You are currently viewing Is your CCTV system the weakest link for hackers?

Is your CCTV system the weakest link for hackers?

Is your CCTV system the weakest link for hackers?

Without a doubt, if a company or organisation in the UK has CCTV cameras connected to the corporate network, these networked cameras are quickly becoming their networks’ most exposed points for potential cyberattacks from bad actors.

The main risk factor for enterprises when it comes to hackers is supposed to be people, but could there be another, equally serious menace hiding in your company’s IT underbrush?

The key reasons for the increasing vulnerability of CCTV systems are fivefold:

  • These days, surveillance cameras have significantly more processing power and internal data storage than they had in the past. In essence, they are mini-PCs in and of themselves. If hackers can get inside of them, malware might be downloaded into them and distributed over a vulnerable business network as a result. As an alternative, hacked cameras can be used to access a company’s systems and extract important corporate data.
  • Cyber security defence has become a considerably more specialised task, requiring pricey cyber specialist skills that need frequent updating as the threat landscape for cyber security has grown more complicated and exploit types have simplified and multiplied. Many businesses simply lack the funding for this expertise in their IT budgets. Many IT managers in organisations around the nation frequently lack the most recent cyber capabilities necessary to effectively handle the variety of threats to their constantly growing networks.
  • In many organisations, there is a gap between the network/IT management and the FM and/or security departments, who manage the CCTV systems on a daily basis. Due to this disconnect, there is a greater chance that security cameras won’t go through the same rigorous patching and updating procedures as other networked devices. They might perhaps be forgotten.
  • Network cameras can increasingly “reach out” to the manufacturer’s servers to allow additional functionality or services, which are often cloud-based. Some gadgets can immediately pose a security risk when connected to the network because not all manufacturers will first demand permission or action for this to take place. What level of security are the servers for the manufacturer at? Can one trust them? Does it have documentation, follow security guidelines like SOC-2, or use OWASP-based approaches, for example? Additionally, there is growing worry that the call-out features of some manufacturers may have backdoors that a nation-state may use against them.