In 2017, IoT-based cyberattacks increased by 600%. As the industry moves towards the mass adoption of interconnected physical security devices, end users have found a plethora of advantages, broadening the scope of traditional video surveillance solutions beyond simple safety measures.

Thanks in part to these recent advancements, our physical solutions are at a higher risk than ever before. With today’s ever evolving digital landscape and the increasing complexity of physical and cyber-attacks, it’s imperative to take specific precautions to combat these threats.

Video surveillance systems

Cybersecurity is not usually the first concern to come to mind

When you think of a video surveillance system, cybersecurity is not usually the first concern to come to mind, since digital threats are usually thought of as separate from physical security. Unfortunately, these two are becoming increasingly intertwined as intruders continue to use inventive methods in order to access an organisation's assets.

Hacks and data breaches are among the top cyber concerns, but many overlook the fact that weak cybersecurity practices can lead to physical danger as well. Organisations that deploy video surveillance devices paired with advanced analytics programs often leave themselves vulnerable to a breach without even realising it. While they may be intelligent, IoT devices are soft targets that cybercriminals and hackers can easily exploit, crippling a physical security system from the inside out.

Physical security manufacturers

Whether looking to simply gain access to internal data, or paralyse a system prior to a physical attack, allowing hackers easy access to surveillance systems can only end poorly. In order to stay competitive, manufacturers within the security industry are trading in their traditional analogue technology and moving towards interconnected devices.

Due to this, security can no longer be solely focused on the physical elements and end users have taken note. The first step towards more secured solutions starts with physical security manufacturers choosing to make cybersecurity a priority for all products, from endpoint to edge and beyond. Gone are the days of end users underestimating the importance of reliability within their solutions. Manufacturers that choose to invest time and research into the development of cyber-hardening will be ahead of the curve and an asset to all.

Wireless communication systems

Integrators also become complicit in any issues that may arise in the future

Aside from simply making the commitment to improve cyber hygiene, there are solid steps that manufacturers can take. One simple action is incorporating tools and features into devices that allow end users to more easily configure their cyber protection settings. Similarly, working with a third party to perform penetration testing on products can help to ensure the backend security of IoT devices. This gives customers peace of mind and manufacturers a competitive edge.

While deficient cybersecurity standards can reflect poorly on manufacturers by installing vulnerable devices on a network, integrators also become complicit in any issues that may arise in the future. Just last year, ADT was forced to settle a $16 million class action lawsuit when the company installed an unencrypted wireless communication system that rendered an organisation open to hacks.

Cybersecurity services

In addition, we’ve all heard of the bans, taxes and tariffs the U.S. government has recently put on certain manufacturers, depending on their country of origin and cybersecurity practices. Lawsuits aside, employing proper cybersecurity standards can give integrators a competitive advantage.

With the proliferation of hacks, malware, and ransomware, integrators that can ease their client's cyber-woes are already a step ahead. By choosing to work with cybersecurity-focused manufacturers who provide clients with vulnerability testing and educate end users on best practices, integrators can not only thrive but find new sources of RMR. Education, collaboration and participation are three pillars when tackling cybersecurity from all angles. For dealers and integrators who have yet to add cybersecurity services to their business portfolios, scouting out a strategic IT partner could be the answer.

Unlocking countless opportunities

Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step

Physical security integrators who feel uncomfortable diving headfirst into the digital realm may find that strategically aligning themselves with an IT or cyber firm will unlock countless opportunities. By opening the door to a partnership with an IT-focused firm, integrators receive the benefit of cybersecurity insight on future projects and a new source of RMR through continued consulting with current customers.

In exchange, the IT firm gains a new source of clients in an industry otherwise untapped. This is a win for all those involved. While manufacturers, dealers and integrators play a large part in the cybersecurity of physical systems, end users also play a crucial role. Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step.

Commonplace cybersecurity standards

Below is a list of commonplace cybersecurity standards that all organisations should work to implement for the protection of their own video surveillance solutions:

  • Always keep camera firmware up to date for the latest cyber protections.
  • Change default passwords, especially those of admins, to keep the system locked to outside users.
  • Create different user groups with separate rights to ensure all users have only the permissions they need.
  • Set an encryption key for surveillance recordings to safeguard footage against intruders and prevent hackers from accessing a system through a backdoor.
  • Enable notifications, whether for error codes or storage failures, to keep up to date with all systems happenings.
  • Create/configure an OpenVPN connection for secured remote access.
  • Check the web server log on a regular basis to see who is accessing the system.
  • Ensure that web crawling is forbidden to prevent images or data found on your device from being made searchable.
  • Avoid exposing devices to the internet unless strictly necessary to reduce the risk of attacks.
Download PDF version Download PDF version

Author profile

In case you missed it

How should the security industry promote diversity?
How should the security industry promote diversity?

Diversity in a company’s workforce is arguably more important now than ever. Societal awareness of the importance of diversity has grown, and many people see diversity as an important factor that reflects positively (or negatively) on a company’s culture and image in the marketplace. We asked this week’s Expert Panel Roundtable: What should the security industry do to promote workplace diversity?

Why face recognition as a credential is the ideal choice for access control?
Why face recognition as a credential is the ideal choice for access control?

In the field of access control, face recognition has come a long way. Once considered too slow to authenticate people's identities and credentials in high traffic conditions, face recognition technology has evolved to become one of the quickest, most effective access control identity authentication solutions across all industries. Advancements in artificial intelligence and advanced neural network (ANN) technology from industry leaders like Intel have improved the accuracy and efficiency of face recognition. However, another reason the technology is gaining traction is due to the swiftly rising demand for touchless access control solutions that can help mitigate the spread of disease in public spaces. Effective for high volumes Face recognition eliminates security risks and is also virtually impossible to counterfeit Modern face recognition technology meets all the criteria for becoming the go-to solution for frictionless access control. It provides an accurate, non-invasive means of authenticating people's identities in high-traffic areas, including multi-tenant office buildings, industrial sites, and factories where multiple shifts per day are common. Typical electronic access control systems rely on people providing physical credentials, such as proximity cards, key fobs, or Bluetooth-enabled mobile phones, all of which can be misplaced, lost, or stolen. Face recognition eliminates these security risks and is also virtually impossible to counterfeit. Affordable biometric option Although there are other biometric tools available, face recognition offers significant advantages. Some technologies use hand geometry or iris scans, for example, but these options are generally slower and more expensive. This makes face recognition a natural application for day-to-day access control activities, including chronicling time and attendance for large workforces at construction sites, warehouses, and agricultural and mining operations. In addition to verifying personal credentials, face recognition can also identify whether an individual is wearing a facial covering in compliance with government or corporate mandates regarding health safety protocols. Beyond securing physical locations, face recognition can also be used to manage access to computers, as well as specialised equipment and devices. Overcoming challenges with AI So how did face recognition become so reliable when the technology was once dogged by many challenges, including difficulties with camera angles, certain types of facial expressions, and diverse lighting conditions? Thanks to the emergence of so-called "convolutional" neural network-based algorithms, engineers have been able to overcome these roadblocks. SecurOS FaceX face recognition solution FaceX is powered by neural networks and machine learning which makes it capable of authenticating a wide range of faces One joint effort between New Jersey-based Intelligent Security Systems (ISS) and tech giant Intel has created the SecurOS FaceX face recognition solution. FaceX is powered by neural networks and machine learning which makes it capable of authenticating a wide range of faces and facial expressions, including those captured under changing light, at different resolution levels, and varying distances from the video camera. Secure video management system A common face recognition system deployment begins with IP video cameras that feed footage into a secure video management system connected to a video archive. When the software initially enrolls a person’s face, it creates a "digital descriptor" that is stored as a numeric code that will forever be associated with one identity. The system encrypts and stores these numeric codes in a SQL database. For the sake of convenience and cost savings, the video server CPU performs all neural network processes without requiring any special GPU cards. Unique digital identifiers The next step involves correlating faces captured in a video recording with their unique digital descriptors on file. The system can compare newly captured images against large databases of known individuals or faces captured from video streams. Face recognition technology can provide multi-factor authentication, searching watchlists for specific types of features, such as age, hair colour, gender, ethnicity, facial hair, glasses, headwear, and other identifying characteristics including bald spots. Robust encryption SED-compatible drives rely on dedicated chips that encrypt data with AES-128 or AES-256 To support privacy concerns, the entire system features an encrypted and secure login process that prevents unauthorized access to both the database and the archive. An additional layer of encryption is available through the use of Self-Encrypting Drives (SEDs) that hold video recordings and metadata. SED-compatible drives rely on dedicated chips that encrypt data with AES-128 or AES-256 (short for Advanced Encryption Standard). Anti-spoofing safeguards How do face recognition systems handle people who try to trick the system by wearing a costume mask or holding up a picture to hide their faces? FaceX from ISS, for example, includes anti-spoofing capabilities that essentially check for the "liveliness" of a given face. The algorithm can easily flag the flat, two-dimensional nature of a face mask, printed photo, or image on a mobile phone and issue a "spoof" alarm. Increased speed of entry Incorporating facial recognition into existing access control systems is straightforward and cost-effective Incorporating facial recognition into existing access control systems is straightforward and cost-effective. Systems can operate with off-the-shelf security cameras and computers. Users can also leverage existing infrastructure to maintain building aesthetics. A face recognition system can complete the process of detection and recognition in an instant, opening a door or turnstile in less than 500ms. Such efficiency can eliminate hours associated with security personnel checking and managing credentials manually. A vital tool Modern face recognition solutions are infinitely scalable to accommodate global enterprises. As a result, face recognition as a credential is increasingly being implemented for a wide range of applications that transcend traditional access control and physical security to include health safety and workforce management. All these capabilities make face recognition a natural, frictionless solution for managing access control, both in terms of performance and cost.

What are the challenges and benefits of mobile access control?
What are the challenges and benefits of mobile access control?

There is a broad appeal to the idea of using a smartphone or wearable device as a credential for physical access control systems. Smartphones already perform a range of tasks that extend beyond making a phone call. Shouldn’t opening the door at a workplace be among them? It’s a simple idea, but there are obstacles for the industry to get there from here. We asked this week’s Expert Panel Roundtable: What are the challenges and benefits of mobile access control solutions?