What is It About the IoT that Makes It an Appealing Target for Cybercrime?

The IoT—the Internet of Things—is a fascinating technology, as it exemplifies just how much can be accomplished when Internet connectivity is used to augment the capabilities of otherwise “dumb” devices. Unfortunately, as fascinating as it is, the IoT is also infamous for its security issues…a reputation that attackers have been perpetuating as these devices grow more common.

Let’s talk a little bit about why the IoT poses as big a risk as it does, and what can be done to minimize these risks in your business.

Why is the IoT Considered to Be Insecure?

Well, according to a security survey released by Forrester Research in 2022, 33% of companies that were successfully breached were targeted—at least partially—through internal IoT devices. That’s one in every three surveyed security leaders reporting that company-owned IoT devices were involved in a breach, representing the most common response that this survey received. Additional pieces of research have shown that these kinds of attacks are happening more and more often, as well…and little wonder, when IoT devices are prone to numerous security concerns:

• Not only were many IoT devices designed without much consideration for their security—particularly while connected to the Internet—many also offer no means of upgrading the software and firmware to resolve this deficit.
• IoT devices are often kept to their default settings, including admin passwords and access credentials, either due to the inability to update these settings or a lack of awareness that it is possible to do so.
• In addition to these factors, many IoT tools can serve as a bridge to other areas of a network, giving attackers a way in from which they can move to other pieces of IT infrastructure.

Now, if you’re thinking that you don’t have any IoT devices at your business so you don’t need to worry about all this, think again. Some devices you might not initially think of as an Internet-connected device are very much so, and therefore qualify as an IoT device.

For instance, many printers today feature network connectivity. In fairness, they aren’t technically part of the IoT, but this connected aspect of them makes them seen as a definite risk amongst IT professionals. This is just the start of the various IoT devices that might make their way onto your network, some of which could be out of your control. What if some of your team members have invested in smartwatches? Are you going to bar them from wearing this—more than likely expensive—investment while in the office? More devices than ever now feature this functionality, and the idea of a smarter office has justifiably been promoted pretty heavily, too, on the merits of the benefits that these kinds of devices can undeniably bring.

What You Can Do to Minimize These Threats

There are fortunately a few things you can do to help reduce the chance that an insecure IoT device creates a problem for you. For instance, ensuring that you can trust the brands and vendors from whom you procure these devices have a proven track record of keeping security as a priority should be first on your list. Have these providers made their vulnerability testing accessible? Doing your homework is critical to making a smart and informed decision regarding the hardware you utilize.

In addition, you should ensure that your business’ network is fully protected. Make sure that your team members are utilizing tools like a virtual private network, utilizing secure passwords, sticking to trustworthy wireless networks, and confirm that you have shielded your network from issues with firewalls. You also need to ensure that your updates are kept up with, and that you know what devices you have on your network. If this seems like a lot, it is!

Fortunately, you don’t need to go it alone. Directive can be here to help you manage all of this, as one small part of our comprehensive managed IT services. Find out more by giving us a call at 607.433.2200.