For the last couple of decades, physical security and cyber security have generally been treated as separate aspects of security provision in most organisations – served by two different industries growing alongside each other and using technology that’s been steadily converging.
It’s this convergence that has seen physical and cyber security become increasingly more entwined, leaving many security integrators and IT professionals puzzled about the blurring of lines and responsibilities. This has now culminated in the current frenzy around “Cyber”, the new General Data Protection Regulation (GDPR) and a wider discussion on personal freedoms and privacy.
The increasing overlap between physical security and cyber security is changing both industries, but what does this mean for security integrators, the end user and their IT departments?
For us, it’s clear that the modern-day integrator must consider physical and cyber security synergistically, if security solutions are to keep pace with a shifting regulatory landscape and the rapidly evolving threats of the digital age.
For the end user, the security of data must be considered alongside physical security and it’s never been more important to ensure the credentials of security system integrators demonstrate a sound understanding of both aspects.
The puzzle
If a criminal hacker gains access to your local network via a vulnerability introduced by surveillance equipment installed by a reputable integrator, and that vulnerability was exploited due to public access made available because you needed easy remote access to your video, then who would be responsible for that breach?
The manufacturer of the surveillance equipment? The installer? Your IT department? Just the hacker?
The installer would be remiss if the work they did introduced the vulnerability that led to this eventuality and this would undo all the good work they did in securing the company from physical threats. Could the installer simply blame the manufacturer of the surveillance hardware and the vulnerability that allowed the hacker into the network in the first place? Not really, they have a duty as the solutions provider to ensure that the equipment they install is fit for purpose. As the end user that’s suffered the data breach and potentially the subsequent financial penalty that goes with that, you might wonder where that leaves you, the installer and the manufacturer (we’ll assume the hacker is in custody!).
At best, there could be reputational damage to the installer, your business and possibly also to the equipment manufacturer.
Joined-up thinking
When physical and cyber security are considered together as part of an all-encompassing approach to security provision, the full picture becomes clear and the scenario described above can be avoided. Joined-up thinking in all parts of the solution and at every point in the supply chain plays a part in whether you remain secure or not. From the choice of surveillance equipment, it’s supplier and the installer; through to the involvement of your own IT department and the security of every end-point on your network.
The equipment a solutions provider installs on your networks can either make your organisation more secure or more vulnerable, so it’s vital that the installer has knowledge of the consequences of introducing vulnerabilities into the network if they are to deliver a working and secure solution.
The days of physical security with no regard for data security are over and from May 2018, GDPR means the consequences of complacence and are huge. Your chosen security systems integrator and your own IT staff must now work more closely than ever to maintain compliance and therefore, using a security systems integrator that understands both physical security and the importance of protecting your data is a distinct advantage.
Only by joining all the pieces, with the integrator and IT working in unison, will the gaps between technology, compliance and security be adequately filled.
The pieces do fit
NW Security Group has its roots in the early days of IP video and unlike many integrators that later made a transition from analogue to IP, we’ve been working on both sides of the dotted line between security and IT from the outset.
Our ethos has always been to ensure our security solutions are robust and that the integrity of the customer’s network and data are not compromised – long before the phrase “Cyber” was used as commonly as it is today. In recent years the need to demonstrate this approach has become more important as Cyber security has come to the fore. Accreditation like Cyber Essentials give companies assurances that security in the supply chain is taken seriously, and that those with Cyber Essentials credentials understand the measures needed to mitigate the risk from common internet-based threats.
At NW Security, physical and cyber security are two pieces in the same puzzle and we work hard to find the right fit on every project. If you’re looking for a security system integrator that sees the full picture, then get in touch. We’ll provide you with the necessary advice, processes, training and outsourced skills to stay secure and to remain compliant with current regulations and best practice at all times.
One comment on “Joining the pieces in the physical and cyber security puzzle”