By Mitch Muro, Product Marketing Manager, Check Point Software Technologies
When building IoT devices, it is important to understand that an IoT device (by default) is rarely secure. This is due to the simple fact that these devices are often designed to increase productivity and provide immediate value to its customers, leaving security as an afterthought (or completely out of the equation). It is unsafe to assume that skipping the step of implementing security is no big deal because “no one will want to attack a smart doorbell.” On the contrary, evidence has proven to us time and time again, that cybercriminals will attack wherever the most lucrative rewards can be found. And when it comes to unsecure connected devices and networks, they serve as entry points for a cybercriminal to infiltrate a network and steal sensitive data, information, and even shut down operations. It Is extremely important now, more than ever, to secure these devices out of the box.
In this article, I wanted to focus on the CCTV/IP Camera market. CNBC projected that one billion surveillance cameras were active in 2021 so it is safe to assume that with the growth of IoT worldwide, the number of those devices are much larger now in 2022. CCTV plays a crucial role in keeping both people and organizations safe, everywhere from transport hubs to retail, banks, and critical infrastructure. According to cctv.co.uk, there are about 691,000 CCTV cameras active in London alone. As surveillance video is increasingly IoT connected, they become prime targets for cybercriminals for various reasons. Innovative companies, like Check Point Software, offer an embedded runtime protection solution that provides built-in security against attacks such as access control, memory corruption, shell injection, import table hijacking, control flow hijacking, and more with 100% firmware coverage, including third party components, without compromising the device’s performance.
Modern CCTV cameras are essentially functioning as small computers that run operating systems, applications, and have various networks and radio frequency (RF) interfaces. As such, they are also susceptible to hacking attacks. One of the biggest issues is that end-users will often keep the default usernames and passwords, essentially leaving the door open for hackers. Even with a strong password, traditional CCTV cameras are not supplied with adequate on-board security. But why even hack a CCTV camera? Well, the answer is simple. Criminals may wish to gain access to the camera’s controls, to turn it off, point it in a different direction, and manipulate images and associated information or just to watch the activity covered by the camera. In addition, as a network device, once hacked, it can be used to gain access to sensitive resources on the corporate network via lateral movement, where cybercriminals can then exploit vulnerabilities and deploy botnets or crypto miners.
So, what can businesses do to protect themselves from these types of vulnerabilities? Companies like Check Point Software Technologies, a leading provider of cyber security solutions globally, and international CCTV market leader Provision-ISR (Israel) take these issues head on. The partnership combines Check Point’s Quantum IoT Protect Nano Agent solution being embedded in Provision-ISR’s CCTV cameras for on-device runtime protection against zero-day attacks. The solution brings an entirely new level of cybersecurity to the video surveillance market.
With all of this in mind, the problem becomes very clear – internet connected devices (like surveillance cameras) are growing rapidly year over year but are often rushed to market with security left behind as an after-thought. This leaves an open door for cyber criminals to infiltrate with malicious intent. Business should remain resilient and proactive to ensure their business’ products/solutions are safe from threats by following security best practices and partnering with experienced and leading security vendors. I will leave you with a few best practices that you can take action on immediately to take a step in the right direction:
Cyber Security Best Practices & Safety Tips
- Remain resilient in updating passwords/credentials for your internet connected devices and DO NOT leave in place the default device password
- Uncover security risks in any your internet connected device firmwares via free security risk assessments – Check Point offers a free service here: IoT Firmware Risk Assessment
- Take advantage of on-device runtime protection solutions to protect yourselves from zero-day attacks
- Define and enforce policies on a per device basis for ongoing network access
- To learn more, head here for additional resources and information: IoT Device Security for Manufacturers
About the Author
Mitch Muro, Product Marketing Manager, Check Point Software Technologies. Since joining Check Point Software Technologies in 2020, Mitch Muro leads product marketing activities, strategies, and vision for Check Point’s Quantum IoT and SMB product offerings. Mitch brings a decade of experience in cybersecurity marketing – including payments, e-commerce, networking, IoT, cybersecurity, and cloud solutions. Mitch also possesses expertise in converting customers and business needs into innovative and valuable product material to generate business opportunities and customer value. Prior to joining Check Point, Mitch spent time at Actiance and Broadcom where he led the development, business, and go-to-market execution of innovative new products for e-commerce security solutions and data archiving.
Mitch can be reached at our company website: www.checkpoint.com