printer friendly version

IoT running wild compromises security

At the Genetec IP security seminar held in Midrand, Johannesburg recently, regional sales manager, Brent Cary said, “While Internet of Things (IoT) is growing at an unprecedented rate, new opportunities to access compromised data for cyber criminals is increasing due to a lack of network security.

Brent Cary – Genetec.

“Constant connectivity and the rapid flow of information may offer new and convenient ways to do business and create value, but it also places the corporate network at significant risk. The reality is that your network is only as secure as the weakest piece of hardware or software on it,” says Cary.

Quoting the founder of Linux, Linus Torvalds, Cary added that ‘the only way real security is done is by a network of trust.’ He says there are four physical security actors, all of whom play a vital role in this network of trust:

• The end user, who will have an IT policy in place, should be conducting their own supplier risk assessment to know exactly what devices are sitting on their IT network.

• The consultant, who should be conducting the manufacturer risk assessment and informing the end-user of any possible risks associated with the suppliers.

• The system integrator should be following the Manufacturer Configuration Recommendations and Guides to Hardening Your Security System. (Free Genetec Download at https://www.genetec.com/about-us/news/blog/a-guide-to-hardening-your-security-center-system, short URL: www.securitysa.com/*genetec1.)

• And finally, the manufacturer, who has the responsibility to ensure they are secure by default; have a security development lifecycle; provide secure coding and testing procedures; offer a product security policy (security versus usability) and help educate their fellow actors as to how they are contributing to a more secure network.

Cyber criminals want valuable assets and intellectual property. Physical security data is not on the top of the assets at risk (e.g. video recording) and this might be the reason why, in the past, physical security systems placed less importance on cyber security. This is a weakness as the physical security system could be the entry point to access more critical assets.

“The loss is not just financial, cybercrime leads to a loss in confidence; brand compromise, loss of integrity and loss of customers. There is also the possibility of lawsuits and legal exposure, even ransom demands,” says Cary.

Globally, the threat has made itself real and Cary says that organisations are starting to take network security seriously. A recent PWC ‘Global State of information Security’ report found that over 91% of respondents follow a risk-based cybersecurity framework, but what was most interesting is the fact that 69% are moving to a cloud-based cybersecurity service.

“Companies are handing the responsibility to trusted advisors as opposed to trying to do it themselves. The reality is that there is a shortage of skills with service providers that are not adequately equipped to manage the complexity of a corporate network and increased cybercrime,” explains Cary.

He says Genetec is turning twenty years old this year and believes that the threat hasn’t changed, rather it has just evolved. But in South Africa there is work to be done: “Local businesses need to pay more attention to what the risks are on their IT networks. Very few, if any end-users have driven the conversation regarding cybersecurity, I have only had this brought up twice with the last 100 customers. This is way too few and is why education is critical to the market. The more people understand where the weaknesses are, the easier it is to secure the network.

“We are seeing growth within the subscription economy across all technologies, enabling customers to manage their security requirements on a Software-as-a-Service (SaaS) basis, which also includes support. This approach is encouraging interest from businesses in a variety of sectors and improving overall network security.”

Share this article:

Further reading: