In a world that heavily relies on technology, the threat of a malicious cyber attack is always on the table; and it’s not just individual citizens who are at risk.
According to Forrester, 95% of breached records came from three core industries: government, retail, and technology. This research highlights the importance of diligent cybersecurity practices for entities in these industries, as well as the need for sufficient cybersecurity insurance policies to help weather the storm of an attack.
Security awareness, preventative measures, and cyber liability insurance are a must, and yet we see hardware and software utilized by government entities at risk for identified vulnerabilities, bugs, or oversights.
ALPR Devices: Necessary Evil or Invasive Technology?
Automatic license plate recognition, also referred to as ALPR for short, is a common technology utilized across the United States. Both government agencies and authorities employ ALPR equipped cameras to track license plates (and by association, people) as they move from one location to another. This tracking can be used to determine where individuals go, who they see, and where they live.
ALPR cameras are sprinkled across the US, numbering into the tens of thousands of devices. They collectively monitor, analyze and report back on thousands of locations and license plates every day.
Since their inception, ALPR equipped cameras have been an area of concern for both the public and cybersecurity community alike. Those cameras connected to the internet are especially at risk, easily identifiable by those with malicious intent, and often equipped with little to no protection. In fact, many ALPR setups are delivered with weak default passwords, many of which don’t get updated prior to installation.
ALPRs are a treasure trove of sensitive data on both drivers and their vehicles ripe for the taking because of weak or no security.
A Known, yet Unaddressed Security Threat with Serious Consequences
The risks associated with ALPR systems are well documented. In fact, in a highly publicized 2015 breach, the city of Boston’s ALPR system was compromised and driver and automobile data exposed from as far back as 2012.
The Boston breach brought about further negative attention to the use of ALPR cameras in the U.S. and the potential damage to the public at large if compromised. As a result, the Electronic Frontier Foundation launched its own investigation, finding dozens of exposed devices.
In 2014, security researcher Darius Reamon utilized a search engine for exposed IoT (internet of things) devices and exposed databases. With this search engine, called Shodan, Reamon was able to uncover many formerly popular models utilizing default passwords at risk of attack and unauthorized access.
While web-based interfaces are generally locked down utilizing standard security methodologies, many of the actual ALPR devices are subject to unauthenticated access through Telnet ports (Telnet is an older computer protocol that was built for interacting with remote computers). These effectively allow malicious users to run commands on the device with no password at all. Access via Telnet ports can result in unauthorized users gaining access to each device’s respective database of license plate and other data.
ALPR Systems at Risk of Repeating History
Despite public outcry and documented breaches, little has been done to further secure ALPR systems and the data they collect.
In early 2019 TechCrunch conducted their own research on the matter, finding over 150 ALPR devices across a number of manufacturers that were both connected to and searchable on the internet. These devices were either blatantly exposed or easily accessible by would–be hackers with little effort. TechCrunch reported that a large number of the devices were still using the default passwords documented in their respective manufacturer’s support guides.
The Importance of Cyber Security Measures
The risk of cyber-attacks and breaches is an omnipresent threat of any organization that relies on technology for part of their operations. This threat is of particular concern to governmental agencies that collect and retain both civilian and national security data.
In 2016, the number of cybersecurity incidents reported by federal agencies topped 30,899 in the United States.
The need for investing in cybersecurity measures is so dire that the White House’s Office of Management and Budget released findings highlighting that out of 96 federal agencies assessed, 74% were deemed as either “At Risk” or “High Risk”, needing immediate and critical cybersecurity improvements.
These findings highlight the necessity for cybersecurity measures as well as cybersecurity insurance for your clients in the government sector.
Cyber Liability Insurance: an Important Safety Net
Given the risk profile and state of cybersecurity among government agencies and entities, the need for both security and cyber insurance to protect citizen data has never been greater.
Comprehensive cyber liability insurance policies can help your clients with protection against liabilities stemming from data breaches involving sensitive data and against associated damages that may come about as a result of that breach.
Cyber Insurance Policies can provide coverage for:
- Legal fees and expenses
- Notifying citizens about the breach
- Aiding in the restoration of personal identities of those affected
- Recovering compromised data
- Repairing damaged systems
- Remediating the threat
- And more…
Ready to Help your Clients Take Control of their Cyber Liability?
Since 1997 INSUREtrust has pioneered the way for innovative and comprehensive cyber policies for both the public and private sector. Our team of industry leading experts simplifies insurance products for emerging risks, helping you easily identify impactful solutions for your clients.
Whether you’re working with Fortune 500 corporations, government agencies or a mom and pop retailer, INSUREtrust can help you find the perfect coverage.
Reach out to us today to learn more.