Your Security Cameras May Actually Be Your Company’s Biggest Security Flaw

Internet-connected devices like smart security cameras offer enterprises numerous benefits, but with those benefits come serious cybersecurity risks.

As of last year, there were 8.5 billion internet-connected devices in use worldwide, and experts predict that by 2020, as many as one million new network connections will be added every hour. All told, the number of Internet of Things (IoT) devices in the world will surpass 50 billion in 2020, at which point the global IoT market will account for nearly $14.5 trillion in annual sales.

For enterprises, the potential economic benefit of IoT devices will be between $70 and $150 billion per year. And while IoT devices related to video conferencing, VoIP, and wireless printing will provide office-based enterprises with a great deal of value, a great deal of enterprise IoT use cases will actually revolve around office building security.

Indeed, MGI research suggests that IoT security systems alone have the potential to reduce the cost of building security by more than $6 billion per year by 2025. “Rather than having a security employee monitor the feed from cameras,” the research explains, “an intelligent system can automatically detect anomalous patterns in the video data and immediately alert authorities of a possible intrusion.”

The only problem? As things stand, IoT security systems tend to be as vulnerable to hacks as they are effective in detecting intrusion.

The Dangers of an Insecure IoT Security Camera

In late 2016, black-hat turned white-hat hacker Samy Kamkar set out to expose the cybersecurity vulnerabilities inherent to a number of popular enterprise IoT devices. He managed to compromise everything from smart HVACs, to VoIP phones, to smart refrigerators — some in as little as three minutes — serving up a stark reminder of just how exposed the proliferation of IoT devices has left the average enterprise.

It doesn’t take much time for a cybercriminal to wreak havoc on an enterprise’s office infrastructure via a compromised IoT security camera. For instance, once they take control of a connected camera, a cybercriminal can use jamming or spoofing techniques to disable the entire system’s motion sensing capabilities, remotely open locks, or even turn off surveillance equipment altogether.

What’s more, a compromised camera can serve as an excellent launch point for attacks on other IoT devices on an enterprise’s network. In fact, if an enterprise’s networks aren’t designed with robust cybersecurity in mind, a single hacked security camera can grant a cybercriminal access not only to other devices on the same network, but to separate networks, as well.

Of course, there’s also the possibility that a hacker will simply lay low once they’ve gained access to a camera, observing, recording, and stealing potentially priceless proprietary information. Placing a security camera in or around high-value assets is a good idea in theory, but in the event the camera is compromised, it’s a surefire way to put all one’s corporate secrets on display.

Making IoT Cybersecurity a Priority

Ultimately, while cybercriminals can use almost any enterprise IoT device as an entryway into a corporate network, only connected security cameras offer all of the added value outlined above. A hacker remotely shutting down your office’s smart fridge is clearly far preferable to that same hacker disabling an entire building’s surveillance infrastructure, but at the end of the day, such attacks are equally easy for the seasoned cybercriminal to execute.

The good news is that many stakeholders are aware of the threats IoT devices pose. According to a recent MGI survey, 75% of enterprise IT professionals agree that IoT security is either “important” or “very important,” and that its relevance is only going to increase in the coming years. The bad news? A mere 16% of those surveyed believe their company is up to the challenge.

Regardless of where individual enterprises stand, one thing is for certain: The IoT revolution will only be able to realize its full potential when the corporate world as a whole is able to develop and implement robust cybersecurity protocols tailored to an infinitely connected future.