As the Internet of Things, or IoT is used more widely in our lives and the world becomes more connected, so too does the risk of associated cyber-attacks.
It is estimated that $6 trillion will be spent on IoT devices over the next 5 years. Therefore it comes as no surprise that there will be security risks associated. Everything connected to the internet can be hacked, and IoT products are no exception.
The automatic flow of information and connection between IoT devices opens up cyber security risks. On the IoT there are multiple devices working through one central network, where the risk of an attack increases with the multiple points of access. If you can access your data remotely, a hacker will also be able to.
What type of attacks are these devices exposed to?
A large number of these devices are exposed to a man-in-the-middle (MitM) attack. To define, this type of attack is where an offender positions himself in a conversation between a user and an application. In this case, a user and an IoT device.
Any IoT device compromise is always a lot harder to detect, compared with a malware attack. For example, security isn’t necessarily considered or built into a number of consumer-grade IoT devices. This makes it far easier for an attacker. Deepen Desai, the VP of security research and operations at Zscaler discusses that almost no security features are built into consumer IoT hardware devices which currently inundate the market.
Hacking a consumer grade device may steal information, but there is also the possibility of physical consequences. For example, if a smart lock system was to be compromised, the hacker could potentially unlock the doors to a home and steal belongings.
What security risks exist in the workplace?
From the home to the office, these attacks are also very likely in the workplace.
For example, many companies struggle to keep track of what electronic devices employees are connecting to on the network. In many cases employees can connect their devices to the same network as an organisation’s business-critical systems. If one of these BYOD were to be compromised, the attacker may have greater exposure to business systems too.
A report released by Zscaler found that 91.5% of data transactions performed by IoT devices in corporate networks were unencrypted. If critical data is not encrypted, this then opens up the risk of an MitM attack. This risk of a cyberattack through an IoT device is common, and why we recommend companies know the exact number of these devices on its network.
Creating greater security for smart devices
As the above research indicates, future-proofing IoT devices will remain a necessity.
How? From an individual level, applying regular updates to all IoT devices as become available. From a business perspective, ensuring the network remains secure and restrictions are placed on inbound / outbound network traffic.
Interested to find out more on IT security and protecting yourself or your business?