A shared responsibility

November 2018 Information Security, Surveillance

Nothing man-made is ever 100% secure. Intentional backdoors are bad design and show a significant lack of understanding around the basics of a cybersecure world. In addition, programming mistakes can not be avoided completely.

Cybersecurity is a shared responsibility, none of the stakeholders in the market can fight cybercrime alone, we all need to work together to get ahead in the cyber game. Let’s take a look at the different responsibilities of the different stakeholders.

The user

The main responsibility of the user is to pay for cybersecurity measurements. This can either be done in a ‘DIY’ way, meaning the IT department applies fixes themselves, or to pay an integrator/installer to look after maintenance. A system’s lifespan is easily 10-15 years. Assuming that nothing needs to be done to keep the system in good shape is very short sighted.

The integrator/installer

This stakeholder plays an essential role in the cyber game. The integrator/installer needs to ensure that all his/her own devices, laptops, mobile devices etc. are patched with the latest updates for the OS and run a sophisticated virus scanner. Selected passwords should be complex enough and individual at least per customer and site. The general habit to use one master password to make the service of the devices easier has to be avoided.

Remote access to installations should be limited and all devices being connected to the customer’s system should be checked very carefully for viruses to avoid any kind of infection.

Without maintenance the cybersecurity will very likely decrease over time. The probability is almost 100% that a vulnerability will be found in the system’s context, meaning the OS, the software or the hardware.

The consultant

Another essential component is the work of the consultants, the ones specifying the components for security systems. They need to not only specify the right product features and properties, they also have the responsibility of specifying ongoing maintenance.

The distributor

For a pure distributor, the topic of cybersecurity is very simple. They are just handling the logistics and do not touch the product itself. However, value-add distributors need to consider the same aspects as integrators or installers do.

First and foremost, transparency is key: They need to let their customers know what they are buying. Without this transparency it is typically the price which influences the customer’s buying decision the most. They also need to guarantee to supply firmware upgrades in case of vulnerabilities from their original supplier. The habits of the industry show that a detected vulnerability in the original suppliers’ devices is typically, not fixed in the devices of their many OEM partners.

The manufacturer

Manufacturers’ responsibilities are relatively simple to understand:

• Do not include any intentional aspects, like backdoors, hard coded passwords etc.

• Supply the right tools to make cyber management for many devices as simple and affordable as possible.

• Record relevant aspects in hardening guides or other documentation.

• Enable the use of standard mechanisms make devices as secure as possible.

• Inform the partners and channel about vulnerabilities and available patches.

The consumer

Our own behaviour is also a key aspect to a cyber mature mindset. How often do we change the router’s password? How complex are our own passwords? Do we use different passwords or one master password for most of the applications? Lazy user behaviour is still one of the biggest benefits for hackers. Simple to guess passwords and ones that are used across all logins put consumers at risk of having their accounts hijacked.

One stakeholder alone cannot accomplish the mission to make and keep a system cyber secure. Only by having all stakeholders take responsibility for keeping data safe will we be successful in fighting cybercrime.

For more information contact Axis Communications, +27 11 548 6780, [email protected], www.axis.com


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Pentagon appointed as Milestone distributor
Elvey Security Technologies News & Events Surveillance
Milestone Systems appointed Pentagon Distribution (an Elvey Group company within the Hudaco Group of Companies) as a distributor. XProtect’s open architecture means no lock-in and the ability to customise the connected video solution that will accomplish the job.

Kaspersky finds 24 vulnerabilities in biometric access systems
Technews Publishing Information Security
Customers urged to update firmware. Kaspersky has identified numerous flaws in the hybrid biometric terminal produced by international manufacturer ZKTeco, allowing a nefarious actor to bypass the verification process and gain unauthorised access.

Responsible AI boosts software security
Information Security
While the prevalence of high-severity security flaws in applications has dropped slightly in recent years, the risks posed by software vulnerabilities remain high, and remediating these vulnerabilities could hinder new application development.

AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.

NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

iOCO collaboration protection secures Office 365
Information Security Infrastructure
The cloud, in general, and Office 365, in particular, have played a significant role in enabling collaboration, but it has also created a security headache as organisations store valuable information on the platform.

Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

Storage Selection Guide 2024
Storage Selection Guide Surveillance
The Storage Selection Guide 2024 includes a range of video storage and management options for small, medium and large surveillance operations.

Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.

On-camera AI and storage create added benefits
Elvey Security Technologies AI & Data Analytics Surveillance IoT & Automation
The days of standalone security systems are long past, and the drive is now to educate system integrators, installers, and end users on the return on investment that can be derived from intelligent, integrated BMS, IoT and security systems.