In 2017, IoT-based cyberattacks increased by 600%. As the industry moves towards the mass adoption of interconnected physical security devices, end users have found a plethora of advantages, broadening the scope of traditional video surveillance solutions beyond simple safety measures.

Thanks in part to these recent advancements, our physical solutions are at a higher risk than ever before. With today’s ever evolving digital landscape and the increasing complexity of physical and cyber-attacks, it’s imperative to take specific precautions to combat these threats.

Video surveillance systems

Cybersecurity is not usually the first concern to come to mind

When you think of a video surveillance system, cybersecurity is not usually the first concern to come to mind, since digital threats are usually thought of as separate from physical security. Unfortunately, these two are becoming increasingly intertwined as intruders continue to use inventive methods in order to access an organization's assets.

Hacks and data breaches are among the top cyber concerns, but many overlook the fact that weak cybersecurity practices can lead to physical danger as well. Organizations that deploy video surveillance devices paired with advanced analytics programs often leave themselves vulnerable to a breach without even realizing it. While they may be intelligent, IoT devices are soft targets that cybercriminals and hackers can easily exploit, crippling a physical security system from the inside out.

Physical security manufacturers

Whether looking to simply gain access to internal data, or paralyze a system prior to a physical attack, allowing hackers easy access to surveillance systems can only end poorly. In order to stay competitive, manufacturers within the security industry are trading in their traditional analog technology and moving towards interconnected devices.

Due to this, security can no longer be solely focused on the physical elements and end users have taken note. The first step towards more secured solutions starts with physical security manufacturers choosing to make cybersecurity a priority for all products, from endpoint to edge and beyond. Gone are the days of end users underestimating the importance of reliability within their solutions. Manufacturers that choose to invest time and research into the development of cyber-hardening will be ahead of the curve and an asset to all.

Wireless communication systems

Integrators also become complicit in any issues that may arise in the future

Aside from simply making the commitment to improve cyber hygiene, there are solid steps that manufacturers can take. One simple action is incorporating tools and features into devices that allow end users to more easily configure their cyber protection settings. Similarly, working with a third party to perform penetration testing on products can help to ensure the backend security of IoT devices. This gives customers peace of mind and manufacturers a competitive edge.

While deficient cybersecurity standards can reflect poorly on manufacturers by installing vulnerable devices on a network, integrators also become complicit in any issues that may arise in the future. Just last year, ADT was forced to settle a $16 million class action lawsuit when the company installed an unencrypted wireless communication system that rendered an organization open to hacks.

Cybersecurity services

In addition, we’ve all heard of the bans, taxes and tariffs the U.S. government has recently put on certain manufacturers, depending on their country of origin and cybersecurity practices. Lawsuits aside, employing proper cybersecurity standards can give integrators a competitive advantage.

With the proliferation of hacks, malware, and ransomware, integrators that can ease their client's cyber-woes are already a step ahead. By choosing to work with cybersecurity-focused manufacturers who provide clients with vulnerability testing and educate end users on best practices, integrators can not only thrive but find new sources of RMR. Education, collaboration and participation are three pillars when tackling cybersecurity from all angles. For dealers and integrators who have yet to add cybersecurity services to their business portfolios, scouting out a strategic IT partner could be the answer.

Unlocking countless opportunities

Becoming educated on the topic of cybersecurity and its importance for an organization is the first step

Physical security integrators who feel uncomfortable diving headfirst into the digital realm may find that strategically aligning themselves with an IT or cyber firm will unlock countless opportunities. By opening the door to a partnership with an IT-focused firm, integrators receive the benefit of cybersecurity insight on future projects and a new source of RMR through continued consulting with current customers.

In exchange, the IT firm gains a new source of clients in an industry otherwise untapped. This is a win for all those involved. While manufacturers, dealers and integrators play a large part in the cybersecurity of physical systems, end users also play a crucial role. Becoming educated on the topic of cybersecurity and its importance for an organization is the first step.

Commonplace cybersecurity standards

Below is a list of commonplace cybersecurity standards that all organizations should work to implement for the protection of their own video surveillance solutions:

  • Always keep camera firmware up to date for the latest cyber protections.
  • Change default passwords, especially those of admins, to keep the system locked to outside users.
  • Create different user groups with separate rights to ensure all users have only the permissions they need.
  • Set an encryption key for surveillance recordings to safeguard footage against intruders and prevent hackers from accessing a system through a backdoor.
  • Enable notifications, whether for error codes or storage failures, to keep up to date with all systems happenings.
  • Create/configure an OpenVPN connection for secured remote access.
  • Check the web server log on a regular basis to see who is accessing the system.
  • Ensure that web crawling is forbidden to prevent images or data found on your device from being made searchable.
  • Avoid exposing devices to the internet unless strictly necessary to reduce the risk of attacks.
Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Joe Byron Vice President of Sales, MOBOTIX Corp

In case you missed it

Sanitization, Safety And Getting Back To Business
Sanitization, Safety And Getting Back To Business

You are not alone: operators everywhere are asking themselves what are they going to do? How are they going to get back to business, and fast? How are they going to cost-effectively operate with all the new safety requirements that have arisen as a result of COVID? How are they going to ensure it all gets done for the safety of customers and staff? How are they going to protect their brand from the negative exposure of being identified as a property with a reputation for COVID? The economic impact of COVID is expected to hit brick and mortar businesses the worst, as their businesses are dependent on people being physically present. According to a recent report by RBC, it is estimated that 70% of Americans expect to avoid public spaces, 57% of Canadians will be unwilling to attend conferences without a vaccine and 63% of people will prefer to drive vs fly.  This means, that for those of you in the business of travel, conferences, co-working spaces, retail stores, museums, art galleries, restaurants, sports arenas, hotels, cruises, airlines, resorts, theme parks, long-term care, education, etc. in the blink of an eye your approach to on-site safety just changed. To ensure your property is safe and secure, it is no longer just about access control, video surveillance and intruder alarms; it is also about sanitisation To get back to business and operating at full capacity after COVID, operations must find a way to eliminate the fear, uncertainty and doubt in the minds of their customers and employees. The affect of COVID-19 on safety and security To safely get back to business, the Centers of Disease Control and Prevention (CDC) emphasis that all operations need a pandemic response planJust like cybersecurity has had a direct impact on the IT strategy and budget, COVID will have a direct hit on the operations strategy and budget. To ensure your property is safe and secure, it is no longer just about access control, video surveillance and intruder alarms; it is also about sanitization, the lines between the security and maintenance just blurred. From customers, to employees, to government regulators, to management, the focus is now on operations and the sanitization policies, procedures and actions of the team. To put this change of priority into perspective, six months ago, sanitisation was not top of mind for people. Why, because it was not a life or death issue, we had other first world problems to garner our attention. From an operations perspective if we enabled a sanitization issue to become significant enough to impact the safety of customers and staff and therefore the brand, then that was an operational choice versus a mistake. Standards for sanitisation  Just like cybersecurity has had a direct impact on the IT strategy and budget, COVID will have a direct hit on the operations strategy and budgetThe issue is, today while the operating priority of sanitization has significantly increased, it is not measured and managed to the same standard as the other safety and security concerns across a business. Also, important to consider, while people may not hold an operation liable during this first wave, we can guarantee they are not going to be as understanding during the second wave or a future pandemic. To safely get back to business, the Centers of Disease Control and Prevention (CDC) and the Occupational Health and Safety regulators emphasis that all operations need a pandemic response plan and should follow these simple guidelines: Develop your plan Implement your plan Maintain and revise your plan While this sounds simple enough, keep in mind that requirements are constantly evolving and will continue to do so for the foreseeable future, or at least until all the research is in. To create an emergency response plan for a pandemic, properties must first determine what needs to be sanitized. The current requirements dictate that most surfaces and objects will just need a normal routine cleaning, it is only the frequently touched surfaces and objects like light switches and COVID has changed the game and made the digital transformation of operating procedures not a ‘nice-to-have’ but a must-havedoorknobs that will need to be cleaned and then disinfected to further reduce the risk of germs on surfaces and objects. The challenge is when you step back and consider what people touch in a day; the list quickly grows. After only 30 minutes, I easily came up with a list of over 60 items that one could call ‘high touch’! If you think about it, the list is extensive; telephones, doorknobs, drawer handles, counters, pens, keypads, computers, etc. and the list is only going to get longer as the research comes in.   The challenge is when you step back and consider what people touch in a day; the list quickly grows Operating efficiency  If we don’t change our ways, not only will we be doomed to continue making the same mistakes, but we will continue to be lost in paper and filing cabinetsTo scope the impact on operations as part of the plan, we must then find and identify all of those high touch things across the property. If we then combine that with the fact that CDC requires that all high touch locations must not only be cleaned more often, but that they also require that each location is first cleaned with soap and water, and then disinfected for one minute before finally being wiped down. This means a one-minute task just turned into a 4-minute task, that must now be completed multiple times a day. From a resourcing perspective this adds up quickly, and operating efficiency must be a priority. Not to mention it is going to get very complicated to measure and manage especially. Post COVID rules Getting back to business is going to be complicated; lots to do, lots of moving parts and no technology to help. The fundamental challenge to keep in mind is not that the sanitization requirements have evolved, the real issue is that for most businesses this area has been left unchanged for generations. Still today most rely on checklists, logbooks and inspections to manage the responsibilities of our front-line workers, which might have been fine before COVID. Post-COVID the rules have changed and so should the approach to managing physical operating compliance on the front lines. COVID like most physical operating requirements is tactical, detailed and specific; broad strokes, the honor system and inspections are not going to cut it. The digital transformation  COVID has changed the game and made the digital transformation of operating procedures not a ‘nice-to-have’ but a must-have. If we don’t change our ways, not only will we be doomed to continue making the same mistakes, but we will continue to be lost in paper, filing cabinets filled with checklists, never to be seen again. Only with the right data can we significantly improve the operational decisions necessary to accelerate our return to full operating capacity. At the end of the day, to fully recover, operations must eliminate the fear, uncertainty and doubt in the minds of customers and employees, only then can we really get back to business.

Which Security Technology Is Most Misunderstood, And Why?
Which Security Technology Is Most Misunderstood, And Why?

The general public gets much of its understanding of security industry technology from watching movies and TV. However, there is a gap between reality and the fantasy world. Understanding of security technologies may also be shaped by news coverage, including expression of extreme or even exaggerated concerns about privacy. The first step in addressing any challenge is greater awareness, so we asked this week’s Expert Panel Roundtable: Which security industry technology is most misunderstood by the general public and why?

Lessons Learned With Vanderbilt: How Have You Adapted To The COVID-19 Pandemic?
Lessons Learned With Vanderbilt: How Have You Adapted To The COVID-19 Pandemic?

With the postponement of tradeshows and events due to the effects of COVID-19, Vanderbilt and ComNet have taken their high quality, innovative solutions online, directly to their customer base. Through an Online Events and Training resource, you can stay connected with the brands’ top resources and products, as well as join upcoming product webinars hosted by their in-house experts. With a majority of the world currently working from home, businesses must respond to this changing landscape. As such, Vanderbilt and ComNet have turned to online resources to share new product demonstrations and other company news. One cornerstone of the ACRE brands approach was the launch of their Online Events and Training resource page. Ross Wilks, Head of Marketing Communications at Vanderbilt, credits this online resource as the anchor to their communicative success with customers at present. “Through weekly webinars delivered by our in-house experts, Vanderbilt and ComNet have embraced more virtual opportunities to continuously communicate to our customers regarding our latest and most relevant products,” he says. “To date, our webinars have covered a wide range of industry topics such as Why Physical Security and Cloud go together, and The most recent developments in card cloning and reader hacking. Attendance to these online events has proved popular and effective in keeping communication with our customer base open and engaging.” Each webinar ends with a Q&A section, as well as follow-up articles on the most asked questions, plus recordings of the webinars being made available to attendees. As such, the webinar approach has proven a receptive approach for Vanderbilt and ComNet. The Online Events and Training resource acts as a one-stop-shop for all virtual information. Overall, the page outlines the brands’ value-added resources for customers, including the ability to request a remote product demonstration, the availability of free online training, 24/7 access to the Vanderbilt webshop, plus the aforementioned weekly webinars. Vanderbilt and ComNet’s business mantra is built on a foundation of customer-focused core values such as empowerment, collaboration, and high performance and Wilks credits this mentality with their ability to keep information flowing to their base during the present pandemic. “The ACRE brands moved early to kick-start online webinars and ramp up awareness of their already existing online training and shopping options. Now more than ever, it is important to keep customers up to date on the latest offerings,” Wilks explains. “Our commitment has always been to make their customer’s security journey the best possible experience, and that is what this Online Events and Learning page primarily focuses on,” he concludes.