As IoT is used more widely in our lives and the world becomes more connected, so too does the risk of associated with cyber-attacks.

It is estimated that $6 trillion will be spent on IoT devices over the next 5 years. Therefore it comes as no surprise that there will be security risks associated, everything connected to the internet can be hacked, and IoT products are no exception.

The automatic flow of information and the connection between IoT devices opens up cybersecurity risks. On IoT, there are multiple devices working through one central network, where the risk of an attack increases due to multiple points of access. If you can access your data remotely, a hacker will also be able to.

What type of attacks are these devices exposed to?

A large number of these devices are exposed to a man-in-the-middle (MitM) attack. To define, this type of attack is where an offender positions himself in a conversation between a user and an application, and in this case, a user and an IoT device.

Any compromised IoT device is always harder to detect, compared to a malware attack. For example, security isn’t necessarily considered or built into a number of consumer-grade IoT devices, which makes it far easier for an attacker. Deepen Desai, the VP of Security Research and Operations at Zscaler discusses that almost no security features are built into consumer IoT hardware devices that currently inundate the market.

Hacking a consumer-grade device may steal information, but there is also the possibility of physical consequences.  For example, if a smart lock system was to be compromised, the hacker could potentially unlock the doors to home and steal belongings.

What security risks exist in the workplace?

From the home to the office, these attacks are also very likely in the workplace.

For example, the companies who struggle to keep track of what electronic devices employees are connecting to on their networks. In many cases employees can connect their devices to the same network as an organisation’s business-critical systems. If one of these BYOD were to be compromised, the attacker may have greater exposure to business systems.

A report released by Zscaler found that 91.5% of data transactions performed by IoT devices in corporate networks were unencrypted. If critical data is not encrypted, this then opens up the risk of MitM attacks. This risk of a cyberattack through an IoT device is common, which is why we recommend companies to know the exact number of these devices connected to its network.

Creating greater security for smart devices

As the above research indicates, future-proofing IoT devices will remain a necessity.

How? From an individual level, applying regular updates to all IoT devices as become available. From a business perspective, ensuring the network remains secure and restrictions are placed on inbound and outbound network traffic.