Cybersecurity is not enough

March 2019 Cyber Security

Cyberattacks targeting IoT devices and consequently video systems as well are growing more frequent at an unprecedented rate. The things users should consider in their security strategy are highlighted in an information package from the Regensburg-based video equipment manufacturer with information and specific recommended measures. They show that the essential aspects extend beyond the classic instruments of cybersecurity.

Security specialists at many banks in several different countries were undoubtedly completely blindsided in 2013 when Russian hacker groups stole a sum totalling more than a hundred million euros in the course of the Carbanak campaign.

In these attacks, surveillance cameras inside the financial institutions were compromised, allowing the perpetrators to secretly view screen contents and keyboard entries and identify employees as spear phishing targets from their name tags or employee IDs, for example. Video systems also make excellent targets in Denial-of-Service attacks, as was demonstrated by the infamous Mirai and Persirai campaigns.

From planning to trust in the manufacturer

If a company wants to protect itself successfully from attacks of this kind, it is essential to implement a fully comprehensive strategy. Dallmeier identifies five crucial aspects which must function in harmony: consideration of security issues as early as the planning phase, integration in the IT strategy, cybersecurity functions in the systems, data protection, and the credibility of the manufacturer.

Due consideration of security questions should be included in the planning stage, for example by intelligent use of 3D technology. Secondly, it is important to ensure that the planned system is consistent with the company's IT strategy: More and more often, essential resources such as server capacities, or even the entire video security system fall within the purview of the IT department.

For the actual core function of cybersecurity, it is important that systems are equipped with all the requisite IT security functions, from hardened operating systems to capabilities for separating networks and up to and including encryption technologies and attack detection capabilities.

The fourth aspect should really be practically self-evident since GDPR came into effect, that is to say consideration of data protection issues. Finally, customers should also think very carefully about the manufacturer itself: What steps are taken to safeguard the systems during development and production, is the manufacturer potentially exposed to political pressure, and what provisions are made for security aspects when integrating the systems with each other and integrating third party systems?

The manufacturer's information package is intended to provide answers to these and other questions and with a Best Practice Guide, offers an extensive collection of practical tips and configuration notes for IT and security officers and administrators.

Those who are interested can find the information package by following this link: https://www.dallmeier.com/ls/cybersecurity




Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The enemy within – insider ­security threats
May 2019, Wolfpack Information Risk , Editor's Choice, Cyber Security, Financial (Industry)
Insider threats in today’s financial world are insidious and destructive and your defence against insiders should start long before the person assumes his/her position.

Read more...
LoJax: Be very careful
May 2019 , Cyber Security
Even replacing drives won’t kill this malware, which is still active more than nine months after researchers from Arbor Networks detailed it.

Read more...
Assessing impacts: The meteors of security and AI
May 2019 , Cyber Security
As security threats evolve and artificial intelligence pervades, what impact are they set to have on business over the next year?

Read more...
Visibility is key, and lacking
May 2019 , Editor's Choice, Cyber Security
Cybercriminals are most likely to be caught on servers and networks, but detecting their time and point of entry remains a mystery.

Read more...
The benefits of machine learning and UEBA
May 2019 , Cyber Security
Combining accurate and essential user behavioural data with machine learning allows you to more accurately monitor your users on an endpoint-by-endpoint basis.

Read more...
Insiders: who are they?
May 2019 , Security Services & Risk Management, Cyber Security
The 2018 Insider Threat Report by Cybersecurity Insiders reports that more than 51% of companies are concerned about unintentional insider attacks.

Read more...
Securing the Industrial Internet of Things
May 2019, Axiz , Cyber Security, IT infrastructure, Industrial (Industry)
The very benefits that makes the IIoT so compelling, makes it equally capable of damaging infrastructure operations and processes through bad actors.

Read more...
Hybrid cloud and hyper-converged data protection
May 2019 , IT infrastructure, Cyber Security
Arcserve Unified Data Protection extends disaster recovery and backup technologies to prevent downtime and data loss for hyper-converged and SaaS-based workloads.

Read more...
Vivotek strengthens cybersecurity
May 2019 , CCTV, Surveillance & Remote Monitoring, Cyber Security
Vivotek has announced the availability of comprehensive protection in its Cybersecurity Management Solution under the strategy of its 'Security within Security' campaign.

Read more...
Scammers target job seekers
May 2019 , Cyber Security
Kaspersky Lab experts detected a blast of sophisticated spam emails in the first quarter of 2019, featuring fake job-offers that seemed to come from HR recruiters in large corporations.

Read more...