If you’re not scared of cyberattacks, you’re not paying attention. Headlines in recent years have made it abundantly clear that even institutions with access to the best security resources are vulnerable to breaches. Target’s now infamous data breach on Black Friday in 2013 was a wake-up call to industries of all kinds.
For those working in the surveillance industry, the prospect of cyberattacks looms equally large. After all, the Target breach did not originate from any Target systems or employee carelessness, rather it came through a backdoor — Target’s third-party vendor portal. As it happened, it came courtesy of a refrigeration contractor by the name of Fazio Mechanical.
As in the case of Target, hackers seek any weaknesses they can find in an organization’s IT infrastructure. With the rise of solutions based on IP cameras, cloud-based storage and remote monitoring, that puts providers of today’s security and surveillance technology squarely in the sights of malevolent actors.
The reasons why hackers would want to target an organization’s security network may vary greatly: theft of valuable and sensitive information, extortion, surveillance monitoring shut-downs for criminal activities, etc.
What doesn’t vary is that surveillance providers like Pelco now have a mandate to proactively build a secure technology backbone and ensure end-users and partners have the necessary cyber-defense tools to protect their organizations from all manner of data breaches.
The following are three critical parts of an effective cybersecurity strategy:
Providing our partner network and end-customers with the most up-to-date technology is a key part of reducing the risk of infiltrations. Pelco works to bolster product security, putting them through a rigorous testing process to identify any vulnerabilities before they hit the market. And, our products are put through a quality assurance process once our solutions have been deployed. If Pelco or an independent analyst discovers a vulnerability with an existing solution, we seek to immediately inform our partners so that they can access the necessary firmware update as quickly as possible. The quickest and easiest way to make sure that you receive such notifications is to sign up on our Pelco Customer Connect page.
It’s a common misconception that many data breaches are a result of faulty technology. While there is always a technology element involved, more often than not the origin of many of the most high-profile hacks are a result of human error. Even the most advanced encryption technology on the market can’t protect an organization from a hack if a user on the system uses a “password” or a similar obvious word as the password. Similarly, the best technology cannot prevent a security official from falling victim to a sophisticated phishing attempt. Looking back at the Target data breach, the backdoor hackers discovered may have been through the Target third-party vendor portal, but it was accessed thanks to one or more employees of Fazio Mechanical falling prey to a phishing email, which allowed Citadel, a sophisticated trojan, to worm its way into the company’s point-of-sale systems.
Pelco wants to continue helping our partners understand the steps they can take to reduce the risk of breaches. That means providing guidance to integrators and end-users about best practices on everything from crafting strong passwords to shielding vulnerable assets such as outdoor cameras from intruders.
In addition to top-notch technology and diligent training, organizations must optimize their processes and policies to minimize risk. That can mean very different things depending on the facility and population that the system is serving. The key is to think critically about potential sources of breaches, both due to innocent errors or a malicious attack. For instance, are there processes in place to ensure that outside MAC addresses cannot access the network? How many people have access to the system itself? Are there policies in place that limit the number of people who could access the system?
Protecting the integrity of surveillance systems involves measures aimed at defending them from hackers, but it also involves the types of traditional security measures aimed at defending any valuable physical resource. For instance: metal detectors to prevent visitors from bringing USB drive that they could use to steal sensitive information from a facility system. Or a process to regularly check on cameras to make sure there is no signs of physical tampering.
Cybersecurity is a people problem
Organizations can’t just look to technology to keep them safe from breaches. While regularly updating technology is a key to maximizing security, a comprehensive approach to cybersecurity cannot rely exclusively on technical solutions. Most breaches are not the result of problems with technology, but mistakes made by people. That’s why it’s so important that organization’s cybersecurity approach focuses as much on minimizing human error as on enhancing technology.
For more information about cybersecurity, risk mitigation, resources, and downloads, go to: https://www.pelco.com/cybersecurity