Nick Smith, Regional Manager at Genetec, details how physical security professionals can improve their resilience to cyber-attacks by reviewing the cyber security policies of those they work with in the supply chain. This includes everyone from component vendors to installers and engineers.
Cyber-attacks have become a significant business risk for organisations of all sizes. The US National Cyber Security Alliance found that more than 60% of cyber-attacks target small to medium and small businesses. Its research also showed that 60% of those small companies were unable to sustain business operations six months following attack.
Cyber-attacks, however, do not always come through the front door. Organisations depend on third-party vendors and service providers, who are critical suppliers of security components or providers of services such as accounting. And many cyber-attacks come through these backdoors.
With up to 80% of cyber-attacks now beginning in the supply chain, breaches at even the smallest of vendors can have big consequences for enterprise level operations. Every organisation across the global physical security supply chain, therefore, must become more aware and interconnected to mitigate against cyber risk. At best, a breach is likely to leave you with a hefty fine and a tarnished reputation which you may never fully be able to repair.
The initial step to mitigate risk
A recent report by Genetec found that 67% of physical security professionals, including Genetec’s end users, integrators, and partners, are planning to prioritise their cyber security strategy in 2021. With the UK witnessing a 31% increase in cyber-crime since the start of the pandemic, many physical security professionals are recognising that cyber-attacks are real and that physical security systems are an ideal entry point for hackers.
IP security cameras and other security devices are by their very nature connected to the internet. It’s what lets users access them remotely to check in on their business, and what lets manufacturers update device software without having to make a house call. But this feature can also be their Achilles’ heel. When not secured properly, any camera or access control device in the so-called Internet of Things (IoT) can be accessed remotely by just about anyone, not just those with whom you want to share access.
Read: Who is responsible for protecting physical security systems from cyber-attacks?
One way to limit your organisation’s cyber vulnerabilities is to take a closer look at your supply chain and build a network of trusted vendors. Effective supply chain risk management (SCRM) is essential here for ensuring the continuity and profitability of your business. However, the same principle should also apply to the vendors that provide the various components of your physical security system, and even those that install or service your equipment.
You can begin by asking vendors and other third-party service providers about their cyber security and privacy policies and practices. A company that is serious about cyber security will conduct its own penetration testing and catch any vulnerabilities that could have been missed during product development. They will also be proactive when vulnerabilities are uncovered and quickly deploy the latest firmware and security updates to keep systems secure.
Moreover, when working with a systems integrator to develop or maintain a physical security solution, it is important to share your concerns about cyber security at the onset. A systems integrator must consider cyber security a top priority and should only recommend products from trusted manufacturers who are also committed to protecting your system on a regular basis.
Operate in a framework of best practice
The cyber-attacks against IoT devices are increasingly affecting enterprises yet could easily be prevented. For example, ensuring cameras are running on the latest version of the firmware and that security updates are regularly applied is a rudimentary aspect of good cyber hygiene. Yet, Genetec’s own data reveals 68% of cameras trying to connect to its systems are running out of date firmware. And 54% of these involve known vulnerabilities, mean they could easily be compromised by a cybercriminal with malicious intent.
That is why everyone must play a role in protecting physical security systems from cyber-attacks. Be sure to choose trusted vendors who use smart tactics such as penetration testing. And only work with systems integrators who are committed to providing continuous protection against cyberthreats. The success of your business may depend on it.
Connect with the security industry online 1-30 June
Connect 2021 is your first major opportunity to come together with the security industry online from 1-30 June!
The month-long online event will give attendees the opportunity to make up for lost time by browsing security solutions, connecting with suppliers and accessing thought-leadership content – all from the comfort of your own home or workplace!
Hardening the physical security supply chain to mitigate the cyber risk
How security professionals can improve their resilience to cyber-attacks by reviewing the cyber policies of their supply chain.
IFSEC Global | Security and Fire News and Resources