Each year, we hear about cyber attacks and breaches from companies of all sizes. Hackers are getting smart and know to look for the weak link to gain access into a company. Network-connected AV equipment is vulnerable, and clients need to understand how to guard against malicious intrusion.
AV professionals should be well-versed on the subject of cloud security and have the ability to provide you with all the information and support you need to stay vigilant and avoid attacks.
With that in mind, here are the Top 3 threats our clients are facing when it comes to AV security, and the strategies they need to have in order to respond.
1. Cloud-Connected Equipment
Network connectivity is the root cause of AV cyber vulnerabilities. We’ll explore some specific vulnerabilities, but this is where all threats start. To understand how vulnerabilities spread, here are a few terms to understand.
- An attack surface is basically all of the exploitable vulnerabilities in AV installations. This can include hardware, software, and the humans who interact with either of these. It includes applications both outside and inside of the firewall, and any software that processes incoming data, email, and attachments. It includes the people who work in these networks and use any of the hardware or software in the company’s AV ecosystem.
- An attack vector is the means of egress – it is the path a hacker takes to gain access to a computer or network server.
Any cloud-connected device is vulnerable. If you use a digital display, or video conferencing platform, or microphones and speakers, you are potentially at risk. If an interactive whiteboard being used in a conference room, and which some participants are accessing remotely, that whiteboard, with all that great information about business plans and strategies, is vulnerable.
2. Voice and Smart Technology
Newer vulnerabilities come from voice controls and other smart technology. AV technologies like smart digital signage, voice-controlled smart speakers, AI-based video security platforms, and AV automation systems are all avenues for hackers to gain a foothold in an organization’s network in order to do harm.
There has been a lag in getting up to speed on how to manage voice and smart technologies as they interface with AV systems. As AV and IT continue to converge, organizations will need to become as immersed in smart technologies as much as they are in other aspects of IT. Your AV provider can assist with understanding how to manage the vulnerabilities inherent in the use of voice technologies.
3. Internal Threats
Did you know that over 30% of cyber-attacks are the work of current or former employees? From deleting data to an outright attack, internal threats should not be overlooked. All businesses want to build a culture of trust but also remember to not get too trusting of employees when it comes to cyber-security. There is just too much risk at stake.
How can you best be prepared? Here are some steps to take to correct vulnerabilities to cyberattack in AV:
- Restrict Access – You are likely familiar with multi-factor authentication and role-based access control. These are ways of restricting access to only those who need access to perform their job functions. But when deadlines loom and task lists are large, sometimes access protocols get sidelined. Stress the importance of ongoing vigilance in restricting and monitoring access.
- Update Continuously – Hopefully, updating software and installing patches are standard operating procedure for you. Make sure they are.
- Segment Networks – While total segmentation may not be possible, become familiar with the principle of Least Route to limit the physical and logical connections between networks.
- Filter outbound traffic – Security breaches often rely on outbound connections sending data to hackers. By vigorous filtering protocols, you can reduce this risk.
- Monitor logs – Most AV devices now have the ability to log activity. But that doesn’t do any good if the activity is not monitored. Have your AV provider help set up procedures for monitoring activity logs on networked AV devices.
Whatever the surface or vector, the threats inherent in networked environments are out there and the threats are real. But these threats can be mitigated. Understanding vulnerabilities and keeping strong, clear communication will go a long way in helping to establish cyber-threat protocols. This is how to keep everyone vigilant for threats and aware of how to handle them.