Learn about Insider
BrandPosts are written and edited by members of our sponsor community. BrandPosts create an opportunity for an individual sponsor to provide insight and commentary from their point-of-view directly to our audience. The editorial team does not participate in the writing or editing of BrandPosts.
For years, we’ve known that Internet of Things (IoT) devices can come under attack as quickly as within five minutes of being connected to the internet. These events predominantly include large-scale scanning techniques to exploit IoT devices that are vulnerable to basic attacks such as default credentials.
Historically, hackers have used these attacks to create a network of devices to perform a distributed denial-of-service (DDoS) attack; for example, Mirai Botnet. However, the more recent Verkada breach demonstrates the risks associated with devices that perform sensitive operations. While this might not directly present a security risk to companies utilizing IoT devices, the methods hackers used to exploit these devices should demonstrate the significant threat surface introduced by implementing IoT into any organization’s network.
The nature of the exploits being leveraged in recent ransomware attacks must be properly understood to ensure that the IoT devices the business is currently or planning to utilize in their infrastructure are secure. The OWASP Top 10 IoT list claims the number one issue with IoT devices is “weak, guessable, or hardcoded passwords,” demonstrating that not only are IoT devices becoming more prevalent in the industry but they are also being deployed with unacceptable network security measures.
As stated previously, the risk of IoT devices aiding in a DDoS attack on another business does not present an immediate risk to the IoT device consumer, but it could severely damage the reputation of any company that does not properly employ IoT cybersecurity controls to prevent a compromise of the devices on their network. Furthermore, the compromise of these devices can result in a variety of issues including, but not limited to, tampering with critical safety monitoring equipment; disruption to sensitive operations, such as manufacturing; or even a widespread attack on medical equipment on the shared network. In addition to the risks posed by compromised IoT devices, there continues to be regulatory guidance around securing devices and ensuring user privacy as evident in the recent U.S. Executive Order on Improving the Nation’s Cybersecurity.
Companies have a tremendous opportunity to incorporate IoT within their business to improve the efficiency of legacy processes, collect and operate on real-time data, and leverage the data collected to develop additional business process improvements, such as preventative maintenance. Considering all the benefits IoT has to offer, one can assume that IoT devices are not going away any time soon and will even start to become a market differentiator. So, what can be done to ensure IoT device vulnerabilities do not present a security threat to the network in which they are being deployed?
IoT devices provide significant benefits to businesses that are looking to improve their operations by implementing connected devices. However, the current state of IoT security is sub-par, to say the least. Before introducing IoT devices into a network, companies should evaluate the devices’ security, data collection practices, and network exposure. Additionally, the monitoring of IoT devices on a network is an ongoing process that should be evaluated continuously to stay up to date with the latest IoT risks and mitigations.
Learn more about Protiviti IoT services.
Connect with the authors:
Managing Director – Emerging Technologies, Protiviti
Associate Director – Emerging Technologies, Protiviti
Senior Manager – Emerging Technologies, Protiviti
View the archive