IoT devices are prevalent in an ever-increasing number of industrial settings, consumer products, and life-supporting medical devices. With such wide-spread adoption of this technology, cybercriminals are finding more ways to attack and take control of these critical devices.
As a technology device, IT departments are often charged with defending against IoT attacks that can penetrate vulnerabilities that may be inherent in their processors or software.
A Forrester study estimated that:
- 69% of enterprises have more IoT devices than computers on their networks
- 84% of security pros believe their IoT devices are more vulnerable than computers
- 93% of the survey participants plan to increase security spending on IoT devices
- Only 27% reported they are “very confident” that their IT personnel are prepared to protect against IoT attacks
How prepared is your IT department for attacks on IoT devices?
What are IoT Attacks?
IoT devices are now embedded in equipment that may not even be on the minds of most individuals – even many IT security professionals are only recently recognizing the threat potential of attacks on the technology.
Just like desktop computers or smartphones, IoT devices contain processors and software elements that are subject to being compromised. Since they are made to communicate over internet protocols, they are just as vulnerable to cyberattacks.
This should not be taken lightly. Attacks on IoT devices are on the rise, with 12 million attacks on IoT devices in 2018 alone.
IoT Attacks Can Take Many Forms
Many IoT environments consist of large numbers of devices working together to collect and forward data, such as embedded sensors on a manufacturing plant floor. Compromising the operation of such units can manipulate or destroy data, even bringing production to a standstill.
IoT attacks on medical devices can have disastrous results. Pacemakers, internal insulin pumps, defibrillators, and other medical IoT devices communicate with monitors or even remote medical offices to warn of malfunctions or medical alerts. If those functions are disabled or modified, there could be tragic consequences.
Types of IoT Attacks
IoT attacks can focus on multiple vulnerabilities, referred to as the “attack surface”.
- IoT devices themselves – Devices contain several points of vulnerability, including memory, physical interface, firmware, web interface, and network connectivity.
- Communications – The very benefit of IoT devices – the ability to communicate with other devices and IT systems – can be their security downfall. Communications channels can be compromised by cyberattacks such as Denial of Service (DoS) attacks that disable or reroute network traffic.
- Software – Any network-connected device is susceptible to unauthorized access. Once an attacker connects to an IoT device, data or applications can be corrupted, including security credentials that open doors to other network devices. This could also result in pushing malware or compromising the firmware on the device.
Addressing IoT Attack Vulnerabilities
Manufacturers and businesses utilizing IoT devices can take several important steps to create an environment that is better prepared for attacks on IoT devices:
- When building or purchasing IoT devices, be sure to change default settings such as any access credentials required for communications.
- Utilize the latest versions of IoT components. Hackers learn quickly which components have known vulnerabilities and focus on easy targets. If you update the devices electronically, incorporate security practices in accessing the devices.
- Build in security. Take security into account for each element of the attack surface. It should not be an afterthought, but a primary consideration for designing and implementing IoT devices. Just as with corporate computer systems, access codes and credentials should be changed regularly to avoid vulnerability.
- Implement best practices that require replacing default credentials and updating IoT accounts frequently.
- Leverage software tools. Many devices could be purchased and installed without consulting IT departments. To minimize vulnerability from such IoT devices, implement sophisticated software that detects the presence of IoT devices on the network. This not only alerts security teams to the operation of these units but provides the opportunity to review the security settings and functionality of each device.
- Physical security is also important. IoT devices like security cameras can be physically tampered with to load malicious software or even modify hardware components. Protect such devices with locks or placement that minimizes access.
It’s critical to keep in mind that these devices may be thought of as having low impact or visibility, but those are the very attributes that make them attractive to attackers. Remember that they communicate over your network, and therefore must be as secure as desktops and other wireless devices.
Virginia Business Systems – Advanced Managed Network Services
Implementing managed network services can ensure security compliance and eliminate many potential network and IoT vulnerabilities. This includes protection from cyberattacks on IoT devices.
Virginia Business Systems (VBS) keeps your network infrastructure safe from DoS attacks and allows our network technicians to monitor your network and provide all appropriate security updates.
Call VBS today to keep your network running smoothly and securely.