As security solutions become ever-more service-based, and true integration becomes a demand from a growing number of end users, so those designing, installing, maintaining and using smart solutions need to be increasingly cyber-aware. To deliver effective cybersecurity, all stakeholders have a role to play. It is not a case of designating someone in the supply chain as ‘responsible’. True cybersecurity is an on-going, evolving task which involves everyone. If any one party fails to meet their obligations, vulnerabilities could be introduced.
Cybersecurity is one of the largest threats to modern businesses and organisations today, and the methods used by criminals are increasingly sophisticated. The range of victims shows that no business can consider itself beyond risk, and even those with the largest and best-established cyber defences can fall foul of attacks. Often the combination of downtime, data loss, reputational damage and loss of faith by customers can be enough to cause a business to fail. That’s without considering the relevant fines which could be imposed.
While there is no doubt a number of cybersecurity attacks are complex, well planned and exploit vulnerabilities before the experts are aware they exist, many rely on simple old-fashioned human error. People can and will continue to be duped by fake communications. This, combined with ill-considered reactions or simple bad practice underlines why cybersecurity must be a burden shouldered by every stakeholder.
From the system designers, integrators and programmers, to the IT department or engineers maintaining a system, through to every user from administrators down to ordinary data subjects, cybersecurity remains pivotal to the success of a solution.
When considering stakeholders, it is important not to forget manufacturers. In the past, some have deflected criticism and complaints by pointing out the security of the system is the concern of the integrator or user. While the manufacturer adds features and functions to secure the system, the onus for ensuring these are set-up and implemented correctly lies with others.
At a time when systems are becoming ever-more complex, with service-based elements forming the real added-value of a system, is this an attitude integrators or end users should find acceptable? The answer has to be ‘no’. Partnering with manufacturers who take cybersecurity seriously is a must in order to ensure deployed solutions are credible, robust and offer resilience both now and in the future.
As a leading manufacturer of advanced intelligent security solutions, Inner Range has long recognised the importance of actively participating in cybersecurity protection for its solutions. Recognising that cybersecurity is one of the most significant issues facing organisations today, the company understands that networked security and access control systems can be vulnerable if not designed, installed and maintained appropriately. To heighten the cybersecurity of its systems, a number of advanced technologies are used to ensure the solutions are both cybersecure and protected from tampering or unauthorised access.
The fact that Inner Range products have been available in the security market for three decades, but the company reports there has not been a single instance of a successful cybersecurity attack, speaks volumes about the company’s adherence to secure principles.
Inner Range engaged one of the world’s top software consulting companies to undertake a cybersecurity governance audit, and follows a programme of continuous development to ensure its systems can resist the evolving nature of cyber-related threats.
Inner Range has a cybersecurity governance committee which is made up of senior management representatives from R&D, production, technical support and IT. The committee manages policies and procedures relating to cybersecurity, reviewing and updating these as the threat landscape evolves.
Inner Range also uses accredited laboratories to assess the systems and probe for vulnerabilities using a wide range of tools and techniques. Penetration testing is applied to all IP network-connected products including Integriti, Inception, Multipath and SkyCommand. The results of the tests are used to improve the security of its platforms, and are also fed back to the R&D team to ensure future products are cybersecure.
Product development always includes cybersecurity assessments at each stage, and all network-enabled products must pass independent penetration testing. Additionally, strict access control permissions are allocated to source code to ensure only relevant staff have access.
Importantly for integrators, Inner Range supplies installation guidelines for system hardening, helping engineers to deploy systems safely. The hardening guides provide advice relating to security features that can be implemented, including recommendations addressing network access control, firewalls, identity management, vulnerability management, etc..
Inner Range’s cloud services, Multipath and SkyCommand, are optimised for cloud deployment and offer redundancy and load balancing across multiple locations. Inner Range’s devices utilise AES encryption certified by NIST through its Cryptographic Algorithm Verification Program to the FIPS 140-2 standard. The cloud services, servers, clients and mobile apps are secured with HTTPS/TLS and the MS SQL database can support TLS and TDE which uses AES 256-bit encryption.