Cyberattacks against networked security devices have again become a major issue facing security players. The DDoS attack last year spoke volumes of the damage that these attacks can wreak on the society. As such, cybersecurity is set to take the center stage in the security industry this year.
“2017 will be a year of awareness about cyber security and accountability,” said Pierre Racz, President of Genetec. “The responsibility has to be taken by the companies who sell, install and operate the technology.”
Hacking and intrusions are not a new phenomenon, evolving from pranks in the early 90s to ways for those with ill intentions to conduct espionage or steal company secrets. Yet the problem has become more prominent for security players whose devices are more and more connected to the Internet.
Fears of security devices being subject to a hostile takeover culminated with the DDoS attack last year, in which cameras and NVRs were used as robotic attackers after being infected with the Mirai malware. This has caused vendors to reexamine their security policies and come up with ways to “harden” their devices against cyber threats.
“This highlights the fact that, for many systems, one of the biggest vulnerabilities comes from edge devices,” Racz said. “As an open-architecture company, we are fully aware of this vulnerability and work to mitigate and eliminate risk.”
For Genetec, protecting its solutions against intrusion and attacks begins at the design phase. “Our design philosophy is to ‘Fail secure.' For our part, we continue to make it as difficult as possible for our end-users to misconfigure their systems or leave keys or doors open to cyber-threats,” Racz said.
Encryption and authentication also play an important role, according to Racz. “Naturally, organizations will continue to use encryption to protect private information and sensitive data as well as enhance the security of communication between client apps and servers. Encrypting data helps ensure that, even if an unauthorized person or entity gains access to a system, the information itself will remain unreadable without the appropriate key,” he said. “To keep unauthorized entities from gaining access to a network in the first place, organizations will also continue to employ different forms of authentication, the process of determining if an entity — user, server or client app — is who it claims to be, including username/password combinations, tokens, and certificates that identify trusted 3rd parties.”