By Tony Dozier
While digital transformation is significantly impacting the security industry, it goes beyond just implementing new solutions. CIOs and IT professionals are having to re-examine their established security systems to drive continuous innovation.
According to Gartner, by 2023, 75 percent of organizations will restructure risk and security governance to address new cyber-physical systems (CPS) and converged IT, OT, Internet of Things (IoT) and physical security needs. By combining cybersecurity and physical security practices, IT leaders are working to reduce the risk of cyber-attacks.
With the rapid growth of IoT, paired with a rise in cyber attacks, companies need to stay vigilant to protect their employees, property and assets from potential threats.
Along those lines, video surveillance systems are among the most widely utilized technologies in the security industry. While IoT has skyrocketed in popularity over the past few years, devices are facing increased scrutiny from the IT industry and are still presenting some significant challenges for businesses. The IoT space includes such a vast network of devices that it can be challenging to keep the entire system secure. This is especially true for companies that have switched from analog to IP video cameras, which are controlled on and relay data over the network.
Cyber threats are continually evolving, so businesses must ensure proper measures are taken to protect their video surveillance systems. Below are some best practices to help companies maintain cybersecurity and protect their business’ video data.
Build awareness of what’s on your network: The first step to ensuring your system is secure is knowing what currently resides on your network. This also means knowing how the devices on your network are operating.
Unfortunately, harnessing this information can be more complicated than you think. For example, maybe you have stepped into a new role and have adopted your organization’s existing security program, or your company recently went through an acquisition or merger. These circumstances could mean you may be inheriting hundreds to thousands of new video surveillance devices with little or no documentation.
However, there is a solution that can help. Implementing an IoT governance platform makes tracking and managing your IoT devices much more accessible by providing visibility into all the devices on your network in a single dashboard. An IoT governance platform can also automatically detect and verify all core physical security components such as access control panels and video surveillance cameras.
While there are existing IT native software packages that do this, they rarely integrate with the physical security equipment to provide a more well-rounded security strategy.
Strengthen the relationship between IT and physical security departments: Unfortunately, it is not out of the ordinary for video surveillance cameras or other network-enabled devices to be implemented without the knowledge or input of the IT department. However, it is in the best interest of the company to involve IT and physical security leaders when integrating these systems.
This will lead to a stronger relationship between both departments and help develop a comprehensive plan for system integration. By working together from the start, IT and physical security leaders will be able to better protect the network as well as the business’ assets and employees.
Encourage regular vulnerability testing: Conducting regular vulnerability tests on all network-controlled cameras can help decrease the risk of a cyber attack.
One way to ensure each video surveillance component has been thoroughly evaluated is to run it through protocol testing. Protocol testing inspects the security of communications to and from the device on the network, all while determining whether these communications are in danger of being intercepted for unauthorized modification. Protocol testing will also examine the strength of encrypted transmissions.
Hardware testing can also be used to determine whether each video surveillance component has been thoroughly evaluated by taking a closer look at the physical, software and connectivity of the IP video surveillance devices. This can work well in tandem with firmware analysis to vet backdoor accounts and analyze any other vulnerabilities that could live on the network.
With the updates in technology, there are now automated ways to identify and resolve cybersecurity vulnerabilities across your business’ network. Service assurance technology will automate firmware updates, conduct a device password check and track your inventory. It can detect and diagnose your security platform performance problems and cybersecurity vulnerabilities, as well as help you resolve them.
Develop strong password requirements: We all know a cyber attack can be extremely damaging and costly to an entire organization, but good cyber hygiene starts with a basic rule of thumb: Updating device passwords. Hacker applications can readily guess most simple passwords with some degree of ease.
Over the past few years, video manufacturers have become a significant target for hackers because many publish their default usernames and passwords online. Businesses are then expected to change the password once they get the devices in their possession, which unfortunately is an often-overlooked step.
Though not every password is hacker-proof, it is crucial businesses practice a culture of strong password requirements from the onset of system deployment.
An additional way to prevent a hacker from gaining control over your system is by confirming your integrator has configured IP video and network-based cameras on ports that differ from the ones programmed in manufacturer factory settings — for example, selecting uncommon ports from the thousands defined to make it more challenging to identify and attack the system.
With the constant threat of cyber-attacks, it is necessary for businesses to implement an aggressive approach to protect their system and security program by following best practices for cybersecurity and video surveillance.
Working with a security integrator will help businesses stay informed of potential threats and aware of any cutting-edge security solutions they have at their disposal. By partnering with a trusted security integrator and following best practices, businesses can better protect their video surveillance system from the threat of cyber-attacks.
Tony Dozier is director of business development at STANLEY Security.