Security Sales & Integration April 2022 - 6

Between Us Pros
scott.goldfine@emeraldx.com | @SSIeditor
Life Is a Breach
Most physical
security
companies
have a great
opportunity
to grow their
business by
either adding
or partnering
to add
cybersecurity
offerings.
▶ AMID OTHER STRONG CANDIDATES, a
compelling case could be made that in the entire
history of the electronic security industry the
most transformative - and disruptive - technology
has been IP-enabled devices. Even interrelated
subsets of that innovation, including networked
physical security systems, the Cloud and
as a service model, mobile on-the-go controls,
residential networks and the Internet of Things
(IoT), make some of the previous tech " advances "
seem about as revolutionary today as comparing
a kinetoscope to streamed 4K video. There
is a huge caveat of this paradigm shift, however,
manifested by the now omnipresent threat of
hacking and emergence of the enormously large
and complex cybersecurity discipline.
I take pride in the fact that for some 10 years
now, Security Sales & Integration has been at the
forefront of industry media recognizing the relevance
of cybersecurity to the electronic/physical
security channel and importance to educate the
market why practitioners should care - and for
myriad reasons take action. That effort has not
only included widespread and deep coverage,
but also participating in dedicated subject matter
groups/committees and events, the industry's
only annual Cybersecurity Issue, and launching a
groundbreaking study in 2014 called the Physical-Logical
Security Assessment (PLSA).
Those new traditions continue with this
month's issue and revival of the PLSA, renamed
the Cybersecurity Deep Dive (see page 32). As
part of that undertaking, integrator respondents
were asked a few open-ended questions. Here are
some of their opinions and insights:
What is the biggest cybersecurity challenge
facing physical security companies?
▶ The constant change in technology.
▶ Too many variables to keep all in check.
▶ IOT vulnerabilities, especially when they
operate on the customer's network.
Editor-in-Chief and
Associate Publisher Scott
Goldfine, an Industry Hall
of Famer, has spent 20+
years with SSI.
6
▶ The hackers seem to always be one or more
steps ahead of our security platforms.
▶ Organized, professionally done breaches.
▶ Installation technicians not performing installation
hardening on devices (weak passwords,
open firewall ports).
Security Sales & Integration APRIL 2022
▶ Standards and product vetting. Lead with
protection, not sales.
▶ Complacency that it will happen to someone
else's customers.
▶ Systems being hacked by end-user error, but
the blame falls on the last person to add to
or make changes to the client's network.
▶ Finding out there has been a breach.
▶ 1. Viruses in email. 2. Phishing 3. Uploading
to Cloud 4. Remote access.
▶ Cloud adoption trumps security.
▶ Ransomware attacks.
▶ Spyware.
What support should manufacturers provide
to help your company maintain cybersecurity?
▶ Security built-in from the design stage.
Automatic firmware and security updates
without full system restarts. Required password
and 2FA.
▶ Forced default password changes - QR
codes that have MAC address in them.
▶ Stay on top of current applications and
patching holes and testing of MS patches
for servers and workstation OS.
▶ 24/7 monitoring either as-s-service from
the vendor or hooks into MSSP platforms.
▶ Device hardening guides.
▶ Cloud options only - no hardware.
▶ Perform routine penetration tests.
▶ Encrypted authentication mechanisms.
Encrypted data at rest and in transit. No
default configuration settings.
Other comments on the relationship between
physical and logical security?
▶ Physical security should run on its own
network - not negotiable.
▶ Physical security companies have a great opportunity
to grow their business by adding
or partnering to add cybersecurity offerings.
▶ IT and physical security are merging, and I
welcome it.
▶ Physical security contributes more devices,
many of which are in exposed places. Moreover,
they are harder to manage at scale. The
combination creates a vulnerable cyberattack
surface. Cloud compounds the issues.
▶ The electronic security partner ecosystem
should be ashamed of its history to date.
We used to be the " security guys, " now
we're mostly part of the problem.
securitysales.com
http://www.securitysales.com
Security Sales & Integration April 2022

Table of Contents for the Digital Edition of Security Sales & Integration April 2022
