"You shouldn't believe everything you read – especially when the topic is as important as cybersecurity. That's why we've decided to debunk some common cybersecurity myths – helping you to choose device manufacturers based on hard facts, not on perceptions," says Fred Streefland, Director of Cybersecurity and Privacy at Hikvision EMEA.
Today, anyone can post their views, opinions, and versions of 'the truth' on social media and other online platforms. At the same time, media providers are increasingly aligned with other stakeholders and viewpoints – giving certain bias to their coverage of people and events.
Because of this, many social commentators have written that we now live in a post-factual era, where 'people are more likely to accept an argument based on their emotions and beliefs, rather than one based on facts'.
But this isn't a sociology lesson – it's a blog about cybersecurity. And that means it's a chance to consider the impact of misinformation and 'fake news' on our industry.
So let's take a closer look at some common cybersecurity myths that are driven by emotional responses – rather than facts – and how they are confusing and, in some cases, even dangerous.
Debunking three common cybersecurity myths
Myth 1: Security vulnerabilities are the same as 'backdoors'
Whenever a security vulnerability is discovered in a camera or other network-connected product, the media loves to call it a 'backdoor'.
The fact is, though, that vulnerabilities and backdoors are two completely different things.
Vulnerabilities can happen in any network-connected device which incorporate both hardware and software. In fact, vulnerabilities are inevitable and happen accidently, with research showing that we can expect 2 to 3 bugs in every 1,000 lines of code.
Despite this fact, security conscious device manufacturers minimize vulnerabilities wherever possible using 'secure-by-design' production processes. If you imagine that some business applications consist of several million lines of code, and modern cars could even contain more than 100 million lines of code, you can do the math.
Backdoors, on the other hand, are security loopholes that are added on purpose to device software to allow manufacturers or others to access devices and the data stored on them.
On rare occasions, backdoors are added temporarily to products by manufacturers to support development, testing, or maintenance processes – and these backdoors are not removed by accident.
Myth 2: Manufacturers add backdoors to their products for illicit reasons
This myth is easy to counter, simply because these 'illicit reasons' (such as spying) are simply not possible. Once security devices such as cameras are installed in customer networks, they are effectively 'ring fenced' in terms of security, mostly placed in a stand-alone network, and often protected by firewalls and other security devices. And even if the end-user decides to store the data from these devices in a cloud, cloud providers have security Service License Agreements (SLAs) that keep it private, ensuring that data cannot be accessed by external companies, such as device manufacturers.
The most important reason for debunking this myth is the fact that the end-users who buy these cameras are responsible for the data/video footage they generate. They are, in other words, the data custodians who process the data and are in control of the video footage, which is required to be kept private by law (under the GDPR). Secret access to video footage on these devices is impossible without the consent of the end-user.
So bearing in mind that even devices with backdoors cannot be used to spy on companies, individuals, or nations, the myth instantly crumbles. It's plain to see, in fact, that the security features built into devices, networks, and data centers – combined with end-users' data-protection responsibilities – make espionage and other misuse of backdoors literally impossible.
Myth 3: Adding backdoors to products represents no real risk for a manufacturer
Again, this is an easy myth to debunk, particularly as device manufacturers who add backdoors to their products have absolutely everything to lose.
After all, high profile business scandals and data breaches have shown us that the truth always comes out. Moreover, if a company is found to have deliberately added a backdoor to a product, their reputation would be destroyed, along with their business, virtually overnight.
This means that all companies, and especially large companies who have their own IP and R&D capabilities, have a range of checks and balances to ensure that no backdoor is ever added to a product deliberately. This is especially the case in the security industry, where manufacturers are expected to protect customers' data and operations 24x7x365.
Meer te weten komen
We hope this article helps you differentiate truth from perception when it comes to some common cybersecurity myths – and gives you a fresh perspective on what's secure and what isn't.
If you have any questions, or if you'd like to discuss your own security challenges, or find out how Hikvision can help, visit our cybersecurity site here, or contact me to discuss your specific security needs.
By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION Materials License Agreement. If you don’t agree to these terms, you may not download or use any of those materials.If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the Materials License Agreement above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).