Research Revealed That up to 98% of IoT Devices Are Vulnerable and Can Be Exploited in Data Breaches

The rapid exponential growth of IoT (Internet of Things) devices brings in a new era of cybersecurity. Anything that can be connected to the network is a subject to a potential hack, and so, the IoT security is just as important as your laptop or your cell phone security. There are several major steps to protect IoT devices, but before we get down to that, we would like to give you some background information on the IoT growth, and why it is so important to take the IoT security seriously. On the other hand, if you’re not interested in that, you can scroll down straight to the security tips.

What’s different about IoT?

These days, almost everyone must have at least a vague understanding that things like CCTV cameras, smart fridges, biometric readers, voice-activated assistants, and even your smart door-bell are part of the IoT network. Just like your computer or your phone, these devices can be connected to the Internet. However, the main difference between your smartphone and your smart door-bell is that IoT devices do not have sophisticated user interface, and their main function is to measure and relay data. They cannot function as a direct interface to the Internet.

Perhaps, due to the fact that their functionality is quite limited, IoT device security is still very much so lagging behind the overall IoT development. Since these devices seldom store sensitive information, the tendency is to dismiss the importance of IoT security in favor of protecting data that is stored in servers, laptops, smartphones, and so on. However, just because IoT devices might be rather primitive, it doesn’t mean they cannot be hacked. In fact, IoT devices are becoming more frequent targets of malicious hacking because they are so vulnerable, and because they often can function as a stepping stone, helping hackers to reach the main devices on the network they want to infiltrate.

For example, a massive study carried out by Palo Alto Networks across physical locations in the United States has found that around 98% of IoT traffic is not encrypted. Therefore, massive quantities of sensitive information are exposed and can be easily hacked as long as the criminals know how to achieve that. What’s more, IoT devices often share the same network with traditional IT devices (such as desktop computers, laptops, and various mobile devices). This presents another security issue that we have mentioned above: the stepping stone problem.

If IoT devices and traditional IT assets share the same network, it is easy for a hacker to hop from one device to another. If a vulnerable IoT device is hacked, this device can then later on help the criminal access other devices on the network, thus infecting computers and laptops that clearly store a lot of vital information.

Why is IoT security so important now?

While it is clear that any device connected to the Internet can potentially be hacked, the threats against IoT have only grown in the light of the COVID-19 pandemic. Over the last few months, the world experienced a rapid shift towards working remotely. Consequently, it led to the increase of IoT devices, too. In 2018, approximately 7 billion IoT devices were connected to the Internet. It is estimated that in 2020 this number will have grown to 31 billion.

IoT devices are especially important in the healthcare sector, where they are used for patient monitoring, supply chain management, and security monitoring. At the same time, this makes hospitals and the entire healthcare sector vulnerable to potential cybersecurity attacks because IoT devices do not come with regular endpoint security features. That’s one of the reasons we have seen a rise in ransomware and malware attacks against IoT devices: it’s really easy to target vulnerable endpoints.

What’s more, poor IoT security practices also encourage hackers to target these vulnerable networks. The problem is that most of the IoT devices come with weak default passwords, and this weakness is further deepened by poor password practices. Instead of generating strong and unique passwords with such tools as Cyclonis Password Manager, users tend to leave the default passwords or use such simple character strings as 12345 and admin to protect IoT devices. Needless to say, that’s a direct road towards a potential data leak.

Another problem with IoT security that is rampant in the healthcare sector is outdated software. A lot of devices run on outdated operating systems, and the numbers seem to have increased since last year as Windows 7 is no longer supported. Studies have also found cases of IoT devices running on Windows XP, which is totally unacceptable. So, to improve IoT security, individual users and companies need to start from the basics. And when you look at it, the steps to protect IoT devices aren’t that complicated.

Steps to improve IoT security

As mentioned above, poor password practices make IoT devices and the entire network vulnerable to malicious attacks. Changing default passwords and renewing them regularly will definitely help you avoid multiple hack attempts.

Software upgrades are also vital. Whatever might be the reason behind not updating your OS, scrap that immediately and run regular system updates. If you do not have administrator rights to upgrade your IoT devices, contact the IT team at your institution and make sure they do update all devices.

If possible, IoT devices and traditional IT assets should be connected to different networks. Think about it like having two ships sailing towards the same direction. If one of the ships catches fire, the other can still sail ahead and help the burning ship. But if you have a plank between the two ships connecting both vessels like a bridge, the fire might reach the other ship, too. So, connecting your devices to different networks would make it harder (if nearly impossible) for hackers to hop ships, figuratively speaking.

Finally, educating your colleagues (or employees) about IoT security is the cornerstone of the cybersecurity foundation at your institution. If you have an IT team that can help you do that, you will soon reap the benefits of educated staff. These are just few of the tips that can be employed to make your IoT network safer. You might also want to check out our previous entry on the topic. We will be sure to be back with entries on new developments in this section of cybersecurity once they’re out.

By Foley
June 8, 2020
Malware
June 8, 2020
Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

How To

How to Protect Your Data on Mobile Devices

According to a 2017 survey done by the Pew Research Center, 28 percent of smartphone owners do not use a lock screen or other security tools to lock their phones. That's almost 1/3 of smartphone users, who leave their... Read more

August 7, 2019
News

Vulnerable Telnet Services Let Hackers Attack Systems Using Hijacked Radio Devices

Given the popularity of online streaming services that run on more or less any device that connects to the internet, some people might find it hard to believe that companies are selling dedicated IoT radios that... Read more

September 17, 2019
Malware

5 Security Tips That Will Help You Protect Your IoT Devices

There’s a dark side to anything popular. Anything that grows eventually has to face a number of threats trying to bring it down or exploit it. It seems that the Internet of Things is becoming the next best thing in... Read more

December 6, 2019
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.