Insider threat? Outsider threat? Technology or Poor Implementation?

This week, I invite you to read this article in the Daily Mail, this one in The Times, or even this, on the BBC website.

Each addresses concerns raised by the UK’s biometrics and surveillance camera commissioner about the number of UK police forces using CCTV cameras, drones and other technology from Chinese manufacturers.

His report comes a week after alleged Chinese spying balloons were shot down over North America, and the Commissioner suggests we should be as concerned about the cameras “six feet above our heads” as the balloons 60,000 feet up in the sky. That advice may certainly have saved Matt Hancock some blushes 18 months ago!

Having read one of these articles, I would then urge you to question not what technology you’re using but instead ask whether your security integrator is qualified to support, advise and deliver what you need and what you should not use? And also, what threat are you protecting against, and how is it being implemented?

At Reliance High-Tech, we are technology-agnostic to the extent that we’re not tied to a particular brand. Of course, we will advise on which brands we feel are more secure for a given application and most appropriate for a given budget. We are commercially realistic and realise there is a place for low-cost technology, which Chinese manufacturers are renowned for.

And before we get fixated on a change of supplier or country solving all our risks, consider that some of the highest profile security breaches in the security industry have not involved Chinese organisations, such as when Verkada’s 150,000 cameras were hacked. The company is based in Silicon Valley, not Shenzhen, and this was down to poor processes and management.

At Reliance High-Tech, we have been saying for years that it’s not just about the technology but that users have to partner with the right people. The technology may be important, but it’s more important that you work with a trusted partner who understands the implications. Do they have Cyber Essentials Plus? Are they certified to ISO 27001, or ISO 22301? Does your current installer carry all of these? If not, forget about what cameras you are using because it’s a secondary concern. Come talk to us.

Risk mitigation is not simply about the camera manufacturer, and to claim otherwise would be a gross oversimplification. It’s about who’s designing your system: specifying it, installing it and maintaining it. If your system was implemented by a company that doesn’t understand cybersecurity, it’s almost irrelevant what brand of technology you use. Let’s face it, security today is a combination of cyber, physical and personal. They are converging, and for sure the threats of one lead to another if not managed properly.

This means, for example, that threats might not even arise from the technology. It’s just as likely that your threat is internal, and you need to seriously consider access control privileges, who has access to the network, different types of data and parts of a building. Your threat might not be your security system. It might be a disgruntled employee gaining access to areas they shouldn’t, using mobile credentials on an unsuspecting colleague’s phone, and copying sensitive company data onto a humble USB stick.

Take a balanced, holistic and professional view towards your security threats, whether they’re internal, external, technological, or linked to process and implementation. And while we do agree with a lot of the recent statements made in the media, talk to a company like Reliance High-Tech to ensure that you haven’t locked all the windows but left the front door open.

Watch this video, which makes it clear that security threats come in many shapes or sizes. I urge you to take four minutes to watch it and then contact me directly if you want to discuss the threats that affect your organisation.