AUGUST 14, 2024
When people in our industry talk about service, management, and maintenance, we often don’t include software. Yet it is an essential part of Security Behavior Observatory (SBO). This article focuses on the importance of software maintenance and highlights a solution that allows you to perform critical cybersecurity updates without risks.
The Growing Importance of Cybersecurity
We are all familiar with the staggering statistics: thousands of cyberattacks occur daily worldwide. A recent study from the University of Maryland reports that over 2,200 cyberattacks happen every day. As these threats continue to escalate, the National Coordinator for Counterterrorism and Security (NCTB) of the Ministry of Justice and Security publishes an annual Cybersecurity Assessment for the Netherlands. While this report focuses on the Netherlands, its findings are relevant to all countries, as cyber threats are a global concern.
Key conclusions from the 2023 report include:
- The digital threat to the Netherlands remains significant and constantly evolving.
- Interconnected processes in the digital ecosystem mean everyone can be affected by a cyber incident.
- State actors use cyber-attacks to achieve geopolitical goals.
- Extortion remains a highly lucrative model for cybercriminals.
- Emerging technologies like AI introduce new threats.
Cybercriminals are continuously finding new ways to exploit vulnerabilities due to the potential financial rewards. The professionalization and commercialization of criminal tools make it easier for even less skilled criminals to conduct attacks. As data becomes more valuable and cybercrime scales, every organization becomes a potential target due to the interconnectedness of our digital ecosystem.
More than ever, our country, every industry, and every organization are part of a digital network of companies, products, suppliers, and applications. This interconnectedness offers knowledge and economies of scale but also brings risks and vulnerabilities. Everyone can experience the consequences of a cyber incident, even if it seems remote at first glance.
Security solution manufacturers, partners, and integrators are not immune. Several companies have fallen victim to cyber-attacks in recent years, proving this is not a distant issue but a present danger.
Software Maintenance is Essential
From a cybersecurity perspective, we cannot afford to neglect software maintenance. New vulnerabilities are discovered daily. Axis has adopted a proactive philosophy, accepting that any device can be hacked, and constantly striving to improve. Through initiatives like the Bug-Bounty Program, we challenge security researchers and ethical hackers to enhance our product security.
Lessons from these initiatives are integrated into new software versions, which we regularly update for our partners and end-users, providing better protection against vulnerabilities.
Operating System Maintenance
While we cannot always prevent cyber incidents, we can increase our resilience, reduce impacts, and limit damage. Axis Communications, a manufacturer of IP components, continually works on enhancing the security of our products and processes.
Axis devices run on a Linux-based Operating System (OS) that forms the foundation for component operation, managing basic tasks and interactions between hardware and applications. Regular updates provide new functionalities and security measures. To benefit from these updates, regular maintenance is essential.
Overcoming Hesitation to Update
Despite the importance of updates, some resist them due to the time and cost involved in rolling out updates across numerous components. Another concern is the risk of losing functionality, especially with customer-specific developments. Therefore, it is crucial to carefully consider the consequences of updates and have a fall-back scenario in place.
Some argue that systems not connected to the internet are safe, but often, there are still connections to the outside world. Examples include temporary remote connections for maintenance or laptops used both privately and for work.
The main source of cyber vulnerabilities is human behavior. Users unintendedly expose systems to risks, making awareness essential.
Active Tracks vs. Long-Term Support Tracks
Many partners are unaware that Axis offers two update tracks: Active and Long-Term Support (LTS).
- Active Track: Focuses on the latest features and enhancements, including new cybersecurity measures.
- LTS Track: Prioritizes API consistency and compatibility, reducing the risk of losing functionality. It offers security patches and bug fixes without adding new features.
For more information: Axis OS Long-Term Value
Choosing the LTS track over no updates ensures that the OS software remains protected against the latest vulnerabilities.
Relationship with Total Cost of Ownership (TCO)
The Total Cost of Ownership (TCO) considers all costs over the lifetime of a system or component. Maintenance costs are significant post-deployment and thus a critical part of the TCO. Software maintenance is an essential part of SBO and should therefore be prioritized in tenders and proposals.
Including regular software updates in tender requirements ensures cybersecurity now and in the future. If you need help formulating these requirements, contact your local Axis Architect and Engineering Manager.
Written by Erik Baeten