All Blogs

Using Cyber Attack Surface Management to Reduce the Cyber-Attack Surface

May 7, 2021
Office worker filling out form while three office workers look at laptop screen.
Shrinking the Cyber-Attack Surface

Cyber-attacks are on the rise now more than ever – and with many people focused on sustaining their business, they may not be as vigilant about protecting their networks from hackers that could have a devastating impact on the company.

You may not realize that many of these attacks don’t start at a company’s network or server, but instead, hackers focus on gaining entry through systems connected to the network, such as merchant services, Point of Sale (POS) systems, physical security systems and more.

These ancillary systems can easily go overlooked when it comes to making sure that firmware is updated, default passwords are changed and other simple measures. Thus, they can provide welcoming points of entry to a corporate network, leaving businesses unknowingly exposed to cyber-attacks.

Fortunately, there are straightforward steps that can be taken to harden interconnected and networked systems, reducing vulnerabilities, and the likelihood of a successful attack. These recommendations are based on an extensive set of cybersecurity best practices, the use of online security management tools, as well as the recommendations of applicable standards bodies.

For convenience and clarity, the recommendations are organized by type, not necessarily by priority or importance. Evaluate the specifics of your circumstances to determine which steps are needed and in what order to prioritize them to support your business needs.

6 Considerations for Protecting Your Physical Security Systems

Software

  • Ensure that all software throughout the system is updated at all times, including device firmware.
  • Consider automating the checking and updating process with automated authenticity verification safeguards.

Passwords

  • Establish and enforce a password management policy.
  • No networked devices should continue to use default passwords provided by the manufacturer.
  • Current best practices on passwords emphasize length as a major security determinant. Longer is better.
  • Implementing periodic password changes will also greatly enhance security throughout the systems.
  • Failed login attempts, either by usernames or passwords, should be limited, investigated, and locked out.

Privileges

  • Clearly define and determine the appropriate groups; differentiating between administrators, operators and users, and casual users and visitors.
  • Each group should be assigned the system rights and privileges necessary for their assigned functions, and no more.
  • VPN access should not be allowed for admin functions, diagnostics, or similar sensitive information or access.
  • Rights and privileges should be reviewed and adjusted periodically.

Securely Architected Systems

  • Security systems can be securely architected so that they can have a low-risk connection to the internet. Careful attention needs to be given to limit susceptibility to hacking attempts. Of course, endpoints (cameras) and other access points, and links to information networks need to be programmatically managed to automatically determine all system elements and exactly what is connected to what.
  • Carefully curate all connections that support remote access.
  • Wireless devices have vulnerabilities that must be managed as they could provide an easy gateway to physical security servers. Secure all wireless devices connected to corporate networks, including cameras, locks, printers, and modems, so they cannot be accessed by unauthorized traffic.
  • Implement logical separations for virtual local area networks (VLANs) and access control lists (ACLs) that instruct system elements to only allow access to specifically authorized devices and to deny all other requests.

Endpoint Connections (including cameras, badge readers, control panels, security-related servers, and video recorders)

  • Hackers can gain access to the security network by plugging into a network cable that was installed to reach an external camera or plugging into open USB ports on security endpoints.
  • Port security can be used to protect against such connections by providing an additional layer of protection to restrict unauthorized devices from connecting to router or switch ports.
  • Port security makes use of the hard-coded MAC address of the authorized device, which unlike an IP address, is difficult to change. If a device is connected to a switch or router that doesn’t match the registered MAC address, then the system can block access to that device and raise an alarm for follow up.

Improving Cyber-Event Detection with Automation

  • Many firms are short-handed when it comes to security. Many studies have reported on a global shortage of cybersecurity talent that is expected to continue.
  • Automated system verification tools provide a powerful alternative that can provide a more consistent and better detection/alerting function to detect all types of security-related issues.
  • Automation can also check and verify that the installed firmware and software are current throughout physical security systems.
  • The most powerful solution is to programmatically check the integrity of the video streams and stored video files themselves to be sure that the system is operating as intended and that the video records are being stored as designed.

Cybersecurity threats are a real and present danger to any organization with networked security operations. While many companies have no plan in place to protect against the growing number of cyber-attacks that target these systems, there are plenty of tools and cutting edge security products that can help them limit their vulnerabilities and better protect their business.

Related Posts

Back to blog