As businesses continue to invest heavily in connected devices, concerns are mounting around the damage that could be caused by cyberattacks. “Many [companies] will be sitting ducks for a variety of breaches,” a new report cautions.
The root of the problem is the poor security protection around many IoT products.
Last year, a denial of service attack occurred after hackers hijacked smart webcams. We’ve seen successful exploits of connected door locks and impressive demonstrations performed against cars, but vulnerabilities also arise when makers issue a broken software update or carelessly leave factory backdoors open.
The potential consequences of negligence are severe. A successful attack could grant attackers access to wider network infrastructure, or allow them to wire the organization into a site-destroying botnet. Such an intrusion could go unnoticed for months or even years unless monitoring protocols are established and rigidly enforced.
Rob Clyde, vice-chair of IT governance firm ISACA, told Tech Pro Research that many companies do not have employees who are responsible for keeping IoT implementations secure, and that is a critical prevention step. “Make sure someone is assigned to watch for, and implement, patches or workarounds relative to IoT or other issues,” he said.
Tasks requiring manual intervention range from installing updates, to boosting security with in-house measures.
“There is generally no good reason to directly connect unprotected IoT devices to the public Internet, except for modems and routers,” Radware security evangelist Pascal Greenens told Tech Pro Research. “In my experience, there is no label for devices that have been designed with cybersecurity in mind.”
Reminders of the potency of IoT attacks now make the news every few months, whether it’s the Mirai botnet or Russian intrusions into U.S. power stations. A relaxed “innocent until proven guilty” approach could be a recipe for disaster.
