The Risk Profile

The Risk Profile

Does your surveillance system fit the proper cyber profile?

As surveillance system technologies advance, so do the technologies employed by hackers. Increasingly sophisticated cyber criminals, whether working for criminal enterprises or for foreign governments, are developing not just better, but entirely different, ways to enter and manipulate or undercut the protection of surveillance systems.

What are some of these emerging threats and how can you protect against them?

New Kinds of Threats

Extortion hacks break into sensitive company or customer data and threaten to release it unless the victim pays a ransom. This increasingly popular threat is different than merely encrypting or locking access to the data until a ransom is paid.

Last year there were two known such cases of extortion, the first was an attack on the site. The resulting data dump cost the CEO his job, and it exposed millions of would-be marital cheaters. A second case involved the hacking of InvestBank in the United Arab Emirates and the exposure of customer account information.

Data sabotage will, in all likelihood, be more difficult to detect than simple theft. Since very slight data alterations could result in enormous changes, hackers to the financial and stock-trading systems could create havoc to—and take advantage of—the manipulated rise and fall of stock prices.

A potentially devastating type of data sabotage could result from the insertion of or alteration of code to a country’s weapon systems to change how they operate.

Another threat will come about as the Internet of Things (IoT) spreads to many appliances and other devices. How will anyone be sure their toaster isn’t part of a menacing bot army?

How can we ensure that our connected car won’t be susceptible to hacking? How about life-saving medical devices? Or sophisticated hackers who install back doors to enable access a system whenever the hackers want?

It’s become clear that the likelihood of cyber attacks isn’t a question of “if,” but rather a question of “when.” Now is the time to examine your own surveillance system to identify the inherent weaknesses and cyber vulnerabilities within it, and then develop a strategy to take action and mitigate your risk to exposure and loss.

The Challenges of Advanced Technology

Surveillance VMS make up one of the key elements of today’s security systems, whether monitoring a small private company or a sprawling enterprise. Though the ability to monitor and control locations has never been more important, many systems are migrating from analog to an IP-based or cloud-managed system for the promise of better image resolution, remote access and monitoring, and accompanying analytic software packages.

Unfortunately, better technology may also represent a greater exposure to cyber attacks, as such systems can offer a number of easily accessible entry points for hackers that could compromise entire systems. Just last year there were several notable cyber attacks on both government and private organizations.

  • The Office of Personnel Management was hacked and the addresses, health and financial information of 19.7 million people who had undergone background checks was stolen;
  • The well-publicized breach of the Ashley Madison site last summer resulted in the theft of personal information and credit card information on more than 11 million users;
  • Last fall, it was learned that healthcare insurance company Anthem had been hacked by the Chinese, who were seeking to learn how medical coverage in the United States is managed.

3 Questions to Ask Yourself

In order to ensure that your organization’s security is up to today’s cyber warfare challenges, ask yourself these three questions.

Is cyber defense a priority? As physical security systems continue to merge with the world of IP, it is helpful to start by declaring that cybersecurity is truly a priority for the organization. Cyber attacks continue to grow in both range and severity, and from all accounts it appears they will continue to do so. In today’s world, to not declare that cyber defense is a priority is, in effect, inviting attack. And sooner or later, it will come.

Has my installer or integrator “hardened” my system? To harden a system against intrusion means to heighten its security by reducing the number of potential breach points that could be exploited by hackers. Some installers and integrators are cutting prices in order to remain “competitive,” but if they don’t reduce the number of potential breach points, they are doing you no favors.

Today’s systems are increasingly sophisticated and require a high level of IT experience and knowledge in order to implement them effectively. Also, make sure your system manufacturer didn’t cut any corners by failing to run a full range of testing to determine all software and hardware vulnerabilities of their products.

Are my users a weak link in my security chain? Your own users can become enablers to cyber hacking through the use of weak or default passwords, or through requesting unnecessary remote access privileges to the network. Rest assured that hackers will find the weak links in your security chain, so it’s important to demand that all users accept cyber security as the priority that it is.

6 Steps to Developing a Strategy to Mitigate Risk

Everyone in both government and industry agrees that cyber threats are one of the nation’s gravest threats. Mitigating those threats has attracted both media attention and budget dollars to the tune of $90 billion or more. Yet the threat continues, not just for small companies, but also for Sony, the State Department, and healthcare companies like CareFirst. The truth is that there is no silver bullet that will eliminate all risk, and it takes a concerted effort to develop a strategy that will mitigate the risk. Here are six steps that can point you in the direction of developing an effective strategy to mitigate the risk to your organization.

  • Realize that your organization has cyber risks. Hackers hack for as many reasons as there are types of victims of hacking: including healthcare companies, credit card companies, manufacturers, and government agencies. The list goes on. Don’t be surprised if your organization is hacked one day.
  • Determine your biggest risks. You’re not going to prevent every single attack, so a good place to start is by determining your most valuable assets: what systems are the most valuable, what information is most sensitive. Tap your key managers to conduct a discovery process across the organization.
  • Put together a cyber risk leadership team. Good governance requires leadership and effective decision-making. Don’t wait until the first attack before assembling your team.
  • Involve your entire organization. As noted earlier, any user who doesn’t understand that cyber security is a priority may inadvertently assist the hackers trying to gain admittance to your systems. Get everyone on board.
  • Don’t protect only the perimeter. Budgets today are still skewed towards perimeter-protecting tools like firewalls and anti-virus programs, but it’s important to have a plan of action for when those perimeters are breached.
  • Practice dry run responses. Don’t let your first attack be a real one. Practice a response ahead of time. It may mean the difference between a contained incident and a disastrous loss.

A mitigation strategy is also important as a tool to help the organization better distinguish between a threat and a genuine loss. Experiencing a breach but containing the damage may, in that case, be considered a success, and help protect the company’s bottom line.

This article originally appeared in the August 2016 issue of Security Today.


  • Maximizing Your Security Budget This Year

    The Importance of Proactive Security Measures: 4 Stories of Regret

    We all want to believe that crime won’t happen to us. So, some business owners hope for the best and put proactive security measures on the back burner, because other things like growth, attracting new customers, and meeting deadlines all seem more pressing. Read Now

  • Security Questions Persist After Attempted Assassination Attempt of Donald Trump

  • March Networks Expands Partnership with American Dairy Queen Corp.

    March Networks recently announced its selection as an American Dairy Queen Corporation (ADQ) approved supplier of video surveillance solutions for the DQ® system. This partnership marks a significant milestone in March Networks’ ongoing collaboration with DQ franchise owners since 2017, serving more than two hundred DQ restaurants across 13 U.S. states. Read Now

  • SIA Opens Nominations for 2024 “25 on the RISE Awards”

    The Security Industry Association (SIA) has opened the call for nominations for the second annual 25 on the RISE Awards– a program presented by SIA’s RISE community for emerging security leaders. Each year, this initiative honors 25 security leaders of today and tomorrow for their impactful contributions to advancing the security industry. Read Now

    • Industry Events

Featured Cybersecurity


New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3