Hanwha Vision: Boosting cybersecurity in video surveillance

Robust cybersecurity is essential for all organisations. Yet there is a significant gap in how prepared security and IT managers believe they are for a cyber-attack, and the steps their organisations are taking to mitigate threats.

Research from Hanwha Vision Europe shows that while overall confidence in video surveillance systems’ security is high, many organisations fall short on fundamental cybersecurity measures.

List of practical actions and training tips

Over 1,150 IT and security managers/directors from organisations with 50+ employees

Over 1,150 IT and security managers/directors from organisations with 50+ employees across the UK, France, Germany, Italy, and Spain, in industries including data centres and telecoms, financial services, transport, manufacturing and retail, were asked about their cyber resilience and knowledge of threats and legislation.

To address this gap, they’ve compiled a list of practical actions and training tips that will make cybersecurity a continuous exercise, ensuring that the video system is as protected as possible against malicious actors and evolving threats.

10 Cybersecurity measures to take now

1. Secure physical access

Physical security is a foundational step in the cybersecurity, but it can be more challenging for video systems, given that devices are often in public and occasionally remote locations, for example, city centres or solar sites.

Assess the location of the video devices and how best to limit device tampering. Keep access to sensitive equipment such as Network Video Recorders (NVRs) and server rooms secured and for authorised personnel only.

2. Enable 802.1x Certificate-Based access control

Use 802.1x protocols to authenticate devices on the video surveillance network to add an extra layer of security and prevent unauthorised access.

3. Create user-level accounts

Unique user credentials and user-level accounts with the least privileges will also minimise the risk of a data leak. Only give users access to the permissions necessary for their role and put processes in place to easily revoke access if a user leaves the organisation.

4. Use a secure VPN for remote access

When users are accessing the video system remotely, make sure they are using a VPN or another means to encrypt data and reduce the chances of interception.

Edge-based AI cameras can also decrease the risk of sensitive video data being accessed as analytics are carried out on the device itself, with only metadata and insights communicated back to control rooms.

5. Change default usernames and passwords

While it may seem obvious, default credentials are a common point of entry for attackers. Ensure all device credentials are unique and changed regularly.

Educating users on password best practices, such as creating a strong password and not writing it down or sharing it with others, is also important.

6. Update devices with the latest firmware

Regular firmware updates often contain security patches for vulnerabilities. Set reminders to check and update firmware regularly.

Only work with manufacturers that have dedicated resources to keep track of threats and vulnerabilities and that regularly update their devices to mitigate these risks.

7. Disable guest or non-authenticated RTSP access

Prevent unauthorised access to video streams by disabling guest access or requiring authentication for Real-Time Streaming Protocol (RTSP) feeds.

8. Utilise tampering and defocus detection analytics

Use tampering detection to send real-time alerts if cameras are covered or moved, and defocus detection to notify if image clarity is compromised.

9. Enable network disconnect detection

Enable network disconnect detection for devices, to notify of any interruptions that could indicate tampering.

10. Regularly check device logs

Review logs to monitor for unusual activity and detect normal and abnormal behaviour patterns. This will help to identify potential issues before they escalate.

Cybersecurity is an ongoing, collective effort

Staying ahead with cybersecurity doesn't have to be overwhelming or intensive. Reputable manufacturers and installers can provide invaluable guidance on emerging trends, best practices, and timely alerts to bolster cyber-resilience. 

A proactive and collaborative approach will enable them to focus on the capabilities offered by modern video systems, ensuring they enhance the operations rather than be the weak link in the cybersecurity strategy.