They can do everything from monitoring vital signs in hospital rooms to watching doorways for visitors and intruders. They’re capable of tracking the temperature and vibration levels inside trucks transporting food, as well as ensuring restaurant freezers function properly. Internet of Things (IoT) devices are everywhere these days, and their usefulness is on the rise as organizations around the world aim to stay productive while maintaining social distance, according to the EHS Today article “How IoT is Helping Businesses Adapt to Pandemic-Related Disruption.”
The number of internet-connected “smart” devices present in our homes and offices has skyrocketed in recent years, particularly as many businesses have embraced this new type of tech as part of their digital transformation efforts. Last year, Gartner estimated that the automotive and enterprise IoT market would reach 5.8 billion endpoints worldwide in 2020.
The current crisis has also created opportunities to put these gadgets to good use: A recent study titled “Internet of things (IoT) applications to fight against COVID-19 pandemic” contains a long list of applications for these devices, from smart contact tracing to rapid screening via internet-connected medical devices.
However, despite all the ways in which they can potentially streamline healthcare and otherwise improve our lives, IoT devices have at least one significant downside: They create new points of vulnerability that malicious actors can exploit to infiltrate private networks and gain access to sensitive data. As a result, it’s crucial for CISOs and other security leaders to pay close attention to IoT-related risks right now, especially if their organizations have transitioned some or all of their staff members to remote work arrangements.
What the Shift to Remote Work Means for IoT Security
Even before this year’s mass move to working from home, hackers had already honed in on IoT devices as attractive targets. They’re generally easier to hack since most organizations already have plenty of safeguards in place for older forms of technology like laptops and desktops. As a result, cybercrime focused on IoT devices was already exploding in recent years: SonicWall identified 32.7 million IoT attacks in 2018, a 215.7 percent increase from 10.3 million in 2017.
Attackers often convert IoT devices into nodes for botnets, which the criminals then leverage to carry out Distributed Denial of Service (DDoS) attacks, mine cryptocurrency, or steal data, the SophosLabs 2019 Threat Report states.
Consumer smart devices in particular often have serious flaws like firmware vulnerabilities, flawed authentication schemes and improperly secured admin interfaces that leave them vulnerable to cyberattacks, according to the ZDNet article “There’s a growing blind spot for your security team during the pandemic: IoT devices.” Nearly all (98 percent) of IoT device traffic isn’t encrypted, and more than half (57 percent) of these devices are vulnerable to attacks of either medium or high-level severity, according to the 2020 Unit 42 IoT Threat Report from Palo Alto Networks.
Now, with many people performing their professional duties from home, consumer IoT devices share networks with corporate ones, propping open the door for hackers looking to infiltrate companies’ networks, as the ZDNet article states. Consequently, IoT-focused incidents proliferated in the first half of this year, with 20.2 million attacks identified by SonicWall, a 50 percent year-over-year increase.
How to Protect Your Network and Data
To keep your data breach risk level as low as possible, it’s imperative that you take steps to proactively combat cyberattacks that target potentially vulnerable IoT devices. Some solutions that can help address the issue of IoT security include the following:
- Network and endpoint Managed Detection and Response (MDR), which helps you proactively identify and address threats as quickly as possible.
- Employee security awareness training, including specific information about IoT devices. For instance, you can potentially instruct them on how to segment home networks to keep IoT devices and corporate devices separate, according to ZDNet.
- Zero-trust network architecture with a Secure Access Service Edge (SASE), which ensures remote users only have access to the specific resources and apps they need to do their jobs. We provide this via our Office Anywhere solution.
Ultimately, we must all remain vigilant as cybercriminals look for ways to catch us off guard as we continue to adapt to the “new normal” created by the continuing public health crisis. If you have any questions about the best ways to tackle IoT security risks, our team of experienced security analysts would be happy to assist you. Just give us a call at 877-599-3999 or email sales@stratospherenetworks.com.
