Genetec urges tighter identity controls for security systems

Genetec has urged organisations to strengthen identity and credential governance across connected physical security systems, warning that artificial intelligence is increasing the scale and sophistication of cyber threats.

The warning focuses on environments that use connected cameras, access control systems, servers and cloud services, where weak or poorly managed credentials can open routes into wider networks.

The issue extends beyond employee logins to the passwords used to connect directly to physical devices. Those credentials are often overlooked, even though they can provide a direct point of entry if not managed properly.

Periodic password changes and basic cyber hygiene no longer provide enough protection in connected physical security settings, Genetec argued. Instead, it called for a governance-first approach to identity management, with tighter oversight of how access is granted, reviewed and updated across systems.

Mathieu Chevalier, Principal Security Architect at Genetec, linked the shift to the growing use of AI by attackers.

"AI is changing the speed and scale of cyber risk," Chevalier said. "Attackers can now move faster and are using AI to impersonate people, tailor social engineering attacks, uncover vulnerabilities at scale, and evade detection. To respond, organisations need to actively govern access and identity across their systems, not just set controls once and hope they hold."

Genetec backed its warning with findings from its Enterprise Physical Security in the Cloud Era research, based on responses from more than 7,300 physical security professionals worldwide.

According to the research, 58.7% of organisations reported an increase in phishing and smishing attacks. A further 41% saw a rise in overall physical or cyber incidents, while 43.5% identified social engineering as a leading attack vector.

Those figures point to a broader shift in the threat landscape for physical security operations, which are becoming more closely tied to enterprise networks, cloud services and remote management tools. As those systems become more connected, the line between cyber security and physical security continues to blur.

Credential controls

Among the steps it recommended, Genetec said organisations should remove default and shared credentials and enforce stronger forms of authentication, including passkeys and multi-factor authentication. It also said controls should apply directly to devices, not just user accounts.

Where possible, static passwords on devices should be replaced with certificate-based authentication. Genetec also called for centralised credential management and regular rotation to reduce the risk of a single compromised password being reused across multiple systems.

The message reflects a wider industry concern that connected operational technology and security infrastructure can be left behind when companies update mainstream IT defences. Cameras, controllers and related hardware may remain in service for years, often with inconsistent password practices and varying levels of software support.

Team alignment

Genetec also called for closer coordination between IT and physical security teams. Organisations should apply consistent security standards across both groups, improve visibility into access-related risks and coordinate incident responses, it said.

That recommendation addresses a long-standing divide in many organisations, where physical security has been managed separately from mainstream cyber security. As systems converge, separate oversight can leave gaps around account ownership, provisioning, monitoring and patching.

A more joined-up model could help organisations identify weak points earlier and respond more effectively to credential-based attacks. In practice, that means treating physical security infrastructure with the same scrutiny as other critical business systems.

Governance focus

Genetec said organisations should carry out regular access reviews, tighten control updates and work with technology partners that support long-term security and transparency. The emphasis should be on governance rather than isolated controls.

That approach suggests a shift away from treating password management as a narrow technical task and towards a broader model of accountability. In connected environments, access decisions can affect surveillance systems, doors, servers and cloud-based records, increasing the operational impact of any lapse.

Montreal-based Genetec sells video management, access control, automatic number plate recognition, intrusion detection, intercom and digital evidence management products. It said it serves more than 42,500 customers in more than 159 countries.