Preparing for Inevitable Cyberattacks on Physical Security Systems
Tips on Pre- and Post-Installation Readiness
This is part one of a two-part series on how to protect your security systems against cyber threats.
When it comes to potential cyberattacks, the Boy Scouts’ motto says it all: “Be prepared.” In other words, make sure you’re always in a state of readiness. This is especially true when you’re talking about installing multi-component security solutions.
It’s no longer enough to harden an organization’s network infrastructure. One also has to consider hardening all of the smart devices and other IoT technology that connect to the network and are used to maximize the value of the security solution. It’s important to safeguard these ancillary devices because today’s hackers are turning their attention from the well-protected “big fish” and going after many of these secondary, more vulnerable systems and components as a way to breach the network and gain access to a company’s valuable digital assets.
So how should an organization protect its network, systems and devices from potential cyberattacks? It all begins with upfront planning and continues with long-term maintenance policies and procedures. While no one can fully mitigate cyberattacks, there are some basic steps that everyone from the manufacturer to the integrator to the end user can take to provide a level of protection.
Treat All Devices as Network Devices.
As long as a security solution – or any of its components – connects to the network, it should be treated to the same rigorous cybersecurity practices as any other IT device. These best practices could include such things as following the guidelines set forth in the Center for Internet Security’s Critical Security Controls for Effective Cyber Defense (CSC), which was formerly known as SANS control sets. These control sets are a good common baseline for establishing device and network settings, documenting MAC addresses, installing password management tools, as well as enforcing long- term policies for device software/firmware updates. Be sure to involve the IT department in the pre-planning and design phases as well as in any purchasing decisions to ensure that the system will be adhering to corporate cyber policies and not compromise the integrity of the network. Smaller organizations that outsource their IT should rely on their IT service providers for guidance on what policies to follow.
Proactively Prevent Exploitation.
Hackers love to find system and device vulnerabilities and exploit them. It’s how they’re able to launch botnets, malware, DoS (Denial of Service) and other attacks to gain access to the network and valuable information assets. So what can one do to prevent their network devices from becoming conduits for these types of cyberattacks?
The best defense is a good offense. Partner with manufacturers who proactively post CVEs (Common Vulnerabilities and Exposures) on their websites and regularly issue software and firmware updates that eliminate outdated code which may be susceptible to attacks. You also want manufacturers who are always keeping a vigilant eye out for new forms of malware, dedicating resources to learning how these are used to exploit devices vulnerabilities, and immediately taking steps to test and verify that their devices are not affected. And if they are affected, the manufacturer should commit sufficient resources to quickly issue additional firmware updates to address any specific vulnerabilities. Especially in this current climate of global hacking and instant malware permutations, end users should make risk monitoring part of daily operations and proactively check with device manufacturers for updates on CVEs.
Cyberattacks are a constantly evolving phenomenon. So you need to make sure that your cybersecurity measures keep pace. It’s an ongoing battle that requires the collective efforts of end users, integrators and manufacturers. In part two of our series on preparing against cyber threats, we’ll look at other best practices for hardening your security solutions from the end user’s perspective.
For part II of this series, check out the June 27 edition of the Security eNewsletter.