What sets cyber-secure security systems apart from others

With security systems such as access control and video surveillance becoming increasingly connected, cyberattacks and threats inevitably become a big issue. It’s therefore imperative for systems integrators (SIs) and end users to choose security systems with strong cybersecurity features.

Needless to say, we live in an increasingly connected world, so much so that global research and advisory firm Gartner forecasts there will be 25 billion connected things by 2021. These will also include security devices and systems such as IP cameras and access control readers.

With these security devices connected to the Internet, cyberattacks against them become a real threat. The large-scale DDoS attacks against Dyn in 2016, after several IP cameras and NVRs were infected with the Mirai malware, serve as a vivid reminder of the extent of damage cyberattacks can cause. And the attacks can be costly. According to IBM’s 2020 Cost of a Data Breach Report, the global average total cost of a data breach is US$3.86 million; in the U.S. alone, the figure rises to $8.64 million.
  

Against this backdrop, it has become imperative for security SIs and end users to select products and solutions that are hardened and cyber-secure. “A visibly strong security system acts as a deterrent to hackers, who typically favor weaker technology which is easier to penetrate and presents a lesser chance of getting caught in the process,” said Steve Bell, Chief Technology Officer at Gallagher.

What makes a security system strong and cyber-secure?

So, how can SIs and users tell whether a security system is strong and cyber-secure? According to Bell, a robust, hardened security system differs from the rest with the following features:
 

Encryption and authentication

Data in motion and at rest should all be encrypted, while a good authentication mechanism should be in place to prevent access by unauthorized individuals. “Done well, an adversary will look for an easier target,” Bell said.
 

Ease of use and control

“A cyber-secure security system should be simple to operate, while providing rich and detailed information that allows security officers to effectively handle any security incidents,” Bell said.
 

Secure devices

The secret keys for encryption and authentication should be properly stored and protected. “Best practice is the use of hardware key store modules in the devices that make up an access control or intruder alarm system. Proof of origin for electronic devices in a system is achieved by certificates and serial numbers loaded in the manufacturer’s factory to protect against supply chain and substitution attacks,” Bell said.
 

Ease of patching

In the event a vulnerability is found, the vendor will provide a patch to be installed into the system. “It is essential that software and firmware are able to be updated over the network, quickly and efficiently,” Bell said.
 

Security hardening guide

According to Bell, a hardened security system will ideally use at least two-factor authentication. Computer networks will be encrypted, and there will be facility for rolling of keys, authentic hardware checks, and encrypted end of line modules.

Why consider a government-approved security solution?

There are security solutions that meet certain government standards. While the popular notion is that these solutions are for high-end applications, they are now more and more available in the commercial space and should be considered by end users and SIs.

“As technology has advanced and become more interconnected over the years, the way organizations do business has changed dramatically. Your security solution may not have been designed to manage all the things it does now. Third-party integrations, connected devices, and even the external networks employees connect to while working from home, all create a risk of cyber breach,” Bell said. “Through testing their products against rigorous government standards, manufacturers offer organizations peace of mind that their solutions are resilient and fit for purpose.”

Surviving in a greater threat landscape

With more devices connected to the net, hacking and intrusion threats are increasing, and this applies to security systems as well. Against this backdrop, more security vendors have added secure features to their systems in order to better withstand cyberattacks. It’s imperative, then, for SIs and end users to be knowledgeable of these features and choose solutions that are robust and secure – only by doing so can they survive and win out in a greater threat landscape.