Cybersecurity for video security and access control: A resource guide for 2026

Cybercrime has become a major threat, projected to cost the global economy US$10.5 trillion this year. Connected edge devices are among the main targets of actors seeking to enter the network of an organization with malicious intent.
 
The stakes are high for physical security teams as they’re overseeing ever-larger infrastructures of connected security and IoT devices, from cameras and access control points to servers and IoT gateways—each one of them a potential target. As hybrid infrastructures are gaining traction, requiring that each one of them individually is connected to a cloud server, infrastructures are potentially exposed on both ends, at the edge side and the cloud side. Piecemeal responses to cyberthreats are no longer enough.
 
asmag.com provides extensive coverage of cybersecurity via a range of exclusive articles and suppliers’ news, the most important of which are included in this resource guide. We hope the guide will further the readers’ understanding of cybersecurity for video security, access control and adjacent fields such as smart building and IoT.
 

Table of contents

What Is cybersecurity in the context of physical security systems?
Regulatory regimens and certification
Cybersecurity for cloud devices
Verticals and their cybersecurity needs
Threat scenarios and assessment
 

1. What is cybersecurity in the context of physical security systems?

Cybersecurity and compliance with pertinent regulations such as the NDAA in the US have come to dominate procurement discussions. User—increasingly guided by jurisdictions in which they operate—usually require:
 

• Encryption of footage and metadata, especially if linked to personal information and user data
• Secure firmware updates
• API security
• Data sovereignty and lifecycle management

 
Integrators therefore need to consider cybersecurity at the design stage, tailoring solutions to the needs of each vertical, including highly regulated ones such as critical infrastructure or finance. One of the main challenges is that attackers often move faster than those defending organizations against cyberthreats, especially as AI has given both sides new tools to likewise create threats and design defenses.
 
The future of cybersecurity for physical security may lie in de-siloing edge and cloud security, with platform-based, integrated and collaborative approaches.
 
Related articles:
Cybersecurity, compliance, and AI shape the next phase of surveillance technologies
Navigating the future of cybersecurity: An interview with Nadav Zafrir, CEO of Check Point Software Technologies
 

2. Regulatory regimens and certification

Major players have in the past few years increased cybersecurity thresholds for physical security systems. In the US, the NDAA effectively restricts what brands can be used in security infrastructures, while the NIST Cybersecurity Framework and FIPS standards set on-the-ground rules. The EU, too, has several regulations in place, from the NIS2 Directive to the EU Cybersecurity Act and additional legislation at the national level.
 
While regulations set in the US and EU—thanks to the size of their markets—have the largest influence on security players globally, some other countries have introduced ambitious cybersecurity regimens: India with the STQC, Vietnam with the QCVN 135:2024/BTTTT and Singapore with amendments to the Cybersecurity Act, for example.
 
Meanwhile, ONVIF Profiles B, T, M and D provide specifications that promote secure communication and interoperability between IP-based physical security devices. ISO 27001 is among the most widely adopted standards, covering information security management systems and organizational controls.
 
Related articles:
Certify or be sidelined: Video surveillance vendors race to meet global standards
The AI revolution in physical security – Navigating innovation, intelligence, and governance
Hikvision among the first companies worldwide to earn NIST CSF 2.0 certification
Gallagher Security achieves ISO 27001 recertification, reinforcing commitment to information security
 

3. Cybersecurity for cloud devices

With the advent of VSaaS and cloud analytics, security systems are no longer closed infrastructures that can be defended by sealing them off from outside data streams. Cybersecurity has moved on from preventing access to IT systems, to dynamically managing access and ensuring data integrity and authenticity.
 
Hybrid systems have additional attack surfaces—transmission, storage, platform access—but they also offer cybersecurity benefits as automatic updates and patches can be implemented across all edge devices. In their communication, zero-trust models are gaining traction:
 

• Encrypt everything
• Require authentication from every connected device and user
• Verify footage at multiple stages, from capture to storage

 
Hybrid systems also require integrators to take on new roles: From hardware maintenance to ensuring system integrity, and from installation to continuous security and compliance support.
 
Related articles:
Ensuring cybersecure cloud-connected video surveillance in the age of AI
Cloud storage and the benefits for the surveillance industry
Why cloud-first security platforms deliver lasting value for integrators
 

4. Verticals and their cybersecurity needs

Cybersecurity risks for physical security systems vary significantly by vertical, depending on operational criticality, regulatory pressure, device density and tolerance for downtime. In deployments where security devices are linked to operational technology, for example, any breach of a security camera can lead to industrial production grinding to a halt. The main challenge here is to reap the benefits of connected systems, while keeping connections that make systems potentially vulnerable at a minimum.
 
Especially deployments involving many classes of devices—as is typical in healthcare, for example—require integrators and operators to always remain full visibility over the whole system.
 
Related articles:
Securing connected security devices in OT environments: What integrators need to know
Asimily Research highlights gap Between hospital security priorities and IoMT device risk management reality
Data center security: the importance of protecting critical infrastructure
 

5. Threat scenarios and assessment

AI has a profound impact on cybersecurity, as bad actors can increase the number of attacks they launch, and security teams themselves increasingly rely on AI to identify threats.
 
As scenarios security teams must prepare for shift from predictable IoT threats (focusing on weak credentials, unpatched firmware, exposed APIs) to adaptive, autonomous AI-powered attacks, additional expertise is often needed to ensure systems remain cybersecure.
 
Related articles:
Check Point takes IoT security to the next level as AI creates a ‘perfect storm’
Genetec shares best practices for enhancing cyber resilience in cloud-based systems on World Cloud Security Day
Top 10 Malware of Q2 2025 revealed: SocGholish leads; Mirai makes a comeback