Why is CCTV IT's blind spot?

CCTV is no longer an isolated and passive component

Why is CCTV IT's blind spot?

Video surveillance cameras, also known as CCTV (closed-circuit television), are no longer merely passive viewers in today's digital world.

Cameras have evolved into powerful computers that are linked to core networks and the internet. Often, these devices have privileged access and are configured to transfer massive amounts of data to deliver useful insights to businesses and organisations.

Despite their sophisticated nature, physical security systems are often procured and operated with limited oversight from the IT department. They are a glaring blind spot, and that has to change.

Data shows that while CCTV devices account for just 1.2% of all devices, they contribute to a staggering 24% of malicious activity. You only have to look at the composition of the Mirai botnets to understand why IT teams must take a greater interest in the video surveillance cameras deployed inside their enterprise.

One issue that doesn't help matters is the nomenclature. The acronym "CCTV" is out of date and deceptive, failing to convey the true nature of these devices as powerful computers linked to networks and the internet. They're not operating on a closed circuit and haven't been for some time.

IT teams must recognise that IP cameras demand the same amount of attention and control as any other significant IT system inside their organisation.

Another important consideration is cyber-hygiene. Many CCTV managers do not come from an IT background, and spent much of their earlier career managing analogue systems. No surprise, then, that these cameras are more likely to be managed poorly when compared to those that fall under the direct responsibility of the IT department. It's common to find them running outdated firmware with known exploited vulnerabilities, or sitting on the network for many years with the default credentials unchanged.

Physical security and cybersecurity are inextricably linked and must be addressed in tandem. To develop a solid and complete security framework that encompasses both the digital and physical parts of video surveillance systems, IT teams and physical security departments must cooperate closely together.

Regular communication, information exchange, and coordinated efforts to detect and manage potential risks and threats are all a part of this cooperation.

CCTV systems are no longer isolated and passive components of physical security. They are complex computers that are linked to networks and the internet. Organisations must boost their entire security posture and successfully safeguard against cyber-attacks in today's digital ecosystem by recognising "CCTV" cameras for what they really are.

Ben Durrant is Engineering Lead at Genetec