The Internet of Things (IoT) promises more flexibility and functionality for enterprises than ever before. More connected devices hold the promise of helping enterprises streamline supply chain operations, increase efficiencies and reduce costs within existing processes, enhance product and service quality, and even create new products and services for customers.
With a myriad of benefits available to the enterprise, says Avinash Prasad, head of Managed Security Services at Tata Communications, IoT is set to enhance or even overhaul business models for the better.
While the mass generation, collection and analytics of IoT data will certainly provide the enterprise with immense opportunity, potentially easy access through unsecure networks and other vulnerable entry points – including IoT devices – are enticing cybercriminals.
According to Gartner, nearly 20% of organisations have observed at least one IoT-based attack in the past three years. With a staggering 75 billion connected devices expected worldwide by 2025, exposure to cybersecurity vulnerabilities and data breaches will have increased five-fold from today.
So, as we enter a new IoT-dominated era, it is imperative to re-examine the threats that loom over enterprises when deploying multiple connected devices and incorporate the same into the enterprise security strategy. Here are three examples of IoT vulnerabilities that all enterprises should take into consideration for cyber defense planning – these range from breaches on seemingly innocuous products to the downright malicious.
Even the simplest connected devices are vulnerable
Many people who go to Vegas come back with far less money than they went with, but it’s not usually been linked to any cyber-attack, much less one that started in a fish tank. However, that’s exactly how an unnamed casino in Sin City experienced its first cybersecurity infraction.
The connected thermometer, used for remote monitoring and feeding within the casino’s aquarium, provided the perfect access point for hackers looking to acquire data on the highest-spending visitors. The hackers stole 10GB of personal data in total, sending it to a remote server in Finland.
IoT devices are increasingly being used across diverse sectors, and as seen by the Vegas fish tank example, even the simplest connected devices can be potential gateways to other private segments of an enterprise’s network. Given that 80% of the world’s data is kept on private servers, keeping hackers out has never been more crucial.
The physical protection and disposal of connected devices can be troublesome
Sometimes it’s not hackers you need to be wary of but the behaviour of IoT devices themselves. In 2018, cyber-security blog Limited Results took a hacksaw to a LIFX Mini White lightbulb and discovered vulnerabilities with the smart bulb itself. Anyone with physical access to the product could extract the owner’s Wi-Fi password as it was stored in plaintext on the device, along with the RSA private key and root passwords.
LIFX fixed the vulnerabilities with a firmware update but it raises important questions around the physical state of the devices including protection during use and disposal of old or defective smart devices. As enterprise businesses continue to adopt and upgrade IoT, this often-forgotten aspect [...]
The post IoT security: What we can learn from recent threats appeared first on IoT Now - How to run an IoT enabled business.
via https://www.aiupnow.com
by Anasia D'mello, Khareem Sudlow
