Cybercrime is rising worldwide, across industries. In October 2021 a global cloud communications company reported losses exceeding $9 million due to a distributed-denial-of-service (DDoS) attack. In that same time period, the manufacturing sector saw a 641% increase in application-layer DDoS attacks over the previous quarter.
While some data breaches are caused by weaknesses in an organization’s virtual perimeter that allow hackers to exploit software vulnerabilities, a growing number sneak through connected IoT devices.
Security cameras, access control readers, and other physical security devices are often overlooked as a source of vulnerability, since they fall into the realm of the security team and not the IT department. Traditionally, physical security devices, like perimeter fences and door locks, were simply installed and left to do their jobs. Even as data centers began implementing IP-based technology and IoT devices, they didn’t always think about how these assets might make their networks vulnerable.
But physical security and information security are linked. There’s no difference in the impact whether a hacker accesses an organization’s server rooms physically or through a video surveillance camera, a piece of HVAC equipment, or an employee’s laptop. As cyber threats grow, physical security and IT must work together to safeguard network infrastructure.
Unifying physical and cybersecurity
A unified IT and physical security team can develop a comprehensive security program based on a common understanding of risk, responsibilities, strategies, and practices. First, the team should conduct a current posture assessment to identify devices of concern.
- Create an inventory of all network-connected cameras, door controllers, and associated management systems; identify their functions; and confirm their role/relevance.
- Perform a vulnerability assessment of all connected physical security devices to identify models and manufacturers of concern.
- Consolidate/maintain detailed information about each physical security device, including connectivity, firmware version, and configuration.
- Improve network design as needed to segment older devices and reduce crossover attack potential.
- Document all users who have knowledge of physical security devices and systems.
Closing the gaps
Recommended improvements should cover individual devices as well as the entire system. These can include ensuring all network-connected devices are managed by IT network and security monitoring tools as well as implementing end-to-end encryption to protect video streams and data in transit and storage. Devising and implementing a schedule of ongoing testing and reassessment of risk associated with all inventoried devices is an important part of managing and mitigating risk.
Existing configurations and management practices for physical security devices can be improved by using secure protocols to connect devices to the network, disabling access methods that don’t support adequate security protection, verifying configurations of security features and alerts, and replacing defaults with new passwords that must be changed regularly.
Another best practice for protecting network security is to implement a layered strategy that includes multifactor access authentication and defined user authorizations. Organizations can also improve update management by defining who is responsible for tracking update availability and for vetting, deploying, and documenting updates on all eligible systems and devices.
Developing a product replacement strategy
A posture assessment can help determine which devices and systems should be replaced because they present a high cyber risk. When developing replacement programs, organizations should prioritize strategies that support modernization for both physical and cybersecurity. One effective approach is to unify physical and cybersecurity devices and software on a single, open architecture platform with centralized management tools and views.
Replacement programs should also focus on cybersecurity features, including data encryption and anonymization, that are built into a device’s firmware and management software. Another important consideration is looking at a vendor’s capabilities to support a solution life cycle of up to 10 years, including ongoing availability of updates for firmware and management system software. Vendors should conduct their own penetration tests on a recurring basis to catch any vulnerabilities that could have been missed during product development and guard against new forms of cyberattack.
With cyberattacks increasing, organizations must implement effective measures. An important step toward reducing risks to the IT network associated with physical security devices is to integrate physical security and IT and develop a coordinated strategy for hardening systems. Vigilance is key, and it should extend to every partner in the chain of your physical security system and devices.