Do Small Businesses like Gas Stations Need to Think about IoT Cybersecurity?

It turns out small business owners need to be very vigilant about cybersecurity. Most small businesses have an increasing number of IoT applications – e.g. internet connected security cameras. These connected devices not only increase the cyber-attack surface but also tend to be highly vulnerable. For example, internet connected security cameras make up about half of the most commonly hacked connected devices.


Cyberattacks on gas-stations, ResiliAnt

Recent statistics indicate that 58% of malware attack victims are small businesses. Further, the average cost incurred by a very small business as a result of a cyber-attack has risen to $200,000. Consequently, about 60% of small businesses go out of business within 6 months of an attack.

Gas stations have grabbed the attention of the hacking community, according to an article published on ZDNet in September 2019. The article describes how underground forums are requesting information on how to hack gas pumps. In December 2019, Visa reported evidence of a gas station’s fuel dispenser merchant POS being impacted, and numerous other articles have been published regarding software vulnerabilities in IoT devices deployed in gas station environments.


Connectivity in gas stations, ResiliAnt

Some gas stations are highly integrated for efficient operation, and management may include use of multiple applications. The connected operational technology (OT) likely includes the automatic tank gauges, sensors and dispenser system. Inside a gas station, a POS system can be connected with a printer, a payment terminal tag reader, etc. Often the HVAC, back-up power, and security systems are also connected to the same network. Vulnerabilities in any of these devices can expose the entire network if the applications aren’t segregated.

Small businesses can employ some of the following basic practices to manage risks:

  • Consider an appropriate level of cyber-insurance

  • Identify all the vulnerabilities in devices, systems, configurations, processes and policies in your business at least once a year, preferably twice a year

  • Remediate/mitigate the identified vulnerabilities with an ROI mindset

  • Offer training and build cybersecurity awareness among employees

  • Use good cyber-hygiene practices - i.e. strong passwords, multi-factor authentications, etc.


ResiliAnt has developed a solution specifically for small to medium-sized enterprises (SME) to manage their cybersecurity related risk. If you have interest in learning more about ResiliAnt’s solution, you could reach us at info@resiliant.co.