Municipalities are beginning to take full advantage of IoT and the connectivity benefits it can bring their employees and services. By 2020, global IoT devices are expected to reach an astounding 212 billion devices, according to analyst firm IDC. However, with opportunity comes risk – the more devices connected to the internet, the more attack surfaces cybercriminals can exploit. Similar to when computers were first introduced, security was not an initial concern – in the same way, security has taken a back seat with IoT.
This is a huge mistake, considering what organizations stand to lose – from sensitive information and damages to reputation to financial losses and distributed denial-of-service (DDoS).
While some look to regulators and manufacturers to make necessary security changes, ultimately it is up to the organization to ensure their devices are properly protected. Unfortunately, many organizations struggle with understanding the various technologies that can pose a threat – especially since some are fairly inconspicuous. For example, printers, thermostats, and even lighting can pose a threat.
Let’s take a closer look at some of these devices and the problems that can arise from using them.
- A perfect example of a device that most wouldn’t think could be a security risk is a printer. Why would someone want to hack my printer? As it turns out, hackers are capable of not only stealing sensitive documents from print jobs on them but also gaining network credentials – all that is needed is an IP address.
- While an internet-connected light bulb seems simple enough, that is just the problem. Unlike a computer that safeguards data, a light bulb will not protect important information such as the WiFi network and password – storing it in plaintext. With no defenses whatsoever, it is easy to gain information from a device like this.
- An interesting example of stolen information occurred in 2018 when a casino’s database was breached thanks to, amazingly, a thermometer. The thermometer was connected to the cloud, allowing hackers to access the network and find a database of the biggest spenders as well as other private information. Imagine if this were to happen at a municipality, where confidential resident data is stored.
The reality of IoT in its current stage is there are obvious design flaws when it comes to security. It is for this reason that municipalities need to take cybersecurity into their own hands. Investigate the devices you might purchase to understand exactly what data it collects and be sure to install security software to protect that data. Another key aspect to staying secure is with strong and unique passwords for device accounts. Because many accounts will have a default password, changing it will significantly enhance security.
Don’t let vulnerabilities associated with IoT stop your organization from making technological gains. Implement reliable security, data protection and storage, and educate employees to create the perfect environment for innovation.