Be prepared for these three cyber threats

CCTV Handbook 2017 Editor's Choice, Surveillance, Information Security, Integrated Solutions

When talking about information security, CIA stands for Confidentiality, Integrity and Availability. It is a model designed to guide efficient information security policies within an organisation.

J.O.S. Svendsen, Milestone Systems.
J.O.S. Svendsen, Milestone Systems.

• Confidentiality is roughly equivalent to privacy. This means ensuring that the VMS infrastructure is only accessed by the right people.

• Integrity entails maintaining optimal consistency, accuracy, and trustworthiness throughout the entire data life cycle.

• Availability is best ensured by designing the entire infrastructure to be as robust as possible. It also means maintaining a correctly functioning operating system and continuously updated application environment.

A person or organisation with malicious intent can harm or sabotage a VMS system in several ways. This means that people or assets could be at risk.

Hijacking can happen

A VMS system can quite easily be hijacked, by form of remote control with malign intent or for ransom or espionage purposes. A breached VMS-system’s data and recordings can be used in an array of negative contexts. User accounts, camera placement or general VMS data can be used as a stepping stone to get closer to an organisation’s total infrastructure.

If the location and capabilities of all cameras and alarms are known, it is easy to plan a break-in. And you’re not likely to discover it in the process: Spies do their utmost to avoid detection, as this would lead to countermeasures.

Some of the biggest cybersecurity risks include the following.

Systems with bad perimeter defences

Today’s VMS systems are often part of a business IT infrastructure. A successful attack in one part of the infrastructure might lead to confidentiality breaches in other parts. Therefore, it is generally recommended to isolate VMS systems from the rest of the IT infrastructure: If you can’t get to a system, you can’t harm it.

If the VMS system needs integration to other systems, it should be done via a secure bridge. Software should always be updated to the latest versions, as all serious software vendors will update it as new security threats are discovered.

It is important to remember that this not only goes for computers: All cameras, mobile clients and NVR systems need the same level of attention and precautions. In these cases, it is vital to be able to document the entire security infrastructure to ensure that no devices or computers have slipped under the radar.

Any system functions not needed for visual security should be shut down, like browsers, mail clients and file transfers. Again, if you can’t access a function, you can’t harm it.

This also means that access to the Internet should be avoided for any device in the VMS infrastructure. In the case of mobile clients, ensure that the mobile server is secured.

Stolen identities

It does not help to have a well-defended VMS system if anyone can guess user accounts and corresponding passwords. A password policy for VMS systems and mobile devices needs to ensure that all necessary passwords are changed regularly.

Depending on the system, stronger types of user identification might be used. Two-level authentication (where a user is identified by more than just a password) is a way of securing the system even further. Biometric identification in combination with a password gives an extra layer of security.

The inside factor

People are an organisation’s biggest asset. In some cases, they also pose a risk. As organisations implement increasingly sophisticated physical and cybersecurity measures to protect their assets from external threats, the recruitment of insiders becomes a more attractive option for those attempting to gain access.

An insider is a person who exploits or intends to exploit their authorised access to an organisation’s assets for unauthorised purposes. It could be a full-time or part-time employee, a contractor or even a business partner. An insider could deliberately seek to join your organisation to conduct an insider act or be triggered to act at some point during their employment.

Employees may inadvertently trigger security breaches by ignoring rules or through non-compliance due to the work pressure or an oversight.

Physical access controls to VMS-systems should be in place, as should procedures for screening personnel. It is essential that all staff be trained in security measures. A second security system securing the primary security VMS system is becoming a more relevant option as VMS systems turn increasingly business critical.

It is important to harden all VMS systems as much as possible, by following the general guidelines as outlined by CERT (https://ics-cert.us-cert.gov/Standards-and-References, short URL: securitysa.com/*ics) and the Milestone Hardening guide (http://news.milestonesys.com/is-your-network-secure-hardening-guide-for-deploying-milestone-ip-video/, short URL: securitysa.com/*msys1).

A good place to get more informed about all aspects on cybersecurity is the Microsoft cybersecurity blog (https://blogs.microsoft.com/microsoftsecure/category/cybersecurity/cybersecurity-policy-cybersecurity/, short URL: securitysa.com/*mscs1).



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

2025 video surveillance market set for improved fortunes
News & Events Surveillance
Novaira Insights has unveiled its latest report, World Market for Video Surveillance Hardware and Software – 2025 Edition, forecasting a healthy growth rate of 8,1% until 2029, excluding China.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Winners of the 2025 Southern Africa OSPAs
Editor's Choice
The winners of the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs) were revealed on Wednesday, 4th June, at Securex South Africa. Winners from all categories (except the Lifetime Achievement) will be featured in the second Global OSPAs set to take place in 2026.

Read more...
Deepfakes and digital trust
Editor's Choice
By securing the video right from the specific camera that captured it, there is no need to prove the chain of custody for the video, you can verify the authenticity at every step.

Read more...
A new generational framework
Editor's Choice Training & Education
Beyond Generation X, and Millennials, Dr Chris Blair discusses the seven decades of technological evolution and the generations they defined, from the 1960’s Mainframe Cohort, to the 2020’s AI Navigators.

Read more...
Next generation of AI-powered video telematics
IoT & Automation Surveillance Transport (Industry)
Webfleet, Bridgestone’s fleet management solution in South Africa, has launched Webfleet Video 2.0, an AI-powered solution designed to enhance fleet safety, security, compliance with local regulations and operational efficiency through real-time video insights.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
Key design considerations for a control room
Leaderware Editor's Choice Surveillance Training & Education
If you are designing or upgrading a control room, or even reviewing or auditing an existing control room, there are a number of design factors that one would need to consider.

Read more...
Smart cities and the role of video security
Surveillance Integrated Solutions
As cities around the world continue to embrace smart technology, including IoT that not only connects to people, but also the surrounding activity, the integration of advanced video security systems is crucial to ensure safety and efficiency in environments.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.