How to Avoid Costly Cybersecurity Risks by Hardening Your Physical Security Devices
For today’s organizations, cameras and other physical security devices play a critical role in keeping people safe from harm, while also helping to prevent reputational damage, lawsuits, theft, and other financially costly problems.
But if not hardened against cyber risks and maintained properly, these devices can actually put you at serious financial risk by compromising your cybersecurity. This is a widespread problem, especially because maintaining them properly can feel like an impossible challenge at the best of times, and doing so manually can be such a financial burden that many organizations do not take the necessary steps to do so. In the face of this challenge, automating the routine maintenance of your physical security devices can help you to protect these devices from cyber threats efficiently, cost-effectively, and reliably.
Why is automation the key? To answer that question, it’s important to understand the most common steps involved in hardening and maintaining physical security devices, as well as the reasons these steps are so critical.
What’s involved in hardening and maintaining physical security devices?
Four of the most basic steps involved in protecting your physical security devices from cyber risks are upgrading firmware, rotating passwords, managing certificates, and configuration hardening.
Firmware upgrades can help you ensure that your security cameras and other devices are running the most appropriate versions of their firmware. These upgrades are particularly important as a way to protect devices because they often include patches for cybersecurity vulnerabilities. But installing these upgrades manually is a time-consuming and expensive process, especially because it involves checking which version of the firmware is the latest compatible version for a given device. Because of limitations stemming from physical security devices’ hardware and management system on which they run, in some cases the latest compatible firmware version is different from the latest available version.
Rotating passwords can also be a time-consuming process if done manually, but it is critical for protecting devices from hackers and other cyber threat actors. This step involves replacing default passwords with strong passwords. To be sufficiently strong, a password should comply with IT standards and best practices, such as having at least a certain number of characters and a wide enough variety of characters (sometimes including capital and lowercase letters, numbers, and special characters). This step also involves rotating passwords with a certain frequency, which should be defined in an organization’s IT standards.
Although many organizations fail to manage their device certificates properly, this is also an important part of hardening and maintaining physical security devices. This step involves ensuring that certificates are uploaded, rotated, and revoked as needed. Like passwords, device certificates should be rotated on a regular basis to protect against cyber threats.
Configuration hardening best-practices are defined from both the Manufacturer and IT domains. Monitoring and remediation is the process of bridging those two domains into defined policies and processes such as:
- Securing the connectivity with devices – enforcing HTTPs only, SSL and 802.1x network access, etc.
- Defining edge protection with IP address filters, disabling unused services, UPNP configuration, etc.
- Running device configuration and hardening checks to verify the devices are compliant.
Then, alert and report on device drift and vulnerabilities such in order to remedy them.
How expensive and widespread are the risks of failing to harden and maintain physical security devices?
When organizations fail to maintain and secure their cameras and other physical security devices properly, they put both their physical security and their cybersecurity at risk. Should an issue caused by inadequate maintenance cause a device to stop working properly, the device could go offline, leaving a gap in its organization’s physical security system. And should hackers or other threat actors take advantage of cybersecurity vulnerabilities caused by inadequate maintenance, the result could be an expensive cyberattack. In fact, 41% of cyberattacks exploit device vulnerabilities, such as default, weak, and unchanged passwords, according to the 2020 Unit 42 IoT Threat Report.
And the price tag for that kind of attack can do serious damage to an organization. The average financial cost of a data breach is $4.35 million, according to the 2022 Cost of a Data Breach Report by IBM and the Ponemon Institute.
Still, the numbers show that many organizations do not sufficiently protect their physical security devices from cyber risks. Many devices come with default credentials that are either left unchanged or are changed to weak passwords, leaving the door open for hackers to compromise these devices’ networks. In fact, one study concluded that trying just five combinations of default credentials can give any hacker access to 10% of all connected devices.
Meanwhile, an estimated 68% of cameras are currently running outdated firmware, leaving nearly 40% of cameras vulnerable to a cyberattack, according to Genetec.
How can automation help you streamline and enhance the maintenance of your physical security devices?
An automated approach to maintaining your physical security devices offers you a reliable way to protect these devices from cyber threats, while also keeping your costs down. Without requiring long work hours from your team members, an automated approach can help you ensure that:
- All of your physical security devices are running the latest compatible firmware.
- All device passwords are updated regularly.
- All device certificates are managed as required.
- Device configuration and hardening checks verify all devices are compliant.
- Alerts of any vulnerabilities or deviations from policies
- Rule based triggers remediates any issues or vulnerabilities
- Device health and cybersecurity status is monitored around the clock.
For a closer look at how to optimize your physical security and avoid expensive cybersecurity risks efficiently, check out our latest eBook, The Cost Benefit of Automation in Physical Security.