This question is key in today’s security world, when focusing on security cameras. As part of the IoT world, security cameras of today are playing important roles not only in the security area, but also in providing intelligence to accelerate operational efficiency and decision-making in many other business areas. As they become smarter and more complex, their cybersecurity risks also grow. In recent years, the world experienced several examples of cybersecurity incidents with cameras, with the “Mirai Botnet” as one of the most well-known examples. Mirai malware took advantage of insecure IoT devices in a simple but clever way. It scanned the internet for open Telnet ports, then attempted to log in with default passwords. In this way, it was able to amass a botnet army, using the computer power of millions of cameras with default passwords worldwide.

The Mirai Botnet took place in 2016 and, luckily, the cybersecurity of IoT devices has improved significantly since then. But, some things are still the same and/or cannot be changed. Mikko Hypponen, a Finnish cyber evangelist, is well-known because of his statement: “If a device is smart, it’s vulnerable!”. He shows with this statement that all devices that consist of hard- and software, and are connected to the internet, are insecure (and therefore ‘hackable’). Athough he made this statement some years ago, it is still true and very relevant – an example of something that hasn’t changed.

These technological developments provide incredible innovative security capabilities, but also serious digital risks. The cameras consist of advanced hard- and software components that are produced both in-house and by third parties. Because of this complexity, such a camera can be seen as a kind of ecosystem on its own and it’s extremely challenging to protect it holistically against the things that could possibly go wrong in this ecosystem. A camera becomes an interesting and inviting attack surface for the ‘bad guys’.