Data Center Security to Combat Cybercrime Break-ins

Data centers are at the core of most business operations today. With servers connected through networks and communication equipment, they allow organisations to store, transfer, and access digital information. While the kind of data they protect and manage can vary, it is safe to say that it is often important and sensitive. Naturally, with the increased threat of cyberattacks, the majority of attention for data centers is often on the IT elements of cybersecurity. However, there’s a new threat vector that’s coming into the spotlight: physical security.

While video surveillance, access control, alarms, communications, and more are often considered bastions of security, it might seem ironic that these physical security solutions designed to protect people and property can provide a simple entry point for cybercriminals and ransomware attacks.

A lingering but erroneous view is that only limited threats can be made through a physical security device, such as the ability to remotely stop the video feed from a camera. However, most cyberattacks on physical devices such as cameras can find their way through the network to block access to critical applications, lock and hold files for ransom, or steal personal data, and IT has limited visibility until after the damage had been done.

All physical security devices — from security cameras, to access control readers, and alarm panels — are IoT devices that run software that could be exploited by attackers and should be considered critical network devices. That means they need to receive a high level of protection and monitoring for operations and cybersecurity.

Ensuring that these devices are running on the latest firmware and that they aren’t using default passwords can eliminate many of the risks associated with device vulnerability. It sounds straightforward, but an analysis by Genetec found that too many security cameras offered this opening for attack. According to the company’s study, nearly seven in 10 cameras had out-of-date firmware.

Additionally, now is the time to actively explore how physical security and IT departments can be brought together into a single team to develop a coordinated strategy for hardening systems based on a common understanding of risk, responsibilities, strategies, and practices. An integrated security team can review how to improve security monitoring across all network-connected physical security devices, strengthen protection measures for these devices, implement encryption on video streams and data, enhance access defences with multifactor access authentication and improve updates management.

It’s also worth considering unifying cybersecurity and physical security devices and software on a single platform, with centralised management views and tools. The most appropriate is an open architecture that will support a cloud-based or hybrid deployment of security solutions, as well as flexible integration options for future devices and management systems.

Essentially, it’s all about layering security, managing the overlapping perimeters of IT and OT to help reduce security risks, improving decision making, and enhancing compliance.

For more information, click here.

Image credit: ©stock.adobe.com/au/Shuo