Genetec Takes Cybersecurity On The Road

In 2007, the physical security industry started a convergence of IP-cameras from analog surveillance cameras. And a number of security technicians had challenges picking up on the networking aspects of IP-based surveillance systems. Ten years later, we are seeing the convergence of physical security and cybersecurity. Now today’s technicians need to understand the cybersecurity issues of connecting their physical security devices to the company?s network.

Genetec has become extremely active in highlighting the importance of cybersecurity issues and has developed Cybersecurity Roadshow events. The latest event was held at the in San Francisco with a panel of physical security / cybersecurity experts as well as the F.B.I.?s Assistant Special Agent-in-Charge M.K. Palmore —an information security executive— discussing just how important, impactful, and intrusive cybersecurity has become to the physical security industry.

?At the end of the day, physical security and cyber security are multiple layers of the same onion,? stated roadshow panelist Dan Cory, VP of Security for the San Francisco 49ers NFL franchise.

25% of all breaches involved internal actors.

Genetec is spearheading the ?Security-of-Security? initiative and taking a leadership position in educating everyone on the importance cybersecurity plays in the overall physical security ecosystem. Understanding how safe the physical security systems that are connected to your company?s network must be just as important as the security systems themselves.

In a recent report, there were just over 1,600 incidents and more than 800 breaches featuring social actions alone ? all external actor driven. Phishing was again the top variety of these social actions, found in over 90% of both incidents and breaches. Once successfully phished, a number of things can happen: software installation, influencing disclosure of sensitive data, repurposing of assets and so on. In last year?s report, it showcased how the majority of remote breaches began with the same chain of events; phishing to gain a foothold via malware, then leveraging stolen credentials to pivot off of the foothold.

This tactic is known as ?Attack The Human.? Whether it is through phishing, pretexting (a scam where the liar pretends to need information in order to confirm the identity of the person he is talking to), or poor passwords, the human is typically the weakest link in the cybersecurity chain.

81% of hacking-related breaches leveraged either stolen and/or weak passwords.

However, it?s not only the human element that we need to be vigilant against. With IP-cameras, NVRs, and other modern networking devices becoming increasingly prevalent, these interconnected devices ?designed to facilitate the management and sharing of security information, which is intended to hold people and organizations safe? are becoming a security challenge unto themselves. These less then secure cameras or unprotected communication links between client and server applications can be the ?door? any cybercriminal needs to walk through and hold your data hostage for ransomware or steal all your corporate intellectual property.

51% of all breaches involved organized criminal groups.

?Cyber crime is here and it?s not going away any time soon. We, as an industry, need to become more aware of the cyber threats that exist in the realm of physical security systems. We need to be more diligent about who has access to security platforms and how they are being managed,? stated Christian Morin, Chief Security Officer at Genetec. ?We need to work closer with C-level executives and law-enforcement to help educate employees and the broader public. Only by working together can we try and be one step ahead of these threat actors.?

Does your organization have a security strategy in place that protects against both physical and cyber security threats? Many organizations are building a cross-functional team of I.T. security and physical security stakeholders that understand the interconnection of the various systems within the organization.

This team should develop an ?Incident Procedure? guide on what the organization?s response should be when a breach does occurs. One of the steps in building such an Incident Procedure guide would be to contact the F.B.I.?s local field office cybersecurity team.

In the San Francisco F.B.I. field office, information security executive and Assistant Special Agent-in-Charge M.K. Palmore has an open door policy for working with companies that are interested reviewing their Incident Procedure guide as well as working with the organization after a breach has occurred.

MK-Palmore-FBI-SFO

?Sometimes an organization is hesitant to call in the F.B.I. when they have been the victim of a cyber crime. The F.B.I. is not the S.E.C. The F.B.I.?s mission is to investigate, determine attribution, and bring the cybercriminals to justice,? explained Palmore.

Palmore echoed much of what Genetec is advancing with the Security-of-Security initiative. These proposals include multiple and varied lines of defense, including encryption, multi-layer authentication, and multi-level authorization. This physical security initiative strives to take all relevant security data and move it to a unified system for management, analysis, and storage with encryption that is usable only by authenticated and authorized end-users.

?Whether one calls them embedded systems, or the ?Internet of Things,? the combination of these little computers, poor security design, and upcoming high-speed wireless networks are a perfect storm of sorts that holds the potential to make all of our current cybersecurity concerns worse, more persistent, and of much larger scale,? says Bob Stratton, a serial security entrepreneur, investor, and consultant (not part of this event?s panel).

66% of malware was installed via malicious email attachments.

?It is important to get in front of security professionals, organizations, even consumers to share what is really happening today in the cyber crime arena and we are supportive of events like what Genetec is bringing to groups like this,? shared Palmore.

Genetec?s management is passionate about the security-of-security challenges and has instituted internal programs ?starting at the application coding levels- to take into account how secure their products and services are delivered to the end-users.

In 2017, a physical security infrastructure is incomplete without a cybersecurity measure. Physical security no longer can be thought of as stopping at the front door or front gate. As the 49er?s Cory stated, cyber and physical are all layers of the same security onion and all security stakeholders need to keep the organization safe.

Source: genetec.com
0 Comments