The Cost of Cybercrime

The Cost of Cybercrime

Consider these best practices to ensure a secure network

  • By Jennifer Hackenburg
  • Feb 01, 2018

Cybercrime is a large and dangerous business and it impacts individuals, businesses and governments worldwide. According to Forbes, cybercrime costs are projected to reach $2 trillion by 2019. Hackers are relentless in their attacks on businesses, governments and consumers, and cyber-attacks are continuing at an alarming rate across all industries.

Cybersecurity pertains to every device that is connected to the internet, including IP networked surveillance cameras. Aside from their many advantages over analog systems, such as better resolution, clearer images, cost savings, easy installation and advanced analytics, they can also be the gateway for hackers into your organization’s network. Systems that provide total access for use by outside agencies and/or municipal surveillance increase cybersecurity vulnerability, since they require network devices to be placed on public networks outside the protection of local network firewalls. Wireless technology also poses cybersecurity risks, as wireless signals can be compromised without penetrating a physical network — but wirelessly. Add in the Internet of Things, which allows many ancillary devices to easily be integrated into physical security networks, and the challenge increases further.

With cyber threats at an all-time high and with so much at stake, all enterprise stakeholders need to recognize that cybersecurity is a shared global problem. Security professionals need to implement appropriate measures to ensure their IP cameras are secure and their networks are protected.

Lax Procedures

In video surveillance and security operations, cyber intrusions are often the result of lax operational procedures, such as not resetting default passwords when new equipment is installed or failure to implement firmware patches when they are issued. This negligence can result in vulnerabilities that allow hackers easy network access and/or the ability to deploy automated scripts to uncover old firmware that uses default passwords. Once the hackers locate camera firmware, they can easily access these devices in the host’s network and affect their operation – for example, by dimming a camera’s brightness or inserting a malicious code that takes the cameras offline until a ransom is paid. In more serious cases, they can use their access into the security network as a stepping-stone to hack other networks.

Human error contributes to the problem as well. According to NTT Security’s recently released 2017 Global Threat Intelligence Center Quarterly Threat Intelligence Report, insider threats pose one of the biggest cybersecurity risks for organizations, with 75 percent due to accidental or negligent activity. Fortunately, most of these threats can easily be avoided.

Many camera manufacturers have comprehensive, behindthe- scenes initiatives to help improve IP camera cybersecurity, which incorporate multiple components including education on how cameras should be installed and how networks should be secured. To start, end users and installers should secure IP cameras and other network access points with strong passwords that are changed regularly. A strong password is at least eight characters long and is made up of a combination of special characters, numbers and upper and lower-case letters. There are reputable programs and web services that will assist in creating a password that is difficult to hack. Changing passwords on a regular basis is also extremely important.

It is also vital to keep all of your cameras and IP devices’ firmware up to date. Typically, it’s firmware vulnerabilities or coding errors that allow hackers access to devices, and once published for correction purposes, become publicly available to hackers. This makes installed devices that have not had their firmware upgraded easy prey for hackers. Many companies send updated versions of firmware regularly, and releases often include important security updates. Hackers have been known to revert equipment back to earlier firmware releases in order to expose known vulnerabilities, and any such change should raise an alarm.

Another necessity is to disable the UPNP, P2P and SNMP functions and enable HTTPS/SSL on a security camera’s IP filter. UPNP will automatically try to forward ports in a router or modem. Normally, this would be a good thing, but if a system automatically forwards the ports and credentials are left at the default, you may end up with unwanted visitors.

Remote Access

P2P is used to remotely access a system via a serial number. The possibility of someone hacking into a system using P2P is highly unlikely because the system’s user name, password and serial number are also required. Yet, P2P should be disabled, along with SNMP if it’s not being used. If it is being used, it should be used temporarily, for tracing and testing purposes only.

Also, it’s critical for end users and installers to set up an SSL certificate to enable HTTPS within the network. This will encrypt all communication between devices and recorders to add another layer of security.

When installing IP cameras, they ideally should be connected to the ports on the back of an NVR to keep them isolated and to prohibit direct access to the surveillance camera through a network. Additional security actions to take with IP cameras include:

  • Enabling the IP filter to prevent everyone, except those with specified IP addresses, from accessing the system
  • Regularly checking a camera’s system log that will show which IP addresses were used to login to the system and what was accessed
  • Physically locking down the camera to prevent any unauthorized physical access to the system
  • Limiting features of guest accounts
  • Isolating the NVR and IP camera network to prevent gainingaccess to the same network the security system needs in order to function properly

These important actions, along with installing security cameras on a dedicated security network that is not connected to the public internet, can go a long way in lessening susceptibility to cyber attacks.

Additional Initiatives

Many manufacturers are implementing additional initiatives to help end users secure their networks. For example, one Dahua initiative focuses on authentication for administrative access to security system equipment. As part of this initiative, default accounts are no longer included in new devices. Instead, when installing the device, the device requires initialization with a strong password. Management software communicates with the devices not by sending the strong password itself, but by sending a coded digest message instead. If anyone were to intercept the digest message, they would not be able to decode the password. This comprehensive approach to endpoint security heightens the security level of the entire system.

In addition, the session security function built into DahuaIP surveillance equipment includes an adjustable “inactivity time out” to protect against unauthorized connections. New built-in security features go much further, tracking session credentials for subsequent identity authentication. If a particular host IP address repeatedly generates security issues, the equipment will automatically lock out that address and refuse further sessions.

Even more, many security camera manufacturers are working in partnership with independent experts such as DBAPP Security and Synopsys Technology to ensure the highest security and quality for their products.

The results of those efforts are being seen in better management of identities, increased session and data security, smooth software update processes, prevention of brute force and password cracking attempts, and the overall improvement in IP surveillance device and network security.

Organizations with IP networked surveillance systems must have a comprehensive and holistic cybersecurity program in place to protect the integrity of their physical security systems and the data on the enterprise. By taking a proactive approach to cybersecurity and working more closely with equipment manufacturers and suppliers, security professionals can better protect their organizations while supporting global efforts to curtail future cybersecurity threats and activities.

This article originally appeared in the February 2018 issue of Security Today.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events

  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

Most   Popular

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”