Following a pandemic-exacerbated rise in data breaches and ransomware attacks, security leaders must consider employing methods to reduce the often-overlooked cyber vulnerabilities of physical security systems.
Internet Protocol (IP) security cameras and other security devices present a path into the network for cybercriminals. If they are not properly shielded, they can pose significant risk to cybersecurity. An attack that originates in a camera or door controller can find its way through the network to block access to critical applications, lock files for ransom, or steal personal data.
Hardening physical security systems against cyberattacks
In order to protect organizations from cyberattacks on their physical security systems, security leaders recommended the following steps to bolster security:
- Ensure each device, as well as the servers used for storing data and hosting monitoring consoles, has the latest version of firmware and software recommended by the manufacturer.
- Change default passwords and establish a process to change them frequently is a critical practice.
- Improve network design to segment older devices, which can also help reduce the potential for crossover attack.
- Conduct a posture assessment, creating and maintaining an inventory of all network-connected devices and their connectivity, firmware version, and configuration. As part of the assessment, identify models and manufacturers of concern, such as those listed by the U.S. Government under the National Defense Authorization Act (NDAA) as presenting a high level of cyber risk.
Additionally, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends joining information technology (IT) and physical security into a single team, so they can develop a comprehensive security program based on a common understanding of risk, responsibilities, strategies and practices.