The Nature of IoT Device SecurityIoT devices typically collect data and send it for collection and analysis. Because of their compact design, they often have limited storage capacity, which makes them unable to use security tools like anti-malware and firewalls. Patching IoT devices can be a challenge, so security holes are sometimes left unpatched. For these reasons, IoT devices often represent a weak link in the security chain. To exacerbate the situation, many IoT networks have grown over time to incorporate numerous devices, often deployed in uncontrolled and unsecured environments. IoT networks are complex, presenting a much larger attack surface than a typical network. The more connections there are, the more opportunities there are for cybercriminals to attack. Even a minor vulnerability on a single device could expose an entire network.
Threats to IoT DevicesIoT devices face a variety of threats. Firmware (software on all IoT devices that operates the hardware) may be exploited, and even if vulnerabilities are known, patches may not be available or applied. Attackers also may break into a network using default usernames and passwords that customers have not changed or cannot change. This vulnerability was exploited by the Mirai malware, which utilized 61 common default credentials to launch devastating distributed denial of service attacks. Devices also may be vulnerable to on-path attacks, in which an attacker is positioned between an IoT device and a server for example, between a security camera and its cloud server and intercepts communications between them. The risk of data exposure in these scenarios is high since many devices do not encrypt communications by default. Because IoT devices connect to the internet, attackers can exploit known vulnerabilities and take over devices as a first step in conducting attacks that allow them to move laterally through an enterprise network, stealing data, implanting malware, or accessing sensitive information.
IoT RisksIoT devices can be risky for two reasons: They are easy to exploit, and once exploited, they can wreak serious havoc. Many devices are not designed with security as a top consideration: They may have poor internal controls, come with default passwords that are difficult to change, be unable to encrypt data or have known vulnerabilities for which the manufacturer has not issued a timely patch. Once an IoT device is exploited, the harm cyberattackers can do can be severe. Compromised IoT devices that provide physical access, such as card reader systems, could allow unwanted visitors to enter a facility with no audit trail. IoT-based HVAC systems without adequate security could enable cyberattackers to take remote control of a building’s temperature and humidity, damaging inventory or disrupting work.
What Steps Can IT Leaders Take?Ultimately, organizations should work to secure every device or node on an IoT network. Following these steps below should help IT leaders improve their IoT security. IT teams should make sure devices are sufficiently authenticated (with an authentic TLS certificate, for example) so requests to applications, services and protocols come from authorized devices.
- Know what you have: Many IT professionals are unaware of all the IoT devices on their networks. A 2020 Infoblox study found that over a 12-month period, 80 percent discovered unknown IoT devices on their networks. IoT device management platforms can provide teams with visibility into their entire inventory and potential security issues. A device management system can identify and profile all devices and monitor them regularly.
- Choose the right devices: Organizations should acquire only IoT devices designed with effective security features, and only from manufacturers who release timely security updates. California and Oregon laws require devices sold in those states to be fitted with reasonable security features, such as unique passwords, regular security updates and vulnerability disclosures. Organizations should avoid devices without an external interface or with unchangeable credentials, and they should turn off any unneeded features such as microphones and ports.
- Secure your device access: Cybercriminals access devices in uncontrolled environments, or via stolen credentials, to upload malware, access unencrypted data or incorporate the devices in botnets. IT professionals should change default credentials when installing an IoT device and should avoid the reuse of the same credentials across multiple similar devices.
- Secure the data: Encryption helps protect data at rest and in transit, even if it were to be accessed or stolen by an unauthorized entity. Encryption is essential to preventing eavesdropping, which is especially prevalent in industrial espionage.
- Patch, patch, patch: When a manufacturer releases a security update for a discovered vulnerability, IT teams should update devices in the field immediately. Waiting even a couple of days can mean that hackers can exploit the vulnerability.
IT Modernization Success Although the thought of mainframe migration can be intimidating, it is a crucial step that businesses must
Businesses all over the world have realised how important artificial intelligence (AI) is to driving change and company expansion. Many
With edge computing, it has always been possible to leverage “big data” (a term we now hardly ever hear) more
In recent years, the physical security sector has seen significant change. In this constantly changing business, cutting-edge technology advancements and
You need data as a business to forecast market and target user trends, find pertinent opportunities, and sell your brand
A thorough comparison of NordVPN vs ExpressVPN has been released by Privacy Wizards, a renowned supplier of internet security and
Artificial intelligence makes CEOs and security analysts happy in the field of cybersecurity. One benefit of automation is that less