Expert: Long road ahead in securing video, access control systems

Over the past decade, innovations in technology have led to an ever increasing connected world where more and more devices have Internet access. The security industry has been no exception, with the advent of IP access control and video solutions.

While this has simplified the installation and integration of products, it has made security systems vulnerable to outside hackers or even people inside an organization looking to do harm. To discuss the growing challenge of securing video and access control systems, information security consultant Kevin Beaver spoke during an SIW webinar this week to share some insights on how organizations can prevent unauthorized intrusion.

"I'm convinced we've got a long road ahead of us," said Beaver, who is the founder of Atlanta-based Principle Logic, LLC.

Though smartphones and other devices have dramatically improved the way people communicate, Beaver says they have also created complexities for security networks. Many of the weaknesses Beaver said he sees from companies is the use of weak or default passwords, unsecured wireless networks and unorganized video files.

Beaver said that hackers know the odds are in their favor and many times breaches go unnoticed. One of the problems is that there are too many people involved in managing these systems.

"The interesting thing I'm seeing here is we've got so many hands in the pie... and that's actually leading to more complexity and most importantly, limited accountability," he said. "The more hands in the pie, the easier it is to spread the blame around. I see this everywhere."

Another thing that many people don't understand, according to Beaver, is that someone can take control of an organization's surveillance or access control system with little technical knowledge in some cases and that people underestimate the skills of users on their network.

Beaver said that often times an organization will think they are safe because they passed a security compliance audit.

"There is just a general false sense of security," he explained. "Ignorance is not bliss. Just because management doesn't know about (a network vulnerability) doesn't mean it's not a problem. If (the device) has an IP address or URL, it's open to attack."

To avoid some of these pitfalls, Beaver recommends that security managers consistently conduct vulnerability tests and examine where their organization are at risk.

Among some of Beaver's recommendations include:

- Using strong passwords
- Securing Wi-Fi access
- Having data backups
- Patching vulnerabilities
- Hardening systems

"As you move forward you need to be thinking in terms of risk. Lack of perceived risk does not mean no risk," he said.

In the future, Beaver said he expects to see less elaborate attacks, more internal breaches and less knowledge needed to carry out attacks.

"It pays to be proactive," he said. "Think long term. If one of these vulnerabilities is exploited, how is it going to impact my business?"

Click here to listen to this webinar in its entirety.