Cyber Security is Complex: Don’t Bury Your Head in the Sand
By Neal Bellamy, IT Director at Kenton Brothers
In the physical security world, we tend to think about security as locks, keys, access control, and maybe cameras. If you are an IT person, you might think security is more about firewalls, usernames, passwords, and encryption. Physical security people and IT security people really have the same goal: Protect the Business. Physical security teams and IT Security teams generally operate in different bubbles, but I think it’s time for another convergence.
Cybercrime has a cost, and when it happens, the cost is often high. In 2021, Ransomware alone cost an estimated 620+ million. While Ransomware is probably one of most everyone’s top concerns, there are other ways to make money from your data. Exporting your data or your customer’s data or denying access to your data could also have major impacts to your business.
The capabilities of computers continue to skyrocket.
Anyone in the computer field knows “Moore’s Law”. While not actually a law of physics, it was more of an observed phenomenon. The idea is that the speed of a computer doubles every two years. This idea is bigger than I’ve given it credit for. You can see the phenomenon in more than just microchips. Since the beginning of programming, we’ve built software tools (by writing code) to make new coding efforts faster. Since the processing power of computers doubles every two years, software has access to more and more resources. Software’s capabilities continue to grow at an astounding rate. Machine learning, Deep learning, and AI are all outcomes of this growth. It’s terrifying and inspiring at the same time.
Here’s why software matters.
Once upon a time, a computer programmer made a program that could do something malicious. It might take that programmer months to code and tweak, then it would be released to the world. Sometimes it would make a big splash. Even if it was a major threat, anti-virus companies would find a way to identify it and stop it in a matter of days. Now, we have programs that make programs. Coding a virus can be done in minutes, but viruses are old hat.
What happens if we release an AI to attack a company? It could find the open ports, discover what software is behind those ports, look up vulnerabilities, and then try to exploit the vulnerabilities in seconds. Once an attacker is in, the game is over. It’s only going to get scarier from here.
What can you do?
First, take it seriously. As someone trying to protect your business, you should have several plans. A defense plan is important, but so are recovery plans. The basics still apply. Protect your perimeter, have at least two sets of backups, and use strong passwords (preferably with Multi-Factor Authentication). Anti-Virus alone is no longer good enough. You need to implement Endpoint detection and response (EDR / XDR / MDR) of some type.
How can Kenton Brothers Help?
While we can’t protect all of your networks (we have partners that do), we will do our part while we are on your network. We make sure that software and firmware are up to date when we install equipment, we use strong, randomly generated passwords for your security systems. This is standard in all of our implementations. If your IT company has further security, we will work side-by-side to complement it. Even though we are a physical security company, we understand and value IT security.
If you need help in the physical security world, we are always here to help. But if you need help in the cyber security world, I am also here to help. I have done a deep dive into the cyber world for the last six months and would be happy to share my knowledge. I’m certainly not an expert, but I can share my experiences trying to make KB more secure. I’ve also met some great people and companies along the way that would love to help you with your cyber security efforts. Just give us a call.