Research

Report: More IoT Device Exposures Seen in Education Institutions

• By Rhea Kelly
• 01/26/21

Education institutions have a 14x higher rate of Internet of Things device exposures compared to other industries, according to a recent report from RiskRecon and cybersecurity research firm Cyentia Institute. Researchers analyzed millions of internet-facing hosts controlled by more than 35,000 organizations to find out what types of IoT devices are prevalent in enterprise environments, and how exposed IoT devices can correlate with other security-related risks.

In the education sector, 6.6 percent of organizations had exposed IoT devices, compared to the base rate of 0.5 percent across industries. Taking all industries into account, the top three types of exposed IoT devices were: cameras, "management interfaces" (meaning a variety of devices using generic IoT development software) and printers. Of those exposed devices, the researchers found, 85.7 percent had "critical" security issues that could result in serious compromise.

Organizations with exposed IoT devices also had a 62 percent higher density of other security issues. The biggest increase was seen in network filtering and software patching issues, which both jumped at least 60 percent in correlation with exposed IoT devices vs. non-exposed IoT devices.

The full report is available on the RiskRecon site (registration required).