Cyber Security For Video Surveillance Study

Author: Brian Karas, Published on Apr 27, 2016

This study provides the foundations for video surveillance professionals to understand the importance of cybersecurity, what is being done to enhance cybersecurity and what providers are viewed as the best and worst at cybersecurity.

100 integrators answered the following 5 open-ended questions on cyber security:

  • How important is cyber security in your customers' decision making process?
  • What type of customers are most concerned about cyber security? Why?
  • What steps do you take to ensure cyber security for your customers video surveillance systems?
  • Which security manufacturers do you feel are strongest in terms of cyber security? What do they do that makes you feel this way?
  • Which security manufacturers do you feel are weakest in terms of cyber security? What do they do that makes you feel this way?

They provided detailed color commentary on each point, so you can understand their mindset and approach.

Summary

The key trends revealed in the study:

  • Overall, cyber security is not very important for customer's decision making process.
  • The 4 segments showing highest cybersecurity concern were government, banking, education and healthcare
  • Steps taken to secure systems were generally basic. While various techniques were mentioned, changing default password was the most common.
  • Western video surveillance manufacturers were viewed as the strongest in cyber security.
  • Chinese, and specifically Hikvision, was selected as the weakest in cyber security.

Full details, integrator explanations and our analysis is shared inside.

**** ***** ******** *** *********** *** ***** ************ ************* ** understand *** ********** ** *************, **** ** ***** **** ** enhance ************* *** **** ********* *** ****** ** *** **** and ***** ** *************.

*** *********** ******** *** ********* * ****-***** ********* ** ***** security:

  • *** ********* ** ***** ******** ** **** *********' ******** ****** process?
  • **** **** ** ********* *** **** ********* ***** ***** ********? Why?
  • **** ***** ** *** **** ** ****** ***** ******** *** your ********* ***** ************ *******?
  • ***** ******** ************* ** *** **** *** ********* ** ***** of ***** ********? **** ** **** ** **** ***** *** feel **** ***?
  • ***** ******** ************* ** *** **** *** ******* ** ***** of ***** ********? **** ** **** ** **** ***** *** feel **** ***?

**** ******** ******** ***** ********** ** **** *****, ** *** can ********** ***** ******* *** ********.

*******

*** *** ****** ******** ** *** *****:

  • *******, ***** ******** ** *** **** ********* *** ********'* ******** making *******.
  • *** * ******** ******* ******* ************* ******* **** **********, *******, ********* *** **********
  • ***** ***** ** ****** ******* **** ********* *****. ***** ******* techniques **** *********, ******** ******* ******** *** *** **** ******.
  • ******* ***** ************ ************* **** ****** ** *** ********* ** cyber ********.
  • *******, *** ************ *********, *** ******** ** *** ******* ** cyber ********.

**** *******, ********** ************ *** *** ******** ** ****** ******.

[***************]

Low **********

**** ********* **** ***** ******** ** *** ********** ** ***** decision ****** *******.  ****** **** ** *** ********* ********* ****:

******** ************ *** ***** ***** ** *** ****** *** *** ********:

  • "** ** *** ********* ** ***"
  • "** ********* ****** ******* * ******* **** ************* ** ***** decision ****** *******."
  • "*** *** ******* **** ***'* **** *** *****"
  • "* ******** ** *** ********* **** ** **** ********** **** don't ****** **** ***** ***** ******** ******* ** *** ************ systems."
  • "******** *** ********** ******** ** *** *****, *** **** **** are *** *** ******* ** **** ****** **** **** **** the **** ***** *** ******* **** **** **** **** ****** to ***."

******* *********** ********* **** ******** *** ** **** ********* **** aware ** ***** ******** *****:

  • "** **** *** ** **** ******* ******* ***** **** ***, but ** *** *** **** ** **** * **** *** why ** ** *******."
  • "*** **** **** *** ******** ***** **** **** **** ****** be."
  • "** ** ***** ********** ***** ******* ** ***** *********."
  • "*'* *** ****** ***********. *** **** **** **** ******** * threat ** **** * ***** *** ***************."
  • "** **** ****, **** ****** ** *** **** *** ******* still, *** ** *** ********** ******** ** ** ** ***** attention."

**********, *******, *********, ********** - **** ***** ******** *****

***** ********* *** ***** **** ********** ************ **** **** ****** ** have ****** ******** ****** ***** ********.

  • "******** *** *** ** ***** **** *********. ** ********* **** remote ****** ** *** ********* ** ****** *** ********* ******. Some ****** ** ** *** ***** ********* *** ***** ******."
  • "****** *********, ********* ** ************* ******* *** **** **** *********"
  • "******* *** **** **** ********, ******* **** *** ******** *********** & ******* **** ********* ****** ********* ** **** ******* **** be ******** **** ** ************ ****."
  • "*** *** *********, **** **** *** ***** *** **** **** at ** *** ** **** *********."

*****, ********** ********, ******* *** ********** ************* ******** **** ** IT ********** **** ** *********** *** ******* ********. ***** ************* have **** ********* ** ****, ** ******** *********. 

  • "********* *** ** ********* ** **** *** *** ***** **** often"
  • "****** ** ***** ********** *** ** ****** ********** ** ** site ** ********** ***** **** ** ************* ** *** *********** to **** ******** *****."
  • "********** - **** ****** *** ** ******** ********"
  • "*******, ******* **** **** ******* ********"
  • "********* ******, *** *****, **********. **** *** ******* ***** ******* taking **** ***** ******* *** ****** ** **** ***** *** video ************ ******, ** ***** *** ***** ************ ****** ** a ******** ** ***** *******."
  • "********** *** ***** *** **** ********* ***** **** **** ******** data ** **** *** ******** ******** ******* *** **** ******* were *********."
  • "*********, *******, *********. **** **** **** ******** *** *** ******* FBI ********* ***"
  • "*** **** ** *** ****** **** ** *********, ** *** concern ** ******* *** ******** ** *** *** ********** ******. It ** ****** ** ***** *****. **** ** *** ************* clients *** **** ** *********, *** **** **** ********* ***** to **** **** **."

**** *** *********, ******* ********* ** *** **** ***** ******** ** a ******* ************* *** *** ****** ************* **.  ******* ************* are **** ****** ** ** ****** *******, *** * **** breach ** **** ****** ** ****** ******** ****.  

Methods *** ******** ********* ****

******** ******* ********* *** *** **** ****** **** ***** ** enhance ***** ********.

***** **% ** ********* ********* **** **** **** ** ******* ********.

********* ** ********** ******** **** ********** ******:

  • "********** ****** / ****** ******** ** ** *** ******** (********* ** physically)"
  • "******** ******* ********"
  • "** ***** * ******** ******** ******* *** *** ***** ****** or *** *****."
  • "** ********** ******** *** ***** ************ ******* **** ***** ******** (internet, ********* *** ***.)"
  • "******* *** ***** ****** ** * ******** ******* ** ****** VLAN ** ********"

********** ** ******* ***** ** **** ****, ****** *** ** consistently ** ***** ** ********:

  • "*** ** ********** (*** ****** ***********, *** ******** ************."
  • "** **** *** *******, ** *** *** *** *** ********** between ******'* *** ******."
  • "********* ******* * ***. ***** ******** *** *********** ********* *** also **** * *** ***** ****** *** *** ******* ****** app **** ***; ** **** * ******* *********** *** ****** encryption *** *** ***, **** **, ** ** *******, *** most ****** ******** ** *****."
  • "****** ********** *** ********* ** *****."
  • "****** **********(*****, ***) ** *********** **** *******, ********** ** ***** on **** ******, ***** ************ ** ******* ************ ** *******, etc."
  • "*** ********* ********* ********** **** ***** ******** ****."

******* ******** *** ******** *******, *** ********* ****-***** ******** **** listed, *** *** ** ********** ** *** ***** *****.

*********** *****, ** ******* ******* *******/************ *** *** ******** *********.

******* ** *** ********* ** ********** ** **** ************** *** cyber ******** *** **** **********:

  • "** ******* ********* ****** ***** ******** *********. ** **** ***** like ** *** *** ***** ********** ** ** ** ** them."
  • "*** ****** ********* *** **** **-***** ** ********* ** ******** third ***** ** ********* *** ** ****** ****** **********."
  • "** **** **** ******* **** ***** ** *********** ** ******* to ***** ***** *** **************."
  • "***** ** ***** ** *******"
  • "** ***** ** ** ** ******'* ** *********** *** *** internal *******"
  • "** ********* *** ****** *** ****** *** *********** ******** ******** on *** ****** *******."
  • "**** ****** ** *** - **'* ** ********'* ********* ******** and ** ********** **************"

**** ******** ***** *** **** *** * ***** ******** *** has ** ** **********, *** ** *** **** ** ****** organizations ** *** ** **** ** ***** *** ******** ** decide *** ***** ******** ******** ******* *** ***** ** ** remotely ********, *******, ** ********* ** ***** ********.

Manufacturers ****** ** **** ******

****** ************* ******** * *** **** ***** **** *** ********* in ***** ** ********* ********.

**** *** ** *** *** **** *****, **** ****** *** third ** *********:

  • "****. **** ***** *** ******* ** ********* ***.** *** *** up ***** ******* *** ****** ************* ***** *** **** ******* cybersecurity ****** ** **** ** ***** *********** *** ********* ******."
  • "****, **** *** * **** ******* ******** ********."
  • "**** **************. ****'** *** **** ************ ** **** ** *** actually ***** ***** *************"
  • "**** *** ***** *** ***** ** ***** ******** *** **** specific *********** **** ** ********* ** ****."
  • "**** *** *** * ***** ******** ***** *** ***** **** dedicated *********. ***** ***** ********* ***** ** ****** *****, ****** if ***'** *** *******, **** *** ***** ** ***********"
  • "*** ****** *************, **** ****, ***** *** *********** ** ********* any ******* ****** ***** ********, **** ** *** ***. ***** manufacturers, ***'* ***** ** ** ****** ***** ******* ***** *** related *********."
  • "**** **** ** ** * ****** ** ********."
  • "**** ***** ** **** ** **** ***'* **** ******* ********* on ***** ********, ****** *** *** *** **** ************."

**** **** *** * ********* ***** **** ******** *************** *** ********* ******** *** **** ********.

* *** *********** ********* ***** ****, **** *** ****** *** **** of ****** ***** ***** **** ** **** ******* *** ******* commenting:

"**** - ******* ** ***** ******* **** .*** ******** *** software (**** ***** ******* ******), ******** ** **** *** ******* (VMD3, ***), ******** ** ******* **** *** ******* ************* ** cameras (******** ***** *******, ***) *** ***% *******-**** *** (*** that ** ***** *** ***** ***). ****, **** ***** ***** passwords *** ***** ***** ***** ******* ******** **** ********* ******** guesses."

********:

  • "********'* *****-** **** ******** ******, ****** ****** ******** *******, *** easily-visible ****** ** *********/*********** ******* ***** **** **** **** ** my **** ** ****."
  • "******** **** *** ******** ******** ***** ** **************, ******** ********** (******* cameras & ***, ******* ******* & *******)"
  • "******** - **** ** **** ** **** ***** *******, *** their *** ******* **** ** **** * ****** ********** ******* their ********."

 *****:

  • "***** - ********** ******** *** ***** ********* ********"
  • "***** *******, ******** ************ *** ********* ********."
  • "***** ** ***** ***'* ** *** ***** ** ******* **** the ****** ** * *** ***** *** ****'* **** ** the *** *** ***** ******** ****** *** ********** **** ****** takes ** ** *** **** ***** ** ***** ** **** cyber ******** ** *** ****."

***** **** *** * **** ******** *****.

*******:

  • "** *** ***** ******* *** ***** ******, **** **** ******** security ********, ****** **********, *** *******. ******** ******* **** ******* Enterprise ******* ********* *** ********** ********* *** **** ****** ************ regarding ** ********."
  • "******* ** ****** ***** ******* ** ********* ********** *** ** easily ********** ** ******* ******."
  • "******* - **** *** **** ** ** ** ******* *******"

******* ***** * ********* ***** ********* ** ***** ******* ******

*********:

  • "********* ** ****** **** - **** **** **** *********** ******** to ****** ******* ***."
  • "********* - **** **** ** **** ******* ******* *** **** to ***** ** *** ****** ****** ********. ******** - **** do **** ** **** ***** *******, *** ***** *** ******* seem ** **** * ****** ********** ******* ***** ********."
  • "*********, ****, ***** - **** *** **** **** * **** hard **** ** ***** *** ********** *** ********, ***************, ******* ***** papers on **** ********* *** *** ***** ******** ******* ******."

China / ********* ** ***** ******

*** *** ***** ****** ********, ********* *** *** ************* ********* brand, ***** **** ** **********, *** ******* ****** ********* "******* cameras" ** ******** *******.

  • "********* - **** ******* ** **** *** **** ********."
  • "*********, ** ***** **** ******** ******** ****** *** ************** ** their ***. **** ** ** ******."
  • "*********, * ***** ****** ***** ******* ********** ****** ** ********* via ********* **** *** ******'*."
  • "********* *** * *** **********, ***** *** *****"
  • "********* *** *** ***** *************. **** ****** ***'* **** ** don't **** *** ********* ** ****** ***** ******* *** ******."
  • "********* - ******** ******** ********** *** ******* ********** *********** **** the *******."
  • "*********. **** ******* ***** ***** ** **** *** ****** *** default ********* *** ********* **** ***** ******* ******** ******** *** I ***** ***'* ******** ***** *** ******** ** *** ********."
  • "**** ****** ** **** **** **** **** **** ** *****, but ***** ** ** *** *** *****. *********, *******/******/*******, *** others **** **** *** ******** ****** ***. ************, ***** ***** allows ***** ****** ***** ******* ***** *** **** ****** ** disabled. ********* *** *** **** ***** *****, **** ** ***** have **** *****. ******* ******* ******* **** ******* **** * bug **** **** ****** **** *** *** ********* ** *** camera, **** ******* ********** ** ************* ******* **** ***** *** be ****** *** **. *** **** ****** ** ***** *** browser **** ** ***** ** *** ***."
  • "*********, ** ***** **** **** *** ****** ** ***** ********* up. * ** ****** ***** ****. **** ***** ******* *** don't ***** ****. **'** ******* *** * *** ********* ********."
  • "*********. ****** **** **** **** ************ ***** ***** ********** *****, they **** *** ** ** ******** ** ******* ********. ***** needs ** ** * ******* ** ******** ** * ******* concern--not ** ************."
  • "********* *** * ******** ** *** ********* ***** ****** ***** offices."
  • "*****. **** **** ***** **** **** ********* **** *** **** to **** ** *** ******** ** ** ****** *** **** you ******* *** ****** **** * **** ******** ** *****, anyone **** *** ** ****** ** *** ****** *** *** in."
  • "*** ***** ******* ******* *** *** *****... *'** ******* **** that **** *** **** ***** ***** **** *** **** ****** as * ******* ** *** ********."

********* **** **** ********* ****** **** ** ***** *******, **** * **** ** ****** ****** and***** ******** **** ********* *****.

Comments (3)

******* * ****** ***.. *** ****** *** *******, ***** ** your ** ******, ****** **** ***** ** * *** *******. Which ** **** ******* *** ****.

*** ***** *** *** ********* *******! ( ***'* ** ****** it's *** **** ****! )

*** ****** *** ****** ** *** ****** ****** *******!! ***** refresh *** *** ****. ****'* *** ****** ****** ****** **** arrow ** ** ** *** *** **** **** ** ****-***** browser ********** *****.

*** ** **** *** **** ******** * *** ** ****** what ** ***** **. *** ****** ** **** *** ** weak ** ******** **** ******** ** ******** ** ******** / passwords ** ***** **** ** **** ****. *** *********** ****** is *** ********* ***, **** **** *** *** **** ** passed ** *** ******* ** **** ******* ********!

*** ** *** ******** **** ******* **** *** **** ***** and **** *****, **** *********, *** ******* ******* ******* *** find *** *** ********* **** ***** **** ***.

*** *** ***** **** ** ****** ** ****** *** ****** item **************

**** **** **** *** **** *** ****** ** ******* ** the *******. ***** **** *** ****** ****** **** *********, *** such.

*** *** **** ****, *** ***** **** **** **** ** firmware ****** *********, ** **** **** ** ***** **** **** dangerous ********, ** **** ** ******* ********, *********, *** ***** telnet *** **** ****** **** ** ** ** **** ***** text ********.

*** ** *** ******** ** **** * **** ** *** more ******* ****** ***** ** ***** **.

** *** **** ******* ** ******, ** **** ** **** basic ***** ** *** **** **** ****** ** ******** *******. Just ***'* ****** **** *** *** **** ******* *********, ** least *** ***.

** ******** ** *** *******, * ***** *** *** ******* Unified ****** ********, *** ** *** ******* ** *** *******, has ************ ** *********. *** *** ** ******* ************.

* **** ** * ***** ******* ** * ****** ****** using ********* *******. *'* ******* **** ** ********* ** **** some "*********" **** ** ***** **** ******** ***** *** ******** issues **** ********* *** *** **** *******. *'** **** *** results ** ** ***** ** ********.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Camera Multi-Streaming Usage on Nov 22, 2017
IP cameras typically support multiple streams, allowing a single camera to transmit multiple streams at different resolutions, frame rates and even...
Law Breaking Longse Enters USA on Nov 22, 2017
Longse has established itself as world class, at least in spamming the industry, ripping off Milestone and Video Insight as well as Hikvision. But...
CBR vs VBR vs MBR - Surveillance Streaming on Nov 21, 2017
How you stream video has a major impact on quality and bandwidth. And it is not simply CODEC choice (e.g., H.264 vs H.265). Regardless of the...
Panasonic Unified Surveillance Strategy Analyzed on Nov 17, 2017
Panasonic is now a "Unified Surveillance" offering, as their ASIS 2017 booth proclaimed: Looking to make a comeback in the security industry,...
PoE UPS Tested (Energy Reconnect) on Nov 15, 2017
In security, backup power is important, but most often requires UPS systems or extra cabling to devices for low voltage power. Now, some have...
Axis Commits To Long-Term Firmware Support on Nov 15, 2017
With the rise of cyber security awareness, and a general increase in hardware reliability, "software warranties" may prove more valuable than...
Hikvision NVR 4.0 Improvements Tested on Nov 14, 2017
Hikvision has released firmware version 4.0 for select NVRs, touting two years of research and development, and claiming "the new generation GUI...
Mobile Credentials (BLE / NFC / Apps) Guide on Nov 14, 2017
One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards. In this guide,...
Hikvision 4K IR PTZ Tested (DS-2DF8836IV-AELW) on Nov 10, 2017
The IR PTZ trend continues, now with 4K resolution, with Hikvision releasing its DS-2DF8836IVAEL-W camera, a 4K 1/1.9" PTZ model specifying 200m IR...
Milestone XProtect Essential+ Free VMS Tested on Nov 09, 2017
Milestone continues to expand its aggressive free and low-cost offerings, with this year, Milestone releasing XProtect Essential+, part of their...

Most Recent Industry Reports

Camera Multi-Streaming Usage on Nov 22, 2017
IP cameras typically support multiple streams, allowing a single camera to transmit multiple streams at different resolutions, frame rates and even...
Law Breaking Longse Enters USA on Nov 22, 2017
Longse has established itself as world class, at least in spamming the industry, ripping off Milestone and Video Insight as well as Hikvision. But...
Amazon Key In-Home Package Delivery Examined on Nov 21, 2017
Interesting idea or invitation for criminals to rob you? Amazon's recent announcement of Key, a service that will help manage visitors, welcoming...
Top Maglock Provider Warns Against Using Maglocks on Nov 21, 2017
Do not buy my company's product. It sounds strange indeed, but a senior Allegion consultant stated that maglocks should not be used in common...
CBR vs VBR vs MBR - Surveillance Streaming on Nov 21, 2017
How you stream video has a major impact on quality and bandwidth. And it is not simply CODEC choice (e.g., H.264 vs H.265). Regardless of the...
Hikvision Chinese Government Owner CETHIK Exposed on Nov 20, 2017
Hikvision deceives about its Chinese government ownership. Contrary to their claims about 'independence' and simply having 'shareholders' that are...
Dahua Hard-Coded Credentials Vulnerability on Nov 20, 2017
A newly discovered Dahua backdoor is described by the researcher discovering it as: not the result of an accidental logic error or poor...
Panasonic Unified Surveillance Strategy Analyzed on Nov 17, 2017
Panasonic is now a "Unified Surveillance" offering, as their ASIS 2017 booth proclaimed: Looking to make a comeback in the security industry,...
Amazon Cloud Cam Is Poor (Tested) on Nov 17, 2017
Retail behemoth Amazon has entered the surveillance market with the Amazon Cloud Cam, the eyes of its just-announced Amazon Key delivery...
Nest Secure Alarm System Tested on Nov 16, 2017
Google's expansion continues, this time into home security with their Nest subsidiary's move into alarm systems. They paid more than a...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact