Research Revealed That up to 98% of IoT Devices Are Vulnerable and Can Be Exploited in Data Breaches
The rapid exponential growth of IoT (Internet of Things) devices brings in a new era of cybersecurity. Anything that can be connected to the network is a subject to a potential hack, and so, the IoT security is just as important as your laptop or your cell phone security. There are several major steps to protect IoT devices, but before we get down to that, we would like to give you some background information on the IoT growth, and why it is so important to take the IoT security seriously. On the other hand, if you’re not interested in that, you can scroll down straight to the security tips.
What’s different about IoT?
These days, almost everyone must have at least a vague understanding that things like CCTV cameras, smart fridges, biometric readers, voice-activated assistants, and even your smart door-bell are part of the IoT network. Just like your computer or your phone, these devices can be connected to the Internet. However, the main difference between your smartphone and your smart door-bell is that IoT devices do not have sophisticated user interface, and their main function is to measure and relay data. They cannot function as a direct interface to the Internet.
Perhaps, due to the fact that their functionality is quite limited, IoT device security is still very much so lagging behind the overall IoT development. Since these devices seldom store sensitive information, the tendency is to dismiss the importance of IoT security in favor of protecting data that is stored in servers, laptops, smartphones, and so on. However, just because IoT devices might be rather primitive, it doesn’t mean they cannot be hacked. In fact, IoT devices are becoming more frequent targets of malicious hacking because they are so vulnerable, and because they often can function as a stepping stone, helping hackers to reach the main devices on the network they want to infiltrate.
For example, a massive study carried out by Palo Alto Networks across physical locations in the United States has found that around 98% of IoT traffic is not encrypted. Therefore, massive quantities of sensitive information are exposed and can be easily hacked as long as the criminals know how to achieve that. What’s more, IoT devices often share the same network with traditional IT devices (such as desktop computers, laptops, and various mobile devices). This presents another security issue that we have mentioned above: the stepping stone problem.
If IoT devices and traditional IT assets share the same network, it is easy for a hacker to hop from one device to another. If a vulnerable IoT device is hacked, this device can then later on help the criminal access other devices on the network, thus infecting computers and laptops that clearly store a lot of vital information.
Why is IoT security so important now?
While it is clear that any device connected to the Internet can potentially be hacked, the threats against IoT have only grown in the light of the COVID-19 pandemic. Over the last few months, the world experienced a rapid shift towards working remotely. Consequently, it led to the increase of IoT devices, too. In 2018, approximately 7 billion IoT devices were connected to the Internet. It is estimated that in 2020 this number will have grown to 31 billion.
IoT devices are especially important in the healthcare sector, where they are used for patient monitoring, supply chain management, and security monitoring. At the same time, this makes hospitals and the entire healthcare sector vulnerable to potential cybersecurity attacks because IoT devices do not come with regular endpoint security features. That’s one of the reasons we have seen a rise in ransomware and malware attacks against IoT devices: it’s really easy to target vulnerable endpoints.
What’s more, poor IoT security practices also encourage hackers to target these vulnerable networks. The problem is that most of the IoT devices come with weak default passwords, and this weakness is further deepened by poor password practices. Instead of generating strong and unique passwords with such tools as Cyclonis Password Manager, users tend to leave the default passwords or use such simple character strings as 12345 and admin to protect IoT devices. Needless to say, that’s a direct road towards a potential data leak.
Another problem with IoT security that is rampant in the healthcare sector is outdated software. A lot of devices run on outdated operating systems, and the numbers seem to have increased since last year as Windows 7 is no longer supported. Studies have also found cases of IoT devices running on Windows XP, which is totally unacceptable. So, to improve IoT security, individual users and companies need to start from the basics. And when you look at it, the steps to protect IoT devices aren’t that complicated.
Steps to improve IoT security
As mentioned above, poor password practices make IoT devices and the entire network vulnerable to malicious attacks. Changing default passwords and renewing them regularly will definitely help you avoid multiple hack attempts.
Software upgrades are also vital. Whatever might be the reason behind not updating your OS, scrap that immediately and run regular system updates. If you do not have administrator rights to upgrade your IoT devices, contact the IT team at your institution and make sure they do update all devices.
If possible, IoT devices and traditional IT assets should be connected to different networks. Think about it like having two ships sailing towards the same direction. If one of the ships catches fire, the other can still sail ahead and help the burning ship. But if you have a plank between the two ships connecting both vessels like a bridge, the fire might reach the other ship, too. So, connecting your devices to different networks would make it harder (if nearly impossible) for hackers to hop ships, figuratively speaking.
Finally, educating your colleagues (or employees) about IoT security is the cornerstone of the cybersecurity foundation at your institution. If you have an IT team that can help you do that, you will soon reap the benefits of educated staff. These are just few of the tips that can be employed to make your IoT network safer. You might also want to check out our previous entry on the topic. We will be sure to be back with entries on new developments in this section of cybersecurity once they’re out.