A strong cybersecurity foundation

SMART Surveillance 2024 Information Security

In today’s digital world, it is not surprising to see cybersecurity top of mind in many boardrooms. Indeed, 96% of CEOs say that it is essential to their organisation’s growth and stability, according to Accenture.

They are right to be concerned because, according to research firm Cybersecurity Ventures, cybercrime is projected to cost the world a staggering $9,5 trillion USD in 2024. Such losses can be business-ending, without even considering the cost of reputational damage and unscheduled downtime.

The cyber-risks of video

Therefore, being aware of the risks of an insecure video surveillance system and how to mitigate these are critical skills for all security leaders. A VMS can present attractive targets for malicious actors thanks to the data collected by cameras, connected sensors, and video management software (VMS). This data can be used for blackmail or to gather confidential information. Hackers can sell footage of your building layout and staffing levels at different times of the day to criminals, for example.

IP cameras can also be used as gateway devices for larger attacks, including global distributed denial of service (DDoS) attacks that use connected cameras and other devices to send a flood of traffic to targeted websites and other infrastructure.

When it comes to protecting businesses, no two systems will be the same. The protections for a school will be very different from those of a data centre or a mine. Therefore, the first step in protecting your organisation and its surveillance systems is understanding what needs to be protected, how, and from whom, as well as the potential damage that can occur when (not if) an attack happens.

The importance of physical security

One unique aspect of video networks is how many devices are located in public, potentially vulnerable, areas. Most organisations need to install cameras to monitor busy areas, entrances, exits, and restricted areas or remote parts of a site. This can put cameras at higher risk, making it easier for attackers to gain access and disconnect devices. This means that multi-layered security to keep devices safe and separate from the wider IT network is essential. It also means that without adequate protection, a video surveillance system can be less secure than a classical IT system. That is worth bearing in mind when addressing your video and IT network cybersecurity as a whole.

Everyone’s responsibility

Cybersecurity is a shared responsibility, and IT and security must work together to build a robust cybersecurity strategy. Your IT team will need to be closely involved when implementing your video cybersecurity strategy. Because of their experience in areas like virtual private networks (VPNs) and virtual local area networks (VLANs), they will work with you on some of the foundational elements of protecting your VMS and connected devices.

Knowing who takes care of what can help you to assign accountability for things like upgrades, auditing, and penetration testing. Sometimes an external party, like a manufacturer or installer, is responsible for some aspects of your cybersecurity. Therefore, when starting your cybersecurity strategy, you will need to check:

1. Assess the nature of the business – and its goals.

2. Determine the local rules and regulations.

3. Confirm who is responsible for maintaining your system.

4. Ask who monitors your system. Unusual traffic or alerts of technical errors can be an indication of a cyberattack.

5. Be clear about who can access your video and computer network. Is the level of access appropriate to their needs? Does an operator have a level of access that is too high, or does someone who has left your organisation still have login credentials?

Speaking of access, you will also need to consider physical elements, such as who has access to a VMS server room. Alarms and access control measures can help prevent unauthorised individuals from accessing sensitive areas where your video data is located.

Consider the human element

One should consider your overall training programme, as the human factor can be a significant weakness in your cybersecurity, accounting for between 88 to 95% of data breaches, according to a joint study by Stanford University Professor, Jeff Hancock, and security firm, Tessian. Even something as simple as re-using a personal password to log into a VMS account, or falling for social engineering attacks (like an ‘urgent’ email from a manager requesting account details) can undermine every technical cybersecurity feature you implement.

Hence, regular training for your security team is important, as it can keep them updated on the latest threats and new ways to protect themselves and your system from harm. User control can also assist here, with admin and data access rights only given to those who require them. Assigning different VMS user credentials will (hopefully) prevent password sharing and allow you to remove a user’s access when they leave your company.

Foundational cybersecurity measures

Alongside this, there are some basic foundations that you can ensure you are following in order to make your video system less attractive to attackers. These include updating your cameras’ firmware and VMS device drivers to the newest versions.

Updates are typically made on an ongoing basis, so make sure your camera manufacturer issues regular security updates, including vulnerability patching and additional protections against new threats. Much

like how keeping your smartphone or laptop updated reduces the risk of a hack, staying up to date with your VMS and camera updates will make them less attractive to hackers.

Disabling your cameras’ built-in admin accounts or changing the default passwords is one of the first things to do when installing a new device. Then, you can ensure your cameras only support HTTPS (the secure version of HTTP).

To ensure the best protection, your chosen password should be a combination of lowercase and uppercase letters, special characters, and numbers. It should also not contain easily guessable words or phrases – using the word ‘password’ is an absolute no! Passwords also should not contain any information that identifies a user or that a hacker could gain from their public profiles and social media. As importantly, VMS accounts should not be shared by multiple users.

Keep your networks separate

Generally speaking, it is a good idea to keep your video network separate from your wider IT network. You can do this through VPNs (which is essential if you have people accessing your systems remotely, outside of your local network), and through VLANs that keep your video system partitioned and isolated from your other computer systems. If your cameras or VMS are compromised, for example, by someone accessing a device located on the street or by an operator unwittingly using a USB with malware on it, a hacker cannot use your video system to access more of your organisation’s data. It serves to limit the damage.

The importance of multi-layered security

A widescale breach in 2021 offers a hard lesson in what can potentially go wrong when you fail to secure your camera systems effectively. A cyberattack on a system provider in the USA exposed video recordings from

150 000 cameras, but also the sensitive financial information of high-profile customers. Hackers gained access to the provider’s systems using a username and password that was exposed in the public domain. This illustrates the importance of good password habits (regular password changes, using hard-to-guess passwords, and training people not to share their passwords with others).

Over 100 employees had ‘super admin’ privileges in the provider’s system, which gave access to footage from thousands of customer cameras, unknown to them. Setting the right access level for each user ensures that the risk and potential spread of a hack is limited. Put another way, the more admins you have, the more targets hackers can exploit.

Finally, alongside camera footage, hackers could also access sensitive financial and customer information through the breach. Separating your video network from your IT network limits how far a hacker can go if they do access your system. It prevents them from accessing your business’ financial and product data, operations, and other sensitive systems.

Cybersecurity is continuous

With all that said, every system will have vulnerabilities, and the cybersecurity space is constantly evolving. Being aware, in control, and responsible when using video will go a long way in protecting your organisation.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.