Online connectivity brings a whole load of problems with it.
It’s an increasingly important part of business and daily life, but the Internet of Things is set to become a massive cyber security headache for businesses if more isn’t done to protect it from hackers.
IoT devices now outnumber personal computers and mobile phones, and the number is growing. Many believe there will be more than 50 billion in the world by 2020.
That’s a problem, because every single IoT device is a potential entry point for cyber criminals, but unlike PCs and phones, they’re not necessarily thought of like that. Most business owners, for example, will know they need security software on their PC and their servers. They might also be aware that a device management solution like Microsoft Intune can protect mobile devices. But what about their network-connected printers or their VoIP phones? Have those been taken into account in their cyber security plans?
According to researchers at Microsoft’s Threat Intelligence Center, not everyone seems to realise the need to secure IoT devices. They discovered several attacks on IoT devices across multiple customer locations, and in two cases the default passwords were still in use. In a third instance, the latest security update hadn’t been installed.
This suggests some businesses don’t realise the need to secure IoT devices, while others see it as less of a priority than other forms of security. Businesses simply cannot afford to think like that, because if hackers know IoT devices aren’t generally protected, they will focus on them even more. In a mid-year report for 2019, security firm SonicWall reported a huge 55% increase in IoT malware, compared to the same period in 2018.
And don’t go thinking it’s only your IoT devices that are under threat; they’re just a doorway into your network. Once hackers are in, they can access your PCs, your servers, everything.
Making sure you have an up-to-date firewall, updating all your IoT devices and changing all default passwords can make a significant difference to your security, of course. But this is a wider problem that requires a change in attitude from manufacturers and lawmakers too. Far too often, we see new internet-connected devices coming to market with inadequate or easily cracked security. Whether it’s smart TVs, network printers or some other device, they need to be as secure as everything else on your network. To date, technology manufacturers haven’t done enough in this area, so clear and strict legislation is needed to push them in that direction.
IoT security is not a new problem either; experts were drawing attention to it years ago. And while matters are improving, with officials in the UK and abroad setting clear IoT security guidelines for manufacturers, changes aren’t going to happen overnight. There’s also the not insignificant issue of legacy devices: if older technology is not or cannot be made secure through updates, that leaves businesses needing to buy replacement hardware.
To summarise, then, this is what companies who use IoT devices need to do to remain as secure as possible:
- Identify all IoT devices on the business’s network.
- Check that no default passwords are being used.
- Ensure all updates are applied.
- Assess the value and risk of all IoT devices on the network.
- Remove or replace any high-risk IoT devices that cannot be otherwise secured.
And last but not least, make sure you have a robust backup and disaster recovery solution in place, just in case the worst does happen. If you require assistance with any of this, please contact TMB. We can help with everything from fully managed disaster recovery to network analysis and consultancy.