Connected physical security devices can represent a weak point in a network’s security, leaving the rest of the network vulnerable to attack. How do you safeguard the devices intended to keep you safe?
The shift to digital IP security world and connected devices on the Internet continues to gain momentum thanks to the added capabilities and interoperability the systems offer. Manufacturers are including exceptional features in today’s physical security devices that improve detection like video analytics, remote mobile apps, and cloud-based resources. Is it also the responsibility of these vendors to add built-in cyberdefense capabilities in their products?
The Cisco Global Cloud Index: Forecast and Methodology report estimates anywhere from 25 to 50 billion things could be connected to the Internet of Things (IoT) over the next 3 years. In particular, many concerns are being raised regarding the potential for criminals hacking into interconnected network electronic security devices connected to the IoT.
Security devices, such as network cameras, card readers, intrusion detection devices, entry door stations, audio devices, and a host of other sensors sit on the edge of the network. An edge device serves as the entry point into a network and can leave it vulnerable to attack.
While the occurrence of new cyberattack methods changes every day, is it solely up to individual companies to take actions to better protect themselves against malicious ransomware and reduce the impact of security breaches?
One of the easiest ways to breach a network is to gain access to a password. What responsibility rests on the shoulders of the security integrator who is hired to install a system or who works with in-house security department personnel to make sure default passwords are not being used and systems are being updated?
Whose job is it, anyway? Hopefully, the answer is obvious: all of the above. Securing a network, its devices, and the services it supports requires active participation by the organization and all those involved in supplying the solution along the way.
Starting at the manufacturer level, given today’s volatile environment, as designers strive to make security products and systems more intuitive and easier to use, it is clear that applications also must be developed and incorporated for cybersecurity. These include cyber-hardened capabilities, such as encryption and authentication. In addition, processes are necessary for self-configuring as much as possible and patching and updating. By applying testing of edge devices, manufacturers can pinpoint flaws and minimize risks.
A bipartisan group of senators is hoping to lead by example in purchasing devices that meet basic requirements to prevent hackers. Last month, Senators Mark Warner (D-VA), Steve Daines (R-MT), Cory Gardner (R-CO), and Ron Wyden (D-WA) introduced the Internet of Things Cybersecurity Improvement Act of 2017, which aims to bring more security guidelines for federal government procurements of connected devices.
Under the terms of the bill, vendors that supply the U.S. government with IoT devices would have to ensure that their devices are patchable, do not include hard-coded passwords that can’t be changed, and are free of known security vulnerabilities, among other basic requirements.
Vendors are heeding the call for added cybersecurity applications in the devices they supply. In the meantime, there are immediate actions all organizations can take to reduce the probability of security breaches. Adopting proactive prevention and controls to keep systems running to specifications and compliance requirements makes sound business sense and can help insulate your infrastructure from hackers.