The dramatic explosion of video data is a staggering testament to the growth and adoption of IoT technologies. But how can this video be harnessed and used to drive intelligence? Pelco discusses this in an article that appears in IoT for All. Click here to read.
The internet touches almost all aspects of our daily lives. We’re able to shop, bank, connect with family and friends, and handle our medical records, all online. Some of activities require you to provide Personally Identifiable Information (PII) such as your name, date of birth, account numbers, passwords, and location information. Here are some simple steps to maintain vigilance when sharing personal information online to reduce the risk of becoming a victim of data loss and other cybersecurity-related crimes:
- Double your login protection
Where available, enable Multi-Factor Authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted platform or device such as a smart card (integrated circuit card), an authenticator app, or a secure token, which is a small physical device that can hook onto your key ring.
- Shake up your password protocol
According to NIST guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach.
- Be up to date
Keep your software updated to the latest stable version available. Maintain your security posture and keep your information safe by setting your security software to run regular scans.
- Play hard to get with strangers
Cyber criminals use social engineering tactics (such as phishing), hoping to fool their victims. If you’re unsure who an email is from—even if the details appear accurate— or if the email looks “phishy,” do not respond and do not click on any links or attachments found in that email. Where available, ensure digital certificates are used on emails to validate the authenticity of the sender. Use the “junk” or “block” option to no longer receive messages from an invalid/suspicious sender.
- Never click and tell
Limit the information you post on social media, from personal addresses to where you like to grab coffee, since these seemingly random details are all that criminals need to know to target you, your loved ones, and your physical belongings, both online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren’t—at any given time.
- Keep tabs on your apps
Most connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “principle of least privilege” to delete what you don’t need or no longer use. Learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.
- Stay protected while connected
Before you connect to any public wireless hotspot—such as at an airport, hotel, or café—be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi. Only use sites that begin with “https://” when online shopping or banking. For an additional layer of security, use a trusted VPN to encrypt your data in transit.
Bonus: Stay Secure While Traveling
In a world where we are constantly connected, cybersecurity cannot be limited to the home or office. When you’re traveling (whether domestic or international) it is always important to practice safe online behavior and take proactive steps to secure internet-enabled devices. The more we travel, the more we are at risk for cyberattacks. In addition to previous advice given for online privacy- use these tips to connect with confidence while on the go:
- Back up your information
Before you go, back up your critical information to another trusted device or platform in case your device is compromised.
- Keep it locked
Lock your device when you are not using it. Even if you only step away for a few minutes, that is enough time for someone to steal or misuse your information. Set your devices to lock after a short time and use strong PINs and passwords.
- Stop auto connecting
Some devices will automatically seek and connect to available wireless networks or Bluetooth devices. This instant connection opens the door for cyber criminals to remotely access your devices. Disable these features so that you actively choose when to connect to a safe network.
- Guard your mobile device
To prevent theft and unauthorized access or loss of sensitive information, never leave your equipment—including any USB or external storage devices—unattended in a public place. Keep your devices secured in taxis, at airports, on airplanes, and in your hotel room.
Learn more about Pelco’s commitment to cybersecure surveillance solutions.
Cybersecurity is one of the top concerns for anybody working in the IT space, which increasingly includes surveillance professionals. The proliferation of internet-connected devices has offered more entry points for cybercrime and put more pressure on organizations to bolster their defenses.
The challenge for organizations is not only to place strong technical measures to protect the ever-increasing number of connected devices, but to educate employees, customers, and other stakeholders about the fact that any connected item presents a potential vulnerability. Many people who take necessary precautions when operating online do not realize that they need to be similarly vigilant when dealing with a connected refrigerator, television or light fixture.
And with the ongoing transition from closed-circuit surveillance systems to cloud-based systems, the prospect of cyberattacks on key security infrastructure has become a major pain point for any organization that relies on video surveillance solutions.
Pelco seeks to provide the greatest possible security by prioritizing cybersecurity at every stage of the development process, ensuring that every new product is crafted through a cybersecurity lens.
Limiting Port Access
Ports are doorways into different devices. Each port is a potential entry point for a cyberattack. In the surveillance industry, each device has the capacity for over 65,000 different ports, but it’s in the interest of users to keep the number as low as possible. Pelco dramatically reduces the probability of breaches by limiting its devices to two ports, making them far easier to secure against attempted breaches.
Some competitors make themselves more vulnerable to attacks by constantly running universal plug-in-play. Many also similarly have open file transfer protocol services, another potential breach point. Pelco distinguishes itself from other surveillance providers through the absence of such vulnerabilities.
Pelco has a dedicated team of cybersecurity professionals who keep tabs on the ever-evolving population of viruses, malware, ransomware, and other bad actors that pose risks to surveillance operators.
Similarly, Pelco continuously monitors the National Vulnerability Database, an online repository set up by the U.S. federal government that identifies software flaws, misconfigurations, and other problems in the IT landscape that can be exploited by cyber-criminals if they are not quickly addressed.
The use of encryption provides a means to ensure that the confidentiality and integrity of sensitive information is properly maintained. Encryption is perhaps the key technical challenge of securing a video management system (VMS) and the broader IT network to which it connects. The overarching goal for surveillance providers should be to provide end-to-end encryption, from the cameras to the recorder to the work station. There is still significant work to be done in this arena across the industry, largely due to the limited processing capability of video cameras.
Pelco is at the forefront of innovative encryption practices. Currently the company is focused on bolstering encryption of configuration, back-end management, and client access communications. The next step will be to develop greater encryption capabilities for the video feed.
Secure Technical Implementation Guideline
For our flagship system, VideoXpert Professional, each quarterly software release is rigorously tested to ensure that it meets both federal compliance guidelines and our own higher cybersecurity standards. On both the Beta version and the final release, we conduct a vulnerability scan, combing the system for potential security issues.
Just as important, when a release is pending, we will set up a system that is representative of a typical federal environment. We then identify an appropriate set of configuration rules for hardening a system, otherwise known as a Secure Technical Implementation Guideline (STIG). We apply the STIG and conduct a compliance check to ensure that the STIG does not interfere with functionality.
We conduct these two key quality assurance steps –– a vulnerability scan and a STIG compliance check –– at least twice every quarter. These configuration benchmarks ensure that VideoXpert is not only compliant with regulations that govern how information is handled within a federal landscape, but also maintains its full functionality within the strictest of environments.
We consistently monitor the National Vulnerability Database, and we also vigilantly watch for updates or changes to government legislation and standards such as the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST). Additionally, we provide documentation and guidance specific to its implementation of these standards and how they are securely configured.
Pelco is also one of the only video surveillance providers with a stance on NDAA. Click here to learn more.
Building a Culture of Cybersecurity
More important than any technical feature is Pelco’s commitment to integrating cybersecurity into every part of the business. Our mission is to build cybersecurity into our internal processes so that we are always a few steps ahead of those who would seek to do harm.
That’s why our cybersecurity team works in tandem with our engineers at every stage of product development, making for a truly secure software lifecycle process. In addition to investing resources in cybersecurity on the back end, we seek robust collaboration to keep security systems safe.
Why do we focus so much on cybersecurity? Simple: it protects your valuable data and contributes towards a safer future.
Learn more about our full range of video surveillance solutions here.
In a physical security crisis, the time delay caused by humans needing to manually pull up the appropriate sensor or camera data, make an accurate decision, and then launch the appropriate response can mean the difference between safety or a major crisis.
Cyber-attacks are also a mounting threat in nearly every industry. The past year alone has seen a major increase in cyber-attacks on government agencies, banks, and other major businesses.
While physical security has existed since time immemorial, the advent of cybersecurity affects the way incidents like shootings and robberies take place; before the advent of video surveillance, places could only be secured by guards and locks. In today’s age, however, it’s no longer uncommon for an intruder to carry out a double-pronged attack that results in physical damage and data loss.
To combat breaches like this, businesses of all kinds need intelligent surveillance solutions that can automatically detect potentially disastrous events and alert them to personnel so the risk of danger is eliminated or significantly minimized.
Taking a proactive approach to cybersecurity mitigates risks, protecting you and your data to keep you safe.
Pelco’s VideoXpert VMS bridges the gap between cyber and physical security by automatically tracking suspicious activity such as a person entering an IT room after hours. The VMS will proactively alert appropriate personnel immediately upon accurately detecting such incidents, which increases the chance that the suspect in question is apprehended and data loss is mitigated. VideoXpert effectively and greatly reduces the time delay that can be caused by operators having to manually pull up the relevant video feed, accurately detect an incident, and launch the appropriate response measures.
Before the age of video surveillance, it was particularly challenging for security personnel to accurately confirm the identity of a person walking into a restricted area like a control room in an airport. Now that such areas contain sensitive data, integrations with facial recognition software such as Rec Faces can quickly detect unauthorized persons posing as employees, which can significantly reduce response times and data loss.
This feature can also be particularly useful in healthcare facilities, where patients expect their medical information to be in safe hands. When cyber-attacks occur, it can affect the reputation of such environments, which can lead to liability-related costs and overall revenue loss. Facial recognition technology can help security professionals prevent or reduce the chance of imposters posing as healthcare professionals.
Learn more about Pelco’s innovative offerings here.
Almost daily there is a new cyber-threat announced. A recent Fortinet survey showed that over 50% of CISO’s said their greatest security challenge is the rapid evolution of cyber threats. This should be no surprise, as cybercrime has damaged revenues and reputations at many well-known organizations. In a study from the Ponemon Institute in October 2016 they found the average cost of cybercrime for a company to be $9.5M (up 21% from their 2015 study).
For those in the physical security industry, this is cause for concern. With more and more systems migrating to the network, there’s no question that cyber-attacks targeting, using or manipulating physical security systems will rapidly increase and evolve in complexity. Devil’s Ivy is a good example of this evolution. As the community finds ways of addressing denial of service botnets like Mirai and Persirai, hackers are creating a completely new way to use camera devices for their purposes.
You can expect new physical security attack vectors to continue emerging rapidly. The reason for this is simple: cyber-criminals need an element of surprise to be successful initially; once their exploit is known, organizations will develop defenses against it. That’s why it’s critically important to constantly verify and authenticate your infrastructure, and to establish automated processes and procedures that supersede the human element. If the processes are ignored or broken, this also needs to be detected so that the “shields” never go down leaving the company vulnerable.
The rising threats have led to a sharp increase in compliance regulations for the physical security industry. For example, security professionals in the retail vertical discovered that cyber-criminals were inserting “skimmers” at point of sale (POS) terminals to capture credit card information. In response, the industry began requiring video surveillance to be deployed at all POS terminals to document incidents and identify criminals. This trend will continue to grow with the increase of cyber threats. To keep ahead of the criminals, it is vital to include physical security in your audits – in fact it is the only way to be prepared for the next inevitable attack.
To understand where to look and what to look for, start by asking these questions of your security integrator, Director of Security and CSO:
- What new technologies have you brought on board to address cyber threats?
- Why are most methods of checking for cyber breaches not automated?
- Are there controls in place to alert us to abnormal behavior in our physical security network?
- What automatically gathered metrics are we using to verify at any moment proper functioning of our physical security network?
Not being able to answer these questions could mean disaster for your business. The good news is there is a lot of innovation and development right now in the physical security industry to conquer these threats. Security integrators are delivering new solutions and methods for verifying physical security systems, and end users are more eager than ever to work with integrators to eliminate cyber threats. It may be impossible to stop criminals from searching out vulnerabilities – but you can do a great deal to make sure they don’t find any on your network.
John Gallagher is the VP of Marketing at Viakoo, based in Mountain View. Viakoo is an industrial IoT company, with their first product focused on automated physical security system and data verification. They address the scale issue with industrial IoT in how they cost-effectively handle large numbers of edge devices coordinated in a workflow across the network. Their automated solution is used by leading organizations like SanDisk, Nationwide Children’s Hospital, JFK Airport, Drexel University, Cleveland Indians, and others.