Cybersecurity continues to be a major theme in the physical security industry, but effective cybersecurity comes at a cost. Higher cost is contrary to another major trend in the market: lower product pricing, which some have characterised as a ‘race to the bottom’. Chinese manufacturers, whose products tend to have lower prices, have been the target of cybersecurity concerns and even a government ban. So what is the overall impact of cybersecurity on pricing trends in video products? We asked this week’s Expert Panel Roundtable: Are cybersecurity concerns slowing down the ‘race to the bottom’ (i.e., the dominance of lower-cost cameras)?
People are now more aware than ever of the rising cybers threats and their unforgiving nature. With an increase in state-sponsored hacking and cyber warfare, it is becoming increasingly important to properly vet every product we install on our networks. Every year we have more proof points that cheaper solutions are very often less secure. That is because low-cost devices typically include fewer layers of protection and have more chance of including unsecure coding and potential exploits.
Organisations need to be diligent, and put more emphasis on cybersecurity, which will in turn slow down the race to the bottom. We recommend a defence-in-depth approach, which requires being constantly on the lookout as new threats arise. While that approach might mean purchasing higher-quality devices that cost a little more, it will result in a safer environment, and help avoid much greater costs and potential fines in the event of a breach.
In every industry, there is a segment of price-oriented suppliers and buyers that create downward pricing pressure. The physical security business is no different. However, there is a price for superior security that is both capital-based (well-designed and tested hardware and software) as well as operational-based (regular maintenance/monitoring, processes, etc.). Given that some well-publicised cybersecurity issues have driven the U.S. government’s vendor-specific ban on a handful of low-cost video surveillance manufacturers, customers and systems integrators are recognising the importance of cybersecurity more and more these days.
It is also forcing vendors to re-think their own policies and design choices. Over the next year or two, cybersecurity and the ban will become increasingly impactful (versus price) and will influence governments around the globe. The ‘race to the bottom’ will exist for pure commodity-oriented buyers. However, for a growing number of market segments, cybersecure robust products will take precedence over price.
Today more end users look to buy surveillance from a reputable brand that is at the vanguard of cybersecurity. Customers are looking for data and communication encryption from video capture to transfer, integrity of video evidence, RAID support, and enforced passwords together with two-factor authentication at a basic-level. They also want to see best practice embedded into training to mitigate against human oversight. And network security cannot be engineered and then ignored.
As threats change, customers want assurances that updates will be issued quickly, so they have the latest software and firmware to protect against the changing environment. There’s no doubt some manufacturers have been caught on the back foot. Re-engineering is an expensive process, and the cost to re-build trust more so. So, cybersecurity concerns, particularly in the mid- to enterprise-level sectors, have definitely put an end to some of the most aggressive price cutting.
Cybersecurity and other important concerns such as privacy are definitely slowing down the ‘race to the bottom’ for cameras and other security equipment. When the industry made the transition from closed, proprietary analogue systems to open, networked-based systems, many integrators and end users were quick to adopt relatively cheap equipment that was ‘good enough’. As adoption of networked-enabled infrastructure became mainstream, there was a growing realisation – based on customers’ experiences and industry evaluations – that cheap physical security equipment suffered from a host of vulnerabilities.
Some of these, such as lack of encryption, were commonly found in a lot of devices, but some, such as ‘back-door’ access was discovered in devices made only by certain manufacturers. For users that have mandates around cybersecurity, privacy, etc., price has now ceased to be the overriding factor in buying physical security equipment; they are now willing to pay for keeping physical security equipment secure.
There are no obvious signs that the ‘race to the bottom’ is slowing down. Inevitably some manufacturers will always want to sell low-cost products to that part of market. However, it’s wrong to assume that low-cost means low security, the two do not have to be synonymous! It is important for security buyers to understand what they are buying, though.
The embedded security in low-cost systems may vary greatly from higher-priced systems, but it depends on the needs of the security operator as to whether this is an issue or not. It’s most likely that some cybersecurity elements will be missing in lower-priced systems – but as long as you are aware, and it suits your needs, then what’s the problem? However, ‘cheap’ does not always equate to ‘value’ either – it’s all about finding the right combination of cost and performance for your specific needs.