Cyber Security For Video Surveillance Study

Author: Brian Karas, Published on Apr 27, 2016

This study provides the foundations for video surveillance professionals to understand the importance of cybersecurity, what is being done to enhance cybersecurity and what providers are viewed as the best and worst at cybersecurity.

100 integrators answered the following 5 open-ended questions on cyber security:

  • How important is cyber security in your customers' decision making process?
  • What type of customers are most concerned about cyber security? Why?
  • What steps do you take to ensure cyber security for your customers video surveillance systems?
  • Which security manufacturers do you feel are strongest in terms of cyber security? What do they do that makes you feel this way?
  • Which security manufacturers do you feel are weakest in terms of cyber security? What do they do that makes you feel this way?

They provided detailed color commentary on each point, so you can understand their mindset and approach.

Summary

The key trends revealed in the study:

  • Overall, cyber security is not very important for customer's decision making process.
  • The 4 segments showing highest cybersecurity concern were government, banking, education and healthcare
  • Steps taken to secure systems were generally basic. While various techniques were mentioned, changing default password was the most common.
  • Western video surveillance manufacturers were viewed as the strongest in cyber security.
  • Chinese, and specifically Hikvision, was selected as the weakest in cyber security.

Full details, integrator explanations and our analysis is shared inside.

**** ***** ******** *** *********** *** ***** ************ ************* ** understand *** ********** ** *************, **** ** ***** **** ** enhance ************* *** **** ********* *** ****** ** *** **** and ***** ** *************.

*** *********** ******** *** ********* * ****-***** ********* ** ***** security:

  • *** ********* ** ***** ******** ** **** *********' ******** ****** process?
  • **** **** ** ********* *** **** ********* ***** ***** ********? Why?
  • **** ***** ** *** **** ** ****** ***** ******** *** your ********* ***** ************ *******?
  • ***** ******** ************* ** *** **** *** ********* ** ***** of ***** ********? **** ** **** ** **** ***** *** feel **** ***?
  • ***** ******** ************* ** *** **** *** ******* ** ***** of ***** ********? **** ** **** ** **** ***** *** feel **** ***?

**** ******** ******** ***** ********** ** **** *****, ** *** can ********** ***** ******* *** ********.

*******

*** *** ****** ******** ** *** *****:

  • *******, ***** ******** ** *** **** ********* *** ********'* ******** making *******.
  • *** * ******** ******* ******* ************* ******* **** **********, *******, ********* *** **********
  • ***** ***** ** ****** ******* **** ********* *****. ***** ******* techniques **** *********, ******** ******* ******** *** *** **** ******.
  • ******* ***** ************ ************* **** ****** ** *** ********* ** cyber ********.
  • *******, *** ************ *********, *** ******** ** *** ******* ** cyber ********.

**** *******, ********** ************ *** *** ******** ** ****** ******.

[***************]

Low **********

**** ********* **** ***** ******** ** *** ********** ** ***** decision ****** *******.  ****** **** ** *** ********* ********* ****:

******** ************ *** ***** ***** ** *** ****** *** *** ********:

  • "** ** *** ********* ** ***"
  • "** ********* ****** ******* * ******* **** ************* ** ***** decision ****** *******."
  • "*** *** ******* **** ***'* **** *** *****"
  • "* ******** ** *** ********* **** ** **** ********** **** don't ****** **** ***** ***** ******** ******* ** *** ************ systems."
  • "******** *** ********** ******** ** *** *****, *** **** **** are *** *** ******* ** **** ****** **** **** **** the **** ***** *** ******* **** **** **** **** ****** to ***."

******* *********** ********* **** ******** *** ** **** ********* **** aware ** ***** ******** *****:

  • "** **** *** ** **** ******* ******* ***** **** ***, but ** *** *** **** ** **** * **** *** why ** ** *******."
  • "*** **** **** *** ******** ***** **** **** **** ****** be."
  • "** ** ***** ********** ***** ******* ** ***** *********."
  • "*'* *** ****** ***********. *** **** **** **** ******** * threat ** **** * ***** *** ***************."
  • "** **** ****, **** ****** ** *** **** *** ******* still, *** ** *** ********** ******** ** ** ** ***** attention."

**********, *******, *********, ********** - **** ***** ******** *****

***** ********* *** ***** **** ********** ************ **** **** ****** ** have ****** ******** ****** ***** ********.

  • "******** *** *** ** ***** **** *********. ** ********* **** remote ****** ** *** ********* ** ****** *** ********* ******. Some ****** ** ** *** ***** ********* *** ***** ******."
  • "****** *********, ********* ** ************* ******* *** **** **** *********"
  • "******* *** **** **** ********, ******* **** *** ******** *********** & ******* **** ********* ****** ********* ** **** ******* **** be ******** **** ** ************ ****."
  • "*** *** *********, **** **** *** ***** *** **** **** at ** *** ** **** *********."

*****, ********** ********, ******* *** ********** ************* ******** **** ** IT ********** **** ** *********** *** ******* ********. ***** ************* have **** ********* ** ****, ** ******** *********. 

  • "********* *** ** ********* ** **** *** *** ***** **** often"
  • "****** ** ***** ********** *** ** ****** ********** ** ** site ** ********** ***** **** ** ************* ** *** *********** to **** ******** *****."
  • "********** - **** ****** *** ** ******** ********"
  • "*******, ******* **** **** ******* ********"
  • "********* ******, *** *****, **********. **** *** ******* ***** ******* taking **** ***** ******* *** ****** ** **** ***** *** video ************ ******, ** ***** *** ***** ************ ****** ** a ******** ** ***** *******."
  • "********** *** ***** *** **** ********* ***** **** **** ******** data ** **** *** ******** ******** ******* *** **** ******* were *********."
  • "*********, *******, *********. **** **** **** ******** *** *** ******* FBI ********* ***"
  • "*** **** ** *** ****** **** ** *********, ** *** concern ** ******* *** ******** ** *** *** ********** ******. It ** ****** ** ***** *****. **** ** *** ************* clients *** **** ** *********, *** **** **** ********* ***** to **** **** **."

**** *** *********, ******* ********* ** *** **** ***** ******** ** a ******* ************* *** *** ****** ************* **.  ******* ************* are **** ****** ** ** ****** *******, *** * **** breach ** **** ****** ** ****** ******** ****.  

Methods *** ******** ********* ****

******** ******* ********* *** *** **** ****** **** ***** ** enhance ***** ********.

***** **% ** ********* ********* **** **** **** ** ******* ********.

********* ** ********** ******** **** ********** ******:

  • "********** ****** / ****** ******** ** ** *** ******** (********* ** physically)"
  • "******** ******* ********"
  • "** ***** * ******** ******** ******* *** *** ***** ****** or *** *****."
  • "** ********** ******** *** ***** ************ ******* **** ***** ******** (internet, ********* *** ***.)"
  • "******* *** ***** ****** ** * ******** ******* ** ****** VLAN ** ********"

********** ** ******* ***** ** **** ****, ****** *** ** consistently ** ***** ** ********:

  • "*** ** ********** (*** ****** ***********, *** ******** ************."
  • "** **** *** *******, ** *** *** *** *** ********** between ******'* *** ******."
  • "********* ******* * ***. ***** ******** *** *********** ********* *** also **** * *** ***** ****** *** *** ******* ****** app **** ***; ** **** * ******* *********** *** ****** encryption *** *** ***, **** **, ** ** *******, *** most ****** ******** ** *****."
  • "****** ********** *** ********* ** *****."
  • "****** **********(*****, ***) ** *********** **** *******, ********** ** ***** on **** ******, ***** ************ ** ******* ************ ** *******, etc."
  • "*** ********* ********* ********** **** ***** ******** ****."

******* ******** *** ******** *******, *** ********* ****-***** ******** **** listed, *** *** ** ********** ** *** ***** *****.

*********** *****, ** ******* ******* *******/************ *** *** ******** *********.

******* ** *** ********* ** ********** ** **** ************** *** cyber ******** *** **** **********:

  • "** ******* ********* ****** ***** ******** *********. ** **** ***** like ** *** *** ***** ********** ** ** ** ** them."
  • "*** ****** ********* *** **** **-***** ** ********* ** ******** third ***** ** ********* *** ** ****** ****** **********."
  • "** **** **** ******* **** ***** ** *********** ** ******* to ***** ***** *** **************."
  • "***** ** ***** ** *******"
  • "** ***** ** ** ** ******'* ** *********** *** *** internal *******"
  • "** ********* *** ****** *** ****** *** *********** ******** ******** on *** ****** *******."
  • "**** ****** ** *** - **'* ** ********'* ********* ******** and ** ********** **************"

**** ******** ***** *** **** *** * ***** ******** *** has ** ** **********, *** ** *** **** ** ****** organizations ** *** ** **** ** ***** *** ******** ** decide *** ***** ******** ******** ******* *** ***** ** ** remotely ********, *******, ** ********* ** ***** ********.

Manufacturers ****** ** **** ******

****** ************* ******** * *** **** ***** **** *** ********* in ***** ** ********* ********.

**** *** ** *** *** **** *****, **** ****** *** third ** *********:

  • "****. **** ***** *** ******* ** ********* ***.** *** *** up ***** ******* *** ****** ************* ***** *** **** ******* cybersecurity ****** ** **** ** ***** *********** *** ********* ******."
  • "****, **** *** * **** ******* ******** ********."
  • "**** **************. ****'** *** **** ************ ** **** ** *** actually ***** ***** *************"
  • "**** *** ***** *** ***** ** ***** ******** *** **** specific *********** **** ** ********* ** ****."
  • "**** *** *** * ***** ******** ***** *** ***** **** dedicated *********. ***** ***** ********* ***** ** ****** *****, ****** if ***'** *** *******, **** *** ***** ** ***********"
  • "*** ****** *************, **** ****, ***** *** *********** ** ********* any ******* ****** ***** ********, **** ** *** ***. ***** manufacturers, ***'* ***** ** ** ****** ***** ******* ***** *** related *********."
  • "**** **** ** ** * ****** ** ********."
  • "**** ***** ** **** ** **** ***'* **** ******* ********* on ***** ********, ****** *** *** *** **** ************."

**** **** *** * ********* ***** **** ******** *************** *** ********* ******** *** **** ********.

* *** *********** ********* ***** ****, **** *** ****** *** **** of ****** ***** ***** **** ** **** ******* *** ******* commenting:

"**** - ******* ** ***** ******* **** .*** ******** *** software (**** ***** ******* ******), ******** ** **** *** ******* (VMD3, ***), ******** ** ******* **** *** ******* ************* ** cameras (******** ***** *******, ***) *** ***% *******-**** *** (*** that ** ***** *** ***** ***). ****, **** ***** ***** passwords *** ***** ***** ***** ******* ******** **** ********* ******** guesses."

********:

  • "********'* *****-** **** ******** ******, ****** ****** ******** *******, *** easily-visible ****** ** *********/*********** ******* ***** **** **** **** ** my **** ** ****."
  • "******** **** *** ******** ******** ***** ** **************, ******** ********** (******* cameras & ***, ******* ******* & *******)"
  • "******** - **** ** **** ** **** ***** *******, *** their *** ******* **** ** **** * ****** ********** ******* their ********."

 *****:

  • "***** - ********** ******** *** ***** ********* ********"
  • "***** *******, ******** ************ *** ********* ********."
  • "***** ** ***** ***'* ** *** ***** ** ******* **** the ****** ** * *** ***** *** ****'* **** ** the *** *** ***** ******** ****** *** ********** **** ****** takes ** ** *** **** ***** ** ***** ** **** cyber ******** ** *** ****."

***** **** *** * **** ******** *****.

*******:

  • "** *** ***** ******* *** ***** ******, **** **** ******** security ********, ****** **********, *** *******. ******** ******* **** ******* Enterprise ******* ********* *** ********** ********* *** **** ****** ************ regarding ** ********."
  • "******* ** ****** ***** ******* ** ********* ********** *** ** easily ********** ** ******* ******."
  • "******* - **** *** **** ** ** ** ******* *******"

******* ***** * ********* ***** ********* ** ***** ******* ******

*********:

  • "********* ** ****** **** - **** **** **** *********** ******** to ****** ******* ***."
  • "********* - **** **** ** **** ******* ******* *** **** to ***** ** *** ****** ****** ********. ******** - **** do **** ** **** ***** *******, *** ***** *** ******* seem ** **** * ****** ********** ******* ***** ********."
  • "*********, ****, ***** - **** *** **** **** * **** hard **** ** ***** *** ********** *** ********, ***************, ******* ***** papers on **** ********* *** *** ***** ******** ******* ******."

China / ********* ** ***** ******

*** *** ***** ****** ********, ********* *** *** ************* ********* brand, ***** **** ** **********, *** ******* ****** ********* "******* cameras" ** ******** *******.

  • "********* - **** ******* ** **** *** **** ********."
  • "*********, ** ***** **** ******** ******** ****** *** ************** ** their ***. **** ** ** ******."
  • "*********, * ***** ****** ***** ******* ********** ****** ** ********* via ********* **** *** ******'*."
  • "********* *** * *** **********, ***** *** *****"
  • "********* *** *** ***** *************. **** ****** ***'* **** ** don't **** *** ********* ** ****** ***** ******* *** ******."
  • "********* - ******** ******** ********** *** ******* ********** *********** **** the *******."
  • "*********. **** ******* ***** ***** ** **** *** ****** *** default ********* *** ********* **** ***** ******* ******** ******** *** I ***** ***'* ******** ***** *** ******** ** *** ********."
  • "**** ****** ** **** **** **** **** **** ** *****, but ***** ** ** *** *** *****. *********, *******/******/*******, *** others **** **** *** ******** ****** ***. ************, ***** ***** allows ***** ****** ***** ******* ***** *** **** ****** ** disabled. ********* *** *** **** ***** *****, **** ** ***** have **** *****. ******* ******* ******* **** ******* **** * bug **** **** ****** **** *** *** ********* ** *** camera, **** ******* ********** ** ************* ******* **** ***** *** be ****** *** **. *** **** ****** ** ***** *** browser **** ** ***** ** *** ***."
  • "*********, ** ***** **** **** *** ****** ** ***** ********* up. * ** ****** ***** ****. **** ***** ******* *** don't ***** ****. **'** ******* *** * *** ********* ********."
  • "*********. ****** **** **** **** ************ ***** ***** ********** *****, they **** *** ** ** ******** ** ******* ********. ***** needs ** ** * ******* ** ******** ** * ******* concern--not ** ************."
  • "********* *** * ******** ** *** ********* ***** ****** ***** offices."
  • "*****. **** **** ***** **** **** ********* **** *** **** to **** ** *** ******** ** ** ****** *** **** you ******* *** ****** **** * **** ******** ** *****, anyone **** *** ** ****** ** *** ****** *** *** in."
  • "*** ***** ******* ******* *** *** *****... *'** ******* **** that **** *** **** ***** ***** **** *** **** ****** as * ******* ** *** ********."

********* **** **** ********* ****** **** ** ***** *******, **** * **** ** ****** ****** and***** ******** **** ********* *****.

Comments (3)

******* * ****** ***.. *** ****** *** *******, ***** ** your ** ******, ****** **** ***** ** * *** *******. Which ** **** ******* *** ****.

*** ***** *** *** ********* *******! ( ***'* ** ****** it's *** **** ****! )

*** ****** *** ****** ** *** ****** ****** *******!! ***** refresh *** *** ****. ****'* *** ****** ****** ****** **** arrow ** ** ** *** *** **** **** ** ****-***** browser ********** *****.

*** ** **** *** **** ******** * *** ** ****** what ** ***** **. *** ****** ** **** *** ** weak ** ******** **** ******** ** ******** ** ******** / passwords ** ***** **** ** **** ****. *** *********** ****** is *** ********* ***, **** **** *** *** **** ** passed ** *** ******* ** **** ******* ********!

*** ** *** ******** **** ******* **** *** **** ***** and **** *****, **** *********, *** ******* ******* ******* *** find *** *** ********* **** ***** **** ***.

*** *** ***** **** ** ****** ** ****** *** ****** item **************

**** **** **** *** **** *** ****** ** ******* ** the *******. ***** **** *** ****** ****** **** *********, *** such.

*** *** **** ****, *** ***** **** **** **** ** firmware ****** *********, ** **** **** ** ***** **** **** dangerous ********, ** **** ** ******* ********, *********, *** ***** telnet *** **** ****** **** ** ** ** **** ***** text ********.

*** ** *** ******** ** **** * **** ** *** more ******* ****** ***** ** ***** **.

** *** **** ******* ** ******, ** **** ** **** basic ***** ** *** **** **** ****** ** ******** *******. Just ***'* ****** **** *** *** **** ******* *********, ** least *** ***.

** ******** ** *** *******, * ***** *** *** ******* Unified ****** ********, *** ** *** ******* ** *** *******, has ************ ** *********. *** *** ** ******* ************.

* **** ** * ***** ******* ** * ****** ****** using ********* *******. *'* ******* **** ** ********* ** **** some "*********" **** ** ***** **** ******** ***** *** ******** issues **** ********* *** *** **** *******. *'** **** *** results ** ** ***** ** ********.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

IP Camera Cabling Testing Statistics on Aug 22, 2017
Test and certify, or crimp and pray? Some integrators certify every cable they run, while others only inspect cables that have video issues. 130...
Dahua 4K IR PTZ Tested on Aug 21, 2017
4K has made its way to IR PTZs. In this report, we examine the Dahua 6AE830VNI, a 4K PTZ with 30x optical zoom, 200m (~650') integrated IR, and...
Top Used License Plate Capture Cameras on Aug 21, 2017
Capturing license plates is a common video surveillance application. But what cameras do integrators mostly commonly used? Special purpose LPC...
VLAN For Video Surveillance Usage Statistics on Aug 21, 2017
VLANs (see our tutorial) are an option for networks using video surveillance, but how often are they actually used? 125+ integrators told us how...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Cat 5e vs Cat 6 vs Cat 6a Network Cable Usage Statistics on Aug 16, 2017
Cat 5e? Cat 6? Cat 6a? What do integrators use in practice, today? 140+ integrators told IPVM. Here are the results: For those who want to...
Stolen Video NVR / DVR Statistics on Aug 15, 2017
"But what happens if someone steals my recorder?" Anyone who has done more than a handful of jobs has probably heard this question several times....
Hikvision Europe Cutting Out Unauthorized End User Sales on Aug 15, 2017
The days of anyone buying Hikvision from anywhere off the Internet are numbered, at least in Europe, if Hikvision's plan comes to fruition. In...
Vulnerability Directory For Access Control Cards on Aug 14, 2017
Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types...
IP Camera Specification / RFP Guide 2017 on Aug 14, 2017
RFPs are hard. Do them 'right' and it takes a lot of knowledge and time. Do them 'wrong' and you can be (a) unwittingly locked into a specific...

Most Recent Industry Reports

Dahua 4K IR PTZ Tested on Aug 21, 2017
4K has made its way to IR PTZs. In this report, we examine the Dahua 6AE830VNI, a 4K PTZ with 30x optical zoom, 200m (~650') integrated IR, and...
Top Used License Plate Capture Cameras on Aug 21, 2017
Capturing license plates is a common video surveillance application. But what cameras do integrators mostly commonly used? Special purpose LPC...
VLAN For Video Surveillance Usage Statistics on Aug 21, 2017
VLANs (see our tutorial) are an option for networks using video surveillance, but how often are they actually used? 125+ integrators told us how...
Avigilon CEO Attacks Asian Companies Cyber Insecurity on Aug 18, 2017
Avigilon CEO is taking aim at their Asian competitors. And he is going directly after these company's cyber security issues. In this note, we...
Sony Next Gen HD Dome Camera Tested (SNC-EM642R) on Aug 18, 2017
Sony has released their latest generation, claiming improved WDR and low light, increased IR range, and more. We tested the SNC-EM642R outdoor IR...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Knightscope Raises $10 Million With $3,320 Average Per Investor on Aug 17, 2017
Congrats to Knightscope. And condolences to their legion of little investors. Knightscope has disclosed they have raised $10+ million from their...
Axis and Arecont Legal Conflict Over Multi-Imager Cameras on Aug 17, 2017
Arecont threatened Axis. Axis has responded by moving to invalidate an Arecont patent. It is an important contest. Multi-imagers are Arecont's...
Directory Of Consumer Security Cameras on Aug 16, 2017
The consumer camera segment continues to grow, with new startups and models from existing players released seemingly every month. In this report we...
Cat 5e vs Cat 6 vs Cat 6a Network Cable Usage Statistics on Aug 16, 2017
Cat 5e? Cat 6? Cat 6a? What do integrators use in practice, today? 140+ integrators told IPVM. Here are the results: For those who want to...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact