What IP Camera Cybersecurity Risk Concerns You Most? Customers' Concerns?

As part my recent involvement in our increased cybersecurity testing (IP Camera Cybersecurity Shootout, Verkada IP Camera Cybersecurity Tested), I learned of a cybersecurity risk/attack for IP cameras, a variant of something IPVM (and many others) have reported on previously. The Mirai botnet was malicious code running on millions of cameras, which allowed the controllers to coordinate the cameras (and other infected IoT devices) for large-scale DDoS attacks.

However, IP cameras can be vulnerable to being used in a DDoS attack without actually running any malicious code, through "amplification" attacks. Amplification attacks (commonly NTP and UDP) mean that the camera will receive a request with a small packet of data, and then respond to a spoofed address (the target) with an even larger packet of data. The multiplier is known as Bandwidth Amplification Factor, and for DNS is 28-54, and for NTP is 556.9. Higher BAF is desirable for attackers because it requires less outgoing data for larger attacks. According to US CISA, previously attackers were limited to a linear (1:1 incoming : outgoing) number of packets for attack with DDoS.