As digital signage continues to proliferate across various sectors—from retail to public transport—so too does the urgency for robust cybersecurity measures. A recent survey conducted by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) revealed a concerning trend: nearly 40% of the organisations surveyed did not conduct risk assessments for their digital signage systems. This lack of foresight could expose them to serious cyber threats.
Digital signage has transformed how businesses engage with customers, serving as a powerful tool for advertising and information dissemination. However, with increased usage comes increased risk.
Respondents to the "IoT Security Study Report on Digital Signage" revealed concerns over the security of these devices. The study revealed that up to 39% of organisations have not undertaken necessary cyber risk assessments. HKCERT has noted that “the importance of understanding potential security risks cannot be overstated,” urging users to adopt proactive measures.
The report identified 20 vulnerabilities across eight different brands of digital signage, with 10 of these categorised as high-risk and requiring immediate attention. HKCERT even demonstrated how a cyber attack could gain control of a device in as little as three seconds, illustrating the alarming ease with which malicious actors can exploit these vulnerabilities.
“Digital signages are numerous and influential, with applications across various industries and aspects of daily life,” said Ir Alex Chan, general manager of the Digital Transformation Division of Hong Kong Productivity Council (HKPC) from HKCERT. “A cyber attack could have catastrophic consequences. Before attacks become systematic and routine, we must warn the public about these risks and enhance security awareness and defence capabilities.”
HKCERT has outlined six critical security recommendations to assist organisations in fortifying their digital signage systems:
- System and Software Security: Disable unnecessary software and services, ensure timely updates of software libraries, and implement strong password hashing.
- Network Security: Utilise secure protocols such as HTTPS and enable system firewalls to safeguard against intrusions.
- Physical Security: Disable USB auto-run and auto-play features, and restrict access to physical interfaces to prevent unauthorised access.
- Data Protection Strategy: Regularly back up data to mitigate potential losses in the event of an attack.
- Secure Content Management: Establish review procedures and monitor content integrity to detect any unauthorised changes.
- Secure Account Management: Implement strong password policies, multi-factor authentication, and adhere to the principle of least privilege in user access.
The report concluded that as digital signage becomes an integral part of modern communication, the importance of cybersecurity cannot be overlooked. By adopting these recommendations, organisations can significantly reduce their vulnerability to cyber threats, ensuring a safer interaction with their customers.
