LIVE WEBINAR, Dec 3rd – How to Protect Your Physical Security Devices from Cyber Attacks

SHARE THIS

Back to Blog

US Higher Education Institutions Face More Risks Than Ever Before – How Can Physical Security Teams Rise to the Challenge?

Today’s educational institutions understand the importance of ensuring on-campus security. While the nature of campuses presents special security challenges, administrators understand that providing a secure learning environment is a core component of their educational mission. But while these institutions invest heavily in physical security devices, they typically fail to manage them adequately – compromising both the physical security and the cybersecurity of students, faculty, staff, and visitors. Not only can gaps in physical security lead to expensive legal woes, but they can leave students and others feeling unsafe, while also hurting an institution’s overall reputation.

Educational institutions have special security challenges – and little room for error

By their very nature, educational institutions face a unique set of security challenges. To create an environment conducive to learning, they need students to feel safe in their classrooms, their dormitories, and throughout their campuses. They also need to protect faculty, staff, and visitors. And to provide the necessary level of security, they need to cooperate with local police forces.

Delivering that sense of security involves mitigating risks including theft, property damage, physical assault, and violent crime with a weapon.

Making this particularly challenging, educational campuses are dynamic environments, with many people coming and going. Some of these people can present especially costly security challenges, such as rival sports fans and controversial guest speakers. For example, security for three “free speech” events scheduled to take place at UC Berkeley in August and September of 2017 cost a total of $3.9 million, even though the most expensive of the three events was ultimately canceled. And those expenses came after an event scheduled for February 2017 (which was also ultimately canceled) resulted in rioting that caused $100,000 worth of damage.

Additionally, campuses are typically porous and often very large. Without real barriers separating them from the outside community, it is particularly difficult to keep threats out. And on-campus classrooms, dorms, and other buildings are usually spread out. As a result, educational institutions have a wide variety of physical security devices – ranging from IP cameras and access control panels to metal detectors and shooter detection systems – deployed over a large area. 

Moreover, many educational institutions have multiple campuses and other sites that they need to monitor and protect, adding a significant layer of complexity to the goal of providing them with consistent and reliable physical security. 

The typical campus’s status quo fails to provide adequate security 

The security risks facing educational institutions make it critically important for their IP cameras, access control panels, and other physical security devices to work properly and consistently. These devices play a crucial role in protecting students, faculty, staff, and visitors from harm. And they can make a real difference in minimizing thefts and other crimes on campuses, both by preventing these types of incidents and by reporting them when they do occur. 

But today, most organizations, including educational institutions, don’t enjoy the full security benefit that their physical security devices are capable of providing. Because their devices are not operationally managed properly, data have shown that typical organizations have serious gaps in their physical security. 

For instance, in the average organization’s security environment:

  • 4% of physical security devices get disconnected from their network at some point in a typical week.
  • 6% of IP cameras get disconnected from their video management system at some point during a typical week.
  • 8% of physical security devices are misconfigured.
  • 70% of physical security devices are running outdated firmware.
  • 15% of devices are no longer supported by their manufacturers because they are past their official end of life.

Taken together, those problems increase the risk of device downtime, which puts educational institutions at serious risk of reputational, legal, and financial harm. More importantly, they can jeopardize the safety and wellbeing of students and others on campus. 

This reality leaves students, faculty, staff, and visitors exposed to dangers

Because cameras and other physical security devices play such a critical role in campus security, the possibility of a device being offline when it’s really needed presents a serious danger. Last spring’s Brooklyn subway shooting, during which multiple nearby security cameras were down, showed just how risky device downtime can be – illustrating a worst-case scenario that educational institutions are (rightly) determined to avoid.

In addition to compromising the physical safety of educational campuses and the people who spend time there, this reality can make regulatory compliance especially challenging for educational institutions. Because of their relationship with external police forces, campus security must immediately report certain types of incidents, such as violent crimes. To do that, they need devices such as IP cameras to work consistently – and that involves operationally managing them properly. 

Furthermore, when educational institutions fail to adequately manage their physical security devices, they run the risk that those devices could become a vector for a data breach or other cybercrime. Alarmingly, a 2019 survey by Genetec found that almost 40% of organizations’ security cameras are vulnerable to cyberattacks because of vulnerabilities in their outdated firmware. 

Not only can inadequately managed physical security devices leave institutions’ own information exposed, but they can also compromise the privacy of students, faculty members, and others. This is especially concerning given the increase in cyberattacks on educational institutions in recent years. In fact, Check Point has reported that educational institutions saw a 44% increase in cyberattacks between 2021 and 2022 – the sharpest increase of any field. 

And the already-high cost of data breaches continues to climb. Among educational institutions, the average data breach in 2022 cost $3.86 million – up from $3.79 million in 2021 – according to IBM’s 2022 Cost of a Data Breach Report

Moreover, the 2021 breach of Verkada – a major provider of security camera services – illustrated the scale of the cybersecurity risk posed by inadequately managed physical security devices. In that incident, hackers infiltrated roughly 150,000 security cameras belonging to Verkada and gained access to customers’ proprietary information. Unsurprisingly, this caused significant damage to Verkada’s reputation.

The heart of the problem is that operationally managing physical security devices is a huge undertaking for educational institutions, and typically one for which they lack adequate resources. It requires monitoring the operational status and health of each device, as well as hardening them and regularly performing basic but time-consuming maintenance tasks such as password rotations, firmware upgrades, and certificate management. It also requires promptly replacing devices that have passed their end of life, since their lack of patches for newly discovered vulnerabilities makes them an easy target for hackers. 

Given the scale and variety of physical security devices used by educational institutions – including different device types and models made by various manufacturers, running different firmware, and installed at different times – it’s not hard to see why educational institutions struggle to operationally manage them properly. 

Today’s threat landscape requires a new approach to operationally managing security devices

Looking at the scope of the risks educational institutions face as a result of inadequately managed physical security devices, it’s clear that the status quo is too risky and inefficient to be sustainable.

Of course, that’s not the fault of physical security teams. Those teams are simply up against an ever-growing variety of physical security and cybersecurity risks, and they’re not typically given the tools they need to operationally manage their devices properly.

So, how can educational institutions empower their physical security teams to stay on top of the operational management of their security devices, and to do so efficiently? The solution is not simply doing more of the same. Instead, they need to tap into the power of automation.

By automating the operational management of their security devices, educational institutions can give their physical security teams the tool set they need to get the full benefit of these devices. That way, they can close the gaps in their physical security, while also helping to protect their campuses from cybercriminals. 

Most importantly, this kind of automated approach can help create a campus environment that is safe, secure, and conducive to high-quality education.

For a look at how SecuriThings Enterprise has helped one Ivy League university to streamline and enhance the operational management of its physical security devices, check out our education case study

Blog posts you might also like