Whether you’re in the office or at home, you’re most likely surrounded by IoT devices. Gartner forecasts that 14.2 billion connected things will be in use in 2019, and that the total will reach 25 billion by 2021. Although these devices help increase productivity and make our lives easier, they are also targeted by cyber attacks. According to Symantec’s 2018 Internet Security Threat Report, IoT attacks went up by 600% between 2016 and 2017. As we start to incorporate more IoT devices into our lives, we need to be aware of the security risks of IoT devices. A survey by digital certificates provider DigiCert found that 25 percent of companies struggling the most with IoT security reported IoT security-related losses of at least $34 million in the last two years.
What are the IoT Security Risks?
One of the biggest challenges in securing IoT is the fact that the attack surface is so large and contains many risks such as vulnerabilities, authentication issues and device and network threats.
Many IoT attacks can also target unconventional devices such as smart refrigerators, printers or baby monitors. Therefore, people might not realize that IoT devices pose a security risk.
Shadow IoT devices, which are active IoT devices that connect to the company network without the company’s IT support, can be easily targeted by hackers. Companies often have no control over these devices so they may lack proper authentication and security features.
IoT devices can be hijacked and used for malicious purposes. For example, the Mirai botnet attack in 2016 took advantage of insecure IoT devices to create a massive denial of service (DDoS) attack. The hackers behind the attack managed to scan for hundreds of thousands of vulnerable IoT devices and use them in DDoS attacks without the device owner’s knowledge.
Malicious actors can hack into insecure IoT devices or IoT apps and use them to spy on people or pinpoint their location. According to the Ponemon Institute, 80% of IoT applications are not tested for vulnerabilities. This is alarming as this means that many IoT apps can be exploited to carry out attacks.
4 Things You Can Do to Reduce IoT Security Risks
Keep Track of Your Devices
Each IoT device in your network has its own potential security risk, which is why it’s important to know your IoT devices. Use proper device identification and authentication so that you can keep track of the devices that are communicating with the network.
Rogue devices can pop up so being able to scan your network for devices is important. Removing devices that are no longer in use and disabling unused features can also help reduce the attack surface.
Use IoT Devices You Can Trust
IoT weaknesses can pose a large security threat to your data. Make sure you use devices that are supported by the manufacturer to ensure that you have access to necessary security patching. Keeping track of patching and firmware upgrades will help defend against exploits.
Follow Basic Cyber Hygiene Practices
Having good cybersecurity hygiene is key in defending against IoT risks. This includes patch management, backing up your data, using encryption and implementing security awareness training. It’s important to continuously monitor your environment for changes and take action when necessary.
Do an Assessment
Any of your IoT devices can be a target of a cyber attack. It’s important to be aware of the impacts each of your devices can pose to your overall network. If one device is compromised, will it affect other devices? What can you do if that happens? Having an assessment can help you prepare for your worst-case scenario. From there, you can implement a security policy/strategy that will help you prepare for any potential issues.