Fredrik Nilsson is Vice President of the Americas for Axis Communications, overseeing the company’s operations in North and South America.
Getty
With each passing year, it becomes harder to tell where the physical world ends and the digital world begins. Virtual reality goggles have become increasingly common. Augmented reality applications are growing. Digital assistants, customer service bots, behavior-tracking devices and even self-driving cars are no longer uncommon. Across countless industries, the physical and digital worlds are beginning to overlap in increasingly meaningful ways.
The security industry is no exception. Neither physical security nor cybersecurity are new concepts, but as technology has evolved, the two regularly find themselves working hand in hand. As modern devices like internet protocol (IP) cameras have replaced older analog models, new capabilities like remote monitoring, motion detection, video and audio analytics, and others have become popular. But alongside those capabilities come new security concerns, and today’s organizations need to have a plan in place for securing not just their physical property but their connected devices and digital assets as well.
The Advantages Of Today’s Connected World
The most obvious advantage that IP cameras and other connected devices offer is the ability to view and control them from afar. Monitoring analog cameras generally required security personnel to be on-premises, watching live camera feeds for signs of suspicious activity. The more feeds, the more people were required to monitor them, but it was an imperfect system: Even the most observant human beings will fail to notice things, especially when their attention is divided between multiple sources. In general, analog cameras were most useful for recording video to review after an incident in search of evidence.
IP cameras changed that. Modern video management systems (VMSs) can combine feeds from thousands of cameras, which security personnel can monitor from laptops, phones and other devices. And thanks to modern analytics, security is no longer dependent on the observation skills of humans: Using video analytics, machine learning (ML) and deep learning (DL), today’s devices can be trained to recognize signs of suspicious activity, including loitering, trespassing and object recognition. They can then automatically generate an alert to let security personnel know that a potential incident requires their attention. Modern audio solutions can even trigger a prerecorded message to warn off intruders or let them know they are being recorded. Some even allow security personnel to speak directly to the intruder via an app, serving as a real-time intercom. It’s easy to see why the security industry has moved to embrace connected devices so quickly.
Understanding The Potential Risks
But as with any technology, connected devices come with risks. Any device connected to a network represents a potential entry point to that network, which means physical security no longer operates in a vacuum. If, for example, a camera has poor security controls, a cybercriminal may be able to access it. At best, this means that the hacker will be able to view the camera feed, which represents a significant breach of security on its own. But cybercriminals rarely stop there. One compromised camera might serve as a stepping stone into the VMS, which might serve as a gateway to the broader network. The last thing an organization wants is to suffer a significant data breach because one device was poorly secured.
This makes it more important than ever for manufacturers, integrators and end users to educate one another. Asking a manufacturer “How secure are your products?” isn’t specific enough. Customers need to know things like which manufacturers have a reputation for supporting their products over time, which quickly issue patches when vulnerabilities are discovered, and which adhere to standards like Secure Boot to ensure devices have not been tampered with. Integrators can help keep customers informed, but manufacturers themselves should make it clear to customers that they take cybersecurity just as seriously as physical security.
Planning Ahead Is Critical
Device manufacturers can help by developing more secure products and implementing accepted standards. Integrators can help by keeping end users informed and assisting with device maintenance and system management. But what can end users do?
Perhaps the most important thing to do is establish a plan in case something goes wrong. Recent research indicates that 80% of global businesses anticipate a data breach of some kind within the next year, so while a breach isn’t inevitable, it is overwhelmingly likely that something will eventually go wrong. When considering what to do about a data breach, it is important to consider the three T’s:
• Technology. We’ve already covered this, but all devices represent a potential risk. Make sure that any devices in use are from trusted manufacturers and that any new devices are equipped with sufficient security, including up-to-date firmware.
• Time. Time to discovery and time to recover are both important. Organizations need strong detection tools in place to identify an attack in progress. They also need to know how quickly a patch or update can be installed. Are there backups that can be restored? Downtime is never good, and avoiding it is critical.
• Team. A strong culture is critical. Working groups cannot be isolated—they need to know who to talk to and when from the moment a breach is detected. They also need to feel empowered to make tough decisions: If shutting down the system is necessary to isolate an intruder, IT personnel should be willing and able to make that call. Your partners and vendors are also part of your team: Know who you can call for help from your integrator or manufacturer.
Making Physical Security And Cybersecurity Work Together
In today’s threat landscape, a majority of businesses will inevitably suffer a breach of some kind. But that doesn’t mean those organizations should throw up their hands in defeat—just the opposite, in fact. Cybercriminals will generally seek out low-hanging fruit, and businesses can avoid making themselves easy prey by ensuring that all connected devices—including cameras, sensors and other security tools—are hardened against today’s most pressing threats. Manufacturers, integrators and end users all have an important role to play in ensuring that poor cybersecurity doesn’t compromise the organization’s physical security.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
