Latin America. Currently it should not surprise us that, considering the evolution of artificial intelligence, video surveillance is now one of the most used technologies in the security industry.
This high prevalence continues to grow exponentially year after year, as the presence of video is considered not only a detection and deterrence tool, but also as a crucial means of obtaining valuable information about operational, employee and customer activities in a number of industries around the world.
Many business owners know that as video capabilities and quality have improved, video can now provide meaningful and actionable intelligence about consumer and employee patterns, which can be critical to improving efficiency and success in a business.
In particular, video is very vast in terms of data and information, and in a world where the IoT (Internet of Things) permeates many scenarios that depend on interconnectivity, video along with many other connected devices has become a source of risk for different businesses. Particularly, the rapid growth of IP video convergence in recent years and the rise of IoT in security platforms, demands that business owners and their users remain highly educated, skilled and aware of the growing cyber threats emerging in the market.
This depth of knowledge should also focus, in a timely and fluid manner, on developing the fundamental best practices needed to maintain cybersecurity in the video arena. According to a study developed by IBM and Ponemon Institute - Cost of Data Breach: Global Overview 2017 - the cost of a data breach for small and medium-sized business merchants can be USD $35,000 or exceed USD $50,000. [1] Additionally, the study indicates that 10% of the funds lost in each case, as a result of a cyberattack, are declared unrecoverable.
We can cite some good practices or activities to consider when addressing cybersecurity threats to video data within any company. From these fundamental standards, a multi-faceted prevention and response program can be built, starting with a baseline of defense.
Perform regular vulnerability testing for all IP video products
Hardware testing should focus on both physical and software information and connectivity of IP video surveillance devices, ensuring that all items remain tamper-proof as possible. Protocol tests examine the security of communications to and from the device on the network, including encrypted transmissions, and whether these communications can be intercepted by unauthorized capture or modification. Finally, a firmware scan should check the system for anomalies, backdoor accounts, or other vulnerabilities, and should include installing firmware updates of available devices to respond to new or anticipated risks.
It is advisable to consult with security vendors consistently and frequently, to ensure that all mandatory manufacturer updates are implemented quickly and efficiently by such vendors.
When installing and updating any video surveillance system, you must limit the number of privileged users and minimize physical access to the equipment
Apply the principle of least privilege when considering the users of each company who will be granted high-level access to IP video surveillance settings and data. The golden rule is simple: no matter how trustworthy an employee or significant an asset to the organization is, the more people are aware of the system's components or data, the greater the likelihood that a system will be exposed to cyberattacks and vulnerabilities.
It is crucial to rely on the expertise of security integrators as a guide to implement a comprehensive selection and research process for privileged users of the system and ensure that demanding audit processes are implemented to track the movements of these users within devices and servers throughout the system in order to prioritize the development of strict policies that will immediately deactivate privileged accounts in case they are detect suspicious vulnerabilities.
Beyond these actions, all physical video equipment must be kept under lock and key. System components should not be allowed to fall victim to interference from the public or unauthorized persons by storing them securely within restricted areas with similar limited access standards.
Avoid using default passwords or ports
Many complex hacker applications have been designed to easily guess most passwords with some degree of ease. This has become a recurring vulnerability for many users over the years who use their default names and passwords.
It is important to practice a culture of exclusivity for all passwords from the start of any system implementation. While all passwords are not guaranteed to be impossible for cybercriminals to crack, the more complex and random they are, the less likely malicious people are to infiltrate or control the system. Similarly, it should be confirmed that users handle good IP video configuration practices and network-based cameras that allow reprogramming of factory settings.
Open communication with security teams and vendors about new threats, response strategies, and emerging technologies.
Within the constant scenarios against cyberattacks, collaboration between all levels, divisions and business partners is key. Obtaining and relying on the knowledge base of the integrators and service providers with whom each company works closely, must ensure the reception of security technologies and services of the highest level. There are different consultants within the IT world who offer best practices that business owners can leverage to engage their IT teams and others across the core of the business. With new threats emerging every minute, a pervasive alliance serves to bolster enterprise data protection by deepening trust with security partners.
The thought that adverse or problematic scenarios will never pass should be avoided at all costs, because it is only a matter of time before a vulnerability exposes itself and can affect business in some way.
Performing the right steps from the start ensures the employment of all possible measures to protect organizations against a number of cyber threats currently invading the market and allowing businesses to thrive in a new security environment.
By Manuel Zamudio, Industry Associations Manager at Axis Communications.
