What more can a video security breach reveal?
Updated: Feb 6
The recent revelation of the breach into Verkada's cloud-based security operation shows that not only banks and credit card companies are targets to breach and steal data from.
Whereas one normally expects to see breaches resulting in a publication of obtained user-IDs and passwords, social insurance numbers and money transfers, in Verkada's case it was actual live data feeds. Showing interior and exterior footage of 150,000 cameras across the world. According to a publication by Bloomberg the hackers were "able to obtain 'root' access on the cameras" including "to pivot and obtain access to the broader corporate network of Verkada’s customers."
Innocent as this may sound, it is far from innocent when you see the list of companies impacted. Banks, prisons, manufacturing facilities (such as Tesla), and many more undisclosed companies. Footage that in many cases is NOT for your eyes only.
Not Vendor Specific
Let's look beyond the vendor Verkada for a moment. They've been in the news enough now. The issue at hand is more serious than one thinks. In general, having sensitive information, such as video recordings, compromised is a very serious matter. Security cameras typically record 24/7; often motion-sensor triggered. Thus recording users seated at their desks, accessing their user accounts. Imagine this user being a high-privilege system admin, operating Defence, nuclear or power grid systems. Or a CFO accessing the company's bank account, making transfers. And a video recording showing this user entering his/her username and password credentials... I'm sure you can fill in the blanks from here.
In a normal data breach, user passwords (even with a smart password hash) are not easy to reproduce. Video footage showing a user typing in a password verbatim...!? A much easier catch, wouldn't you agree?
Hardening security systems.
Think of this for a moment when deciding how to deploy your next generation video surveillance system and where to store your footage. Granted, on-premise systems can be hacked and accessed, sure. So leave no stone unturned. When using an on-premise NVR, add properly hardened security reflecting business-specific security policies and enforcement. When using a 3rd party cloud solution: ask for their SOC2 compliancy audit report before moving your security data to the cloud.
Let us help you make that decision. At Hexaport we have subject matter experts on both the cybersecurity and building security systems. We're uniquely positioned to support companies in making the right decision between either solution platforms. Contact us on www.hexaport.io