Top 5 Cybersecurity Strategies Integrators Need to Learn -- Security Today

Top 5 Cybersecurity Strategies Integrators Need to Learn

By Evan Stuckless
Apr 20, 2020

As cyberthreats to video surveillance systems continue to increase, there is high demand from end-users for the channel to be knowledgeable and prepared to mitigate cybersecurity risks. Ongoing education is critical for both security and IT employees, preparing them to work together as cybersecurity experts.

According to a 2019 McKinsey report on transforming cybersecurity, responding to cyberthreats requires comprehensive and collaborative efforts between the security and IT teams. Traditionally, many companies distinguish between physical and information security, between information technology and operational technology, and between in-house and external security. In the digital age, these splits are obsolete. Scattered and fragmented responsibility can put the entire organization at risk.

Here are the top five most effective cybersecurity strategies to focus on when training the channel to combat cyberattacks:

1. Isolate the device network from other networks

The tiered system architecture of a video management system (VMS) makes it possible to separate the device network and the core server/client network. The device network is where cameras, microphones, speakers, I/O devices and other supported IP devices are located. With the recording server as a connection point between the device and the client networks, there is no direct routing between the two network segments. This means that a cyberattack on either network will not spread to—or outside of—the device network.

Isolating the device network is perhaps the single most important security configuration measure. For example, a small school may use a flat network configuration where the recording server and management server are both connected to the device network. The recording server communicates with the devices. In addition, the rest of the school's computers may be connected to the same network. Staff members log into the VMS from their workstations when needed.

There is nothing wrong with a flat network configuration from a technical perspective, but it's not good for security. In this example, the computer labs and staff computers have direct access to cameras. If a malicious user has device access, it doesn't matter how good the protections are elsewhere. Optimally, only the recording servers should have access to the cameras. The simplest fix is to isolate the device network by using a second network interface on the recording server.

In addition to isolating the device network, all devices should use strong, non-default passwords to mitigate other potential issues.

2. Educate employees about security threats

Education and awareness are critical in teaching employees how to identify and counteract a variety of cyberthreats. Consider establishing cybersecurity awareness training that covers gaps in protection that many organizations must mitigate, including human, technological and physical vulnerabilities.

Malicious individuals often resort to social engineering because they find that human targets are the easiest to exploit and the rewards are the greatest. Social engineering is a set of tactics that attackers use to get valuable information from another person. This can be done in a variety of ways, but all rely on people’s natural tendency to be polite and trust one another. Often the victim has no idea that there is even a threat.

For example, spam and phishing e-mails try to trick users into clicking a link or opening an attachment that will actually install malware. Tailgating refers to a situation where an outsider enters a building behind an authorized employee, before the door closes. Baiting is when a USB drive or other storage medium is intentionally left behind in the hope that a company employee will insert it into their computer and execute malware. This could also include other items, like gifts that have microphones or other surveillance equipment embedded.

Attackers commonly call internal technical support pretending to be a person of high status, or otherwise give a sense of urgency and credibility. For example, the caller might request a password reset because of an urgent need to access a system. The technical support representative may feel pressured because of the high status of the caller, and make an exception and change the password over the phone.

Cybersecurity training prepares employees to learn how to handle social engineering situations with a healthy level of skepticism, to harden VMS and IT systems, and to protect physical assets like server rooms and cameras.

3. Use Active Directory for user and computer management

Active Directory (AD) is a centralized user management system that authenticates and authorizes users and computers in a domain. It also assigns and enforces group policies for all computers, including security settings.

User management is an important aspect in cybersecurity. Without a central user database, multiple user accounts on different systems can be difficult and time consuming to manage. By using a centralized system like AD, users can be added and deleted in just one place, and the change is applied across the entire system. This stops former employees and contractors from regaining access to systems where it wasn’t revoked due to a simple human error. AD's centralized structure simplifies many IT tasks, minimizing mistakes that occur in a decentralized set up.

Other benefits include user authentication in AD, which has built-in protections against common cyberattacks. Group Policy can manage many everyday IT security tasks like password policy and computer security settings. Kerberos authentication adds another level of security in verifying the identity of a user or host.

4. Enable encryption at every stage necessary

One of the most important security improvements seen both on the web and the VMS space over the last several years is encryption. When the data is sensitive and there is a chance for unauthorized access either by eavesdropping on network traffic or accessing stored data, encryption is the right tool to protect it.

As a rule of thumb, device data flows through multiple steps. First it is received over the network by a recording server. Then it may or may not be recorded on disk depending on the system configuration. Client applications request live or recorded data on demand. Finally, if deemed necessary, the data may be exported and handed over to authorities. All of these stages pose cybersecurity risks as well as privacy risks for the subjects in the data. Using encryption in every stage avoids unauthorized access.

Attackers can intercept data with techniques like port mirroring or ARP spoofing. Encryption prevents hackers from being able to read the data content, even if they were able to intercept it. Web servers, virtual private networks (VPNs) and other technologies commonly use transport layer security (TLS) as a method to encrypt data in transit through the network.

5. Control network traffic by segmenting VMS, client and business networks

Network segmentation is an effective but often overlooked security measure. Different networks can be separated from each other by a firewall appliance, or by total isolation through a physically separated switching infrastructure for different systems. In the VMS industry, total isolation of networks is often the standard approach. This eliminates all kinds of threats originating from other networks.

More commonly, however, the networks are separated using a firewall appliance and virtual local area networks (VLANs). This approach makes it more difficult for attackers to move from one network to another if they gain access. It also improves network management by concentrating firewall rules in one place.

Many organizations already have a central firewall/router network appliance. Usually it handles traffic to and from the internet. That same equipment also can handle several internal networks, so different types of systems can be segmented into their own networks.

Continuing the previous example of a small school network, the device network is now isolated from other networks, but everything else is still on the same segment, including the VMS, school staff systems and student computer labs. That's not the best scenario. To improve network security, one VLAN should be created for the VMS and another for the school staff. Most importantly, students should be set up in their own VLAN without access to the staff or VMS networks. The school’s firewall appliance will handle routing between the VLANs. Using a firewall appliance to handle traffic between network segments allows complete control.

Trained and Cybersecurity Ready

By understanding human vulnerabilities to cyberattacks as well as network and device risks, the channel can effectively learn how to mitigate increasingly volatile cyberthreats.

Amerant Bank Selects Omnilert AI Technology for Enhanced Video Surveillance Security
05/02/2025
Minnesota County Is Still Reaping Huge Benefits from ASAP Service
05/01/2025
Winsted Unveils Pinnacle Collection with Sliding Worksurface
04/30/2025
Everon Awarded Sourcewell Cooperative Purchasing Contract
04/30/2025
Honeywell Signs Global Distribution Agreement With Milestone Systems
04/28/2025
DSI Security Services Announces Leadership Reorganization and Strategic Growth Initiatives
04/21/2025
Everon Appoints Enterprise Security Veterans to Top Sales Leadership Roles
04/17/2025
Reconeyez Appoints Peter Young as New CEO to Lead Next Phase of Growth
04/16/2025

Featured

Verizon’s 2025 Data Breach Investigations Report Notes Alarming Cyberattack Surge Through Third Parties

Verizon Business recently released its 2025 Data Breach Investigations Report (DBIR), which reveals a significant increase in cyberattacks. The report found that third-party involvement in breaches has doubled to 30%, and exploitation of vulnerabilities has surged by 34%, creating a concerning threat landscape for businesses globally. Read Now
- Cybersecurity
Net2 Access Control Increases Reliability at Residential Complex

Encore Atlantic Shores is a residential complex of 240 luxurious townhomes for ages 55 and over in Eastport, New York. Completed in 2011, the site boasts an 11,800 square foot clubhouse, with amenities such as a fitness center, heated indoor pool, whirlpool spa, multi-purpose ballroom, cardroom and clubroom with billiards, tennis courts and an outdoor putting green. Read Now
- Access Control
Security Today Announces The Govies Government Security Award Winners for 2025

Security Today is pleased to announce the 2025 winners in The Govies Government Security Awards. The awards honor outstanding government security products in a variety of categories. Read Now
- Government
Survey: 60 Percent of Organizations Using AI in IT Infrastructure

Netwrix, a cybersecurity provider focused on data and identity threats, today announced the release of its annual global 2025 Cybersecurity Trends Report based on a global survey of 2,150 IT and security professionals from 121 countries. It reveals that 60% of organizations are already using artificial intelligence (AI) in their IT infrastructure and 30% are considering implementing AI. Read Now
- Cybersecurity
New Research Reveals Global Video Surveillance Industry Perspectives on AI

Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now
- Artificial Intelligence

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
AC Nio

Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.
EasyGate SPT SPD

Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.