Protecting Against Risk Through Cybersecurity Awareness
We’ve all read or heard about incidents of cyber crime targeting government and commercial entities to compromise services or harvest information. As you can image, financial institutions are a primary target for attack.
While they have top-notch security, financial institutions may be still be the target of threats involving software and hardware vulnerabilities that could lead to exploitation. The most consistent feedback we hear is that their primary concern is cybersecurity. Given that financial institutions can lose customers, revenue, and reputation as a result of a breach, this is hardly surprising.
Physical security in banking has evolved toward network-based solutions with high-resolution cameras and high-capacity recorders. These devices have operating systems, communication capabilities, and passwords just like any other computer on a network. Any poorly protected device can easily become the attack surface hackers need to gain access to a financial institution’s infrastructure.
As a result, IT teams have become involved in the process of testing, selecting, and deploying all the devices on a bank’s network, including security cameras and video management systems (VMS). The shift from focusing on physical security to IT security has changed the discussion. Many IT specialists are now rightly asking questions about who a vendor works with and how they secure their products. But, when they aren’t sure about what questions to ask, it is up to vendors to lead these conversations.
Financial institutions need physical security system vendors who understand their cybersecurity concerns and who are working to mitigate against the risks associated with cyber threats. To start, they should be looking for 4 Key Cybersecurity Measures:
Device Hardening Protocols
While changing factory-set passwords might seem like a simple action, many institutions struggle with it. This is partly because of the sheer volume of devices they have on their networks. But it is also because, during the installation process, many skip this step, assuming they’ll come back to it later. Unfortunately, just one camera that still has the default password can increase a network’s vulnerability to attacks.
Cameras that do not have default passwords and instead require users to set strong passwords before attaching the device to the network help protect banks. In addition, some vendors, like Hanwha Techwin, also provide network hardening guides that reduce the risks associated with improperly configured or unprotected devices.
End-to-end Encryption
Given the volume and type of data that financial institutions are collecting and storing, end-to-end encryption is vital. It’s not enough to simply encrypt data in motion. Financial institutions must be able to encrypt data at rest as well.
Encrypting data in motion protects it from anyone who is sniffing a system with the intention of capturing data packets passing through a network. On most networks, this means passwords and other account information. Within a physical security system, however, it also means data being transmitted from the camera to the recorder or from the recorder to the management station.
Financial institutions still have to protect data at rest. In a physical security system, depending on IT policy this may include the video stored in cameras and recorders. This data may need to be encrypted in case hackers gain access to the recording platforms themselves.
Patch Management
Hackers have been known to take advantage of vulnerabilities in operating systems and third-party applications that were not kept up to date. Keeping current with the latest software updates and firmware patches helps reduce a system’s attack surface significantly.
In order to protect their networks, financial institutions should work with vendors who monitor cybersecurity threats globally and then produce and distribute patches. The dedicated Security-Computer Emergency Response Team, or S-CERT, at Hanwha Techwin, for example, monitors evolving cybersecurity threats worldwide and develops patches to harden our devices against these threats. Through S-CERT, we are continuously working to future-proof our cameras.
Working with a Trusted Supply Chain
Banking and financial institutions need to work with vendors who manufacture all aspects of their cameras or security system products and who control their own distribution. End-to-end, in-house manufacturing is the best way to ensure that parts and chipsets are built following best practices. When a vendor controls all aspects of manufacturing, it also provides customers with peace of mind because they know that any and all upgrades or changes are coming directly from the vendor rather than a third-party manufacturer.
To harden networks and protect against potentially devastating data breaches, it is important to partner with physical security vendors who are already out in front of cybersecurity issues. A vendor with strong cyber hygiene can help financial institutions and other financial institutions install the advanced solutions they require to mitigate against the risks of cyber threats.
If you like it, share it.
About Hanwha Vision
Hanwha Vision (formerly Hanwha Techwin) has been leading the global video surveillance industry with world-class optical design, image processing and cybersecurity technologies for more than 30 years. As it broadens its business to become a global vision solution provider, Hanwha Vision will deliver more valuable and meaningful insights to customers by collecting key information and providing big data analytics utilizing AI and cloud technologies. Learn more about Hanwha Vision.
Comprehensive Guide to Business Security Camera Systems
Businesses and organizations encounter a variety of security challenges every day, from ensuring the safety of their employees and customers to preventing theft and vandalism. Commercial security camera systems provide…
How to Use ESSER III Funding in Schools
What is ESSER III? The Elementary and Secondary School Relief Fund (ESSER) is a grant program based on Title VII of the March 2020 CARES act. It provides funding to…
Cloud-based Video Surveillance is the Future of Security
In today’s rapidly evolving landscape, the need for powerful video surveillance systems has never been greater. Businesses and organizations are now seeking to leverage the cloud to not only ensure…
State and Local Cybersecurity Grant Program (SLCGP) Guide
What is the SLCGP? To reduce cybersecurity risks to the United States, Section 889 of the 2019 National Defense Authorization Act (NDAA) prohibits the procurement of non-NDAA compliant security products…
Hanwha Vision’s SightMind Software: Making Security Devices More Efficient and Intelligent
It’s no secret that every form of technology is getting smarter, especially with the spread of Artificial Intelligence (AI) putting the data we need to live our personal and professional…