5 cybersecurity skills for physical security professionals
Introduction
Learning cybersecurity might sound odd to a physical security professional, but the reality is that it can be a game-changer for you and your company.
Despite feeling cybersecurity controls are best left to information security analysts, your systems and devices will require some first-hand protection from network threats. The physical controls alone won’t mitigate network security risks.
The potential threats go beyond networks. Today’s physical security professionals also need to ensure the safety of IoT devices that also use other technologies like applications, protocols and other embedded services. A skilled adversary can exploit any of these endpoints to gain access to mission-critical information.
What should you learn next?
More IoT adoption means more risk
With the convergence of IoT and physical security devices in home and industrial environments, installers and maintenance staff have another threat vector to think about.
According to Cision, PR Newswire, the global IoT market is expected to reach $1111.3 billion by 2026. Another report from Microsoft reveals that nearly 94 percent of businesses in industries like retail, manufacturing, government, and healthcare will be using IoT by the end of 2021. From EIDs to smart locks to connected medical systems, firms are increasingly implementing IoT technologies in their companies.
It’s the same story with consumers. More and more people are installing surveillance and smart home devices on their properties without much regard to their security. Household devices can be potentially tampered with or switched off by hackers, but industrial IoT presents the greatest risks. An enterprise might deploy hundreds of IoT devices, and a cybercriminal often has to breach just one to gain access to the whole network.
Common cyber threats for IoT devices
Below are some of the ways a criminal can breach an IoT system or device.
Exploit firmware
Insecure firmware and associated software used by IoT devices could result in a data breach. Adversaries can, for instance, exploit weak string handling functions and password hashes to execute bigger attacks. A popular example of this is the Mirai botnet. Mirai managed to exploit the default passwords in IoT devices to launch a DDoS attack, taking down the likes of Amazon, Twitter and Netflix, among others.
Hack interfaces
Cybercriminals can also compromise API interfaces, such as back-end APIs, that enable a device to connect to a wider network ecosystem (a 5G network, for instance). Interfaces become vulnerable when there is no integrated process to authorize or authenticate the user accessing the IoT device, filter incoming or outgoing traffic and address weak or missing encryption. Criminals can use common web app attacks like cross-site scripting and SQL injections to deliver API payloads since APIs, like web apps, are often made available on the public internet.
Remote compromise via P2P
Peer-to-peer (P2P) technology is present in millions of IoT devices to allow for better collaboration and resource-sharing. However, it’s been found to contain security flaws. Security researcher Paul Marrapese identified two vulnerabilities – now listed as CVE-2019-11220 and CVE-2019-11219 in the National Vulnerability Database – that enable adversaries to establish a direct connection to iLnkP2P devices while bypassing firewalls remotely. iLnkP2P is a P2P software that’s embedded into millions of devices, so hackers exploiting it could easily create a powerful botnet to carry out larger attacks.
Cybersecurity skills are crucial for a successful physical security career
Before physical security systems turned smart, tips on doing well in physical security revolved around being vigilant of the devices and your surroundings: inspect hardware to ensure safety, track movements and changes in the environment and so on. However, it can be easy to get caught up in the physical safeguards. Now, it’s helpful to know that cybersecurity is another weapon in your line of defense.
Various industry bodies and installation standards are starting to require cybersecurity skills for the installation of smart products. For example, some healthcare institutes now require medical device installers to be somewhat apt in cybersecurity. Therefore, acquiring some cybersecurity skills can help you do your job well and provide value to your organization.
Here are some crucial cybersecurity skills to learn.
Network security knowledge
For starters, you should understand the administration, architecture and management of networks. This would require you to learn the fundamentals of firewalls and IDS/IPS, VPNs and remote network access, wireless network security, endpoint security, mitigating network attacks and measures linked to securing your network. Basic OSI stack knowledge (around connectivity protocols) is also important. Since most smart devices rely on interconnected networks for optimal functioning, having some network security knowledge can help prevent intrusion attempts.
Machine learning and AI
The enormous volume of data that IoT devices collect can be analyzed to discover threat vectors and potential attacks. With the technology expected to become more complex, AI will be at its forefront to enable more autonomous decisions. As a result, it will help to acquire machine learning and AI skills. Doing so can help you identify the most serious security threats and ignore ones that are not critical for your organization.
Automation
IoT’s value mainly lies in its operability. As there’s a wide variety of interfaces and data, physical security professionals who can blend manual testing with automatic API testing will be considered valuable to their organization. To gain expertise in this area, you can take up agile testing courses and gain as much knowledge about automating web testing as possible.
Business intelligence
A physical security professional must familiarize with the business space, which relates directly to how IoT functions (including storage, logging and analysis of data from smart devices). Skills in data center management, Hadoop and NoSQL programming, and predictive analytics can help you grasp business intelligence. IoT threats can affect different areas of your business, so combating them requires a rational and intelligent approach.
Attention to detail
You’ll also need some soft skills to help thwart cyber threats. One of them is attention to detail, which ensures that you’re complying with the standards and regulations. Often, you have to look at IEEE, NSIT and other standards while working to formalize robust security processes. Being detailed-oriented in these situations can help you identify vulnerable and low-quality devices that shouldn’t be making their way into your organization.
What should you learn next?
Conclusion
Physical security will rapidly evolve in the next few years, so it’s up to those in charge to keep their skills current. With cybersecurity expected to play an essential role in the management of physical devices, you will need to gain some expertise.
Fortunately, it’s easier than ever to start learning cybersecurity with various skill-building courses available online. Additionally, you can get involved in dedicated online communities catering aspiring cybersecurity professionals to learn new things and contribute to the field.
Sources
Internet of Things (IoT) Market to Reach US$ 1111.3 Bn by 2026, at a Ferocious CAGR of 24.7% - Market is Predominantly Driven by Rising Adoption of AI and Machine Learning: Fortune Business Insights, Cision (PR Newswire)
Microsoft Predicts 94 Percent Enterprises Will Employ IoT By End 2021, Analytics Insight
P2P Weakness Exposes Millions of IoT Devices, Krebs on Security
In this Series
- 5 cybersecurity skills for physical security professionals
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity