“Internet of Things” (IoT) is a very common term that we tend to hear more and more in the recent years. When it comes to IoT, we are talking about intertwined devices, software, sensors etc. that enable us to be connected throughout physical space. However, this “invisible” web that connects our devices can pose danger to the information security.
IoT can include business software, smart home devices, mobile phones, care monitoring systems, all of them communicating with each other without the need for human interaction.
You are far more exposed than you think
The Internet of Things industry does not have security standards for developers and manufacturers to build in consistent security, but there are certainly security best practices. It is known that hackers scan networks for devices that are vulnerable and use different methods to get network access. Once they gain the access they want, they can avoid detection through fileless malware or software memory on the device.
From computers to smart TVs and kitchen appliances, nowadays everything is connected. According to studies, the most vulnerable devices are security cameras installed on home networks, smart hubs (Google Home, Amazon Alexa etc.) and network-attached storage devices. Attackers are able to bypass security-weak and cheap models of IP cameras since many of these devices have similar blueprints. If a vulnerability is found in one device, it is most likely found in other devices as well.
We might fall in the trap of thinking that nobody cares about our smart TV, and thus create a very week password for it. But since it is connected to our computers and smart phone where all or credentials are found, a big problem will arise. It is crucial to understand and investigate where the vulnerabilities are coming from and try to secure them in the best way possible.
For this reason, the communication channels are of utmost importance. As mentioned, the attacks can originate from the channels that connect the IoT devices.
Employees: A company’s biggest threat
Employees are the biggest security threat to a company, with IoT devices being the most vulnerable since they are at a great risk for data losses. Nowadays, many companies are worried about unmanaged IoT devices resulting in the loss of sensitive data.
The cause of most insider incidents is negligence: many attacks are caused by employee or contractor negligence. With more employees gaining greater access to work from outside the office, malicious insiders are harder to detect than external attackers or hackers. Especially during the COVID-19 pandemic, hybrid working environments are very easy targets for insider threats.
To minimize the risks, companies can make sure that employees are aware of the laws and regulatory requirements related to their work and understand the steps to keep their devices secure at all times. The more the employees are accessing business data from outside the office, the more the malicious insider threats will increase.