Security solutions are meant to protect and make customers feel secure. But that wasn’t the case recently for a Mississippi couple who installed a camera to watch over their daughters. Someone hacked into the camera, scaring the kids and potentially putting them in danger. Before dismissing it as a one-off home security issue, look at what happened before the presidential inauguration when hackers hit more than 100 cameras that watched over the U.S. Capitol.
These are just a couple of examples of vulnerabilities that hackers have exploited. Researchers unearth new cyber weaknesses in network cameras frequently, prompting manufacturers and developers to release patches before someone tries to take advantage of them and it makes headlines.
Now consider for a moment, what happens when a surveillance camera system is hacked, or an end-user finds vulnerabilities in their installation through penetration tests. There is panic - of data leakage, of the device’s functioning, and, of course, reputation, not necessarily in the same order.
And guess who gets the first call in most situations? If it’s a government project as serious as the U.S. Capitol incident, the FBI may be called into action, but for most commercial enterprises this isn’t an option. After reporting a breach to the police, the next call will be to the systems integrator.
The integrator will be blamed for the solution not being secure even if they are not at fault, even if it’s the camera and the network devices themselves that are vulnerable. Often this impacts the integrator’s reputation, who ends up having to rework on the project or even replace the whole system, free of charge.
Where Do the Vulnerabilities Lie?
Ask any cybersecurity expert, and they will tell you that any device connected to a network is at risk. Digital solutions could be vulnerable because of potential bugs in an algorithm, shoddy networking practices, or just carelessness from users. There is enough research done to back up these concerns.
The good news, of course, is that most solution providers are prompt to provide firmware updates to close any unexpected backdoors. The bad news is that this is a reactive approach, as there are obviously other weak points yet to be discovered, and it could be just a matter of time before a hacker is one step ahead of a researcher.
Making things worse are botnets. These clusters of connected, compromised-devices can cause devastating damage to networks, businesses, and countries. They are a security admin’s worst nightmare not just because of the potential scale of damage, but also because of their flexibility that allows updating. For instance, after the Mirai botnet wreaked havoc across the globe, came another named Reaper that attackers could easily update to increase the damage it caused.
What You Should Know
An obvious conclusion is that there is no single answer to cybersecurity problems. A combination of robust technology and best practices is the ideal solution, and implementing it will require reconsidering the kind of solution providers you work with. In the meantime, the following factors need to be remembered.
- More is Not Always Merrier
The security industry has been seeing the debate between open and proprietary protocols for quite a few years now. While the supporters of open protocol solutions argue that different companies need to specialize in different segments, there is no denying that integrating solutions from different companies is always going to be difficult.
Not all the devices from a company may work well with another company’s devices seamlessly. Updates to firmware may also be difficult because integrators will have to manage each device separately. Sticking to solution providers who can meet all your security demands is a solution to this. But you will have to make sure that even these solution providers use technology that prevents third-party access effectively.
2. Firewalls Only Work When Configured Well
Firewalls are one of the first and most important lines of defense in network security. Simply put, it’s a software that filters information coming into a device and going out from it, looking for anything that could be harmful. Its significance in NVRs is undeniable. But what many people don’t realize is that a firewall is only as good as its configuration.
As a systems integrator or end-user, you must ensure the NVR solution you purchase has a firewall that is configured and designed to the best level.
3. Security of Transmission Systems is Equally Important
The use of transmission protocols that are not secure enough could easily result in hackers accessing your data. Using cryptographic protocols like Transport Layer Security (TLS) is important here but this alone is not enough to get the most out of your system.
4. Never Underestimate Human Error
Security experts and solution providers often tell customers that the weakest link in cybersecurity is the user. Simple mistakes like not changing default passwords could end up costing the customer dearly.
But despite such warnings, many customers still fail to do the right thing. Unfortunately, in many instances, solution providers are content with just warning them of the issue. Clearly, it’s not enough, and this is where plug and play solutions become relevant.
Why Plug-and-Play Solutions Are the Answer
With more and more devices getting integrated into security infrastructure, systems integrators and end customers need to have a method to manage each of them. However, if you factor in the chances of human error, managing more devices, with separate configurations and passwords for each of them, it could result in the solutions having several vulnerabilities.
For instance, having to setup a separate password for each device is time-consuming and monotonous, leading to installers or operators using weak passwords that can be easily broken by hackers. Or even worse, using the default passwords.
True plug-and-play solutions are the only credible answer to this. When devices require minimum configuration, there is less chance of human error, and this leads to better security. There is no need for users to come up with unique passwords and change them periodically for each device.
Plug-and-play solutions also make the integration process smoother. Systems integrators no longer have to worry about compatibility issues or frustrating device-configuration processes. A strong integration guarantees less chance of bugs in the system that hackers can exploit. Having a single solution provider watching over the whole integrated solution also allows integrators to rest assured that they can deal with any problem that may arise during or after the project through a single window.
Plug-and-Play to Reduce Total Cost of Services
Working with a cyber-secure physical security solution has several benefits for systems integrators, but if you look at the bigger picture, it all comes down to bringing the total cost of service (TCS) down. TCS helps integrators understand the profitability of a customer account by determining the overhead costs and actual activities.
A true plug-and-play solution that reduces cybersecurity concerns and offers a hassle-free installation process reduces overall TCS and gives integrators more room to utilize their resources better and boost their earnings.
Jason Burrows is West Coast Regional Sales Manager at IDIS America.
