IMC Newsdesk

IoT devices are weak link in smart cities, says Digital 14

  • June 9, 2020
  • Steve Rogerson

Smart cities can unlock business potential but are increasingly vulnerable as smart and connected devices offer opportunities for cyber criminals, according to UAE advisor Digital 14.
 
Smart cities are expected to boost lucrative business opportunities for the UAE and the region. However, the IoT, the technology underpinning these complex and interconnected urban networks, offers a considerably expanded attack surface for cyber adversaries of all kinds, according to Digital 14, a UAE-based advisor in digital transformation and cyber resilience.
 
The report suggests cyber attacks are expected to rise, as the government and organisations adopt the benefits of smart city technologies.
 
“Smart cities will undoubtedly unlock enormous efficiency and productivity gains for the UAE and other nations,” said Joshua Knight, executive vice president at Digital 14. “However, the highly networked environment that UAE companies operate within offers opportunities to release prolific malware that can have catastrophic ramifications, or stimulate lucrative criminal enterprises. By their very nature, smart cities simply broaden the attack surface available to malicious actors.”
 
There are an estimated 22 billion networked devices worldwide. The interconnected nature of smart cities means that by 2025 that number is forecast to rise to 38.6 billion. Each device serves as an entry point for malicious actors, with everyday gadgets such as IP cameras and digital video recorders likely to be at the greatest risk. In fact, more than a quarter of attacks against enterprises this year will involve IoT devices.
 
The GCC is increasingly prone to IoT attacks, with 18.45% of public-facing hosts in the UAE alone potentially vulnerable to such attacks, according to the report.
 
“IoT devices are the weak link in the smart city chain,” said Knight. “It is imperative that organisations and individual end users recognise this potential vulnerability and take prudent steps to secure their networks and protect themselves from cyber attacks.”
 
The UAE is hit by an average of 304 attacks per day, the highest in the GCC. More than 42,500 IP cameras are potentially vulnerable to cyber attacks in the GCC. Nearly 8000 digital video recorders in the region are openly exposed to an outside network. And 18.45% of public-facing hosts in the UAE alone are potentially vulnerable to attacks.
 
A particular focus of the report is Expo Dubai 2020, which will now be held next year. This demonstrates the potential of smart city technology for future smart cities around the world. As one of the most interconnected and technologically advanced World Expos ever held, Expo 2020 will replicate similar logistical and cyber security challenges to those of a smart city, but within a compressed timeframe. As Expo 2020’s official cyber-security provider, Digital 14 will oversee the cyber security of the event’s digital platform and safeguard the digital experience of its visitors and participants.
 
“As with any global mega event, cyber security is critical to deliver a safe, secure and successful Expo 2020,” said Eman Al Awadhi, vice president of Expo 2020 Dubai. “Digital 14 is committed to ensuring Expo 2020 is protected through a combination of innovative cyber security, ground-breaking initiatives and on-going services that secure new technologies and support cross-partner flexibility and functionality with a robust security operations centre. With millions of visitors expected throughout Expo 2020’s six-month run, Digital 14 will also seek to balance local and international best practice and regulations in data privacy and to enable compliance with the GDPR, ensuring the safety and privacy of Expo visitors’ data.”
 
The report proposes six actionable takeaways for organisations to defend themselves against new and evolving threats, including validating IoT devices before deployment, continuously monitoring all devices on the IoT network, and isolating IoT devices away from crucial and sensitive networks.