The co-founder and Chief Executive of security camera company Verkada has announced a series of actions to overhaul its security after 150,000 of its devices were hacked.
Filip Kaliszan says he has directed the company’s engineering team to immediately make security, trust and privacy its number one priority.
“We are also prioritising the hiring of security engineers ahead of other technical roles,” he said in an address to customers of the Californian company after a group of hackers last week breached security systems and viewed live feeds from 150,000 surveillance cameras it had supplied to a host of private and public organisations.
Kaliszan says is also working with his senior team to identify a “swat team” of engineers to lead the company’s response to any questions related to privacy and security.
“Our goal is to work together to maintain and rebuild your trust, and to reinforce that our system is created to put and keep your data in your hands,” he added.
The firm has hired cyber security experts Mandiant and law firm Perkins Coie to conduct a comprehensive review of its systems’ security to better understand any problems and work to resolve them.
Actions planned in the next 100 days include: providing access transparency to customers so they are notified when their data is accessed by Verkada; reviewing policies and procedures to identify new ways to strengthen existing controls and add new levels of security; increasing the number of penetration tests; and reducing the potential for vulnerabilities to be introduced by continuing our adoption of configuration-as-code, automated testing and separation of duty.
He pledged to host weekly webinars to listen to customers, “get a sense” of their concerns, and help identify and implement the best security practices for their systems.
The hacked cameras were in general and psychiatric hospitals, women’s health clinics, police stations, prisons, schools and companies, including car maker Tesla and software provider Cloudflare. The systems have since been secured, said Verkada.
PrivSec Global, a live streaming event, takes place on 23-25 March featuring more than 200 speakers and 64 sessions on privacy, data protection and cyber-security.