Genetec urges stronger credential governance for physical security systems

AI‑driven tools are hastening credential‑based attacks by increasing their speed, scale and precision. For organisations presently managing connected cameras, access control systems, servers and cloud services, weak or otherwise poorly governed credentials can expose sensitive operations and create new pathways into those organisations. This includes the passwords used to connect directly to devices themselves, which are often overlooked, but can provide a direct entry point if not properly managed.

In this environment, relying on periodic password changes or basic cyber hygiene is no longer sufficient.

Speed and scale

“AI is changing the speed and scale of cyber risk,” asserted Mathieu Chevalier, principal security architect at Genetec. “Attackers can now move faster and are using AI to impersonate people, tailor social engineering attacks, uncover vulnerabilities at scale and evade detection. In order to respond, organisations need to actively govern access and identity across their systems, not just set controls once and hope they hold.”

These risks are already affecting organisations that manage physical security systems. The recent Genetec Enterprise Physical Security in the Cloud Era research, which is based on insights from more than 7,300 physical security professionals worldwide, found that 58.7% of organisations have experienced an increase in phishing and smishing attacks, while 41% of them reported a rise in overall physical or cyber incidents. Social engineering was identified by 43.5% of respondents as a leading attack vector.

‘Governance first’ approach

Genetec is now encouraging organisations to move beyond isolated credential controls and adopt a ‘governance first’-style approach towards identity management in physical security environments.

Strengthen identity and credential controls

Organisations should eliminate default and shared credentials, enforce strong authentication such as passkeys and adopt multi-factor authentication to reduce common attack entry points. This must extend to devices as well, replacing static passwords with certificate-based authentication when possible, also ensuring centralised management and regular credential rotation.

Closer alignment between IT and physical security teams

Bringing IT and physical security teams together helps to apply consistent security standards, improve visibility into access risks and co-ordinate incident response. As physical security systems become more connected to enterprise networks, cross-functional alignment can help organisations identify weak points and respond more effectively to credential-based attacks.

Governance-first management of physical security systems

Organisations should manage physical security infrastructure with the same detail as they do other mission-critical systems. This includes regular access reviews, controlled updates and partnerships with trusted technology partners that support long-term security, transparency and operational resilience.

*Further information on how today’s organisations are addressing cyber risk in connected physical security environments is available by downloading the Genetec Enterprise Physical Security in the Cloud Era research results at https://resources.genetec.com/ebooks-reports/enterprise-physical-security-in-the-cloud-era