Cybersecurity Threats from Above: How Drones Put Our Sensitive Data at Risk
This October, Cybersecurity Awareness Month has never felt more important.
In the past year, we’ve seen the volume and sophistication of cyberattacks from around the world increase. These attacks have impacted schools, healthcare organizations, fuel pipelines, food suppliers and more, often resulting in disruptions across public health, supply chains and national security. By the end of this year, cybercrime is expected to cost the world $6 trillion.
What’s driving this major surge? As technology and its use cases continue to evolve, so do the ways consumer and business data can be manipulated. And as a result, it’s never been more important for businesses, professionals (and the rest of us) to get ahead of cybersecurity trends and risks to eliminate vulnerabilities and prevent attacks altogether.
At Northern Kentucky University’s recent 2021 Cybersecurity Symposium, this message was at the forefront. This year, the annual event brought together IT and security professionals to focus on today’s evolving landscape of cyber threats—and the best practices to safeguard against them. And while ransomware remains top-of-mind for many, there’s another looming cybersecurity threat that took center stage during the symposium: Drones.
How Drones Are Altering the Cybersecurity Landscape
“Today, drones are becoming ubiquitous—both in business and as a hobby. They deliver to meet consumer, manufacturer and logistics needs. But with that, they also capture, store and transmit sensitive digital assets—like personally identifiable information (PII), addresses, monetary data and more. This data can be valuable to others—making it a primary target for nefarious actors,” said Navisite’s Senior Director of Digital Transformation Elisha Herrmann. At the Cybersecurity Symposium, Herrmann led a discussion on the growing presence of drones—and the data and privacy risks that come them.
The increased focus on drones and cybersecurity makes sense. The Federal Aviation Administration (FAA) reports that there are nearly 1.5 million registered drones in the United States. From military use and weather forecasting to delivering consumer goods and healthcare services, drones are now used in many aspects of today’s society. Even Amazon plans on making drones a regular part of their shipping process.
“As the use of drones becomes more widespread, there needs to be an increased focus on these devices and how they affect the cyber domain and security of industrial, commercial and personal data,” Herrmann said. “The malicious exploitation of drones and their data is an inevitable fact that we can’t afford to push aside.”
Like any computing device, drones store data and operate using software or firmware. These drones also usually communicate with ground stations and operators. In other words, a drone is connected to computer networks and stores and transmits information. This means that without the right cybersecurity strategies in place, drones are susceptible to many of the same risks as other connected technology, including:
- Bad actors can exploit a drone’s software or firmware vulnerabilities to take over the device and gain access to your organization’s network or systems
- Malware embedded in drone software could enable hackers to access its data
- The data sent to and from the drone could be intercepted by unauthorized parties
“Drones are an example of a new area within technology that we never used to think about in the context of cybersecurity—now we do, and we have to,” Herrmann said. “Until stricter and more consistent data privacy regulations are put in across the U.S., the risk of having sensitive information compromised is very real. It’s up to individual businesses and leaders now to ensure their drone programs and practices are secure and following best practices.”
Building the Right Cybersecurity Strategy
As with any emerging technology, businesses are only starting to grapple with the data privacy implications and cybersecurity threats that drones pose. It’ll become increasingly important that security professionals consider these devices when assessing risk and vulnerabilities and developing operational policies and procedures.
For many, this starts with a cybersecurity risk assessment, which gives business leaders the data and resources they need to recognize existing threats to their assets, identify vulnerabilities and navigate—or prepare for—potential threats. This helps businesses better understand which systems, applications and devices (including any drone programs) are putting them at risk—and empower them to build a robust, tailored cybersecurity strategy to stop potential problems before they happen.
To learn about Navisite’s end-to-end security solutions, including our advisory and risk assessment services, visit our website.