LIVE WEBINAR, Dec 3rd – How to Protect Your Physical Security Devices from Cyber Attacks

SHARE THIS

Back to Blog

Physical Security Devices: The Next Big Cyber Battleground for Technology Companies?

Tech companies invest heavily in physical security devices, and for good reason – not only to protect their premises and the people who spend time there, but also to secure their own intellectual property. Yet, despite paying significant money to purchase and install these devices, tech companies typically struggle to maintain adequate physical security. In addition to presenting physical security risks, this reality can leave their intellectual property exposed to cyber threat actors. 

To be competitive, tech companies must be secure – especially because of their intellectual property

Tech companies are a highly lucrative target for threat actors, and the threats they face continue to grow. As a result, they need to protect themselves from the risk that a security incident could cause them serious legal, financial, and reputational damage.

At the heart of these risks is that intellectual property (which could be tremendously useful to cybercriminals) plays a critical role in tech companies’ business success. Not only do tech companies rely on proprietary technologies and trade secrets, but they often handle sensitive information about their customers and users. 

How critical is tech companies’ intellectual property to their overall success? It has been estimated that 90% of the market value of S&P 500 companies consists of “intangible assets” including intellectual property as of 2020 – an increase from just 17% in 1975. And it’s no coincidence that the value of those assets has skyrocketed just as tech giants have come to dominate the list of the top 10 companies in the S&P 500 by market capitalization over the past quarter-century. 

Protecting this sensitive information is vital to tech companies’ customer relationships, and a failure to handle customers’ personal information properly can result in serious legal and financial harm – especially in light of consumer privacy laws like the GDPR in Europe and the CCPA and CPRA in the U.S. 

To keep both their own information and their customers’ information safe, tech companies need robust security – including both physical security and cybersecurity. And achieving that security consistently involves protecting themselves not only from external cybercriminals, but also from the risk of insider attacks (which many companies now view as an even bigger risk).

Inadequately managed physical security devices put tech companies at risk 

To protect themselves from the various threats they face, tech companies invest heavily in physical security devices such as IP cameras, access control, intercoms, alarms, and more. 

But purchasing and installing physical security devices is only the first step toward actually enjoying robust physical security. To ensure that these devices stay both operational and secure throughout their life cycle, tech companies need to manage and maintain them consistently. 

Unfortunately, the data show that most organizations – including tech companies – suffer significantly from temporary and long-term blind spots in their physical security infrastructure. In fact, SecuriThings’ data show that a typical week sees 4% of an average organization’s physical security devices get disconnected from their network at some point – while 6% of an average organization’s security cameras get disconnected from their video management system in a typical week. And numbers like those are especially concerning in light of the risk that a device could be offline when it’s needed most, such as during a crime or serious accident (as the cameras were during last spring’s Brooklyn subway shooting). 

Not only can this reality leave a tech company’s premises and people exposed to physical dangers, but it can put the company’s intellectual property at risk. 

When physical security devices aren’t managed properly, the dangers go well beyond physical security

A failure to properly manage physical security devices can present serious threats to the business success of tech companies. In addition to failing to provide security, inadequately managed physical security devices can become a vector for expensive data breaches and cyberattacks. The risk is that vulnerabilities in these devices could enable threat actors to steal information that they will then sell on the dark web, threaten to release if not paid a ransom, or use for subsequent attacks.

Meanwhile, the cost of data breaches continues to climb, both globally and among tech companies. And cybercrime presents a greater risk to tech companies than to many other types of organizations. In 2022, a tech company’s average data breach cost an estimated $4.97 million, as compared to a global average of $4.35 million across all industries, according to IBM’s 2022 Cost of a Data Breach Report.

One of the most widely covered examples of what could go wrong for tech companies is the 2021 breach of Verkada, a company that provides cloud-based security camera service to a variety of organizations. In that case, hackers gained access to feeds from roughly 150,000 Verkada security cameras, including sensitive information belonging to various customers. This breach – and especially the ease with which it was carried out – caused serious harm to Verkada’s reputation.

The key lesson of the Verkada breach is that any tech company that fails to adequately harden and maintain its physical security devices risks leaving both itself and its customers and users exposed to the threat of being hacked. 

And the risk is growing, as threat actors get more sophisticated and state-sponsored attacks become more common – especially for tech companies and especially since the Russian invasion of Ukraine. All told, after causing an estimated $8.4 trillion in damage in 2022, cybercrime is projected to account for $11 trillion this year – and possibly to surpass $20 trillion per year by 2026, according to Statista.

To protect their physical security devices from these risks, tech companies need to follow best cybersecurity practices – including regular password rotations, firmware upgrades, and certificate management. But the amount of manual work involved in carrying out all of these processes makes them so time-consuming and expensive as to be unmanageable for most tech companies. Underscoring the difficulty companies face in performing all of these processes, an estimated 70% of physical security devices have been found to be running outdated firmware. 

Adding to the threat, many tech companies continue using physical security devices even after they have passed their official end of life, often without realizing the risk. In fact, SecuriThings’ data indicate that 15% of physical security devices in use are already past their end of life. Because these devices are no longer supported by new patches for any discovered cybersecurity vulnerabilities, they are a particularly easy target for hackers

A more effective way to manage physical security devices

Considering the physical and cyber dangers that tech companies face, it’s clear they need a major change in the way they approach their physical security devices.

It’s important to emphasize here that physical security teams themselves are not at fault for the current situation. They have simply been placed in an impossible situation: on the one hand, their departments tend to be very lean; on the other hand, the scale and complexity of the infrastructures they are responsible for have increased exponentially. To top it all off – unlike their counterparts in IT – physical security teams haven’t traditionally had access to the right tools to manage, maintain and secure such large, unwieldy, and unpredictable infrastructures of complex IP devices, management systems and networks.

Considering that tech companies have traditionally stood at the forefront of technological innovation, there is no reason for them not to embrace that same spirit when it comes to overhauling the prevailing inefficient, manual approach to physical security.

Specifically, by turning to automation, tech companies can empower their physical security teams with a scalable, reliable approach to ensuring their devices stay available, secure, and compliant all the time.

See how automation is helping tech companies manage, maintain and secure their physical security devices reliably and efficiently in our tech case study.

Blog posts you might also like