The Importance of Cybersecurity in Modern Video Surveillance Environments

September 25, 2018

For organizations to identify security threats and vulnerabilities, mitigate risk, ensure operational compliance and combat fraud, a comprehensive and innovative security approach is necessary. With today's evolving risk landscape and the increasing complexity and severity of cyber threats, we must take advantage of emerging technologies, strong internal operator and process policies, and advanced analytics must be used to protect customers, staff and assets.

Technology plays a key role in this effort, but because the sole purpose of these solutions is to make enterprises safer, one can often be blind to the level of security of the technology or device itself. In today's world, there are no exceptions to cybersecurity vulnerabilities, leaving surveillance and associated technology open to a variety of risks.

When you think of a video surveillance system, cybersecurity may not immediately come to mind, as hacking and malware are often thought of as separate from physical security devices. But the two are quickly becoming intertwined, as intruders are starting to use more sophisticated and unique methods to gain access to networks, data and assets.

It is therefore critical for security leaders to focus on securing every aspect of their network infrastructure, which includes confirming software updates and firmware on surveillance cameras are completed as available. In addition, as more and more physical security devices become connected through the Internet of Things (IoT), encryption and vulnerability testing are essential to ensure secure data transfer. A threat could enter from anywhere in an organization’s ecosystem and regardless of the nature of the attack, the cyber criminal’s goal is to exploit vulnerabilities quickly and profit from them.

With so much information to be protected, security leaders need to evaluate how to secure not only their video data but also the entire video surveillance system. In the past, this meant making sure best practices were enforced so that an individual could not physically tamper with a camera; however, now the focus also incorporates IT processes, such as ensuring that no one can access the camera and its data via the network. This marks quite a change from years past when cybersecurity wasn’t part of any physical security conversation. But the adoption of IP-connected devices makes a cyberattack a genuine possibility.

Cyber threats continue to increase and evolve in sophistication, and security leaders – both IT and physical – need to maintain a proactive approach to mitigating this risk. As we continue to move toward the connected world, new cyber vulnerabilities will come to light. As a vendor in the video surveillance market, we are entrusted to provide secure products and guidelines to safeguard our products from risks and this includes cyber vulnerabilities.

Cybersecurity Capabilities to Consider
One of the best ways to reduce network vulnerabilities associated with video surveillance systems is to ensure strong levels of data protection. Highly secure encryption and comprehensive role-based access control are two capabilities that elevate protection while meeting the compliance requirements of mission-critical environments.

Encryption is typically a resource-intensive process that requires more powerful servers to maintain video performance, resulting in the need for customers to purchase additional costly hardware. By leveraging software-based encryption, video system performance is maintained with nominal CPU overhead, eliminating additional hardware investments. Furthermore, the ability to manage workloads and encryption keys from a central location reduces complexity and helps organizations comply with regulations, hopefully avoiding the tsunami of “Do you want to stay in touch?” emails that GDPR caused!

Beyond encryption and mitigating the risk from the “human” element of security (it’s a long-proven fact that the majority of vulnerabilities come from within the network from a human making a mistake, or opening an email they weren’t supposed to), role-based access control is a comprehensive feature set that secures all aspects of a video surveillance infrastructure. This functionality allows only authorized individuals to have control over system management, and the ability to implement a cyber chain of command, while forensic logging and auditing help to achieve regulatory compliance.

I cannot stress enough that it is more important than ever to better harden access to your video surveillance infrastructure to provide increased visibility into and control over the environment.

In closing, security leaders need to evaluate what parameters work best for their environment while being cognizant of emerging risks and how to proactively address them. Regardless of your specific application, a secure, compliant video surveillance infrastructure enables organizations to maintain strict levels of cyber and physical security to ensure brand protection and data security, protecting business, employees and assets along the way.

Brandon Reich is Senior Director of Surveillance Solutions at Pivot3

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.