Confronting the Cybersecurity Challenge

Keeping with that, what are some other best practices for security integrators to follow in interacting with the end users’ IT departments and their networks?

DAVID SIME: It’s important the physical security integrator really understands the client environment and the different departments there. Often as they partner, the specializations increase. And you are trying to interface with one department, although they say they’re the guys to be talking to, that might not be the best entry point to start that conversation or bring the project through. You’ll get so far into a deployment and all of a sudden the roadblocks will show up and they’ll say you didn’t apply these practices or use best practices on the network layer. It’s important to realize who are the decision makers in that organization, and ensure you’re talking to the right one.

DRAKO: Security integrators need to have sufficient knowledge of cyber-security to be able to gain confidence of the IT professionals who are increasingly involved with physical security solutions. The integrator needs to provide clarity about who is going to be responsible for cybersecurity: the integrator or the customer? Who is going to be responsible for updates/ OS patches/security, patches/AV and software/firewall changes? These items all need to be coordinated and controlled to maintain security. In large organizations, the IT team will normally take control of these items. In smaller organizations, the integrator may be relied upon and can provide a managed service, provided he has the network skills.

WILLSON: You can’t go in with a one-size-fits-all [approach]. I worked with a manufacturing company that was told to change their passwords every 90 days. There’s no clear justification for doing that, other than somebody somewhere along the line said that’s how you’re going to prevent a hack. It doesn’t make sense and it didn’t make sense for this organization. It shut down production for two hours every 90 days while they reset passwords, without any hint of any breach or any problems in their networks. You’ve got to be very cautious with best practices, and align them to the culture of the organization and their mission.

THOMAS: It’s also important to have IT professionals on staff. I’m not sure we’ll ever have cybersecurity professionals on staff. But we need to have people that at least understand how to deal with them. I think we’ll always sell it as a service or at least start outselling it as a service. Many of our customers now are forcing us to hand over any piece of new product to them, and actually have it whitelisted within their own company. We hand over a camera, it disappears for three weeks, and it comes back with a pass or fail. We’re encouraging our customers to take on that responsibility as well.

BOZEMAN: I would be proactive. I wouldn’t go in and hope no one brought it up at the customer level. This will probably require initially the integrators to have a partner who is cyber savvy. I would include it in my proposal and so on. Get the education, know what you’re capable of doing and what you’re not capable of doing, realize your own limitations and partner with somebody who has that skillset.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content

Elite Interactive Solutions Wins 2024 Monitoring Technology Marvel Award

Global Security Operations Centers: Trends and Opportunities in 2024 and Beyond

SSI Industry Hall of Famer Jim Henry Dies at 70 After Lengthy Illness

SIA Talent Inclusion Mentorship Education (TIME) Applications Due Friday, April 26