In the UK and North America, financial institutions are shifting towards a global management system of physical security. A survey from
Honeywell Commercial Security shows that half of the respondents (47 percent) said their company’s security is managed at a global level, with all branches under the same enterprise or integrated system, and a further third (32 percent) said they were planning to shift to a global model.
With integration playing an important role across both security measures and markets, enterprise solutions featuring remote oversight and management are going to grow in popularity.
A holistic approach
“The keyword is ‘integrated’,” explains Martin Koffijberg, Director, Business Development, Banking and Finance at
Axis Communications. “A failure to look holistically at both physical and cybersecurity – to connect the physical with the logical - will inevitably create vulnerabilities. It is important to adopt some form of Enterprise Security Risk Management or Converged Security approach.”
Both physical and IT security should follow the same cybersecurity principles and be evaluated in the same way, Koffijberg added. The first step has to be an acknowledgment from physical security practitioners that these security devices are connected to the network and, while performing security operations, create new risks to a business that hasn’t been seen with older technologies.
Framework components
First, thorough and continued risk assessments need to be part of every physical security manager’s playbook. Today, many banks in the West have implemented sophisticated physical identity and access management (PIAM) policies, which control not only access into buildings but into the corporate network too.
“These feature useful functions like shutting down access to networks when an employee leaves their laptop, desk or building,” Jun said. “Other functions include enforcing two-factor authentication before login and the use of analytics to flag suspicious network access or unusual activity.”
Speaking about his company’s experience in dealing with the situation, Kevin Sheridan, Director of Financial Institution Services for Convergint, said that their larger financial clients are focused on four key elements of securing their operational security systems to mitigate the risk of any potential vulnerabilities. These are:
With the volume of connected devices integrated into physical security systems at financial institutions, awareness of what devices are deployed, where they are deployed, and what their operational status has become more important than ever.
- Device hardening protocols
Password management is a focal point of our most sophisticated clients. Changing default passwords, while seemingly a rather basic activity, is something that many institutions have struggled to achieve given the volume of IoT devices deployed.
Physical security system architectures are increasingly having this level of network architecture as a requirement of physical security system design.
Keeping your systems up to date with the latest firmware patches and software updates, when combined with the aforementioned elements, reduces the attack surface significantly.
The human factor and AI
When designing a comprehensive security solution with a holistic approach, technology is only part of the problem to be dealt with. The other part is the people who use the technology. To mitigate physical breaches, human error, and surveillance monitoring, it’s also important to address the problem of fatigue.
“That’s where deep learning and AI solutions can transform control rooms operations for major financial institutes, including those that operate 100s or even 1000s of cameras across large and multiple sites,” Jun said “Because deep learning learns over time, it distinguishes between environmental factors versus actual threats, such as an intruder or suspicious loitering. This translates into fewer false alarms and reduces the chance of control room operators shut down alarms, resulting in a quicker, more appropriate response to incidents.”