RAD-R takes its technology to the home market
Industry veteran Steve Danelon joins the company as its new president p. 7
Cybersecurity check-in for surveillance Cameras are still vulnerable to cyberthreats without the proper precautions p. 14
Security companies prepare for tariffs Canadian firms tell us how they plan for rocky economic conditions p. 16
By James Careless
By Neil Sutton
WBy Neil Sutton
READER SERVICE
Print and digital subscription inquiries or changes, please contact Shawn Arul, Audience Development Manager
Tel: (416) 510-5181 • Fax: (416) 510-6875
Email: sarul@annexbusinessmedia.com
Mail: 111 Gordon Baker Rd., Suite 400, Toronto, ON M2H 3R1
hen I talk to corporate security professionals about what keeps them up at night, the conversation sometimes turns to the topic of cyberattacks.
Protecting people, property and assets requires a well-trained security team, supported by technology and governed by a comprehensive risk strategy. Cyberattackers, however, can inflict harm on an organization or population remotely, disguising their point of origin and covering their tracks.
It’s been a while since we took a look at this topic in detail and a year might as well be a lifetime in terms of how quickly things change in the cybersecurity world.
“For
of movies and TV shows.
But for every attack, there is a counter, and for every cyber scheme, there is a plan that can diminish the threat it represents. The feature article in this issue lists many of the potential ways a network may be compromised, but also offers some important advice on how to prepare for those threats, if and when they occur. AI can also be an ally when it comes to protecting networks, and I think we’ve only seen a fraction of its potential in this regard.
every attack there is a counter. For every cyber scheme there is a plan.”
Our main feature story this issue delves into some of the major cyber issues facing security manufacturers and installers today and what they can do, from a proactive point of view, to keep networks safe.
The risks multiply when attackers take advantage of social engineering techniques or use AI to fortify their attacks. I have definitely noticed that phishing emails and texts are becoming more sophisticated lately, and this trend is certain to continue.
It can feel like a doomsday scenario — criminals exploit weak networks with impunity for financial gain or to satisfy their political motivations — and one that has been played out to great dramatic effect in dozens
Common sense and effective training also play an important role here: the more people understand how phishing emails work, and how they are designed to elicit a response, the more likely they are to recognize them for what they are.
There are several other timely articles in this issue, including one that looks at how Canadian security companies plan for economic uncertainty and supply chain disruption.
I would also encourage you to read the article on CANASA’s new executive director, Kim Caron. I have known Kim for many years and consider her to be one of the security industry’s most knowledgeable and dynamic leaders. We wish her all the best as she takes on this new role.
@SecurityEd
Your Partner in Securing Canada Security Products & Technology News is published 5 times in 2025 by Annex Business Media. Its primary purpose is to serve as an information resource to installers, resellers and integrators working within the security and/or related industries. Editorial information is reported in a concise, accurate and unbiased manner on security products, systems and services, as well as on product areas related to the security industry.
Editor, Neil Sutton 416-510-6788 nsutton@annexbusinessmedia.com
Group Publisher, Paul Grossinger 416-510-5240 pgrossinger@annexbusinessmedia.com
Publisher, Adam Szpakowski aszpakowski@annexbusinessmedia.com
Associate Publisher, Jason Hill 416-510-5117 jhill@annexbusinessmedia.com
Media Designer, Jaime Ratcliffe jratcliffe@annexbusinessmedia.com
Account Coordinator, Kim Rossiter 416-510-6794 krossiter@annexbusinessmedia.com
CEO, Scott Jamieson sjamieson@annexbusinessmedia.com
EDITORIAL ADVISORY BOARD Patrick Soo, Alarm.com Floria Chiu, Telus Custom Security Systems Stephen Karchut, Alarmtech Val Michetti, HID Frank Pietrobono, Avante
111 Gordon Baker Rd, Suite 400, Toronto, ON M2H 3R1 T: 416-442-5600 F: 416-442-2230 The threat of a cyberattack is never far away, so brush up on your network knowledge and plan accordingly
PUBLICATION MAIL AGREEMENT #40065710
Printed in Canada ISSN 1482-3217
in any of the four ways listed above.
Annex Privacy Officer privacy@annexbusinessmedia.com Tel: 800-668-2374
No part of the editorial content of this publication may be reprinted without the publisher’s written permission. ©2025 Annex Publishing & Printing Inc. All rights reserved.
Annex Publishing & Printing Inc. disclaims any warranty as to the accuracy, completeness or currency of the contents of this publication and disclaims all liability in respect of the results of any action taken or not taken in reliance upon information in this publication.
As the industry leader in power and data transmission innovation, Altronix designs and manufactures electronic products that ensure security systems run at optimal performance. We pride ourselves on providing the best technical and customer support in the business. That’s the Altronix advantage.
Kim Caron, who took over the role of executive director of the Canadian Security Association (CANASA) earlier this year, says she will spend the next weeks and months gathering information from CANASA members and listening to their ideas.
Caron is well acquainted with CANASA, having served in numerous volunteer capacities with the organization. Her time with CANASA includes a three-year term as its national president and leading its monitoring station committee as chairperson. She is the recipient of CANASA’s most prestigious honour, the R.A. Henderson award, which was given to her in 2018.
Caron is also steeped in security knowledge. She first entered the industry in the 1980s as a monitoring station operator, and recently concluded a long career with the Armstrongs monitoring organization as its director of sales.
But Caron knows that the position she is taking on now is different from the industry and volunteer roles she has occupied over the previous decades. As executive director for CANASA, she is representing all aspects of the industry, from guarding to cybersecurity. She is also beginning at a time of enormous change, as technologies like cloud and artificial intelligence are upending traditional delivery and deployment models — not to mention geopolitical and economic upheaval and an impending federal election in Canada this year. (CANASA itself will be welcoming new board members in 2025, immediately following its June AGM.)
Caron says she has asked the CANASA staff to take a risk-based approach to economic uncertainties and how they will affect CANASA as an organization, its regional events
and trade shows across Canada, and of course, any potential fallout for its individual members.
Caron is also planning for a full review of all of CANASA’s existing committees to determine how they function for the benefit of members, as well as a review of all of its education functions.
Basically, says Caron, the floor is open and she is looking for feedback from CANASA members. “I want that engagement with the executive and the board members, and I want that communication to all of our membership on a regular basis,” she says.
Caron says she wants to delve deeper into the knowledge pool that CANASA’s membership represents and explore new ideas.
“I have a lot of great relationships and contacts, and I am very grateful for that. I can pick up the phone or have a meeting and discuss [these opportunities]. I’d like to hear their views on what we want, or if we can do anything to help us partner or
“I have a lot of great relationships and contacts and I am very grateful for that.”
— Kim Caron, CANASA
help us grow,” she says.
While CANASA is home to many well-respected industry veterans, Caron is also aware that new members and volunteers will help the association expand and help to match job seekers with vacant positions.
Caron’s predecessor, Patrick Straw, was a strong advocate of forging relationships with schools and colleges to help develop more security industry-focused education
programs, with the ultimate goal to train more Canadians to take on security jobs.
CANASA hosted its first job fair at the Security Canada Central conference in Toronto last October and Caron is keen to see it return to Security Canada events this year.
Caron says she also plans to foster the relationships with police agencies and authorities having jurisdiction (AHJs) that Straw developed over the eight years he was executive director. “Patrick built a strong, good team and good communications,” says Caron. “We’re very lucky to have had him in this role.”
Caron says she will reach out to U.S. associations that serve the security industry to see if there are more synergies that could be developed. While the American and Canadian
security industries operate quite differently in some respects, there are enough similarities that raising the level of discussion could be beneficial to everyone concerned.
Caron’s official start date was Jan. 13 and she anticipates it will take several months for her to fully appreciate the job ahead of her. That includes taking a full inventory of what CANASA currently does for its members and what it could potentially offer in the future.
She says one of the most important pieces of advice Straw left with her was to take a breath and be patient. The industry is in a hurry to implement change, but asking questions and listening to what members want will help CANASA stay true to its priorities, she says.
— Neil Sutton
ecurity industry veteran Steve Danelon recently joined Robotic Assistance Devices Residential (RAD-R) as the compa
Before joining RAD-R, Danelon spent more than two decades in sales and operations at Allied Universal and also established his own resi dential security company, Fortress
Camden Door Controls is a Canadian success story that began in a basement in Montreal over 36 years ago, and now employs more than 100 people in our 41,000 sq.ft. head office in Mississauga! When you buy Camden locking, control, activation or access products, you’re not just supporting Canadian jobs, your purchase means more money for research & development, new copyrights and patents, and more manufacturing horsepower to make Canada a world leader.
PROUD TO BE CANADIAN. PROUD TO SERVE YOU!
Burnbrae Farms implements surveillance solutions
Canadian egg producer and processor
Burnbrae Farms has adopted Eagle Eye Networks’ Cloud VMS to improve its video management. The company operates eight grading plants, three processing facilities, and 10 farms across the country.
Burnbrae has taken a hybrid approach to the deployment, managing 300-plus cameras with a combination of on-premise storage and cloud-based management. Burnbrae stands to save $225,000 in reduced equipment costs and operating expenses. The company has seen improvements in compliance, cybersecurity and records-keeping, as well as faster response times to address security and operational issues.
The surveillance system install was conducted by Brockville, Ont.-based integrator Top Smart Security.
Manitoba hospitals select screening technology
Toronto-based Xtract One Technologies says its Xtract One Gateway has been selected for hospital locations in Manitoba, including at the province’s Health Sciences Centre and Crisis Response Centre locations operated by Shared Health.
According to the company, “the system will redefine the security experience by not only balancing powerful threat detection with seamless flow for individuals, but also enhancing safety standards and optimizing operational efficiency.”
Xtract One says its portfolio of screening solutions are designed for scanning individuals and their belongings, allowing passage through checkpoints and reducing the need for separate bag searches. The company’s Gateway solution scans individuals, their pockets, their bags and backpacks for potential weapons while distinguishing personal items like laptops, tablets, threering binders, notebooks, eyeglass cases, keys and phones.
deployed Axis Communications technology to enhance waterway safety and security across its jurisdiction on the U.S.-Canada border.
Located on the Detroit River, the Windsor Port serves as the passageway between Lake Huron and Lake Erie, navigating between 6,000 and 9,000 cargo vessels annually. In addition to commercial ships, more than 10,000 small fishing boats and other recreational watercraft access the port each year.
Axis cameras, combined with radar solutions from Accipiter Radar Technologies, provide the port with the visibility to prevent collisions, better detect illegal activity, and help save lives.
“Axis’ cameras, along with Accipiter’s radar technology, have been vital to keeping the port safe for all who pass through it,” said Peter Berry, harbour master and vice-president of operations for Windsor Port Authority, in a statement.
• Wavestore, a provider of video management solutions, announced the appointment of Jeff Wood as vice-president of sales for North America.
March 18, 2025
ADI Expo Toronto, Ont.
www.adiglobaldistribution.ca
March 31 - April 4, 2025
ISC West Las Vegas, Nev. www.iscwest.com
April 24, 2025
Focus On Guarding Toronto, Ont. www.focusonguarding.com
April 30, 2025
Security Canada East Laval, Que. www.securitycanada.com
May 6-8, 2025
Canadian Technical Security Conference Banff, Alta. www.ctsc-canada.com
June 8, 2025
ADI Expo
Calgary, Alta. www.adiglobaldistribution.ca
June 9-10, 2025
Security LeadHER Detroit, Mich.
www.securityleadher.org
June 11, 2025
Security Canada West Richmond, B.C. www.securitycanada.com
June 16-19, 2025
ESX Atlanta, Ga. www.esxweb.com
September 11, 2025
ADI Expo Vancouver, B.C. www.adiglobaldistribution.ca
• Ceres Silva has joined the smart biometrics sales team as solution sales director for the North America region at Idemia.
• ICT has appointed Andy Bane as CEO. Bane succeeds Hayden Burr, who will transition to the role of chief innovation officer.
• Mike Farren has joined
Classic Fire + Life Safety as its CEO. Farren has more than 34 years of experience in the fire protection, life safety and security industries.
• TOA Canada recently announced technical support specialist Vitaliy Dedyukh as the newest member of its product development team.
• IDIS Americas has appointed Darron Parker as vicepresident of sales for Canada and the Northeast U.S. IDIS also recently expanded its North American operations.
By Bob Smith
With a new executive director joining CANASA, we embrace opportunities for the coming year
As we step into 2025, I find myself reflecting on the past year while looking ahead with excitement to the opportunities this new year brings.
One of the most significant transitions has been Kim Caron officially assuming her role as executive director. In the short time we’ve worked together in this capacity, I’ve witnessed her dedication to the growth and success of the Canadian Security Association (CANASA). Her leadership inspires confidence, and I am eager to see what the future holds for our association under her guidance.
the progress CANASA has made post-COVID and contribute to shaping our success.
CANASA Next Gen, our newly formed National Membership subcommittee, is an exciting initiative led by two rising security industry professionals, Scott Young and Thomas Leslie. This initiative aims to engage and inspire the next generation of security professionals, increasing career awareness and fostering industry longevity.
We have also initiated the call for nominations for the CANASA National Board for the 20252027 term. I encourage a diverse group of passionate candidates to step forward. This is a pivotal opportunity for new board members to build on
The career fair at the Security Canada Central show last October was well received and additional interest and ideas on enhancements for this opportunity strongly favour inclusion at this year’s show.
Following a record-breaking year for attendance at Security Canada shows and regional events, we are optimistic about maintaining this momentum. Early indicators suggest continued
growth in 2025. A huge thank you to Steve Basnett, Erin Marsden, Danielle Paquin and all the council members, volunteers and sponsors who make these events possible.
A special congratulations to our colleagues in Quebec, who saw record participation in their programs last year — another strong trend we anticipate will continue into 2025.
Lastly, I want to recognize and thank Patrick Straw for his leadership and dedication during his eight years as CANASA’s executive director. I had the privilege of working closely with Patrick for many of those years, and it was a pleasure to see him engage so meaningfully with colleagues, friends and team members. His deep industry knowledge and unwavering commitment have left a lasting impact. Patrick, if I ever find myself in PEI, I’ll be sure to visit!
Bob Smith is the National President of the Canadian Security Association. (www.canasa.org).
West
Richmond, BC
June 11, 2025
Central Toronto, ON October 22-23, 2025
ABy Roger Miller
Duplicated access control can be a pain to track, but there are solutions available to limit their use
ccess credential cloning has been in existence for a number of years in Canada.
The early days of access control meant everyone was carrying a physical key to their workplace. Many keys were generic and could be copied at the local hardware store, while the more robust key control systems would have keys that were stamped “DO NOT DUPLICATE.”
“Credentials of any type require management.”
For those who held keys that were stamped Do Not Duplicate, there were usually opportunities to have an unscrupulous friend or hardware store employee that would overlook the secure designation to make you a copy of the key. So this issue isn’t exactly new. The bottom line is that credentials of any type require management.
Currently, there is at least one franchise type of cloning service operating within established storefront businesses such as small independent grocery or convenience stores.
The process is simple: you enter the business with your credential and they will provide you an exact clone of a similar credential for a fee ranging from $40 to $70 depending on the specifics of the transaction.
The cloned credential is an exact replica of the credential you provide, with the same access privileges. When the clone is used, it will show as the original issued credential in your access control software. For this discussion, credential can mean a card, FOB, or other RFID device including garage door openers and car key FOBs.
The quantifiable risk of cloning for each organization will vary. It is important to keep in mind that the cloned copy is an exact replica of a credential that has been legitimately issued to an authorized individual, therefore, they are authorized to have access to the designated doors or access points. The new credential will not grant any additional access, and any access gained by a cloned credential will still be tracked in your system to the person who was issued the original credential.
If the original holder of the credential (em-
ployee/contractor/resident) has lost or loaned their credential and it has been cloned then returned by a third party, there will be no way to determine if the original or a cloned copy is used through your card activity history. Any data will always show as the original. It is entirely possible that clones exist on your system without your knowledge.
There are a number of options available to reduce the risk of cloned cards being used on your system. These options may require hardware or software upgrades, depending on your current system. There are new readers and FOBs/cards available that cannot, at this time, be easily cloned. End users should discuss this with their service provider to determine what options exist for their system. If you are the service provider, there is an opportunity for you to be proactive and bring this issue to your customer, with solutions.
As always, the proper administration of your access control system will be your best option to reduce the risk of a cloned credential being used. There must be a defined process for issuing credentials, suspending access or reporting and replacing lost or missing credentials. For example, if the original of a cloned credential is cancelled then the cloned copy will be also be cancelled.
With most access systems you can initiate an alert if someone attempts to use a cancelled or suspended credential. Any credentials that have been issued but not used for a predetermined time (30-60-90 days) should be auto suspended, a feature available within most access control software.
If you store photographs of individuals who have been issued credentials, your system can show you who is using the credential. If the photo doesn’t match with the user that could be a warning to security or management that there is a clone or other unauthorized use. This should initiate an investigation.
A more robust solution to prevent cloning is two-factor authentication. This will require the usual credential as well as a second authentication method that could be a keypad, biometric or other method of individual verification. This level of authentication will mitigate the risk of a cloned credential being used by an unauthorized person in most cases.
Like everything we do as security providers, we need to be aware of the risks and do our best to help our customers mitigate them.
Roger Miller is the president of Northeastern Protection Service Inc. (www.protectionpartner.ca)
IBy Victor Harding
When selling alarm accounts, there are several key factors that should be taken into account before exploring a deal
have been buying and selling alarm accounts in Canada now for 25 years. I thought it would be useful to summarize what affects the price on alarm accounts the most.
Firstly, it may seem crazy but the size of the account base may well be the most important factor overall in determining price. The cut-off point seems to be 1,000 accounts. Any account base with 1,000 accounts or more gets lots of attention, particularly from the bigger national buyers who generally pay the best prices.
Owners with 500 accounts will not likely attract monthly multiples in excess of 36X recurring monthly revenue (RMR) regardless of what other good features the account base has. Whereas 1,000 accounts with some other good features can sell for 38 to 40X RMR. The really high multiples such as 42-44X are mostly reserved for account bases of 5,000 accounts and above.
Secondly, I think the average rate on the accounts is next in line in importance. Today the big buyers want the average rate to be $35/acc/month and above — preferably between $40-$45/acc/ month. Low rates are a killer on price. Not only does the multiple go down, but the overall price shrinks too due to the low rates.
When we go beyond these two factors it is a bit of a crap shoot as to what is next in line for importance. In the United States it would be that the dealer has signed monitoring contracts on all his accounts with the proper waiver of liability. Americans are adamant about having signed contracts. In Canada, it is important but not always a deal breaker.
Ten years ago, having all your panels programmed to your lines and call forwarded to the monitoring station was very critical. Today with a much higher percentage of cell and interactive accounts which can be transferred more easily, the call forward line issue is still important but not as critical.
Next in importance, based on what I experience, are the panels installed on your accounts. Today the ideal account base has a high percentage of panels like Qolsys or Neo panels. These are state of the art panels and can handle extra services like Alarm.com. In some cases, buyers of smaller blocks of accounts will pay lower multiples for accounts with older panels in hopes they can get an upgrade.
Accounts with a high percentage of cell and interactive services built into them tend to attract higher multiples. Today, it is not uncommon to find 50 per cent of an account base on cell or interactive (Alarm.com). Not only does this give you higher monitoring rates but also the stats show the extra services make the accounts “stickier.”
Strangely enough, the next factor that can affect the multiple paid for a block of accounts is whether the accounts are sold into an “asset” or “share” deal. Share deals tend to get done at lower multiples than asset deals because the purchaser can’t write the purchase price off in a share deal. The bigger buyers of accounts don’t like to do share deals. They say they are more complicated and come with more risk. This may be true but the discount that buyers of shares sometimes are done at are too large. I believe the justifiable discount should be more like 3X RMR, not 5X RMR.
The last three items that can affect price in a sale of accounts are in no particular order: the location of the accounts; the way the accounts are billed; and the attrition rate on the accounts.
Regarding location, my sense is that 1,000 accounts located in the Greater Toronto Area (GTA) will tend to attract slightly higher multiples (1 or 2X at most) than those in a smaller city unless there are enough accounts being sold in the smaller city for the buyer to have an office, i.e. 2,500 accounts or more. Paying more in the GTA makes some sense because it will likely be easier to find techs to service in the GTA and there is a good chance
that extra accounts in the city create more density. How accounts are billed is important. An account base totally on Pre-Authorized Payment is more attractive these days than one that has to be invoiced. Invoicing costs money. Secondly getting accounts on PAP is reputed to help decrease the attrition on the account base.
Finally, there is the attrition factor. The textbooks all say that attrition should be a big factor determining price and yet most buyers that I deal with don’t do enough due diligence on the account base before buying to know what the real attrition rate really is.
So, taking all this into account, if I had an account base with 500 accounts, and I wanted to attract a higher price I would: upgrade all my panels; try to sell interactive service on as many accounts as possible; get my average monitoring rate to $35/month and above; and put all my accounts on signed contracts and on PAP.
But let’s keep in mind that there are other factors besides the upfront multiple to take into consideration. I am referring to the length of attrition guarantee period and the pay-out period for the accounts.
You can have a multiple of 38X but have that reduced with either a payout of the purchase price over 24 months or a two-year attrition guarantee. The upfront multiple is never the whole story.
Victor Harding is the principal of Harding Security Services (victor@hardingsecurity.ca).
Integrated Control Technology (ICT) has ushered in a new chapter with the appointment of Andy Bane as its Chief Executive Officer. With decades of leadership experience in operational technology and software, Andy is poised to leverage his expertise with the vision and enduring legacy of Hayden Burr, ICT’s founder and new Chief In novation Officer.
Andy Bane (AB): Three things really got me excited about joining ICT. First is our team, a terrific group of dedicated, resourceful problem solvers with a shared focus on helping customers succeed.
Second is the potential for ICT customers across Canada to succeed. I’m eager to create those “ah-ha” moments for them and elevate our brand recognition.
And finally, the solution. ICT’s unified Protege platform is purpose-built for access control, intrusion detection, and smart building automation – all backed by a team with deep subject matter expertise.
Hayden Burr (HB): After more than 20 years leading ICT, I’m excited to pivot to a role that will enable me to think deeply about future needs, and where things are headed. This role allows me to focus not just on product innovations but also on all the ways we can evolve to better meet the needs of our partners and customers.
AB: Growth goes beyond just having a great product. Our focus is on three key pillars – scaling operations, strengthening go-tomarket strategies, and advancing our technology platform.
We have a very open and flexible platform, something our partners value highly. One of them told me, “I haven’t found anything ICT can’t do – and do reliably and repeatedly!” That’s a testament to the engineering behind our solutions.
That said, we know integrators and end-users look at more than just features. The total cost of ownership, the quality of our training, the expertise of our support team – all of these matter. ICT already excels here, but we’ll continue our push to be even better.
We’re also exploring deeper solutions for key verticals like healthcare, multifamily, education, and banking. Our new tagline “Secure Your Success,” captures the essence of what ICT aims to achieve – ensuring our partners and customers thrive.
AB: This industry is evolving rapidly. Customers are asking for adaptable solutions that are easy to integrate across technologies. Our open platform aligns perfectly with this demand by offering flexibility and future-proofing. No one wants to be locked into a rigid, closed system.
There’s also a need for hybrid cloud capabilities. While the cloud is becoming more prominent, many users still require on-premises solutions. ICT is committed to delivering both because it’s not a one-sizefits-all world.
Under the joint leadership of Andy Bane and Hayden Burr, ICT is poised for a powerful next chapter. Together, they represent the best of both worlds for ICT’s future – ready to drive innovation in access control and smart building solutions for years to come.
ICT’s Protege Wireless Lock range, where modern design meets advanced security. Just one credential is needed for simple access from the perimeter to the penthouse. With wireless and hardwired doors, visitor entry, mobile app, and more – ICT has the complete multifamily solution.
Cartridge mortise, deadbolt, and new rear-mount mortise available to order now
There is a growing awareness of the need for good cyber hygiene in security installs, but is it enough?
By James Careless
The number and complexity of cyber threats to security systems keep growing, and AI is making matters worse. At the same time, there are ways for the security industry to fight back against these threats. But it requires a consistent dedication to applying best practices and good cyber hygiene.
These are the takeaways from discussions with three industry experts: Dean Drako, founder and CEO of Eagle Eye Networks; Will Knehr, global cybersecurity advisor at i-PRO; and David Senf, senior director of cybersecurity research with Gartner’s Emerging Technology Group.
These days, “security systems face a wide array of cyber threats, including brute force attacks on default credentials, ransomware targeting access control databases, and man-in-the-middle attacks to intercept sensitive data,” says Knehr. “Additionally, IoT devices like cameras are vulnerable to firmware exploitation and DDoS attacks, where hackers commandeer devices to form botnets. Another
growing concern is the exploitation of software supply chains, where attackers insert malicious code into firmware or updates.”
“There are many, many kinds of cyber threats and new variations are being created all the time,” says Drako. Beyond the threats described by Knehr, Drako listed “the exploitation of security system misconfigurations, social engineering/ phishing campaigns, and attacks targeting supply chain vulnerabilities.”
According to Senf, both financially-motivated ransomware actors and nation-state threat actors are attacking security systems.
“They are exploiting exposed vulnerabilities in security cameras (e.g., firmware, other vulnerabilities), card readers (e.g., skimming attacks, relay attacks) and most often the connected network supporting access between these devices and into IT systems,” he says.
“Most attackers are not interested in the video feeds or card data, but rather the access into other systems of even higher value to them. Hactivists and nation-state threat actors may have some interest in the security system data, but the financially motivated attackers mainly want to disrupt systems that will cause the most harm to an organi-
zation to then coerce the largest payment possible to end the disruption.”
When it comes to security systems, “AI has become a double-edged sword,” says Knehr. “On one hand, it enables faster threat detection and response. On the other, hackers are leveraging AI to create more sophisticated attacks. AI tools can automate reconnaissance, identify vulnerabilities more efficiently, and even craft highly convincing phishing campaigns.”
That’s not all. “AI and in particular GenAI enables threat actors to launch a much higher number of attacks than otherwise possible,” Senf says. “Their tactics of stealing access credentials, exploiting known vulnerabilities and phishing campaigns remain top modes of initial access and eventual impact. But by automating tasks like vulnerability scanning, personalized phishing campaign creation, and even malware development, they can massively increase their productivity and the total number of organizations compromised.”
Unfortunately, the advent of AI has been accompanied by AI-powered social engineering. “For example, AI-generated voice and video can
impersonate personnel with the goal of manipulating remote access controls,” says Drako. “Likewise, AI-generated emails can trick individuals into revealing credentials.”
“One of the most concerning new threats is the rise of AI-enabled cyber attacks, such as malware capable of learning and adapting to defences,” Knehr says. “Additionally, the increasing integration of security systems with smart building technologies introduces vulnerabilities from less secure IoT devices.”
There is also a rise in attacks targeting the AI and machine learning capabilities embedded within security systems.
“For instance, adversarial attacks could be used to manipulate AI-powered video analytics to misclassify events, ignore intruders, or create blind spots,” says Senf. “The wider adoption of IoT protocols like MQTT and CoAP in security devices opens up exploitation of devices using these protocols if they are not securely tested, implemented and managed.”
The bottom line: “The AI arms race between defenders and attackers underscores the need for continuous innovation in cybersecurity measures,” Knehr says.
Some firms are opting to base their security systems entirely in the cloud whereas others are using a mix between the cloud and on-premises servers, an approach known as “hybrid.” Both approaches have their benefits and shortcomings — and neither is bulletproof.
For instance, while cloud providers do invest heavily in security infrastructure and expertise, the “shared responsibility model” between them and their users may result in openings that can be exploited by hackers. “This is because many organizations fail to properly secure their cloud services through inappropriate/too much access, misconfigurations of services and overprovisioning of cloud services/larger attack surfaces,” explains Senf.
Meanwhile, although hybrid security systems offer more flexibility than cloud-only systems, they “introduce a significant amount of security complexity,” he says. “They often create a larger and more fragmented attack surface because security needs to be managed across both on-premise and cloud environments, potentially with different security policies and tools.”
Knehr notes that hybrid systems can provide strong centralized security controls to users through features such as automated updates and advanced threat detection. However, “hackers might exploit misconfigured cloud interfaces, vulnerabilities in on-premise hardware, or insecure communication between the two,” he says.
“The hybrid nature of these systems also means attackers have more opportunities to exploit human error, such as weak passwords or improper segmentation between cloud and
on-premise networks.”
And if this isn’t enough, “new types of attacks like hybrid ransomware (which targets both on-premise devices and cloud data) and AI-driven exploits (which look at infrastructure patterns to find holes) are very dangerous,” says Drako.
The takeaway: Whichever system you choose, be aware that risks exist in each of them that must be managed at all times.
According to the cybersecurity firm Kaspersky Lab, “Cyber hygiene refers to the steps that users of computers and other devices can take to improve their online security and maintain system health. Cyber hygiene means adopting a security-centric mindset and habits that help individuals and organizations mitigate potential online breaches. A fundamental principle of cyber hygiene is that it becomes part of everyday routine.”
To achieve good cyber hygiene, security operators need to manage their systems in line with cybersecurity best practices. According to Knehr, they include:
• Regular Updates: Ensure all devices and software are updated with the latest security patches.
• Strong Authentication: Implement multi-factor authentication and enforce strong password policies.
• Network Segmentation: Isolate security devices from the broader IT network to limit potential lateral movement.
• Monitoring and Incident Response: Use tools to continuously monitor systems for anomalies and have an incident response plan in place.
• Training and Awareness: Conduct regular training for employees and operators to recognize and respond to cyber threats.
• Vendor Vetting: Work with manufacturers that prioritize security, provide transparent updates, and adhere to industry standards.
• Proactive Risk Assessments: Regularly review and assess vulnerabilities within your environment.
Senf also adds to the list: “continuous security monitoring and logging to detect anomalies and suspicious activity, coupled with a well-defined incident response plan to handle breaches effectively.”
Meanwhile, for those security network operators seeking a “Big Picture” view of this problem, “best practices start with a foundational understanding of organized frameworks such as the NIST Cybersecurity Framework, IEC 62443 or CIS Controls,” he advises.
The quest to achieve good cyber hygiene doesn’t end here: “Zero-trust architecture is key for cloud security, assuming nothing is trustworthy and requiring strict access controls,” says
Drako. “AI and machine learning also enhance threat detection, with unsupervised machine learning finding anomalies and AI automating threat response. Organizations are using unified tools for better visibility and real-time threat detection across their environments: Automation is key for compliance and to reduce errors. They are also preparing for quantum computing by adopting new algorithms and prioritizing energy-efficient data centres to reduce environmental impact.”
The moral: Good cyber hygiene is an attainable goal, but it requires a consistent and dedicated effort.
We have considered the vast array of cyber threats confronting security systems. We have also looked at the solutions that exist to combat them, through the application of best practices and good cyber hygiene.
So how well is the security industry heeding this advice? “Diligence in cyber hygiene within the security system industry is unfortunately often lacking, though it’s improving slowly,” offers Senf. “Many integrators, especially smaller ones, may lack dedicated cybersecurity expertise and may prioritize functionality and cost over robust security capabilities. End user organizations, particularly smaller businesses, often underestimate the risks associated with security systems and may not be proactive in applying updates, changing default passwords, or implementing network segmentation.”
“While awareness of cybersecurity has improved, there’s still a long way to go,” says Knehr. “Many integrators and end users do take steps to maintain good cyber hygiene, such as applying patches, changing default passwords, and segmenting networks. However, inconsistent practices and resource constraints often lead to gaps. For instance, smaller organizations might lack the expertise or budget to fully implement best practices.”
“Integrators and end users are far more diligent about maintaining good cybersecurity hygiene than they were even five years ago,” adds Drako. “However, good cyber hygiene needs to be an ongoing collaborative effort among integrators, end users and manufacturers. This is why it’s so important for integrators to vet their manufacturer partners, to assess their cybersecurity practices and record.”
To summarize, security system operators have the ability to deal with cyber threats as they evolve and proliferate — but not all are committing the necessary resources to do this consistently. Unfortunately, the current threat environment won’t tolerate any kind of relaxed attitude.
The people who are trying to break into security systems are as much of a threat as the people trying to break into the premises that these systems protect.
Strategic planning is essential for business growth, regardless of where economic headwinds may be coming from next
By Neil Sutton
With a potential trade war with the United States brewing, Canadian security companies are taking stock of their situation and in some cases rethinking market strategies in order to cope with possible economic fallout in the months and years to come.
Camden Door Controls, based in Mississauga, Ont., is a Canadian-owned manufacturer of access control and door control solutions. The majority of its products are made in Canada with some contract manufacturing overseas and global sourcing of components.
David Price, executive manager of corporate development at Camden, says the company is pursuing a three-part strategy to prepare itself for the future and successfully navigate any fluctuations in the economy. First, to shore up its Canadian customer base and continue to expand its market presence in Canada; second, to explore cost savings and efficiencies inside the business; and third, to expand into new international markets.
“Driving efficiencies is good for the company, it’s good for the customers,” says Price. “Something like a crisis will always precipitate
that kind of examination.”
[Editor’s Note: Interviews for this article were conducted shortly after Prime Minister Justin Trudeau announced at the beginning of February there would be a 30-day pause on tariffs levied against Canadian goods, based on his discussions with U.S. President Donald Trump.]
Price says that most of Camden’s business is currently done in Canada and the U.S. Expansion into the U.S. has been relatively straightforward because the two countries share similar codes and standards for low-voltage products, says Price. Expansion into some international markets, particularly Europe, is much more difficult, he says, because there are deeply entrenched trade and regulatory barriers that must be met.
Montreal-based Genetec is one of the best-known brands in the security industry and a global market leader in video management and access control systems, according to analyst reports (no.1 in VMS and currently no.2 in access control software).
Andrew Elvish, vice-president of marketing for Genetec, says the company conducted a rigorous examination of its supply chain approximately a decade ago. Genetec has since
looked at all potential elements of supply chain risk, including those posed by cybersecurity risks, the impact of a global health crisis like the pandemic, and tariffs. “We wanted to build relationships that delivered dependable products to our customers no matter what’s going on,” says Elvish.
“We’re extremely proud of being a Canadian company … but we put our foot down as a global company. Diversifying supply chains, which we’ve been doing over the years, has been super important to making sure we’re in a good position,” adds Elvish.
Genetec has offices globally, as well as production facilities in multiple countries including Canada, and a diverse contract manufacturing ecosystem. The company is able to adjust production lines between different countries, which allows it to respond to changes in domestic economic policies and shifting tariff situations.
Price notes that the COVID-19 pandemic was a proving ground or stress test for businesses globally, as they handled restrictions based on public health policies as well as occupancy limitations placed on workplaces and public gathering places. The security industry
INCEPTION CONTROLLER WITH ENCLOSURE, TWO READERS AND 5 FOBS
STANDARD LAN ACCESS MODULE (2 DOOR) WITH POWERED ENCLOSURE (3 AMP) AND TWO READERS STANDARD LAN ACCESS MODULE (4 DOOR) WITH POWERED ENCLOSURE (3 AMP) AND FOUR READERS
was able to ride out this situation better than most. “We actually grew through the pandemic,” says Price. “In fact, I don’t think we had one product that was back-ordered due to supply chain issues during that entire period of time.”
In response to recent tariff threats, there has been a groundswell of Canadian patriotism and the emergence of a fervent “Buy Canadian” movement. “I think it’s more important now than ever that we support local,” says Imran Hasan, president of Transglobal Systems of Canada (TSOC), based in Mississauga, Ont.
“While it’s important to support our local restaurants and our farmers, I think supporting local is a message that goes far beyond that. There’s many businesses that are Canadian and employ local people and have technologies and products and services that are serving local businesses,” he says.
TSOC, which specializes in network cabling infrastructure and communications solutions, operates almost exclusively within Canada. While the company once considered expanding into U.S. markets, the financial barriers outweighed the benefits, making domestic growth a more strategic choice, ac -
cording to Hasan. “There wasn’t enough of a motivation for us to make that decision and in hindsight it was probably a good idea not to explore that option,” he says. “I’m really optimistic about what the future looks like and I think it’s very important that we have that conversation about supporting local.”
Price says the national shift towards supporting Canadian companies and Canadian-made products is almost unprecedented. “We’ve seen a drive towards Canadian-made products on the level that we haven’t seen probably in our lifetime,” he says. “As Canadians, we’re coming to understand that we need to buy locally to help our country. That’s fundamentally important to support Canadian-based businesses in our domestic market.”
He says that supporting Canadian businesses is not only good for the local economy, but also supports job creation and Canadian innovation. Profits that are retained in Canada are reinvested in new Canadian design copyrights, patents and technology, as well as Canadian facilities. “That supplies the money we need to make Canada a leader in global manufacturing,” says Price.
When given a choice, choose Canadian products, he adds, but tread carefully, make sound purchasing decisions and be aware that
many, many Canadians are employed by companies that operate in Canada but are based overseas.
Talent development at home Genetec offers an encouraging environment for home-grown talent with a robust internship program, says Elvish. The company provides job training for more than 400 interns from local universities. For example, Genetec partners with Montreal-based Concordia University for its Women and Engineering program which matches female interns with female mentors from Genetec. In January, Genetec was recognized as one of Canada’s Top Employers for Young People by MediaCorp Canada for the second consecutive year.
“We do think of ourselves as a global company, but that said, we employ well over 1,000 people in highly skilled development jobs in Canada,” says Elvish, adding that “we’re an important part of the Quebec economy.”
As Canada-based security businesses continue to evaluate the tariff situation and adjust their approach to the market, preparation is key, says Price. “Camden is meeting weekly to review new information and we have plans in place to meet a full range of potential U.S. tariff restrictions,” he says.
• Image-based video searching with just one click
• Upgrades in perimeter protection & Motion Detection 3.0
• Excellent noise reduction e ect, enhanced vocal clarity & audio quality
• Larger sound coverage, better warning e ect, enhanced two-way audio
• Anti-corrosion materials for better durability and performance
• AI noise reduction for enhanced dynamic image & static detail clarity
AIWDRAIWDR
Enhanced wide dynamic range automatically turns on & o for sharper images
Accurate 3D colour correction shows the true colours of night scenes
Camden is ready to meet your next project specification with a complete range of maglocks and strikes that offer the highest quality, the most features, and the best value!
Top of the line features like universal design, FREE LATCH MONITORING, full compliance with UL Security and Fire Standards, and industry-leading warranties are included at no extra cost!
Choose Camden for the perfect blend of security, style, and peace of mind. Visit us online at www.camdencontrols.com
Robotic Assistance Devices AVA (Autonomous Verified Access) Gen 4 is an advanced AI-powered access control solution for both residential and commercial applications. Completely redesigned, AVA Gen 4 integrates a new hardware and software platform, and security enhancements to serve a broader range of clients. AVA’s code has been rewritten, optimized for its NVIDIA-based processing platform running on Ubuntu. AVA Gen 4 consolidates all power supply and system controllers within its chassis, eliminating the need for an external utility box. A completely restructured design makes AVA Gen 4 33 per cent lighter. AVA Gen 4 also introduces an advanced tailgating detection
www.radsecurity.com
The Virtual Intercom combines guest communication with robust security without the need for additional hardware or complicated installations. Key features of LocklyPRO Virtual Intercom include: real-time video communication (twoway video calls allow property owners to interact with guests); remote unlocking (unlock doors remotely or send single-use offline access codes via the virtual keypad for secure entry); guests can connect by scanning a QR code; and geo-fencing for enhanced security. The Virtual Intercom is available as part of LocklyPRO’s subscription plans. The Virtual Intercom is compatible with all Lockly Smart Locks except for the Lockly Vision series and can be integrated into both residential and
Middle Atlantic Products
Middle Atlantic Products announced the latest additions to its NEXSYS AV power distribution and backup platform, the NEXSYS Online UPS Series. Available in 12 configurations, the NEXSYS Online UPS Series offers six or eight outlets with bank or individual outlet control, in 15 Amp 1000VA and 1500VA, 20 Amp 2000VA, and 30 Amp 3000VA models. Every unit comes assembled and connected from the factory. With preinstalled rack ears with “4Post” mounting brackets and a connected battery, installers can quickly mount and plug it in. www.legrandav.com
Axis Communications
Axis Cloud Connect is an open cloud-based platform designed to provide flexible and scalable security solutions. It is designed to work together with Axis devices to enable a range of managed services that support system and device management, video and data delivery and meet cybersecurity demands. Managed services enable secure remote access to live video operations, and improved device management with automated updates throughout the lifecycle. Cloud Connect also offers user and access management for control of user access rights and permissions. www.axis.com
IrisTime iTMS Cloud is a solution to help organizations better manage time and attendance functions. iTMS Cloud is a critical enhancement that when paired with biometric time clocks such as the IrisTime iT100 automates data collection and converts transactional data in real time. iTMS Cloud allows secure management of employee information through a web portal that can be accessed from anywhere there is an internet connection. Features of iTMS Cloud include: time & attendance management; all information relating to the employee is securely stored; the need for upgrades and hours lost on maintenance is reduced.
www.irisid.com
The 3100i series of entry-level fixed dome and bullet form factors feature edge-based, application-specific AI, allowing for real-time analysis and immediate response to potential security threats. The range includes the Flexidome micro 3100i, Flexidome 3100i IR, and Dinion 3100i IR cameras in indoor and environmental (outdoor) models from 2 or 5MP, IR, and non-IR models with up to 30 fps and a High Dynamic Range of 120 dB. www.boschsecurity.com
Gallagher Security
The Controller C7000 Enhanced offers Gigabit ethernet, network redundancy (including two ethernet ports with their own MAC address capable of supporting separate networks), and a higher level of protection with an in-service relay, temperature sensor and eFuses. The C7000 product range are IP-based controllers that can manage all localized access control, intruder alarms, perimeter security, business automation and logic needs. www.gallagher.com
MPC-3000 Series panel computers, powered by Intel Atom x6000E processors, offer six series that feature screen sizes ranging from 7 inches to 15.6 inches. Designed for use in harsh industrial environments, these panel PCs come with advanced touchscreen functionality and sunlight-readable displays, and support wide-temperature operations.
www.moxa.com
Quanergy Solutions
The Q-Vision F540 3D iToF LiDAR sensor delivers environmental and vibration performance for both off-road and indoor industrial vehicles — including forklifts, Autonomous Guided Vehicles (AGVs), Autonomous Mobile Robots (AMRs) — coupled with imaging quality, edge compute intelligence and accurate volumetric measurements. The Q-Vision F540 offers a low-noise point cloud and high resolution. www.quanergy.com
The VIVOTEK Device Manager is an all-in-one remote management service that allows large enterprises to manage thousands of network cameras, assign IPs, and update firmware remotely. For instance, when a camera goes offline, the system immediately sends a notification, effectively preventing potential security incidents. The Device Manager is available for free download on the official website and can be used by entering the IP address of a VIVOTEK camera. Key features include: Batch deployment for fast set-up and enhanced remote management for maintenance. www.vivotek.com
