Smart devices are everywhere, with the Internet of Things (the blanket term for any device that connects to the Internet for added functionality) growing larger each day. While this is great for convenience (and in many cases, the "cool factor") it can have some chilling ramifications for cybersecurity.
Let's explore how this may be changing in the near future.
With 127 new IoT devices connected to the Internet each second, it should come as no surprise that estimates place their numbers at around 75 billion in total by 2025. This means that there are plenty of new opportunities for a cybercriminal to find and exploit a vulnerability… both in commercial IoT devices and in the devices classified as the Industrial Internet of Things.
There are already too many examples of how Internet-connected devices have been used to a hacker's advantage. In 2017, the UK's National Health Service was hobbled by a ransomware attack that affected, amongst other things, Internet-connected medical equipment. Video doorbells often stream data without any protections, and other smart home devices have been found to store Wi-Fi passwords in a similar fashion.
As the IoT continues to grow, it only stands to reason that efforts to take advantage of such weaknesses will increase along with it.
Fortunately, things are already in motion to help ensure the IoT is made to be more secure. For example, the signing of the Internet of Things Cybersecurity Improvement Act of 2020 in the US and the Australian government's introduction of an IoT industry-specific voluntary code of practice shows that governments are starting to pay attention to the issues that the IoT has the potential to open up. However, this doesn't mean that businesses can sit back and relax.
On the contrary, there are a few things that a business can and should do to help mitigate IoT-based attacks:
There are relatively few IoT devices out there today that feature encryption as one of their standard security protocols. Implementing encryption on a network level makes it so that your data is effectively indecipherable while in transit, rendering it more or less worthless to the cybercriminal targeting it.
Of course, ALL default passwords should always be changed, but the IoT makes this an even more important practice for a business. Take the few moments required to come up with a more secure password than the device is equipped with initially.
One other way your business and your users can help make a change while protecting your own assets is to try to deal exclusively with devices manufactured by companies that take a security-first approach. Voting with your dollars can quickly make a change if enough people do it. Otherwise, it may be wiser to stick with the "dumb" option if it serves your needs just as well.
There is little doubt that the IoT will have an increased presence in modern life in the years to come. Time will only tell if that presence is a secure one. In the meantime, you can trust us to help you ensure that your business is as secure as possible. Give us a call at (502) 473-9330 to find out what we can do for you and your operations.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.