How security companies clueless about logical security will jeopardize your physical security

Kaspersky Lab, an international software security group and creators of various antivirus and Internet security products, recently posted a new press release: Video Surveillance Systems Under Attack: How Hackers Could Modify Video Feeds in Misconfigured City CCTV Systems.

Lucky for the city in question, this vulnerability had apparently not been exploited by any malicious actors prior to its discovery and correction. Still, for that entire time, the video surveillance system that they had paid for with the hopes of increasing the security and safety of their city was vulnerable to hackers, all due to the lack of IT expertise at their security contractor.

And it's not only cities that are at risk.

Physical and logical security are more converged now than ever before, and that convergence continues every day. To choose a physical security company that lacks the necessary IT knowledge and expertise is to choose to make yourself vulnerable. Vulnerable to CCTV video being modified or deleted, vulnerable to card access credentials being wirelessly skimmed right from your pocket, or card readers being modified (in under a minute!) to allow entrance to attackers. Vulnerable to security systems that, against an informed opponent, don't offer any real security at all.

So how do you protect yourself from such risks? You have two options. The first option is to disconnect all physical security equipment from all IP networks, including the Internet, losing all remote access and management capabilities in the process. (This, of course, isn't an option if you use IP cameras.) The second option is to work with a security company that understands physical and logical security risks, and how to mitigate them.

The choice is up to you.