Almost daily there is a new cyber-threat announced. A recent Fortinet survey showed that over 50% of CISO’s said their greatest security challenge is the rapid evolution of cyber threats. This should be no surprise, as cybercrime has damaged revenues and reputations at many well-known organizations. In a study from the Ponemon Institute in October 2016 they found the average cost of cybercrime for a company to be $9.5M (up 21% from their 2015 study).
For those in the physical security industry, this is cause for concern. With more and more systems migrating to the network, there’s no question that cyber-attacks targeting, using or manipulating physical security systems will rapidly increase and evolve in complexity. Devil’s Ivy is a good example of this evolution. As the community finds ways of addressing denial of service botnets like Mirai and Persirai, hackers are creating a completely new way to use camera devices for their purposes.
You can expect new physical security attack vectors to continue emerging rapidly. The reason for this is simple: cyber-criminals need an element of surprise to be successful initially; once their exploit is known, organizations will develop defenses against it. That’s why it’s critically important to constantly verify and authenticate your infrastructure, and to establish automated processes and procedures that supersede the human element. If the processes are ignored or broken, this also needs to be detected so that the “shields” never go down leaving the company vulnerable.
The rising threats have led to a sharp increase in compliance regulations for the physical security industry. For example, security professionals in the retail vertical discovered that cyber-criminals were inserting “skimmers” at point of sale (POS) terminals to capture credit card information. In response, the industry began requiring video surveillance to be deployed at all POS terminals to document incidents and identify criminals. This trend will continue to grow with the increase of cyber threats. To keep ahead of the criminals, it is vital to include physical security in your audits – in fact it is the only way to be prepared for the next inevitable attack.
To understand where to look and what to look for, start by asking these questions of your security integrator, Director of Security and CSO:
- What new technologies have you brought on board to address cyber threats?
- Why are most methods of checking for cyber breaches not automated?
- Are there controls in place to alert us to abnormal behavior in our physical security network?
- What automatically gathered metrics are we using to verify at any moment proper functioning of our physical security network?
Not being able to answer these questions could mean disaster for your business. The good news is there is a lot of innovation and development right now in the physical security industry to conquer these threats. Security integrators are delivering new solutions and methods for verifying physical security systems, and end users are more eager than ever to work with integrators to eliminate cyber threats. It may be impossible to stop criminals from searching out vulnerabilities – but you can do a great deal to make sure they don’t find any on your network.
John Gallagher is the VP of Marketing at Viakoo, based in Mountain View. Viakoo is an industrial IoT company, with their first product focused on automated physical security system and data verification. They address the scale issue with industrial IoT in how they cost-effectively handle large numbers of edge devices coordinated in a workflow across the network. Their automated solution is used by leading organizations like SanDisk, Nationwide Children's Hospital, JFK Airport, Drexel University, Cleveland Indians, and others.