ISACA: Smart cities need to be made more secure

Urban life is increasingly dictated by technology, but organizations aren’t doing enough to mitigate the risks that come with that, according to an ISACA® report.

The survey of 2,000 cybersecurity professionals from across the globe focused on the challenges and opportunities of smart cities, and found widespread concerns about system vulnerabilities and organizations’ ability to handle them.

The energy sector was seen as the most susceptible to cyber attacks (71%), followed by communications (70%) and financial services (64%). But before organizations rush to limit the use of smart technology, it’s worth noting that these sectors are among those thought to benefit the most from technology.

The threats

Malware and denial-of-service attacks pose the biggest threat to smart city technology, according to respondents. They also believe that attacks are most likely to be carried out by nation states (67%) and ‘hacktivists’ (63%).

Additionally, they consider national governments better suited to deal with the threat (55%) than municipal governments (15%).

Commenting on the report, Robert E. Stroud, past chair of ISACA, said: “Before our cities can be identified as being ‘smart,’ we must first and foremost transfer this smart attitude to the way we approach and govern the rollout of new technology and systems.

“Our urban centers have many potentially attractive targets for those with ill intent, so it is critical that cities make the needed investments in well-trained security professionals and in modernizing their information and technology infrastructure.”

Handling threats

The majority of respondents believe that the best way to tackle the threat of cyber attacks is to implement new tools and techniques, such as smart grids and artificial intelligence. However, less than half expect suitable defenses to be implemented within the next five years.

This is indicative of the wider cybersecurity picture. Organizations in all sectors are prone to think of technology as a panacea, using it to address business concerns, create new opportunities and keep them secure.

Technology can certainly be hugely beneficial, but it shouldn’t be organizations’ only line of defense. It’s equally important to understand the threats that your organization faces, so that you can avoid potentially costly mistakes and use your technology appropriately.

Organizations that take cybersecurity seriously should have adopted ISO 27001, the international standard that describes best practice for an information security management system (ISMS). They should also have experts on board to check that they maintain compliance. Auditing your compliance posture is an essential part of the process, as it’s all too easy for organizations to fall into bad habits.

Become an ISO 27001 expert

Anyone interested in gaining the skills to fill this vital auditor role should consider enrolling on our ISO27001 Certified ISMS Lead Auditor Online Masterclass.

This fully certified, practitioner-led course teaches you everything you need to know about executing an ISO 27001-compliant ISMS audit. Over five days, you’ll learn:

  • How to audit an ISMS against ISO 27001
  • Best-practice ISMS audit methodology
  • How to audit risk assessments
  • Interview techniques
  • How to prepare, lead, and report on the findings of an information security audit

Learn more >>

Train with the world leaders in ISO 27001