There’s a worrying gulf between users’ insistence that their video systems are protected from cyber-attacks – and their widespread failure to implement even simple measures to keep them secure, according to a survey of over 1,000 IT and security managers across Europe by Hanwha Vision Europe. It suggests that nearly nine in ten (89 per cent) of IT and security managers in the UK claim their security systems, including video surveillance systems, are protected or highly protected from cyber-attacks.
Yet such confidence appears misplaced, the video surveillance camera manufacturer adds, as many of their organisations are not implementing even basic measures such as changing camera usernames and passwords (34pc), ensuring their devices are running the latest firmware (12pc), or securing access to Networked Digital Recorders (NDRs) and other devices (6pc). The video firm says the survey also found a lack of awareness of cybersecurity regulations and compliance measures among those on whom organisational cybersecurity depends.
Only 29pc are aware of the second Network and Information Security Directive (NIS 2), while 41pc are familiar with the Cyber Resilience Act (CRA), yet both regulations came into effect in October 2024 and can impact UK organisations, depending on their EU operations. The study also points to insufficient promotion of cybersecurity best practices at an organisational level. While 46pc of UK organisations promote using Multi-Factor authentication, only 14pc push the use of strong passwords.
John Lutz Boorman, Head of Product and Marketing at Hanwha Vision Europe, urged users and the security industry to treat the research findings as a “wake-up call”. He said:
“With the number of cyber-attacks on the rise, and the cost and impact of these security breaches growing all the time, organisations must match words with actions to boost their video network resilience.
“Like any IoT device, an unsecured video camera can present a tempting route into an organisation’s network for bad actors – but even simple measures can help close off this path.”
The research found that failure to follow best practices for keeping video surveillance networks safe from cyber-attack is not unique to any sector and is highly prevalent even in high-risk industries with extensive experience of cybercrime, such as financial services.
“While it is the user’s responsibility to keep their networks secure, it is clearly in the interest of manufacturers and installers to help them maintain system resilience, and the wider security industry must do more to help,” said Boorman.
