Cipher Podcast: Intersection of Cyber and Physical Security Risk Management

Prosegur USA CTO Mike Dunn joins the podcast for an episode looking at how cyber and physical security are intertwined. Cipher is the Cybersecurity Division of Prosegur, so the relationship is especially important to understand. Physical devices like entry control and video cameras have a digital footprint. Dunn covers how to properly secure these Internet of Things (IoT) devices.

Learn more about IoT security by listening to our previous podcast dedicated to the topic.

Visit the podcast page for all episodes or listen on the platforms below.

Podcast Episode Transcript

Pete: Welcome everyone, my name is Peter Hackett.  I am the Global Program Director for Cipher. In today’s episode, we are going to discuss “the intersection of cyber and physical security as they relate to risk management.”  Also with me today is my colleague Scott Croskey, the Global Chief Information Security Officer for Cipher.  We are also pleased to have with us today the Chief Technology Officer for Prosegur USA, Mike Dunn.  Mike comes to us today from Rhode Island.

Mike, how are you today?

Mike:  I’m doing great, thank you

Pete:  Some of our listeners may or may not know, but Cipher is the Cybersecurity Division of Prosegur.  Before we begin, Scott, could you set the stage by providing a quick overview of our parent company Prosegur?

Scott:  Absolutely Pete.  Prosegur is a 5-billion-dollar global security company that specializes in private security services.  Founded in 1976, Prosegur has a workforce of over 175 thousand employees operating in 26 countries across 5 continents.  Prosegur has four business lines:  Prosegur Alarms, Prosegur Security, Prosegur Cash and Cybersecurity which as you know, is our company.  As you can imagine, Prosegur has a very complex information technology footprint from traditional computer systems and data centers that support their workforce, to IoT devices that that deliver their security services.  This includes access control systems, IP cameras powered by artificial intelligence and facial recognition software, tracking devices for the armored trucks transporting cash securely, sensors for remote guarding and alarm systems… the list goes on.  We are very fortunate to have Mike with us today as he is responsible for developing the company’s technological strategy in North America.

Pete:  Thank you Scott.

Pete:  Mike, as the CTO of Prosegur USA, could you give us an overview of your job responsibilities?

Mike:  My main responsibility is to look for and provide solutions through technology for our customers and sales teams.  Testing and vetting the various technology partners as well as our home grown solutions to find out the best in class, and solutions that work best in the customer’s eco-system.

Pete:  Can you provide our listeners with a brief description of the services provided by Prosegur in the United States?

Mike:  Prosegur provides its customers with all aspects of physical security.  We offer manned guarding, remote monitoring, and traditional technology services, like Access Control, Analytics, CCTV and EAS.

Pete: How does Prosegur use IoT and Operational Technology (OT) systems to deliver their physical security services?

Mike: With reckless abandon…kidding of course.  It is the lynch pin to all our physical security services.  IoT and OT are helping all aspects of our business.  For Guarding, it’s offering our guards (and customers) alerts and advanced alarms for us to improve guard reaction time and efficiency.   Implementing virtual guard tours in conjunction with actual tours gives more security for the customer.  For our monitoring division its dramatically improving the amount of false alarms and reaction time as well quality of the video feeds and angle of view.  For our integration group IoT is our major differentiator.  Our integration group prides itself in being on the cutting edge of solutions for our customers.  Not tying itself to one solution.  There is not one-size fits all in security, you need to find out what technology will specifically help that customer.

Pete: Scott, we did a podcast on the challenges of securing the Internet of Things.  Are there any topics that may be relevant to discuss here?

Scott:  Yes, we went into detail about some of the specific threats to IoT devices on that episode.  If you haven’t listened to it yet, I would recommend doing so.  We also plan to have a LinkedIn Live session in July on this very topic.  But since we have Mike on today, I’m actually curious to learn about any supply chain issues that may have come from the Coronavirus pandemic.  Mike, in early March we heard a lot about IT systems being in short supply due to many manufacturing plants being shut-down in China.  Can you comment on if you had any issues in this regard?

Mike:  We’re actually pretty fortunate.  We haven’t been impacted at all, at least not as of yet. We believe it’s because we don’t really use Chinese based manufactures like Hikvision or Dahua.  The majority of our technology partners are based in the US and Europe.

Scott: When you evaluate the use of any new IoT and OT systems for Prosegur security services, what do you look for from a cyber perspective?

Mike: As a security company, we gravitate to more secure options…crazy I know.  When the integration team is installing new systems, they always recommend closed or isolated systems.  But with today’s world, most customers always want an exception.  Those exceptions, are where the cybersecurity perspective kicks in.  If a customer wants or needs an internet connection for analytics for example, they are essentially opening their system up to vulnerability.  So, we are constantly testing and vetting those vulnerabilities. We can then have the conversation with their IT departments on what the risks are and how to best mitigate those risks.

Scott: When you look to deploy those OT devices for physical security services, what is the ideal method of deployment to ensure they are secured from cyber threats?

Mike:  First and foremost, we always recommend an isolated system.  Isolate out the CCTV and Access Control and similar technologies from their main corporate networks is an easy and effective method to help with cyber threats.  Secondly, follow the manufacturers cyber hardening guidelines.  Most manufactures have recommendations, from something as simple as changing the default password to more complicated as using HTTPS encryption or IP/MAC address filtering.

Scott:  That’s great to hear.  And the security of those IoT devices are extremely important.  This is one of the primary areas that Cipher is focusing on with our Innovation efforts.  With over 1 million IoT devices under management, we understand the importance of delivering new and innovative methods to secure those devices.  Look out for a LinkedIn live session in July on this very topic!  Pete, back over to you.  Do you have any other questions for Mike today?

Pete:  Thanks Scott.  Mike, we know that many stores have been and may still continue to be closed during this pandemic.  With regard to mobile surveillance, can you talk a little bit about how Prosegur uses mobile surveillance to protect customers and discuss any cybersecurity considerations with those devices?

Mike:  That’s a great question.  We have seen an unprecedented rise in request for mobile surveillance.  With stores having limited hours or open only for curbside pickup recently, they don’t have the normal staff to secure their locations.  Mobile surveillance is a great option for these customers.  But you’re adding IP devices to your external structures.  Without the proper cybersecurity precautions, you’re putting your network in much more vulnerable situation.  Anytime you extend your network outside  your building or fenced in area, you need to take precautions.

Pete:  Mike, any final thoughts?

Mike: IoT and OT offer amazing solutions and efficiencies.  They also put more devices on the network. They give more flexibility for remote access and control.   The trade off for all this convenience and technology is security vulnerability.  Now more than ever, everyone needs to take extra precautions and cybersecurity into account, or this great new technology add could cause more problems than solutions.

Pete:  Scott and Mike, thank you for your time; this has been very informative, and I look forward to our next Podcast. For anyone of our listeners who are interested in our services, please reach out to us via our marketing department, which can be reached at:   [email protected].

Did you enjoy this blog article? Comment below with your feedback.