Why are IP cameras prone to becoming a cyber risk?

While many IP cameras are often praised for their video quality and expandable features, they are frequently used without adequate consideration for initial setup and operational aspects. The following points are particularly common problems:

• Operate with the initial password (default setting)
• Firmware update has not been performed.
• Division of roles between the IT department and the security department
• Operational practice of "once it's installed, it's done"

It has been pointed out that these basic configuration deficiencies can lead to unauthorized access from external sources.


Real-world risks associated with default passwords

Many IP cameras come with a default password set by the manufacturer at the time of shipment. If this password is not changed and the camera is connected to the internet or a company network, it can be easily guessed and misused by a third party. The fact that video footage can be leaked simply due to a misconfiguration, even without a "special attack," is an important point that is often overlooked.

Security is not a "set it once and forget it" kind of thing.

Simply changing your password doesn't eliminate all risks. IP cameras are part of IT equipment, and regular firmware updates, vulnerability countermeasures, and reviews based on usage are essential.

Operational challenges that are common in Japanese companies

In Japan, cybersecurity measures for surveillance cameras tend to be neglected due to the following reasons:

• Security is handled by general affairs and facilities, while IT is handled by information systems.
• Camera settings are left entirely to vendors or security companies.
• It has not been decided who will be responsible for security updates.

As a result, a situation easily arises where "nobody is at fault, but nobody is in control."

Key points to consider when implementing security measures for surveillance cameras

To operate surveillance cameras safely, it's crucial not only to configure individual devices but also to ensure overall control and control.
The key points are the following three:
1. Is authentication and access control appropriate?
2. Are you aware of the update and configuration status?
3. Are there operational rules that span across IT and security?

Genetec's approach: A system that allows you to "manage" cameras.

At Genetec, we view IP cameras not merely as video equipment, but as critical IT assets connected to the network. Our integrated security platform, "Security Center," provides a system that maintains security during operation through features such as centralized user authentication and access control, centralized device management, and a design based on secure communication. The fact that it is not dependent on a specific camera manufacturer and can be managed in an open configuration is also an important point when considering long-term operation.

Summary: Surveillance cameras are both the "protectors" and the "objects that should be protected."

Surveillance cameras are crucial devices for ensuring safety on site. At the same time, they also inherently pose cyber risks. The boundary between physical and cyber threats no longer exists, and cybersecurity for IP cameras is no longer just an "IT issue" or a "security issue."
The key is to design and operate physical security from a cyber perspective. This involves realistically managing things like reviewing initial settings, regular updates, and overall control. These are essential for physical security going forward.

Features of the physical security solutions offered by Macnica

Macnica supports an approach that integrates and manages physical security, including IP cameras, from a cybersecurity perspective, centered around its integrated security platform, "Genetec Security Center."
We place great importance on creating a system that maintains security in actual operation, including not only the configuration and management of cameras and edge devices, but also the cross-functional operational design and policy development that spans the IT and security departments.

You can find information about the configuration and deployment options of Genetec (Security Center / Security Center SaaS), which is designed with this integrated management in mind, on the product page.

Contact Us