The Risk Profile

The Risk Profile

Does your surveillance system fit the proper cyber profile?

As surveillance system technologies advance, so do the technologies employed by hackers. Increasingly sophisticated cyber criminals, whether working for criminal enterprises or for foreign governments, are developing not just better, but entirely different, ways to enter and manipulate or undercut the protection of surveillance systems.

What are some of these emerging threats and how can you protect against them?

New Kinds of Threats

Extortion hacks break into sensitive company or customer data and threaten to release it unless the victim pays a ransom. This increasingly popular threat is different than merely encrypting or locking access to the data until a ransom is paid.

Last year there were two known such cases of extortion, the first was an attack on the site. The resulting data dump cost the CEO his job, and it exposed millions of would-be marital cheaters. A second case involved the hacking of InvestBank in the United Arab Emirates and the exposure of customer account information.

Data sabotage will, in all likelihood, be more difficult to detect than simple theft. Since very slight data alterations could result in enormous changes, hackers to the financial and stock-trading systems could create havoc to—and take advantage of—the manipulated rise and fall of stock prices.

A potentially devastating type of data sabotage could result from the insertion of or alteration of code to a country’s weapon systems to change how they operate.

Another threat will come about as the Internet of Things (IoT) spreads to many appliances and other devices. How will anyone be sure their toaster isn’t part of a menacing bot army?

How can we ensure that our connected car won’t be susceptible to hacking? How about life-saving medical devices? Or sophisticated hackers who install back doors to enable access a system whenever the hackers want?

It’s become clear that the likelihood of cyber attacks isn’t a question of “if,” but rather a question of “when.” Now is the time to examine your own surveillance system to identify the inherent weaknesses and cyber vulnerabilities within it, and then develop a strategy to take action and mitigate your risk to exposure and loss.

The Challenges of Advanced Technology

Surveillance VMS make up one of the key elements of today’s security systems, whether monitoring a small private company or a sprawling enterprise. Though the ability to monitor and control locations has never been more important, many systems are migrating from analog to an IP-based or cloud-managed system for the promise of better image resolution, remote access and monitoring, and accompanying analytic software packages.

Unfortunately, better technology may also represent a greater exposure to cyber attacks, as such systems can offer a number of easily accessible entry points for hackers that could compromise entire systems. Just last year there were several notable cyber attacks on both government and private organizations.

  • The Office of Personnel Management was hacked and the addresses, health and financial information of 19.7 million people who had undergone background checks was stolen;
  • The well-publicized breach of the Ashley Madison site last summer resulted in the theft of personal information and credit card information on more than 11 million users;
  • Last fall, it was learned that healthcare insurance company Anthem had been hacked by the Chinese, who were seeking to learn how medical coverage in the United States is managed.

3 Questions to Ask Yourself

In order to ensure that your organization’s security is up to today’s cyber warfare challenges, ask yourself these three questions.

Is cyber defense a priority? As physical security systems continue to merge with the world of IP, it is helpful to start by declaring that cybersecurity is truly a priority for the organization. Cyber attacks continue to grow in both range and severity, and from all accounts it appears they will continue to do so. In today’s world, to not declare that cyber defense is a priority is, in effect, inviting attack. And sooner or later, it will come.

Has my installer or integrator “hardened” my system? To harden a system against intrusion means to heighten its security by reducing the number of potential breach points that could be exploited by hackers. Some installers and integrators are cutting prices in order to remain “competitive,” but if they don’t reduce the number of potential breach points, they are doing you no favors.

Today’s systems are increasingly sophisticated and require a high level of IT experience and knowledge in order to implement them effectively. Also, make sure your system manufacturer didn’t cut any corners by failing to run a full range of testing to determine all software and hardware vulnerabilities of their products.

Are my users a weak link in my security chain? Your own users can become enablers to cyber hacking through the use of weak or default passwords, or through requesting unnecessary remote access privileges to the network. Rest assured that hackers will find the weak links in your security chain, so it’s important to demand that all users accept cyber security as the priority that it is.

6 Steps to Developing a Strategy to Mitigate Risk

Everyone in both government and industry agrees that cyber threats are one of the nation’s gravest threats. Mitigating those threats has attracted both media attention and budget dollars to the tune of $90 billion or more. Yet the threat continues, not just for small companies, but also for Sony, the State Department, and healthcare companies like CareFirst. The truth is that there is no silver bullet that will eliminate all risk, and it takes a concerted effort to develop a strategy that will mitigate the risk. Here are six steps that can point you in the direction of developing an effective strategy to mitigate the risk to your organization.

  • Realize that your organization has cyber risks. Hackers hack for as many reasons as there are types of victims of hacking: including healthcare companies, credit card companies, manufacturers, and government agencies. The list goes on. Don’t be surprised if your organization is hacked one day.
  • Determine your biggest risks. You’re not going to prevent every single attack, so a good place to start is by determining your most valuable assets: what systems are the most valuable, what information is most sensitive. Tap your key managers to conduct a discovery process across the organization.
  • Put together a cyber risk leadership team. Good governance requires leadership and effective decision-making. Don’t wait until the first attack before assembling your team.
  • Involve your entire organization. As noted earlier, any user who doesn’t understand that cyber security is a priority may inadvertently assist the hackers trying to gain admittance to your systems. Get everyone on board.
  • Don’t protect only the perimeter. Budgets today are still skewed towards perimeter-protecting tools like firewalls and anti-virus programs, but it’s important to have a plan of action for when those perimeters are breached.
  • Practice dry run responses. Don’t let your first attack be a real one. Practice a response ahead of time. It may mean the difference between a contained incident and a disastrous loss.

A mitigation strategy is also important as a tool to help the organization better distinguish between a threat and a genuine loss. Experiencing a breach but containing the damage may, in that case, be considered a success, and help protect the company’s bottom line.

This article originally appeared in the August 2016 issue of Security Today.


  • President Biden Issues Executive Order to Bolster U.S Port Cybersecurity

    On Wednesday, President Biden issued an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity and more Read Now

  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

  • ASIS Announces ANSI-Approved Cannabis Security Standard

    ASIS International, a leading authority in security standards and guidelines, proudly announces the release of a pioneering American National Standards Institute (ANSI)-approved standard dedicated to cannabis security. This best-in-class standard, meticulously developed by industry experts, sets a new benchmark by providing comprehensive requirements and guidance for the design, implementation, monitoring, evaluation, and maintenance of a cannabis security program. Read Now

  • ISC West Announces Keynote Lineup

    ISC West, in collaboration with premier sponsor the Security Industry Association (SIA), announced this year’s dynamic trio of speakers that will headline the Keynote Series at ISC West 2024. Read Now

    • Industry Events

Featured Cybersecurity


New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3