Hong Kong – Nearly 40% of organisations fail to carry out risk assessments for their digital signage systems, exposing them to significant security risks.
This is according to the latest survey from Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), highlighting the urgency for robust cybersecurity measures concerning the rapid adoption of digital signages.
Based on the report, about 39% of organisations admitted skipping necessary cyber risk assessments, noting concerns over the security of said devices. This figure underscores the critical need to recognise potential security risks, urging users to take proactive steps to safeguard their systems.
Eight brands of digital signage were also found to have 20 vulnerabilities, 10 of which are classified as high-risk and require urgent attention. The company emphasised the danger by demonstrating how a device could be hijacked in under three seconds, underscoring the vulnerabilities’ severity.
In response to these concerns, HKCERT emphasised six crucial security recommendations to help these organisations enhance their digital signage systems. These include disabling unnecessary software and services, ensuring timely updates of software libraries, and implementing strong password hashing.
HKCERT also reminded organisations to use secure protocols such as HTTPS and enable system firewalls to protect against intrusions. Physical security must also be considered, encouraging them to disable USB autorun and autoplay features and restrict access to physical interfaces to prevent unauthorised access.
A regular data backup is also needed to mitigate potential losses in the event of an attack.
Furthermore, the company urges securing content management by establishing review procedures and monitoring content integrity to detect any unauthorised changes.
Secure account management is another key recommendation, with a focus on implementing robust password policies, enabling multi-factor authentication, and limiting user access based on the principle of least privilege.
Alex Chan, general manager of the Digital Transformation Division of Hong Kong Productivity Council (HKPC) from HKCERT, remarked, “Digital signages are numerous and influential, with applications across various industries and aspects of daily life. A cyber attack could have catastrophic consequences.”
“Before attacks become systematic and routine, we must warn the public about these risks and enhance security awareness and defence capabilities,” he added.
