A proactive approach to cybersecurity


Share this content


Mathieu Chevalier, Principal Security Architect, Genetec, Inc. explains what organisations can do to mitigate cybersecurity threats.

The use of IoT devices has benefited organisations’ ability to improve security and monitor activities in large, distributed spaces.

However, with the benefits of connectivity, accessibility, mobility and data sharing come cybersecurity risks.

Devices such as cameras, access control readers and alarm panels can provide an entry point for cyber-attacks on the networks of large and small enterprises.

In a survey conducted by Genetec of over 5,500 security processionals, (31%) of end user respondents indicated cyber-threat actors targeted their organisation in 2023.

Some sectors were more affected than others. 73% of respondents in the intelligence and national security sector and 46% in the banking and finance sector said they were the victims of cyber-attacks.

Conversely, only 21% in the retail sector noted an attack.

Securing these devices is paramount and new strategies for managing access to these devices are critical.

Thankfully, organisations are being more proactive than ever. 42% of end user respondents indicated that their organisations are deploying cybersecurity-related tools in their physical security environments.

This is a significant increase compared to last year when only 27% said they had implemented processes to protect themselves.

Being proactive is the first line of defence. Here are some considerations as you seek to protect against cybersecurity threats to your systems whilst staying compliant:

Partner with a provider who makes cyber a top priority

Select a physical security provider that invests heavily in cybersecurity.

There are several questions to help further identify whether or not they are taking the necessary cybersecurity precautions.

For example, are they certified by a third party? Are they SOC2 compliant? Are they ISO 27001 certified?

Are they using IT security best practices?

Consider selecting a physical security provider who makes cybersecurity a priority as a top-down approach in all that they do.

Certain cybersecurity measures are hard to implement at scale, for example, updating firmware or changing passwords.

A company that is committed to cybersecurity will help you develop the right cybersecurity posture to scale. Likewise, they will partner with suppliers that place the same level of importance on cybersecurity.

Consider solutions with built-in cybersecurity measures

Although a physical security system could be threatened, there are many ways to further mitigate the risk of malicious attacks.

Deciding on a solution requires companies to determine whether the solution is designed with security in mind and has built-in cybersecurity measures.

When a product is designed, built and tested with security by default, essential features such as authentication, authorisation, encryption and privacy are built into the system.

These measures also ensure that only those with set privileges will be able to access specified assets, data and applications.

Authentication – the process of user authentication is the first level of identity management. This prevents your data from getting into the wrong hands. Modern, multi-factor authentication (MFA) validates the identity of the user so only approved users are able to access information.

Authorisation – authorisation helps define the access rights of a person or entity. An organisation’s administrator can define the rights of different individuals and configure access privileges depending on their roles and the level of access they are trying to achieve.

Encryption – encryption protects the confidentiality of a company’s data both in transit and when stored. When data is encrypted, it’s rendered unusable unless accessed by authorised users.

Privacy by design – there doesn’t have to be a trade-off between maximising privacy and security. Security solutions that offer privacy protection by design allow companies to have more control over their data. A physical security provider can help customers define who has access rights to sensitive video footage without hampering the details required to complete their investigations.

Minimise vulnerabilities by moving to a hybrid or cloud approach 

Moving your physical security to the cloud or using a hybrid approach can further mitigate your risks.

Modern cloud systems include layers of cybersecurity designed not only to protect against malicious actors but also human error.

Moving to the cloud also helps share the cybersecurity responsibility with your provider.

The providers who take advanced cybersecurity precautions often offer the possibility to streamline maintenance and updates, which is crucial to ensuring secure systems.

By using a hybrid or cloud solution, you’ll always have access to the latest built-in cybersecurity features.

Examples include privacy controls, strong user authentication and various system health monitoring tools.

When the latest versions and updates are available, they’ll be pushed immediately to your system.

Your physical security system remains better protected against vulnerabilities and is actively monitored to detect and defend against cyber-attacks.

Where cyber and physical security meet

To best protect your organisation from cyber-attacks, physical security and cybersecurity go hand-in-hand.

Physical security systems with built-in security and privacy by design features can better ensure that people, spaces and assets are protected.

Likewise, a trusted provider can offer a team approach to ensure that your entire system is designed, built and managed with your organisation’s end-to-end security in mind.

Receive the latest breaking news straight to your inbox