Physical Security innovation and Cybersecurity for retailers

Article
February 12, 2019
There’s no doubt that physical security technology has changed dramatically in the last decade and with the emergence of IoT (Internet of Things), it is clear that this evolution will continue. Constant innovation has paved the way for increased speed, agility, efficiency, business continuity and resilience. The consumer technology market has also helped to fuel this change, along with the desire to leverage and appeal to a younger technology-savvy workforce.

Unfortunately, any new technology innovation brings with it a range of different potential threats. Many financial institutions have started to embrace emerging technologies to keep pace and potentially leverage the benefits of new physical security technology, but with this shift, they must also begin to face and address the new evolving threat landscape.

The IoT is the ability to join up devices over a system of connected network technologies, delivering the ability to transfer data over a network automatically. This sounds very simple in theory, but when considering where financial institutions fit into the critical infrastructure landscape, it’s important for them to take a more holistic approach to cybersecurity and the entire vendor supply chain. This is because the industry’s status as part of the critical national infrastructure means financial firms must comply with the Directive on security of network and information systems (NIS Directive).

The beauty in the current innovation age is that most products are designed for easy initial connectivity and set-up. This can easily cause someone to forget to take the appropriate steps to ensure no back doors are left open.

What must be drilled into everybody is that cybersecurity is a process, not a product. Most successful breaches are due to human error, poor configuration or a lack of maintenance. Cyber-attacks can typically impact three main areas within an organization.

  • User / People
    • Social engineering
    • Weak passwords
    • Phishing / Spearing
    • Untrusted app installation
    • Lost / misplaced device
  • Systems
    • Poor system design
    • Poor configuration
    • Poor maintenance
    • Poor monitoring
    • Lack of policy & processes
  • Implementation
    • Bugs
    • Design flaws
    • Poor API validation
    • Poor secure development

The three areas ultimately fit into two different categories

  • Opportunistic attacks – Typically exploits vulnerabilities
  • Targeted attacks – Typically focused on individuals

Partners in protection

Going forward, engagement with the vendor supply chain, specifically physical security system integrators that have competence regarding cyber best practices and risk mitigation, will play a pivotal role in helping to limit the overall threat landscape.

Risk assessments should be a standard and embryonic practice and as threats evolve so should the process. System integrators that have competence in this area can be invaluable to ensure that they have done their part to help financial institutions utilize their organisations’ IT policies and best practices when evaluating emerging technology. This starts with product selection, system design, implementation and developing a future maintenance program that will ensure long term success.

Physical security innovation is critical to the protection of an organization’s assets but having an effective cyber strategy is also key in this innovation age. Working with a physical security integrator that understands the importance of these two areas will ultimately lead to developing a successful technology migration strategy. If the goal is to have a positive and effective impact to your financial business, finding a partner that can support an effective cyber strategy can improve your overall physical security program.

For further information, please contact: Kristina Tullberg, Regional Communications Manager Northern Europe, Axis Communications
Phone: +46 708 90 18 72