Businesses open to attack as surge of IoT vulnerabilities continues into 2021

Hackers are taking advantage of the shift to new ways of working

Pro

In association with SecurityHQ

Throughout 2020, and continuing into 2021, there has been an unprecedented surge in the use and procurement of IoT devices for both home/personal and business environments.

According to CMI, in the global IoT market, the installed base of IoT devices reached 23.1 billion devices in 2018. This is expected to grow to 30.7 billion devices in 2020 and to 75.4 billion in 2025.

Internet of Things, (IoT) devices are pieces of technology/hardware that are programmed to transmit data over a network. These devices are now used across most industries around the world.

Manufacturing companies use IoT for automation, hospitals depend on IoT devices for medical procedures and monitoring, home security systems are becoming more popular by the day, and smart plugs and doorbells continue to make our lives easier both in work and at home.

IoT, a blessing or a curse?

There are, undoubtedly, great benefits to IoT devices in business, including:

• Efficiency. By automating monotonous tasks.
• Data collection. By using IoT devices, businesses can collect more data that can be harnessed to aid business decisions.
• Customer experience. By engaging with customers via smart automation, the customer journey is often improved.
• Flexibility. By controlling everything from your phone, elements of business can be operated and monitored remotely, no matter the location or time of day.

But this growth, in many ways, is highly problematic. These devices, if not configured properly, are unsecure. And with most of the world working remotely and acquiring devices to make new living conditions better/easier, means that hackers have a great advantage. Everything from third party risks, botnets, ATPs, DDnS attacks, supply chain attacks, ransomware attacks and man-in the-middle attacks, to name just a few, have increased this year. This is not surprising, as bad actors now have a far greater threat surface filled with vulnerabilities to delve into.

“Not only has the number of attacks grown, but so has the severity of attacks. Infact, ‘researchers from Microsoft have seen several nation-state hacking groups targeting commonly used IoT devices to gain access to organizations’ networks and seek more valuable targets within the enterprise,” says Jessica Davis, Health IT Security.

Eleanor Barlow, SecurityHQ, adds: “What’s more, people are not educated on how to use these IoT devices. They are often easily accessible online, on amazon and eBay for instance, and are inexpensive. Often users believe that once set up, their €50 devices are completely secure, because they trust that manufacturers would have this element covered. But this is far from the case.

“So, imagine when a hacker manages to break into your network, completely undetected, and enters your security cameras, your audio, your monitors, your doorbell. Soon, what was designed to safeguard, becomes a viewing point for the attacker. Even your smart freezer could become an alert system of your activities.”

Now image this, but on a grander scale, outside of the home environment. Take healthcare, for instance. The last 12 months has seen an exponential number of attacks on IoT-based medical devices. These include devices such as vital sign monitors, implanted devices, smart pens, and wireless infusion pumps. This means that hospitals must become completely transparent when it comes to working with their MSSP, and all areas of vulnerability across digital platforms must be made a priority.

As we become more and more dependant on these devices, the more we depend on the right security, and the harder we fall if those security processes are not in place. IoT is being monetised, and with a dependence on this connectivity, ransomware attacks are only increasing.  

According to Statista, 43% of all networked devices will be mobile-connected’ by the end of 2021. Of course, there are many benefits of being able to control things from your mobile device. Take security Apps, for instance. Cyber never sleeps. Survival demands agility and response demands collaboration, visibility, and action, which is why apps for clients to handle and respond to incidents anytime, anywhere from their phone, can increase security posture. IBM, for instance, connects the user’s device using APIs to connect apps to device data. But when you can control everything from a portable device, you also need to ensure that all portable devices are secured.  

Which means that the user must:

• Create strong passwords to each device. Using different complex passwords.
• Use two-factor or multi-factor authentication for all account activity.
• Keep devices locked when away from them.
• Adjust the browser settings of each device.
• Keep OS and all Apps updated.
• Do not install apps from third party portals. Only install them directly from the app store. (Read more about how to spot third party risk on the SecurityHQ blog.)
• Do not use open Wi-Fi networks.
• When in doubt, contact an expert.

The take away message is to secure your portable devices, configure IoT devices properly, monitor and secure your business network using experts who know how to detect and respond to threats.

SecurityHQ prides itself on its global reputation as an advanced managed security service provider, delivering superior engineering-led solutions to clients around the world. By combining dedicated security experts, cutting-edge technology and processes, clients receive an enterprise grade experience that ensures that all IT virtual assets, cloud, and traditional infrastructures, are protected.

Professional Development for IT professionals

The mission of the Irish Computer Society is to advance, promote and represent the interests of ICT professionals in Ireland. Membership of the ICS typically reduces courses by 20%. Find out more