Robust cybersecurity is essential for all organisations. Yet there is a significant gap in how prepared security and IT managers believe they are for a cyber-attack, and the steps their organisations are taking to mitigate threats.
Research from Hanwha Vision Europe shows that while overall confidence in video surveillance systems’ security is high, many organisations fall short on fundamental cybersecurity measures.
Over 1,150 IT and security managers/directors from organisations with 50+ employees across the UK, France, Germany, Italy, and Spain, in industries including data centres and telecoms, financial services, transport, manufacturing and retail, were asked about their cyber resilience and knowledge of threats and legislation.
To address this gap, we’ve compiled a list of practical actions and training tips that will make cybersecurity a continuous exercise, ensuring that your video system is as protected as possible against malicious actors and evolving threats.
Cybersecurity measures to take now
1. Secure physical access
Physical security is a foundational step in your cybersecurity, but it can be more challenging for video systems, given that devices are often in public and occasionally remote locations, for example, city centres or solar sites. Assess the location of your video devices and how best to limit device tampering. Keep access to sensitive equipment such as Network Video Recorders (NVRs) and server rooms secured and for authorised personnel only.
2. Enable 802.1x Certificate-Based access control
Use 802.1x protocols to authenticate devices on the video surveillance network to add an extra layer of security and prevent unauthorised access.
3. Create user-level accounts
Unique user credentials and user-level accounts with the least privileges will also minimise the risk of a data leak. Only give users access to the permissions necessary for their role and put processes in place to easily revoke access if a user leaves your organisation.
4. Use a secure VPN for remote access
When users are accessing your video system remotely, make sure they are using a VPN or another means to encrypt data and reduce the chances of interception. Edge-based AI cameras can also decrease the risk of sensitive video data being accessed as analytics are carried out on the device itself, with only metadata and insights communicated back to control rooms.
5. Change default usernames and passwords
While it may seem obvious, default credentials are a common point of entry for attackers. Ensure all device credentials are unique and changed regularly. Educating users on password best practices, such as creating a strong password and not writing it down or sharing it with others, is also important.
6. Update devices with the latest firmware
Regular firmware updates often contain security patches for vulnerabilities. Set reminders to check and update firmware regularly. Only work with manufacturers that have dedicated resources to keep track of threats and vulnerabilities and which regularly update their devices to mitigate these risks.
7. Disable guest or non-authenticated RTSP access
Prevent unauthorised access to video streams by disabling guest access or requiring authentication for Real-Time Streaming Protocol (RTSP) feeds.
8. Utilise tampering and defocus detection analytics
Use tampering detection to send real-time alerts if cameras are covered or moved, and defocus detection to notify if image clarity is compromised.
9. Enable network disconnect detection
Enable network disconnect detection for devices, to notify of any interruptions that could indicate tampering.
10. Regularly check device logs
Review logs to monitor for unusual activity and detect normal and abnormal behaviour patterns. This will help you identify potential issues before they escalate.
Cybersecurity is an ongoing, collective effort
Staying ahead with your cybersecurity doesn’t have to be overwhelming or intensive. Reputable manufacturers and installers can provide invaluable guidance on emerging trends, best practices, and timely alerts to bolster your cyber-resilience. A proactive and collaborative approach will enable you to focus on the capabilities offered by modern video systems, ensuring they enhance your operations rather than be the weak link in your cybersecurity strategy.