The vulnerabilities associated with the IoT are amplified by the explosive growth in the number and types of devices.
“It’s a huge number,” Barendt says. “Our campus has had high-speed internet to every dorm since the ’90s. It’s been common for students to have multiple IP-connected devices in their rooms for a long time.”
According to some estimates, there were nearly 12 billion connected IoT devices worldwide at the end of 2020, surpassing non-IoT connections (such as smartphones, laptops and desktops) for the first time.
“For years, the IT environment was separate from the operational technology environment,” Barendt says. “More and more, those things are bleeding together, and groups that are not thoughtful about it are opening up holes in their systems from a security standpoint.”
Navigating Higher Ed IoT Cyber Risks
Alan Mihalic, president of the IoT Security Institute, notes that IoT technologies “will change the way our society operates.”
Along with significant benefits, he notes, this change will bring challenges related to privacy and security.
“IoT will be at the core of the smart cities we live in, the smart buildings we occupy and even the smart bodies we inhabit,” he says. “Our privacy will be under scrutiny like never before, and our right to protect it will be under threat from an ever-growing field of threat agents.”
To secure its IoT environment, the University of Alabama at Birmingham relies on a mix of network segmentation, asset management and vulnerability management tools, says Curtis Carver Jr., vice president for IT and CIO. These strategies are supported by policies, first adopted by the university in 2019, that put parameters around IoT practices.