By Stephen Joseph
Stephen Joseph serves as the business development manager for the banking and finance segment at Axis Communications, Inc. In this role, he leverages more than 35 years of industry experience to drive Axis’ educational efforts with banking and finance integrator partners and end-users.
Physical security technology has changed dramatically in the last decade and with the emergence of IoT (Internet of Things). There’s no doubt that the evolution will continue. Gone are the days when physical security could be solely maintained in a siloed environment. Innovation has paved the way for speed, agility, efficiency, business continuity, and resiliency. The consumer technology market has also helped to fuel this change, along with the desire to leverage a younger, technology-savvy workforce. But as with any new technology innovation, there also comes new potential threats. Many financial institutions have started to embrace emerging technologies to keep pace and potentially leverage the benefits of new physical security technology. With this shift, it also means that they must face and address the new evolving threat landscape.
The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
This sounds very simple in theory but when considering where financial institutions fit into the critical infrastructure landscape, it’s important for them to take a more holistic approach to cybersecurity and the entire vendor supply chain. The beauty in the current innovation age is that most products are designed for easy initial connectivity and set-up. This can inherently cause someone to forget to take the appropriate steps to ensure no backdoors are left open.
Cybersecurity is a process, not a product. Most successful breaches are due to mistakes people make, like poor configuration or poor maintenance.
Cyber attacks can typically impact these three main areas within an organization:
User/People
Social engineering
Weak passwords
Phishing/spearing
Untrusted app installation
Lost device
Systems
Poor system design
Poor configuration
Poor maintenance
Poor monitoring
Lack of policy/processes
Implement
Bugs
Design flaws
Poor API validation and rejection
Poor secure development
This is where engagement with the vendor supply chain, specifically integrators that have competence regarding cyber best practices and risk mitigation, can play a pivotal role in helping to limit the overall threat landscape.
Risk assessments should be a standard and embryonic practice, and as threats evolve, so should the process. System integrators that have competence in this area must ensure they have done their part to help financial institutions utilize their organizations’ IT policies when evaluating emerging technology. This starts with product selection, system design, implementation, and developing a future maintenance program that will ensure long-term success.
Physical security innovation is key to the protection of an organization’s assets, but having an effective cyber strategy is a critical component in this innovation age. Working with a physical security integrator that understands the importance of these two areas will ultimately lead to developing a successful technology migration strategy. If the goal is to have a positive and effective impact on a financial business, finding a partner that can support an effective cyber strategy can improve the overall physical security program.