Over the years, video surveillance has evolved from a security solution to an organisation-wide intelligence tool, providing data that improves operational efficiency, sales and marketing planning, business performance and more. As new capabilities and analytics emerge in video surveillance systems, their popularity continues to grow, but they are also becoming more attractive to malicious actors. Cybersecurity must therefore be at the forefront of every video deployment and maintenance strategy.
More focus on cyber security
Installers and end-users who work with reputable and responsible manufacturers will be better prepared against cyber risks and will find it easier to comply with current and future legislation. Global regulations such as the US National Defence Authorisation Act (NDAA) and the EU Cybersecurity Act (CRA) and the Network and Information Systems Directive (NIS2) encourage organisations to strengthen their cybersecurity practices for connected devices, including video systems.
It is no secret that the Baltic region, including Latvia, faces unique cyber security challenges due to its geopolitical location and rapid digitisation. This requires strong cyber security measures to protect our critical infrastructure and national security. One solution is being actively pursued - as mentioned above, the Baltic States are rapidly embracing digital technologies, including the widespread adoption of smart city solutions, which go hand-in-hand with an increasing dependence on networked devices. This digital transformation also increases the attack surface and necessitates stronger cyber security measures. To mitigate these cybersecurity risks, it is therefore essential to choose trusted technology suppliers, implement strict access controls in your infrastructure and conduct regular security assessments.
- choose reliable technology suppliers
- implement strict access controls in their infrastructure
- and carry out regular security assessments.
Existence of perception gaps
However, as regulations tighten, many organisations are overestimating their cyber security resilience. A study by Hanwha Vision Europe found that there is a significant gap between how resilient organisations think their video systems are and how prepared they actually are.
More than 1,150 IT and security managers/directors from organisations with more than 50 employees in the UK, France, Germany, Italy and Spain were asked about their cyber security resilience and knowledge of threats and legislation. Participants represented key sectors including data centres and telecoms, financial services, industry (energy, mining, utilities), manufacturing, retail, transport and government.
Managers' confidence in their own cyber security varies depending on factors such as the size of the organisation, location and industry sector. In Italy, for example, confidence levels are as high as 97%, with an average of 92% of IT and security managers believing their CCTV systems are very well protected against cybercrime. Financial institutions show almost absolute confidence (99%), while sectors such as data centres are slightly more conservative at around 80%.
Unknown and unfamiliar
Lack of awareness of and compliance with key cyber security rules is a major concern. Many managers are not aware of basic rules such as CRA and NIS2 that have a direct impact on the cybersecurity of their CCTV systems. For example, only 47% of respondents are aware of NIS2. Even fewer (23%) are aware of the CRA, a directive aimed at strengthening the cyber security of connected devices, including video systems.
This lack of knowledge means that IT and security teams may be unaware of the specific requirements needed to make CCTV systems secure, which can lead to inadequate protection that can be misused. Video industry experts, including installers and manufacturers, can play a leading role in educating business leaders about improving video cybersecurity.
What is the situation in Baltics?
In all Baltic States the use of video surveillance is increasing for various purposes, including public safety, traffic surveillance and perimeter protection. But along with this trend, concerns about cyber-security are also growing. As video surveillance systems become more sophisticated and interconnected, cyber security risks are becoming a major concern for Latvian institutions and private organisations. Therefore, the European Union's Cybersecurity Act (CRA) and the Network and Information Systems Directive (NIS2) encourage Latvian organisations to strengthen cybersecurity practices for connected devices, including video surveillance systems. So, how to do this?
- Baltic institutions and private organisations should choose video surveillance service providers that prioritise cybersecurity in the design and development of their products. This includes features such as strong encryption, secure authentication mechanisms and regular security updates.
- Strict access control systems should be put in place. Restricting access to CCTV systems to authorised personnel and multi-factor authentication are essential security measures.
- Regular security audits and access checks should be carried out. Conducting such security assessments can help organisations identify and mitigate vulnerabilities in CCTV systems. Yes, it is an additional cost, but it is better to pay for security assessments and make timely improvements than to lose thousands or even millions of euros to recover stolen data.
- And, of course, staff training. Training of staff involved in the operation and maintenance of the Baltic CCTV systems on best cyber security practices is of paramount importance. This includes recognising phishing attempts, identifying suspicious activity and reporting security incidents immediately.
Even best practices tend to be incomplete
The above study also highlights the lack of cybersecurity best practice frameworks across organisations. There is a need to ensure that staff follow cyber security protocols and to promote general awareness among the team - staff training. However, the situation is even worse for basic cybersecurity measures such as updating device firmware. Less than a third (31%) of organisations do this.
The study also found a lack of basic cybersecurity practices such as securing physical access to network devices, implementing 802.1x certificate-based access control and setting up user-level accounts. As a result, many businesses face greater risks from preventable problems such as human error or misconfigured devices.
It is therefore important to work with a vendor that regularly updates its systems against new threats, as this reduces the risk of vulnerabilities being discovered in your system. Similarly, a manufacturer with dedicated cybersecurity resources understands the business-critical nature of cybersecurity and is committed to ensuring that its products are as protected as possible.
Hanwha Vision's in-house Security Computer Emergency Response Team (S-CERT) focuses on addressing all potential security vulnerabilities in products, ensuring that customers have the latest countermeasures in place to mitigate emerging threats and new hacking techniques.
Immediate action needed
As cyber threats to video systems become more frequent and sophisticated, it is clear that immediate action is needed. All managers need to reassess the strength of their current video security, align with regulatory frameworks and adopt cyber security best practices to protect both their systems and their users. Installers and manufacturers can provide guidance to ensure that the industry as a whole is as protected as possible from malicious actors.
Although seemingly small (compared to other countries), the three Baltic States are strategically important. And vulnerable CCTV systems can also be part of data manipulation - fraudulent activities could manipulate video footage captured on Latvian systems, leading to false accusations, misinformation or even compromising evidence in criminal investigations.
Invest in security today so you can wake up tomorrow with peace of mind knowing that all your data is protected.
Source:
- https://hanwhavision.eu/how-cyber-resilient-is-your-video-system/
- https://www.cobalt.legal/news-cases/summary-of-latvias-new-national-cyber-security-law/#:~:text=The%20new%20law%20aims%20to,Directive%20or%20%E2%80%9CNIS2%E2%80%9D%2C%20which
- https://www.liaa.gov.lv/en/article/latvias-digitalisation-road-modern-state-administration