Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalTechnologies & SolutionsSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceVideo Surveillance

New opportunities at the intersection of physical and cybersecurity

By Bud Broomhead
cyber handshake

Image from Pixabay

October 21, 2022

Physical security professionals have seen changes over the last year regarding the cybersecurity aspects of managing video surveillance and access control. 

Those changes are all driven by the perception (and reality) that the most easily breached part of any organization is the Internet of Things (IoT)/operational technology (OT) devices they operate.

Cyber vulnerabilities in security technology

According to the Palo Alto Networks Unit 42 research group, IP cameras are the most easily breached devices in the enterprise, followed by printers and access control systems. The high degree of risk to the organization is why internal physical security and IoT/OT leadership need to embrace new business models — and the sooner, the better for all involved.

There are several reasons why physical security, specifically IoT/OT in general, is a focus for threat actors. Look at an IP camera — it’s a Linux server with powerful computing, network and storage capabilities (and sometimes hangs outside a building with exposed ports). 

All too often, physical security and IoT/OT devices use default or easily guessed passwords and lack recent firmware security updates, making them exploitable. Another reason is that many IoT/OT devices use open-source software components, which have had a significant increase in vulnerabilities present in them over the past year. In areas like physical security, where there is a mix of makes and models in any deployment, open-source vulnerabilities can be hard to remediate because the devices may depend on multiple manufacturers developing firmware updates to remediate the vulnerability. 

Having IoT/OT devices that live on past their supported “end of life” date (and that never receive another firmware update) also makes businesses targets. Since IoT/OT devices are often sprawled across the organization physically, it takes longer to get to and update them, further extending the vulnerability window.

It’s not only the inherent insecurity of physical security and IoT/OT devices driving change, but also the advisory and regulatory environment. Last year, Gartner predicted that CEOs would be personally liable for cyber breaches within a few years. Industry-level organizations ranging from telecommunications, energy, real estate and others have added specific controls and measures around cybersecurity. The Cybersecurity and Infrastructure Security Agency (CISA) has delivered mandates to federal civilian agencies requiring patching and remediation within weeks for urgent vulnerabilities.

This has led to several changes inside organizations. Leadership boards are now being encouraged to have cyber experts as board advisors. CEOs and risk and compliance officers are asking for physical security and other IoT/OT device operators to ensure that they comply with overall corporate information security policies (or get specific exemptions from them). Many organizations are bringing together their IT and line of business managers in “Security Councils” or “IoT Committees” to map out strategies and best practices on cybersecurity.  

This means that physical security teams need to have information available about their systems and how cyber hygiene is being performed on them (not to mention that data from physical security systems needs to be available and ready for auditors).

Moving forward with secure technology

Now is the time to address these new needs at the intersection of physical and cybersecurity. Two key elements to that are internal coordination and having the proper tools to manage security. As mentioned above, companies have started to bring together IT and the line of business owners of IoT/OT to promote communications around IoT/OT security. 

The advantage of this approach is when disaster strikes, the team is already used to working together and exchanging relevant information. In addition, many industries are starting to have cross-company efforts to share information and best practices. 

In addition to forming a community around IoT/OT security, the right automation tools are also needed, such as asset discovery tools. If a vulnerability is being exploited, having a network access control solution that can block traffic from the device can help mitigate the exploit.  

However, it’s critical to follow mitigation with actual remediation of the vulnerability — because taking IoT/OT devices offline usually cripples the business or the business purpose of the device operating. For an IoT/OT security platform, the key functions are firmware patching/updating (for remediation) as well as being able to enforce the organization’s password policies; for organizations who have embraced zero trust architectures, having certificate management is also needed to extend zero trust to IoT/OT devices.  

One area that is often overlooked is the need for automated service assurance. With IT systems, there are multiple ways to ensure that system’s operations — with IoT/OT devices, there are not. Therefore, ensuring that the IoT/OT devices perform as they should is a foundation for IoT/OT security and can provide very useful data. For example, seeing an IP camera’s onboard memory start to spike could indicate that the device is being used to distribute ransomware. Historical performance records can also assist in the forensic audit performed when a breach occurs.

Having both an established internal security community and tools and systems to manage IoT/OT security not only helps organizations today, but it sets the stage for what will likely be increased focus and requirements put onto physical security specifically and IoT/OT systems in general. Looking ahead, the need to embrace enterprise-wide security policies will drive physical security teams to operate systems within the context of those policies, whatever they may be: multi-factor authentication, zero trust architectures, biometrics, audit and compliance reporting, supply chain requirements, etc. The list will continue to grow and develop to make a better, safer world, especially at the intersection of physical and cybersecurity.

KEYWORDS: cyber and physical convergence IoT physical security systems ransomware threat detection vulnerability

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Bud Broomhead is CEO of Viakoo

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0819-Profile1-Feat-slide1_900px

    At the Intersection of Business, Analytics and Security

    See More
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    See More
  • 5G and IoT security

    The intersection of 5G, security and IoT 2.0

    See More

Events

View AllSubmit An Event
  • September 25, 2024

    How to Incorporate Security Into Your Company Culture

    ON DEMAND: From this webinar, you will learn how to promote collaboration between IT and physical security teams to streamline corporate security initiatives.
  • April 16, 2025

    Modernizing GSOC Operations: Ensuring Full Control and Complete Situational Awareness

    ON DEMAND: For many organizations, physical security management can be a daunting task. Threats are on the rise and risks are becoming increasingly diverse. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing