Steven Kenny, Architect & Engineering Program Manager – EMEA at Axis Communications pens an opinion article explaining how organisations can ensure the cyber resilience of network devices through effective lifecycle management practices.
High-profile data breaches worldwide have taught us that network cybersecurity needs to be a priority for all organisations in the Middle East. As businesses and regional economies become more interconnected through the Internet of Things (IoT), every device and system risks becoming an intrusion point for threat actors. In the region, the average cost of a data breach for businesses reached SAR 32.8 million ($8.7 million) in 2024, nearly 10% higher than the average recorded cost in 2023, while one report found that businesses in the UAE are most concerned about data leakage, cloud attacks, and attacks through networked IoT.[1]
An often-overlooked approach that organisations need to take to help protect networks and critical data from threats and vulnerabilities is lifecycle management. Encompassing two types of lifetimes associated with hardware – the device’s functional lifetime and its economic lifecycle, meaning the length of time until it starts costing more to maintain than purchasing a new device – lifecycle management is essential for meeting organisations’ evolving cybersecurity challenges to their digital assets. In that way, the two tasks are inextricably linked, and that’s why businesses need to take them seriously.
“Encompassing two types of lifetimes associated with hardware – the device’s functional lifetime and its economic lifecycle, meaning the length of time until it starts costing more to maintain than purchasing a new device – lifecycle management is essential for meeting organisations’ evolving cybersecurity challenges to their digital assets. In that way, the two tasks are inextricably linked, and that’s why businesses need to take them seriously.”
Steven Kenny, Architect & Engineering Program Manager – EMEA at Axis Communications
Get proactive when it comes to maintenance
In today’s ecosystem of connected and interdependent devices and solutions, manufacturers fulfil their responsibility to their customers by regularly releasing software updates and security patches to address vulnerabilities, fix bugs, and resolve any potential issues that may affect their products. Physical security devices, including network cameras, audio speakers, intercoms, and access control systems are no exception, and all software-based technology will inevitably need to be patched at some point to sort out vulnerabilities that attackers may exploit.
In light of this, network administrators must remain vigilant to the potential threats posed by security systems, that may traditionally have fallen outside their original scope of responsibility. Like many traditional IT systems, operational technology (OT) and IoT devices now require adherence to best practice cybersecurity measures, such as regularly downloading and installing patches and updates.
Today’s video surveillance systems no longer operate within the confines of a “closed-circuit TV” environment. Instead, they are integrated into broader networks, making them susceptible to cyber threats. As such, it is imperative for network administrators to recognize these systems’ evolving roles and apply robust cybersecurity principles to safeguard them effectively.
Complete network oversight is important
Despite the critical need to update security devices when new software is available, the reality is that nearly 47% of organisations fail to do so and use at least some form of out-of-date technology in their infrastructure. This lack of updates can be attributed to resource constraints, operational disruptions, and the complexity of maintaining legacy systems, but ultimately it all comes down to cost. That is why administrators need to have a solid understanding and comprehensively record the history of connected devices, including keeping documentation regarding each one.
Older technologies represent a greater risk from a cybersecurity perspective as they may not have update capabilities due to hardware limitations or receive support from the manufacturer. By adhering to lifecycle management best practices and knowing which are vulnerable devices – or those that pose the greatest future risk – that are connected to your network, you can help ensure there are no unpleasant surprises. A systematic schedule and budget for predictable replacements help ensure all essential components are replaced at the end of their lifecycle.
Streamlining the management process
Lifecycle management, implemented with the most appropriate and advanced technologies to mitigate security risks and vulnerabilities, is especially important for critical functions like physical security systems. For example, while a typical IP camera has a functional lifetime of ten to 15 years, its actual lifespan may be influenced by rapid changes or developments in the cybersecurity landscape. As a result, that IP camera may eventually no longer be capable of countering the latest threats.
Effective lifecycle management can be a daunting task for some organisations and network administrators in the Middle East, especially for those with widely distributed networks that include hundreds, if not thousands, of connected devices. Fortunately, help is at hand with device management software solutions that can help organisations automate the process.
These solutions can quickly create a real-time inventory of all cameras, audio speakers, intercoms, and access control points connected to the network, making it easier for administrators to implement consistent policies and practices while securely managing all tasks, from installation and configuration to security and maintenance. This includes capturing key information such as the device model number, its IP and MAC addresses, operating system, and certificate status.
This information is then imported and displayed to all who need it, including system administrators, integrators and installers, who can then use it to efficiently perform a variety of tasks from managing user privilege levels, updating software, changing security policies, and making configuration modifications. All of these are hallmarks of lifecycle management and cybersecurity best practices.
A major advantage of device management software is its ability to push out system changes, software and security updates, including new HTTPS and IEEE 802.1X security certificates, to hundreds of devices simultaneously. Another advantage is that it can also automatically verify that all devices are running the latest relevant software version, saving administrators time and effort in managing cybersecurity risk, all from a remote or centralised operations point.
Cybersecurity is always a work-in-progress
Today’s IoT networks are only as secure as the devices connected to them, which is why IT departments and network administrators need to expect and adhere to all necessary cybersecurity protocols and practices. That includes having ongoing discussions and checking that all devices comply with network procedures, including:
- Not using devices with default passwords.
- Ensuring password strength and determining how often they should be changed.
- Removing unused or outdated devices from the network, which reduces the overall surface area of attack.
- Scanning devices for known vulnerabilities.
- Meeting local compliance regulations.
In every organisation, cybersecurity is everybody’s concern and responsibility, especially as cyberattacks become more of a reality for businesses. (In Q1 2024, the number of successful cyberattacks in the Middle East tripled compared to the same period in 2023.[2]) A good starting point is ensuring the cyber resilience of network devices through effective lifecycle management practices. With timely overview and consistent policies in place, and supported by innovative management software solutions, businesses in the Middle East can take full control of their networks and become proactive when it comes to cybersecurity.
