Genetec’s Paul Dodds Talks Protecting IoT from Cyber Attacks

CCTV and IoT devices account for just 1.2% of all devices, but receive 24% of malicious activity
Genetec’s Paul Dodds talks about the threat IoT and CCTV devices face from hacks, and how organisations can help protect them

Video surveillance cameras and other Internet of Things (IoT) devices are increasingly becoming targets for cybercriminals looking to gain unauthorised access to networks and sensitive data.

While these physical security tools are designed to enhance safety and security, their immaterial properties contain vulnerabilities that can be exploited by hackers.

In an interview with Cyber Magazine, Paul Dodds, Country Manager at Genetec UK & Ireland, shed light on the growing threat posed by unsecured video surveillance cameras and IoT devices. 

Paul Dodd, Country Manager UK & Ireland at Genetec

Hardware meet software

Dodds emphasised the importance of robust cybersecurity measures and collaboration between physical security and IT teams to address this critical blind spot.

These devices, are essentially, small computers running software that may contain cybersecurity vulnerabilities. 

"It's because they're not always as well managed or protected as other technologies that they so often pique the interest of hackers," Dodds states. "Companies must have strong cyber defences in place to manage these devices or they could be opening themselves up to all manner of threats."

Without proper management, these devices can become weak links in a company's security infrastructure, potentially leading to data exfiltration or unauthorised access to facilities.

Hackers handbook for attacks

Youtube Placeholder

Hackers often seek the lowest cost opportunity with the greatest chance of success. 

Dodds points out that certain breaches, like the one Verkada suffered in 2021, underscore how simple it can be to exploit improperly configured devices. "In this particular case, hackers gained unauthorised access to the company's systems using publicly available administrative credentials, which were likely weak or reused passwords," notes Dodds.

This example illustrates the critical need for strong password policies and proper configuration of security devices. Weak or reused passwords can provide an easy entry point for hackers, leading to significant security breaches.

Addressing the CCTV blind spot

Despite video surveillance cameras and other IoT devices accounting for just 1.2% of all devices, they are responsible for 24% of malicious activity. 

Dodds emphasises the need for collaboration between IT security teams and physical security functions. 

"To counter the threat, physical security professionals must proactively partner with their counterparts in information security to better understand the true limits of the security perimeter and work to develop strong governance and processes to avoid or mitigate cyberattacks," Dodds advises.

This collaboration is crucial for a comprehensive security posture. IT teams should also be wary of high-risk security camera vendors, particularly those subject to restrictions in the USA but widely deployed in Europe. Dodds suggests treating these vendors "like digital asbestos" and having a plan to address their presence in the business.

Key steps to securing 

There is no single solution to securing video surveillance cameras and other IoT devices, but several controls can be implemented.

Dodds recommends ensuring cameras are running on the latest firmware and that security updates are regularly applied. 

"This is a rudimentary aspect of good cyber hygiene," Dodds states.

Regular updates and firmware management are fundamental to maintaining the security of these devices. By keeping software up to date, companies can protect against known vulnerabilities and reduce the risk of cyberattacks.

The security of video surveillance cameras and other IoT devices is a critical aspect of a company's overall cybersecurity strategy. 

By understanding the vulnerabilities, methods of attack, and necessary protective measures, businesses can better safeguard their assets and data. 

As Dodds highlights, a proactive and collaborative approach between physical and information security teams is essential for mitigating the risks associated with these devices.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

UK Takes Steps to Strengthen Country's Cyber Security

The new government have made cybersecurity one of their top priorities as they lay out their plans for what they intend to do in power

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

BlueVoyant has unveiled a new Cyber Defense Platform which aims to tackle the growing attack surface introduced by the ecosphere of third-party vendors

Irdeto’s Andrew Bunten Talks Securing Online Content Streams

With online streaming services being bigger than ever, Irdeto’s Andrew Bunten explains how they manage to keep streams safe despite the huge attack surface

Fortinet Cyber Survey Shows Global Scope of Skills Gap

Operational Security

What ChatGPT Passing an Ethical Hacking Exam Means for Cyber

Technology & AI

Learn How CTEM can Upskill Your Cyber Strategy

Network Security