A majority of organizations cite cybersecurity as a major challenge when it comes to managing employee and visitor safety.
Genetec recently surveyed more than 3,700 physical security leaders around the world for its third annual physical security report. The report reveals key considerations, concerns, and trends in the physical security industry. A recurring theme is the increasing focus on cybersecurity of physical security systems.
Cybersecurity has become a top priority for physical security leaders around the world. Driving this change is the rise of remote work with the adoption of cloud-based technologies and Internet of Things (IoT) devices. Similarly, information technology (IT) personnel are increasingly involved in decision-making related to physical security technologies. The team works together to ensure the cyber resilience of the network.
Key takeaways from cybersecurity-related reports include:
- Nearly half of those surveyed had implemented an enhanced cybersecurity strategy in the past year.
- More than a third plan to invest in cybersecurity tools to improve their physical security environment within the next 12 months.
- Security departments are increasingly collaborating with internal and external IT and cybersecurity professionals to devise new ways to implement and maintain a strong cybersecurity strategy.
Based on the findings of the survey, system integrators will have the opportunity to engage with business stakeholders to mitigate their concerns about cybersecurity and responsible use of networks.
remote working drive cloud
The shift to remote and hybrid work has brought cybersecurity concerns to the forefront. Remote work has reduced companies’ control over the technology infrastructure their employees use, disrupting tried-and-true firewalls and intranet access controls.
The rise of remote work has forced companies to rethink how they assess cybersecurity risks. Remote workers can be located anywhere outside your organization. In addition to home offices, public spaces such as libraries, coffee shops, and other locations that offer public WiFi have become common remote work environments.
IT departments have to deal with new potential vulnerabilities. For example, an employee may have an infected computer or her IP Security her camera at home. Someone may be downloading files from questionable sources while you’re connected to a public network, and your network may not have the same security measures.
Remote work is declining as pandemic restrictions ease. Nonetheless, cybersecurity remained the top challenge faced by all respondents when managing employee and visitor safety. Her 49% of all respondents indicated that their organization had launched an improved cybersecurity strategy this year (look Figure 1).
Main cybersecurity targets
As Figure 2 It shows that most companies today focus their cybersecurity efforts on access control (40%), cyber hardening of security software (39%), and strong password protection (37%).
It makes sense that access control cybersecurity is an increasing priority for many businesses today. The technology and hardware used in traditional access control systems often lack the cyber resilience of modern systems and may have known vulnerabilities.
Although the vulnerabilities are well known, the cost of replacing access control systems is often seen as prohibitive, especially in large enterprises.
To mitigate some of that cost, customers can consider open architecture systems. This allows for a gradual migration from legacy systems to modern systems. Some existing hardware can be used instead of replacing the entire system. Similarly, an open architecture system allows organizations to leverage new access control technologies as they develop.
Combining physical security and IT
In addition to highlighting where cybersecurity efforts are focused, the study also showed increased alignment between physical security and IT teams.
Physical security and cybersecurity are no longer separate domains. IT departments are getting more involved in terms of physical security. Physical security teams are also becoming more aware of cybersecurity principles.
This can also be translated into an employee policy. For example, modern cybersecurity solutions increasingly take security fatigue into account. Password policies that require employees to change their passwords often cause frustration because they make it harder for users to remember their passwords. As a result, many people reuse passwords or use the same root password.
This highlights the importance of multi-factor authentication, using either what you know, what you have, or who you are. Technologies include one-time password (OTP) authentication, hardware tokens, or biometric profiles. Physical security and IT teams can help implement better approaches to prevent compromised password attacks.
But even with these safeguards and policies in place, the ways in which systems can be compromised are constantly evolving. The “Zero Trust” philosophy is important. This means don’t trust anything without verification. Organizations cannot rely on a single measure to ensure protection against cyberattacks. Multiple layers of protection are best. That way, even if one factor is compromised, the system remains resilient.
Benefits of cloud solutions
The State of Physical Security report also revealed perceptions of cloud technologies (look Figure 3) remain conservative among security experts. The physical security industry still lags somewhat behind other industries in cloud adoption.
Customers often believe that offline systems are more secure. Perceived cybersecurity risks of the cloud ranked as the most prominent reason for slowing cloud adoption. This can be seen as a self-fulfilling barrier to some extent, but not necessarily.
Systems housed and managed on-premises must use internal resources to protect and defend against cyberthreats. With cloud solutions, the software provider bears some of the responsibility. Cloud solutions benefit from the collective knowledge of solution providers. The provider is savvy enough and even has ratings and audits that prove their cybersecurity acumen, so this often provides better security.
As more and more customers find cybersecurity measures implemented in cloud-based solutions, they are starting to move to hybrid solutions. They combine the best of on-premises and cloud.
Most of the end-user respondents surveyed (82%) said they primarily store video footage on on-premises storage devices. Only 6% said he uses either a public cloud or a private cloud for this purpose.
However, nearly two-thirds of all respondents say their organizations will move to managing or storing more physical security data in the cloud over the next two years.
As Figure 4 more than 76% say 0% to 25% of their systems are currently in the cloud or hybrid cloud, while more than half of end users are moving towards a blend of on-premises and cloud-based solutions said. This is the 28% who planned to move everything to the cloud (look Figure 5). Only 18% of those surveyed said they have no plans to adopt a cloud-based solution.
All things considered, hybrid cloud deployments are the way forward for enterprises, and can streamline costs, concerns, and approaches to moving to the cloud.
The larger the organization, the greater the friction to protect systems from cyberthreats. Updating the passwords for 10 cameras is one option, but many organizations today have hundreds or even thousands of cameras connected to their video management system (VMS). Security can be improved with strategies that can automate the process of camera password rotation, firmware batch updates, and SSL certificate management.
Cloud-based solutions help teams reduce time-consuming tasks such as cybersecurity threat monitoring, vulnerability patching, software updates, and certificate lifecycle management.
New challenges and opportunities
The growing number of devices connected to physical security networks is increasing overall visibility not only of potential attack surfaces, but also of cybersecurity threats in the physical security space. Today, physical security and IT teams have overlapping goals and can often come together to provide strong defenses against attacks.
As cyberattacks increase, organizations are looking to implement effective countermeasures. We can help you with that process by working with your physical security and IT teams to develop a coordinated strategy to harden your systems. Choose a solution partner that also focuses on cybersecurity.
These trends bring new challenges, but also many exciting opportunities to share expertise and build deeper, longer-term relationships with customers.
Matthew Fabian is Genetec’s National Director of Sales Engineering (US).