Hardening Your Security Against Cyber Attacks

Defending SCADA systems against the growing cyber threat

The cyber-attacks on the FBI and American Department of Homeland Security in early 2016 reminded us that cyber security is a very real and pressing concern. And, the more recent Botnet takeovers and distributed denial-of-service (DDOS) attacks demonstrated that many organizations still have a long way to go to make sure that their physical security systems are truly secure.

We must not lose sight of the fact that the same platforms that improve an organization?s efficiency can also provide cyber criminals with new ways to access and compromise that organization. As people and organizations enjoy the advantages of connectivity, accessibility, and mobility that our increasing online activity allows we are also putting ourselves at greater risk of cyber criminality. An unprotected or improperly protected physical security system is no exception.

Security threats and cyber attacks are on the rise. From 2014 to 2015, there was an increase of 38% in the number of security incidents detected worldwide (PwC The Global State of Information Security Survey, 2016). And these incidents can have significant consequences.

According to the technology research firm Gartner, more than 25% of cyber-attacks will involve the internet of things (IoT) by 2020. However researchers also state that the IoT accounts for less than 10% of IT security budgets. Hackers can take advantage of this organizational vulnerability and cybercriminals can use this weakness to gain access through the very system you are using to protect your organization.

Contributing Factors
There has been a rise in the number of cases of hackers getting into private security cameras to access the video and images they contain. Although the solution to this type of intrusion can be as easy as changing the default manufacturer password, the idea that a stranger can see through a camera can be quite unsettling. But, as seen by botnet attacks, it can go much farther than that.

With the increasing connectivity of systems over the Internet as well as increased cooperation and transparency both in and between organizations, an unsecure camera can become the attack surface that hackers need to access all manner of data and private information.

How Cybercriminals Get In
As with any software solution that resides on a network, security systems and edge devices are susceptible to a variety of attacks. Hacking a security system can take any number of forms, including brute-force, packet-sniffing, and man-in-the-middle attacks. In some cases, particularly with man-in-the-middle attacks, hackers are able to ?listen in? and alter communication that the participants believe is secure.

When it comes to hackers attacking an organization through its access control system, sometimes they can do so while respecting the procedures in place. In fact, there are 3 ways a cybercriminal can walk right into your building past your access control system without raising any suspicions. The first is skimming?when an attacker uses a reader to access information on an RFID token without consent. The second is eavesdropping. This occurs when an attacker recovers the data sent during a transaction between a legitimate reader and a token. And, finally, there is a relay attack in which an attacker temporarily possesses a clone of a token, thereby gaining the associated benefits.

But there are solutions for securing all aspects of your physical security system, including communications, servers, and data. By hardening your system against unwanted and unauthorized access, you can keep your organization safe from cyber-threats and attacks. The three key tools that ensure the security of your physical security system are encryption, authentication and authorization.

Keep Out Prying Eyes
Today, organizations can use encryption to protect private information and sensitive data and to enhance the security of communication between client apps and servers. By encrypting their data, they ensure that even if an unauthorized person or entity gains access to it, it is not readable without the appropriate key.

The process itself is fairly straightforward. It involves an encryption algorithm?or key?to translate plain text or readable text into cipher text or unreadable text. And only the corresponding decryption key can decode the scrambled cipher text back into readable plain text.

While encryption is a great way to essentially hide and protect data, it cannot stop unauthorized entities from gaining access to your network. For this, organizations employ different forms of authentication, the process of determining if an entity?user, server, or client app?is who it claims to be, and then verifying if and how that entity is allowed to access a system.

Making Sure They Are Who They Say They Are
The process of authentication keeps your data from getting into the wrong hands by preventing unauthorized access and ensuring that your security personnel are always accessing your system when they log in. Essentially, it stops hackers from effectively ?pretending? to be a security server in order to penetrate your system and take control, manipulate or copy your valuable and sensitive data.

Authentication can occur on either the client side, through username/password combinations and tokens, or the server side, through certificates that identify trusted 3rd parties. One of the most common uses of certificates is for HTTPS-based websites. In this case, a web browser will validate that a web server is authentic to ensure that the website is who it claims to be, and that communication between user and website is secure.

Once these identities have been authenticated, the next step in maintaining the security of your security system is managing who can access what part of your security system. This is achieved through various authorization mechanisms.

You Get to Decide Who Sees What
With the increased integration and collaboration between systems, there are more entities than ever interacting with our security systems and accessing privileged data. This means that you can?t focus solely on potential threats that might be outside your organization. You need to ensure that you can control who sees your data and what they can do with it.

Through authorization, administrators can restrict the scope of activity within their system by giving access rights to groups or individuals for resources, data or applications and by defining what users can do with these resources. By restricting the access to and possible use of data in their systems, organizations take a crucial step in protecting privacy. In this way, administrators ensure the security of the data transmitted and stored within their security system. This not only increases the security of the physical system as a whole, but it also enhances the security of other systems connected to it.

Without proper protection, the size, scope and severity of cyber threats and attacks will likely increase over time. But there are solutions. Data and system protection is available right now.
While the advancement of technology has the potential to increase system vulnerability, it also carries with it the ability to protect. At Genetec, we are committed to working with our customers to ensure that our innovation delivers the best possible protection now and in the future. After all, security is what we do.

About The Author
Andrew Elvish,
Vice President Marketing and Product Management
Genetec Inc.

Source: genetec.com
0 Comments