In an increasingly digital world, it’s critical to have a security strategy to protect your systems against both physical and cyber threats. Cameras, door controllers and other physical security devices and systems are smarter and more interconnected than ever. To help you better understand the nuances and responsibilities involved in keeping your systems safe, we’ve prepared this list of 4 reasons why your cybersecurity and physical security should go hand-in-hand.
1. Physical security systems face cyber threats
A poorly secured camera, unencrypted communications between a server and client application, or out-of-date firmware can all be exploited by cybercriminals. The problem is obvious – the protection of security systems can’t only be physical. Cyber threats are pervasive as well.
In 2016 a major manufacturer of IP cameras, using the open source operating system Linux on its cameras, had over a million of its cameras hacked and used to carry out distributed denial of service (DDoS) attacks. In 2014 one of the largest manufacturers of video surveillance equipment globally had its digital video recorders (DVRs) hacked and used to mine bitcoin.
In August 2019 The Guardian reported that the fingerprints of over 1 million people, as well as facial recognition data, unencrypted usernames and passwords were discovered on a manufacturers publicly accessible database, used by customers including London’s Metropolitan Police force.
Because physical security devices, like cameras and card readers used for access control, and security management applications, like Video Management Systems (VMS) and IP Access Control Systems (which can be integrated with logical access systems like Active Directory), are on networks and connected with other business systems they’re a platform for cyber risk.
Although some physical security teams are working with their IT departments and security system integrators to prioritise cybersecurity, many organisations are still neglecting it.
2. Hackers are helped by poor employee cyber hygiene
Let’s qualify what we mean by this. Your employees are prime targets for cyber threats. Their passwords, email accounts and mobile apps are potential access points into your network. The strongest encryption can’t defend your system against weak or compromised passwords.
That’s why it’s important for management to set clear guidelines and implement proper processes, i.e. requiring staff to change – and not duplicate – passwords regularly, and put cyber security training programs in place. Employees need to be educated about IT best practices, and the potential social engineering techniques they face. For example, starting with simple tips on password creation, and ways to identify phishing emails from legitimate communications, will help mitigate cyber risks. Similarly, failing to install a security update by leaving it to the discretion of an employee is also a risk. Adopt the mindset that you’re constantly under threat and train your employees how to look out for suspicious actvity and how to react when a breach occurs. Cyber criminals don’t need to spend time cracking codes when poor employee cyber-hygiene makes it easy to take them.
3. Cyber breaches can affect physical security systems
Nowadays, most building services are connected and managed on a network. There’s a good chance that your heating, ventilation, and air conditioning (HVAC), elevator systems, lighting, perimeter access control, and communication systems are on network infrastructure. Unfortunately, this also means that your facilities’ physical security systems are reliant on the strength of your cyber defences.
Physical security solutions are an entry point that are being used to gain access to the networks of large and small enterprises. It might seem counterintuitive that physical security tools designed to keep people and assets safe can be the focus of a cyberattack but devices such as video surveillance cameras, access control readers, and alarms panels are IoT devices. These devices are simply small computers that run software and that may contain cybersecurity vulnerabilities that can be exploited by attackers as a beachhead for all kinds of malicious actions.
To counter the threat, physical security professionals must proactively partner with their counterparts in information security to better understand the true limits of the security perimeter and work to develop strong governance and processes to avoid or mitigate cyberattacks.
This requires solidifying a resilient cyber-physical security framework, to ensure only trusted devices are integrated in the network and subsequently configured, updated and managed throughout their operational life.
Professional system integrators understand this, and should work with you to plan against cyber attacks on your network dependent physical security infrastructure.
4. Hacker Exploits & Vulnerabilities
Beware – not all cameras are the same. A poorly secure camera or a camera running out-of-date firmware is an entry point for a cyber attack. The example of a camera is simple in its elegance, because cameras are so ubiquitous, and after all how could something so familiar to us be used to mount a cyber attack?
In the United States the federal government has banned the purchase of IP cameras from certain manufacturers for US government video surveillance systems, for US government-funded contracts and possibly for ‘critical infrastructure’ and ‘national security’ usage because of well known cybersecurity vulnerabilities. The risks are even greater because of an equipment manufacturing practice known as OEMing, which means that manufacturers offer their products to resellers who then reskin the cameras with their own branding. It’s been reported that the 2 companies who’ve been banned from selling to US government entities were also providing their products to at least another 80 other companies globally. So what’s the point of this example? It’s the easiest to understand example of why physical security devices and cybersecurity go hand-in-hand and how that relationship can go awry if not protected properly. A physical security device, a camera, needs to be cyber hardened to eliminate it being used against you.
Ask your security system integrator questions about the cybersecurity of the cameras that they’re offering you. What’s their approach to cyber hardening? What are your responsibilities when physical security devices are put on the network? With greater connectivity of systems over the Internet, a vulnerable camera can become a gateway to your organization’s data and sensitive information.
Conclusion
Cybersecurity and physical security are intrinsically linked. The strength of an organisation’s protection lies in implementing successive layers of both physical and logical defence. As business operations increasingly depend on interconnected IT infrastructure, the consequences of a breach extend far beyond temporary system downtime — they threaten continuity, reputation, and trust.
Western Plains Security Electronics delivers industry-leading protection for Australian organisations. Our agility and foresight ensure that we remain ahead of the evolving security landscape, providing comprehensive, end-to-end security solutions that safeguard every aspect of your operations.
Partner with us today to strengthen your organisation’s resilience and adapt to the changing demands of modern security.
Call us on (02) 6885 6440 or email [email protected] to learn more.