It’s the classic case of the tiny over the mighty….the mouse scaring the elephant, the faulty spark plug stopping a tractor-trailer in its tracks. In the technical domain, the software provides low-level control for a device’s hardware – firmware – bringing down an entire enterprise.

IoT firmware updates are critical in the lifecycle management of physical security devices, particularly when the devices have a long lifetime or are deployed in remote or inaccessible areas where manual intervention is cost-prohibitive or otherwise challenging. This blog delves into the firmware’s critical role in physical security device management. It explores how upgrading physical security device firmware is a small task with a significant impact on the organization.

Should physical security devices always be updated? 

Yes. Keeping IoT firmware updated is critical for maintaining operational functionality, minimizing cybersecurity risks, and eliminating compliance bottlenecks. With enterprises becoming increasingly reliant on physical security devices to ensure the physical security of their assets – people, IP, and materials — if devices are not updated, the results can severely impact the entire organization.

Impact of firmware in physical security 

Device functionality

When firmware upgrades are not performed promptly, an organization can expect to pay a heavy operational price. For example, a Physical Security manager notices that CPU utilization has reached 100% on dozens of devices. If the root cause isn’t detected and corrected quickly, it’s only a matter of time before those devices stop working. And even before they stop working, they may not be operating correctly. This can quickly escalate into a critical situation. For example, incompatible firmware in a camera will cause unstable video streaming because device quality is compromised. If that video stream is required to secure a campus dormitory, restrict access control in an airport, or ensure quality on a factory production line, any loss of functionality can end in disaster.

Device security

Unmanaged firmware also harms device security. From a security standpoint, using an old firmware version with published vulnerabilities opens the door for cyber attackers. After exploiting the vulnerability to gain a foothold in the IoT network, hackers can move laterally within the network, jeopardizing the organization’s most valuable assets and data. This is not a theoretical scenario. According to the Unit 42 IoT Threat Report, 57% of physical security devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers. Forrester Research reports that 67% of enterprises have experienced an IoT security incident. 41% of these attacks exploit device vulnerabilities, as IT-borne attacks scan through network-connected devices to exploit known weaknesses.  Firmware updates can fix IoT firmware security vulnerabilities and are considered to be an essential building block in securing physical security devices. 

Device compliance

There is also regulatory demand for IoT firmware upgrades. In the US, the IoT Cybersecurity Improvement Act of 2020 requires all physical security devices used by government agencies to comply with strict National Institute of Standards and Technology (NIST) standards. In addition, software upgradeability is one of the IoT Device Cybersecurity Capability Core Baseline (8259A) requirements. California’s regulations go even further, passing bill SB-327, which requires IoT device manufacturers to include “reasonable” security features and password rotation requirements to prevent attacks.  Europe has its own Cyber Security for Consumer Internet of Things: Baseline Requirements that establish firmware updates as a necessity.

Some industries and their associated markets have their specific compliance regulations. Any device serving the healthcare industry must have the technology to meet the Health Insurance Portability and Accountability Act (HIPAA) requirements. Financial institutions and their vendors must meet similar regulations required by the  Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act.  Ensuring that an organization’s physical security physical security devices fully comply with governmental and industry regulations is a prerequisite for partnering with these valuable markets. 

So just perform firmware updates. What is so challenging?

Enterprises may have tens of thousands of physical security devices to manage. And this number is on the rise. Forecasts indicate that more than 75 billion physical security devices will be used by 2025. That’s a lot of firmware to manage. 

The firmware updates must be performed regularly to ensure the device works correctly and securely. Some companies schedule a firmware alignment process once a quarter, barring any critical vulnerability. Most simply upgrade on an ad-hoc basis when new firmware is available and validated to be officially supported by their management system. However, an available update may only be suitable if it is fully compatible with the specific device model. The latest versions are not always the best; for example, a camera must be optimized for VMS compatibility to achieve the best results. If a problem does arise, the company must be able to roll back to the previous version. And, of course, complete visibility into the upgrade progress and any possible issues are critical.

Most IoT firmware updates are performed manually (if at all). These device-level manual updates are costly and time-consuming. Organizations rarely upgrade firmware versions—even those with known vulnerabilities—exposing their devices to potential cyberattacks or operational failures.

Bottom line: While unmanaged IoT physical security devices pose a real security risk to organizations, many companies need more knowledge and resources to manage them. 

Enter Securithings Enterprise: Empowering automation to solve the IoT firmware challenges

The explosion of physical security devices has raised the need for a reliable and secure firmware update mechanism suitable for devices across a vast enterprise deployment. Firmware updates are necessary to patch vulnerabilities, but they can also add new functionality and change configuration settings.

Incorporating automation into the firmware upgrade process enables organizations to eliminate many challenges related to unmanaged physical security devices. IoT teams can stop worrying about whether firmware versions are frequently upgraded or vulnerable firmware is identified and patched. Instead, automated firmware upgrades make daily maintenance routines much more effortless. Manual updates are eliminated, while end users can operationally manage firmware quickly and efficiently — regardless of scale — with full process supervision and update validation. In addition, automated firmware upgrades ensure devices will always be protected from known issues that manufacturers have addressed in the latest version, improving the organization’s device availability, security posture, and compliance. 

SecuriThings Enterprise provides real-time security and operational efficiency to improve system availability, organizational compliance, and cyber protection while reducing costs and streamlining future planning. Our advanced software enables automation, analytics, and actionable alerts to keep your fleet of physical security devices fully operational and secure. Our capabilities’ power, depth, and breadth only take a few hours to deploy. For more information about how your organization can benefit from automated operations for physical security devices, click here.

FAQs

What are the benefits of automating IoT firmware updates?

Automating IoT firmware updates ensures the timely application of critical patches, reduces operational disruptions, and decreases the risks associated with manual interventions.

How do IoT firmware updates enhance device security?

Regular IoT firmware updates address vulnerabilities, preventing potential security breaches by keeping devices secure against the latest known threats.

Why is it essential to maintain current IoT firmware?

Maintaining updated IoT firmware ensures devices function optimally, are secure, and comply with regulatory standards, which are vital for operational integrity and security.

Can IoT firmware updates be scheduled automatically?

IoT firmware updates can be scheduled automatically, allowing organizations to ensure continuous protection and functionality without manual oversight.

What challenges are associated with outdated IoT firmware?

Outdated IoT firmware can lead to increased vulnerabilities, operational inefficiencies, and non-compliance with industry regulations, posing significant risks to organizational security.