Axis Blog

Innovation and cyber

by Mark Rowe

Steve Kenny, pictured, Industry Liaison – Architecture and Engineering at Axis Communications, writes of physical security innovation and cybersecurity for retailers.

There’s no doubt that physical security technology has changed dramatically in the last decade, and with the emergence of IoT (Internet of Things), it is clear that this evolution will continue. Constant innovation has paved the way for increased speed, agility, efficiency, business continuity and resilience. The consumer technology market has also helped to fuel this change, along with the desire to leverage and appeal to a younger technology-savvy workforce. Unfortunately, any new technology innovation brings with it a range of potential threats. Many financial institutions have started to embrace emerging technologies to keep pace and potentially leverage the benefits of new physical security technology, but with this shift, they must also begin to face and address the new evolving threat landscape.

Joined up devices

The IoT is the ability to join up devices over a system of connected network technologies, delivering the ability to transfer data over a network automatically. This sounds very simple in theory, but when considering where financial institutions fit into the critical infrastructure landscape, it’s important for them to take a more holistic approach to cybersecurity and the entire vendor supply chain. This is because the industry’s status as part of the critical national infrastructure means financial firms must comply with the Directive on security of network and information systems (NIS Directive). The beauty in the current innovation age is that most products are designed for easy initial connectivity and set-up. This can easily cause someone to forget to take the appropriate steps to ensure no back doors are left open. What must be drilled into everybody is that cybersecurity is a process, not a product. Most successful breaches are due to human error, poor configuration or a lack of maintenance. Cyber-attacks can typically impact three main areas within an organisation.

User / people
– Social engineering
– Weak passwords
– Phishing / Spearing
– Untrusted app installation
– Lost / misplaced device

Systems
– Poor system design
– Poor configuration
– Poor maintenance
– Poor monitoring
– Lack of policy and processes

Implementation
– Bugs
– Design flaws
– Poor API validation
– Poor secure development

The three areas ultimately fit into two categories:
– Opportunistic attacks – typically exploiting vulnerabilities; and
– Targeted attacks – typically focused on individuals.

Partners in protection

Going forward, engagement with the vendor supply chain, specifically physical security system integrators that have competence regarding cyber best practices and risk mitigation, will play a pivotal role in helping to limit the overall threat landscape. Risk assessments should be a standard and embryonic practice and as threats evolve so should the process. System integrators that have competence in this area can be invaluable to ensure that they have done their part to help financial institutions utilise their organisations’ IT policies and best practices when evaluating emerging technology. This starts with product selection, system design, implementation and developing a future maintenance program that will ensure long term success.

Innovation age

Physical security innovation is critical to the protection of an organisation’s assets but having an effective cyber strategy is also key in this innovation age. Working with a physical security integrator that understands the importance of these two areas will ultimately lead to developing a successful technology migration strategy. If the goal is to have a positive and effective impact to your financial business, finding a partner that can support an effective cyber strategy can improve your overall physical security programme. p

Download e-book to learn more: http://www.axis-communications.com/Branch_Transformation_E_Book.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing