Some people see security system, some see attack surface

    [fa icon="calendar"] Jul 10, 2017 5:22:47 PM / by John Gallagher

    On a Tuesday morning in 2001, it became very clear that many of our fundamental perceptions about how to conduct business would have to change, especially with regard to security. Since that day the development of new security technologies has accelerated at a rapid pace along with our expectations that people, property and assets will be protected.   Lagging behind that added protection is the security of the security systems themselves; more than ever they offer cyber-criminals opportunities to compromise an organization. 

    The last few years have, accordingly, seen growth in the recognition of the importance of a C-level title for security – the chief security officer, or CSO. While adding security to the C-suite demonstrates an organization’s commitment to safety and protection, it also designates an individual who holds the ultimate responsibility for security and is accountable for anything that might go wrong across myriad facets of an organization. 

    As a result, today’s CSOs carry a heavy burden. In addition to identifying and implementing the most effective technologies, systems, policies and practices, these professionals also own the growing scope of risk their organizations face on a daily basis – including the cyber-threats found almost daily in the news.   Needing to cyber-harden and protect the security systems themselves is a new (and sometimes difficult) reality for CSOs.

    Since 9/11, the paradigm of professional security has changed. The Internet and the growth of IP-based networked security systems have given us access to reams of data, generated by a widening range of advanced technologies, for situational awareness, risk management, event response, and communications. This flood of data is certain to continue growing, providing more reasons to look to security systems for information to which sophisticated analytics, machine learning, and data processing risk management algorithms can be applied. Slowing down this flood of data is not an option, further complicating the cyber-security issues.

    A security and surveillance network has multiple IP-connected elements – cameras, encoders, switches and storage – each of which leaves the system open to vulnerabilities.  Physical security devices are endpoints on a network, and they are attractive targets for people seeking to gain unauthorized network access. Failures in cybersecurity can allow hackers to take control of critical systems, and when it comes to video surveillance or physical access, the stakes can be especially high. Whether the devices reside on a network of their own (a best practice) or on a larger network backbone, CSOs must ensure that the security and surveillance system itself is secure.   Given the scale of most operations, automation is the only viable route for cyber-hardening.

    For the CSO, the owner of all risk within the organization, the damage done to mitigating risk and managing security programs from an unreliable or hacked system cannot be overstated. Two minutes of a recorded video can save a corporation millions of dollars in a lawsuit or keep executives safe from prosecution or incarceration in a criminal investigation. Real-time video can help pinpoint the location of an active shooter and help to save lives. Sophisticated analytics can identify an individual trying to breach the perimeter of a critical infrastructure facility and send an alert to an administrator, prompting a quick response to keep people safe from a wide range of threats. In all of these situations, it is easy to recognize the disastrous consequences that would ensure if, at the critical moment, when the video was most needed, the display screen was blank.

    Even without hackers preventing video from recording properly, the damage to the organization’s reputation can be severe.  Knowing that a botnet attack is being launched from your corporate physical security network is critical in the race against time in these situations; preventing it from happening is better still.  Hackers changing or deleting surveillance data during its retention period is another issue CSOs need to be on guard against.  Industrial espionage and

    With more than 165 million surveillance cameras already installed globally, and with more than a 20 percent annual growth rate expected moving forward, CSOS and their organizations are demanding that their security and surveillance networks always operate at peak performance.  Hackers, cyber-terrorists, organized retail crime, industrial espionage, disgruntled employees, and others are adding greatly to this burden, and thwarting such actors immediately and automatically is now a requirement.  Viakoo can help you with this mission; a good starting point is our 12-point “Securing Your Security Network” checklist.  Download it from:  http://www.viakoo.com/using-viakoo-to-secure-your-security-network/

    John Gallagher

    Written by John Gallagher