The Internet of Things (IoT) connects us to our homes, cars and workplaces. However, as the number of IoT devices hits 16 billion worldwide this year, the quality and security of these devices have become a growing concern. Why? Because many of these devices are cheaply made with little consideration for cybersecurity, putting our personal and professional data at risk.
From hard-coded admin passwords to “always on” cloud features, the proliferation of devices with cybersecurity holes significantly increases the potential for attacks. It’s time for business leaders to take this threat seriously and onboard devices securely. Let’s explore how.
The Rise of Cheap Devices
This sector has experienced explosive growth with the number of connected devices increasing by a factor of 10 since 2012. This growth is largely due to advancements in technology with smaller and more efficient components making it easier and cheaper to produce IoT devices.
However, herein lies the problem. Cheap devices are synonymous with low cybersecurity standards. For example, default passwords are commonplace. Failing to change these default passwords regularly results in incidents of hacked doorbells and cameras. In fact, estimates suggest that around 15% of device owners do not take this basic security measure, leaving their devices vulnerable to cyberattacks.
In addition to these concerning statistics, some vendors have produced devices that are unable to receive security updates, while others fail to provide security fixes altogether. This lack of attention to cybersecurity leaves their devices open to exploitation by bad actors.
The Growth Of Attack Surfaces
To make matters worse, more devices give rise to more hackable targets inside your network. Smart cameras are among the riskiest IoT devices due to their exposure to the internet, weak or default passwords and easy-to-exploit unpatched vulnerabilities. Once hackers gain access to a camera, they can wreak havoc on the rest of the network.
For example, if a hacked camera is on a flat network, it can serve as a gateway for attackers to infiltrate more valuable targets like computers and servers. Moreover, attackers can take control of compromised devices and use them to create botnets that conduct distributed denial of service (DDoS) attacks against others.
To compound the problem, hacked devices are not easy to detect. A study of companies that use IoT technology in their workplaces found that about half lack mechanisms to detect if any of their devices have been compromised. This means that most connected devices today rely on user action to bolster security.
What Businesses Must Do Next
This is an issue that cybersecurity leaders can’t afford to ignore. If they wish to continue using IoT devices in critical contexts, then they must prioritize cybersecurity measures and insulate themselves from danger. Fortunately, there are several ways to do this.
First, customize default settings. Cybercriminals are already aware of the default passwords that come with many connected devices. If you choose to use passwords, implement strong access phrases using a combination of letters, numbers and symbols to make them more difficult to crack. Further, up the encryption with Public Key Infrastructure (PKI). This is another form of single-factor authentication but one which stops brute force attacks with asymmetric cryptography.
Second, take device origin into account when purchasing your next device. Often, devices from the west face higher regulatory hurdles and therefore provide more security. In Europe, for example, lawmakers are on the cusp of setting minimum cybersecurity standards for connected devices. This will require vendors to keep their devices up-to-date throughout their lifespan – a world first. In a nutshell, leaders are advised to do their research, evaluate the risks and buy accordingly.
Finally, tailor the device connection. Most devices use cloud connections to relay commands, which can put sensitive data at risk. Establishing a peer-to-peer connection between the device and client can remove this danger by enabling direct communication between the two rather than relying on a third-party server. By implementing these measures, businesses can help protect their devices and networks from threats. Your data is worth it.
Carsten Rhod Gregersen is an IoT expert with more than two decades in software and innovation. Carsten is the founder of Nabto, the platform providing peer-to-peer communications for connected devices. He is a regular tech commentator with features in TechRadar, The New Statesman and others.