Confronting the Cybersecurity Challenge
Security systems integrators, technical and legal experts define cybersecurity challenges, discuss solutions and outline opportunities.
In 2014 it became clear that no person, business or government is 100% immune to the ominous specter of cyberattack – regardless of the number of safe-guarding layers or how “off the grid” someone may think they are. That is the 30,000-foot view. Zooming in for a more granular perspective reveals the stakes and risks are particularly high for security professionals. Like everyone else, security dealers and integrators have to contend with personal and business cyber-threats to themselves and their families, as well as those to their companies, employees and customers. However, they must also ensure the networked security solutions they provide clients are as impervious to cybersecurity compromise as possible.
With household names from Target to Apple to P.F. Chang to Home Depot reporting data breaches the past several months, succumbing to hackers’ relentless attacks is becoming commonplace. With detected breach incidents up nearly 50% from 2013, it seems to now be a question of when and to what extent rather than if. According to the Ponemon Institute, the cost of cybercrime for U.S. retail stores has more than doubled to an annual average of $8.6 million per company. That figure rises to $20.8 million in financial services, $14.5 million in the technology sector and $12.7 million in communications industries. No wonder cybersecurity is top of mind at the C-level of end-user clients.
To help security integrators get a handle on this complex topic that poses liability issues but also potential revenue opportunities, SSI hosted a roundtable featuring cybersecurity technical and legal experts along with several leading integrators. The participants – most of whom are members of PSA Security’s newly formed Cybersecurity Advisory Council – were: Bill Bozeman, president/CEO, PSA Security Network; Dean Drako, president/CEO, Eagle Eye Networks; Andrew Lanning, CEO, Integrated Security Technologies; David Sime, vice president engineering & delivery, Contava; Paul Thomas, president/COO, Northland Controls; Darnell Washington, president/CEO, SecureXperts; and David Willson, attorney & owner, Titan Info Security Group.
Why should physical security integrators care about cybersecurity?
DEAN DRAKO: Many people in physical security industry feel cyber threats are an information security problem. To date, it’s been mostly under the radar, although vulnerabilities have been publicly documented for physical security systems. However, the reality is that physical security is very vulnerable and can also serve as a doorway to full network cyber-attacks. The danger in-creases as the physical security systems grow more Internet- and network-connected with the general corporate network.
Customers are demanding remote access and management, and better integration across multiple sites. There is more integration across functions, and with cloud storage costs coming down customers want flexible and expanded data storage. With all this connectivity, the systems become more vulnerable to cyber-attacks. You do not want to be the weak link that allowed an attack to be successful. The liability could be large.
DARNELL WASHINGTON: The current state of cybersecurity has eroded to an all-time low. The president has issued executive orders for the formation of public and private, i.e. government and stakeholder private industry, to begin the process of strengthening and unifying the cybersecurity resilience. And by being able to influence mandates to influence mandatory controls for the public and private organizations who are especially involved in critical infrastructure, to work together.
This was the first line in the sand for upcoming federal mandates that are going to move beyond voluntary compliance to mandatory requirements for industries that are involved in critical infrastructure, to meet minimum-security standards, to being able to secure cyberspace.
BILL BOZEMAN: I’ve got three reasons. One is liability issues. The second is to be perceived as a competent physical security provider. The third is the potential for new revenue, and new profit, potentially at a higher margin than the integrators are currently experiencing in the traditional physical security box.
ANDREW LANNING: From the small integrator side of the house, the folks I’ve talked to are, for the most, part very unprepared for what I agree is a regulatory body that’s going to come down on them. We regularly transfer valuable information about our clients’ security systems, whether that’s quotes, whether that’s designs. All that information is an additional attack vector, threat vector for hackers.
Many of the guys aren’t using encrypted E-mails, they’re not doing even the very basic things to protect a lot of that information. If the smaller guys are going to be providers to large organizations, we’ve got to pay attention to the regulatory guidelines affecting that market. We’re going to be held to the same or higher standards very soon.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!