Report: More IoT Device Exposures Seen in Education Institutions

Education institutions have a 14x higher rate of Internet of Things device exposures compared to other industries, according to a recent report from RiskRecon and cybersecurity research firm Cyentia Institute. Researchers analyzed millions of internet-facing hosts controlled by more than 35,000 organizations to find out what types of IoT devices are prevalent in enterprise environments, and how exposed IoT devices can correlate with other security-related risks.

In the education sector, 6.6 percent of organizations had exposed IoT devices, compared to the base rate of 0.5 percent across industries. Taking all industries into account, the top three types of exposed IoT devices were: cameras, "management interfaces" (meaning a variety of devices using generic IoT development software) and printers. Of those exposed devices, the researchers found, 85.7 percent had "critical" security issues that could result in serious compromise.

Organizations with exposed IoT devices also had a 62 percent higher density of other security issues. The biggest increase was seen in network filtering and software patching issues, which both jumped at least 60 percent in correlation with exposed IoT devices vs. non-exposed IoT devices.

The full report is available on the RiskRecon site (registration required).

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • an online form with checkboxes, a shield icon for security, and a lock symbol for privacy, set against a clean, monochromatic background

    Educause HECVAT Vendor Assessment Tool Gets an Upgrade

    Educause has announced HECVAT 4, the latest update to its Higher Education Community Vendor Assessment Toolkit.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.

  • university building surrounded by icons for AI, checklists, and data governance

    Improving AI Governance for Stronger University Compliance and Innovation

    AI can generate valuable insights for higher education institutions and it can be used to enhance the teaching process itself. The caveat is that this can only be achieved when universities adopt a strategic and proactive set of data and process management policies for their use of AI.

  • DeepSeek on AWS

    AWS Offers DeepSeek-R1 as Fully Managed Serverless Model, Recommends Guardrails

    Amazon Web Services (AWS) has announced the availability of DeepSeek-R1 as a fully managed serverless AI model, enabling developers to build and deploy it without having to manage the underlying infrastructure.