the physical security system’s camera devices a bank was hacked, revealing confidential information. These are just some of the examples of how IoT devices, especially at the edge of a network, can be exploited by cyber-criminals.
Every security integrator faces this issue. Your customers purchase new physical security systems and devices in order to benefit from the security and risk-reduction features they offer. Once deployed, however, these devices can actually increase risk and liability if they stop operating properly without the user becoming aware of the disruption. The risk compounds when you consider that new IoT (Internet of Things) enabled devices are being introduced to the market and added to users’ networks at an accelerating rate.
To sense the scale and magnitude of changes happening in physical security it helps to put numbers to what is happening across the industry. There is no doubt that the last 5 years have brought a lot of changes to the industry – but can you put data to those changes and trends? To be able to do so is useful for multiple reasons.
Everybody is talking about it, and more and more people are using it. From self-driving cars to predictive analysis and everything in between, artificial intelligence, or AI, is the next big thing in technology (including physical security). 85% of Americans already use AI in some way, from smart devices to complex intelligence for business operations. AI can detect and react much faster than human eyes and hands, and manage complex technology easily, relying on highly sophisticated software to ensure constant and repeatable success. Most importantly, problems or issues that may get missed or overlooked by humans can be reacted to and prevented from becoming serious. In physical security, what might be easily overlooked can quickly become life safety critical.