The crossroads of information security and physical security is something that we closely follow at SynchroNet. Ever since manufacturers of electronic devices began rolling out connected devices such as IP surveillance cameras and motion detection sensors with internet connectivity, the cyber security landscape has become more challenging, and this has a lot to do with our desire to improve and automate security systems.
There is no question that modern devices such as IP surveillance cameras can go a long way towards improving the security of our business operations. Instead of having to post security guards around the clock for vigilance, you can always install surveillance cameras with motion sensors that send smartphone alerts when a breach is detected. In order to get the most from these devices in terms of functionality, they have to be connected to your business data network and the internet, and this is where problems may arise.
In 2021, executives at tech security startup Verkada were forced to admit that hackers were able to penetrate their massive network of surveillance cameras installed at places such as hospitals, correctional facilities, automaker plants, and even bank branches. When our SynchroNet security specialists reviewed the details of this incident, they were surprised to learn that the hackers were able to obtain administrative privileges within Verkada’s network, and they did so because the username/password combination they used was an old one that used to ship with Verkada IP cameras as default admin credentials. We are talking about a network of more than 100,000 security cameras.
The Verkada incident was quite scandalous for various reasons, and one of them is that many clients purchase IP cameras and connect them to the Verkada network because they wish to augment their physical security. This is a classic example of deficient cyber security compromising physical security.
The Internet of Things (IoT) is the connectivity layer where smart devices such as security alarms, cameras, toys, electronic locks, cloud printers, and even smart refrigerators are mapped on a global network. At SynchroNet, our information security technicians treat IoT devices as endpoints, which means that they need to be secured at all times. Hackers treat IoT devices as attack vectors, which means they will exploit them given the opportunity.
As long as IoT devices are connected to your office network, they will be part of the largest attack surface in the world unless they are properly secured. This is why SynchroNet security audits go beyond data networks; they also take into consideration physical security issues.