Tag: Physical Security

How to Talk Threat Intel to Your C-Suite (Without Losing Them)

Posted on December 16, 2025 by - Industry Expertise

Security leaders know the drill: You’ve got critical threat data, limited resources, and an executive team that needs to understand why it all matters fast. But bridging the gap between operational security and boardroom priorities? That’s where things get tricky.

We recently sat down with Ryan Schonfeld (HiveWatch), Cory Siskind (Base Operations), and Bill Schieder (Labcorp) to talk about what actually works when you’re trying to get executive buy-in for security initiatives.

Start with the 10K, Not the Product Demo

Billr’s advice is refreshingly simple: Figure out your problem before you go shopping for solutions.

“Look at your company’s 10K report,” he said. “Identify the risks that your security organization can mitigate, and use that as the foundation for building your business cases.”

That 10K isn’t just a compliance document; it’s a cheat sheet for what your leadership already considers material risks. When your security pitch ties directly to those documented concerns, you’re not asking executives to care about something new. You’re showing them you can help with something they’re already worried about.

Security as a Business Facilitator (Not Just a Line Item)

Cory pushed back on the idea that security is purely a cost center. Her take: Security is a business facilitator.

Think about what good threat intelligence actually enables: optimized supply chain routes, smarter due diligence on acquisitions, and better decisions about where to deploy your workforce. That’s not just risk mitigation. That’s a competitive advantage.

Bill added the concept of security as a “revenue preserver,” and shared a story from his time at Flexport. By getting TAPA Level A certifications for their warehouses, they unlocked an entire tier of high-value clients they couldn’t previously pursue. Security investment became revenue growth.

The Data Problem Has Flipped

Bill put it simply: “When I first started in global security in 2008-09, our challenge was getting information. Now we have to decipher between what’s intelligence and what’s noise.”

The answer isn’t more data. It’s the right data, presented in ways executives can act on: visualizations, baselines that let you spot real changes versus normal fluctuation, or trend analysis that tells you whether an incident is a one-off or part of a pattern.

Cory emphasized granularity, as city-wide crime stats don’t tell you much about the specific blocks where your people actually work. “When you take a blanket approach to an entire city or region, you’re missing out on opportunities and failing to properly assess risk at the locations where you actually operate.”

Guard Force: The Obvious Place to Start

Ryan pointed to guard deployment as immediate low-hanging fruit. It’s usually the biggest security expense, but deployment decisions are rarely based on actual risk data. Most organizations default to uniform coverage; every site gets the same, regardless of whether it needs it.

Data changes that. You’re not necessarily spending more. You’re putting resources where they actually matter.

Beyond “Nothing Bad Happened”

The hardest part of security leadership might be proving value when your job is preventing things from happening. The panel offered some concrete alternatives: supply chain disruptions caught early, reduction in false alarms, time saved through automation, and business opportunities unlocked by certifications.

Bill’s vision for AI is practical; not replacing analysts, but giving them leverage. “Can we have AI take all the geospatial analytics data from our locations globally and give me a daily intel report in 10 minutes that would take an analyst half a day to put together?”

Building Executive Trust

Bill was direct about what it takes: “You can’t just come in with buzzwords. You have to have business cases and real-life solutions. It doesn’t take long for leadership to figure out if you have business acumen and can be a viable business partner.”

Fear-mongering doesn’t build lasting credibility. Consistent, quantifiable wins do.

Missed the live session? Watch the full recording here. And if you want to see how HiveWatch helps security teams turn threat intelligence into executive-ready insights, request a demo.

What Happens When Physical Security Systems Get Hacked?

Posted on October 14, 2025 by - Industry Expertise

Most people think about hackers going after credit cards or customer databases. But your access control system? Your camera network? Those are targets too. And when they get compromised, the consequences look different than a typical data breach; they’re often worse.

The short answer: Attackers can unlock doors remotely, disable cameras during break-ins, or use your security infrastructure as a backdoor into your corporate network. Physical security systems are increasingly IP-connected, which means they carry the same vulnerabilities as any other networked device, except they control access to your actual buildings.

Why Would Anyone Hack a Door Lock?

Because it’s easier than you think, and the payoff is real.

Remember the casino that got breached through a connected fish tank thermometer? Once attackers were inside the network, they moved laterally until they found what they wanted. Physical security devices work the same way. An IP camera with default credentials or an access control system running outdated firmware becomes the entry point.

The thing is, most organizations treat physical security systems like appliances. You install them, they work, and then you forget about them. Meanwhile, your IT team is patching servers and rotating credentials monthly. That disconnect is exactly what attackers count on.

What Can Actually Go Wrong

Camera Systems

Video management systems run on networks, often with remote access enabled for monitoring. When these get compromised, attackers can manipulate footage, disable recording, or simply watch your operations in real-time to plan their next move. The problem? Most VMS platforms aren’t monitored the same way your servers are. No one’s checking system logs daily or running vulnerability scans on the camera network.

Access Control

Once someone gains access to your access control platform, they can create credentials, modify access rights, or pull reports showing movement patterns throughout your facility. The system logs everything as legitimate activity because technically, it is – just initiated by the wrong person. Some systems integrate directly with HR databases for automatic provisioning, which means a compromise isn’t limited to just doors opening.

The Network Pivot

This is the one IT teams actually worry about. Your physical security devices are connected to your network. Sometimes, on the same network as everything else because segmentation is expensive and nobody budgeted for it when the system was installed.

Attackers don’t always care about your cameras. They care that your cameras are an easy way into your network. One compromised device with weak credentials becomes the foothold for lateral movement. From there, it’s a straight shot to servers, databases, or anything else connected.

The Part Nobody Talks About: Insider Threats

External hackers are one problem. Insider threats such as disgruntled employees or contractors with system access, are another.

Someone with admin rights to your access control platform can do significant damage before anyone notices. They can export databases. They can create phantom credentials. They can pull detailed reports on executive movements.

Most organizations audit their cybersecurity privileges regularly. How often are you auditing who has admin rights to your physical security systems?

What Actually Needs to Happen

Here’s where things get uncomfortable: fixing this requires physical and cyber security teams to work together, and most organizations aren’t structured for that.

Start with the basics:

  • Treat physical security systems like IT assets. Patch them. Update firmware. Rotate credentials.
  • Segment your networks. Cameras and card readers shouldn’t be on the same network as your accounting system.
  • Monitor your physical security infrastructure the same way you monitor servers. Log analysis, alert on anomalies, and investigate configuration changes.

Then get serious about convergence:

Your security operations center (SOC) team needs visibility into your physical security systems. Not just “the alarm went off,” but actual system health, failed login attempts, and configuration changes. When someone attempts unauthorized access to your VMS, it should trigger an alert just like suspicious network activity does.

This is why HiveWatch built the GSOC OS with SOC 2 compliance and network security as core requirements, not afterthoughts. Physical security platforms need to meet the same standards as any other enterprise software, including regular penetration testing, encrypted data transmission, role-based access control, and the whole package.

Why This Matters

Physical security systems getting hacked isn’t some distant, theoretical risk. It’s happening, and it’s usually the result of treating these systems differently than you’d treat any other part of your infrastructure.

The fix isn’t complicated, but it does require acknowledging that physical and cyber security aren’t separate anymore. They’re two sides of the same problem. The organizations that figure this out early are going to be in much better shape than the ones still treating their access control system like a box on the wall.

Want to see how your physical security infrastructure stacks up from a cybersecurity perspective?Request a demo to see how unified security operations actually work.

Breaking Down Silos: The Hidden Weakness in Security Operations

Posted on July 1, 2025 by - Industry Expertise

Walk into any modern security operations center and you’ll see the same scene playing out: operators frantically switching between five, six, sometimes seven different screens, each one demanding attention with its own set of alarms, interfaces, and protocols. It’s chaos masquerading as security. So, how did we get here?

Closing Security Gaps: How Tailgate Detection Enhances Access Control

Posted on May 25, 2025 by - Industry Expertise, Tips & Tricks

We often focus on the obvious: cameras, access control systems, and security guards. But there’s a vulnerability that many organizations overlook until it’s too late: tailgating.

This seemingly minor issue can create major security breaches. Here is what I’ve learned about tailgating, why it matters, and how modern solutions are addressing this persistent challenge.

Field Resources & Guarding Relationships: Optimizing Security

Posted on February 5, 2025 by - Industry Expertise

Security is a crucial aspect of any organization, and the effectiveness of security teams directly impacts the safety and well-being of employees and the protection of assets. In today’s business landscape, security teams are frequently asked to operate with limited resources while facing ever-evolving security threats. 

Understanding the different types of field resources available and how to manage them effectively is vital for creating a comprehensive security strategy.

Embracing New Technology in Physical Security

Posted on January 12, 2025 by - Industry Expertise

Companies moving to the Cloud

As companies reflect on the continued impact of the COVID-19 pandemic and subsequent changes to business operations, the maturity and effectiveness of physical security infrastructure and data has become imperative to a successful transition to remote and hybrid work models. In particular, Cloud-based software solutions have proven critical to maintaining a strong security posture as travel and resourcing constraints limit the ability to monitor and manage security operations in-person.

Cloud-based security software that gives organizations the ability to access and control camera systems, monitor video feeds, conduct maintenance tasks, evaluate system health, and perform updates to firmware/software from remote locations have been identified as must-haves for maturing security organizations.

“While many physical security departments were hesitant to consider cloud-connected solutions in the past, they now better understand the benefits these solutions bring and how it can help them to better utilize their resources to achieve their respective business goals while minimizing their overall operational complexity.”

Answers from more than 2,000 security leaders give insight as to how the physical security industry is changing, with more movement towards the Cloud and an increase in investing in upgrades to legacy and/or disparate access control systems. A recent Genetec State of the Industry report (https://resources.genetec.com/en-infographics/state-of-physical-security-2021) showed that 45% of large companies (those with more than 1,000 employees) have already adopted cloud solutions. An impressive 94% of survey respondents stated plans to deploy Cloud or hybrid-cloud solutions for their long term plans, a major increase from 2020 when 26% of those surveyed said they began implementing their cloud journey. 35% of respondents said the pandemic directly accelerated or triggered their Cloud strategy.

Christian Morin, Vice-President, Product Engineering and CSO at Genetec Inc, stated, “While many physical security departments were hesitant to consider cloud-connected solutions in the past, they now better understand the benefits these solutions bring and how it can help them to better utilize their resources to achieve their respective business goals while minimizing their overall operational complexity.”

Duty of Care – Whose Duty is it to Care?

Posted on January 12, 2025 by - Industry Expertise

Duty of Care is a broad term that encompasses some of the most important responsibilities a business can take on today. It might sound foreign, or even a bit vague, but duty of care is an element every workplace has to consider on a constant basis. With many workplace norms changing in the wake of the pandemic, the conversation around whose duty it is to care continues to be up for debate, even if the protections it offers should never be.