Many organisations invest in physical security systems but don’t realise that their video surveillance and IoT devices can be back doors exploited by malicious actors. Uri Guterman, Head of Product & Marketing for Hanwha Techwin Europe recommends looking for ‘trust marks’ to ensure your surveillance system is secure.
The pandemic and mass remote work options provide criminals with a perfect opportunity to profit. The focus on cybersecurity should not slack for any organisation.
According to reports, there were 304 significant malicious attacks in Europe in 2020, more than double the number of hacks in 2019. Then there’s the increased risk of cyberwarfare in the wake of the Russian-Ukraine war. John Edwards, the UK’s information commissioner, has stated that we are in a new era of security, and firms need to step up their vigilance against state-sponsored hackers.
Guterman (pictured left), points out, “Increasingly, hackers are targeting connected devices including IP cameras and Internet of Things (IoT) sensors are creating more opportunities for hackers to cause damage. Today’s cameras are highly advanced and carry the latest firmware. However, legacy devices must be kept up to date if they are not to provide a route for hackers.
“The unfortunate truth remains that although many organisations invest in their physical security systems, they don’t always realise that their video surveillance and IoT devices can be back doors exploited by malicious actors. Compromised cameras and other connected devices can become a foothold to launch an attack on a network, a technique known as pivoting. Malicious actors can look at confidential information through footage to blackmail an individual or organisation or steal trade secrets.”
Responsible camera manufacturers are responding to these concerns with their technology (software and hardware), training, and collaboration with customers, as well as formal accreditations highlighting how secure their processes and solutions are.
A supplier who designs their products with cybersecurity in mind will have certifications like the UL Cybersecurity Assurance Program (UL CAP). As a result, they will have more stable and secure systems, with regular maintenance and patches to ensure vulnerabilities are proactively mitigated.
Guterman says, “Hanwha Techwin is among only a handful of manufacturers within the video surveillance industry that has achieved the UL CAP certification for its products. Secure by Default is another certification mark that shows a product is cyber and network-secure by Default, without needing to apply network hardening to it.”
Anyone using security equipment should look for ISO/IEC 27001 certification. ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS). Using them enables organisations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
Stamp of trust
Achieving and maintaining The ISO/IEC 27001 certification is tough for vendors,” notes Guterman, “Especially since it requires continual improvement. Nonetheless, it guarantees that the vendor handles information security with the utmost importance. Hanwha Techwin’s information security system has been ISO 27001 certified.”
Looking for a few key’ trust marks’ can make all the difference to your surveillance system’s cybersecurity.
“The National Defense Authorization Act 2019 (NDAA) is a good starting point, says Guterman. “This U.S. federal law prohibits federal agencies and their contractors from using video surveillance equipment from a number of named companies. A vendor that is NDAA complaint, therefore, shows the requisite standards for federal agencies — an extremely high level of security and due diligence that should put all other organisations and government entities at ease. Hanwha Techwin supports NDAA compliance across its product line and is committed to complying with all government and international trade regulations. There are also signs that European governments are considering adopting similar legislation.”
A watchful eye on cybersecurity threats
The number of resources and research that a vendor dedicates to staying ahead of the latest threats will tell you exactly how secure their camera systems are — and how secure they’ll be in the future. If a vulnerability is discovered, reacting with speed is business-critical. Those with dedicated resources will be faster in responding to cybersecurity threats.
Hanwha Techwin’s S-CERT team (Security Vulnerability Response Center), a unique function in the sector, is dedicated to designing proactive safeguards against unauthorised device access and intrusion and promptly addressing any security vulnerabilities.
The most secure vendors train their users and installers to keep their systems secure and avoid social engineering attacks.
Guterman concludes, “Hanwha Techwin has dedicated resources to remain on top of cybersecurity threats and works with its users and installers to improve their cybersecurity knowledge.”