Vending machines have been around for more than 100 years. You can find them everywhere selling anything from newspapers, to soda, to sandwiches, or even actual full-sized automobiles. With modern technology, though, organizations may find their vending machines doing more than just spitting out chips and candy bars.
In recent years, vending machine manufacturers have been adding IoT sensors to vending machines, and operators have been connecting the machines to local networks to transmit real-time data. This “IoT-ification” of the vending machine solves real problems: the owner of the machine can monitor things like inventory and temperature remotely. This allows the operator to cut costs by avoiding needless trips to the vending machine to restock it when it was not yet empty.
However, any time you connect a device — even a vending machine — to a network, you expose the network to risks and cyber threats. If the vending machine can communicate over the network to share diagnostic results and operational information, it is also susceptible to attackers. The technology that monitors inventory and activity can also be hijacked for more nefarious tasks. Without comprehensive visibility and the right security controls, a network-connected vending machine can be a weak point that attackers can exploit to gain a foothold on a network.
The risk posed by connected, IoT-enabled vending machines is not purely theoretical. There are real-world examples of situations where vending machines have been used in cyber attacks.
The risk posed by connected devices is real. IoT technologies in manufacturing facilities, public utilities, and healthcare environments may pose a higher threat to safety and human lives, but even something as seemingly innocuous as a connected vending machine can have a real-world impact if it has been compromised and exploited by a cyber attack.
Traditional security tools are not able to protect you from the threats posed by IoT devices. They were not built with IoT devices in mind. Organizations need a next-generation security platform that can provide comprehensive visibility and the ability to inventory, assess, monitor, and protect all devices on the network—especially unmanaged and IoT devices that are not able to run agents or locally-installed security tools.
Sign up to receive the latest news