Security Problems Are Jeopardizing the Future of IoT

May 24, 2018 - 4 minutes read

As the Internet of Things (IoT) grows, cybersecurity is a high priority for businesses and consumers alike. The best solution would be a roll-out of a cohesive cybersecurity solution, with each company adding further layers of security that best fit their situation.

Shadow IoT, experts fear, is the latest security threat to hit IoT. Security company 802 Secure, located just west of San Francisco, says shadow IoT can infiltrate enterprise-level networks through IoT-enabled devices and wireless connections.

Carelessness and Complacency

The problem lies in old ways and outdated infrastructure. “While most organizations prepare for IoT enablement, our threat intelligence shows that most companies are still vulnerable to 10-year-old wireless vulnerabilities,” says Mike Raggo. Raggo is 802 Secure’s Chief Security and Threat Research Officer.

Another survey shows that most companies don’t have a security policy for IoT devices. A substantial number of IT professionals and IoT developers don’t believe we’re setting ourselves up for success as a result.

85% believe enterprises will suffer from a critical infrastructure cyberattack within the next five years. 80% think the threat will be caused by connected devices. 64% of IT professionals surveyed say they’re more concerned than ever about connected device threats, and few are making moves to pad up their IoT device security. Other emerging threats include “spy cameras” and wireless USB thumb drives.

A Consistent Threat

As if worrying about the future isn’t enough, 60% of those same IT professionals confessed that their enterprise was hit by malware within the last year. 802 Secure backs up their experience: the company says organizations get hit with at least one wireless attack every week.

Raggo says, “IoT introduces new operating systems, protocols, and wireless frequencies. Companies that rely on legacy security technologies are blind to this rampant IoT threat. Organizations need to broaden their view into these invisible devices and networks to identify rogue IoT devices on the network, visibility into shadow IoT networks, and detection of nearby threats such as drones and spy cameras.”

Who’s to Blame?

Todd DeSisto, CEO of Pwnie Express, says the solution isn’t simple. “It’s a non-traditional solution stack. It’s not one hardware or software company; there aren’t standards, there are proprietary protocols, and the life-cycles are much different.” Older devices aren’t replaced if they’re seemingly still working fine. But when it’s time to replace those devices, enterprises often leave out security professionals, which “doesn’t make sense.”

When the security flaw is exposed, it’s probably too late to roll out a patch; data could be stolen and sold before IT professionals wake up the next morning. Even then, the responsibility falls on the IT team. 61% of IT professionals surveyed agree with that sentiment, while 13% believe the responsibility falls on the device manufacturer.

The best way to get hacked, however, is to remain complacent and not take any action. Keeping up-to-date on manufacturer security patches and implementing a custom solution in-house is a great first step. But to remain secure, the process must be ongoing and constantly tested with rigorous false threats. Is your enterprise taking full measures to secure itself?

Tags: , , , , , , , , , , , , , ,