Currently, the global average cost of each network security breach is over four million dollars. This sum is the highest average total cost on record. Many security breaches go undetected and unresolved for a period, and a slow breach response typically adds to the cost.
Most cyber-attacks occur at vulnerable systems and network appliances, with network video surveillance cameras being one of the spots that are highly vulnerable to cyber-attacks. Those security breaches can happen at the camera system or the network appliances and servers associated with surveillance cameras.
Video Surveillance Security Vulnerabilities
Video surveillance cameras can be breached through unauthorized password use, authentication bypass, backdoor access, supply chain attacks, logical port attacks, and security breach on inadequately secured remote locations.
We’ll explain these in further detail now.
Unsecured or poorly maintained passwords, both at the administrative and camera level, is the primary cause of security breaches. In fact, Verkada and SolarWinds were both achieved using unsecure passwords for global admin accounts.
Passwords can be compromised in a myriad of ways, including through phishing, key loggers, password identification by trial and error, or credential stuffing. We’ll talk about them in more detail now.
Phishing – Network intruders employ phishing techniques to obtain personal information or deploy malwares to an organization’s network appliance via fraudulent emails and internet messages.
Phishing emails can be sophisticated enough to fool tech-savvy companies and trick users into participating in what they consider regular business interactions.
Key loggers – Through phishing, network intruders regularly employ a type of malware designed to track user keystrokes and report information back, specifically usernames and passwords. Once they have this information, your system has been breached.
Trial-and-error – Network intruders typically attempt common password combinations or commonly used words using fast and sophisticated software. The trial-and-error process is also related to dictionary attacks where network intruders use a surname, birth dates, pet’s name, places, or favorite colors of users they are targeting.
Credential stuffing – Network intruders are known to maintain usernames and passwords obtained from prior cyber-attacks too. Credential stuffing works because users rarely change passwords or use common and related passwords easily breached by this method.
An authentication bypass is another way video surveillance cameras can be breached. Authentication is a process that confirms a user’s identity. Confirmation is done at onsite and remote portals, client servers, network video surveillance camera ports, and when accessing networks appliances.
Authentication typically involves comparisons of user-profiles, application of encrypted passwords, and other accompanying protocols such as forms and client certificates. However, network intruders can bypass system authentication through design flaws or loopholes in the authentication process or by easily compromising weakly designed or misconfigured systems.
Backdoor Access Attack
Backdoor software access is routinely created by camera manufactures to easily gain access to their system designs for troubleshooting, repairs, or to help users when they are locked out of the system.
However, network intruders are aware of software backdoor access, and most are successful in exploiting it to breach network video surveillance cameras and appliances or servers associated with surveillance cameras.
Backdoor access attacks can come from intruder’s knowledge of manufacturer backdoor software applications or from special backdoor malwares (e.g., Trojan Horse) deployed after a network security breach.
Supply Chain Attack
A supply chain attack targets less-secure systems and portals, such as the software of vulnerable video surveillance cameras, to gain access to more secure systems and completely infiltrate the supply chain network.
Supply chain attacks are prevalent in the government and the financial sectors, where network intruders identify and exploit vulnerabilities in the supply chain network. Supply chain vulnerabilities occur due to outdated, inadequate, or improper network security measures universally employed over a large diverse network.
System Port Attack
Cyber-attacks can also occur at logical ports that send network traffic. For example, logical ports on video surveillance cameras or network appliances can be vulnerable to cyber-attacks from intruders who:
- Scan for open ports with no firewall.
- Exploit rarely monitored ports with an inadequate firewall.
- Exploit specific ports that send exposed (plain text) data.
- Identify weakly designed authentication protocols.
- Compromise ports vulnerable to malware and SQL injection (on HTTP type ports).
Remote Location Attack
Network appliances situated in remote locations can be vulnerable to physical and cyber-security breaches as well. Gates, locks, and other physical security employed may be vulnerable due to inadequate security or threats that originate from inside the facility.
Common internal threats may develop due to employee dissatisfaction, sudden termination of an employee, or corporate sabotage. In both situations, intruders can gain access to network appliances without immediate discovery.
Potential Losses and Costs Due to Video Surveillance Vulnerabilities
A network video surveillance breach can result in the immediate loss of assets, time, and customer trust. Security breaches also result in additional operational and business costs.
Loss of assets – After a breach, companies are often forced to shut down network systems and business operations, resulting in frozen assets and the immediate loss of productivity and profits.
Loss due to ransom – Ransomware attacks leave companies with two choices: pay the ransom or discard and replace the system, which sometimes includes the entire network infrastructure.
Paying the ransom may incur further cyber-attacks because network intruders may consider paying victims as a dependable monetary source. Not paying the ransom may result in increased ransom amounts on future cyber-attacks. System replacement will incur extensive capital costs and labor costs.
Loss due to increased scrutiny – Companies are typically required to report significant cyber-attacks to authorities and regulatory agencies involved with cyber-crime and financial securities.
As a result, company operations can be constrained by detailed government investigations and internal scrutiny of managers by the executive leadership. In turn, operational constraints can affect worker morale, efficiency, and short-term profits.
Loss of trust – Companies can lose the trust and respect of current and potential customers. Brand-conscious consumers can outright abandon products or drop companies due to negative publicity surrounding a severe security breach.
Cost of new assets – Companies will typically remove and replace their existing systems, buying new servers and switches for their network infrastructure. Also, they may be compelled to spend more money on cyber-security and add costly cyber-security insurance as a natural quick reaction.
Cost to future operations – Companies may add resources or divert limited resources to address damages caused by the security breach. Moreover, they may need to address customer dissatisfaction and go back to building relationships and trust, incurring additional customer relations and marketing costs just to regain brand loyalty.
Preventing Network Video Surveillance Breaches
By employing prominent best practice guidelines developed for diverse industries and taking a layered approach to network video surveillance security, Razberi effectively eliminates network video surveillance vulnerabilities.
To anticipate threats and cyber-attacks, Razberi’s CameraDefense™, ApplianceDefense™, and Monitor™ provide automated camera and network appliance hardening to protect surveillance software and network appliances associated with video surveillance and safeguards remotely located systems, respectively.
Preventing compromised passwords - CameraDefense™ monitors passwords and alerts users when it detects a common, default, or custom flagged password so that appropriate steps can be taken immediately. ApplianceDefense™ also provides an audit log to verify password changes.
Eliminating bypass and backdoor attacks – Razberi’s ServerSwitchIQ is built with an embedded Trusted Platform Module (TPM) to store RMA encryption keys for hardware authentication. CameraDefense™ blocks unauthorized IoT devices by binding cameras and other IoT security devices to the network.
Furthermore, CameraDefense™ automatically restricts camera access to whitelisted IP addresses and flags weak passwords.
ApplianceDefense™ also provides secure boot to detect tampering with boot loaders and critical operating system files by validating their digital signatures.
ApplianceDefense™ provides AI driven threat protection to prevent malwares from executing on network appliances.
The embedded software uses a patent-pending approach to malware identification, using machine learning techniques instead of reactive signatures.
Eliminating supply chain and system port attacks – CameraDefense™ blocks camera traffic to the public internet and denies un-needed and potentially dangerous network services with a next-generation firewall.
CameraDefense™ also allows for camera traffic to be “air gapped,” preventing unauthorized users from gaining access to the camera software and network appliances associated with the video surveillance system. ApplianceDefense™ provides edge network security by separating vulnerable ports and switches.
Preventing remote location attacks – Our technical support team employs Razberi’s Monitor™ to easily observe and support customer facilities and systems. Monitor™ provides a top-down view of the remote physical security and responds with solutions to address security breaches quickly.
Razberi’s Monitor™ predicts and prevents problems while providing a centralized location for IT departments to view the video data.
Razberi systems communicate using Transport Layer Security Protocol Version 1.2 (TLS 1.2) for secure, encrypted communications. TLS 1.2 is a secure communication protocol widely utilized by credit card companies to transfer payments.
TLS 1.2 users include banks and healthcare providers – organizations that require high-level security, compliant with strict federal standards that protect sensitive personal information, to encrypt their network communication.
Razberi enables access to a wide variety of the best single-vendor proprietary software and products that will help you prevent or eliminate network video surveillance breaches.
It’s easy to think a security breach won’t happen to your organization, but cyber-attacks are on the rise. And they’re getting more costly every day. To learn more about bolstering the defenses of your video surveillance system, you can watch our free, pre-recorded webinar. Or contact us today.