Eagle Eye Networks

The 4 Cyber Security Risks for Video Monitoring Centers

November 2, 2017 Eagle Eye Networks

The-4-Cyber-Security-risks-for-Video-Monitoring-Centers-rsz

Video Monitoring Centers are taking unnecessary cyber security risks daily just by working with video surveillance providers that are not cyber secure. But just because the video surveillance market stays behind the times on cyber security, does it mean the Video Monitoring Centers should, too? Read further to understand the 4 Cyber Security risks Video Monitoring Centers are facing on a daily basis and how they can minimize those risks.
The-4-Cyber-Security-risks-for-Video-Monitoring-Centers-rsz

‘Slippery Slope’

Video Monitoring Centers currently engage with unsecure cameras every day. A monitoring center engaging with unsecured cameras is like a payment provider accepting unsecured credit cards. Imagine if Amazon accepted unsecured credit cards just because Visa and MasterCard did not bring secure cards to the market. This would never happen. It’s one of the main reasons why Bitcoins are not accepted on a wide scale basis yet by big players*. With Bitcoins, there is a conscious choice not to walk down that slippery slope. As industry leaders, monitoring centers (should) take the responsibility of only working with highly secured cameras. If monitoring centers keep working with unsecured cameras, they are risking their reputation that took years to build. The video monitoring industry needs to take this position as well and declare unsecure cameras as ‘non-serviceable’.

The Ignorant Watcher

Before they arrive at the video monitoring center, unsecure IP video surveillance cameras can be hacked or manipulated by anyone who wants to interfere. For this reason, Video Monitoring Centers must work solely with highly secure video streams. Can you imagine losing important footage that you’re supposed to be watching? Video Monitoring Centers are industry leaders, and they should train, teach, and facilitate their customers with secure solutions. An industry leader shouldn’t request the login credentials to IP cameras and guarantee they’ll be watched. How do we know they’re actively monitoring the correct footage? This is called ignorant watching – monitoring the cameras but not caring if it’s the proper footage, as long as the task is performed. That’s not what this industry wants. We want to create an ecosystem where security is a critical part of its foundation and anyone joining the ecosystem needs to comply with certain ground rules. It’s unethical how many new market incumbents do not care about security. The only way for video monitoring centers to start becoming educated watchers, as opposed to an ignorant watcher, is to enforce security companies to comply with certain ethics.

Maslow’s Illusion

If you look at any well-developed market, ‘security’ and ‘safety’ messaging are key factors defining what differentiates market leaders from market followers. Just to name a few examples: Volvo promises you the safest car, Visa promises you the safest money transfer, Amazon promises the safest purchase, United Airlines the safest flight and Apple the safest mobile app experience. All of those industry leaders have security as the core messaging. To understand the ‘why’ we need to go back to Maslow’s Hierarchy of Needs***, which depicts that safety and well-being is the second-ranked natural ‘need’ for human beings. So, to reach any mass market, safety needs to be ensured by design for whatever product or service produced. Translated to video monitoring, this means that no video monitoring service will reach the mass market unless it’s guaranteed ‘safe and secure.’ Currently the video monitoring market is in a state called, ‘Maslow’s illusion’ – the industry believes it has crossed the bridge of providing a safe & secure feeling to its customers, but in fact, it has not. Every day, customers are being confronted with cyber security breaches in cameras, hacked video monitoring systems, and stolen footage. Even though security industry leaders think they’ve crossed the bridge, customers still feel a high level of insecurity when thinking about video monitoring. Until ‘safety and security’ is put first by Video Monitoring Centers, the industry will continue to be doomed to as a niche market.

At Eagle Eye Networks, we preach ‘Security-as-a-Strategy’ every day, for every decision, and for every development. But as in any segment, we can only succeed when the ecosystem we’re part of succeeds. So the risk of not having security as a strategy across the board is that we keep operating in a niche market because the consumer just doesn’t dare to become part of our threatened ecosystem.

Compliance or fines?

The security industry has recently been frightened by the new European legislation ‘GDPR’, General Data Protection Regulation****. This new European law, effective May 2018, dictates how to treat the privacy and security of consumer data. However, most video monitoring products and services are NOT close to being in compliance with this new legislation, and will not be by the time the law is active. So, what risk does this bring to Video Monitoring Centers? How can they guarantee compliance with GDPR when their suppliers are not compliant? They can’t. They just need to accept that as of May 2018 they will not be 100% compliant, risking fines that could go up to 4% of their annual revenue. It also means that an active approach is needed in the coming years to make sure Video Monitoring businesses are built in a compliant manner. And, it means securing partnerships with companies that have security as a core strategy of their operations because any business is as compliant as the weakest partner.

Without prejudice (I am writing this article as Technical Director of cloud video provider Eagle Eye Networks), I firmly believe that the only valid option is to partner with strong, global, and financial healthy cloud video providers who take ownership to secure video monitoring end-to-end by continuously investing in security by design.

Conclusion

Why do video monitoring centers still facilitate unsecure cameras? It’s teaching the market that they can keep producing, buying, and selling unsecure cameras, when the opposite needs to happen. It’s time to put on a united front and hold our leaders responsible for stepping up and making video surveillance monitoring safe. At Eagle Eye Networks, we have started speaking out about our solution, security as a strategy. Will you join us?
Any comments or feedback to this article? Follow me on LinkedIn and join the discussion.
Written by Tijmen Vos – Technical Director, Eagle Eye Networks

======

*For more information on why Bitcoins will ultimately fail, read this article of Mark van Rijmenam: https://www.linkedin.com/pulse/why-bitcoin-ultimately-fail-what-come-next-mark-van-rijmenam/

**Photo reference http://www.istockphoto.com/nl/foto/security-system-operator-looking-at-cctv-footage-at-desk-gm622214926-108914051

***To read more about the Pyramid of Maslow, go to https://en.wikipedia.org/wiki/Maslow%27s_hierarchy_of_needs

****More information on GDPR, General Data Protection Regulation, can be found here: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Other posts that might interest you

loading

145,000 DVRs Compromised

Several articles, including one by the Wall Street Journal, have recently reported that approximately 145,000 hacked DVRs and cameras were used to create some of the largest denial of service…

September 30, 2016 Eagle Eye Networks

Are You Afraid of Your DVR?

You should be if it's connected to the internet. It could be the doorway for hackers to access your entire network. Once a DVR is compromised, it can be used…

October 31, 2016 Eagle Eye Networks

DDOS Cyber Attacks Update

Last week hackers forced Brian Krebs to take down his security journalism site because of a large scale Denial of Service Attack - likely one of the largest ever seen.…

September 29, 2016 Eagle Eye Networks