Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Physical Security

// // //

Hardening the Physical Security Supply Chain to Mitigate the Cyber-Risk

Nick Smith, Regional Manager at Genetec, details how physical security professionals can improve their resilience to cyberattacks by reviewing the cybersecurity policies of those they work with in the supply chain. This includes everyone from component vendors to installers and engineers.

Cyberattacks have become a significant business risk for organizations of all sizes. The US National Cyber Security Alliance found that more than 60% of cyberattacks target small to medium and small businesses. Its research also showed that 60% of those small companies were unable to sustain business operations six months following attack.

Cyberattacks, however, do not always come through the front door. Organizations depend on third-party vendors and service providers, who are critical suppliers of security components or providers of services such as accounting. And many cyberattacks come through these backdoors.

With up to 80% of cyberattacks now beginning in the supply chain, breaches at even the smallest of vendors can have big consequences for enterprise level operations. Every organization across the global physical security supply chain, therefore, must become more aware and interconnected to mitigate against cyber risk. At best, a breach is likely to leave you with a hefty fine and a tarnished reputation which you may never fully be able to repair.

The Initial Step to Mitigate Risk
A recent report by Genetec found that 67% of physical security professionals, including Genetec's end users, integrators, and partners, are planning to prioritize their cybersecurity strategy in 2021. With the UK witnessing a 31% increase in cybercrime since the start of the pandemic, many physical security professionals are recognizing that cyberattacks are real and that physical security systems are an ideal entry point for hackers.

IP security cameras and other security devices are by their very nature connected to the internet. It's what lets users access them remotely to check in on their business, and what lets manufacturers update device software without having to make a house call. But this feature can also be their Achilles' heel. When not secured properly, any camera or access control device in the so-called Internet of Things (IoT) can be accessed remotely by just about anyone, not just those with whom you want to share access.

One way to limit your organization's cyber vulnerabilities is to take a closer look at your supply chain and build a network of trusted vendors. Effective supply chain risk management (SCRM) is essential here for ensuring the continuity and profitability of your business. However, the same principle should also apply to the vendors that provide the various components of your physical security system, and even those that install or service your equipment.

You can begin by asking vendors and other third-party service providers about their cybersecurity and privacy policies and practices. A company that is serious about cybersecurity will conduct its own penetration testing and catch any vulnerabilities that could have been missed during product development. They will also be proactive when vulnerabilities are uncovered and quickly deploy the latest firmware and security updates to keep systems secure.

Moreover, when working with a systems integrator to develop or maintain a physical security solution, it is important to share your concerns about cybersecurity at the onset. A systems integrator must consider cybersecurity a top priority and should only recommend products from trusted manufacturers who are also committed to protecting your system on a regular basis.

Operate in a Framework of Best Practice
The cyberattacks against IoT devices are increasingly affecting enterprises yet could easily be prevented. For example, ensuring cameras are running on the latest version of the firmware and that security updates are regularly applied is a rudimentary aspect of good cyber hygiene. Yet, Genetec's own data reveals 68% of cameras trying to connect to its systems are running out of date firmware. And 54% of these involve known vulnerabilities, mean they could easily be compromised by a cybercriminal with malicious intent.

That is why everyone must play a role in protecting physical security systems from cyberattacks. Be sure to choose trusted vendors who use smart tactics such as penetration testing. And only work with systems integrators who are committed to providing continuous protection against cyberthreats. The success of your business may depend on it.

Nick Smith is Regional Manager at Genetec.

This story first appeared on IFSEC Global, part of the Informa Network, and a leading provider of news, features, videos, and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies — like video surveillance, access control, intruder/fire alarms, and guarding — and emerging innovations in cybersecurity, drones, smart buildings, home automation, the Internet of Things, and more.

IFSEC Global, part of the Informa Network, is a leading provider of news, features, videos and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies – like video surveillance, access control, ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Visit the Web's Most Authoritative Resource on Physical Security

To get the latest news and analysis on threats, vulnerabilities, and best practices for enterprise physical security, please visit IFSEC Global. IFSEC Global offers expert insight on critical issues and challenges in physical security, and hosts one of the world's most widely-attended conferences for physical security professionals.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...