News that hacked security cameras and DVRs may be to blame for October’s massive Internet outage is troubling to many of us in the physical security industry.
The cyberattack, which caused disruptions to major websites like Twitter, Spotify and Netflix, is being blamed on malware called Mirai, which reportedly exploited the default passwords in network cameras and other connected devices to initiate a widespread Distributed Denial of Service (DDoS) attack on a large Internet infrastructure company.
Essentially, DDoS attacks overwhelm a server with so much junk traffic that it can no longer process normal requests. In this case, many popular websites saw service disruptions.
The incident has raised concerns about just how secure some IP cameras and video recorders are, and what steps the industry is taking to harden products against these kinds of attacks.
While it’s impossible to totally safeguard against all security vulnerabilities, there are steps you can take to better protect your video surveillance infrastructure and reduce your risk of being victimized by hackers. The following are some important measures that can help secure your video surveillance infrastructure from cyber attacks.
Choose a manufacturer that lets you disable services you’re not using. Linux-based operating systems in NVRs, for example, can be customized to remove services, thereby improving security.
If you’re using March Networks recorders, your integrator can also scan the NVRs for open ports and other security issues by using our GURU Smartphone App’s Security Audit tool. The tool automatically analyzes and rates how secure the configuration of installed March Networks recorders is against a list of potential vulnerabilities. It then provides guidance on how to make the configuration more secure, such as changing a password that’s been left at the default setting or closing ports that don’t need to be open. You can actually ask your integrator for a copy of the Security Audit report for reference, since GURU lets technicians email it right from their phone or tablet.
Finally, it’s important to note that cybersecurity is constantly evolving, and there are many other measures you can explore to safeguard your data. But no one person or company can tackle it alone. Keeping video surveillance infrastructure secure needs to be a joint effort between manufacturers, integrators and service providers, and end user organizations as well. Do your part by staying up-to-date on best practices and training and educating your staff. It’s also important to adopt a top-down approach to cybersecurity that begins with buy-in from senior executives and support from managers and employees alike.