IoT devices are captivating. They can control and automate a range of tasks and processes. Cool or heat your home before returning from work, watch over your infant via a connected security camera, or ask Alexa to manage the shopping list. And all of this can be done remotely, from a mobile phone.
For organizations, the promise of machine learning is made more real with IoT. With billions of connected devices, there is broad availability of real-time data for analytics. This combination will enable experts to use IoT data to train all forms of artificial Intelligence applications including machine learning engines.1
But, what do we trade? The answer is simple. Security.
Even with the chip shortage slowing the IoT market, the number of global IoT connections grew to 12.2 billion active endpoints.2 Each of these endpoints represents a device that connects to a network, each talking back to a central data store. And each device is an individual computer that collects data, processes information, and transfers data.
The sheer mass of the attack surface is enough to attract any threat actor, from the novice to the advanced. But the allure is even stronger. This ecosystem is comprised of devices from different manufacturers and with different security protocols. And the unfortunate reality is, IoT security is lagging. Driven by innovation and profits, manufacturers are laser-focused on spend and speed to market, with the implications of properly securing the cloud often lost in the process.
Breach one device – or endpoint – and an attacker is one step closer to the central data store. This is where the jewels sit; personally identifiable information (PII) and payment card information, for example. Or, millions of health data points from wearable medical devices, entry codes to a smart building, or access to an organization’s VoIP phone lines.
Beyond this, once a central server is breached, a threat actor can easily push malicious software updates out. When this happens, all devices connected to that central hub are vulnerable. Consider the security of your home network especially if you Work From Home. Would these devices be able to spy on you, are you buying devices from vendors that are reputable and have their products tested regularly? If you have IoT devices such as a smart doorbell or camera, can these be misconfigured to be accessible from the Internet? Consider utilizing network segmentation so in the event that these devices were ever breached an attacker would not be able to see or communicate with your work devices.
Building IoT resilience comes down to you.
#BeCyberSmart
Minimize Your Personal Attack Space.
Realize that you are taking a risk with each device you connect. Ask yourself: Do I really need this toy? this appliance? Don’t get caught up in marketing hype. Consider security features first and stick with established vendors.
Follow Cyber Hygiene Practices.
Adhere to strong password guidelines and where possible switch to pass phrases. Use a password manager, and do not share credentials across devices. Enable auto-updates when offered, and check your security, permission, and privacy settings.
If Hacked, Disconnect.
If you suspect a breach, contain the device immediately by removing it from the network. If someone compromised your laptop or enterprise network, seek out an expert. Contain, eradicate, ensure the attacker is gone.
Make better decisions to help keep our interconnected world more secure.
1 Source: Top IoT Market Demands: Internet of Things 2022. Blog. Oladele, Ayo. Velvetech. August 2022. Retrieved from https://www.velvetech.com/blog/top-iot-market-demands/
2 Source: State of IoT spring 2022.” IoT Analytics. May 2022. Retrieved from https://iot-analytics.com/product/state-of-iot-spring-2022/