Over the years, video surveillance has transformed from a security solution to an organisation-wide intelligence tool, delivering data that improves operational efficiency, sales and marketing planning, business operations, and more. As new capabilities and analytics emerge in video systems, their popularity continues to rise — but, so does their attractiveness to malicious actors. Cybersecurity must therefore be at the forefront of every video deployment and maintenance strategy.
Sharpening focus on cyber-resilience
Installers and end-users who work with reputable and responsible manufacturers will be better prepared against cyber risks, and they will find it easier to meet current and future legislation. Global regulations, such as the National Defence Authorisation Act (NDAA) in the United States and the EU’s Cyber Resilience Act (CRA) and Network and Information Systems Directive (NIS2), are pushing organisations to strengthen their cybersecurity practices for connected devices, including video systems.
A perception gap exists
However, as regulations tighten, many organisations are overestimating their cybersecurity resilience. Research from Hanwha Vision Europe has uncovered a significant gap between how resilient organisations believe their video systems are – and their actual preparedness.
Over 1,150 IT and security managers/directors from organisations with 50+ employees across the UK, France, Germany, Italy, and Spain were asked about their cyber resilience and knowledge of threats and legislation. Participants represented key sectors, including data centres and telecoms, financial services, industry (energy, mining, utilities), manufacturing, retail, transport, and government.
Leaders’ confidence in their cyber resilience varies, depending on factors such as the size of the organisation, location, and industry sector. For instance, confidence levels reach as high as 97% in Italy, with an average 92% of IT and security managers believing their video systems are highly secured against cybercrime. Financial institutions display near absolute confidence (99%), while sectors such as data centres are slightly more conservative at around 80%.
Unaware and unfamiliar
Of great concern is the lack of awareness around key cybersecurity regulations and compliance. Many leaders are unfamiliar with foundational regulatory frameworks, such as CRA and NIS2, which directly impact their video systems’ cybersecurity. For instance, only 47% of respondents are aware of NIS2. Even fewer (23%) are familiar with the CRA, a directive aimed at strengthening cybersecurity for connected devices, including video systems.
This knowledge gap means that IT and security teams may be unaware of the specific requirements needed to keep their video systems secure, leading to inadequate protections that could be exploited. Experts in the video industry, including installers and manufacturers can lead the charge in educating business leaders about bolstering cyber-resilience in video.
Best practices are falling short
The research highlights a lack of basic cybersecurity best practices across organisations. Ensuring that employees follow cybersecurity protocols and promoting awareness are essential for cyber resilience. Yet less than one third (31%) of organisations promote basic cybersecurity measures such as device firmware updates.
These best practices include:
- Remaining up-to-date with updates and device firmware.
- Recognition of phishing and how to report it.
- Reminding staff of the risks associated with adding hardware onto a network.
- Performing regular risk assessments of your buildings, networks and devices.
- Multi-factor authentication.
- Staging mock cyber-attacks to assess system resilience.
- The use of strong passwords.
Basic video cybersecurity practices, such as securing physical access to network devices, implementing 802.1x certificate-based access control, and creating user-level accounts, are also lacking, finds the research. Consequently, many companies face higher risks from avoidable issues, such as human error or misconfigured devices.
It is, therefore, important to partner with a manufacturer that regularly updates their systems against new threats as this reduces the risk of vulnerabilities being uncovered in your system. Likewise, a manufacturer that has dedicated resources for cybersecurity, understands the business-critical nature of cyber resilience and is committed to ensuring their products are as protected as possible.
Hanwha Vision’s in-house Security Computer Emergency Response Team (S-CERT) is focused on addressing any potential security vulnerabilities in products, ensuring customers have the latest countermeasures in place to mitigate emerging threats and new hacking techniques.
As cyber threats to video systems grow in frequency and sophistication, the need for immediate action is clear. All leaders must reassess their current video security resilience, align with regulatory frameworks, and adopt cybersecurity best practices to protect both their systems and users. Installers and manufacturers can offer guidance, to ensure the sector as a whole is as protected from malicious actors as possible.