Mission-critical: the cybersecurity ‘trust marks’ to look for in your vendors
By Uri Guterman, Head of Product & Marketing for Hanwha Techwin Europe
Recent events have renewed the focus on cybersecurity for all organisations. Criminals sought to cash in on the impact of the pandemic and mass remote working at home. In Europe, there were 304 significant malicious attacks in 2020, more than double the number of hacks in 2019. Then there’s the increased risk of cyberwarfare in the wake of the Russian-Ukraine war. John Edwards, the UK’s information commissioner has stated that we are in a new era of security and firms need to step up their vigilance against state-sponsored hackers.
Cameras are a target
Simultaneously, the increased use of connected devices including IP cameras and Internet of Things (IoT) sensors, is creating more opportunities for hackers to cause damage. Today’s cameras are extremely advanced and carry the latest firmware. However, legacy devices must be kept up to date if they are to not provide a route in for hackers.
The unfortunate truth remains that although many organisations invest in their physical security systems, they don’t always realise that their video surveillance and IoT devices can be back doors exploited by malicious actors. Compromised cameras and other connected devices can become a foothold to launch an attack on a network, a technique known as pivoting. Malicious actors can also look at confidential information through footage, using this to blackmail an individual or organisation or steal trade secrets.
Responsible camera manufacturers are tackling these concerns head-on through their technology (software and hardware), training, collaboration with customers, and formal accreditations that highlight the security of their processes and solutions.
Looking for a few key ‘trust marks’ can make all the difference to your surveillance system’s cybersecurity.
The National Defense Authorization Act 2019 (NDAA) is a good starting point. This U.S federal law prohibits federal agencies and their contractors from using video surveillance equipment from a number of named companies. A vendor that is NDAA compliant, therefore, shows the requisite standards for federal agencies — an extremely high level of security and due diligence that should put all other organisations and government entities at ease. Hanwha Techwin supports NDAA compliance across its product line and is committed to complying with all government and international trade regulations. There are also signs that European governments are thinking of adopting similar legislation.
Core to product design
A supplier who designs their products with cybersecurity in mind will have certifications like the UL Cybersecurity Assurance Program (UL CAP). They will have more stable and secure systems, with regular maintenance and patches to ensure vulnerabilities are proactively mitigated. Hanwha Techwin is among only a handful of manufacturers within the video surveillance industry that has achieved the UL CAP certification for its products. Secure by Default is another certification mark that shows a product is cyber and network-secure by default, without needing to apply network hardening to it.
You should also look for ISO 27001 certification — which is tough for vendors to achieve and maintain, with its requirement for continual improvement. It gives a guarantee that the vendor handles information security with the utmost importance. Hanwha Techwin’s information security system has been ISO 27001 certified.
Emergency response to cybersecurity threats
The number of resources and research that a vendor dedicates to staying ahead of the latest threats will tell you exactly how secure their camera systems are — and how secure they’ll be in the future. If a vulnerability is discovered, reacting with speed is business-critical. Those with dedicated resources will be faster in responding to cybersecurity threats.
Hanwha Techwin’s S-CERT team (Security Vulnerability Response Center), a unique function in the sector, is dedicated to designing proactive safeguards against unauthorised device access and intrusion, as well as promptly addressing any security vulnerabilities.
The most secure vendors educate their extended network, such as their users and installers to ensure software and hardware are constantly upgraded to combat emerging threats. All hardware needs to remain up-to-date with the latest firmware and security patches.
The human element can also be exploited and responsible suppliers will provide training and practical guidance on how to keep a system secure and avoid social engineering attacks like phishing.
The consequences of getting it wrong
The stakes are high for all organisations dealing with data, particularly the kind of sensitive, personally identifiable data that cameras and other sensors can capture. The financial costs of a data breach are significant ($4.24 million on average, per breach, in 2021 — the highest in 17 years). There’s also the damage to reputation, operations, and trust to consider.
As Stephane Nappo, the Chief Information Security Officer of Société Générale once said, “It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”
A true cybersecurity partner
That’s why it’s imperative to work with a supplier that has a singular dedication to cybersecurity (with the credentials to prove it), earmarked resources to remain on top of threats, and that works with its users and installers to improve their cybersecurity knowledge as well.
Although no system can be 100% secured against cybersecurity threats, with Hanwha Techwin as your partner, you can rest assured that we will do whatever we can to detect and mitigate threats and vulnerabilities.
With IP cameras now the norm, the video surveillance industry must do more to combat cyber-threats through technology, skills and certifications. But many are struggling to get ahead of this. Working with Hanwha Techwin, you can rest assured that you’re in safe hands.
To find out more about how Hanwha Techwin is protecting your data, read our cybersecurity commitment.