Genetec - Network of Trust

Top questions to ask

Your physical security system is as secure as the weakest point or the least trusted device connected to it. It’s that simple. To help you select manufacturers that build their business on cybersecurity best practices, here are 5 questions you should be asking:

How transparent are vendors with cyber vulnerabilities?

Effective IoT device security does not mean creating a perfect product that never has any vulnerabilities; it means allowing for a process that quickly and completely addresses vulnerabilities. Full transparency provides customers with confidence and demonstrates the company is acting responsibly. In the event of a security breach or cyber vulnerability, do you trust that vendors will disclose the breach as soon as possible? Or will they try to conceal it for months giving attackers time to exploit these vulnerabilities?

Do vendors have a comprehensive strategy in place to close security gaps and vulnerabilities?

To create a successful cybersecurity strategy, you need to understand what you must defend against. Proactively monitoring the market and potential threat actors is crucial as security gaps create an information security risk which can lead to data loss, breaches, and violations of privacy laws. What comprehensive strategy do they have in place to manage these risks?

Do vendors prioritize security in the development of their products?

Adopting a "Secure by Design" approach to device manufacturing, and prioritizing users' privacy are key components in promoting transparency, trust, and security in this age of IoT. Companies that are committed to cybersecurity best practices build-in security at every step of development. Are vendors building systems that are resilient and capable of withstanding multiple failures? Do they perform regular 3rd part auditing and penetration tests?

Who’s liable if your equipment is used to access private information?

If your devices get hacked, will the vendor be held liable? Too often, the end user must discover and report liabilities because the device manufacturer does not take that responsibility. Not doing your due diligence when choosing security solutions or simply disregarding the fact that some of your equipment is unsafe could result in lawsuits, fines, and reputational damage. Will your organization take the blame for choosing to partner with an untrustworthy vendor?

Who owns the manufacturing company that builds their software and hardware?

Foreign government-owned vendors are known to participate in cyber-criminal activities using "backdoor" vulnerabilities to gain cutting-edge technology and know-how, at their buyers’ expense. These vendors can tap into your devices at any point in time to execute denial of service attacks on a third party, or, more troublingly, they can use their IP cameras to act as a convenient gateway into your private network. Are you willing to take that risk?

Did you know?

$6 trillion

The estimated annual cost of cybercrime by 2021(Cybersecurity Ventures)

Average time it takes to identify and contain a data breach (Ponemon Institute and IBM Security Cost of Data Breach Report 2020)

280 days

$20 billion

Global ransomware damage costs predicted by 2021 (Cybercrime Magazine 2020)

Predicted percentage of CEOs that will be personally liable for cyber-physical security incidents by 2024 (Gartner 2020)

75 %

4000 %

Increase in ransomware emails during COVID-19 (National Observer 2020)

Hikvision and Dahua were removed from the ONVIF industry standard and are blocked from submitting any further products for ONVIF conformance. This means that no new cameras, nor firmware upgrades for older cameras will be ONVIF conformant regardless of the VMS platform. (ONVIF 2020)

Open Standards