What Coronavirus Teaches Us About Cybersecurity

*Originally published on SecuritySales.com

The growing COVID-19 pandemic parallels that of another insidious virus — the type humans inflict upon each other rather than withstand from Mother Nature.

My head is still spinning after learning a week before security’s biggest trade show was due to commence in Las Vegas that organizer Reed Exhibitions had moved ISC West to July due to the coronavirus (which has since been postponed again).

As the nation scrambled to try to limit spread of the illness by shutting down places where the public gathers, PSA followed suit by postponing its April 20-23 TEC event (which has since been canceled).

I pray you and those you care about emerge unscathed from this growing pandemic. The countries that have planned ahead and prepared for global health threats are the ones that will likely best weather the coronavirus outbreak, with fewer people becoming sick and, most importantly, lower death counts.

However, there is only so much anyone can do to prevent the emergence of such pathogens or stamp them out before they run their course.

These dynamics to a large extent parallel those of another insidious virus — the type humans inflict upon each other rather than withstand from Mother Nature.

I am speaking of the kind that infects our computers, networks and connected devices, including those within your customers’ organizations as well as your own company and the security products and systems it installs and/or monitors.

That is just one classification among myriad categories of cyber threats — and although the vulnerabilities of 1s and 0s are not generally considered within the life-and-limb context of a coronavirus, compromises to security, fire and related systems certainly have the potential to result in injuries and deaths.

Not to mention economic consequences and liability exposure. It’s little wonder then that electronic security practitioners have rightfully prioritized cybersecurity as core physical security and business imperatives — especially in light of ongoing technology convergence and exponential IoT growth.

This is reflected in the attention being directed toward it at industry conventions such as PSA TEC, where the integrator group was collaborating with SIA to offer a “Cyber TEC’ track. Cybersecurity also figured prominently at two recent events I attended.

At Honeywell Commercial Security’s conference, Trustedsec and Binary Defense Founder David Kennedy, a renowned cybersecurity expert often featured on the news and who has consulted for TV shows and movies, delivered a keynote on the topic.

He cautioned how susceptible companies are to social engineering and brought Advantech CEO Dan Sweeney up on the stage to demonstrate how easy it is to find someone’s personal information on the web. Kennedy emphasized how the majority of hacks are due to carelessness and failure to follow some basic sound principles.

He offered these five cybersecurity best practices:

  1. Always use two-factor authentication
  2. Vary passwords across different accounts
  3. Keep software updated with any patches that may be issued
  4. Be careful about revealing too much on social media
  5. Share little personal information with strangers, particularly on phone calls

“Throughout our organization deployed into our development teams are cyber experts and they help us ensure that our products are cyber secure. We’re taking it very seriously and have committed our organization to support cyber efforts,” Honeywell’s Marcus Logan told me. “There’s always going to be some issue as technology evolves so it’s not only about trying to make the product cyber secure today, but having a process in place so when issues come up they can be quickly resolved and you pivot to move forward.”

At HID Global’s MercTech summit, author Valerie Thomas’ cybersecurity keynote noted that integrators are prime targets to unwittingly deploy hackable devices. She asserted that while the languages and cultures differ, logical and physical security share the common mission of safeguarding an enterprise’s assets — making it essential to work together.

Thomas said physical security will become more IT-like with frequent software patches. I hope you find SSI’s Cybersecurity Issue helpful. In the meantime, here’s to your physical and physical security health.