4 Best Practices Integrators Need To Know About Video Surveillance And Cybersecurity

By John Bartolac, Senior Manager, Industry Segments Team and North America Cyber Strategy, Axis Communications

We’ve all seen the headlines: “22 million personal records stolen in OPM hack,” “data breach costs retailer $162 million dollars,” “hackers gain access to data via HVAC device,” “Major motion picture giant hack results in theft of confidential and personal information.” With the focus on cybersecurity so high and the risks increasing, it’s imperative that integrators and end users of all solutions ensure they are taking proper measures to avoid the proverbial hot seat. Here are four best practices relative to video surveillance and cybersecurity risk mitigation to get you started.

1. Video is valuable data. Video is another form of data that organizations need to protect. Many think “a breach won’t happen here,” but the reality is that it can and will happen if the network is not secured properly. Video in the wrong hands can pose a significant risk to any business. Theft of video can provide others with full operational awareness of an organization, providing detailed timing and patterns of the personnel, locations and procedures around high-level assets. Additionally, video can also hold the same information of VIPs, in turn putting them at risk. Finally, accessing or hacking a video solution can result in manipulation of the video devices or full disablement, putting the organization in a vulnerable or blind situation against physical threats to its facilities and assets.
2. Ensure you are working with industry leaders. Talking about cybersecurity risk mitigation in a one off conversation or an isolated instance is simply not enough. Manufacturers should have dedicated resources focused solely on cybersecurity risk mitigation and a long-term roadmap. Additionally, manufacturers should have an understanding of cybersecurity risk mitigation for all their products, as well as the overall solution from edge to core. True leaders in this space will provide you and your end user clients with access to up-to-date information regarding potential and known vulnerabilities, which will be critical to your reputation and your end user client’s IT policies.
3. Video surveillance solutions are as secure as you choose to make them. In cybersecurity, the act of adding different measures and policies and the tradeoff between protection and availability is called “reducing risks by minimizing the exposure area.” It’s up to the system owner to define that balance. According to experts and research, more than 90 percent of all successful breaches are the result of human error, poor system configuration or lack of maintenance. While human error can only be addressed with proper policy enforcement, better configuration and regular maintenance procedures can reduce the risk of a breach. Keep in mind, an attacker is likely to start with the least expensive attack.
4. Protect yourself and don’t be afraid to hire experts to evaluate your solutions. Various IT organizations rely on many different control sets to govern how they deploy policy, procedures and test or certify their solutions. Some examples are SANS20, ISO, FISMA, UNIX SRG, PCI and DIACAP (now referred to as Risk Management Framework). Of these, some rely on standards established by other organizations such as NIST. But how do you navigate all of these? Which is most important to your customers, and what standards or policies apply to your video solution? Rather than leave it to chance, hire a third-party consultant to test your solution against the appropriate control sets and provide you and your end user with guidance on application. Policy is not only key, but it also shows your organization has a respect and responsibility for your customer by delivering a more secure solution.

Keep in mind that cybersecurity risk mitigation is process implementation beyond the individual products. There are no completely secure systems, and it is practically impossible to eliminate all risks. We can work together to make systems more secure by identifying video as data, defining where it lies in value to your customer and then protecting that data fiercely. When a risk presents itself you need to have enough knowledge to accept, mitigate, or reject it. If you don’t know the risks, you cannot accurately make a decision.  A cybersecurity threat analysis will indicate how much you can lose, and ultimately how much you should spend on protection.

Instead of wondering about when and how bad, start to implement these four best practices today and help protect your end users against vicious cyberattacks that could end up costing them millions and cost you your reputation.