Cybersecurity has become part and parcel of everyday life. Over the past few years, the region’s online marketplaces have been expanding with an annual growth of 12 percent and are increasingly becoming the targets of sophisticated cyberattacks, in particular Saudi Arabia and the United Arab Emirates.
A report by Mimecast found an increase of 75 percent in phishing or impersonation attacks in the UAE – with 77 percent of those organizations having taken a direct hit in the form of loss of customers, financial loss, and data loss. According to an IBM report, a data breach in the Middle East costs an average of $6.52 million.
With the steady increase in networked devices as part of Internet of Things (IoT), there are now even greater opportunities for would-be hackers to compromise systems.
One particular vulnerability that surrounds the use of video management systems (VMS) and connected devices is complacency. Despite the rising occurrence of data breaches, awareness of the needs of tighter security when installing and using a VMS is yet to catch up. It must be stressed that even the most basic of security errors can ultimately place a system in jeopardy.
Security integrators must keep abreast of the issue by understanding new risks and how to secure a VMS and connected devices.
In fact, video may capture individuals at events or scenes that could establish political involvement, for example. This is a type of data categorized as ‘Sensitive Personal Data’.
Organizations cannot collect data simply on the basis of ‘just in case’. There must be a legitimate reason for collecting and storing VMS data. And it must also be ‘reasonable’ in relation to that purpose.
Ensuring a video operation that is compliant with your local data privacy regulations is about taking three crucial steps.
First, make sure the VMS is SIRA (Security Industry Regulatory Agency) and ADMCC (Abu Dhabi Monitoring & Control Centre) regulations compliant and approved.
Second, systems integrators must ensure privacy by design by applying the correct overall system design, system configuration and physical installation of cameras and other devices.
Last, end users must define and follow procedures and processes as to how video data is stored, handled and shared.
That’s why training is so vital. People are still the weakest link in any security system. Even if maintenance teams are taught to avoid switching off the firewall and to configure anti-virus software correctly, all of that instruction can be undone by a password written on a piece of paper.
Training needs to reach people across the organization. It must be tailored such that individuals understand some of the unique security risks that come with VMS and the sensitive data that can be collected.
Another aspect is to consider the updates and security accreditations of the VMS itself. The software should also be Secure by Design wherein security is at the heart of a developer’s mindset when they approach a task. If the VMS provider can illustrate that secure implementation is a priority, then VMS cybersecurity is going to be built on robust foundations.
Regular updates become even more vital in The Fourth Industrial Revolution, the name given to the current environment in which technological advances and innovations are changing the way in which we live. In some respects, the IoT poses the biggest cybersecurity risk today. There are too many unknown devices connected to networks with no standardization around security.
One solution for this is to use a VMS supporting dual networks wherein IoT devices are connected to a completely locked-down network and information generated from these devices is then proxied via the recording server.
Part of this should be the responsibility of the solution manufacturer who must regularly update the VMS to mitigate threats. By keeping a step ahead in terms of VMS cyber security, systems will be made less of a target.
In terms of top tips on this subject, it’s really all about awareness, hardening, training, privacy and regular updates.