IoT usage will surge by over 30% this year, according to a report from Gartner. The massive uptake of IoT products hasn’t gone unnoticed by cyberattackers. They’re also positioning themselves to take advantage of the shifting realities in technology. From small-scale brute force attacks to complex sprawling botnets, attacks on the Internet of Things are also on the rise.
The root of the problems is the poor security protections around many IoT products. Last year, a denial of service attack that forced websites including Amazon and Spotify offline was blamed on hijacked smart webcams. We’ve seen successful exploits of connected door locks and impressive demonstrations performed against cars. Vulnerabilities can also arise when makers issue a broken software update or carelessly leave factory backdoors open.
Although more needs to be done around IoT security, the responsibility for protecting individual deployments still lies with the operator. In an article with Tech Pro Research, Rob Clyde, vice-chair of IT governance firm ISACA, said firms must ensure they proactively maintain connected products.
READ NEXT: GE learns that IoT doesn’t scale as it rethinks digital strategy
Tasks requiring manual intervention could range from installing updates to boosting security with in-house measures. As more companies transform themselves into digital businesses, those coming from a traditional industry background don’t necessarily appreciate the risks of IoT. Assigning a staff member to IoT maintenance could be a wake-up call for the wider organisation.
“Make sure someone is assigned to watch for, and implement, patches or workarounds relative to IoT or other issues,” said Clyde.
In the absence of adequate security around the devices themselves, firms should be using their own firewalls to block IoT attacks. Devices with access to wider corporate networks should be actively monitored, ensuring any anomalies that could indicate an intrusion don’t go undetected.
“There is generally no good reason to directly connect unprotected IoT devices to the public Internet, except for modems and routers,” Radware security evangelist Pascal Greenens said in the Tech Pro Research article. “In my experience, there is no label for devices that have been designed with cybersecurity in mind.”
READ NEXT: 8 billion Bluetooth devices at risk of attack
The potential consequences of negligence are severe. A successful attack could grant attackers access to wider network infrastructure, or allow them to wire the organisation into a site-destroying botnet. Such an intrusion could go unnoticed for months or even years unless monitoring protocols are established and rigidly enforced.
As IoT takes off, it’s clear the tech’s not a perfect solution for businesses. While it can streamline workflows and boost efficiency, the risks are tangible. Reminders of the potency of IoT attacks now make the news every few months, whether it’s the Mirai botnet or Russian intrusions into U.S. power stations.
IoT devices brought into businesses should be treated with caution. Since vulnerabilities and backdoors are present in almost all products, a relaxed “innocent until proven guilty” approach could be a recipe for disaster.
The tech’s becoming more attractive to hackers and breaches will grow as adoption increases. Although businesses aren’t going to stop using IoT anytime soon, they should be stepping back and evaluating the risks.
