Internet linked cameras and other security devices protect people and property. But the network connectivity used to monitor operations and update software remotely also offers a network path for cyber-attacks

The pandemic forced more people to work from home but remote working meant employers became more vulnerable to cyber-attacks.

This week Genetec Inc began contacting public sector organizations offering a guide to reducing cyber vulnerabilities, especially in the parts of the system, which are often overlooked.

If security systems are not up to date or properly protected, they can pose a significant cybersecurity risk. An attack via a camera or door controller can work its way through the network to block access to critical applications, lock files for ransom and steal personal data.

Justin Himelberger, Enterprise Systems Business Development Manager for US Federal and DOD at Genetec Inc. said: “Because these systems are increasingly connected to networks and IT infrastructure, they can be quite vulnerable. 

“With the number of cyber-attacks increasing around the world, it is becoming clear that government organizations must be more stringent than ever about cybersecurity in their own organizations and throughout their supply chains.”

One step that organizations can take immediately says Genetec, is to ensure that each device, as well as the servers used to store data and host surveillance consoles, have the latest firmware and software recommended by the manufacturer. Changing default passwords and establishing a process for changing them frequently is an essential practice. Improving network design to segment older devices can also help reduce the potential for cross-attack.

In the United States, federal funding may be available to help cover costs associated with replacement programs. The Investment and Jobs Act of 2021 includes $1 billion to help state and local governments modernize their cybersecurity.

Genetec Inc. provides a unified security, public safety, operations and intelligence solutions business. Genetec is headquartered in Montreal, Canada and serves enterprise and government organizations via an integrated network of resellers, integrators and consultants in 159 countries.

The huge increase in high resolution security cameras and other devices connected and co-ordinated via the internet and cloud systems offer protection to people and property that was unimagined a decade ago.

Pierre Racz, founder and CEO of Genetec believes the security industry is moving to become more software centric and less hardware centric because of cheap Asian cameras being so cheaply available.

Software is the future he believes but the network connectivity, which allows organizations to monitor operations and update software remotely, presents a network path for cybercriminals and cyber-attacks. 

Vulnerability assessment and prevention

To determine the risk of physical security systems, Genetec recommends that organizations perform a posture assessment, create and maintain an inventory of all devices connected to the network and their connectivity, firmware version and configuration.

As part of the assessment, they must identify models and manufacturers of concern, such as those listed by the US government under the National Defense Authorization Act (NDAA) as presenting a high level of cyber risk. They must also document all users with knowledge of security devices and systems.

The review can identify devices and systems that need to be replaced. When developing a replacement program, prioritize strategies that support modernization. An effective approach is to unify physical security and cybersecurity appliances and software on a single, open-architecture platform with centralized management tools and views.

Additionally, while physical security and IT have always been approached as separate efforts, the risk of cyber-attacks via physical security technology is driving the change. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends consolidating IT and physical security into a single team, so that a comprehensive security program can be developed based on a common understanding of cyber-attack risks, responsibilities, strategies and practice.

Discover more about Genetec Inc HERE

Return to News section Security Journal America