The hacktivist action against surveillance technology giant Verkada prompted companies to re-evaluate access to their security systems. The breach exposed over 150,000 cloud-based surveillance cameras worldwide was orchestrated by a hacker group that said Verkada’s system was easy to compromise when they found a ‘super admin’ credential leaked on the internet. After two days of uninterrupted access to live feeds from Verkada’s security cameras, the group posted their triumph on Twitter. Shortly thereafter, their account was deactivated but the damage was done. The compromised video data begets many physical and operational security worries along with corporate intellectual property and privacy concerns.
Many times, security systems are the ‘step-children’ of the IT department or the responsibility of security integrators; worse yet, they are totally forgotten. While the security office is responsible for the use of the systems, often the IT department oversees managing and maintaining the systems and the infrastructure supporting the devices. And very often these devices are neglected with the plethora of other systems IT is supporting. While the Verkada hack was perpetrated on a cloud-based system storing the video of thousands of clients, there are key lessons for companies with both cloud and on-premises video surveillance solutions.
Contact us to request our advisory that provides takeaways from the Verkada incident and offers mitigating strategies to help build resilient security systems.