Cyber attacks targeting IoT devices and consequently video systems as well are growing more frequent at an unprecedented rate. The things users should consider in their security strategy are highlighted in an information package from Dallmeier, the Regensburg-based video equipment manufacturer with information and specific recommended measures. They show that the essential aspects extend beyond the classic instruments of cyber security.
Security specialists at many banks in several different countries were undoubtedly completely blindsided in 2013 when Russian hacker groups “purloined” a sum totalling more than a hundred million euros in the course of the “Carbanak” campaign: In these attacks, surveillance cameras inside the financial institutions were compromised, allowing the perpetrators to secretly view screen contents and keyboard entries and identify employees as spear phishing targets from their name tags or employee IDs, for example. Video systems also make excellent targets in “Denial of Service” attacks, as was demonstrated by the infamous “Mirai” and “Persirai” campaigns.
According to Dallmeier, if a company wants to protect itself successfully from attacks of this kind, it is essential to implement a fully comprehensive strategy. The video technology company identifies five crucial aspects which must function in harmony: consideration of security issues as early as the planning phase, integration in the IT strategy, cyber security functions in the systems, data protection, and not least the credibility of the manufacturer.
Due consideration of security questions should be included in the planning stage, for example by intelligent use of 3D technology.
Secondly, it is important to ensure that the planned system is consistent with the company’s IT strategy: More and more often, essential resources such as server capacities, or even the entire video security system fall within the purview of the IT department.
For the actual core function “cyber security”, it is important that systems are equipped with all the requisite “IT security” functions, from hardened operating systems to capabilities for separating networks and up to and including encryption technologies and attack detection capabilities.
The fourth aspect should really be practically self-evident since the entry into force of the GDPR, that is to say consideration of data protection issues.
Finally, customers should also think very carefully about the manufacturer itself: What steps are taken to safeguard the systems during development and production, is the manufacturer potentially exposed to political pressure, and what provisions are made for security aspects when integrating the systems with each other and integrating third party systems?
Dallmeier’s information package is intended to provide answers to these and other questions and with a “Best Practice Guide” offers an extensive collection of practical tips and configuration notes for IT and security officers and administrators. The information package also includes the latest issue of “Video Extra” and the Dallmeier data protection and data security brochure.