Poor timing or opportunistic latching on to their own vulnerability:
Is Axis simply oblivious or? Why would they promote this the same day they were forced to do a press release acknowledging a critical security vulnerability across the entire product line?
The show marketing campaign must go on!
The average cost of a data breach to a company is $3.5 million. https://t.co/mr8geyUa3o
How secure are you? #CyberSecurity
— Axis North America (@Axis_NA) July 4, 2016
This is a timely reminder that ALL vendors, not just the Chinese, have vulnerabilities in the systems.
We as installers/integrators can work to minimise any risk by putting layers of security in place to restrict as much as possible access to the "unwanted". However, as is proven time & time again, if the unwanted really want to access these systems, they can find a way. Bear in mind that many such breaches arise from internal sources not just hackers trying to gain access from the internet.
I am curious to know what the general consensus is on the question of "when is the camera manufacturer responsible for security threats and when is the company responsible due to their network security?"
A lot of times the argument here amounts to: "Your IT department/integrator are at fault!"
The problem is: a very large amount of users do not have those things, and manufacturers are specifically targeting segments that do not have them in their marketing, by making things easily available online or in big box stores (Q-See, Ezviz, Swann, Lorex, Nite Owl, etc., etc.), and making claims about how easy to install and use they are, without network setup, etc.
So if you make those claims, and then you have significant vulnerabilities, are you not at fault?
Are we really prepared to take the position that even home/DIY users who have been specifically targeted by manufacturer marketing are at fault? That seems incredibly regressive to me compared to the alternative: manufacturers step up and fix it.
I do think that in 2016, IT departments and security integrators who do not realize and address cyber security risks are also at fault, to be clear. But that ignores a large segment of the market if we boil it down just to that.
To reinforce Ethan's statement, I have seen clauses in contracts where if a data breach is a result of the integrator not taking reasonable, appropriate steps to secure the network the integrator could be held liable. This most frequently comes up in retail or other PCI-DSS compliant environments.
I know Hedgie and he is a really nice, hard working guy. I'm sure he's just trying to "educate" everyone who is busting his balls about the Axis "security vulnerability across the entire product line" that there are these "new" things called cyber threats out on the internet
If tomorrow, Axis cameras were found to cause cancer, Hedgie would also let us know that smoking, radiation and eating paint chips could cause the exact same result
:)
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
