International. "You shouldn't believe everything you read, especially when the topic is as important as cybersecurity. That's why we've decided to debunk some common cybersecurity myths, helping you choose device manufacturers based on hard facts, not perceptions," Fred Streefland, Director of Cybersecurity and Privacy at Hikvision EMEA.
Today, anyone can post their views, opinions, and versions of 'the truth' on social media and other online platforms. At the same time, media providers are increasingly aligned with other stakeholders and viewpoints, which gives some bias to their coverage of people and events.
Because of this, many social commentators have written that we now live in a post-factual era, where "people are more likely to accept an argument based on their emotions and beliefs, rather than one based on facts."
But this is not a sociology lesson, it is an opportunity to consider the impact of misinformation and 'fake news' on our industry.
So, let's take a closer look at some common cybersecurity myths that are based on emotional responses, rather than facts, and how they are confusing and, in some cases, even dangerous.
* Myth 1: Security vulnerabilities are the same as 'backdoors'
Whenever a security vulnerability is discovered in a camera or other network-connected product, the media loves to call it a "backdoor."
However, the fact is that vulnerabilities and backdoors are two completely different things.
Vulnerabilities can occur on any network-connected device that incorporates both hardware and software. In fact, vulnerabilities are inevitable and occur accidentally, with research showing that we can expect 2 to 3 bugs in every 1,000 lines of code.
Despite this fact, security-conscious device manufacturers minimize vulnerabilities whenever possible through "secure by design" production processes. If you imagine that some commercial applications consist of several million lines of code and that modern cars could contain even more than 100 million lines of code, you can do the math.
Backdoors, on the other hand, are security loopholes that are purposely added to the device's software to allow manufacturers or others to access the devices and the data stored on them.
Rarely, manufacturers temporarily add backdoors to products to support development, testing, or maintenance processes, and these backdoors are not removed by accident.
* Myth 2: Manufacturers add backdoors to their products for illicit reasons
This myth is easy to counter, simply because these 'illicit reasons' (such as espionage) are simply not possible. Once security devices, such as cameras, are installed on customers' networks, they are effectively 'protected' in terms of security, are primarily placed on a standalone network, and are often protected by firewalls and other security devices. And even if the end user decides to store data from these devices in a cloud, cloud providers have security service license agreements (SLAs) that keep them private, ensuring that outside companies, such as device manufacturers, can't access the data.
The most important reason to debunk this myth is the fact that the end users who purchase these cameras are responsible for the data/video streams they generate. In other words, they are the custodians of the data who process the data and have control of the video images, which must be kept private by law (according to the GDPR). Secret access to video images on these devices is impossible without the consent of the end user.
So, considering that even devices with backdoors can't be used to spy on companies, individuals, or nations, the myth instantly falls apart. Indeed, it is clear that the security features built into devices, networks and data centers, combined with the data protection responsibilities of end users, make spying and other misuses of backdoors literally impossible.
* Myth 3: Adding backdoors to products poses no real risk to a manufacturer
Again, this is an easy myth to debunk, particularly since device manufacturers who add backdoors to their products have absolutely everything to lose.
After all, high-profile business scandals and data breaches have shown us that the truth always comes out. Moreover, if a company is found to have deliberately added a backdoor to a product, its reputation would be destroyed, along with its business, virtually overnight.
This means that all companies, and especially large companies that have their own IP and R&D capabilities, have a number of checks and balances to ensure that a backdoor is never added to a product deliberately. This is especially the case in the security industry, where manufacturers are expected to protect customer data and operations 24/7/365.
* Article by Fred Streefland, Director of Cybersecurity and Privacy at Hikvision EMEA.
Leave your comment