In August of 2019, twenty-three Texas cities became victims of ransomware attacks, all at the same time.
How could this happen given all of the cyber tools and processes available to companies today? Enterprise companies around the globe are asking this question every day. Despite deploying the latest cybersecurity solutions, many companies are finding that hackers are still getting into enterprise networks.
One of the new ways they are doing so is via video cameras and internet-of-things devices. If you are responsible for ensuring your network or your customer’s network is secure, now is a great time to review your tools and processes. Hackers have discovered this new vulnerability and are exploiting it.
There are hundreds of cybersecurity software and hardware products available in the market to protect enterprises. Very few, though, focus on video surveillance systems. Today, most companies address the cyber threat by having highly skilled IT networking people set-up their network switches and other IT infrastructure with settings and configurations to stop attacks. While this approach can be relatively successful, it leaves potential holes.
When we meet with customers, they almost always believe their network is fully protected. To help them test this assumption, we often will connect to the company’s video surveillance network to see if there are any vulnerabilities. It is concerning how often we find holes in protection that companies didn’t know were there.
When Razberi meets with customers, they almost always believe their network is fully protected.
For example, many times the original system was set-up correctly, but because of changes in configuration, replacement of faulty equipment, or even nefarious internal activities, vulnerabilities were created. Cameras calling home to China, open IP ports, and default passwords are just a few examples of issues that have been found by these enterprise network scans.
Why don’t typical cybersecurity products expose hackable vulnerabilities?
So why don’t typical cybersecurity products catch these issues? There are at least two reasons.
- First, various cybersecurity products focus on identifying particular cyber vulnerabilities, and many times video camera configurations are not considered.
- Second, there historically has been only minimal monitoring of video surveillance systems.
Years ago, many companies were not too concerned if a video surveillance system was not working correctly, so they didn’t have the tools available to monitor performance and vulnerabilities. But today, companies rely heavily on video surveillance systems for a wide range of needs.
How companies are using video outside of physical security in 2019
Ensuring physical security is the most obvious need, but companies now use video for:
- Business analytics
- Compliance with government standards
- Lowering insurance and liability costs
The importance of ensuring the video is being properly recorded has grown significantly.
If you haven’t thought about your video security system lately, now is a good time to do so. The US federal government recently identified Chinese video cameras as a particularly important cyber risk. Razberi and its system integration partners are now actively working with companies to address these new threats.