International Security Journal speaks exclusively with Fred Streefland, Director of Cybersecurity EMEA at Hikvision.
For many organisations around the world, the biggest security threat comes not in the form of intruders or thieves but in the digital world through cyber-attacks. Cybersecurity was a rapidly growing concern for businesses before the pandemic struck and this has only been accelerated by the change in working practices brought about by COVID-19.
Since the pandemic began, the FBI has reported a 300% increase in cyber-attacks, with the financial services and healthcare sectors particularly targeted. Obviously, properly securing IT networks must now be a key priority for all organisations but they must also remember that physical security systems need robust cyber defences as well.
To highlight just how important this aspect of security is, one needs to look no further than March 2021 when a well-known surveillance provider suffered a cyber-attack which compromised more than 150,000 of their cameras.
One vendor which is dedicating huge resources towards improving their cybersecurity is Hikvision. International Security Journal sat down with Fred Streefland, the company’s Director of Cybersecurity EMEA to find out what steps Hikvision is taking to shore up its cyber defences and where the wider cybersecurity landscape may be heading in the coming years.
A more complex world
Streefland graduated from the Netherlands Military Academy in 1992 before embarking on a stellar career in cybersecurity, taking in roles at IBM and Palo Alto Networks, he is now Director of Cybersecurity EMEA for Hikvision.
Reflecting on how the cyber landscape has evolved in recent years, Streefland said: “I have seen the world developing at a rapid pace. The world is becoming more digitalised and the combination of growing internet usage, the implementation of 5G and the huge increase in IoT devices is making things a lot more complex.
“It is also clear that the bad guys are becoming more sophisticated in their methods and are definitely not sitting still. Cybersecurity has become even more challenging with cybercrime incidents growing exponentially, especially in the form of ransomware attacks and supply chain hacks.”
Streefland is now using his knowledge and experience to help Hikvision ensure that its products are as robust as possible against cyber-attacks. This is an area of extreme concern for all physical security manufacturers given recent hacking incidents, which is why Hikvision has put cybersecurity amongst its top priorities.
“Hikvision takes cybersecurity very, very seriously,” said Streefland. “The company has invested significantly in the cybersecurity space and we appreciate that the basics of cybersecurity should almost become part of our core business.
“First and foremost, we are a product manufacturer but our IoT devices, video security cameras and the rest of our product range are all produced whilst adhering to the principles of Secure by Design. Cybersecurity is baked into our products in each phase of the production process which is why Hikvision products are very cyber resilient.”
He added: “We have founded a dedicated group of experts in our headquarters that are solely focused on enhancing the cybersecurity of our products and we have also created a Security Response Centre.
“The centre handles any issues involving the cybersecurity of our existing products and acts as a point of contact for our customers, partners and employees. We see it as our duty and responsibility to make our products as cyber resilient as possible.”
Of course, cybersecurity can never be 100% guaranteed. With attackers and their methods becoming ever more sophisticated, it is always highly likely that a successful attack will occur. Therefore, it is important that a manufacturer has strong processes in place should a vulnerability ever be spotted.
Streefland explains how Hikvision goes about its own vulnerability management: “If somebody detects a vulnerability, the report will be sent directly to myself and/or my colleague who is responsible for cybersecurity across the Americas and the rest of the world.
“Vulnerabilities do exist so it’s very important for Hikvision that if one is found, we know about it as soon as possible. A major step forward for Hikvision was when we were accredited by the Mitre organisation in the United States as a CVE Numbering Authority (CNA). This means that as soon as vulnerabilities are identified, we will follow a process to make them publicly available.
“There are fewer than 200 organisations in the world that are listed as a CVE Numbering Authority so this is a very important obligation that we have.”
It is clear that Hikvision is doing everything it can to protect its products from cyber-attacks but Streefland believes that cybersecurity is a shared responsibility within the security domain and that the end user and installer also play their part in the process.
He stated: “I believe that it is a triangle of responsibility between the manufacturer, end user and installer. The end user is the person responsible for their network and the data within it, the manufacturer must ensure its products are created in a Secure by Design manner and the installer is responsible for installing it in a secure way.
“In this secure eco-system, the end user must be aware of their responsibilities and they have to educate themselves on the importance of cybersecurity. They must always be willing to look at ways in which they can prevent incidents from occurring and to cooperate with the manufacturer. It is vital that everybody fulfils their role.”
Striking a balance
In recent times, the ability for organisations to balance their security with the privacy of the individuals they are securing has become a major talking point. For video security providers such as Hikvision, it is an important balance to strike.
Streefland said: “We always have to respect an individual’s privacy and stick to the rules, such as those laid out by GDPR. However, this does not mean that video surveillance is not allowed. Surveillance is allowed as long as it’s carried out properly and in line with the rules.”
As for how the cybersecurity landscape will evolve in the coming years, Streefland thinks that things are only going to get tougher for security providers. He concluded: “The criminals are getting more sophisticated and the world is getting more complex. We now have 25 billion IoT devices in use around the world and that number is likely to double in two years’ time. How can we protect anything and everything as well as stick to rules such as GDPR?
“I think that the security industry is not as mature when it comes to cybersecurity as the financial services industry, for instance. Therefore, increasing cybersecurity education is a very important step. For example, Hikvision has created a basic cybersecurity course which is open to everybody, in which we share the lessons we have learned and our past experiences in order to help the industry become more mature.
“We have to cooperate with each other to beat our enemies as things will definitely not be getting any easier.”
As Streefland points out, there will be many more cybersecurity challenges lying ahead as the world becomes ever more digitalised. However, security providers ensuring that their products are Secure by Design and implementing robust vulnerability management procedures will certainly help to slow the progress of the cyber criminals.
This article was originally published in the July 2021 edition of International Security Journal. Pick up your FREE digital copy on the link here