Hardening the Physical Security Supply Chain to Mitigate the Cyber-Risk
Cyberattacks have become a significant business risk for organizations of all sizes. The US National Cyber Security Alliance found that more than 60% of cyberattacks target small to medium and small businesses. Its research also showed that 60% of those small companies were unable to sustain business operations six months following attack.
Cyberattacks, however, do not always come through the front door. Organizations depend on third-party vendors and service providers, who are critical suppliers of security components or providers of services such as accounting. And many cyberattacks come through these backdoors.
With up to 80% of cyberattacks now beginning in the supply chain, breaches at even the smallest of vendors can have big consequences for enterprise level operations. Every organization across the global physical security supply chain, therefore, must become more aware and interconnected to mitigate against cyber risk. At best, a breach is likely to leave you with a hefty fine and a tarnished reputation which you may never fully be able to repair.
The Initial Step to Mitigate Risk
A recent report by Genetec found that 67% of physical security professionals, including Genetec’s end users, integrators, and partners, are planning to prioritize their cybersecurity strategy in 2021. With the UK witnessing a 31% increase in cybercrime since the start of the pandemic, many physical security professionals are recognizing that cyberattacks are real and that physical security systems are an ideal entry point for hackers.
IP security cameras and other security devices are by their very nature connected to the internet. It’s what lets users access them remotely to check in on their business, and what lets manufacturers update device software without having to make a house call. But this feature can also be their Achilles’ heel. When not secured properly, any camera or access control device in the so-called Internet of Things (IoT) can be accessed remotely by just about anyone, not just those with whom you want to share access.
One way to limit your organization’s cyber vulnerabilities is to take a closer look at your supply chain and build a network of trusted vendors. Effective supply chain risk management (SCRM) is essential here for ensuring the continuity and profitability of your business. However, the same principle should also apply to the vendors that provide the various components of your physical security system, and even those that install or service your equipment.
You can begin by asking vendors and other third-party service providers about their cybersecurity and privacy policies and practices. A company that is serious about cybersecurity will conduct its own penetration testing and catch any vulnerabilities that could have been missed during product development. They will also be proactive when vulnerabilities are uncovered and quickly deploy the latest firmware and security updates to keep systems secure.
Moreover, when working with a systems integrator to develop or maintain a physical security solution, it is important to share your concerns about cybersecurity at the onset. A systems integrator must consider cybersecurity a top priority and should only recommend products from trusted manufacturers who are also committed to protecting your system on a regular basis.
Operate in a Framework of Best Practice
The cyberattacks against IoT devices are increasingly affecting enterprises yet could easily be prevented. For example, ensuring cameras are running on the latest version of the firmware and that security updates are regularly applied is a rudimentary aspect of good cyber hygiene. Yet, Genetec’s own data reveals 68% of cameras trying to connect to its systems are running out of date firmware. And 54% of these involve known vulnerabilities, mean they could easily be compromised by a cybercriminal with malicious intent.
That is why everyone must play a role in protecting physical security systems from cyberattacks. Be sure to choose trusted vendors who use smart tactics such as penetration testing. And only work with systems integrators who are committed to providing continuous protection against cyberthreats. The success of your business may depend on it.
Nick Smith is Regional Manager at Genetec.
This story first appeared on IFSEC Global, part of the Informa Network, and a leading provider of news, features, videos, and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies — like video surveillance, access control, intruder/fire alarms, and guarding — and emerging innovations in cybersecurity, drones, smart buildings, home automation, the Internet of Things, and more.