Physical Security innovation and Cybersecurity for retailers
Unfortunately, any new technology innovation brings with it a range of different potential threats. Many financial institutions have started to embrace emerging technologies to keep pace and potentially leverage the benefits of new physical security technology, but with this shift, they must also begin to face and address the new evolving threat landscape.
The IoT is the ability to join up devices over a system of connected network technologies, delivering the ability to transfer data over a network automatically. This sounds very simple in theory, but when considering where financial institutions fit into the critical infrastructure landscape, it’s important for them to take a more holistic approach to cybersecurity and the entire vendor supply chain. This is because the industry’s status as part of the critical national infrastructure means financial firms must comply with the Directive on security of network and information systems (NIS Directive).
The beauty in the current innovation age is that most products are designed for easy initial connectivity and set-up. This can easily cause someone to forget to take the appropriate steps to ensure no back doors are left open.
What must be drilled into everybody is that cybersecurity is a process, not a product. Most successful breaches are due to human error, poor configuration or a lack of maintenance. Cyber-attacks can typically impact three main areas within an organization.
- User / People
- Social engineering
- Weak passwords
- Phishing / Spearing
- Untrusted app installation
- Lost / misplaced device
- Poor system design
- Poor configuration
- Poor maintenance
- Poor monitoring
- Lack of policy & processes
- Design flaws
- Poor API validation
- Poor secure development
The three areas ultimately fit into two different categories
- Opportunistic attacks – Typically exploits vulnerabilities
- Targeted attacks – Typically focused on individuals
Partners in protection
Going forward, engagement with the vendor supply chain, specifically physical security system integrators that have competence regarding cyber best practices and risk mitigation, will play a pivotal role in helping to limit the overall threat landscape.
Risk assessments should be a standard and embryonic practice and as threats evolve so should the process. System integrators that have competence in this area can be invaluable to ensure that they have done their part to help financial institutions utilize their organisations’ IT policies and best practices when evaluating emerging technology. This starts with product selection, system design, implementation and developing a future maintenance program that will ensure long term success.
Physical security innovation is critical to the protection of an organization’s assets but having an effective cyber strategy is also key in this innovation age. Working with a physical security integrator that understands the importance of these two areas will ultimately lead to developing a successful technology migration strategy. If the goal is to have a positive and effective impact to your financial business, finding a partner that can support an effective cyber strategy can improve your overall physical security program.