Cyberattacks on IoT Devices: IoT Can Mean Smarter, Faster, Cheaper, and Less Secure
The Internet of Things, or IoT, refers to the network of physical products and devices that connect to the Internet. You might be familiar with IOT as it relates to common household devices, such as Internet-connected thermostats, alarm systems, televisions, and even kitchen appliances. These “smart” devices are also popular in the workplace, with items supporting climate control, office security, scheduling, safety monitoring, energy consumption, and more. It is estimated that by 2030, there will be over 25.4 billion IoT devices worldwide.
There is no doubt about it, IoT devices have become a part of everyday life, in and out of the workplace. However, what we must remember is: if it connects to the Internet, it has the potential to be hacked.
What makes IoT devices particularly vulnerable?
While reputable IoT products typically incorporate some security features, there are various reasons why smart devices can leave your organization exposed:
- Manufacturers minimize costs to improve profits, and security is often where they trim the fat as it’s not typically the key product feature.
- IoT devices often use a simplified operating system that can have increased vulnerabilities or backdoor access.
- Software updates and patches, if they happen at all, aren’t always advertised or easy to install.
- Factory default passwords are rarely unique to a single device. Many are easily found with a quick Google search!
In 2016, the infamous Mirai Botnet attack targeted IoT operating systems with unchanged factory default passwords to form a botnet, or “army” of connected devices. The combined computing power was able to take down huge parts of the Internet in a Distributed Denial of Service (DDoS) attack.
My smart thermostat gets hacked by a cybercriminal, so what?
With some IoT devices, the effects are clear. At home, a hacked security camera, pet camera, or baby monitor can mean that a cybercriminal can potentially see and hear inside the home. But what about IoT devices whose implications are less straightforward? It’s critical to remember that any Internet-connected device can be a “gateway,” meaning that a successful attack could allow a hacker into your network to monitor what you or your employees are doing, and/or compromise your data or systems.
This doesn’t mean swearing off IoT devices altogether; there are many trustworthy products on the market. Just don’t forget to keep security in mind when buying and installing a smart device.
Be smart with smart devices
When considering an IoT device, do your research. Unrecognized or generic brands sometimes lack security information, and it’s hard to know whether the manufacturer will patch vulnerabilities. Invest in a reputable brand that offers robust security documentation and a track record of software updates. Lastly, don’t forget to take these important security steps:
- Change the default password to a strong, unique passphrase.
- Set software to update automatically. If that’s not an option, check for updates frequently and install them as soon as possible.
- Run automated vulnerability scans to identify any weaknesses in your internal and external network assets.
- Stay up to date on breaches from major manufacturers.
Want to prevent cyberattacks on IoT devices? Do your due diligence when considering a new smart item. Products that are smarter, faster, and cheaper can seem appealing on the surface, but it’s what’s under the hood—or not—that we must heed to best protect our homes and organizations.
Resources & insights
Vulnerability Management: Getting down to brass tacks
Conquering IoT Cybersecurity Challenges Through Visibility and Awareness
Before Implementing IoT, Assess and Test Cybersecurity
Vulnerability Management: Getting down to brass tacks
Conquering IoT Cybersecurity Challenges Through Visibility and Awareness
Before Implementing IoT, Assess and Test Cybersecurity
Protect and defend with multiple layers of cybersecurity
Defend your business with All-In-One Cybersecurity®.
Explore layered
security
Learn more about Defendify’s three key layers and All-In-One Cybersecurity®.
How can we help?
Schedule time to talk to a cybersecurity expert to discuss your needs.
See how it works
See how Defendify’s platform, modules, and expertise work to improve security posture.