Security Summit ended its three-day run earlier this month. The topic of cybersecurity dominated the virtual event. This article examines what some of the panelists had to say about the subject.
Security Summit ended its three-day run earlier this month. The topic of cybersecurity dominated the virtual event. This article examines what some of the panelists had to say about the subject.
Needless to say, we’ve entered the connected age. Devices, including security equipment, are increasingly online under the
IoT scheme. How to leverage the opportunities and avoid the threats it brings, then, has become critical.
That was a common conclusion reached by panelists at Security Summit 2021, a virtual event held from May 4 to 6 by a&s Adria, a partner of asmag.com. The event featured several conference tracks presented by security experts throughout Europe.
Radoslaw Kedzia, VP of Huawei CEE & Nordic Region, mentions a digital transformation induced by the pandemic. In particular, he notes that certain aspects of this transformation are here to stay, for example digital-first customer engagement as well as working from home.
Meanwhile, he observes an increased willingness to invest in digital transformation, saying 86 percent of managers expect such investment to increase. He also cites full
cloud adoption will come one to three years earlier than expected, and 97 percent of large enterprises will adopt AI by 2025.
He says Huawei has adopted to this transformation well, rolling out various solutions to facilitate end users in different verticals. In particular, he mentions Huawei’s 5G applications in smart mining, where IoT sensors and 5G working together can help reduce operating costs, improve efficiency and increase health and safety of mine workers.
“We can decrease the number of people in underground mines, and locate accurately personnel in case of any accident,” Kedzia said.
Challenges that need to be addressed
However, this digital transformation and migration to IP has also led to certain risks. One of them is
cybersecurity. The most recent incident is the ransomware attack against U.S.-based Colonial Pipeline, resulting in the company shutting down operations and a likely shortage in gasoline supplies. A ransomware attack encrypts end users’ IT system and forces them to pay a ransom to decrypt the system.
Physical security, meanwhile, has increasingly migrated to the net and is subject to these threats as well.
Flaws and backdoors in IP cameras and NVRs can be easily exploited. “Criminals will look for the easy option and exploit an opportunity when they see one,” said Oleg Lesiv, Regional Sales for Eastern Europe at ComNet.
To counter these threats, ComNet has the cybersecurity technology to protect its PoE products. According to Lesiv, the Port Guardian technology has the capability whereby when network intrusion is attempted by disconnecting an IP addressable device at the edge to connect to the network, an SNMP notification is sent to the head end and the affected port is physically locked out, preventing access. Lesiv adds that the network administrator can re-enable the port once the threat is eliminated.
Meanwhile, it should be noted that the physical security of security devices or equipment is important. In particular, many devices in remote areas are housed within enclosures that provide only minimal security features to protect against tampering or vandalism.
In this regard, ComNet has the solution as well. According to Lesiv, ComNet’s Intelligent Enclosure Protection solution has various components, including maglocks that can be utilized to offer remote open/locked operation; access codes that can be sent to individuals where access is controlled by keypad systems; and video verification that can further enhance the system to prove any person in question is who they say they are.
Anna Prudnikova, Senior Certification Specialist at Secura, meanwhile mentions the importance of getting devices certified for security. Specifically, she mentions the Common Criteria for Information Technology Security Evaluation (CC), part of the Common Criteria Recognition Arrangement (CCRA) which ensures that products can be evaluated by competent and independent licensed laboratories so as to determine the fulfilment of particular security properties.
According to Prudnikova, getting CC-certified has several benefits. Not only does it provide assurance, it also has possible advantages over direct competitors. “Depending on the type of target of evaluation, direct competition with other companies could be an important aspect. If the target of this competition are highly secure environments (for example government or large-scale private companies), then having a CC certificate on top of the competitors’ offer could make an important differentiation,” she said.