Researchers from the U.K.-based penetration testing service Pen Test Partners recently attacked a video surveillance system, and they pulled off a fairly scary feat. "We successfully switched video feeds from one camera to another through the cloud service, proving arbitrary access to anyone's camera," they wrote.

That pen test is even more concerning when you take into account the fact that the world is in the midst of a widespread proliferation of video surveillance equipment among both private citizens and enterprise security users - which, in fact, we are.

The market for video surveillance systems is expected to grow from $36.89 billion in 2018 to more than $68 billion by 2023, MarketsandMarkets reports. With video surveillance increasingly prevalent, the possibility of cyber flaws in security systems bears strong consideration.

"Historically, camera systems have been fairly isolated on the network, and so people have not lumped them into the cyber realm," says Jonathan Steenland, a strategic advisor to the U.S. Department of Homeland Security's National Cybersecurity Center and co-founder of security advisory Zyston. "Now these devices are connected to the same network as mission-critical servers and applications."

What are the most likely cyber gaps in video systems, and what are the most significant remediations?

Fail Points

Researchers at Kaspersky Lab report finding multiple potential fail points in security cameras commonly incorporated into some enterprise security systems. These flaws could give attackers access to video streams and could even enable remote control over the cameras.

By leveraging these weakensses, Kaspersky reports, malicious users could:

* Access video and audio feeds from any camera connected to a cloud service;

* Remotely upload and execute malicious code; or

* Remotely "brick" vulnerable cameras.

Beyond interrupting camera operations, hackers could use a compromised camera as an entry point to compromise an entire network. "The port that the camera is using can be used to hop to other segments of the network," notes Mike Sanchez, CISO of United Data Technologies. "They start in the surveillance system and go from there to the data center, and from there, to the accounting department."

In the past, when a surveillance system was a self-contained network, such concerns might have sounded...