Service provider got you hacked?

April 2016 Information Security

Not a day goes by, it seems, that we are not hearing about some sort of security breach involving a major retail operation or corporation. Hackers seem determined on getting at protected data, such as credit card information or identity numbers, by any means possible.

For the security industry, every such attack brings new concerns about the safety of network-based systems. The network is the back door to accessing all kinds of information, whether it is financial, personal or something specific to the security of an operation.

For instance, a cyber criminal may be looking to interfere with a security system by interrupting the video stream, altering camera views so someone can make a physical attack on a location or hijacking the servers to perform illegal functions. Even a camera, if left vulnerable, may be used as an entry point to a larger network.

As a result, it is increasingly important to know what steps a security system provider is taking to ensure that its network-based equipment such as NVRs and video management systems are hardened against attacks.

While the US Federal Information Security Act mandates a specific level of compliance, it is critical to work with a supplier that understands what is involved in the compliance process, and is invested in taking a lead on this critical issue.

Here are some of the most important questions to ask a security system supplier:

• How often are updates provided for the product and how are security vulnerabilities handled? More frequent updates to the product means more opportunity to remove vulnerabilities. Also, by monitoring new vulnerabilities found through international databases a supplier can release a patch quickly to address a critical vulnerability.

• Is the company undergoing third-party assessments of its products? Having an independent, third-party undertake penetration testing will point out what vulnerabilities exist and allow the company to take the proper action.

• How often does the vulnerability testing take place? Each time the software within a product or system is altered, there should be a new test so the development team can address any new software issues before the product is released.

• Has the company documented what it is doing? Knowing what the vulnerabilities are and how they have addressed them can go a long way toward ensuring your comfort level with a product.

As cyber criminals continue to develop new methods for gaining access to information and systems, data safeguards become more and more vital. How a supplier is safeguarding its products and your data serves as a critical first line of defence against cyber attack.

For more information contact Tyco Security Products, +27 (0)82 566 5274, [email protected], www.tycosecurityproducts.com



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Kaspersky finds 24 vulnerabilities in biometric access systems
Technews Publishing Information Security
Customers urged to update firmware. Kaspersky has identified numerous flaws in the hybrid biometric terminal produced by international manufacturer ZKTeco, allowing a nefarious actor to bypass the verification process and gain unauthorised access.

Read more...
Responsible AI boosts software security
Information Security
While the prevalence of high-severity security flaws in applications has dropped slightly in recent years, the risks posed by software vulnerabilities remain high, and remediating these vulnerabilities could hinder new application development.

Read more...
AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.

Read more...
NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Read more...
iOCO collaboration protection secures Office 365
Information Security Infrastructure
The cloud, in general, and Office 365, in particular, have played a significant role in enabling collaboration, but it has also created a security headache as organisations store valuable information on the platform.

Read more...
Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

Read more...
A strong cybersecurity foundation
Milestone Systems Information Security
The data collected by cameras, connected sensors, and video management software can make a VMS an attractive target for malicious actors; therefore, being aware of the risks of an insecure video surveillance system and how to mitigate these are critical skills.

Read more...
Surveillance and cybersecurity
Cathexis Technologies Information Security
Whether your business runs a security system with a handful of cameras or it is an enterprise company with thousands of cameras monitoring sites across a multinational organisation, you must pay attention to cybersecurity.

Read more...
Cyber-armour for a healthcare industry under attack
NEC XON Information Security Healthcare (Industry)
Malicious actors have exploited compromised credentials, a clear and present danger when healthcare providers' reliance on remote access software allows adversaries to disguise themselves as legitimate users and gain unauthorised access to critical environments.

Read more...
Cybersecurity and AI
AI & Data Analytics Information Security
Cybersecurity is one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible with tools such as SIEM and endpoint protection platforms.

Read more...