ISE 2025: 5 Essential Tips from an AV Cybersecurity Expert

Control & Automation

Explore essential cybersecurity tips for Networked AV shared by experts at ISE 2025.

TheThe evolution of Pro AV to Networked AV holds many positives, though in the world of cybersecurity there are some concerns that come along with the convenience. At ISE 2025, Shaun Reardon, Principal CyberSecurity Consultant – DNV AS and Graeme Scott, Global Training Manager – HARMAN had an insightful conversation at the Xchange LIVE stage that included five essential tips for cybersecurity that apply to the professional AV industry and beyond. Here are some key takeaways.

1. Acknowledge that a cyberattack will happen.

In today’s world, it’s a matter of ‘when’ not what ‘if.’ The first step in protecting your business from a cyber attack is accepting the inevitable. Companies often spend much of their resources trying to protect from an attack, but Reardon recommends putting a large portion of your budget on prevention. 

From his experience, attacks occur in three forms: They’ve had an accident; they know the rules, but ‘they don’t apply to me because I’m far too important;’ or something deliberate. “It doesn’t have to be an army of hackers, it could be a mistake,” Reardon reminds us.

2. Organizations should both compartmentalize and create a culture around security. 

It’s not a shocking revelation that not everyone in your company needs the same level of clearance for accessing information, but it’s something many companies get wrong to a fault. Reardon asserts that there needs to be a clear barrier between the people at your company who know information, and those who do not. Any gray areas create vulnerabilities you can’t afford to overlook. Not all attacks are deliberate, and sometimes when the wrong people have access to non-essential information, there are bound to be unintentional issues. 

How do you prevent these mistakes? Security needs to be folded into your company’s culture, just as much as you promote teamwork, work-life balance, or any other major cultural pillars. Be clear on how important the monthly security trainings are, and if possible, make them interesting enough that people will take them seriously. Or, point out the real threats to employees personally. “If we don’t lose this much money, you’ll get a bigger bonus,” Reardon suggests. “Do you gamify, can you make it into a competition? You have to rely on persuasion and ‘carrot’ really.” 

Graeme and Shaun discuss Cybersecurity at Xchange Live, ISE 2025
Shaun Reardon (left) and Graeme Scott (Right) discuss AV Cybersecurity at Xchange LIVE, ISE 2025.

3. Be aware that threats tend to occur where your systems join.

Before networked AV, systems operated on islands. But the moment systems began to integrate over IP, much more risk was introduced. “I see this on very complex systems on oils and ships, where you get a multitude of systems and the problems are always where they join,” Reardon says. This doesn’t necessarily have to be a negative for your company, however. The level of security your company achieves can be a huge advantage when you’re competing for business. 

“Cybersecurity is a market differentiator,” Reardon explains. “You’ve all got shareholders. Some of you’ll be on the stock market. They will want to know what we are doing about cybersecurity because you can’t avoid it these days.” 

The choice to do business with your company or a competitor might come down to how you’re handling their data or how secure things are at those vulnerable integration points.

4. Evaluate the necessity of your legacy equipment.

You know that ancient relic you have sitting in your office that current employees don’t touch but you keep lying around? If it poses even the slightest security risk to your company, get rid of it! Old equipment is often kept because it still works and companies are trying to be sustainable. It’s a noble idea, but the risk associated with that piece of equipment can be so high, it’s not worth keeping. It might be time to give it the Office Space treatment (kidding!) or handle the due diligence of properly wiping the data and responsibly recycling the item. Your future self will thank you for squashing vulnerabilities before they become bigger problems.

“If you’ve got legacy equipment, think about how you can protect it either by policy or by technical measures. There’s almost always a way of reducing risk,” Reardon says. 

5. Don’t project your morals and values onto the rest of the world.

It’s something we learn at a very young age but tend to forget: we all think differently. This goes for people within your own company and those externally who may be capable of causing your business harm. Assuming that something won’t happen just because you or your close acquaintances aren’t capable of doing it is naive and very risky. 

“If you honestly don’t believe that people out there will turn off the power to a baby unit, you know, to an incubator, they will, they’ll do it,” Reardon states. “So trust nobody and don’t ever project your own morals and values onto what you think people are capable of. Because unless you have been in that world, you have no idea what people can be.”

(February 18, 2025). Dana Jelter and Graeme Scott – AVIXA. Retrieved from https://xchange.avixa.org/posts/ise-2025-5-essential-tips-from-an-av-cybersecurity-expert