Cyber Security For Video Surveillance Study

Author: Brian Karas, Published on Apr 27, 2016

This study provides the foundations for video surveillance professionals to understand the importance of cybersecurity, what is being done to enhance cybersecurity and what providers are viewed as the best and worst at cybersecurity.

100 integrators answered the following 5 open-ended questions on cyber security:

  • How important is cyber security in your customers' decision making process?
  • What type of customers are most concerned about cyber security? Why?
  • What steps do you take to ensure cyber security for your customers video surveillance systems?
  • Which security manufacturers do you feel are strongest in terms of cyber security? What do they do that makes you feel this way?
  • Which security manufacturers do you feel are weakest in terms of cyber security? What do they do that makes you feel this way?

They provided detailed color commentary on each point, so you can understand their mindset and approach.

Summary

The key trends revealed in the study:

  • Overall, cyber security is not very important for customer's decision making process.
  • The 4 segments showing highest cybersecurity concern were government, banking, education and healthcare
  • Steps taken to secure systems were generally basic. While various techniques were mentioned, changing default password was the most common.
  • Western video surveillance manufacturers were viewed as the strongest in cyber security.
  • Chinese, and specifically Hikvision, was selected as the weakest in cyber security.

Full details, integrator explanations and our analysis is shared inside.

**** ***** ******** *** *********** *** ***** ************ ************* ** understand *** ********** ** *************, **** ** ***** **** ** enhance ************* *** **** ********* *** ****** ** *** **** and ***** ** *************.

*** *********** ******** *** ********* * ****-***** ********* ** ***** security:

  • *** ********* ** ***** ******** ** **** *********' ******** ****** process?
  • **** **** ** ********* *** **** ********* ***** ***** ********? Why?
  • **** ***** ** *** **** ** ****** ***** ******** *** your ********* ***** ************ *******?
  • ***** ******** ************* ** *** **** *** ********* ** ***** of ***** ********? **** ** **** ** **** ***** *** feel **** ***?
  • ***** ******** ************* ** *** **** *** ******* ** ***** of ***** ********? **** ** **** ** **** ***** *** feel **** ***?

**** ******** ******** ***** ********** ** **** *****, ** *** can ********** ***** ******* *** ********.

*******

*** *** ****** ******** ** *** *****:

  • *******, ***** ******** ** *** **** ********* *** ********'* ******** making *******.
  • *** * ******** ******* ******* ************* ******* **** **********, *******, ********* *** **********
  • ***** ***** ** ****** ******* **** ********* *****. ***** ******* techniques **** *********, ******** ******* ******** *** *** **** ******.
  • ******* ***** ************ ************* **** ****** ** *** ********* ** cyber ********.
  • *******, *** ************ *********, *** ******** ** *** ******* ** cyber ********.

**** *******, ********** ************ *** *** ******** ** ****** ******.

[***************]

Low **********

**** ********* **** ***** ******** ** *** ********** ** ***** decision ****** *******.  ****** **** ** *** ********* ********* ****:

******** ************ *** ***** ***** ** *** ****** *** *** ********:

  • "** ** *** ********* ** ***"
  • "** ********* ****** ******* * ******* **** ************* ** ***** decision ****** *******."
  • "*** *** ******* **** ***'* **** *** *****"
  • "* ******** ** *** ********* **** ** **** ********** **** don't ****** **** ***** ***** ******** ******* ** *** ************ systems."
  • "******** *** ********** ******** ** *** *****, *** **** **** are *** *** ******* ** **** ****** **** **** **** the **** ***** *** ******* **** **** **** **** ****** to ***."

******* *********** ********* **** ******** *** ** **** ********* **** aware ** ***** ******** *****:

  • "** **** *** ** **** ******* ******* ***** **** ***, but ** *** *** **** ** **** * **** *** why ** ** *******."
  • "*** **** **** *** ******** ***** **** **** **** ****** be."
  • "** ** ***** ********** ***** ******* ** ***** *********."
  • "*'* *** ****** ***********. *** **** **** **** ******** * threat ** **** * ***** *** ***************."
  • "** **** ****, **** ****** ** *** **** *** ******* still, *** ** *** ********** ******** ** ** ** ***** attention."

**********, *******, *********, ********** - **** ***** ******** *****

***** ********* *** ***** **** ********** ************ **** **** ****** ** have ****** ******** ****** ***** ********.

  • "******** *** *** ** ***** **** *********. ** ********* **** remote ****** ** *** ********* ** ****** *** ********* ******. Some ****** ** ** *** ***** ********* *** ***** ******."
  • "****** *********, ********* ** ************* ******* *** **** **** *********"
  • "******* *** **** **** ********, ******* **** *** ******** *********** & ******* **** ********* ****** ********* ** **** ******* **** be ******** **** ** ************ ****."
  • "*** *** *********, **** **** *** ***** *** **** **** at ** *** ** **** *********."

*****, ********** ********, ******* *** ********** ************* ******** **** ** IT ********** **** ** *********** *** ******* ********. ***** ************* have **** ********* ** ****, ** ******** *********. 

  • "********* *** ** ********* ** **** *** *** ***** **** often"
  • "****** ** ***** ********** *** ** ****** ********** ** ** site ** ********** ***** **** ** ************* ** *** *********** to **** ******** *****."
  • "********** - **** ****** *** ** ******** ********"
  • "*******, ******* **** **** ******* ********"
  • "********* ******, *** *****, **********. **** *** ******* ***** ******* taking **** ***** ******* *** ****** ** **** ***** *** video ************ ******, ** ***** *** ***** ************ ****** ** a ******** ** ***** *******."
  • "********** *** ***** *** **** ********* ***** **** **** ******** data ** **** *** ******** ******** ******* *** **** ******* were *********."
  • "*********, *******, *********. **** **** **** ******** *** *** ******* FBI ********* ***"
  • "*** **** ** *** ****** **** ** *********, ** *** concern ** ******* *** ******** ** *** *** ********** ******. It ** ****** ** ***** *****. **** ** *** ************* clients *** **** ** *********, *** **** **** ********* ***** to **** **** **."

**** *** *********, ******* ********* ** *** **** ***** ******** ** a ******* ************* *** *** ****** ************* **.  ******* ************* are **** ****** ** ** ****** *******, *** * **** breach ** **** ****** ** ****** ******** ****.  

Methods *** ******** ********* ****

******** ******* ********* *** *** **** ****** **** ***** ** enhance ***** ********.

***** **% ** ********* ********* **** **** **** ** ******* ********.

********* ** ********** ******** **** ********** ******:

  • "********** ****** / ****** ******** ** ** *** ******** (********* ** physically)"
  • "******** ******* ********"
  • "** ***** * ******** ******** ******* *** *** ***** ****** or *** *****."
  • "** ********** ******** *** ***** ************ ******* **** ***** ******** (internet, ********* *** ***.)"
  • "******* *** ***** ****** ** * ******** ******* ** ****** VLAN ** ********"

********** ** ******* ***** ** **** ****, ****** *** ** consistently ** ***** ** ********:

  • "*** ** ********** (*** ****** ***********, *** ******** ************."
  • "** **** *** *******, ** *** *** *** *** ********** between ******'* *** ******."
  • "********* ******* * ***. ***** ******** *** *********** ********* *** also **** * *** ***** ****** *** *** ******* ****** app **** ***; ** **** * ******* *********** *** ****** encryption *** *** ***, **** **, ** ** *******, *** most ****** ******** ** *****."
  • "****** ********** *** ********* ** *****."
  • "****** **********(*****, ***) ** *********** **** *******, ********** ** ***** on **** ******, ***** ************ ** ******* ************ ** *******, etc."
  • "*** ********* ********* ********** **** ***** ******** ****."

******* ******** *** ******** *******, *** ********* ****-***** ******** **** listed, *** *** ** ********** ** *** ***** *****.

*********** *****, ** ******* ******* *******/************ *** *** ******** *********.

******* ** *** ********* ** ********** ** **** ************** *** cyber ******** *** **** **********:

  • "** ******* ********* ****** ***** ******** *********. ** **** ***** like ** *** *** ***** ********** ** ** ** ** them."
  • "*** ****** ********* *** **** **-***** ** ********* ** ******** third ***** ** ********* *** ** ****** ****** **********."
  • "** **** **** ******* **** ***** ** *********** ** ******* to ***** ***** *** **************."
  • "***** ** ***** ** *******"
  • "** ***** ** ** ** ******'* ** *********** *** *** internal *******"
  • "** ********* *** ****** *** ****** *** *********** ******** ******** on *** ****** *******."
  • "**** ****** ** *** - **'* ** ********'* ********* ******** and ** ********** **************"

**** ******** ***** *** **** *** * ***** ******** *** has ** ** **********, *** ** *** **** ** ****** organizations ** *** ** **** ** ***** *** ******** ** decide *** ***** ******** ******** ******* *** ***** ** ** remotely ********, *******, ** ********* ** ***** ********.

Manufacturers ****** ** **** ******

****** ************* ******** * *** **** ***** **** *** ********* in ***** ** ********* ********.

**** *** ** *** *** **** *****, **** ****** *** third ** *********:

  • "****. **** ***** *** ******* ** ********* ***.** *** *** up ***** ******* *** ****** ************* ***** *** **** ******* cybersecurity ****** ** **** ** ***** *********** *** ********* ******."
  • "****, **** *** * **** ******* ******** ********."
  • "**** **************. ****'** *** **** ************ ** **** ** *** actually ***** ***** *************"
  • "**** *** ***** *** ***** ** ***** ******** *** **** specific *********** **** ** ********* ** ****."
  • "**** *** *** * ***** ******** ***** *** ***** **** dedicated *********. ***** ***** ********* ***** ** ****** *****, ****** if ***'** *** *******, **** *** ***** ** ***********"
  • "*** ****** *************, **** ****, ***** *** *********** ** ********* any ******* ****** ***** ********, **** ** *** ***. ***** manufacturers, ***'* ***** ** ** ****** ***** ******* ***** *** related *********."
  • "**** **** ** ** * ****** ** ********."
  • "**** ***** ** **** ** **** ***'* **** ******* ********* on ***** ********, ****** *** *** *** **** ************."

**** **** *** * ********* ***** **** ******** *************** *** ********* ******** *** **** ********.

* *** *********** ********* ***** ****, **** *** ****** *** **** of ****** ***** ***** **** ** **** ******* *** ******* commenting:

"**** - ******* ** ***** ******* **** .*** ******** *** software (**** ***** ******* ******), ******** ** **** *** ******* (VMD3, ***), ******** ** ******* **** *** ******* ************* ** cameras (******** ***** *******, ***) *** ***% *******-**** *** (*** that ** ***** *** ***** ***). ****, **** ***** ***** passwords *** ***** ***** ***** ******* ******** **** ********* ******** guesses."

********:

  • "********'* *****-** **** ******** ******, ****** ****** ******** *******, *** easily-visible ****** ** *********/*********** ******* ***** **** **** **** ** my **** ** ****."
  • "******** **** *** ******** ******** ***** ** **************, ******** ********** (******* cameras & ***, ******* ******* & *******)"
  • "******** - **** ** **** ** **** ***** *******, *** their *** ******* **** ** **** * ****** ********** ******* their ********."

 *****:

  • "***** - ********** ******** *** ***** ********* ********"
  • "***** *******, ******** ************ *** ********* ********."
  • "***** ** ***** ***'* ** *** ***** ** ******* **** the ****** ** * *** ***** *** ****'* **** ** the *** *** ***** ******** ****** *** ********** **** ****** takes ** ** *** **** ***** ** ***** ** **** cyber ******** ** *** ****."

***** **** *** * **** ******** *****.

*******:

  • "** *** ***** ******* *** ***** ******, **** **** ******** security ********, ****** **********, *** *******. ******** ******* **** ******* Enterprise ******* ********* *** ********** ********* *** **** ****** ************ regarding ** ********."
  • "******* ** ****** ***** ******* ** ********* ********** *** ** easily ********** ** ******* ******."
  • "******* - **** *** **** ** ** ** ******* *******"

******* ***** * ********* ***** ********* ** ***** ******* ******

*********:

  • "********* ** ****** **** - **** **** **** *********** ******** to ****** ******* ***."
  • "********* - **** **** ** **** ******* ******* *** **** to ***** ** *** ****** ****** ********. ******** - **** do **** ** **** ***** *******, *** ***** *** ******* seem ** **** * ****** ********** ******* ***** ********."
  • "*********, ****, ***** - **** *** **** **** * **** hard **** ** ***** *** ********** *** ********, ***************, ******* ***** papers on **** ********* *** *** ***** ******** ******* ******."

China / ********* ** ***** ******

*** *** ***** ****** ********, ********* *** *** ************* ********* brand, ***** **** ** **********, *** ******* ****** ********* "******* cameras" ** ******** *******.

  • "********* - **** ******* ** **** *** **** ********."
  • "*********, ** ***** **** ******** ******** ****** *** ************** ** their ***. **** ** ** ******."
  • "*********, * ***** ****** ***** ******* ********** ****** ** ********* via ********* **** *** ******'*."
  • "********* *** * *** **********, ***** *** *****"
  • "********* *** *** ***** *************. **** ****** ***'* **** ** don't **** *** ********* ** ****** ***** ******* *** ******."
  • "********* - ******** ******** ********** *** ******* ********** *********** **** the *******."
  • "*********. **** ******* ***** ***** ** **** *** ****** *** default ********* *** ********* **** ***** ******* ******** ******** *** I ***** ***'* ******** ***** *** ******** ** *** ********."
  • "**** ****** ** **** **** **** **** **** ** *****, but ***** ** ** *** *** *****. *********, *******/******/*******, *** others **** **** *** ******** ****** ***. ************, ***** ***** allows ***** ****** ***** ******* ***** *** **** ****** ** disabled. ********* *** *** **** ***** *****, **** ** ***** have **** *****. ******* ******* ******* **** ******* **** * bug **** **** ****** **** *** *** ********* ** *** camera, **** ******* ********** ** ************* ******* **** ***** *** be ****** *** **. *** **** ****** ** ***** *** browser **** ** ***** ** *** ***."
  • "*********, ** ***** **** **** *** ****** ** ***** ********* up. * ** ****** ***** ****. **** ***** ******* *** don't ***** ****. **'** ******* *** * *** ********* ********."
  • "*********. ****** **** **** **** ************ ***** ***** ********** *****, they **** *** ** ** ******** ** ******* ********. ***** needs ** ** * ******* ** ******** ** * ******* concern--not ** ************."
  • "********* *** * ******** ** *** ********* ***** ****** ***** offices."
  • "*****. **** **** ***** **** **** ********* **** *** **** to **** ** *** ******** ** ** ****** *** **** you ******* *** ****** **** * **** ******** ** *****, anyone **** *** ** ****** ** *** ****** *** *** in."
  • "*** ***** ******* ******* *** *** *****... *'** ******* **** that **** *** **** ***** ***** **** *** **** ****** as * ******* ** *** ********."

********* **** **** ********* ****** **** ** ***** *******, **** * **** ** ****** ****** and***** ******** **** ********* *****.

Comments (3)

******* * ****** ***.. *** ****** *** *******, ***** ** your ** ******, ****** **** ***** ** * *** *******. Which ** **** ******* *** ****.

*** ***** *** *** ********* *******! ( ***'* ** ****** it's *** **** ****! )

*** ****** *** ****** ** *** ****** ****** *******!! ***** refresh *** *** ****. ****'* *** ****** ****** ****** **** arrow ** ** ** *** *** **** **** ** ****-***** browser ********** *****.

*** ** **** *** **** ******** * *** ** ****** what ** ***** **. *** ****** ** **** *** ** weak ** ******** **** ******** ** ******** ** ******** / passwords ** ***** **** ** **** ****. *** *********** ****** is *** ********* ***, **** **** *** *** **** ** passed ** *** ******* ** **** ******* ********!

*** ** *** ******** **** ******* **** *** **** ***** and **** *****, **** *********, *** ******* ******* ******* *** find *** *** ********* **** ***** **** ***.

*** *** ***** **** ** ****** ** ****** *** ****** item **************

**** **** **** *** **** *** ****** ** ******* ** the *******. ***** **** *** ****** ****** **** *********, *** such.

*** *** **** ****, *** ***** **** **** **** ** firmware ****** *********, ** **** **** ** ***** **** **** dangerous ********, ** **** ** ******* ********, *********, *** ***** telnet *** **** ****** **** ** ** ** **** ***** text ********.

*** ** *** ******** ** **** * **** ** *** more ******* ****** ***** ** ***** **.

** *** **** ******* ** ******, ** **** ** **** basic ***** ** *** **** **** ****** ** ******** *******. Just ***'* ****** **** *** *** **** ******* *********, ** least *** ***.

** ******** ** *** *******, * ***** *** *** ******* Unified ****** ********, *** ** *** ******* ** *** *******, has ************ ** *********. *** *** ** ******* ************.

* **** ** * ***** ******* ** * ****** ****** using ********* *******. *'* ******* **** ** ********* ** **** some "*********" **** ** ***** **** ******** ***** *** ******** issues **** ********* *** *** **** *******. *'** **** *** results ** ** ***** ** ********.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Directory of VSaaS / Cloud Video Surveillance Providers on Dec 15, 2017
This directory provides a list of VSaaS / cloud video surveillance providers to help you see and research what options are available. 2018 State...
Integrator Managing Projects Statistics on Dec 14, 2017
Who actually manages projects for security integrators? Does the average security integrator have dedicated project managers, or are technicians,...
Access Controller Software Guide on Dec 11, 2017
Properly configuring access controllers software is key to a professional access system. These devices have fundamental settings that must be...
Integrator GPS Vehicle Tracking Statistics and Success Examined on Dec 08, 2017
GPS vehicle tracking is a growing but somewhat controversial topic. On the plus side, tracking may increases productivity by providing greater...
Security Integrator IT Expertise Statistics on Dec 07, 2017
20 years ago, putting physical security systems on IP networks was just emerging. Today, almost every system is networked in some way, IP cameras...
Broken Hikvision App Exposes Hypocrisy on Dec 06, 2017
While Hikvision talks about a commitment to cybersecurity, their broken app and their insecure 'solution' exposes not only their engineering...
Risks Of Managing End User Passwords (Statistics) on Dec 05, 2017
Integrators know admin passwords for nearly all end-user systems, according to IPVM statistics. But how do they manage them? How do they ensure...
D-Link ONVIF Switch Tested on Dec 04, 2017
D-Link's surveillance switches claim to "enhance ease of use and streamline management" for network administrators, with simplified UIs and...
Top Recommended Home Video Surveillance Systems By Integrators on Dec 01, 2017
Friends regularly ask security integrators for their recommendations for video surveillance systems, trying to tap into the expertise of their...
Hikvision Door Station Tested on Nov 30, 2017
Hikvision has entered the video intercom market, aiming to bring the race to the bottom to a whole new audience. To see how it stacks up, we...

Most Recent Industry Reports

Startup Flock Declares Itself "The New Standard For Neighborhood Security" on Dec 15, 2017
Mega startup generator YCombinator has backed a startup targeting neighborhood video surveillance and security. Flock Safety is taking a...
Directory of VSaaS / Cloud Video Surveillance Providers on Dec 15, 2017
This directory provides a list of VSaaS / cloud video surveillance providers to help you see and research what options are available. 2018 State...
Integrator Managing Projects Statistics on Dec 14, 2017
Who actually manages projects for security integrators? Does the average security integrator have dedicated project managers, or are technicians,...
Hikvision NVR Load Testing on Dec 14, 2017
IPVM members recently debated Hikvision NVR's performance under load in Hikvision 30+ Cameras On NVR - Apps And Client Really Slow Down And CPU...
This Manufacturer Shuns IP Cameras on Dec 14, 2017
One manufacturer has chosen a bold strategy in avoiding getting caught up in the race to the bottom: shun IP solutions. We spoke with an executive...
Testing DMP XTLPlus / Virtual Keypad Vs Alarm.com & Honeywell on Dec 13, 2017
DMP has a strong presence in commercial intrusion alarms, but not in residential. However, the company's XTLPLus wireless combo panel and Virtual...
BBC Features Dahua on Dec 13, 2017
Hikvision is not the only mega-Chinese video surveillance manufacturer getting global attention. Last month, the WSJ investigated Hikvision and now...
Hiring Camera Calculator Product Manager on Dec 12, 2017
We are working on making the Camera Calculator even better and hoping you can help us find the right person to join our team. IPVM is hiring a...
Testing $20 WyzeCam, The Money Losing Amazon Vet Startup on Dec 12, 2017
This startup is perfecting the old adage: We lose money on every sale, but make it up on volume But it is no joke. The company, Wyze Labs, is...
Xiongmai New Critical Vulnerability - Same Manufacturer Whose Products Drove Mirai Botnet Attacks on Dec 12, 2017
The Chinese manufacturer whose products were primarily responsible for the 2016 Mirai botnet attack has a new critical vulnerability, confirmed by...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact