As the amount of data generated and stored continue to increase at a rapid pace and the General Data Protection Regulation (GDPR) directives kick in, systems integrators should understand the risks that are involved in video surveillance data security.
As the amount of data generated and stored continue to increase at a rapid pace and the General Data Protection Regulation (GDPR) directives kick in, systems integrators should understand the risks that are involved in video surveillance data security.
Speaking of surveillance installations that are currently in place worldwide, Danny Lim, Head of Global Surveillance Presales for the Video Surveillance Segment at
Seagate Technology, pointed out that as devices become increasingly connected, threats are on the rise.
“As video surveillance is now beyond security and with the convergence of technologies like AI/deep learning, cloud, big data, and integration with existing IT infrastructure, the level of threats and risks would increase,” Lim said. “We see the verticals that leverage data to make decisions, gain insights and convergence with different technologies being at the highest risk, for example, safe city, airport, transportation, and financial/banking.”
Dave Seesdorf, Principle Product Manager of Security Products at Seagate Technology, pointed out that intruders can access surveillance data at various points. Data can be stolen from the camera, from the wire while being transmitted, through insider threats that include stealing of passwords, by smash and grab attacks, from drives during disposal if not properly encrypted, and so on.
Danny Lim,
Head of Global Surveillance Presales,
Video Surveillance Segment,
Seagate Technology
Implications for SIs and their customers
Last year, some school authorities in the states of Iowa of Nebraska in the U.S. had to cancel classes after a group that called themselves “Dark Overlords” hacked into the schools’ network and published personal information online. There were also messages on social media with violent and graphic content that prompted concerns of possible physical attacks in these schools.
While this is an incident that raised security concerns at a local level, there were also other events last year that threw light on the vulnerability of surveillance equipment. Following the infamous Mirai botnet attack that made use of Internet of Things (IoT) devices that included surveillance cameras, routers and digital video recorders (DVR), there were fresh concerns of a similar malware named Reaper or IoTroop.
The irony is that such attacks are taking place even as several surveillance installations and networks exist without proper security measures in place. A simple search on the website Shodan reveals the countless number of vulnerable devices online. Researchers at Risk Based Security had recently reported that as much as 46,000 commercial and residential DVRs could easily be accessed by hackers.
What does all this mean for systems integrators (SI)? Cyberattacks are taking place across industries ranging from critical infrastructure to finance and other industries. As more devices get connected to the internet, threats are only going to rise in the coming years. In this context, SIs have an important role to play in selecting the right equipment that ensures data is as protected as it can be and ensuring that the installations are tamperproof physically and virtually.
Robin Hughes,
Sales Director,
Secure Logiq
GDPR and SIs
As GDPR comes into force, systems integrators would have an increased responsibility to make sure that their customers are not vulnerable to surveillance data breaches.
Brandon Gregg, Head of Global Trust and Security at Seagate Technology, pointed out that encryption would become a key in this regard. Customers and the people being recorded on video would not want their image, facial details or even time and location being shared with the wrong people. Other industry experts have also indicated that the importance of surveillance data security and GDPR would potentially impact SI’s role with their customers.
“Video surveillance will always be an effective tool for detecting and solving crime but now, firmly entrenched in the IP arena, there is a bigger threat than ever in there being a data breach,” said Robin Hughes, Sales Director at
Secure Logiq. “Integrator and IT manager relationships now need to be stronger than ever and cybersecurity skills should be high on the agenda for any forward-thinking CCTV company. Look for manufacturers who help to guide you through that process and products where data hardening is part of the product set.”
Bottomline
As the security of surveillance data continues to become more and more important, SIs have to be more prudent in deciding their vendors and going about their installations. At the end of the day, no customer wants their video surveillance footage accessed by unauthorized parties or made public. GDPR brings this under a robust legal framework, increasing the financial liabilities associated with a data breach.