Security Systems News is a monthly business newspaper that reaches 25,100 security installers, product distributors, central stations, engineers & architects, and security consultants. Our editorial coverage focuses on breaking news in all major se
Issue link: https://ssn.epubxp.com/i/467395
in Honolulu, made a similar point. "A lot of companies are reluctant to use encryp- tion because it slows down email, but it's a good process," she said. Their comments speak to a couple of issues brought up during interviews with integrators: education and collaboration. "There are plenty of people who are waiting to point the fnger at the physi- cal security industry," Yunag said. "We don't build infrastructure. We integrate our systems with oth- ers, which is one more click forward in the evolution [of a secu- rity apparatus]. We don't need to be cyber- experts. We need to be able to speak the lan- guage" of what goes where, why it goes there and how it fts." Helping clients' security directors feel comfortable asking their own IT people clarifying and probing questions may seem like social work, but it is a critical step for tightening cybersecurity, integra- tors say. Internal processes need to be reviewed by companies that contract with physical security frms and integrators, said Lan- ning. "The security directors used to simply defer to the IT people" when technology infrastructure or even the language—goes above their heads, according to Lanning. "We fnd that many of them are still not educated [to detect cyberthreats], and they rely on the IT department. … If you are going to sit at the decision-making table, you need to do more than bring in the IT people," Lanning said. "Are you going to talk the talk? The integrators who have that blank stare [when IT peo- ple talk] are in trouble." To be fair, Lanning said, she has found that "IT people are learning that there's more of a premium on them being more transparent, more user-friendly." "IT people understand organizational risk," said Brad Wilson, president of RFI Communications and Security Systems. "Physical security people understand operational risk." Traditionally, he said, "they have never played nice together." Wilson's San Jose-based integration company, in the heart of Silicon Valley, has integration and central station ser- vices. Because his frm "is kind of a different beast" it is forced to solve a wide range of cybersecurity issues internally, which it can apply to its clients. While many start-up entrepreneurs are reluctant to purchase a wide range of cybersecurity products, his company has, by necessity, developed savvy in compart- mentalizing their markets. But in many cases, the best defense against cyberattacks is a good offense trained on fundamentals. Glenn Schroeder, chief technology off- cer at NetOne, based in Southern Pines, Integrators tackle potential cyberattacks N.C., said cyberthreats may seem over- whelming, but solutions boil down to basics and training. NetOne is a network of 36 independent security companies providing services that include central stations and integration. "As soon as you open up to the [online] world, you are open to hacking concerns," Schroeder said. "Everything now runs through the Internet. "One thing we do routinely is vulner- ability testing," Schroeder said. "We do an offcial test from the outside. It's not a full-fedged attack, but we look for areas to exploit." It wasn't that long ago, according to Schroeder, "when central stations had dial-up telephone lines and you didn't have that much of a risk" of leaked infor- mation with the potential of crippling your technology infrastructure. In terms of educating clients, Schro- eder said he is no longer surprised when he fnds a company that has a software system without proper updates for more than 20 years. "It still works for them, until someone fnds a vulnerability," he said. "They're basically exposed. Cameras, video, alarm systems that report to cen- tral stations—they're all connected to the Internet." Cybersecurity vulnerability, he said, cannot be separated from inherent risks created by "consumer demand and the needs of the customer." Internally, he said, control against cyberattacks may still be a leap of faith, but at least there is more opportunity in- house to be pro-active with policies. "The systems we sell and install are secure," he said. "Internally, we focus on the social engineering aspect." By social engineering, Schroeder is referring to picking up the phone and call- ing a receptionist "to fnd out who the guy is who takes care of this or that." His company tests how far someone can go to get access to anything that an employee touches. "It's not direct, but it's a way people can get in," he said. " S o m e o f t h e biggest hacks have their initial entry t h r o u g h s o c i a l engineering, with an outsider given information, inten- tionally or uninten- tionally." Aside from process, sometimes fnding a magic bullet helps. Tom Dallmann, CEO of Dallmann Sys- tems, an integration company based in Jefferson, Ind., is hoping that a new pro- gram developed within the past year by Hirsch Access Control offers integrators a "unique" way to protect networks from the very source where hacks originate. It uses encrypted credentials on access con- trol cards, equipped with a smart chip. "They protect networks at the source," he said. "You won't be able to access from a remote location without certifcation, on a card or a mobile device." Dallmann, however, knows that the fundamentals of good cyberhygiene can- not be overestimated. "A lot of companies without technologi- cal savvy open the barn door" with open ports, he said. "The best ounce of preven- tion has always been strong passwords." The warp speed at which cyberthreats have evolved into a mainstream issue began, in the assessment of Eric Yunag, with the breach at Target retail stores in 2013. He said the general public may fnally have processed the magnitude of the problem in December 2014 when Sony Pictures computers were hacked. It's important to keep the fundamentals as simple as one-two-three, said Yunag. First, there's the physical security com- ponent of prevention: "Just orienting the conversation to talk about data center rooms and switches, things like that," he said. S e c o n d l y , h e s a i d , " T h e r e ' s t h e [cyberhygiene] of the systems we deploy. … We have to understand our clients' strategies frst" before "aligning that strat- egy with vendors." Finally, Yunag said, integrators "need to make sure our internal systems are in order." Critical to the process is "how we handle our own infrastructure," he said. SSN Continued from page 1 Brad Wilson As soon as you open up to the [online] world, you are open to hacking concerns. Everything now runs through the Internet. "One thing we do routinely is vulnerability testing. We do an offcial test from the outside. It's not a full-fedged attack, but we look for areas to exploit." —Glenn Schroeder, NetOne No need to be 'cyberexperts,' but education, collaboration are necessary, they say C. Lanning LOCATION. LOCATION. LOCATION. GeoFencing allows users to activate or deactivate device favorites as they enter or exit a specifed location: lights, locks, or thermostats, all automatically. Even get a smart reminder to arm your system if you're the last to leave. Just one of the dozens of powerful features available on the DMP Virtual Keypad App. Learn more at DMP.com/geofence We make your company more valuable. 877-725-1114 l dmp.com www.securitysystemsnews.com MARCH 2015 SECURITY SYSTEMS NEWS Special report 34