The number of Internet of Things (IoT) devices, such as surveillance cameras, is expected to significantly grow, with more than 30 billion connected devices estimated by 2020 across the globe.1 Australia is already seeing the signs of this growth with Sydney being named the 15th most surveilled city in the world in a recent Comparitech report. 2 While there are benefits to this approach for public safety and business protection, it is also creating a new cybersecurity risk, according to Forescout.
Many surveillance cameras are now IP-enabled, many are wireless, they are often mobile and have shared ownership, varying degrees of computational power, and are used in applications ranging from small home and business automation systems to large smart cities and very large smart grids.
Steve Hunter, senior director, systems engineering, Asia Pacific and Japan, Forescout, said, “Governments and the surveillance companies responsible for installing, monitoring and maintaining these cameras need to be aware of the potential for this equipment to be exploited by cybercriminals.
“Surveillance cameras are highly exposed to external actors. This exposure is both physical, since many cameras are placed in external locations that make it easier for an attacker to tamper with them, and logical, since modern cameras and recording equipment support remote access for improved management and access to cloud services.”
Many IoT devices, including surveillance cameras, are set up and managed with insecure protocols, allowing traffic sniffing and tampering, including sniffing credentials and sensitive information. These insecure streaming protocols are easy for an attacker to exploit in two key ways: denial of service and footage replay.
In the age of IoT, legacy security solutions like endpoint agents, antivirus, and traditional IT intrusion detection systems are not enough because either they are unsupported by embedded devices or they are incapable of understanding the network traffic generated by these devices. Therefore, new solutions are required.
Steve Hunter said, “Cybersecurity strategies to address this new attack surface must be transformed. There are many activities that should be considered in a cybersecurity strategy, such as threat modelling, threat intelligence, vulnerability management, risk management, security reviews, and supply chain risks. However, the cornerstones of an appropriate cybersecurity strategy for the age of IoT are device visibility, control, and orchestration, since they are crucial enablers for other cybersecurity-related activities.”
Three ways that all IoT devices, including surveillance cameras, can be protected:
- Visibility. Security must begin by knowing what is on the network. Complete visibility into IoT devices is key to identifying attacks. Adding enhanced security with network monitoring can give organisations a thorough understanding of their IoT environment and its connections with other systems and with the outside world. This makes it easier to design effective security architectures, identify attack vectors, and resolve operational security issues including vulnerabilities, misconfigurations, access policy violations, and weak security controls.
- Control. Beyond knowing the assets in the network and identifying attacks, security teams must be able to automate and orchestrate appropriate responses, as well as be able to prevent further issues by strengthening their security posture. The situational awareness enabled by complete visibility and the integration of security solutions allow for timely prioritisation and proper action in response to identified events. On the other hand, as organisations define their next-generation security architectures for IoT and operational technology (OT), segmentation plays a leading role. Unlike traditional devices, IoT and OT devices cannot be regularly patched or secured through agents. Hence, segmenting these devices into logical security zones is an essential risk-mitigation strategy.
- Orchestration. Many organisations have dozens of security solutions that operate independently. This approach prevents coordinated, enterprise-wide security response and results in manual, inefficient processes that can’t scale to address the growth of IoT devices. Effective and efficient security orchestration, automation, and response (SOAR) depends on sharing contextual insight into devices, automating security workflows, and enabling automated response actions.
Steve Hunter said, “The reality is that malicious actors can disrupt the normal functioning of the most advanced surveillance cameras with relative ease if proper security controls are not in place. It is critical to deploy security countermeasures beyond legacy, agent-based, and IT-focused cybersecurity solutions, which are inappropriate in this new landscape.”