An important result of the pandemic is that businesses are now taking cybersecurity more seriously, according to the latest report from PWC. Out of 3000 organisations surveyed globally 96% said they are shifting their strategies, with 50% saying that cybersecurity will now be ‘baked in’ to every business decision rather than being an afterthought.
This seems to be an improvement on a similar survey from 2019. Then, PWC found less than half of companies were adequately prepared for a cyber-attack.
One reason for this new emphasis is the boost to digitalisation that has occurred over the last year. Enforced temporary measures such as homeworking are leading to more permanent changes. Now, as they move towards the post-pandemic recovery, organisations are looking for more efficient ways to use both their premises and their security and safety teams.
A new generation of integrated solutions is seen as a key route to digitising processes and delivering new business intelligence. These typically encompass IoT and mobile devices, and more new branch locations. But each one of these can introduce new threats that need to be monitored and responded to.
IoT and edge devices often use insecure protocols that can’t be patched and default passwords that are prone to targeting by malware. Mobile devices can be targeted to introduce malware into the corporate network. And smaller and branch offices may also be home to unpatched devices that can be easily exploited.
These factors not only increase the organisation’s attack surface, but they also create complexity that open up additional cyber risks. When deployed separately, all these elements fragment visibility and reduce control, leaving security teams less well prepared to face new cyber threats, especially for bad actors that will deploy a multi-pronged approach to find the most vulnerable point.
As we have written previously, the new generation of integrated solutions for managing people and premises can play an important role in driving efficiency by standardising and digitizing processes and enabling control room operator and first responders to follow standard operating procedures. Similarly, a unified security management platform makes it easier to deploy, manage and ensure consistent cybersecurity policy enforcement across security systems and devices.
Yet, all parties involved in physical security project implementations – new-build or upgrade – have responsibility for the cyber resilience of the completed system. This means that both systems integrators and customers need to be clear about potential vulnerabilities and the measures required to eliminate them.
Ransomware, distributed-denial-of-service (DDoS) attacks, and other privacy and data breaches are increasing and as we have seen this month in the security industry, the potential for large scale and potentially catastrophic incursions is ever present.
If designed, installed, or managed without due attention to cyber risks, physical security and building systems can provide a back door vulnerability into corporate networks.
The respondents to the latest PWC survey are right to want to ‘bake’ cyber protection into each business decision. But that alone is not enough – cyber security needs to be a consideration in every process, project, and daily action too.
This month we have seen how poor management of passwords and administrator logins can leave open back doors into networks. Alongside built-in encryptions and multi-factor authentication, good password hygiene is an essential first line of defence.
Alongside that goes choosing technologies with built-in defences, and solutions that make software and firmware updates automatic. The latest generation of integrated solutions scores highly on both counts and avoids the weaknesses that can build up over time with outdated siloed systems that sit forgotten at the edge of the network.
Meanwhile, one obvious lesson for physical security and FM professionals is that when projects are completed, and when systems are handed over, part of the process needs to be a complete change of any default or temporary passwords used by engineers during installation.
And none of the parties involved can assume that somebody else will be aware of that, or will take responsibility – it needs to be written into the handover process.
That’s the sort of practical change that ‘baking in’ involves.
And by taking comprehensive and collaborative approach together with systems integration enables greater control and efficiency gains across day-to-day operations, while maintaining confidence in cyber security. It also allows granular data to be built up over weeks and months, revealing new insights about how facilities are actually being used and security and safety teams are best utilised. For the first time, security and building systems can provide secure data to feed into truly informed corporate decision making.