Tackling Cybersecurity Challenges in the Age of IoT

Tackling Cybersecurity Challenges in the Age of IoT

With the rapid adoption of the Internet of Things (IoT), we are moving towards an entirely interconnected world, from smart organizations to smart cities. No one can disagree with the power that IoT presents. However, as we become more and more reliant on web-based services and connected devices, we run the risk of making ourselves more vulnerable than ever, if we fail to recognize the importance of cybersecurity in relation to IoT.

According to the technology research firm Gartner, more than 25% of cyber-attacks will involve IoT by 2020. The cyber-attacks on the FBI and American Department of Homeland Security in early 2016 are harsh reminders that cybersecurity is a very real and pressing concern, regardless of the size of the organization. Unfortunately, this trend isn’t set to slowdown as many organizations still have a long way to go to make sure their physical security systems are truly secure.

Trust Issues

The deployment of internet connected devices, including IP security cameras, needs to be strategically thought out together with wide-scale collaboration, responsibility, openness, accessibility and most of all trust between all relevant parties - manufacturers, systems integrators, consultants, IT departments and cybersecurity specialists.

Without adequate security, these connected devices provide a gateway into personal, corporate, and governmental networks where confidential data can be stolen or vicious malware planted.

While companies are painfully aware of the importance of cybersecurity, in practice they are still not vigilant enough in regularly reviewing and enhancing industry security standards and practices to protect both themselves and their clients in an increasingly complex and threating environment.

The cybersecurity incidents that keep occurring are most often associated with products designed to provide maximum convenience to the customer, even if it meant loosening security policies (non-complex password setting policy, remote access and support capability). While providing convenience to customers, the security industry needs to implement the right level of security policies that protect our customers’ information. We are finally seeing these changes taking place across the industry as end users are increasingly reluctant to buy products from manufacturers whose products have been compromised through recent vulnerability incidents.

Keeping the Bad Guys Out

As with any software solution that resides on a network, security systems and edge devices are susceptible to a variety of attacks. Hacking a security system can take any number of forms, including brute-force, packet-sniffing, and man-in-the-middle attacks. In some cases, particularly with man-in-the-middle attacks, hackers are able to “listen in” and alter communication that the participants believe is secure.

When it comes to protecting your cameras from unwanted attacks, there are a number of steps you can take. From changing password defaults and using authentication to proper network set up and configuration to knowing how to identify and thwart attacks, there are true and tested solutions for securing all aspects of your physical security system.

When choosing an IP-based security solution, it is crucial to scrutinize and evaluate the manufacturer’s cybersecurity policies—what are their principles and practices? Do the built-in security mechanisms offered in their solutions use multi-layered encrypted communications, data protection capabilities, and strong user authentication and password protection? How hardened are the physical components inside the device? These measures help protect organizations and their customers against malicious attacks. They also ensure only those with defined privileges will be able to access or use resources, data and applications.

Without proper protection, the size, scope and severity of cyber threats and attacks will likely increase over time. But there are solutions. While the advancement of technology has the potential to increase system vulnerability, it also carries with it the ability to protect. At Hanwha, we are committed to working with our customers to ensure that our innovation delivers the best possible protection now and in the future. After all, security is what we do.

How to Get Better Educated

Professionals can get information from manufacturers such as Hanwha, to educate themselves on network hardening, and closing vulnerabilities. Hanwha offers white papers, seminars and training on cybersecurity. Additionally, various forms of media available in the public domain can help professionals gain a stronger understanding on best practices for establishing security policies. Relevant educational facilities and programs are hard to find but they are helpful in understanding the latest industry and cybersecurity trends at various security seminars / conferences.

The Hanwha Difference

At Hanwha, we take cybersecurity very seriously. We have a large team of engineers in our Korean R&D center dedicated to cybersecurity to ensure products meet our high standards and to investigate field concerns or newly discovered issues. This allows us to respond quickly, release patch fixes, and address any security vulnerabilities. Our website has a dedicated landing page for cybersecurity, which includes our Security Vulnerability Disclosure Policy, as well as reports clearly documenting any vulnerabilities discovered and the corrective actions to secure the devices.

We conduct tests on our network products using one of the leading 3rd party companies in penetration testing. We routinely monitor and diagnose our products to strengthen security and minimize vulnerabilities while managing product passwords, protocols and algorithms.

Our best practices include: ensuring proven encryption algorithms and secure coding is used, the removal of unused services and daemons, not using backdoors, the removal of default passwords, password guessing locks, firmware encryption and more. We have also updated many of our factory default settings to harden our devices even further. 

In addition, we have published a cybersecurity hardening guide and white paper to describe best practices in securing network products.  We regularly conduct trainings and webinars on cybersecurity for end users and system integrators to ensure they understand best practices.

We develop the mission critical parts of our products ourselves from the camera optics to our own chipsets, so we can ensure higher levels of quality control and ultimately increase security for our customers. A core benefit for us is our Wisenet SoC (system on a chip) that we continually develop specifically for our security cameras. We are not as reliant on off-the-shelf, potentially vulnerable, components and technology, compared to competing vendors. We also have active education/training programs for our systems integrators and partners, and have recently launched a new Wisenet certification program which contains a focused section on cybersecurity.

Conclusion

The very devices that are designed to protect customers' property and personal information are increasingly used as a means of seizing sensitive personal and corporate information. It is important not to view cybersecurity as just one person’s or one department’s job: it is a collective responsibility that needs to be taken seriously by every single one of us, including manufacturers, systems integrators and end users. As security professionals, we all need to be confident that our systems are secure from both a physical and a cyber perspective. To build this confidence, systems integrators and end users should partner with trusted companies and vendors that have strong cyber security policies, dedicated resources, and a clearly articulated plan for combating security vulnerabilities.

Employing these best practices not only can prevent networked video devices and systems from serving as entry points, but also ensures the integrity and continued operation of this critical function – ensuring the ongoing safety and security of people and assets.

Featured

  • Security Today Announces The Govies Government Security Award Winners for 2025

    Security Today is pleased to announce the 2025 winners in The Govies Government Security Awards. The awards honor outstanding government security products in a variety of categories. Read Now

  • Survey: 60 Percent of Organizations Using AI in IT Infrastructure

    Netwrix, a cybersecurity provider focused on data and identity threats, today announced the release of its annual global 2025 Cybersecurity Trends Report based on a global survey of 2,150 IT and security professionals from 121 countries. It reveals that 60% of organizations are already using artificial intelligence (AI) in their IT infrastructure and 30% are considering implementing AI. Read Now

  • New Research Reveals Global Video Surveillance Industry Perspectives on AI

    Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now

  • SIA Urges Tariff Relief for Security Industry Products

    Today, the Security Industry Association has sent a letter to U.S. Trade Representative Jamieson Greer and U.S. Secretary of Commerce Howard Lutnick requesting relief from tariffs for security industry products and asking that the Trump administration formulate a process that allows companies to apply for product-specific exemptions. The security industry is an important segment of the U.S. economy, contributing over $430 billion in total economic impact and supporting over 2.1 million jobs. Read Now

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.