SSN News Poll: physical security's place in cybersecurity

YARMOUTH, Maine—ADT recently finalized its acquisition of DATASHIELD, which will operate under the newly formed brand ADT Cybersecurity. In Security Systems News' most recent poll, traditional security companies see a space in the cybersecurity world.

“Cyber is merely another dimension of security. The security professional who chooses to ignore a dimension will quickly find themselves on the wrong end of an attack and likely unemployed,” Nick Weber, security manager with Grant County Public Utility District, said.

Many respondents—56 percent—agree with Weber; physical security companies can't ignore the need for cybersecurity, while an additional 36 percent said it depends on a company's approach. Eight percent said that cybersecurity is really a problem for IT people.

“It has always been a very specialized division of IT. It's tempting for the physical security industry to diversify, but alas we just can't do everything well. That being said, we need to make sure we aren't creating vulnerabilities in our clients networks when installing mobile products and cloud solutions,” one reader said.

“Security companies cannot ignore the potential for additional RMR by offering cybersecurity services, provided that they are prepared and equipped to accept the responsibility of negative consequences,” another respondent wrote.

There are problems in not offering cybersecurity, a reader implied. “We cannot ignore IoT & cybersecurity anymore. There are too many consequences for not doing more. We need to stay a couple steps ahead of those that want to harm industries, companies & end users.”

When it comes to entering the space, 50 percent said that a traditional security company should contract or partner with a cybersecurity firm. Forty-six percent said that companies should create a dedicated division, staffed with the right people. Four percent said physical security companies should stay out of cyber.

“Industry participation really depends on the type of company involved, larger companies may be better suited to develop a dedicated division while smaller ones would likely benefit more for partnering with an existing cyber firm. Regardless, a partnership is a great way to start and [a] necessary intermediate step,” said Weber.

“Not all IT professionals working for dealers/integrators have the expertise needed to successfully integrate cybersecurity with physical security products. To do that, dealers/integrators need to partner with a reputable, experienced cybersecurity firm. Frankly, dealers/integrators need to be focused on running their business, not venturing into a field they are not experienced in,” a respondent said.

Who is at fault for a breach? Opinions varied among poll respondents. It's the end user, according to 48 percent. Thirty-four percent pointed to the integrator or installer. Eighteen percent said the manufacturer is most responsible.

“All three are responsible in their own way. Manufacturers must create a bulletproof platform, integrators and installers need to communicate to end users effectively and end users need to know about potential security threats like phishing scams,” one person wrote.

The responsibility really falls on the hacker, another reader said. “Even if every appropriate step is taken, there can still be a breach.”

Another said that responsibility for a breach “depends on a number of factors. If the manufacturer doesn't build in safeguards, if the installer ignores setup protocol and patches and if the end user isn't diligent—such as using home networks to access the business network, etc.—everyone is at fault.”

One reader suggested an industry effort to help maintain a certain level of cybersecurity. “The industry needs to publish best practices to ensure that the security network is not an easy penetration point for hackers. Security systems integrators must follow those practices or be liable for not doing so,” they said.