It’s no surprise to IT professionals that cyberattacks are on the rise. In recent months, hackers have taken over municipal computer systems in Atlanta, Baltimore, Albany, and other cities. Louisiana Gov. John Bel Edwards issued a statewide emergency declaration on August 21 after security breaches were discovered in several school systems throughout the state.
IAUG members also need to be aware of a reported vulnerability in several Avaya IP deskphones running firmware version 6.8.1 and earlier and configured with H.323 signaling. SIP phones are not affected by the vulnerability in the DHCP service, which allows the devices to automatically obtain IP addresses on the network. Avaya has issued an H.323 Deskphone and IP Conference Phone DHCP security update and advised users to upgrade the firmware as soon as possible.
While phones and routers have long been favored targets for cyber criminals, the rise of the Internet of Things (IoT) has added millions of sensors, security cameras, personal wearables and other devices to the network edge. Without security precautions – like Avaya’s Surge connector – hackers may be able to use these devices to penetrate an organization’s network.
In fact, a May 2019 global survey by Irdeto found that 80 percent or responding organizations had experience a cyber attack on their IoT devices in the past 12 months. The Irdeto Global Connected Industries Cybersecurity Survey of 700 enterprises in five countries (China, Germany, Japan, UK and US) found that 90 percent of those organizations experienced an impact as a result of the cyberattack, including operational downtime and compromised customer data or end-user safety. The transport, manufacturing and healthcare sectors were particularly vulnerable with an average financial impact of more than $330,000 from an IoT-focused cyberattack.
“One of the most promising results of the study is that organizations in technology, transport, manufacturing and healthcare are thinking even more strategically about security,” said Steeve Huin, VP of strategic partnerships, business development and marketing, Irdeto. “This is a clear indication that today’s businesses realize the value add that security can bring to their organization.”
In order to achieve that positive goal, IT professionals need to understand the security limitations of many IoT devices. Overall, 96 percent of users felt that the cybersecurity of the IoT devices they use could be improved either to a great extent or to some extent. That’s an alarming finding, since these devices are proliferating rapidly around the world.
Along with taking a micro-view of IoT devices, IT professionals also need to adopt a cybersecurity strategy prior to rolling out a new deployment. This often involves adding multiple levels of security for a defense in depth against hackers.
However, the Irdeto survey found that only 7 percent of respondents felt their organizations had everything necessary to tackle cybersecurity challenges. In addition, 46 percent reported that they needed additional expertise/skills within the organization to address all aspects of cybersecurity.
With the 2020 budget season fast approaching, IT managers should be sure to review their allocations for cybersecurity – including retraining or cross-training members of the current team. It may also involve investing in more effective cybersecurity tools and solutions.
As President Thomas Jefferson once said, “Eternal vigilance is the price of liberty.”