The cybersecurity landscape is scary right now — but we have to assume it’s even scarier for AV integration firms, who often have a hand in ensuring their clients’ systems operate securely (sometimes, without even knowing it).
The “Work from Anywhere” lifestyle of corporate end users has only made this issue worse as home machines are rarely as secure as corporate ones.
Given this state of cyber uncertainty, we thought now is as good a time as ever to administer this corporate cybersecurity basics quiz to any integration firm employee who feels brave enough to take it (which you can do below).
But first, we thought it wise to hear from some other AV pros about what cybersecurity issues they think integrators should brush up on:
Lionel Felix, Felix Media Solutions
It’s important to understand what ports a device may need for access through the firewall and how to properly set up either NAT (Network address translation, where an IP address outside, your external IP, is routed to an internal IP, the device) and PAT, port address translation where when a port on the outside is hit and depending on the port, a device internally is routed to.).
For example, if you need to hit a DVR on port 4589 and a WiFi management interface on port 3030, you would have two internal IPs and you may want to use PAT to get to the right thing.
Knowing ports and the most common ones, how port ranges work, is super important when installing hardware that needs to be seen elsewhere.
Getting frustrated and opening up all ports on the firewall is the worst possible thing. Port scanners are constantly working and while you may have the most recent firmware, it doesn’t mean its secure. Never open the whole kimono. Just a peek to the ports and IPs you need
In general, know the TCP/IP rules. They work and if abided by, you will stay out of trouble and not run afoul of the IT department.
Alan Brawn, Brawn Consulting
Many do not clearly understand 802.11X and TLS encryption.
There’s also a lack of proper configuration as an IT team would proceed.
Proper communication with onsite IT resources is a common issue I hear about.
IoT corruption and poorly secured IoT devices.
Overall, integrators tend not understand the seriousness of the effects of not only data theft, but also the hacking of the infrastructure and causing total disruption.
Steve Bomberger, Head of SEI IT Services, SEI
Firmware vulnerabilities tied to the hardware – these typically get less press than software vulnerabilities but are just as dangerous. How does the technology provider address support and fixing of vulnerabilities for all hardware and firmware that is used?
The other viewpoint is from chip vulnerabilities. Does the technology provider have a process to uncover vulnerabilities in the design and development process? How does the technology provider ensure they are not releasing hardware or firmware with existing vulnerabilities? Is supply-chain risk addressed in the development lifecycle? Are they getting components or parts from various third parties? How are those third parties ensuring there are no vulnerabilities and how is the hardware provider testing all this together.
We think the most common misunderstanding is that cybersecurity is often viewed as a technology issue. Cybersecurity should be looked at as a business decision, addressing the appropriate risk posture of an individual organization. The technology solution put in place should be the manifestation of that posture. Cybersecurity is not a one-size fits all equation.
Take the cybersecurity quiz below!