When it comes to the security of security systems, you can't be too careful.

“The security of your network is only as strong as its weakest link connected to it,” warns Christian Morin, chief security officer at Genetec. “Even with a firewall in place, it just takes one of these devices to be compromised to potentially compromise your entire network.”

Cybersecurity isn't limited to laptops, servers, smart phones, tablets and the cloud. Televisions, thermostats, HVAC systems, refrigerators and security cameras are small computers, and their manufacturers may not be thinking about the features that vendors of computers and phones automatically put in place.

Having a plan

To help ensure security systems aren't vulnerable, follow the manufacturer’s best practices to harden the system while also keeping devices current on software and security updates.

“The type of encryption you use is also important, as some older mechanisms have been compromised and pose threats to security,” says Morin. “Making use of claims-based authentication, eliminating default or well-known passwords is also a best practice for all devices.”

"'...management of the systems needs to be able to move at the same pace as the bad guys develop and try new attacks.'”

The danger is real

Regarding Botnet and DDOS attacks, “These devices have been compromised quite easily, because people failed to follow rudimentary cybersecurity best practices," adds Morin. "More sophisticated hackers will be able to do much greater damage by finding and exploiting vulnerabilities in the months to come, unless people and businesses become more aware of the threat at hand.”

ASIS member Hart Brown of HUB International cautions, “Efforts need to be improved on how to assess security from a business perspective. In addition, each organization needs to better understand how end-users of these systems end up, intentionally or inadvertently, compromising these security measures — and leave an organization more vulnerable to be exploited by an adversary.”

Recognizing risks

 “With new vulnerabilities and malware being discovered every day, the management of the systems needs to be able to move at the same pace as the bad guys develop and try new attacks," Brown explains. “Security, protection of data and ensuring an organization is sufficiently resilient are becoming commodities that can impact revenues.”

Brivo CEO Steve Van Till, a member of the Security Industry Association, adds, “Your electronic physical security systems may be among the most neglected and vulnerable devices on your network, because they're often ‘orphaned’ by both your own IT department and the company who installed them.”

Van Till says privacy issues are also a concern, as the recent hack of 140,000 surveillance cameras proves: "Those hackers didn't choose to collect video images, but they easily could have. The extortion potential is overwhelming.”