For organizations managing connected cameras, access control systems, servers, and cloud services, weak or poorly managed credentials can expose sensitive operations and create new entry points. This includes passwords used to connect directly to the devices themselves, which are often overlooked but can provide a direct access point if not properly managed. In this context, relying on regular password changes or basic cybersecurity practices is no longer sufficient.
“AI is changing the speed and progression of cyber risk,” says Mathieu Chevalier, principal security architect at Genetec Inc. “Attackers can now move faster and are using AI to impersonate others, customize social engineering attacks, discover vulnerabilities at scale, and evade detection. To respond to this, organizations need to actively manage access and identity across all their systems, not just set up controls once and hope they work.
These risks are already impacting organizations that manage physical security systems. The recent Genetec Enterprise Physical Security in the Cloud Era study, based on the opinions of more than 7,300 physical security professionals worldwide, revealed that 58.7% of organizations have experienced an increase in phishing and smishing attacks, while 41% reported an increase in physical or cyber incidents in general. Social engineering was identified by 43.5% as one of the main attack vectors. To mark World Password Day, Genetec is encouraging organizations to move beyond isolated credential controls and adopt a governance-centric approach to identity management in physical security environments, including:
Strengthening identity and credential controls
Organizations should eliminate default and shared credentials, implement strong authentication such as passkeys, and adopt multi-factor authentication (MFA) to reduce the most common entry points for attacks. This should also extend to devices, replacing static passwords with certificate-based authentication where possible, and ensuring centralized management and regular credential rotation.
Greater alignment between IT and physical security teams
Integrating IT and physical security teams helps enforce consistent security standards, improve visibility into access risks, and coordinate incident response. As physical security systems become increasingly connected to enterprise networks, this cross-functional alignment can help organizations identify vulnerabilities and respond more effectively to credential-based attacks. Governance-based management of physical security systems: Organizations must manage their physical security infrastructure with the same rigor as other critical systems. This includes regular access reviews, controlled upgrades, and collaboration with trusted technology partners to support long-term security, transparency, and operational resilience.
