A recent cybersecurity report highlighted a problem we see regularly in the field: security devices that are installed to protect a facility can become an entry point when they’re left unpatched and exposed to the internet.
In the UK, researchers observed more than 67 million attempted attacks in 2025 tied to a long-known Hikvision IP camera vulnerability. The activity was detected at the network perimeter and blocked by firewalls, but the takeaway is bigger than one brand or one country: attackers continuously scan the internet for vulnerable cameras, recorders, and “smart” devices—especially older ones that haven’t been updated.
For businesses in New Jersey, Pennsylvania, and Delaware, this is a timely reminder to treat video surveillance and access control as part of your cybersecurity program—not separate from it.
The bigger issue: “Zombie Tech” in security systems
SonicWall described this trend as a “Zombie Tech” crisis—legacy devices that remain connected and vulnerable years after a flaw becomes public.
In practical terms, this often happens when:
- Cameras or NVRs were installed years ago and never updated
- Default settings were left in place
- Remote access was enabled for convenience
- Devices were placed on the same network as business systems
- No one “owns” ongoing maintenance after the install
Even if your system still “works,” it may be operating with outdated firmware, weak configurations, or unnecessary exposure.
What can happen when a camera is compromised?
The article references a command injection flaw that could allow remote attackers to send malicious commands. In real-world scenarios, compromised cameras and recorders can be used to:
- Disrupt or disable surveillance during a theft or incident
- Access live or recorded video (privacy and liability risk)
- Pivot into the broader network if segmentation is poor
- Join botnets that are used to attack other organizations
This is why we recommend thinking beyond “Is the camera online?” and asking: “Is the camera securely online?”
Why this matters even if you don’t use Hikvision
This isn’t a Hikvision-only issue. Attackers don’t care about brand loyalty—they care about scale.
Any widely deployed device category (cameras, door controllers, routers, Wi‑Fi gear) becomes a target when:
- Vulnerabilities are publicly documented
- Patches exist but aren’t applied
- Devices are reachable from the internet
If you have older IP cameras, recorders, or networking equipment, you should assume they are being scanned.
A practical security checklist for camera and IoT exposure
Here are steps we recommend for commercial environments—especially manufacturers, office buildings, property managers, and multi-tenant facilities.
1) Inventory what you actually have
Make a list of:
- Camera models and firmware versions
- NVR/VMS versions
- Door controllers and access control software versions
- Remote access methods (VPN, port forwards, cloud portals)
If you can’t quickly answer “what’s installed,” you can’t reliably secure it.
2) Patch firmware and software (and verify)
- Update camera and recorder firmware
- Update VMS/access control software
- Confirm updates succeeded (don’t assume)
If a device is end-of-life or no longer supported, plan a replacement timeline.
3) Remove direct internet exposure
A common high-risk pattern is port forwarding directly to a camera, NVR, or web interface.
Best practice is:
- Use a VPN for remote access
- Restrict access by IP where possible
- Disable unused services and remote admin interfaces
4) Segment security devices from business systems
Your cameras and access control should not sit on the same flat network as:
- Accounting systems
- File servers
- Workstations
- Production systems
Network segmentation reduces blast radius if a device is compromised.
5) Enforce strong credentials and least privilege
- Change default usernames/passwords
- Use unique credentials per device/system
- Limit admin accounts
- Enable MFA where available (especially for cloud-managed platforms)
6) Monitor and log
Even basic monitoring helps:
- Firewall alerts
- Unusual outbound traffic from cameras/NVRs
- Repeated login attempts
If you have a managed IT provider, ensure security devices are included in monitoring—not excluded.
Our approach at Systems Integrations
At Systems Integrations, we treat physical security as part of a broader risk management strategy.
- We install NDAA-compliant video surveillance equipment
- We prioritize secure architectures (segmentation, secure remote access)
- We support ongoing maintenance options so systems don’t become “set it and forget it” liabilities
If you’re not sure where your current system stands, we can help you evaluate exposure and recommend a path forward—whether that’s patching, reconfiguring, or modernizing.
Need a security system health check?
If your cameras, access control, or networking gear haven’t been reviewed in a while, now is the time. Contact Systems Integrations to schedule a system review for your facility in South Jersey, Southeast PA, or New Castle County, DE.